TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / third_party / linux / 0e64123141f3854e695eb4924d82b52856691466 / . / fs / xattr.c
blob: f2854570d411995fbbd2ac0449865b696e18bb73 [file] [log] [blame]
David Brazdil0f672f62019-12-10 10:32:29 +0000[diff] [blame]1// SPDX-License-Identifier: GPL-2.0-only
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]2/*
3 File: fs/xattr.c
4
5 Extended attribute handling.
6
7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 */
11#include <linux/fs.h>
12#include <linux/slab.h>
13#include <linux/file.h>
14#include <linux/xattr.h>
15#include <linux/mount.h>
16#include <linux/namei.h>
17#include <linux/security.h>
18#include <linux/evm.h>
19#include <linux/syscalls.h>
20#include <linux/export.h>
21#include <linux/fsnotify.h>
22#include <linux/audit.h>
23#include <linux/vmalloc.h>
24#include <linux/posix_acl_xattr.h>
25
26#include <linux/uaccess.h>
27
28static const char *
29strcmp_prefix(const char *a, const char *a_prefix)
30{
31 while (*a_prefix && *a == *a_prefix) {
32 a++;
33 a_prefix++;
34 }
35 return *a_prefix ? NULL : a;
36}
37
38/*
39 * In order to implement different sets of xattr operations for each xattr
40 * prefix, a filesystem should create a null-terminated array of struct
41 * xattr_handler (one for each prefix) and hang a pointer to it off of the
42 * s_xattr field of the superblock.
43 */
44#define for_each_xattr_handler(handlers, handler) \
45 if (handlers) \
46 for ((handler) = *(handlers)++; \
47 (handler) != NULL; \
48 (handler) = *(handlers)++)
49
50/*
51 * Find the xattr_handler with the matching prefix.
52 */
53static const struct xattr_handler *
54xattr_resolve_name(struct inode *inode, const char **name)
55{
56 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 const struct xattr_handler *handler;
58
59 if (!(inode->i_opflags & IOP_XATTR)) {
60 if (unlikely(is_bad_inode(inode)))
61 return ERR_PTR(-EIO);
62 return ERR_PTR(-EOPNOTSUPP);
63 }
64 for_each_xattr_handler(handlers, handler) {
65 const char *n;
66
67 n = strcmp_prefix(*name, xattr_prefix(handler));
68 if (n) {
69 if (!handler->prefix ^ !*n) {
70 if (*n)
71 continue;
72 return ERR_PTR(-EINVAL);
73 }
74 *name = n;
75 return handler;
76 }
77 }
78 return ERR_PTR(-EOPNOTSUPP);
79}
80
81/*
82 * Check permissions for extended attribute access. This is a bit complicated
83 * because different namespaces have very different rules.
84 */
85static int
86xattr_permission(struct inode *inode, const char *name, int mask)
87{
88 /*
89 * We can never set or remove an extended attribute on a read-only
90 * filesystem or on an immutable / append-only inode.
91 */
92 if (mask & MAY_WRITE) {
93 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
94 return -EPERM;
95 /*
96 * Updating an xattr will likely cause i_uid and i_gid
97 * to be writen back improperly if their true value is
98 * unknown to the vfs.
99 */
100 if (HAS_UNMAPPED_ID(inode))
101 return -EPERM;
102 }
103
104 /*
105 * No restriction for security.* and system.* from the VFS. Decision
106 * on these is left to the underlying filesystem / security module.
107 */
108 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
109 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
110 return 0;
111
112 /*
113 * The trusted.* namespace can only be accessed by privileged users.
114 */
115 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
116 if (!capable(CAP_SYS_ADMIN))
117 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
118 return 0;
119 }
120
121 /*
122 * In the user.* namespace, only regular files and directories can have
123 * extended attributes. For sticky directories, only the owner and
124 * privileged users can write attributes.
125 */
126 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
127 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
128 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
129 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
130 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
131 return -EPERM;
132 }
133
134 return inode_permission(inode, mask);
135}
136
137int
138__vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
139 const void *value, size_t size, int flags)
140{
141 const struct xattr_handler *handler;
142
143 handler = xattr_resolve_name(inode, &name);
144 if (IS_ERR(handler))
145 return PTR_ERR(handler);
146 if (!handler->set)
147 return -EOPNOTSUPP;
148 if (size == 0)
149 value = ""; /* empty EA, do not remove */
150 return handler->set(handler, dentry, inode, name, value, size, flags);
151}
152EXPORT_SYMBOL(__vfs_setxattr);
153
154/**
155 * __vfs_setxattr_noperm - perform setxattr operation without performing
156 * permission checks.
157 *
158 * @dentry - object to perform setxattr on
159 * @name - xattr name to set
160 * @value - value to set @name to
161 * @size - size of @value
162 * @flags - flags to pass into filesystem operations
163 *
164 * returns the result of the internal setxattr or setsecurity operations.
165 *
166 * This function requires the caller to lock the inode's i_mutex before it
167 * is executed. It also assumes that the caller will make the appropriate
168 * permission checks.
169 */
170int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
171 const void *value, size_t size, int flags)
172{
173 struct inode *inode = dentry->d_inode;
174 int error = -EAGAIN;
175 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
176 XATTR_SECURITY_PREFIX_LEN);
177
178 if (issec)
179 inode->i_flags &= ~S_NOSEC;
180 if (inode->i_opflags & IOP_XATTR) {
181 error = __vfs_setxattr(dentry, inode, name, value, size, flags);
182 if (!error) {
183 fsnotify_xattr(dentry);
184 security_inode_post_setxattr(dentry, name, value,
185 size, flags);
186 }
187 } else {
188 if (unlikely(is_bad_inode(inode)))
189 return -EIO;
190 }
191 if (error == -EAGAIN) {
192 error = -EOPNOTSUPP;
193
194 if (issec) {
195 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
196
197 error = security_inode_setsecurity(inode, suffix, value,
198 size, flags);
199 if (!error)
200 fsnotify_xattr(dentry);
201 }
202 }
203
204 return error;
205}
206
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]207/**
208 * __vfs_setxattr_locked: set an extended attribute while holding the inode
209 * lock
210 *
211 * @dentry - object to perform setxattr on
212 * @name - xattr name to set
213 * @value - value to set @name to
214 * @size - size of @value
215 * @flags - flags to pass into filesystem operations
216 * @delegated_inode - on return, will contain an inode pointer that
217 * a delegation was broken on, NULL if none.
218 */
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]219int
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]220__vfs_setxattr_locked(struct dentry *dentry, const char *name,
221 const void *value, size_t size, int flags,
222 struct inode **delegated_inode)
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]223{
224 struct inode *inode = dentry->d_inode;
225 int error;
226
227 error = xattr_permission(inode, name, MAY_WRITE);
228 if (error)
229 return error;
230
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]231 error = security_inode_setxattr(dentry, name, value, size, flags);
232 if (error)
233 goto out;
234
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]235 error = try_break_deleg(inode, delegated_inode);
236 if (error)
237 goto out;
238
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]239 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
240
241out:
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]242 return error;
243}
244EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
245
246int
247vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
248 size_t size, int flags)
249{
250 struct inode *inode = dentry->d_inode;
251 struct inode *delegated_inode = NULL;
252 int error;
253
254retry_deleg:
255 inode_lock(inode);
256 error = __vfs_setxattr_locked(dentry, name, value, size, flags,
257 &delegated_inode);
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]258 inode_unlock(inode);
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]259
260 if (delegated_inode) {
261 error = break_deleg_wait(&delegated_inode);
262 if (!error)
263 goto retry_deleg;
264 }
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]265 return error;
266}
267EXPORT_SYMBOL_GPL(vfs_setxattr);
268
269static ssize_t
270xattr_getsecurity(struct inode *inode, const char *name, void *value,
271 size_t size)
272{
273 void *buffer = NULL;
274 ssize_t len;
275
276 if (!value || !size) {
277 len = security_inode_getsecurity(inode, name, &buffer, false);
278 goto out_noalloc;
279 }
280
281 len = security_inode_getsecurity(inode, name, &buffer, true);
282 if (len < 0)
283 return len;
284 if (size < len) {
285 len = -ERANGE;
286 goto out;
287 }
288 memcpy(value, buffer, len);
289out:
290 kfree(buffer);
291out_noalloc:
292 return len;
293}
294
295/*
296 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
297 *
298 * Allocate memory, if not already allocated, or re-allocate correct size,
299 * before retrieving the extended attribute.
300 *
301 * Returns the result of alloc, if failed, or the getxattr operation.
302 */
303ssize_t
304vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
305 size_t xattr_size, gfp_t flags)
306{
307 const struct xattr_handler *handler;
308 struct inode *inode = dentry->d_inode;
309 char *value = *xattr_value;
310 int error;
311
312 error = xattr_permission(inode, name, MAY_READ);
313 if (error)
314 return error;
315
316 handler = xattr_resolve_name(inode, &name);
317 if (IS_ERR(handler))
318 return PTR_ERR(handler);
319 if (!handler->get)
320 return -EOPNOTSUPP;
321 error = handler->get(handler, dentry, inode, name, NULL, 0);
322 if (error < 0)
323 return error;
324
325 if (!value || (error > xattr_size)) {
326 value = krealloc(*xattr_value, error + 1, flags);
327 if (!value)
328 return -ENOMEM;
329 memset(value, 0, error + 1);
330 }
331
332 error = handler->get(handler, dentry, inode, name, value, error);
333 *xattr_value = value;
334 return error;
335}
336
337ssize_t
338__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
339 void *value, size_t size)
340{
341 const struct xattr_handler *handler;
342
343 handler = xattr_resolve_name(inode, &name);
344 if (IS_ERR(handler))
345 return PTR_ERR(handler);
346 if (!handler->get)
347 return -EOPNOTSUPP;
348 return handler->get(handler, dentry, inode, name, value, size);
349}
350EXPORT_SYMBOL(__vfs_getxattr);
351
352ssize_t
353vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
354{
355 struct inode *inode = dentry->d_inode;
356 int error;
357
358 error = xattr_permission(inode, name, MAY_READ);
359 if (error)
360 return error;
361
362 error = security_inode_getxattr(dentry, name);
363 if (error)
364 return error;
365
366 if (!strncmp(name, XATTR_SECURITY_PREFIX,
367 XATTR_SECURITY_PREFIX_LEN)) {
368 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
369 int ret = xattr_getsecurity(inode, suffix, value, size);
370 /*
371 * Only overwrite the return value if a security module
372 * is actually active.
373 */
374 if (ret == -EOPNOTSUPP)
375 goto nolsm;
376 return ret;
377 }
378nolsm:
379 return __vfs_getxattr(dentry, inode, name, value, size);
380}
381EXPORT_SYMBOL_GPL(vfs_getxattr);
382
383ssize_t
384vfs_listxattr(struct dentry *dentry, char *list, size_t size)
385{
386 struct inode *inode = d_inode(dentry);
387 ssize_t error;
388
389 error = security_inode_listxattr(dentry);
390 if (error)
391 return error;
392 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
393 error = inode->i_op->listxattr(dentry, list, size);
394 } else {
395 error = security_inode_listsecurity(inode, list, size);
396 if (size && error > size)
397 error = -ERANGE;
398 }
399 return error;
400}
401EXPORT_SYMBOL_GPL(vfs_listxattr);
402
403int
404__vfs_removexattr(struct dentry *dentry, const char *name)
405{
406 struct inode *inode = d_inode(dentry);
407 const struct xattr_handler *handler;
408
409 handler = xattr_resolve_name(inode, &name);
410 if (IS_ERR(handler))
411 return PTR_ERR(handler);
412 if (!handler->set)
413 return -EOPNOTSUPP;
414 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
415}
416EXPORT_SYMBOL(__vfs_removexattr);
417
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]418/**
419 * __vfs_removexattr_locked: set an extended attribute while holding the inode
420 * lock
421 *
422 * @dentry - object to perform setxattr on
423 * @name - name of xattr to remove
424 * @delegated_inode - on return, will contain an inode pointer that
425 * a delegation was broken on, NULL if none.
426 */
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]427int
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]428__vfs_removexattr_locked(struct dentry *dentry, const char *name,
429 struct inode **delegated_inode)
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]430{
431 struct inode *inode = dentry->d_inode;
432 int error;
433
434 error = xattr_permission(inode, name, MAY_WRITE);
435 if (error)
436 return error;
437
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]438 error = security_inode_removexattr(dentry, name);
439 if (error)
440 goto out;
441
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]442 error = try_break_deleg(inode, delegated_inode);
443 if (error)
444 goto out;
445
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]446 error = __vfs_removexattr(dentry, name);
447
448 if (!error) {
449 fsnotify_xattr(dentry);
450 evm_inode_post_removexattr(dentry, name);
451 }
452
453out:
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]454 return error;
455}
456EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
457
458int
459vfs_removexattr(struct dentry *dentry, const char *name)
460{
461 struct inode *inode = dentry->d_inode;
462 struct inode *delegated_inode = NULL;
463 int error;
464
465retry_deleg:
466 inode_lock(inode);
467 error = __vfs_removexattr_locked(dentry, name, &delegated_inode);
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]468 inode_unlock(inode);
Olivier Deprez0e641232021-09-23 10:07:05 +0200[diff] [blame^]469
470 if (delegated_inode) {
471 error = break_deleg_wait(&delegated_inode);
472 if (!error)
473 goto retry_deleg;
474 }
475
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]476 return error;
477}
478EXPORT_SYMBOL_GPL(vfs_removexattr);
479
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]480/*
481 * Extended attribute SET operations
482 */
483static long
484setxattr(struct dentry *d, const char __user *name, const void __user *value,
485 size_t size, int flags)
486{
487 int error;
488 void *kvalue = NULL;
489 char kname[XATTR_NAME_MAX + 1];
490
491 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
492 return -EINVAL;
493
494 error = strncpy_from_user(kname, name, sizeof(kname));
495 if (error == 0 || error == sizeof(kname))
496 error = -ERANGE;
497 if (error < 0)
498 return error;
499
500 if (size) {
501 if (size > XATTR_SIZE_MAX)
502 return -E2BIG;
503 kvalue = kvmalloc(size, GFP_KERNEL);
504 if (!kvalue)
505 return -ENOMEM;
506 if (copy_from_user(kvalue, value, size)) {
507 error = -EFAULT;
508 goto out;
509 }
510 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
511 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
512 posix_acl_fix_xattr_from_user(kvalue, size);
513 else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
514 error = cap_convert_nscap(d, &kvalue, size);
515 if (error < 0)
516 goto out;
517 size = error;
518 }
519 }
520
521 error = vfs_setxattr(d, kname, kvalue, size, flags);
522out:
523 kvfree(kvalue);
524
525 return error;
526}
527
528static int path_setxattr(const char __user *pathname,
529 const char __user *name, const void __user *value,
530 size_t size, int flags, unsigned int lookup_flags)
531{
532 struct path path;
533 int error;
534retry:
535 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
536 if (error)
537 return error;
538 error = mnt_want_write(path.mnt);
539 if (!error) {
540 error = setxattr(path.dentry, name, value, size, flags);
541 mnt_drop_write(path.mnt);
542 }
543 path_put(&path);
544 if (retry_estale(error, lookup_flags)) {
545 lookup_flags |= LOOKUP_REVAL;
546 goto retry;
547 }
548 return error;
549}
550
551SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
552 const char __user *, name, const void __user *, value,
553 size_t, size, int, flags)
554{
555 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
556}
557
558SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
559 const char __user *, name, const void __user *, value,
560 size_t, size, int, flags)
561{
562 return path_setxattr(pathname, name, value, size, flags, 0);
563}
564
565SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
566 const void __user *,value, size_t, size, int, flags)
567{
568 struct fd f = fdget(fd);
569 int error = -EBADF;
570
571 if (!f.file)
572 return error;
573 audit_file(f.file);
574 error = mnt_want_write_file(f.file);
575 if (!error) {
576 error = setxattr(f.file->f_path.dentry, name, value, size, flags);
577 mnt_drop_write_file(f.file);
578 }
579 fdput(f);
580 return error;
581}
582
583/*
584 * Extended attribute GET operations
585 */
586static ssize_t
587getxattr(struct dentry *d, const char __user *name, void __user *value,
588 size_t size)
589{
590 ssize_t error;
591 void *kvalue = NULL;
592 char kname[XATTR_NAME_MAX + 1];
593
594 error = strncpy_from_user(kname, name, sizeof(kname));
595 if (error == 0 || error == sizeof(kname))
596 error = -ERANGE;
597 if (error < 0)
598 return error;
599
600 if (size) {
601 if (size > XATTR_SIZE_MAX)
602 size = XATTR_SIZE_MAX;
603 kvalue = kvzalloc(size, GFP_KERNEL);
604 if (!kvalue)
605 return -ENOMEM;
606 }
607
608 error = vfs_getxattr(d, kname, kvalue, size);
609 if (error > 0) {
610 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
611 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
612 posix_acl_fix_xattr_to_user(kvalue, error);
613 if (size && copy_to_user(value, kvalue, error))
614 error = -EFAULT;
615 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
616 /* The file system tried to returned a value bigger
617 than XATTR_SIZE_MAX bytes. Not possible. */
618 error = -E2BIG;
619 }
620
621 kvfree(kvalue);
622
623 return error;
624}
625
626static ssize_t path_getxattr(const char __user *pathname,
627 const char __user *name, void __user *value,
628 size_t size, unsigned int lookup_flags)
629{
630 struct path path;
631 ssize_t error;
632retry:
633 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
634 if (error)
635 return error;
636 error = getxattr(path.dentry, name, value, size);
637 path_put(&path);
638 if (retry_estale(error, lookup_flags)) {
639 lookup_flags |= LOOKUP_REVAL;
640 goto retry;
641 }
642 return error;
643}
644
645SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
646 const char __user *, name, void __user *, value, size_t, size)
647{
648 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
649}
650
651SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
652 const char __user *, name, void __user *, value, size_t, size)
653{
654 return path_getxattr(pathname, name, value, size, 0);
655}
656
657SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
658 void __user *, value, size_t, size)
659{
660 struct fd f = fdget(fd);
661 ssize_t error = -EBADF;
662
663 if (!f.file)
664 return error;
665 audit_file(f.file);
666 error = getxattr(f.file->f_path.dentry, name, value, size);
667 fdput(f);
668 return error;
669}
670
671/*
672 * Extended attribute LIST operations
673 */
674static ssize_t
675listxattr(struct dentry *d, char __user *list, size_t size)
676{
677 ssize_t error;
678 char *klist = NULL;
679
680 if (size) {
681 if (size > XATTR_LIST_MAX)
682 size = XATTR_LIST_MAX;
683 klist = kvmalloc(size, GFP_KERNEL);
684 if (!klist)
685 return -ENOMEM;
686 }
687
688 error = vfs_listxattr(d, klist, size);
689 if (error > 0) {
690 if (size && copy_to_user(list, klist, error))
691 error = -EFAULT;
692 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
693 /* The file system tried to returned a list bigger
694 than XATTR_LIST_MAX bytes. Not possible. */
695 error = -E2BIG;
696 }
697
698 kvfree(klist);
699
700 return error;
701}
702
703static ssize_t path_listxattr(const char __user *pathname, char __user *list,
704 size_t size, unsigned int lookup_flags)
705{
706 struct path path;
707 ssize_t error;
708retry:
709 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
710 if (error)
711 return error;
712 error = listxattr(path.dentry, list, size);
713 path_put(&path);
714 if (retry_estale(error, lookup_flags)) {
715 lookup_flags |= LOOKUP_REVAL;
716 goto retry;
717 }
718 return error;
719}
720
721SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
722 size_t, size)
723{
724 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
725}
726
727SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
728 size_t, size)
729{
730 return path_listxattr(pathname, list, size, 0);
731}
732
733SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
734{
735 struct fd f = fdget(fd);
736 ssize_t error = -EBADF;
737
738 if (!f.file)
739 return error;
740 audit_file(f.file);
741 error = listxattr(f.file->f_path.dentry, list, size);
742 fdput(f);
743 return error;
744}
745
746/*
747 * Extended attribute REMOVE operations
748 */
749static long
750removexattr(struct dentry *d, const char __user *name)
751{
752 int error;
753 char kname[XATTR_NAME_MAX + 1];
754
755 error = strncpy_from_user(kname, name, sizeof(kname));
756 if (error == 0 || error == sizeof(kname))
757 error = -ERANGE;
758 if (error < 0)
759 return error;
760
761 return vfs_removexattr(d, kname);
762}
763
764static int path_removexattr(const char __user *pathname,
765 const char __user *name, unsigned int lookup_flags)
766{
767 struct path path;
768 int error;
769retry:
770 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
771 if (error)
772 return error;
773 error = mnt_want_write(path.mnt);
774 if (!error) {
775 error = removexattr(path.dentry, name);
776 mnt_drop_write(path.mnt);
777 }
778 path_put(&path);
779 if (retry_estale(error, lookup_flags)) {
780 lookup_flags |= LOOKUP_REVAL;
781 goto retry;
782 }
783 return error;
784}
785
786SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
787 const char __user *, name)
788{
789 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
790}
791
792SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
793 const char __user *, name)
794{
795 return path_removexattr(pathname, name, 0);
796}
797
798SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
799{
800 struct fd f = fdget(fd);
801 int error = -EBADF;
802
803 if (!f.file)
804 return error;
805 audit_file(f.file);
806 error = mnt_want_write_file(f.file);
807 if (!error) {
808 error = removexattr(f.file->f_path.dentry, name);
809 mnt_drop_write_file(f.file);
810 }
811 fdput(f);
812 return error;
813}
814
815/*
816 * Combine the results of the list() operation from every xattr_handler in the
817 * list.
818 */
819ssize_t
820generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
821{
822 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
823 unsigned int size = 0;
824
825 if (!buffer) {
826 for_each_xattr_handler(handlers, handler) {
827 if (!handler->name ||
828 (handler->list && !handler->list(dentry)))
829 continue;
830 size += strlen(handler->name) + 1;
831 }
832 } else {
833 char *buf = buffer;
834 size_t len;
835
836 for_each_xattr_handler(handlers, handler) {
837 if (!handler->name ||
838 (handler->list && !handler->list(dentry)))
839 continue;
840 len = strlen(handler->name);
841 if (len + 1 > buffer_size)
842 return -ERANGE;
843 memcpy(buf, handler->name, len + 1);
844 buf += len + 1;
845 buffer_size -= len + 1;
846 }
847 size = buf - buffer;
848 }
849 return size;
850}
851EXPORT_SYMBOL(generic_listxattr);
852
853/**
854 * xattr_full_name - Compute full attribute name from suffix
855 *
856 * @handler: handler of the xattr_handler operation
857 * @name: name passed to the xattr_handler operation
858 *
859 * The get and set xattr handler operations are called with the remainder of
860 * the attribute name after skipping the handler's prefix: for example, "foo"
861 * is passed to the get operation of a handler with prefix "user." to get
862 * attribute "user.foo". The full name is still "there" in the name though.
863 *
864 * Note: the list xattr handler operation when called from the vfs is passed a
865 * NULL name; some file systems use this operation internally, with varying
866 * semantics.
867 */
868const char *xattr_full_name(const struct xattr_handler *handler,
869 const char *name)
870{
871 size_t prefix_len = strlen(xattr_prefix(handler));
872
873 return name - prefix_len;
874}
875EXPORT_SYMBOL(xattr_full_name);
876
877/*
878 * Allocate new xattr and copy in the value; but leave the name to callers.
879 */
880struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
881{
882 struct simple_xattr *new_xattr;
883 size_t len;
884
885 /* wrap around? */
886 len = sizeof(*new_xattr) + size;
887 if (len < sizeof(*new_xattr))
888 return NULL;
889
890 new_xattr = kmalloc(len, GFP_KERNEL);
891 if (!new_xattr)
892 return NULL;
893
894 new_xattr->size = size;
895 memcpy(new_xattr->value, value, size);
896 return new_xattr;
897}
898
899/*
900 * xattr GET operation for in-memory/pseudo filesystems
901 */
902int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
903 void *buffer, size_t size)
904{
905 struct simple_xattr *xattr;
906 int ret = -ENODATA;
907
908 spin_lock(&xattrs->lock);
909 list_for_each_entry(xattr, &xattrs->head, list) {
910 if (strcmp(name, xattr->name))
911 continue;
912
913 ret = xattr->size;
914 if (buffer) {
915 if (size < xattr->size)
916 ret = -ERANGE;
917 else
918 memcpy(buffer, xattr->value, xattr->size);
919 }
920 break;
921 }
922 spin_unlock(&xattrs->lock);
923 return ret;
924}
925
926/**
927 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
928 * @xattrs: target simple_xattr list
929 * @name: name of the extended attribute
930 * @value: value of the xattr. If %NULL, will remove the attribute.
931 * @size: size of the new xattr
932 * @flags: %XATTR_{CREATE|REPLACE}
933 *
934 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
935 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
936 * otherwise, fails with -ENODATA.
937 *
938 * Returns 0 on success, -errno on failure.
939 */
940int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
941 const void *value, size_t size, int flags)
942{
943 struct simple_xattr *xattr;
944 struct simple_xattr *new_xattr = NULL;
945 int err = 0;
946
947 /* value == NULL means remove */
948 if (value) {
949 new_xattr = simple_xattr_alloc(value, size);
950 if (!new_xattr)
951 return -ENOMEM;
952
953 new_xattr->name = kstrdup(name, GFP_KERNEL);
954 if (!new_xattr->name) {
955 kfree(new_xattr);
956 return -ENOMEM;
957 }
958 }
959
960 spin_lock(&xattrs->lock);
961 list_for_each_entry(xattr, &xattrs->head, list) {
962 if (!strcmp(name, xattr->name)) {
963 if (flags & XATTR_CREATE) {
964 xattr = new_xattr;
965 err = -EEXIST;
966 } else if (new_xattr) {
967 list_replace(&xattr->list, &new_xattr->list);
968 } else {
969 list_del(&xattr->list);
970 }
971 goto out;
972 }
973 }
974 if (flags & XATTR_REPLACE) {
975 xattr = new_xattr;
976 err = -ENODATA;
977 } else {
978 list_add(&new_xattr->list, &xattrs->head);
979 xattr = NULL;
980 }
981out:
982 spin_unlock(&xattrs->lock);
983 if (xattr) {
984 kfree(xattr->name);
985 kfree(xattr);
986 }
987 return err;
988
989}
990
991static bool xattr_is_trusted(const char *name)
992{
993 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
994}
995
996static int xattr_list_one(char **buffer, ssize_t *remaining_size,
997 const char *name)
998{
999 size_t len = strlen(name) + 1;
1000 if (*buffer) {
1001 if (*remaining_size < len)
1002 return -ERANGE;
1003 memcpy(*buffer, name, len);
1004 *buffer += len;
1005 }
1006 *remaining_size -= len;
1007 return 0;
1008}
1009
1010/*
1011 * xattr LIST operation for in-memory/pseudo filesystems
1012 */
1013ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1014 char *buffer, size_t size)
1015{
1016 bool trusted = capable(CAP_SYS_ADMIN);
1017 struct simple_xattr *xattr;
1018 ssize_t remaining_size = size;
1019 int err = 0;
1020
1021#ifdef CONFIG_FS_POSIX_ACL
1022 if (IS_POSIXACL(inode)) {
1023 if (inode->i_acl) {
1024 err = xattr_list_one(&buffer, &remaining_size,
1025 XATTR_NAME_POSIX_ACL_ACCESS);
1026 if (err)
1027 return err;
1028 }
1029 if (inode->i_default_acl) {
1030 err = xattr_list_one(&buffer, &remaining_size,
1031 XATTR_NAME_POSIX_ACL_DEFAULT);
1032 if (err)
1033 return err;
1034 }
1035 }
1036#endif
1037
1038 spin_lock(&xattrs->lock);
1039 list_for_each_entry(xattr, &xattrs->head, list) {
1040 /* skip "trusted." attributes for unprivileged callers */
1041 if (!trusted && xattr_is_trusted(xattr->name))
1042 continue;
1043
1044 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1045 if (err)
1046 break;
1047 }
1048 spin_unlock(&xattrs->lock);
1049
1050 return err ? err : size - remaining_size;
1051}
1052
1053/*
1054 * Adds an extended attribute to the list
1055 */
1056void simple_xattr_list_add(struct simple_xattrs *xattrs,
1057 struct simple_xattr *new_xattr)
1058{
1059 spin_lock(&xattrs->lock);
1060 list_add(&new_xattr->list, &xattrs->head);
1061 spin_unlock(&xattrs->lock);
1062}