1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/evm.h> 18 #include <linux/syscalls.h> 19 #include <linux/export.h> 20 #include <linux/fsnotify.h> 21 #include <linux/audit.h> 22 #include <linux/vmalloc.h> 23 #include <linux/posix_acl_xattr.h> 24 25 #include <asm/uaccess.h> 26 27 /* 28 * Check permissions for extended attribute access. This is a bit complicated 29 * because different namespaces have very different rules. 30 */ 31 static int 32 xattr_permission(struct inode *inode, const char *name, int mask) 33 { 34 /* 35 * We can never set or remove an extended attribute on a read-only 36 * filesystem or on an immutable / append-only inode. 37 */ 38 if (mask & MAY_WRITE) { 39 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 40 return -EPERM; 41 } 42 43 /* 44 * No restriction for security.* and system.* from the VFS. Decision 45 * on these is left to the underlying filesystem / security module. 46 */ 47 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 48 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 49 return 0; 50 51 /* 52 * The trusted.* namespace can only be accessed by privileged users. 53 */ 54 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 55 if (!capable(CAP_SYS_ADMIN)) 56 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 57 return 0; 58 } 59 60 /* 61 * In the user.* namespace, only regular files and directories can have 62 * extended attributes. For sticky directories, only the owner and 63 * privileged users can write attributes. 64 */ 65 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 66 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 67 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 68 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 69 (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) 70 return -EPERM; 71 } 72 73 return inode_permission(inode, mask); 74 } 75 76 /** 77 * __vfs_setxattr_noperm - perform setxattr operation without performing 78 * permission checks. 79 * 80 * @dentry - object to perform setxattr on 81 * @name - xattr name to set 82 * @value - value to set @name to 83 * @size - size of @value 84 * @flags - flags to pass into filesystem operations 85 * 86 * returns the result of the internal setxattr or setsecurity operations. 87 * 88 * This function requires the caller to lock the inode's i_mutex before it 89 * is executed. It also assumes that the caller will make the appropriate 90 * permission checks. 91 */ 92 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, 93 const void *value, size_t size, int flags) 94 { 95 struct inode *inode = dentry->d_inode; 96 int error = -EOPNOTSUPP; 97 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 98 XATTR_SECURITY_PREFIX_LEN); 99 100 if (issec) 101 inode->i_flags &= ~S_NOSEC; 102 if (inode->i_op->setxattr) { 103 error = inode->i_op->setxattr(dentry, name, value, size, flags); 104 if (!error) { 105 fsnotify_xattr(dentry); 106 security_inode_post_setxattr(dentry, name, value, 107 size, flags); 108 } 109 } else if (issec) { 110 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 111 error = security_inode_setsecurity(inode, suffix, value, 112 size, flags); 113 if (!error) 114 fsnotify_xattr(dentry); 115 } 116 117 return error; 118 } 119 120 121 int 122 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 123 size_t size, int flags) 124 { 125 struct inode *inode = dentry->d_inode; 126 int error; 127 128 error = xattr_permission(inode, name, MAY_WRITE); 129 if (error) 130 return error; 131 132 inode_lock(inode); 133 error = security_inode_setxattr(dentry, name, value, size, flags); 134 if (error) 135 goto out; 136 137 error = __vfs_setxattr_noperm(dentry, name, value, size, flags); 138 139 out: 140 inode_unlock(inode); 141 return error; 142 } 143 EXPORT_SYMBOL_GPL(vfs_setxattr); 144 145 ssize_t 146 xattr_getsecurity(struct inode *inode, const char *name, void *value, 147 size_t size) 148 { 149 void *buffer = NULL; 150 ssize_t len; 151 152 if (!value || !size) { 153 len = security_inode_getsecurity(inode, name, &buffer, false); 154 goto out_noalloc; 155 } 156 157 len = security_inode_getsecurity(inode, name, &buffer, true); 158 if (len < 0) 159 return len; 160 if (size < len) { 161 len = -ERANGE; 162 goto out; 163 } 164 memcpy(value, buffer, len); 165 out: 166 security_release_secctx(buffer, len); 167 out_noalloc: 168 return len; 169 } 170 EXPORT_SYMBOL_GPL(xattr_getsecurity); 171 172 /* 173 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 174 * 175 * Allocate memory, if not already allocated, or re-allocate correct size, 176 * before retrieving the extended attribute. 177 * 178 * Returns the result of alloc, if failed, or the getxattr operation. 179 */ 180 ssize_t 181 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, 182 size_t xattr_size, gfp_t flags) 183 { 184 struct inode *inode = dentry->d_inode; 185 char *value = *xattr_value; 186 int error; 187 188 error = xattr_permission(inode, name, MAY_READ); 189 if (error) 190 return error; 191 192 if (!inode->i_op->getxattr) 193 return -EOPNOTSUPP; 194 195 error = inode->i_op->getxattr(dentry, name, NULL, 0); 196 if (error < 0) 197 return error; 198 199 if (!value || (error > xattr_size)) { 200 value = krealloc(*xattr_value, error + 1, flags); 201 if (!value) 202 return -ENOMEM; 203 memset(value, 0, error + 1); 204 } 205 206 error = inode->i_op->getxattr(dentry, name, value, error); 207 *xattr_value = value; 208 return error; 209 } 210 211 ssize_t 212 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 213 { 214 struct inode *inode = dentry->d_inode; 215 int error; 216 217 error = xattr_permission(inode, name, MAY_READ); 218 if (error) 219 return error; 220 221 error = security_inode_getxattr(dentry, name); 222 if (error) 223 return error; 224 225 if (!strncmp(name, XATTR_SECURITY_PREFIX, 226 XATTR_SECURITY_PREFIX_LEN)) { 227 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 228 int ret = xattr_getsecurity(inode, suffix, value, size); 229 /* 230 * Only overwrite the return value if a security module 231 * is actually active. 232 */ 233 if (ret == -EOPNOTSUPP) 234 goto nolsm; 235 return ret; 236 } 237 nolsm: 238 if (inode->i_op->getxattr) 239 error = inode->i_op->getxattr(dentry, name, value, size); 240 else 241 error = -EOPNOTSUPP; 242 243 return error; 244 } 245 EXPORT_SYMBOL_GPL(vfs_getxattr); 246 247 ssize_t 248 vfs_listxattr(struct dentry *d, char *list, size_t size) 249 { 250 ssize_t error; 251 252 error = security_inode_listxattr(d); 253 if (error) 254 return error; 255 error = -EOPNOTSUPP; 256 if (d->d_inode->i_op->listxattr) { 257 error = d->d_inode->i_op->listxattr(d, list, size); 258 } else { 259 error = security_inode_listsecurity(d->d_inode, list, size); 260 if (size && error > size) 261 error = -ERANGE; 262 } 263 return error; 264 } 265 EXPORT_SYMBOL_GPL(vfs_listxattr); 266 267 int 268 vfs_removexattr(struct dentry *dentry, const char *name) 269 { 270 struct inode *inode = dentry->d_inode; 271 int error; 272 273 if (!inode->i_op->removexattr) 274 return -EOPNOTSUPP; 275 276 error = xattr_permission(inode, name, MAY_WRITE); 277 if (error) 278 return error; 279 280 inode_lock(inode); 281 error = security_inode_removexattr(dentry, name); 282 if (error) 283 goto out; 284 285 error = inode->i_op->removexattr(dentry, name); 286 287 if (!error) { 288 fsnotify_xattr(dentry); 289 evm_inode_post_removexattr(dentry, name); 290 } 291 292 out: 293 inode_unlock(inode); 294 return error; 295 } 296 EXPORT_SYMBOL_GPL(vfs_removexattr); 297 298 299 /* 300 * Extended attribute SET operations 301 */ 302 static long 303 setxattr(struct dentry *d, const char __user *name, const void __user *value, 304 size_t size, int flags) 305 { 306 int error; 307 void *kvalue = NULL; 308 char kname[XATTR_NAME_MAX + 1]; 309 310 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 311 return -EINVAL; 312 313 error = strncpy_from_user(kname, name, sizeof(kname)); 314 if (error == 0 || error == sizeof(kname)) 315 error = -ERANGE; 316 if (error < 0) 317 return error; 318 319 if (size) { 320 if (size > XATTR_SIZE_MAX) 321 return -E2BIG; 322 kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); 323 if (!kvalue) { 324 kvalue = vmalloc(size); 325 if (!kvalue) 326 return -ENOMEM; 327 } 328 if (copy_from_user(kvalue, value, size)) { 329 error = -EFAULT; 330 goto out; 331 } 332 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 333 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 334 posix_acl_fix_xattr_from_user(kvalue, size); 335 } 336 337 error = vfs_setxattr(d, kname, kvalue, size, flags); 338 out: 339 kvfree(kvalue); 340 341 return error; 342 } 343 344 static int path_setxattr(const char __user *pathname, 345 const char __user *name, const void __user *value, 346 size_t size, int flags, unsigned int lookup_flags) 347 { 348 struct path path; 349 int error; 350 retry: 351 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 352 if (error) 353 return error; 354 error = mnt_want_write(path.mnt); 355 if (!error) { 356 error = setxattr(path.dentry, name, value, size, flags); 357 mnt_drop_write(path.mnt); 358 } 359 path_put(&path); 360 if (retry_estale(error, lookup_flags)) { 361 lookup_flags |= LOOKUP_REVAL; 362 goto retry; 363 } 364 return error; 365 } 366 367 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 368 const char __user *, name, const void __user *, value, 369 size_t, size, int, flags) 370 { 371 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 372 } 373 374 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 375 const char __user *, name, const void __user *, value, 376 size_t, size, int, flags) 377 { 378 return path_setxattr(pathname, name, value, size, flags, 0); 379 } 380 381 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 382 const void __user *,value, size_t, size, int, flags) 383 { 384 struct fd f = fdget(fd); 385 int error = -EBADF; 386 387 if (!f.file) 388 return error; 389 audit_file(f.file); 390 error = mnt_want_write_file(f.file); 391 if (!error) { 392 error = setxattr(f.file->f_path.dentry, name, value, size, flags); 393 mnt_drop_write_file(f.file); 394 } 395 fdput(f); 396 return error; 397 } 398 399 /* 400 * Extended attribute GET operations 401 */ 402 static ssize_t 403 getxattr(struct dentry *d, const char __user *name, void __user *value, 404 size_t size) 405 { 406 ssize_t error; 407 void *kvalue = NULL; 408 char kname[XATTR_NAME_MAX + 1]; 409 410 error = strncpy_from_user(kname, name, sizeof(kname)); 411 if (error == 0 || error == sizeof(kname)) 412 error = -ERANGE; 413 if (error < 0) 414 return error; 415 416 if (size) { 417 if (size > XATTR_SIZE_MAX) 418 size = XATTR_SIZE_MAX; 419 kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); 420 if (!kvalue) { 421 kvalue = vmalloc(size); 422 if (!kvalue) 423 return -ENOMEM; 424 } 425 } 426 427 error = vfs_getxattr(d, kname, kvalue, size); 428 if (error > 0) { 429 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 430 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 431 posix_acl_fix_xattr_to_user(kvalue, size); 432 if (size && copy_to_user(value, kvalue, error)) 433 error = -EFAULT; 434 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 435 /* The file system tried to returned a value bigger 436 than XATTR_SIZE_MAX bytes. Not possible. */ 437 error = -E2BIG; 438 } 439 440 kvfree(kvalue); 441 442 return error; 443 } 444 445 static ssize_t path_getxattr(const char __user *pathname, 446 const char __user *name, void __user *value, 447 size_t size, unsigned int lookup_flags) 448 { 449 struct path path; 450 ssize_t error; 451 retry: 452 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 453 if (error) 454 return error; 455 error = getxattr(path.dentry, name, value, size); 456 path_put(&path); 457 if (retry_estale(error, lookup_flags)) { 458 lookup_flags |= LOOKUP_REVAL; 459 goto retry; 460 } 461 return error; 462 } 463 464 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 465 const char __user *, name, void __user *, value, size_t, size) 466 { 467 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 468 } 469 470 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 471 const char __user *, name, void __user *, value, size_t, size) 472 { 473 return path_getxattr(pathname, name, value, size, 0); 474 } 475 476 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 477 void __user *, value, size_t, size) 478 { 479 struct fd f = fdget(fd); 480 ssize_t error = -EBADF; 481 482 if (!f.file) 483 return error; 484 audit_file(f.file); 485 error = getxattr(f.file->f_path.dentry, name, value, size); 486 fdput(f); 487 return error; 488 } 489 490 /* 491 * Extended attribute LIST operations 492 */ 493 static ssize_t 494 listxattr(struct dentry *d, char __user *list, size_t size) 495 { 496 ssize_t error; 497 char *klist = NULL; 498 499 if (size) { 500 if (size > XATTR_LIST_MAX) 501 size = XATTR_LIST_MAX; 502 klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); 503 if (!klist) { 504 klist = vmalloc(size); 505 if (!klist) 506 return -ENOMEM; 507 } 508 } 509 510 error = vfs_listxattr(d, klist, size); 511 if (error > 0) { 512 if (size && copy_to_user(list, klist, error)) 513 error = -EFAULT; 514 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 515 /* The file system tried to returned a list bigger 516 than XATTR_LIST_MAX bytes. Not possible. */ 517 error = -E2BIG; 518 } 519 520 kvfree(klist); 521 522 return error; 523 } 524 525 static ssize_t path_listxattr(const char __user *pathname, char __user *list, 526 size_t size, unsigned int lookup_flags) 527 { 528 struct path path; 529 ssize_t error; 530 retry: 531 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 532 if (error) 533 return error; 534 error = listxattr(path.dentry, list, size); 535 path_put(&path); 536 if (retry_estale(error, lookup_flags)) { 537 lookup_flags |= LOOKUP_REVAL; 538 goto retry; 539 } 540 return error; 541 } 542 543 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 544 size_t, size) 545 { 546 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 547 } 548 549 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 550 size_t, size) 551 { 552 return path_listxattr(pathname, list, size, 0); 553 } 554 555 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 556 { 557 struct fd f = fdget(fd); 558 ssize_t error = -EBADF; 559 560 if (!f.file) 561 return error; 562 audit_file(f.file); 563 error = listxattr(f.file->f_path.dentry, list, size); 564 fdput(f); 565 return error; 566 } 567 568 /* 569 * Extended attribute REMOVE operations 570 */ 571 static long 572 removexattr(struct dentry *d, const char __user *name) 573 { 574 int error; 575 char kname[XATTR_NAME_MAX + 1]; 576 577 error = strncpy_from_user(kname, name, sizeof(kname)); 578 if (error == 0 || error == sizeof(kname)) 579 error = -ERANGE; 580 if (error < 0) 581 return error; 582 583 return vfs_removexattr(d, kname); 584 } 585 586 static int path_removexattr(const char __user *pathname, 587 const char __user *name, unsigned int lookup_flags) 588 { 589 struct path path; 590 int error; 591 retry: 592 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 593 if (error) 594 return error; 595 error = mnt_want_write(path.mnt); 596 if (!error) { 597 error = removexattr(path.dentry, name); 598 mnt_drop_write(path.mnt); 599 } 600 path_put(&path); 601 if (retry_estale(error, lookup_flags)) { 602 lookup_flags |= LOOKUP_REVAL; 603 goto retry; 604 } 605 return error; 606 } 607 608 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 609 const char __user *, name) 610 { 611 return path_removexattr(pathname, name, LOOKUP_FOLLOW); 612 } 613 614 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 615 const char __user *, name) 616 { 617 return path_removexattr(pathname, name, 0); 618 } 619 620 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 621 { 622 struct fd f = fdget(fd); 623 int error = -EBADF; 624 625 if (!f.file) 626 return error; 627 audit_file(f.file); 628 error = mnt_want_write_file(f.file); 629 if (!error) { 630 error = removexattr(f.file->f_path.dentry, name); 631 mnt_drop_write_file(f.file); 632 } 633 fdput(f); 634 return error; 635 } 636 637 638 static const char * 639 strcmp_prefix(const char *a, const char *a_prefix) 640 { 641 while (*a_prefix && *a == *a_prefix) { 642 a++; 643 a_prefix++; 644 } 645 return *a_prefix ? NULL : a; 646 } 647 648 /* 649 * In order to implement different sets of xattr operations for each xattr 650 * prefix with the generic xattr API, a filesystem should create a 651 * null-terminated array of struct xattr_handler (one for each prefix) and 652 * hang a pointer to it off of the s_xattr field of the superblock. 653 * 654 * The generic_fooxattr() functions will use this list to dispatch xattr 655 * operations to the correct xattr_handler. 656 */ 657 #define for_each_xattr_handler(handlers, handler) \ 658 for ((handler) = *(handlers)++; \ 659 (handler) != NULL; \ 660 (handler) = *(handlers)++) 661 662 /* 663 * Find the xattr_handler with the matching prefix. 664 */ 665 static const struct xattr_handler * 666 xattr_resolve_name(const struct xattr_handler **handlers, const char **name) 667 { 668 const struct xattr_handler *handler; 669 670 if (!*name) 671 return NULL; 672 673 for_each_xattr_handler(handlers, handler) { 674 const char *n; 675 676 n = strcmp_prefix(*name, xattr_prefix(handler)); 677 if (n) { 678 if (!handler->prefix ^ !*n) { 679 if (*n) 680 continue; 681 return ERR_PTR(-EINVAL); 682 } 683 *name = n; 684 return handler; 685 } 686 } 687 return ERR_PTR(-EOPNOTSUPP); 688 } 689 690 /* 691 * Find the handler for the prefix and dispatch its get() operation. 692 */ 693 ssize_t 694 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 695 { 696 const struct xattr_handler *handler; 697 698 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 699 if (IS_ERR(handler)) 700 return PTR_ERR(handler); 701 return handler->get(handler, dentry, name, buffer, size); 702 } 703 704 /* 705 * Combine the results of the list() operation from every xattr_handler in the 706 * list. 707 */ 708 ssize_t 709 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 710 { 711 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 712 unsigned int size = 0; 713 714 if (!buffer) { 715 for_each_xattr_handler(handlers, handler) { 716 if (!handler->name || 717 (handler->list && !handler->list(dentry))) 718 continue; 719 size += strlen(handler->name) + 1; 720 } 721 } else { 722 char *buf = buffer; 723 size_t len; 724 725 for_each_xattr_handler(handlers, handler) { 726 if (!handler->name || 727 (handler->list && !handler->list(dentry))) 728 continue; 729 len = strlen(handler->name); 730 if (len + 1 > buffer_size) 731 return -ERANGE; 732 memcpy(buf, handler->name, len + 1); 733 buf += len + 1; 734 buffer_size -= len + 1; 735 } 736 size = buf - buffer; 737 } 738 return size; 739 } 740 741 /* 742 * Find the handler for the prefix and dispatch its set() operation. 743 */ 744 int 745 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 746 { 747 const struct xattr_handler *handler; 748 749 if (size == 0) 750 value = ""; /* empty EA, do not remove */ 751 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 752 if (IS_ERR(handler)) 753 return PTR_ERR(handler); 754 return handler->set(handler, dentry, name, value, size, flags); 755 } 756 757 /* 758 * Find the handler for the prefix and dispatch its set() operation to remove 759 * any associated extended attribute. 760 */ 761 int 762 generic_removexattr(struct dentry *dentry, const char *name) 763 { 764 const struct xattr_handler *handler; 765 766 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 767 if (IS_ERR(handler)) 768 return PTR_ERR(handler); 769 return handler->set(handler, dentry, name, NULL, 0, XATTR_REPLACE); 770 } 771 772 EXPORT_SYMBOL(generic_getxattr); 773 EXPORT_SYMBOL(generic_listxattr); 774 EXPORT_SYMBOL(generic_setxattr); 775 EXPORT_SYMBOL(generic_removexattr); 776 777 /** 778 * xattr_full_name - Compute full attribute name from suffix 779 * 780 * @handler: handler of the xattr_handler operation 781 * @name: name passed to the xattr_handler operation 782 * 783 * The get and set xattr handler operations are called with the remainder of 784 * the attribute name after skipping the handler's prefix: for example, "foo" 785 * is passed to the get operation of a handler with prefix "user." to get 786 * attribute "user.foo". The full name is still "there" in the name though. 787 * 788 * Note: the list xattr handler operation when called from the vfs is passed a 789 * NULL name; some file systems use this operation internally, with varying 790 * semantics. 791 */ 792 const char *xattr_full_name(const struct xattr_handler *handler, 793 const char *name) 794 { 795 size_t prefix_len = strlen(xattr_prefix(handler)); 796 797 return name - prefix_len; 798 } 799 EXPORT_SYMBOL(xattr_full_name); 800 801 /* 802 * Allocate new xattr and copy in the value; but leave the name to callers. 803 */ 804 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 805 { 806 struct simple_xattr *new_xattr; 807 size_t len; 808 809 /* wrap around? */ 810 len = sizeof(*new_xattr) + size; 811 if (len < sizeof(*new_xattr)) 812 return NULL; 813 814 new_xattr = kmalloc(len, GFP_KERNEL); 815 if (!new_xattr) 816 return NULL; 817 818 new_xattr->size = size; 819 memcpy(new_xattr->value, value, size); 820 return new_xattr; 821 } 822 823 /* 824 * xattr GET operation for in-memory/pseudo filesystems 825 */ 826 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 827 void *buffer, size_t size) 828 { 829 struct simple_xattr *xattr; 830 int ret = -ENODATA; 831 832 spin_lock(&xattrs->lock); 833 list_for_each_entry(xattr, &xattrs->head, list) { 834 if (strcmp(name, xattr->name)) 835 continue; 836 837 ret = xattr->size; 838 if (buffer) { 839 if (size < xattr->size) 840 ret = -ERANGE; 841 else 842 memcpy(buffer, xattr->value, xattr->size); 843 } 844 break; 845 } 846 spin_unlock(&xattrs->lock); 847 return ret; 848 } 849 850 /** 851 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems 852 * @xattrs: target simple_xattr list 853 * @name: name of the extended attribute 854 * @value: value of the xattr. If %NULL, will remove the attribute. 855 * @size: size of the new xattr 856 * @flags: %XATTR_{CREATE|REPLACE} 857 * 858 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails 859 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; 860 * otherwise, fails with -ENODATA. 861 * 862 * Returns 0 on success, -errno on failure. 863 */ 864 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, 865 const void *value, size_t size, int flags) 866 { 867 struct simple_xattr *xattr; 868 struct simple_xattr *new_xattr = NULL; 869 int err = 0; 870 871 /* value == NULL means remove */ 872 if (value) { 873 new_xattr = simple_xattr_alloc(value, size); 874 if (!new_xattr) 875 return -ENOMEM; 876 877 new_xattr->name = kstrdup(name, GFP_KERNEL); 878 if (!new_xattr->name) { 879 kfree(new_xattr); 880 return -ENOMEM; 881 } 882 } 883 884 spin_lock(&xattrs->lock); 885 list_for_each_entry(xattr, &xattrs->head, list) { 886 if (!strcmp(name, xattr->name)) { 887 if (flags & XATTR_CREATE) { 888 xattr = new_xattr; 889 err = -EEXIST; 890 } else if (new_xattr) { 891 list_replace(&xattr->list, &new_xattr->list); 892 } else { 893 list_del(&xattr->list); 894 } 895 goto out; 896 } 897 } 898 if (flags & XATTR_REPLACE) { 899 xattr = new_xattr; 900 err = -ENODATA; 901 } else { 902 list_add(&new_xattr->list, &xattrs->head); 903 xattr = NULL; 904 } 905 out: 906 spin_unlock(&xattrs->lock); 907 if (xattr) { 908 kfree(xattr->name); 909 kfree(xattr); 910 } 911 return err; 912 913 } 914 915 static bool xattr_is_trusted(const char *name) 916 { 917 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 918 } 919 920 static int xattr_list_one(char **buffer, ssize_t *remaining_size, 921 const char *name) 922 { 923 size_t len = strlen(name) + 1; 924 if (*buffer) { 925 if (*remaining_size < len) 926 return -ERANGE; 927 memcpy(*buffer, name, len); 928 *buffer += len; 929 } 930 *remaining_size -= len; 931 return 0; 932 } 933 934 /* 935 * xattr LIST operation for in-memory/pseudo filesystems 936 */ 937 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 938 char *buffer, size_t size) 939 { 940 bool trusted = capable(CAP_SYS_ADMIN); 941 struct simple_xattr *xattr; 942 ssize_t remaining_size = size; 943 int err = 0; 944 945 #ifdef CONFIG_FS_POSIX_ACL 946 if (inode->i_acl) { 947 err = xattr_list_one(&buffer, &remaining_size, 948 XATTR_NAME_POSIX_ACL_ACCESS); 949 if (err) 950 return err; 951 } 952 if (inode->i_default_acl) { 953 err = xattr_list_one(&buffer, &remaining_size, 954 XATTR_NAME_POSIX_ACL_DEFAULT); 955 if (err) 956 return err; 957 } 958 #endif 959 960 spin_lock(&xattrs->lock); 961 list_for_each_entry(xattr, &xattrs->head, list) { 962 /* skip "trusted." attributes for unprivileged callers */ 963 if (!trusted && xattr_is_trusted(xattr->name)) 964 continue; 965 966 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 967 if (err) 968 break; 969 } 970 spin_unlock(&xattrs->lock); 971 972 return err ? err : size - remaining_size; 973 } 974 975 /* 976 * Adds an extended attribute to the list 977 */ 978 void simple_xattr_list_add(struct simple_xattrs *xattrs, 979 struct simple_xattr *new_xattr) 980 { 981 spin_lock(&xattrs->lock); 982 list_add(&new_xattr->list, &xattrs->head); 983 spin_unlock(&xattrs->lock); 984 } 985