1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 File: fs/xattr.c 4 5 Extended attribute handling. 6 7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 10 */ 11 #include <linux/fs.h> 12 #include <linux/filelock.h> 13 #include <linux/slab.h> 14 #include <linux/file.h> 15 #include <linux/xattr.h> 16 #include <linux/mount.h> 17 #include <linux/namei.h> 18 #include <linux/security.h> 19 #include <linux/syscalls.h> 20 #include <linux/export.h> 21 #include <linux/fsnotify.h> 22 #include <linux/audit.h> 23 #include <linux/vmalloc.h> 24 #include <linux/posix_acl_xattr.h> 25 26 #include <linux/uaccess.h> 27 28 #include "internal.h" 29 30 static const char * 31 strcmp_prefix(const char *a, const char *a_prefix) 32 { 33 while (*a_prefix && *a == *a_prefix) { 34 a++; 35 a_prefix++; 36 } 37 return *a_prefix ? NULL : a; 38 } 39 40 /* 41 * In order to implement different sets of xattr operations for each xattr 42 * prefix, a filesystem should create a null-terminated array of struct 43 * xattr_handler (one for each prefix) and hang a pointer to it off of the 44 * s_xattr field of the superblock. 45 */ 46 #define for_each_xattr_handler(handlers, handler) \ 47 if (handlers) \ 48 for ((handler) = *(handlers)++; \ 49 (handler) != NULL; \ 50 (handler) = *(handlers)++) 51 52 /* 53 * Find the xattr_handler with the matching prefix. 54 */ 55 static const struct xattr_handler * 56 xattr_resolve_name(struct inode *inode, const char **name) 57 { 58 const struct xattr_handler * const *handlers = inode->i_sb->s_xattr; 59 const struct xattr_handler *handler; 60 61 if (!(inode->i_opflags & IOP_XATTR)) { 62 if (unlikely(is_bad_inode(inode))) 63 return ERR_PTR(-EIO); 64 return ERR_PTR(-EOPNOTSUPP); 65 } 66 for_each_xattr_handler(handlers, handler) { 67 const char *n; 68 69 n = strcmp_prefix(*name, xattr_prefix(handler)); 70 if (n) { 71 if (!handler->prefix ^ !*n) { 72 if (*n) 73 continue; 74 return ERR_PTR(-EINVAL); 75 } 76 *name = n; 77 return handler; 78 } 79 } 80 return ERR_PTR(-EOPNOTSUPP); 81 } 82 83 /** 84 * may_write_xattr - check whether inode allows writing xattr 85 * @idmap: idmap of the mount the inode was found from 86 * @inode: the inode on which to set an xattr 87 * 88 * Check whether the inode allows writing xattrs. Specifically, we can never 89 * set or remove an extended attribute on a read-only filesystem or on an 90 * immutable / append-only inode. 91 * 92 * We also need to ensure that the inode has a mapping in the mount to 93 * not risk writing back invalid i_{g,u}id values. 94 * 95 * Return: On success zero is returned. On error a negative errno is returned. 96 */ 97 int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode) 98 { 99 if (IS_IMMUTABLE(inode)) 100 return -EPERM; 101 if (IS_APPEND(inode)) 102 return -EPERM; 103 if (HAS_UNMAPPED_ID(idmap, inode)) 104 return -EPERM; 105 return 0; 106 } 107 108 /* 109 * Check permissions for extended attribute access. This is a bit complicated 110 * because different namespaces have very different rules. 111 */ 112 static int 113 xattr_permission(struct mnt_idmap *idmap, struct inode *inode, 114 const char *name, int mask) 115 { 116 if (mask & MAY_WRITE) { 117 int ret; 118 119 ret = may_write_xattr(idmap, inode); 120 if (ret) 121 return ret; 122 } 123 124 /* 125 * No restriction for security.* and system.* from the VFS. Decision 126 * on these is left to the underlying filesystem / security module. 127 */ 128 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 129 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 130 return 0; 131 132 /* 133 * The trusted.* namespace can only be accessed by privileged users. 134 */ 135 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 136 if (!capable(CAP_SYS_ADMIN)) 137 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 138 return 0; 139 } 140 141 /* 142 * In the user.* namespace, only regular files and directories can have 143 * extended attributes. For sticky directories, only the owner and 144 * privileged users can write attributes. 145 */ 146 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 147 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 148 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 149 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 150 (mask & MAY_WRITE) && 151 !inode_owner_or_capable(idmap, inode)) 152 return -EPERM; 153 } 154 155 return inode_permission(idmap, inode, mask); 156 } 157 158 /* 159 * Look for any handler that deals with the specified namespace. 160 */ 161 int 162 xattr_supports_user_prefix(struct inode *inode) 163 { 164 const struct xattr_handler * const *handlers = inode->i_sb->s_xattr; 165 const struct xattr_handler *handler; 166 167 if (!(inode->i_opflags & IOP_XATTR)) { 168 if (unlikely(is_bad_inode(inode))) 169 return -EIO; 170 return -EOPNOTSUPP; 171 } 172 173 for_each_xattr_handler(handlers, handler) { 174 if (!strncmp(xattr_prefix(handler), XATTR_USER_PREFIX, 175 XATTR_USER_PREFIX_LEN)) 176 return 0; 177 } 178 179 return -EOPNOTSUPP; 180 } 181 EXPORT_SYMBOL(xattr_supports_user_prefix); 182 183 int 184 __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 185 struct inode *inode, const char *name, const void *value, 186 size_t size, int flags) 187 { 188 const struct xattr_handler *handler; 189 190 if (is_posix_acl_xattr(name)) 191 return -EOPNOTSUPP; 192 193 handler = xattr_resolve_name(inode, &name); 194 if (IS_ERR(handler)) 195 return PTR_ERR(handler); 196 if (!handler->set) 197 return -EOPNOTSUPP; 198 if (size == 0) 199 value = ""; /* empty EA, do not remove */ 200 return handler->set(handler, idmap, dentry, inode, name, value, 201 size, flags); 202 } 203 EXPORT_SYMBOL(__vfs_setxattr); 204 205 /** 206 * __vfs_setxattr_noperm - perform setxattr operation without performing 207 * permission checks. 208 * 209 * @idmap: idmap of the mount the inode was found from 210 * @dentry: object to perform setxattr on 211 * @name: xattr name to set 212 * @value: value to set @name to 213 * @size: size of @value 214 * @flags: flags to pass into filesystem operations 215 * 216 * returns the result of the internal setxattr or setsecurity operations. 217 * 218 * This function requires the caller to lock the inode's i_rwsem before it 219 * is executed. It also assumes that the caller will make the appropriate 220 * permission checks. 221 */ 222 int __vfs_setxattr_noperm(struct mnt_idmap *idmap, 223 struct dentry *dentry, const char *name, 224 const void *value, size_t size, int flags) 225 { 226 struct inode *inode = dentry->d_inode; 227 int error = -EAGAIN; 228 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 229 XATTR_SECURITY_PREFIX_LEN); 230 231 if (issec) 232 inode->i_flags &= ~S_NOSEC; 233 if (inode->i_opflags & IOP_XATTR) { 234 error = __vfs_setxattr(idmap, dentry, inode, name, value, 235 size, flags); 236 if (!error) { 237 fsnotify_xattr(dentry); 238 security_inode_post_setxattr(dentry, name, value, 239 size, flags); 240 } 241 } else { 242 if (unlikely(is_bad_inode(inode))) 243 return -EIO; 244 } 245 if (error == -EAGAIN) { 246 error = -EOPNOTSUPP; 247 248 if (issec) { 249 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 250 251 error = security_inode_setsecurity(inode, suffix, value, 252 size, flags); 253 if (!error) 254 fsnotify_xattr(dentry); 255 } 256 } 257 258 return error; 259 } 260 261 /** 262 * __vfs_setxattr_locked - set an extended attribute while holding the inode 263 * lock 264 * 265 * @idmap: idmap of the mount of the target inode 266 * @dentry: object to perform setxattr on 267 * @name: xattr name to set 268 * @value: value to set @name to 269 * @size: size of @value 270 * @flags: flags to pass into filesystem operations 271 * @delegated_inode: on return, will contain an inode pointer that 272 * a delegation was broken on, NULL if none. 273 */ 274 int 275 __vfs_setxattr_locked(struct mnt_idmap *idmap, struct dentry *dentry, 276 const char *name, const void *value, size_t size, 277 int flags, struct delegated_inode *delegated_inode) 278 { 279 struct inode *inode = dentry->d_inode; 280 int error; 281 282 error = xattr_permission(idmap, inode, name, MAY_WRITE); 283 if (error) 284 return error; 285 286 error = security_inode_setxattr(idmap, dentry, name, value, size, 287 flags); 288 if (error) 289 goto out; 290 291 error = try_break_deleg(inode, delegated_inode); 292 if (error) 293 goto out; 294 295 error = __vfs_setxattr_noperm(idmap, dentry, name, value, 296 size, flags); 297 298 out: 299 return error; 300 } 301 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked); 302 303 int 304 vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 305 const char *name, const void *value, size_t size, int flags) 306 { 307 struct inode *inode = dentry->d_inode; 308 struct delegated_inode delegated_inode = { }; 309 const void *orig_value = value; 310 int error; 311 312 if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { 313 error = cap_convert_nscap(idmap, dentry, &value, size); 314 if (error < 0) 315 return error; 316 size = error; 317 } 318 319 retry_deleg: 320 inode_lock(inode); 321 error = __vfs_setxattr_locked(idmap, dentry, name, value, size, 322 flags, &delegated_inode); 323 inode_unlock(inode); 324 325 if (is_delegated(&delegated_inode)) { 326 error = break_deleg_wait(&delegated_inode); 327 if (!error) 328 goto retry_deleg; 329 } 330 if (value != orig_value) 331 kfree(value); 332 333 return error; 334 } 335 EXPORT_SYMBOL_GPL(vfs_setxattr); 336 337 static ssize_t 338 xattr_getsecurity(struct mnt_idmap *idmap, struct inode *inode, 339 const char *name, void *value, size_t size) 340 { 341 void *buffer = NULL; 342 ssize_t len; 343 344 if (!value || !size) { 345 len = security_inode_getsecurity(idmap, inode, name, 346 &buffer, false); 347 goto out_noalloc; 348 } 349 350 len = security_inode_getsecurity(idmap, inode, name, &buffer, 351 true); 352 if (len < 0) 353 return len; 354 if (size < len) { 355 len = -ERANGE; 356 goto out; 357 } 358 memcpy(value, buffer, len); 359 out: 360 kfree(buffer); 361 out_noalloc: 362 return len; 363 } 364 365 /* 366 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 367 * 368 * Allocate memory, if not already allocated, or re-allocate correct size, 369 * before retrieving the extended attribute. The xattr value buffer should 370 * always be freed by the caller, even on error. 371 * 372 * Returns the result of alloc, if failed, or the getxattr operation. 373 */ 374 int 375 vfs_getxattr_alloc(struct mnt_idmap *idmap, struct dentry *dentry, 376 const char *name, char **xattr_value, size_t xattr_size, 377 gfp_t flags) 378 { 379 const struct xattr_handler *handler; 380 struct inode *inode = dentry->d_inode; 381 char *value = *xattr_value; 382 int error; 383 384 error = xattr_permission(idmap, inode, name, MAY_READ); 385 if (error) 386 return error; 387 388 handler = xattr_resolve_name(inode, &name); 389 if (IS_ERR(handler)) 390 return PTR_ERR(handler); 391 if (!handler->get) 392 return -EOPNOTSUPP; 393 error = handler->get(handler, dentry, inode, name, NULL, 0); 394 if (error < 0) 395 return error; 396 397 if (!value || (error > xattr_size)) { 398 value = krealloc(*xattr_value, error + 1, flags); 399 if (!value) 400 return -ENOMEM; 401 memset(value, 0, error + 1); 402 } 403 404 error = handler->get(handler, dentry, inode, name, value, error); 405 *xattr_value = value; 406 return error; 407 } 408 409 ssize_t 410 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, 411 void *value, size_t size) 412 { 413 const struct xattr_handler *handler; 414 415 if (is_posix_acl_xattr(name)) 416 return -EOPNOTSUPP; 417 418 handler = xattr_resolve_name(inode, &name); 419 if (IS_ERR(handler)) 420 return PTR_ERR(handler); 421 if (!handler->get) 422 return -EOPNOTSUPP; 423 return handler->get(handler, dentry, inode, name, value, size); 424 } 425 EXPORT_SYMBOL(__vfs_getxattr); 426 427 ssize_t 428 vfs_getxattr(struct mnt_idmap *idmap, struct dentry *dentry, 429 const char *name, void *value, size_t size) 430 { 431 struct inode *inode = dentry->d_inode; 432 int error; 433 434 error = xattr_permission(idmap, inode, name, MAY_READ); 435 if (error) 436 return error; 437 438 error = security_inode_getxattr(dentry, name); 439 if (error) 440 return error; 441 442 if (!strncmp(name, XATTR_SECURITY_PREFIX, 443 XATTR_SECURITY_PREFIX_LEN)) { 444 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 445 int ret = xattr_getsecurity(idmap, inode, suffix, value, 446 size); 447 /* 448 * Only overwrite the return value if a security module 449 * is actually active. 450 */ 451 if (ret == -EOPNOTSUPP) 452 goto nolsm; 453 return ret; 454 } 455 nolsm: 456 return __vfs_getxattr(dentry, inode, name, value, size); 457 } 458 EXPORT_SYMBOL_GPL(vfs_getxattr); 459 460 /** 461 * vfs_listxattr - retrieve \0 separated list of xattr names 462 * @dentry: the dentry from whose inode the xattr names are retrieved 463 * @list: buffer to store xattr names into 464 * @size: size of the buffer 465 * 466 * This function returns the names of all xattrs associated with the 467 * inode of @dentry. 468 * 469 * Note, for legacy reasons the vfs_listxattr() function lists POSIX 470 * ACLs as well. Since POSIX ACLs are decoupled from IOP_XATTR the 471 * vfs_listxattr() function doesn't check for this flag since a 472 * filesystem could implement POSIX ACLs without implementing any other 473 * xattrs. 474 * 475 * However, since all codepaths that remove IOP_XATTR also assign of 476 * inode operations that either don't implement or implement a stub 477 * ->listxattr() operation. 478 * 479 * Return: On success, the size of the buffer that was used. On error a 480 * negative error code. 481 */ 482 ssize_t 483 vfs_listxattr(struct dentry *dentry, char *list, size_t size) 484 { 485 struct inode *inode = d_inode(dentry); 486 ssize_t error; 487 488 error = security_inode_listxattr(dentry); 489 if (error) 490 return error; 491 492 if (inode->i_op->listxattr) { 493 error = inode->i_op->listxattr(dentry, list, size); 494 } else { 495 error = security_inode_listsecurity(inode, list, size); 496 if (size && error > size) 497 error = -ERANGE; 498 } 499 return error; 500 } 501 EXPORT_SYMBOL_GPL(vfs_listxattr); 502 503 int 504 __vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, 505 const char *name) 506 { 507 struct inode *inode = d_inode(dentry); 508 const struct xattr_handler *handler; 509 510 if (is_posix_acl_xattr(name)) 511 return -EOPNOTSUPP; 512 513 handler = xattr_resolve_name(inode, &name); 514 if (IS_ERR(handler)) 515 return PTR_ERR(handler); 516 if (!handler->set) 517 return -EOPNOTSUPP; 518 return handler->set(handler, idmap, dentry, inode, name, NULL, 0, 519 XATTR_REPLACE); 520 } 521 EXPORT_SYMBOL(__vfs_removexattr); 522 523 /** 524 * __vfs_removexattr_locked - set an extended attribute while holding the inode 525 * lock 526 * 527 * @idmap: idmap of the mount of the target inode 528 * @dentry: object to perform setxattr on 529 * @name: name of xattr to remove 530 * @delegated_inode: on return, will contain an inode pointer that 531 * a delegation was broken on, NULL if none. 532 */ 533 int 534 __vfs_removexattr_locked(struct mnt_idmap *idmap, 535 struct dentry *dentry, const char *name, 536 struct delegated_inode *delegated_inode) 537 { 538 struct inode *inode = dentry->d_inode; 539 int error; 540 541 error = xattr_permission(idmap, inode, name, MAY_WRITE); 542 if (error) 543 return error; 544 545 error = security_inode_removexattr(idmap, dentry, name); 546 if (error) 547 goto out; 548 549 error = try_break_deleg(inode, delegated_inode); 550 if (error) 551 goto out; 552 553 error = __vfs_removexattr(idmap, dentry, name); 554 if (error) 555 return error; 556 557 fsnotify_xattr(dentry); 558 security_inode_post_removexattr(dentry, name); 559 560 out: 561 return error; 562 } 563 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked); 564 565 int 566 vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, 567 const char *name) 568 { 569 struct inode *inode = dentry->d_inode; 570 struct delegated_inode delegated_inode = { }; 571 int error; 572 573 retry_deleg: 574 inode_lock(inode); 575 error = __vfs_removexattr_locked(idmap, dentry, 576 name, &delegated_inode); 577 inode_unlock(inode); 578 579 if (is_delegated(&delegated_inode)) { 580 error = break_deleg_wait(&delegated_inode); 581 if (!error) 582 goto retry_deleg; 583 } 584 585 return error; 586 } 587 EXPORT_SYMBOL_GPL(vfs_removexattr); 588 589 int import_xattr_name(struct xattr_name *kname, const char __user *name) 590 { 591 int error = strncpy_from_user(kname->name, name, 592 sizeof(kname->name)); 593 if (error == 0 || error == sizeof(kname->name)) 594 return -ERANGE; 595 if (error < 0) 596 return error; 597 return 0; 598 } 599 600 /* 601 * Extended attribute SET operations 602 */ 603 604 int setxattr_copy(const char __user *name, struct kernel_xattr_ctx *ctx) 605 { 606 int error; 607 608 if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE)) 609 return -EINVAL; 610 611 error = import_xattr_name(ctx->kname, name); 612 if (error) 613 return error; 614 615 if (ctx->size) { 616 if (ctx->size > XATTR_SIZE_MAX) 617 return -E2BIG; 618 619 ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size); 620 if (IS_ERR(ctx->kvalue)) { 621 error = PTR_ERR(ctx->kvalue); 622 ctx->kvalue = NULL; 623 } 624 } 625 626 return error; 627 } 628 629 static int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 630 struct kernel_xattr_ctx *ctx) 631 { 632 if (is_posix_acl_xattr(ctx->kname->name)) 633 return do_set_acl(idmap, dentry, ctx->kname->name, 634 ctx->kvalue, ctx->size); 635 636 return vfs_setxattr(idmap, dentry, ctx->kname->name, 637 ctx->kvalue, ctx->size, ctx->flags); 638 } 639 640 int file_setxattr(struct file *f, struct kernel_xattr_ctx *ctx) 641 { 642 int error = mnt_want_write_file(f); 643 644 if (!error) { 645 audit_file(f); 646 error = do_setxattr(file_mnt_idmap(f), f->f_path.dentry, ctx); 647 mnt_drop_write_file(f); 648 } 649 return error; 650 } 651 652 int filename_setxattr(int dfd, struct filename *filename, 653 unsigned int lookup_flags, struct kernel_xattr_ctx *ctx) 654 { 655 struct path path; 656 int error; 657 658 retry: 659 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 660 if (error) 661 return error; 662 error = mnt_want_write(path.mnt); 663 if (!error) { 664 error = do_setxattr(mnt_idmap(path.mnt), path.dentry, ctx); 665 mnt_drop_write(path.mnt); 666 } 667 path_put(&path); 668 if (retry_estale(error, lookup_flags)) { 669 lookup_flags |= LOOKUP_REVAL; 670 goto retry; 671 } 672 return error; 673 } 674 675 static int path_setxattrat(int dfd, const char __user *pathname, 676 unsigned int at_flags, const char __user *name, 677 const void __user *value, size_t size, int flags) 678 { 679 struct xattr_name kname; 680 struct kernel_xattr_ctx ctx = { 681 .cvalue = value, 682 .kvalue = NULL, 683 .size = size, 684 .kname = &kname, 685 .flags = flags, 686 }; 687 unsigned int lookup_flags = 0; 688 int error; 689 690 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 691 return -EINVAL; 692 693 if (!(at_flags & AT_SYMLINK_NOFOLLOW)) 694 lookup_flags = LOOKUP_FOLLOW; 695 696 error = setxattr_copy(name, &ctx); 697 if (error) 698 return error; 699 700 CLASS(filename_maybe_null, filename)(pathname, at_flags); 701 if (!filename && dfd >= 0) { 702 CLASS(fd, f)(dfd); 703 if (fd_empty(f)) 704 error = -EBADF; 705 else 706 error = file_setxattr(fd_file(f), &ctx); 707 } else { 708 error = filename_setxattr(dfd, filename, lookup_flags, &ctx); 709 } 710 kvfree(ctx.kvalue); 711 return error; 712 } 713 714 SYSCALL_DEFINE6(setxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags, 715 const char __user *, name, const struct xattr_args __user *, uargs, 716 size_t, usize) 717 { 718 struct xattr_args args = {}; 719 int error; 720 721 BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0); 722 BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST); 723 724 if (unlikely(usize < XATTR_ARGS_SIZE_VER0)) 725 return -EINVAL; 726 if (usize > PAGE_SIZE) 727 return -E2BIG; 728 729 error = copy_struct_from_user(&args, sizeof(args), uargs, usize); 730 if (error) 731 return error; 732 733 return path_setxattrat(dfd, pathname, at_flags, name, 734 u64_to_user_ptr(args.value), args.size, 735 args.flags); 736 } 737 738 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 739 const char __user *, name, const void __user *, value, 740 size_t, size, int, flags) 741 { 742 return path_setxattrat(AT_FDCWD, pathname, 0, name, value, size, flags); 743 } 744 745 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 746 const char __user *, name, const void __user *, value, 747 size_t, size, int, flags) 748 { 749 return path_setxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name, 750 value, size, flags); 751 } 752 753 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 754 const void __user *,value, size_t, size, int, flags) 755 { 756 return path_setxattrat(fd, NULL, AT_EMPTY_PATH, name, 757 value, size, flags); 758 } 759 760 /* 761 * Extended attribute GET operations 762 */ 763 static ssize_t 764 do_getxattr(struct mnt_idmap *idmap, struct dentry *d, 765 struct kernel_xattr_ctx *ctx) 766 { 767 ssize_t error; 768 char *kname = ctx->kname->name; 769 void *kvalue = NULL; 770 771 if (ctx->size) { 772 if (ctx->size > XATTR_SIZE_MAX) 773 ctx->size = XATTR_SIZE_MAX; 774 kvalue = kvzalloc(ctx->size, GFP_KERNEL); 775 if (!kvalue) 776 return -ENOMEM; 777 } 778 779 if (is_posix_acl_xattr(kname)) 780 error = do_get_acl(idmap, d, kname, kvalue, ctx->size); 781 else 782 error = vfs_getxattr(idmap, d, kname, kvalue, ctx->size); 783 if (error > 0) { 784 if (ctx->size && copy_to_user(ctx->value, kvalue, error)) 785 error = -EFAULT; 786 } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) { 787 /* The file system tried to returned a value bigger 788 than XATTR_SIZE_MAX bytes. Not possible. */ 789 error = -E2BIG; 790 } 791 792 kvfree(kvalue); 793 return error; 794 } 795 796 ssize_t file_getxattr(struct file *f, struct kernel_xattr_ctx *ctx) 797 { 798 audit_file(f); 799 return do_getxattr(file_mnt_idmap(f), f->f_path.dentry, ctx); 800 } 801 802 ssize_t filename_getxattr(int dfd, struct filename *filename, 803 unsigned int lookup_flags, struct kernel_xattr_ctx *ctx) 804 { 805 struct path path; 806 ssize_t error; 807 retry: 808 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 809 if (error) 810 return error; 811 error = do_getxattr(mnt_idmap(path.mnt), path.dentry, ctx); 812 path_put(&path); 813 if (retry_estale(error, lookup_flags)) { 814 lookup_flags |= LOOKUP_REVAL; 815 goto retry; 816 } 817 return error; 818 } 819 820 static ssize_t path_getxattrat(int dfd, const char __user *pathname, 821 unsigned int at_flags, const char __user *name, 822 void __user *value, size_t size) 823 { 824 struct xattr_name kname; 825 struct kernel_xattr_ctx ctx = { 826 .value = value, 827 .size = size, 828 .kname = &kname, 829 .flags = 0, 830 }; 831 ssize_t error; 832 833 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 834 return -EINVAL; 835 836 error = import_xattr_name(&kname, name); 837 if (error) 838 return error; 839 840 CLASS(filename_maybe_null, filename)(pathname, at_flags); 841 if (!filename && dfd >= 0) { 842 CLASS(fd, f)(dfd); 843 if (fd_empty(f)) 844 return -EBADF; 845 return file_getxattr(fd_file(f), &ctx); 846 } else { 847 int lookup_flags = 0; 848 if (!(at_flags & AT_SYMLINK_NOFOLLOW)) 849 lookup_flags = LOOKUP_FOLLOW; 850 return filename_getxattr(dfd, filename, lookup_flags, &ctx); 851 } 852 } 853 854 SYSCALL_DEFINE6(getxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags, 855 const char __user *, name, struct xattr_args __user *, uargs, size_t, usize) 856 { 857 struct xattr_args args = {}; 858 int error; 859 860 BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0); 861 BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST); 862 863 if (unlikely(usize < XATTR_ARGS_SIZE_VER0)) 864 return -EINVAL; 865 if (usize > PAGE_SIZE) 866 return -E2BIG; 867 868 error = copy_struct_from_user(&args, sizeof(args), uargs, usize); 869 if (error) 870 return error; 871 872 if (args.flags != 0) 873 return -EINVAL; 874 875 return path_getxattrat(dfd, pathname, at_flags, name, 876 u64_to_user_ptr(args.value), args.size); 877 } 878 879 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 880 const char __user *, name, void __user *, value, size_t, size) 881 { 882 return path_getxattrat(AT_FDCWD, pathname, 0, name, value, size); 883 } 884 885 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 886 const char __user *, name, void __user *, value, size_t, size) 887 { 888 return path_getxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name, 889 value, size); 890 } 891 892 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 893 void __user *, value, size_t, size) 894 { 895 return path_getxattrat(fd, NULL, AT_EMPTY_PATH, name, value, size); 896 } 897 898 /* 899 * Extended attribute LIST operations 900 */ 901 static ssize_t 902 listxattr(struct dentry *d, char __user *list, size_t size) 903 { 904 ssize_t error; 905 char *klist = NULL; 906 907 if (size) { 908 if (size > XATTR_LIST_MAX) 909 size = XATTR_LIST_MAX; 910 klist = kvmalloc(size, GFP_KERNEL); 911 if (!klist) 912 return -ENOMEM; 913 } 914 915 error = vfs_listxattr(d, klist, size); 916 if (error > 0) { 917 if (size && copy_to_user(list, klist, error)) 918 error = -EFAULT; 919 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 920 /* The file system tried to returned a list bigger 921 than XATTR_LIST_MAX bytes. Not possible. */ 922 error = -E2BIG; 923 } 924 925 kvfree(klist); 926 927 return error; 928 } 929 930 static 931 ssize_t file_listxattr(struct file *f, char __user *list, size_t size) 932 { 933 audit_file(f); 934 return listxattr(f->f_path.dentry, list, size); 935 } 936 937 static 938 ssize_t filename_listxattr(int dfd, struct filename *filename, 939 unsigned int lookup_flags, 940 char __user *list, size_t size) 941 { 942 struct path path; 943 ssize_t error; 944 retry: 945 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 946 if (error) 947 return error; 948 error = listxattr(path.dentry, list, size); 949 path_put(&path); 950 if (retry_estale(error, lookup_flags)) { 951 lookup_flags |= LOOKUP_REVAL; 952 goto retry; 953 } 954 return error; 955 } 956 957 static ssize_t path_listxattrat(int dfd, const char __user *pathname, 958 unsigned int at_flags, char __user *list, 959 size_t size) 960 { 961 int lookup_flags; 962 963 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 964 return -EINVAL; 965 966 CLASS(filename_maybe_null, filename)(pathname, at_flags); 967 if (!filename) { 968 CLASS(fd, f)(dfd); 969 if (fd_empty(f)) 970 return -EBADF; 971 return file_listxattr(fd_file(f), list, size); 972 } 973 974 lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; 975 return filename_listxattr(dfd, filename, lookup_flags, list, size); 976 } 977 978 SYSCALL_DEFINE5(listxattrat, int, dfd, const char __user *, pathname, 979 unsigned int, at_flags, 980 char __user *, list, size_t, size) 981 { 982 return path_listxattrat(dfd, pathname, at_flags, list, size); 983 } 984 985 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 986 size_t, size) 987 { 988 return path_listxattrat(AT_FDCWD, pathname, 0, list, size); 989 } 990 991 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 992 size_t, size) 993 { 994 return path_listxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, list, size); 995 } 996 997 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 998 { 999 return path_listxattrat(fd, NULL, AT_EMPTY_PATH, list, size); 1000 } 1001 1002 /* 1003 * Extended attribute REMOVE operations 1004 */ 1005 static long 1006 removexattr(struct mnt_idmap *idmap, struct dentry *d, const char *name) 1007 { 1008 if (is_posix_acl_xattr(name)) 1009 return vfs_remove_acl(idmap, d, name); 1010 return vfs_removexattr(idmap, d, name); 1011 } 1012 1013 static int file_removexattr(struct file *f, struct xattr_name *kname) 1014 { 1015 int error = mnt_want_write_file(f); 1016 1017 if (!error) { 1018 audit_file(f); 1019 error = removexattr(file_mnt_idmap(f), 1020 f->f_path.dentry, kname->name); 1021 mnt_drop_write_file(f); 1022 } 1023 return error; 1024 } 1025 1026 static int filename_removexattr(int dfd, struct filename *filename, 1027 unsigned int lookup_flags, struct xattr_name *kname) 1028 { 1029 struct path path; 1030 int error; 1031 1032 retry: 1033 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 1034 if (error) 1035 return error; 1036 error = mnt_want_write(path.mnt); 1037 if (!error) { 1038 error = removexattr(mnt_idmap(path.mnt), path.dentry, kname->name); 1039 mnt_drop_write(path.mnt); 1040 } 1041 path_put(&path); 1042 if (retry_estale(error, lookup_flags)) { 1043 lookup_flags |= LOOKUP_REVAL; 1044 goto retry; 1045 } 1046 return error; 1047 } 1048 1049 static int path_removexattrat(int dfd, const char __user *pathname, 1050 unsigned int at_flags, const char __user *name) 1051 { 1052 struct xattr_name kname; 1053 unsigned int lookup_flags; 1054 int error; 1055 1056 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 1057 return -EINVAL; 1058 1059 error = import_xattr_name(&kname, name); 1060 if (error) 1061 return error; 1062 1063 CLASS(filename_maybe_null, filename)(pathname, at_flags); 1064 if (!filename) { 1065 CLASS(fd, f)(dfd); 1066 if (fd_empty(f)) 1067 return -EBADF; 1068 return file_removexattr(fd_file(f), &kname); 1069 } 1070 lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; 1071 return filename_removexattr(dfd, filename, lookup_flags, &kname); 1072 } 1073 1074 SYSCALL_DEFINE4(removexattrat, int, dfd, const char __user *, pathname, 1075 unsigned int, at_flags, const char __user *, name) 1076 { 1077 return path_removexattrat(dfd, pathname, at_flags, name); 1078 } 1079 1080 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 1081 const char __user *, name) 1082 { 1083 return path_removexattrat(AT_FDCWD, pathname, 0, name); 1084 } 1085 1086 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 1087 const char __user *, name) 1088 { 1089 return path_removexattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name); 1090 } 1091 1092 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 1093 { 1094 return path_removexattrat(fd, NULL, AT_EMPTY_PATH, name); 1095 } 1096 1097 int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name) 1098 { 1099 size_t len; 1100 1101 len = strlen(name) + 1; 1102 if (*buffer) { 1103 if (*remaining_size < len) 1104 return -ERANGE; 1105 memcpy(*buffer, name, len); 1106 *buffer += len; 1107 } 1108 *remaining_size -= len; 1109 return 0; 1110 } 1111 1112 /** 1113 * generic_listxattr - run through a dentry's xattr list() operations 1114 * @dentry: dentry to list the xattrs 1115 * @buffer: result buffer 1116 * @buffer_size: size of @buffer 1117 * 1118 * Combine the results of the list() operation from every xattr_handler in the 1119 * xattr_handler stack. 1120 * 1121 * Note that this will not include the entries for POSIX ACLs. 1122 */ 1123 ssize_t 1124 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 1125 { 1126 const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr; 1127 ssize_t remaining_size = buffer_size; 1128 1129 for_each_xattr_handler(handlers, handler) { 1130 int err; 1131 1132 if (!handler->name || (handler->list && !handler->list(dentry))) 1133 continue; 1134 err = xattr_list_one(&buffer, &remaining_size, handler->name); 1135 if (err) 1136 return err; 1137 } 1138 1139 return buffer_size - remaining_size; 1140 } 1141 EXPORT_SYMBOL(generic_listxattr); 1142 1143 /** 1144 * xattr_full_name - Compute full attribute name from suffix 1145 * 1146 * @handler: handler of the xattr_handler operation 1147 * @name: name passed to the xattr_handler operation 1148 * 1149 * The get and set xattr handler operations are called with the remainder of 1150 * the attribute name after skipping the handler's prefix: for example, "foo" 1151 * is passed to the get operation of a handler with prefix "user." to get 1152 * attribute "user.foo". The full name is still "there" in the name though. 1153 * 1154 * Note: the list xattr handler operation when called from the vfs is passed a 1155 * NULL name; some file systems use this operation internally, with varying 1156 * semantics. 1157 */ 1158 const char *xattr_full_name(const struct xattr_handler *handler, 1159 const char *name) 1160 { 1161 size_t prefix_len = strlen(xattr_prefix(handler)); 1162 1163 return name - prefix_len; 1164 } 1165 EXPORT_SYMBOL(xattr_full_name); 1166 1167 /** 1168 * simple_xattr_space - estimate the memory used by a simple xattr 1169 * @name: the full name of the xattr 1170 * @size: the size of its value 1171 * 1172 * This takes no account of how much larger the two slab objects actually are: 1173 * that would depend on the slab implementation, when what is required is a 1174 * deterministic number, which grows with name length and size and quantity. 1175 * 1176 * Return: The approximate number of bytes of memory used by such an xattr. 1177 */ 1178 size_t simple_xattr_space(const char *name, size_t size) 1179 { 1180 /* 1181 * Use "40" instead of sizeof(struct simple_xattr), to return the 1182 * same result on 32-bit and 64-bit, and even if simple_xattr grows. 1183 */ 1184 return 40 + size + strlen(name); 1185 } 1186 1187 /** 1188 * simple_xattr_free - free an xattr object 1189 * @xattr: the xattr object 1190 * 1191 * Free the xattr object. Can handle @xattr being NULL. 1192 */ 1193 void simple_xattr_free(struct simple_xattr *xattr) 1194 { 1195 if (xattr) 1196 kfree(xattr->name); 1197 kvfree(xattr); 1198 } 1199 1200 /** 1201 * simple_xattr_alloc - allocate new xattr object 1202 * @value: value of the xattr object 1203 * @size: size of @value 1204 * 1205 * Allocate a new xattr object and initialize respective members. The caller is 1206 * responsible for handling the name of the xattr. 1207 * 1208 * Return: On success a new xattr object is returned. On failure NULL is 1209 * returned. 1210 */ 1211 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 1212 { 1213 struct simple_xattr *new_xattr; 1214 size_t len; 1215 1216 /* wrap around? */ 1217 len = sizeof(*new_xattr) + size; 1218 if (len < sizeof(*new_xattr)) 1219 return NULL; 1220 1221 new_xattr = kvmalloc(len, GFP_KERNEL_ACCOUNT); 1222 if (!new_xattr) 1223 return NULL; 1224 1225 new_xattr->size = size; 1226 memcpy(new_xattr->value, value, size); 1227 return new_xattr; 1228 } 1229 1230 /** 1231 * rbtree_simple_xattr_cmp - compare xattr name with current rbtree xattr entry 1232 * @key: xattr name 1233 * @node: current node 1234 * 1235 * Compare the xattr name with the xattr name attached to @node in the rbtree. 1236 * 1237 * Return: Negative value if continuing left, positive if continuing right, 0 1238 * if the xattr attached to @node matches @key. 1239 */ 1240 static int rbtree_simple_xattr_cmp(const void *key, const struct rb_node *node) 1241 { 1242 const char *xattr_name = key; 1243 const struct simple_xattr *xattr; 1244 1245 xattr = rb_entry(node, struct simple_xattr, rb_node); 1246 return strcmp(xattr->name, xattr_name); 1247 } 1248 1249 /** 1250 * rbtree_simple_xattr_node_cmp - compare two xattr rbtree nodes 1251 * @new_node: new node 1252 * @node: current node 1253 * 1254 * Compare the xattr attached to @new_node with the xattr attached to @node. 1255 * 1256 * Return: Negative value if continuing left, positive if continuing right, 0 1257 * if the xattr attached to @new_node matches the xattr attached to @node. 1258 */ 1259 static int rbtree_simple_xattr_node_cmp(struct rb_node *new_node, 1260 const struct rb_node *node) 1261 { 1262 struct simple_xattr *xattr; 1263 xattr = rb_entry(new_node, struct simple_xattr, rb_node); 1264 return rbtree_simple_xattr_cmp(xattr->name, node); 1265 } 1266 1267 /** 1268 * simple_xattr_get - get an xattr object 1269 * @xattrs: the header of the xattr object 1270 * @name: the name of the xattr to retrieve 1271 * @buffer: the buffer to store the value into 1272 * @size: the size of @buffer 1273 * 1274 * Try to find and retrieve the xattr object associated with @name. 1275 * If @buffer is provided store the value of @xattr in @buffer 1276 * otherwise just return the length. The size of @buffer is limited 1277 * to XATTR_SIZE_MAX which currently is 65536. 1278 * 1279 * Return: On success the length of the xattr value is returned. On error a 1280 * negative error code is returned. 1281 */ 1282 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 1283 void *buffer, size_t size) 1284 { 1285 struct simple_xattr *xattr = NULL; 1286 struct rb_node *rbp; 1287 int ret = -ENODATA; 1288 1289 read_lock(&xattrs->lock); 1290 rbp = rb_find(name, &xattrs->rb_root, rbtree_simple_xattr_cmp); 1291 if (rbp) { 1292 xattr = rb_entry(rbp, struct simple_xattr, rb_node); 1293 ret = xattr->size; 1294 if (buffer) { 1295 if (size < xattr->size) 1296 ret = -ERANGE; 1297 else 1298 memcpy(buffer, xattr->value, xattr->size); 1299 } 1300 } 1301 read_unlock(&xattrs->lock); 1302 return ret; 1303 } 1304 1305 /** 1306 * simple_xattr_set - set an xattr object 1307 * @xattrs: the header of the xattr object 1308 * @name: the name of the xattr to retrieve 1309 * @value: the value to store along the xattr 1310 * @size: the size of @value 1311 * @flags: the flags determining how to set the xattr 1312 * 1313 * Set a new xattr object. 1314 * If @value is passed a new xattr object will be allocated. If XATTR_REPLACE 1315 * is specified in @flags a matching xattr object for @name must already exist. 1316 * If it does it will be replaced with the new xattr object. If it doesn't we 1317 * fail. If XATTR_CREATE is specified and a matching xattr does already exist 1318 * we fail. If it doesn't we create a new xattr. If @flags is zero we simply 1319 * insert the new xattr replacing any existing one. 1320 * 1321 * If @value is empty and a matching xattr object is found we delete it if 1322 * XATTR_REPLACE is specified in @flags or @flags is zero. 1323 * 1324 * If @value is empty and no matching xattr object for @name is found we do 1325 * nothing if XATTR_CREATE is specified in @flags or @flags is zero. For 1326 * XATTR_REPLACE we fail as mentioned above. 1327 * 1328 * Return: On success, the removed or replaced xattr is returned, to be freed 1329 * by the caller; or NULL if none. On failure a negative error code is returned. 1330 */ 1331 struct simple_xattr *simple_xattr_set(struct simple_xattrs *xattrs, 1332 const char *name, const void *value, 1333 size_t size, int flags) 1334 { 1335 struct simple_xattr *old_xattr = NULL, *new_xattr = NULL; 1336 struct rb_node *parent = NULL, **rbp; 1337 int err = 0, ret; 1338 1339 /* value == NULL means remove */ 1340 if (value) { 1341 new_xattr = simple_xattr_alloc(value, size); 1342 if (!new_xattr) 1343 return ERR_PTR(-ENOMEM); 1344 1345 new_xattr->name = kstrdup(name, GFP_KERNEL_ACCOUNT); 1346 if (!new_xattr->name) { 1347 simple_xattr_free(new_xattr); 1348 return ERR_PTR(-ENOMEM); 1349 } 1350 } 1351 1352 write_lock(&xattrs->lock); 1353 rbp = &xattrs->rb_root.rb_node; 1354 while (*rbp) { 1355 parent = *rbp; 1356 ret = rbtree_simple_xattr_cmp(name, *rbp); 1357 if (ret < 0) 1358 rbp = &(*rbp)->rb_left; 1359 else if (ret > 0) 1360 rbp = &(*rbp)->rb_right; 1361 else 1362 old_xattr = rb_entry(*rbp, struct simple_xattr, rb_node); 1363 if (old_xattr) 1364 break; 1365 } 1366 1367 if (old_xattr) { 1368 /* Fail if XATTR_CREATE is requested and the xattr exists. */ 1369 if (flags & XATTR_CREATE) { 1370 err = -EEXIST; 1371 goto out_unlock; 1372 } 1373 1374 if (new_xattr) 1375 rb_replace_node(&old_xattr->rb_node, 1376 &new_xattr->rb_node, &xattrs->rb_root); 1377 else 1378 rb_erase(&old_xattr->rb_node, &xattrs->rb_root); 1379 } else { 1380 /* Fail if XATTR_REPLACE is requested but no xattr is found. */ 1381 if (flags & XATTR_REPLACE) { 1382 err = -ENODATA; 1383 goto out_unlock; 1384 } 1385 1386 /* 1387 * If XATTR_CREATE or no flags are specified together with a 1388 * new value simply insert it. 1389 */ 1390 if (new_xattr) { 1391 rb_link_node(&new_xattr->rb_node, parent, rbp); 1392 rb_insert_color(&new_xattr->rb_node, &xattrs->rb_root); 1393 } 1394 1395 /* 1396 * If XATTR_CREATE or no flags are specified and neither an 1397 * old or new xattr exist then we don't need to do anything. 1398 */ 1399 } 1400 1401 out_unlock: 1402 write_unlock(&xattrs->lock); 1403 if (!err) 1404 return old_xattr; 1405 simple_xattr_free(new_xattr); 1406 return ERR_PTR(err); 1407 } 1408 1409 static bool xattr_is_trusted(const char *name) 1410 { 1411 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 1412 } 1413 1414 static bool xattr_is_maclabel(const char *name) 1415 { 1416 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 1417 1418 return !strncmp(name, XATTR_SECURITY_PREFIX, 1419 XATTR_SECURITY_PREFIX_LEN) && 1420 security_ismaclabel(suffix); 1421 } 1422 1423 /** 1424 * simple_xattr_list - list all xattr objects 1425 * @inode: inode from which to get the xattrs 1426 * @xattrs: the header of the xattr object 1427 * @buffer: the buffer to store all xattrs into 1428 * @size: the size of @buffer 1429 * 1430 * List all xattrs associated with @inode. If @buffer is NULL we returned 1431 * the required size of the buffer. If @buffer is provided we store the 1432 * xattrs value into it provided it is big enough. 1433 * 1434 * Note, the number of xattr names that can be listed with listxattr(2) is 1435 * limited to XATTR_LIST_MAX aka 65536 bytes. If a larger buffer is passed 1436 * then vfs_listxattr() caps it to XATTR_LIST_MAX and if more xattr names 1437 * are found it will return -E2BIG. 1438 * 1439 * Return: On success the required size or the size of the copied xattrs is 1440 * returned. On error a negative error code is returned. 1441 */ 1442 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 1443 char *buffer, size_t size) 1444 { 1445 bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); 1446 struct simple_xattr *xattr; 1447 struct rb_node *rbp; 1448 ssize_t remaining_size = size; 1449 int err = 0; 1450 1451 err = posix_acl_listxattr(inode, &buffer, &remaining_size); 1452 if (err) 1453 return err; 1454 1455 err = security_inode_listsecurity(inode, buffer, remaining_size); 1456 if (err < 0) 1457 return err; 1458 1459 if (buffer) { 1460 if (remaining_size < err) 1461 return -ERANGE; 1462 buffer += err; 1463 } 1464 remaining_size -= err; 1465 err = 0; 1466 1467 read_lock(&xattrs->lock); 1468 for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) { 1469 xattr = rb_entry(rbp, struct simple_xattr, rb_node); 1470 1471 /* skip "trusted." attributes for unprivileged callers */ 1472 if (!trusted && xattr_is_trusted(xattr->name)) 1473 continue; 1474 1475 /* skip MAC labels; these are provided by LSM above */ 1476 if (xattr_is_maclabel(xattr->name)) 1477 continue; 1478 1479 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 1480 if (err) 1481 break; 1482 } 1483 read_unlock(&xattrs->lock); 1484 1485 return err ? err : size - remaining_size; 1486 } 1487 1488 /** 1489 * rbtree_simple_xattr_less - compare two xattr rbtree nodes 1490 * @new_node: new node 1491 * @node: current node 1492 * 1493 * Compare the xattr attached to @new_node with the xattr attached to @node. 1494 * Note that this function technically tolerates duplicate entries. 1495 * 1496 * Return: True if insertion point in the rbtree is found. 1497 */ 1498 static bool rbtree_simple_xattr_less(struct rb_node *new_node, 1499 const struct rb_node *node) 1500 { 1501 return rbtree_simple_xattr_node_cmp(new_node, node) < 0; 1502 } 1503 1504 /** 1505 * simple_xattr_add - add xattr objects 1506 * @xattrs: the header of the xattr object 1507 * @new_xattr: the xattr object to add 1508 * 1509 * Add an xattr object to @xattrs. This assumes no replacement or removal 1510 * of matching xattrs is wanted. Should only be called during inode 1511 * initialization when a few distinct initial xattrs are supposed to be set. 1512 */ 1513 void simple_xattr_add(struct simple_xattrs *xattrs, 1514 struct simple_xattr *new_xattr) 1515 { 1516 write_lock(&xattrs->lock); 1517 rb_add(&new_xattr->rb_node, &xattrs->rb_root, rbtree_simple_xattr_less); 1518 write_unlock(&xattrs->lock); 1519 } 1520 1521 /** 1522 * simple_xattrs_init - initialize new xattr header 1523 * @xattrs: header to initialize 1524 * 1525 * Initialize relevant fields of a an xattr header. 1526 */ 1527 void simple_xattrs_init(struct simple_xattrs *xattrs) 1528 { 1529 xattrs->rb_root = RB_ROOT; 1530 rwlock_init(&xattrs->lock); 1531 } 1532 1533 /** 1534 * simple_xattrs_free - free xattrs 1535 * @xattrs: xattr header whose xattrs to destroy 1536 * @freed_space: approximate number of bytes of memory freed from @xattrs 1537 * 1538 * Destroy all xattrs in @xattr. When this is called no one can hold a 1539 * reference to any of the xattrs anymore. 1540 */ 1541 void simple_xattrs_free(struct simple_xattrs *xattrs, size_t *freed_space) 1542 { 1543 struct rb_node *rbp; 1544 1545 if (freed_space) 1546 *freed_space = 0; 1547 rbp = rb_first(&xattrs->rb_root); 1548 while (rbp) { 1549 struct simple_xattr *xattr; 1550 struct rb_node *rbp_next; 1551 1552 rbp_next = rb_next(rbp); 1553 xattr = rb_entry(rbp, struct simple_xattr, rb_node); 1554 rb_erase(&xattr->rb_node, &xattrs->rb_root); 1555 if (freed_space) 1556 *freed_space += simple_xattr_space(xattr->name, 1557 xattr->size); 1558 simple_xattr_free(xattr); 1559 rbp = rbp_next; 1560 } 1561 } 1562