1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2017-2018 HUAWEI, Inc. 4 * https://www.huawei.com/ 5 * Copyright (C) 2021-2022, Alibaba Cloud 6 */ 7 #include <linux/security.h> 8 #include <linux/xxhash.h> 9 #include "xattr.h" 10 11 struct erofs_xattr_iter { 12 struct super_block *sb; 13 struct erofs_buf buf; 14 erofs_off_t pos; 15 void *kaddr; 16 17 char *buffer; 18 int buffer_size, buffer_ofs; 19 20 /* getxattr */ 21 int index, infix_len; 22 struct qstr name; 23 24 /* listxattr */ 25 struct dentry *dentry; 26 }; 27 28 static int erofs_init_inode_xattrs(struct inode *inode) 29 { 30 struct erofs_inode *const vi = EROFS_I(inode); 31 struct erofs_xattr_iter it; 32 unsigned int i; 33 struct erofs_xattr_ibody_header *ih; 34 struct super_block *sb = inode->i_sb; 35 int ret = 0; 36 37 /* the most case is that xattrs of this inode are initialized. */ 38 if (test_bit(EROFS_I_EA_INITED_BIT, &vi->flags)) { 39 /* 40 * paired with smp_mb() at the end of the function to ensure 41 * fields will only be observed after the bit is set. 42 */ 43 smp_mb(); 44 return 0; 45 } 46 47 if (wait_on_bit_lock(&vi->flags, EROFS_I_BL_XATTR_BIT, TASK_KILLABLE)) 48 return -ERESTARTSYS; 49 50 /* someone has initialized xattrs for us? */ 51 if (test_bit(EROFS_I_EA_INITED_BIT, &vi->flags)) 52 goto out_unlock; 53 54 /* 55 * bypass all xattr operations if ->xattr_isize is not greater than 56 * sizeof(struct erofs_xattr_ibody_header), in detail: 57 * 1) it is not enough to contain erofs_xattr_ibody_header then 58 * ->xattr_isize should be 0 (it means no xattr); 59 * 2) it is just to contain erofs_xattr_ibody_header, which is on-disk 60 * undefined right now (maybe use later with some new sb feature). 61 */ 62 if (vi->xattr_isize == sizeof(struct erofs_xattr_ibody_header)) { 63 erofs_err(sb, 64 "xattr_isize %d of nid %llu is not supported yet", 65 vi->xattr_isize, vi->nid); 66 ret = -EOPNOTSUPP; 67 goto out_unlock; 68 } else if (vi->xattr_isize < sizeof(struct erofs_xattr_ibody_header)) { 69 if (vi->xattr_isize) { 70 erofs_err(sb, "bogus xattr ibody @ nid %llu", vi->nid); 71 DBG_BUGON(1); 72 ret = -EFSCORRUPTED; 73 goto out_unlock; /* xattr ondisk layout error */ 74 } 75 ret = -ENOATTR; 76 goto out_unlock; 77 } 78 79 it.buf = __EROFS_BUF_INITIALIZER; 80 erofs_init_metabuf(&it.buf, sb); 81 it.pos = erofs_iloc(inode) + vi->inode_isize; 82 83 /* read in shared xattr array (non-atomic, see kmalloc below) */ 84 it.kaddr = erofs_bread(&it.buf, it.pos, EROFS_KMAP); 85 if (IS_ERR(it.kaddr)) { 86 ret = PTR_ERR(it.kaddr); 87 goto out_unlock; 88 } 89 90 ih = it.kaddr; 91 vi->xattr_name_filter = le32_to_cpu(ih->h_name_filter); 92 vi->xattr_shared_count = ih->h_shared_count; 93 vi->xattr_shared_xattrs = kmalloc_array(vi->xattr_shared_count, 94 sizeof(uint), GFP_KERNEL); 95 if (!vi->xattr_shared_xattrs) { 96 erofs_put_metabuf(&it.buf); 97 ret = -ENOMEM; 98 goto out_unlock; 99 } 100 101 /* let's skip ibody header */ 102 it.pos += sizeof(struct erofs_xattr_ibody_header); 103 104 for (i = 0; i < vi->xattr_shared_count; ++i) { 105 it.kaddr = erofs_bread(&it.buf, it.pos, EROFS_KMAP); 106 if (IS_ERR(it.kaddr)) { 107 kfree(vi->xattr_shared_xattrs); 108 vi->xattr_shared_xattrs = NULL; 109 ret = PTR_ERR(it.kaddr); 110 goto out_unlock; 111 } 112 vi->xattr_shared_xattrs[i] = le32_to_cpu(*(__le32 *)it.kaddr); 113 it.pos += sizeof(__le32); 114 } 115 erofs_put_metabuf(&it.buf); 116 117 /* paired with smp_mb() at the beginning of the function. */ 118 smp_mb(); 119 set_bit(EROFS_I_EA_INITED_BIT, &vi->flags); 120 121 out_unlock: 122 clear_and_wake_up_bit(EROFS_I_BL_XATTR_BIT, &vi->flags); 123 return ret; 124 } 125 126 static bool erofs_xattr_user_list(struct dentry *dentry) 127 { 128 return test_opt(&EROFS_SB(dentry->d_sb)->opt, XATTR_USER); 129 } 130 131 static bool erofs_xattr_trusted_list(struct dentry *dentry) 132 { 133 return capable(CAP_SYS_ADMIN); 134 } 135 136 static int erofs_xattr_generic_get(const struct xattr_handler *handler, 137 struct dentry *unused, struct inode *inode, 138 const char *name, void *buffer, size_t size) 139 { 140 if (handler->flags == EROFS_XATTR_INDEX_USER && 141 !test_opt(&EROFS_I_SB(inode)->opt, XATTR_USER)) 142 return -EOPNOTSUPP; 143 144 return erofs_getxattr(inode, handler->flags, name, buffer, size); 145 } 146 147 const struct xattr_handler erofs_xattr_user_handler = { 148 .prefix = XATTR_USER_PREFIX, 149 .flags = EROFS_XATTR_INDEX_USER, 150 .list = erofs_xattr_user_list, 151 .get = erofs_xattr_generic_get, 152 }; 153 154 const struct xattr_handler erofs_xattr_trusted_handler = { 155 .prefix = XATTR_TRUSTED_PREFIX, 156 .flags = EROFS_XATTR_INDEX_TRUSTED, 157 .list = erofs_xattr_trusted_list, 158 .get = erofs_xattr_generic_get, 159 }; 160 161 #ifdef CONFIG_EROFS_FS_SECURITY 162 const struct xattr_handler __maybe_unused erofs_xattr_security_handler = { 163 .prefix = XATTR_SECURITY_PREFIX, 164 .flags = EROFS_XATTR_INDEX_SECURITY, 165 .get = erofs_xattr_generic_get, 166 }; 167 #endif 168 169 const struct xattr_handler * const erofs_xattr_handlers[] = { 170 &erofs_xattr_user_handler, 171 &erofs_xattr_trusted_handler, 172 #ifdef CONFIG_EROFS_FS_SECURITY 173 &erofs_xattr_security_handler, 174 #endif 175 NULL, 176 }; 177 178 static int erofs_xattr_copy_to_buffer(struct erofs_xattr_iter *it, 179 unsigned int len) 180 { 181 unsigned int slice, processed; 182 struct super_block *sb = it->sb; 183 void *src; 184 185 for (processed = 0; processed < len; processed += slice) { 186 it->kaddr = erofs_bread(&it->buf, it->pos, EROFS_KMAP); 187 if (IS_ERR(it->kaddr)) 188 return PTR_ERR(it->kaddr); 189 190 src = it->kaddr; 191 slice = min_t(unsigned int, sb->s_blocksize - 192 erofs_blkoff(sb, it->pos), len - processed); 193 memcpy(it->buffer + it->buffer_ofs, src, slice); 194 it->buffer_ofs += slice; 195 it->pos += slice; 196 } 197 return 0; 198 } 199 200 static int erofs_listxattr_foreach(struct erofs_xattr_iter *it) 201 { 202 struct erofs_xattr_entry entry; 203 unsigned int base_index, name_total, prefix_len, infix_len = 0; 204 const char *prefix, *infix = NULL; 205 int err; 206 207 /* 1. handle xattr entry */ 208 entry = *(struct erofs_xattr_entry *)it->kaddr; 209 it->pos += sizeof(struct erofs_xattr_entry); 210 211 base_index = entry.e_name_index; 212 if (entry.e_name_index & EROFS_XATTR_LONG_PREFIX) { 213 struct erofs_sb_info *sbi = EROFS_SB(it->sb); 214 struct erofs_xattr_prefix_item *pf = sbi->xattr_prefixes + 215 (entry.e_name_index & EROFS_XATTR_LONG_PREFIX_MASK); 216 217 if (pf >= sbi->xattr_prefixes + sbi->xattr_prefix_count) 218 return 0; 219 infix = pf->prefix->infix; 220 infix_len = pf->infix_len; 221 base_index = pf->prefix->base_index; 222 } 223 224 prefix = erofs_xattr_prefix(base_index, it->dentry); 225 if (!prefix) 226 return 0; 227 prefix_len = strlen(prefix); 228 name_total = prefix_len + infix_len + entry.e_name_len + 1; 229 230 if (!it->buffer) { 231 it->buffer_ofs += name_total; 232 return 0; 233 } 234 235 if (it->buffer_ofs + name_total > it->buffer_size) 236 return -ERANGE; 237 238 memcpy(it->buffer + it->buffer_ofs, prefix, prefix_len); 239 memcpy(it->buffer + it->buffer_ofs + prefix_len, infix, infix_len); 240 it->buffer_ofs += prefix_len + infix_len; 241 242 /* 2. handle xattr name */ 243 err = erofs_xattr_copy_to_buffer(it, entry.e_name_len); 244 if (err) 245 return err; 246 247 it->buffer[it->buffer_ofs++] = '\0'; 248 return 0; 249 } 250 251 static int erofs_getxattr_foreach(struct erofs_xattr_iter *it) 252 { 253 struct super_block *sb = it->sb; 254 struct erofs_xattr_entry entry; 255 unsigned int slice, processed, value_sz; 256 257 /* 1. handle xattr entry */ 258 entry = *(struct erofs_xattr_entry *)it->kaddr; 259 it->pos += sizeof(struct erofs_xattr_entry); 260 value_sz = le16_to_cpu(entry.e_value_size); 261 262 /* should also match the infix for long name prefixes */ 263 if (entry.e_name_index & EROFS_XATTR_LONG_PREFIX) { 264 struct erofs_sb_info *sbi = EROFS_SB(sb); 265 struct erofs_xattr_prefix_item *pf = sbi->xattr_prefixes + 266 (entry.e_name_index & EROFS_XATTR_LONG_PREFIX_MASK); 267 268 if (pf >= sbi->xattr_prefixes + sbi->xattr_prefix_count) 269 return -ENOATTR; 270 271 if (it->index != pf->prefix->base_index || 272 it->name.len != entry.e_name_len + pf->infix_len) 273 return -ENOATTR; 274 275 if (memcmp(it->name.name, pf->prefix->infix, pf->infix_len)) 276 return -ENOATTR; 277 278 it->infix_len = pf->infix_len; 279 } else { 280 if (it->index != entry.e_name_index || 281 it->name.len != entry.e_name_len) 282 return -ENOATTR; 283 284 it->infix_len = 0; 285 } 286 287 /* 2. handle xattr name */ 288 for (processed = 0; processed < entry.e_name_len; processed += slice) { 289 it->kaddr = erofs_bread(&it->buf, it->pos, EROFS_KMAP); 290 if (IS_ERR(it->kaddr)) 291 return PTR_ERR(it->kaddr); 292 293 slice = min_t(unsigned int, 294 sb->s_blocksize - erofs_blkoff(sb, it->pos), 295 entry.e_name_len - processed); 296 if (memcmp(it->name.name + it->infix_len + processed, 297 it->kaddr, slice)) 298 return -ENOATTR; 299 it->pos += slice; 300 } 301 302 /* 3. handle xattr value */ 303 if (!it->buffer) { 304 it->buffer_ofs = value_sz; 305 return 0; 306 } 307 308 if (it->buffer_size < value_sz) 309 return -ERANGE; 310 311 return erofs_xattr_copy_to_buffer(it, value_sz); 312 } 313 314 static int erofs_xattr_iter_inline(struct erofs_xattr_iter *it, 315 struct inode *inode, bool getxattr) 316 { 317 struct erofs_inode *const vi = EROFS_I(inode); 318 unsigned int xattr_header_sz, remaining, entry_sz; 319 erofs_off_t next_pos; 320 int ret; 321 322 xattr_header_sz = sizeof(struct erofs_xattr_ibody_header) + 323 sizeof(u32) * vi->xattr_shared_count; 324 if (xattr_header_sz >= vi->xattr_isize) { 325 DBG_BUGON(xattr_header_sz > vi->xattr_isize); 326 return -ENOATTR; 327 } 328 329 remaining = vi->xattr_isize - xattr_header_sz; 330 it->pos = erofs_iloc(inode) + vi->inode_isize + xattr_header_sz; 331 332 while (remaining) { 333 it->kaddr = erofs_bread(&it->buf, it->pos, EROFS_KMAP); 334 if (IS_ERR(it->kaddr)) 335 return PTR_ERR(it->kaddr); 336 337 entry_sz = erofs_xattr_entry_size(it->kaddr); 338 /* xattr on-disk corruption: xattr entry beyond xattr_isize */ 339 if (remaining < entry_sz) { 340 DBG_BUGON(1); 341 return -EFSCORRUPTED; 342 } 343 remaining -= entry_sz; 344 next_pos = it->pos + entry_sz; 345 346 if (getxattr) 347 ret = erofs_getxattr_foreach(it); 348 else 349 ret = erofs_listxattr_foreach(it); 350 if ((getxattr && ret != -ENOATTR) || (!getxattr && ret)) 351 break; 352 353 it->pos = next_pos; 354 } 355 return ret; 356 } 357 358 static int erofs_xattr_iter_shared(struct erofs_xattr_iter *it, 359 struct inode *inode, bool getxattr) 360 { 361 struct erofs_inode *const vi = EROFS_I(inode); 362 struct super_block *const sb = it->sb; 363 struct erofs_sb_info *sbi = EROFS_SB(sb); 364 unsigned int i; 365 int ret = -ENOATTR; 366 367 for (i = 0; i < vi->xattr_shared_count; ++i) { 368 it->pos = erofs_pos(sb, sbi->xattr_blkaddr) + 369 vi->xattr_shared_xattrs[i] * sizeof(__le32); 370 it->kaddr = erofs_bread(&it->buf, it->pos, EROFS_KMAP); 371 if (IS_ERR(it->kaddr)) 372 return PTR_ERR(it->kaddr); 373 374 if (getxattr) 375 ret = erofs_getxattr_foreach(it); 376 else 377 ret = erofs_listxattr_foreach(it); 378 if ((getxattr && ret != -ENOATTR) || (!getxattr && ret)) 379 break; 380 } 381 return ret; 382 } 383 384 int erofs_getxattr(struct inode *inode, int index, const char *name, 385 void *buffer, size_t buffer_size) 386 { 387 int ret; 388 unsigned int hashbit; 389 struct erofs_xattr_iter it; 390 struct erofs_inode *vi = EROFS_I(inode); 391 struct erofs_sb_info *sbi = EROFS_SB(inode->i_sb); 392 393 if (!name) 394 return -EINVAL; 395 396 ret = erofs_init_inode_xattrs(inode); 397 if (ret) 398 return ret; 399 400 /* reserved flag is non-zero if there's any change of on-disk format */ 401 if (erofs_sb_has_xattr_filter(sbi) && !sbi->xattr_filter_reserved) { 402 hashbit = xxh32(name, strlen(name), 403 EROFS_XATTR_FILTER_SEED + index); 404 hashbit &= EROFS_XATTR_FILTER_BITS - 1; 405 if (vi->xattr_name_filter & (1U << hashbit)) 406 return -ENOATTR; 407 } 408 409 it.index = index; 410 it.name = (struct qstr)QSTR_INIT(name, strlen(name)); 411 if (it.name.len > EROFS_NAME_LEN) 412 return -ERANGE; 413 414 it.sb = inode->i_sb; 415 it.buf = __EROFS_BUF_INITIALIZER; 416 erofs_init_metabuf(&it.buf, it.sb); 417 it.buffer = buffer; 418 it.buffer_size = buffer_size; 419 it.buffer_ofs = 0; 420 421 ret = erofs_xattr_iter_inline(&it, inode, true); 422 if (ret == -ENOATTR) 423 ret = erofs_xattr_iter_shared(&it, inode, true); 424 erofs_put_metabuf(&it.buf); 425 return ret ? ret : it.buffer_ofs; 426 } 427 428 ssize_t erofs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 429 { 430 int ret; 431 struct erofs_xattr_iter it; 432 struct inode *inode = d_inode(dentry); 433 434 ret = erofs_init_inode_xattrs(inode); 435 if (ret == -ENOATTR) 436 return 0; 437 if (ret) 438 return ret; 439 440 it.sb = dentry->d_sb; 441 it.buf = __EROFS_BUF_INITIALIZER; 442 erofs_init_metabuf(&it.buf, it.sb); 443 it.dentry = dentry; 444 it.buffer = buffer; 445 it.buffer_size = buffer_size; 446 it.buffer_ofs = 0; 447 448 ret = erofs_xattr_iter_inline(&it, inode, false); 449 if (!ret || ret == -ENOATTR) 450 ret = erofs_xattr_iter_shared(&it, inode, false); 451 if (ret == -ENOATTR) 452 ret = 0; 453 erofs_put_metabuf(&it.buf); 454 return ret ? ret : it.buffer_ofs; 455 } 456 457 void erofs_xattr_prefixes_cleanup(struct super_block *sb) 458 { 459 struct erofs_sb_info *sbi = EROFS_SB(sb); 460 int i; 461 462 if (sbi->xattr_prefixes) { 463 for (i = 0; i < sbi->xattr_prefix_count; i++) 464 kfree(sbi->xattr_prefixes[i].prefix); 465 kfree(sbi->xattr_prefixes); 466 sbi->xattr_prefixes = NULL; 467 } 468 } 469 470 int erofs_xattr_prefixes_init(struct super_block *sb) 471 { 472 struct erofs_sb_info *sbi = EROFS_SB(sb); 473 struct erofs_buf buf = __EROFS_BUF_INITIALIZER; 474 erofs_off_t pos = (erofs_off_t)sbi->xattr_prefix_start << 2; 475 struct erofs_xattr_prefix_item *pfs; 476 int ret = 0, i, len; 477 478 if (!sbi->xattr_prefix_count) 479 return 0; 480 481 pfs = kzalloc(sbi->xattr_prefix_count * sizeof(*pfs), GFP_KERNEL); 482 if (!pfs) 483 return -ENOMEM; 484 485 if (sbi->packed_inode) 486 buf.mapping = sbi->packed_inode->i_mapping; 487 else 488 erofs_init_metabuf(&buf, sb); 489 490 for (i = 0; i < sbi->xattr_prefix_count; i++) { 491 void *ptr = erofs_read_metadata(sb, &buf, &pos, &len); 492 493 if (IS_ERR(ptr)) { 494 ret = PTR_ERR(ptr); 495 break; 496 } else if (len < sizeof(*pfs->prefix) || 497 len > EROFS_NAME_LEN + sizeof(*pfs->prefix)) { 498 kfree(ptr); 499 ret = -EFSCORRUPTED; 500 break; 501 } 502 pfs[i].prefix = ptr; 503 pfs[i].infix_len = len - sizeof(struct erofs_xattr_long_prefix); 504 } 505 506 erofs_put_metabuf(&buf); 507 sbi->xattr_prefixes = pfs; 508 if (ret) 509 erofs_xattr_prefixes_cleanup(sb); 510 return ret; 511 } 512 513 #ifdef CONFIG_EROFS_FS_POSIX_ACL 514 struct posix_acl *erofs_get_acl(struct inode *inode, int type, bool rcu) 515 { 516 struct posix_acl *acl; 517 int prefix, rc; 518 char *value = NULL; 519 520 if (rcu) 521 return ERR_PTR(-ECHILD); 522 523 switch (type) { 524 case ACL_TYPE_ACCESS: 525 prefix = EROFS_XATTR_INDEX_POSIX_ACL_ACCESS; 526 break; 527 case ACL_TYPE_DEFAULT: 528 prefix = EROFS_XATTR_INDEX_POSIX_ACL_DEFAULT; 529 break; 530 default: 531 return ERR_PTR(-EINVAL); 532 } 533 534 rc = erofs_getxattr(inode, prefix, "", NULL, 0); 535 if (rc > 0) { 536 value = kmalloc(rc, GFP_KERNEL); 537 if (!value) 538 return ERR_PTR(-ENOMEM); 539 rc = erofs_getxattr(inode, prefix, "", value, rc); 540 } 541 542 if (rc == -ENOATTR) 543 acl = NULL; 544 else if (rc < 0) 545 acl = ERR_PTR(rc); 546 else 547 acl = posix_acl_from_xattr(&init_user_ns, value, rc); 548 kfree(value); 549 return acl; 550 } 551 #endif 552