1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/evm.h> 18 #include <linux/syscalls.h> 19 #include <linux/export.h> 20 #include <linux/fsnotify.h> 21 #include <linux/audit.h> 22 #include <linux/vmalloc.h> 23 #include <linux/posix_acl_xattr.h> 24 25 #include <asm/uaccess.h> 26 27 static const char * 28 strcmp_prefix(const char *a, const char *a_prefix) 29 { 30 while (*a_prefix && *a == *a_prefix) { 31 a++; 32 a_prefix++; 33 } 34 return *a_prefix ? NULL : a; 35 } 36 37 /* 38 * In order to implement different sets of xattr operations for each xattr 39 * prefix, a filesystem should create a null-terminated array of struct 40 * xattr_handler (one for each prefix) and hang a pointer to it off of the 41 * s_xattr field of the superblock. 42 */ 43 #define for_each_xattr_handler(handlers, handler) \ 44 if (handlers) \ 45 for ((handler) = *(handlers)++; \ 46 (handler) != NULL; \ 47 (handler) = *(handlers)++) 48 49 /* 50 * Find the xattr_handler with the matching prefix. 51 */ 52 static const struct xattr_handler * 53 xattr_resolve_name(struct inode *inode, const char **name) 54 { 55 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 56 const struct xattr_handler *handler; 57 58 if (!(inode->i_opflags & IOP_XATTR)) { 59 if (unlikely(is_bad_inode(inode))) 60 return ERR_PTR(-EIO); 61 return ERR_PTR(-EOPNOTSUPP); 62 } 63 for_each_xattr_handler(handlers, handler) { 64 const char *n; 65 66 n = strcmp_prefix(*name, xattr_prefix(handler)); 67 if (n) { 68 if (!handler->prefix ^ !*n) { 69 if (*n) 70 continue; 71 return ERR_PTR(-EINVAL); 72 } 73 *name = n; 74 return handler; 75 } 76 } 77 return ERR_PTR(-EOPNOTSUPP); 78 } 79 80 /* 81 * Check permissions for extended attribute access. This is a bit complicated 82 * because different namespaces have very different rules. 83 */ 84 static int 85 xattr_permission(struct inode *inode, const char *name, int mask) 86 { 87 /* 88 * We can never set or remove an extended attribute on a read-only 89 * filesystem or on an immutable / append-only inode. 90 */ 91 if (mask & MAY_WRITE) { 92 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 93 return -EPERM; 94 /* 95 * Updating an xattr will likely cause i_uid and i_gid 96 * to be writen back improperly if their true value is 97 * unknown to the vfs. 98 */ 99 if (HAS_UNMAPPED_ID(inode)) 100 return -EPERM; 101 } 102 103 /* 104 * No restriction for security.* and system.* from the VFS. Decision 105 * on these is left to the underlying filesystem / security module. 106 */ 107 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 108 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 109 return 0; 110 111 /* 112 * The trusted.* namespace can only be accessed by privileged users. 113 */ 114 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 115 if (!capable(CAP_SYS_ADMIN)) 116 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 117 return 0; 118 } 119 120 /* 121 * In the user.* namespace, only regular files and directories can have 122 * extended attributes. For sticky directories, only the owner and 123 * privileged users can write attributes. 124 */ 125 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 126 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 127 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 128 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 129 (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) 130 return -EPERM; 131 } 132 133 return inode_permission(inode, mask); 134 } 135 136 int 137 __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, 138 const void *value, size_t size, int flags) 139 { 140 const struct xattr_handler *handler; 141 142 handler = xattr_resolve_name(inode, &name); 143 if (IS_ERR(handler)) 144 return PTR_ERR(handler); 145 if (!handler->set) 146 return -EOPNOTSUPP; 147 if (size == 0) 148 value = ""; /* empty EA, do not remove */ 149 return handler->set(handler, dentry, inode, name, value, size, flags); 150 } 151 EXPORT_SYMBOL(__vfs_setxattr); 152 153 /** 154 * __vfs_setxattr_noperm - perform setxattr operation without performing 155 * permission checks. 156 * 157 * @dentry - object to perform setxattr on 158 * @name - xattr name to set 159 * @value - value to set @name to 160 * @size - size of @value 161 * @flags - flags to pass into filesystem operations 162 * 163 * returns the result of the internal setxattr or setsecurity operations. 164 * 165 * This function requires the caller to lock the inode's i_mutex before it 166 * is executed. It also assumes that the caller will make the appropriate 167 * permission checks. 168 */ 169 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, 170 const void *value, size_t size, int flags) 171 { 172 struct inode *inode = dentry->d_inode; 173 int error = -EOPNOTSUPP; 174 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 175 XATTR_SECURITY_PREFIX_LEN); 176 177 if (issec) 178 inode->i_flags &= ~S_NOSEC; 179 if (inode->i_opflags & IOP_XATTR) { 180 error = __vfs_setxattr(dentry, inode, name, value, size, flags); 181 if (!error) { 182 fsnotify_xattr(dentry); 183 security_inode_post_setxattr(dentry, name, value, 184 size, flags); 185 } 186 } else if (issec) { 187 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 188 189 if (unlikely(is_bad_inode(inode))) 190 return -EIO; 191 error = security_inode_setsecurity(inode, suffix, value, 192 size, flags); 193 if (!error) 194 fsnotify_xattr(dentry); 195 } 196 197 return error; 198 } 199 200 201 int 202 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 203 size_t size, int flags) 204 { 205 struct inode *inode = dentry->d_inode; 206 int error; 207 208 error = xattr_permission(inode, name, MAY_WRITE); 209 if (error) 210 return error; 211 212 inode_lock(inode); 213 error = security_inode_setxattr(dentry, name, value, size, flags); 214 if (error) 215 goto out; 216 217 error = __vfs_setxattr_noperm(dentry, name, value, size, flags); 218 219 out: 220 inode_unlock(inode); 221 return error; 222 } 223 EXPORT_SYMBOL_GPL(vfs_setxattr); 224 225 ssize_t 226 xattr_getsecurity(struct inode *inode, const char *name, void *value, 227 size_t size) 228 { 229 void *buffer = NULL; 230 ssize_t len; 231 232 if (!value || !size) { 233 len = security_inode_getsecurity(inode, name, &buffer, false); 234 goto out_noalloc; 235 } 236 237 len = security_inode_getsecurity(inode, name, &buffer, true); 238 if (len < 0) 239 return len; 240 if (size < len) { 241 len = -ERANGE; 242 goto out; 243 } 244 memcpy(value, buffer, len); 245 out: 246 security_release_secctx(buffer, len); 247 out_noalloc: 248 return len; 249 } 250 EXPORT_SYMBOL_GPL(xattr_getsecurity); 251 252 /* 253 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 254 * 255 * Allocate memory, if not already allocated, or re-allocate correct size, 256 * before retrieving the extended attribute. 257 * 258 * Returns the result of alloc, if failed, or the getxattr operation. 259 */ 260 ssize_t 261 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, 262 size_t xattr_size, gfp_t flags) 263 { 264 const struct xattr_handler *handler; 265 struct inode *inode = dentry->d_inode; 266 char *value = *xattr_value; 267 int error; 268 269 error = xattr_permission(inode, name, MAY_READ); 270 if (error) 271 return error; 272 273 handler = xattr_resolve_name(inode, &name); 274 if (IS_ERR(handler)) 275 return PTR_ERR(handler); 276 if (!handler->get) 277 return -EOPNOTSUPP; 278 error = handler->get(handler, dentry, inode, name, NULL, 0); 279 if (error < 0) 280 return error; 281 282 if (!value || (error > xattr_size)) { 283 value = krealloc(*xattr_value, error + 1, flags); 284 if (!value) 285 return -ENOMEM; 286 memset(value, 0, error + 1); 287 } 288 289 error = handler->get(handler, dentry, inode, name, value, error); 290 *xattr_value = value; 291 return error; 292 } 293 294 ssize_t 295 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, 296 void *value, size_t size) 297 { 298 const struct xattr_handler *handler; 299 300 handler = xattr_resolve_name(inode, &name); 301 if (IS_ERR(handler)) 302 return PTR_ERR(handler); 303 if (!handler->get) 304 return -EOPNOTSUPP; 305 return handler->get(handler, dentry, inode, name, value, size); 306 } 307 EXPORT_SYMBOL(__vfs_getxattr); 308 309 ssize_t 310 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 311 { 312 struct inode *inode = dentry->d_inode; 313 int error; 314 315 error = xattr_permission(inode, name, MAY_READ); 316 if (error) 317 return error; 318 319 error = security_inode_getxattr(dentry, name); 320 if (error) 321 return error; 322 323 if (!strncmp(name, XATTR_SECURITY_PREFIX, 324 XATTR_SECURITY_PREFIX_LEN)) { 325 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 326 int ret = xattr_getsecurity(inode, suffix, value, size); 327 /* 328 * Only overwrite the return value if a security module 329 * is actually active. 330 */ 331 if (ret == -EOPNOTSUPP) 332 goto nolsm; 333 return ret; 334 } 335 nolsm: 336 return __vfs_getxattr(dentry, inode, name, value, size); 337 } 338 EXPORT_SYMBOL_GPL(vfs_getxattr); 339 340 ssize_t 341 vfs_listxattr(struct dentry *dentry, char *list, size_t size) 342 { 343 struct inode *inode = d_inode(dentry); 344 ssize_t error; 345 346 error = security_inode_listxattr(dentry); 347 if (error) 348 return error; 349 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { 350 error = -EOPNOTSUPP; 351 error = inode->i_op->listxattr(dentry, list, size); 352 } else { 353 error = security_inode_listsecurity(inode, list, size); 354 if (size && error > size) 355 error = -ERANGE; 356 } 357 return error; 358 } 359 EXPORT_SYMBOL_GPL(vfs_listxattr); 360 361 int 362 __vfs_removexattr(struct dentry *dentry, const char *name) 363 { 364 struct inode *inode = d_inode(dentry); 365 const struct xattr_handler *handler; 366 367 handler = xattr_resolve_name(inode, &name); 368 if (IS_ERR(handler)) 369 return PTR_ERR(handler); 370 if (!handler->set) 371 return -EOPNOTSUPP; 372 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE); 373 } 374 EXPORT_SYMBOL(__vfs_removexattr); 375 376 int 377 vfs_removexattr(struct dentry *dentry, const char *name) 378 { 379 struct inode *inode = dentry->d_inode; 380 int error; 381 382 error = xattr_permission(inode, name, MAY_WRITE); 383 if (error) 384 return error; 385 386 inode_lock(inode); 387 error = security_inode_removexattr(dentry, name); 388 if (error) 389 goto out; 390 391 error = __vfs_removexattr(dentry, name); 392 393 if (!error) { 394 fsnotify_xattr(dentry); 395 evm_inode_post_removexattr(dentry, name); 396 } 397 398 out: 399 inode_unlock(inode); 400 return error; 401 } 402 EXPORT_SYMBOL_GPL(vfs_removexattr); 403 404 405 /* 406 * Extended attribute SET operations 407 */ 408 static long 409 setxattr(struct dentry *d, const char __user *name, const void __user *value, 410 size_t size, int flags) 411 { 412 int error; 413 void *kvalue = NULL; 414 char kname[XATTR_NAME_MAX + 1]; 415 416 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 417 return -EINVAL; 418 419 error = strncpy_from_user(kname, name, sizeof(kname)); 420 if (error == 0 || error == sizeof(kname)) 421 error = -ERANGE; 422 if (error < 0) 423 return error; 424 425 if (size) { 426 if (size > XATTR_SIZE_MAX) 427 return -E2BIG; 428 kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); 429 if (!kvalue) { 430 kvalue = vmalloc(size); 431 if (!kvalue) 432 return -ENOMEM; 433 } 434 if (copy_from_user(kvalue, value, size)) { 435 error = -EFAULT; 436 goto out; 437 } 438 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 439 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 440 posix_acl_fix_xattr_from_user(kvalue, size); 441 } 442 443 error = vfs_setxattr(d, kname, kvalue, size, flags); 444 out: 445 kvfree(kvalue); 446 447 return error; 448 } 449 450 static int path_setxattr(const char __user *pathname, 451 const char __user *name, const void __user *value, 452 size_t size, int flags, unsigned int lookup_flags) 453 { 454 struct path path; 455 int error; 456 retry: 457 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 458 if (error) 459 return error; 460 error = mnt_want_write(path.mnt); 461 if (!error) { 462 error = setxattr(path.dentry, name, value, size, flags); 463 mnt_drop_write(path.mnt); 464 } 465 path_put(&path); 466 if (retry_estale(error, lookup_flags)) { 467 lookup_flags |= LOOKUP_REVAL; 468 goto retry; 469 } 470 return error; 471 } 472 473 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 474 const char __user *, name, const void __user *, value, 475 size_t, size, int, flags) 476 { 477 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 478 } 479 480 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 481 const char __user *, name, const void __user *, value, 482 size_t, size, int, flags) 483 { 484 return path_setxattr(pathname, name, value, size, flags, 0); 485 } 486 487 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 488 const void __user *,value, size_t, size, int, flags) 489 { 490 struct fd f = fdget(fd); 491 int error = -EBADF; 492 493 if (!f.file) 494 return error; 495 audit_file(f.file); 496 error = mnt_want_write_file(f.file); 497 if (!error) { 498 error = setxattr(f.file->f_path.dentry, name, value, size, flags); 499 mnt_drop_write_file(f.file); 500 } 501 fdput(f); 502 return error; 503 } 504 505 /* 506 * Extended attribute GET operations 507 */ 508 static ssize_t 509 getxattr(struct dentry *d, const char __user *name, void __user *value, 510 size_t size) 511 { 512 ssize_t error; 513 void *kvalue = NULL; 514 char kname[XATTR_NAME_MAX + 1]; 515 516 error = strncpy_from_user(kname, name, sizeof(kname)); 517 if (error == 0 || error == sizeof(kname)) 518 error = -ERANGE; 519 if (error < 0) 520 return error; 521 522 if (size) { 523 if (size > XATTR_SIZE_MAX) 524 size = XATTR_SIZE_MAX; 525 kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); 526 if (!kvalue) { 527 kvalue = vmalloc(size); 528 if (!kvalue) 529 return -ENOMEM; 530 } 531 } 532 533 error = vfs_getxattr(d, kname, kvalue, size); 534 if (error > 0) { 535 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 536 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 537 posix_acl_fix_xattr_to_user(kvalue, size); 538 if (size && copy_to_user(value, kvalue, error)) 539 error = -EFAULT; 540 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 541 /* The file system tried to returned a value bigger 542 than XATTR_SIZE_MAX bytes. Not possible. */ 543 error = -E2BIG; 544 } 545 546 kvfree(kvalue); 547 548 return error; 549 } 550 551 static ssize_t path_getxattr(const char __user *pathname, 552 const char __user *name, void __user *value, 553 size_t size, unsigned int lookup_flags) 554 { 555 struct path path; 556 ssize_t error; 557 retry: 558 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 559 if (error) 560 return error; 561 error = getxattr(path.dentry, name, value, size); 562 path_put(&path); 563 if (retry_estale(error, lookup_flags)) { 564 lookup_flags |= LOOKUP_REVAL; 565 goto retry; 566 } 567 return error; 568 } 569 570 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 571 const char __user *, name, void __user *, value, size_t, size) 572 { 573 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 574 } 575 576 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 577 const char __user *, name, void __user *, value, size_t, size) 578 { 579 return path_getxattr(pathname, name, value, size, 0); 580 } 581 582 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 583 void __user *, value, size_t, size) 584 { 585 struct fd f = fdget(fd); 586 ssize_t error = -EBADF; 587 588 if (!f.file) 589 return error; 590 audit_file(f.file); 591 error = getxattr(f.file->f_path.dentry, name, value, size); 592 fdput(f); 593 return error; 594 } 595 596 /* 597 * Extended attribute LIST operations 598 */ 599 static ssize_t 600 listxattr(struct dentry *d, char __user *list, size_t size) 601 { 602 ssize_t error; 603 char *klist = NULL; 604 605 if (size) { 606 if (size > XATTR_LIST_MAX) 607 size = XATTR_LIST_MAX; 608 klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); 609 if (!klist) { 610 klist = vmalloc(size); 611 if (!klist) 612 return -ENOMEM; 613 } 614 } 615 616 error = vfs_listxattr(d, klist, size); 617 if (error > 0) { 618 if (size && copy_to_user(list, klist, error)) 619 error = -EFAULT; 620 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 621 /* The file system tried to returned a list bigger 622 than XATTR_LIST_MAX bytes. Not possible. */ 623 error = -E2BIG; 624 } 625 626 kvfree(klist); 627 628 return error; 629 } 630 631 static ssize_t path_listxattr(const char __user *pathname, char __user *list, 632 size_t size, unsigned int lookup_flags) 633 { 634 struct path path; 635 ssize_t error; 636 retry: 637 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 638 if (error) 639 return error; 640 error = listxattr(path.dentry, list, size); 641 path_put(&path); 642 if (retry_estale(error, lookup_flags)) { 643 lookup_flags |= LOOKUP_REVAL; 644 goto retry; 645 } 646 return error; 647 } 648 649 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 650 size_t, size) 651 { 652 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 653 } 654 655 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 656 size_t, size) 657 { 658 return path_listxattr(pathname, list, size, 0); 659 } 660 661 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 662 { 663 struct fd f = fdget(fd); 664 ssize_t error = -EBADF; 665 666 if (!f.file) 667 return error; 668 audit_file(f.file); 669 error = listxattr(f.file->f_path.dentry, list, size); 670 fdput(f); 671 return error; 672 } 673 674 /* 675 * Extended attribute REMOVE operations 676 */ 677 static long 678 removexattr(struct dentry *d, const char __user *name) 679 { 680 int error; 681 char kname[XATTR_NAME_MAX + 1]; 682 683 error = strncpy_from_user(kname, name, sizeof(kname)); 684 if (error == 0 || error == sizeof(kname)) 685 error = -ERANGE; 686 if (error < 0) 687 return error; 688 689 return vfs_removexattr(d, kname); 690 } 691 692 static int path_removexattr(const char __user *pathname, 693 const char __user *name, unsigned int lookup_flags) 694 { 695 struct path path; 696 int error; 697 retry: 698 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 699 if (error) 700 return error; 701 error = mnt_want_write(path.mnt); 702 if (!error) { 703 error = removexattr(path.dentry, name); 704 mnt_drop_write(path.mnt); 705 } 706 path_put(&path); 707 if (retry_estale(error, lookup_flags)) { 708 lookup_flags |= LOOKUP_REVAL; 709 goto retry; 710 } 711 return error; 712 } 713 714 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 715 const char __user *, name) 716 { 717 return path_removexattr(pathname, name, LOOKUP_FOLLOW); 718 } 719 720 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 721 const char __user *, name) 722 { 723 return path_removexattr(pathname, name, 0); 724 } 725 726 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 727 { 728 struct fd f = fdget(fd); 729 int error = -EBADF; 730 731 if (!f.file) 732 return error; 733 audit_file(f.file); 734 error = mnt_want_write_file(f.file); 735 if (!error) { 736 error = removexattr(f.file->f_path.dentry, name); 737 mnt_drop_write_file(f.file); 738 } 739 fdput(f); 740 return error; 741 } 742 743 /* 744 * Combine the results of the list() operation from every xattr_handler in the 745 * list. 746 */ 747 ssize_t 748 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 749 { 750 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 751 unsigned int size = 0; 752 753 if (!buffer) { 754 for_each_xattr_handler(handlers, handler) { 755 if (!handler->name || 756 (handler->list && !handler->list(dentry))) 757 continue; 758 size += strlen(handler->name) + 1; 759 } 760 } else { 761 char *buf = buffer; 762 size_t len; 763 764 for_each_xattr_handler(handlers, handler) { 765 if (!handler->name || 766 (handler->list && !handler->list(dentry))) 767 continue; 768 len = strlen(handler->name); 769 if (len + 1 > buffer_size) 770 return -ERANGE; 771 memcpy(buf, handler->name, len + 1); 772 buf += len + 1; 773 buffer_size -= len + 1; 774 } 775 size = buf - buffer; 776 } 777 return size; 778 } 779 EXPORT_SYMBOL(generic_listxattr); 780 781 /** 782 * xattr_full_name - Compute full attribute name from suffix 783 * 784 * @handler: handler of the xattr_handler operation 785 * @name: name passed to the xattr_handler operation 786 * 787 * The get and set xattr handler operations are called with the remainder of 788 * the attribute name after skipping the handler's prefix: for example, "foo" 789 * is passed to the get operation of a handler with prefix "user." to get 790 * attribute "user.foo". The full name is still "there" in the name though. 791 * 792 * Note: the list xattr handler operation when called from the vfs is passed a 793 * NULL name; some file systems use this operation internally, with varying 794 * semantics. 795 */ 796 const char *xattr_full_name(const struct xattr_handler *handler, 797 const char *name) 798 { 799 size_t prefix_len = strlen(xattr_prefix(handler)); 800 801 return name - prefix_len; 802 } 803 EXPORT_SYMBOL(xattr_full_name); 804 805 /* 806 * Allocate new xattr and copy in the value; but leave the name to callers. 807 */ 808 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 809 { 810 struct simple_xattr *new_xattr; 811 size_t len; 812 813 /* wrap around? */ 814 len = sizeof(*new_xattr) + size; 815 if (len < sizeof(*new_xattr)) 816 return NULL; 817 818 new_xattr = kmalloc(len, GFP_KERNEL); 819 if (!new_xattr) 820 return NULL; 821 822 new_xattr->size = size; 823 memcpy(new_xattr->value, value, size); 824 return new_xattr; 825 } 826 827 /* 828 * xattr GET operation for in-memory/pseudo filesystems 829 */ 830 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 831 void *buffer, size_t size) 832 { 833 struct simple_xattr *xattr; 834 int ret = -ENODATA; 835 836 spin_lock(&xattrs->lock); 837 list_for_each_entry(xattr, &xattrs->head, list) { 838 if (strcmp(name, xattr->name)) 839 continue; 840 841 ret = xattr->size; 842 if (buffer) { 843 if (size < xattr->size) 844 ret = -ERANGE; 845 else 846 memcpy(buffer, xattr->value, xattr->size); 847 } 848 break; 849 } 850 spin_unlock(&xattrs->lock); 851 return ret; 852 } 853 854 /** 855 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems 856 * @xattrs: target simple_xattr list 857 * @name: name of the extended attribute 858 * @value: value of the xattr. If %NULL, will remove the attribute. 859 * @size: size of the new xattr 860 * @flags: %XATTR_{CREATE|REPLACE} 861 * 862 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails 863 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; 864 * otherwise, fails with -ENODATA. 865 * 866 * Returns 0 on success, -errno on failure. 867 */ 868 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, 869 const void *value, size_t size, int flags) 870 { 871 struct simple_xattr *xattr; 872 struct simple_xattr *new_xattr = NULL; 873 int err = 0; 874 875 /* value == NULL means remove */ 876 if (value) { 877 new_xattr = simple_xattr_alloc(value, size); 878 if (!new_xattr) 879 return -ENOMEM; 880 881 new_xattr->name = kstrdup(name, GFP_KERNEL); 882 if (!new_xattr->name) { 883 kfree(new_xattr); 884 return -ENOMEM; 885 } 886 } 887 888 spin_lock(&xattrs->lock); 889 list_for_each_entry(xattr, &xattrs->head, list) { 890 if (!strcmp(name, xattr->name)) { 891 if (flags & XATTR_CREATE) { 892 xattr = new_xattr; 893 err = -EEXIST; 894 } else if (new_xattr) { 895 list_replace(&xattr->list, &new_xattr->list); 896 } else { 897 list_del(&xattr->list); 898 } 899 goto out; 900 } 901 } 902 if (flags & XATTR_REPLACE) { 903 xattr = new_xattr; 904 err = -ENODATA; 905 } else { 906 list_add(&new_xattr->list, &xattrs->head); 907 xattr = NULL; 908 } 909 out: 910 spin_unlock(&xattrs->lock); 911 if (xattr) { 912 kfree(xattr->name); 913 kfree(xattr); 914 } 915 return err; 916 917 } 918 919 static bool xattr_is_trusted(const char *name) 920 { 921 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 922 } 923 924 static int xattr_list_one(char **buffer, ssize_t *remaining_size, 925 const char *name) 926 { 927 size_t len = strlen(name) + 1; 928 if (*buffer) { 929 if (*remaining_size < len) 930 return -ERANGE; 931 memcpy(*buffer, name, len); 932 *buffer += len; 933 } 934 *remaining_size -= len; 935 return 0; 936 } 937 938 /* 939 * xattr LIST operation for in-memory/pseudo filesystems 940 */ 941 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 942 char *buffer, size_t size) 943 { 944 bool trusted = capable(CAP_SYS_ADMIN); 945 struct simple_xattr *xattr; 946 ssize_t remaining_size = size; 947 int err = 0; 948 949 #ifdef CONFIG_FS_POSIX_ACL 950 if (inode->i_acl) { 951 err = xattr_list_one(&buffer, &remaining_size, 952 XATTR_NAME_POSIX_ACL_ACCESS); 953 if (err) 954 return err; 955 } 956 if (inode->i_default_acl) { 957 err = xattr_list_one(&buffer, &remaining_size, 958 XATTR_NAME_POSIX_ACL_DEFAULT); 959 if (err) 960 return err; 961 } 962 #endif 963 964 spin_lock(&xattrs->lock); 965 list_for_each_entry(xattr, &xattrs->head, list) { 966 /* skip "trusted." attributes for unprivileged callers */ 967 if (!trusted && xattr_is_trusted(xattr->name)) 968 continue; 969 970 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 971 if (err) 972 break; 973 } 974 spin_unlock(&xattrs->lock); 975 976 return err ? err : size - remaining_size; 977 } 978 979 /* 980 * Adds an extended attribute to the list 981 */ 982 void simple_xattr_list_add(struct simple_xattrs *xattrs, 983 struct simple_xattr *new_xattr) 984 { 985 spin_lock(&xattrs->lock); 986 list_add(&new_xattr->list, &xattrs->head); 987 spin_unlock(&xattrs->lock); 988 } 989