1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 File: fs/xattr.c 4 5 Extended attribute handling. 6 7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 10 */ 11 #include <linux/fs.h> 12 #include <linux/filelock.h> 13 #include <linux/slab.h> 14 #include <linux/file.h> 15 #include <linux/xattr.h> 16 #include <linux/mount.h> 17 #include <linux/namei.h> 18 #include <linux/security.h> 19 #include <linux/syscalls.h> 20 #include <linux/export.h> 21 #include <linux/fsnotify.h> 22 #include <linux/audit.h> 23 #include <linux/vmalloc.h> 24 #include <linux/posix_acl_xattr.h> 25 #include <linux/rhashtable.h> 26 27 #include <linux/uaccess.h> 28 29 #include "internal.h" 30 31 static const char * 32 strcmp_prefix(const char *a, const char *a_prefix) 33 { 34 while (*a_prefix && *a == *a_prefix) { 35 a++; 36 a_prefix++; 37 } 38 return *a_prefix ? NULL : a; 39 } 40 41 /* 42 * In order to implement different sets of xattr operations for each xattr 43 * prefix, a filesystem should create a null-terminated array of struct 44 * xattr_handler (one for each prefix) and hang a pointer to it off of the 45 * s_xattr field of the superblock. 46 */ 47 #define for_each_xattr_handler(handlers, handler) \ 48 if (handlers) \ 49 for ((handler) = *(handlers)++; \ 50 (handler) != NULL; \ 51 (handler) = *(handlers)++) 52 53 /* 54 * Find the xattr_handler with the matching prefix. 55 */ 56 static const struct xattr_handler * 57 xattr_resolve_name(struct inode *inode, const char **name) 58 { 59 const struct xattr_handler * const *handlers = inode->i_sb->s_xattr; 60 const struct xattr_handler *handler; 61 62 if (!(inode->i_opflags & IOP_XATTR)) { 63 if (unlikely(is_bad_inode(inode))) 64 return ERR_PTR(-EIO); 65 return ERR_PTR(-EOPNOTSUPP); 66 } 67 for_each_xattr_handler(handlers, handler) { 68 const char *n; 69 70 n = strcmp_prefix(*name, xattr_prefix(handler)); 71 if (n) { 72 if (!handler->prefix ^ !*n) { 73 if (*n) 74 continue; 75 return ERR_PTR(-EINVAL); 76 } 77 *name = n; 78 return handler; 79 } 80 } 81 return ERR_PTR(-EOPNOTSUPP); 82 } 83 84 /** 85 * may_write_xattr - check whether inode allows writing xattr 86 * @idmap: idmap of the mount the inode was found from 87 * @inode: the inode on which to set an xattr 88 * 89 * Check whether the inode allows writing xattrs. Specifically, we can never 90 * set or remove an extended attribute on a read-only filesystem or on an 91 * immutable / append-only inode. 92 * 93 * We also need to ensure that the inode has a mapping in the mount to 94 * not risk writing back invalid i_{g,u}id values. 95 * 96 * Return: On success zero is returned. On error a negative errno is returned. 97 */ 98 int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode) 99 { 100 if (IS_IMMUTABLE(inode)) 101 return -EPERM; 102 if (IS_APPEND(inode)) 103 return -EPERM; 104 if (HAS_UNMAPPED_ID(idmap, inode)) 105 return -EPERM; 106 return 0; 107 } 108 109 static inline int xattr_permission_error(int mask) 110 { 111 if (mask & MAY_WRITE) 112 return -EPERM; 113 return -ENODATA; 114 } 115 116 /* 117 * Check permissions for extended attribute access. This is a bit complicated 118 * because different namespaces have very different rules. 119 */ 120 static int 121 xattr_permission(struct mnt_idmap *idmap, struct inode *inode, 122 const char *name, int mask) 123 { 124 if (mask & MAY_WRITE) { 125 int ret; 126 127 ret = may_write_xattr(idmap, inode); 128 if (ret) 129 return ret; 130 } 131 132 /* 133 * No restriction for security.* and system.* from the VFS. Decision 134 * on these is left to the underlying filesystem / security module. 135 */ 136 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 137 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 138 return 0; 139 140 /* 141 * The trusted.* namespace can only be accessed by privileged users. 142 */ 143 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 144 if (!capable(CAP_SYS_ADMIN)) 145 return xattr_permission_error(mask); 146 return 0; 147 } 148 149 /* 150 * In the user.* namespace, only regular files and directories can have 151 * extended attributes. For sticky directories, only the owner and 152 * privileged users can write attributes. 153 */ 154 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 155 switch (inode->i_mode & S_IFMT) { 156 case S_IFREG: 157 break; 158 case S_IFDIR: 159 if (!(inode->i_mode & S_ISVTX)) 160 break; 161 if (!(mask & MAY_WRITE)) 162 break; 163 if (inode_owner_or_capable(idmap, inode)) 164 break; 165 return -EPERM; 166 case S_IFSOCK: 167 break; 168 default: 169 return xattr_permission_error(mask); 170 } 171 } 172 173 return inode_permission(idmap, inode, mask); 174 } 175 176 /* 177 * Look for any handler that deals with the specified namespace. 178 */ 179 int 180 xattr_supports_user_prefix(struct inode *inode) 181 { 182 const struct xattr_handler * const *handlers = inode->i_sb->s_xattr; 183 const struct xattr_handler *handler; 184 185 if (!(inode->i_opflags & IOP_XATTR)) { 186 if (unlikely(is_bad_inode(inode))) 187 return -EIO; 188 return -EOPNOTSUPP; 189 } 190 191 for_each_xattr_handler(handlers, handler) { 192 if (!strncmp(xattr_prefix(handler), XATTR_USER_PREFIX, 193 XATTR_USER_PREFIX_LEN)) 194 return 0; 195 } 196 197 return -EOPNOTSUPP; 198 } 199 EXPORT_SYMBOL(xattr_supports_user_prefix); 200 201 int 202 __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 203 struct inode *inode, const char *name, const void *value, 204 size_t size, int flags) 205 { 206 const struct xattr_handler *handler; 207 208 if (is_posix_acl_xattr(name)) 209 return -EOPNOTSUPP; 210 211 handler = xattr_resolve_name(inode, &name); 212 if (IS_ERR(handler)) 213 return PTR_ERR(handler); 214 if (!handler->set) 215 return -EOPNOTSUPP; 216 if (size == 0) 217 value = ""; /* empty EA, do not remove */ 218 return handler->set(handler, idmap, dentry, inode, name, value, 219 size, flags); 220 } 221 EXPORT_SYMBOL(__vfs_setxattr); 222 223 /** 224 * __vfs_setxattr_noperm - perform setxattr operation without performing 225 * permission checks. 226 * 227 * @idmap: idmap of the mount the inode was found from 228 * @dentry: object to perform setxattr on 229 * @name: xattr name to set 230 * @value: value to set @name to 231 * @size: size of @value 232 * @flags: flags to pass into filesystem operations 233 * 234 * returns the result of the internal setxattr or setsecurity operations. 235 * 236 * This function requires the caller to lock the inode's i_rwsem before it 237 * is executed. It also assumes that the caller will make the appropriate 238 * permission checks. 239 */ 240 int __vfs_setxattr_noperm(struct mnt_idmap *idmap, 241 struct dentry *dentry, const char *name, 242 const void *value, size_t size, int flags) 243 { 244 struct inode *inode = dentry->d_inode; 245 int error = -EAGAIN; 246 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 247 XATTR_SECURITY_PREFIX_LEN); 248 249 if (issec) 250 inode->i_flags &= ~S_NOSEC; 251 if (inode->i_opflags & IOP_XATTR) { 252 error = __vfs_setxattr(idmap, dentry, inode, name, value, 253 size, flags); 254 if (!error) { 255 fsnotify_xattr(dentry); 256 security_inode_post_setxattr(dentry, name, value, 257 size, flags); 258 } 259 } else { 260 if (unlikely(is_bad_inode(inode))) 261 return -EIO; 262 } 263 if (error == -EAGAIN) { 264 error = -EOPNOTSUPP; 265 266 if (issec) { 267 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 268 269 error = security_inode_setsecurity(inode, suffix, value, 270 size, flags); 271 if (!error) 272 fsnotify_xattr(dentry); 273 } 274 } 275 276 return error; 277 } 278 279 /** 280 * __vfs_setxattr_locked - set an extended attribute while holding the inode 281 * lock 282 * 283 * @idmap: idmap of the mount of the target inode 284 * @dentry: object to perform setxattr on 285 * @name: xattr name to set 286 * @value: value to set @name to 287 * @size: size of @value 288 * @flags: flags to pass into filesystem operations 289 * @delegated_inode: on return, will contain an inode pointer that 290 * a delegation was broken on, NULL if none. 291 */ 292 int 293 __vfs_setxattr_locked(struct mnt_idmap *idmap, struct dentry *dentry, 294 const char *name, const void *value, size_t size, 295 int flags, struct delegated_inode *delegated_inode) 296 { 297 struct inode *inode = dentry->d_inode; 298 int error; 299 300 error = xattr_permission(idmap, inode, name, MAY_WRITE); 301 if (error) 302 return error; 303 304 error = security_inode_setxattr(idmap, dentry, name, value, size, 305 flags); 306 if (error) 307 goto out; 308 309 error = try_break_deleg(inode, delegated_inode); 310 if (error) 311 goto out; 312 313 error = __vfs_setxattr_noperm(idmap, dentry, name, value, 314 size, flags); 315 316 out: 317 return error; 318 } 319 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked); 320 321 int 322 vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 323 const char *name, const void *value, size_t size, int flags) 324 { 325 struct inode *inode = dentry->d_inode; 326 struct delegated_inode delegated_inode = { }; 327 const void *orig_value = value; 328 int error; 329 330 if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { 331 error = cap_convert_nscap(idmap, dentry, &value, size); 332 if (error < 0) 333 return error; 334 size = error; 335 } 336 337 retry_deleg: 338 inode_lock(inode); 339 error = __vfs_setxattr_locked(idmap, dentry, name, value, size, 340 flags, &delegated_inode); 341 inode_unlock(inode); 342 343 if (is_delegated(&delegated_inode)) { 344 error = break_deleg_wait(&delegated_inode); 345 if (!error) 346 goto retry_deleg; 347 } 348 if (value != orig_value) 349 kfree(value); 350 351 return error; 352 } 353 EXPORT_SYMBOL_GPL(vfs_setxattr); 354 355 static ssize_t 356 xattr_getsecurity(struct mnt_idmap *idmap, struct inode *inode, 357 const char *name, void *value, size_t size) 358 { 359 void *buffer = NULL; 360 ssize_t len; 361 362 if (!value || !size) { 363 len = security_inode_getsecurity(idmap, inode, name, 364 &buffer, false); 365 goto out_noalloc; 366 } 367 368 len = security_inode_getsecurity(idmap, inode, name, &buffer, 369 true); 370 if (len < 0) 371 return len; 372 if (size < len) { 373 len = -ERANGE; 374 goto out; 375 } 376 memcpy(value, buffer, len); 377 out: 378 kfree(buffer); 379 out_noalloc: 380 return len; 381 } 382 383 /* 384 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 385 * 386 * Allocate memory, if not already allocated, or re-allocate correct size, 387 * before retrieving the extended attribute. The xattr value buffer should 388 * always be freed by the caller, even on error. 389 * 390 * Returns the result of alloc, if failed, or the getxattr operation. 391 */ 392 int 393 vfs_getxattr_alloc(struct mnt_idmap *idmap, struct dentry *dentry, 394 const char *name, char **xattr_value, size_t xattr_size, 395 gfp_t flags) 396 { 397 const struct xattr_handler *handler; 398 struct inode *inode = dentry->d_inode; 399 char *value = *xattr_value; 400 int error; 401 402 error = xattr_permission(idmap, inode, name, MAY_READ); 403 if (error) 404 return error; 405 406 handler = xattr_resolve_name(inode, &name); 407 if (IS_ERR(handler)) 408 return PTR_ERR(handler); 409 if (!handler->get) 410 return -EOPNOTSUPP; 411 error = handler->get(handler, dentry, inode, name, NULL, 0); 412 if (error < 0) 413 return error; 414 415 if (!value || (error > xattr_size)) { 416 value = krealloc(*xattr_value, error + 1, flags); 417 if (!value) 418 return -ENOMEM; 419 memset(value, 0, error + 1); 420 } 421 422 error = handler->get(handler, dentry, inode, name, value, error); 423 *xattr_value = value; 424 return error; 425 } 426 427 ssize_t 428 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, 429 void *value, size_t size) 430 { 431 const struct xattr_handler *handler; 432 433 if (is_posix_acl_xattr(name)) 434 return -EOPNOTSUPP; 435 436 handler = xattr_resolve_name(inode, &name); 437 if (IS_ERR(handler)) 438 return PTR_ERR(handler); 439 if (!handler->get) 440 return -EOPNOTSUPP; 441 return handler->get(handler, dentry, inode, name, value, size); 442 } 443 EXPORT_SYMBOL(__vfs_getxattr); 444 445 ssize_t 446 vfs_getxattr(struct mnt_idmap *idmap, struct dentry *dentry, 447 const char *name, void *value, size_t size) 448 { 449 struct inode *inode = dentry->d_inode; 450 int error; 451 452 error = xattr_permission(idmap, inode, name, MAY_READ); 453 if (error) 454 return error; 455 456 error = security_inode_getxattr(dentry, name); 457 if (error) 458 return error; 459 460 if (!strncmp(name, XATTR_SECURITY_PREFIX, 461 XATTR_SECURITY_PREFIX_LEN)) { 462 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 463 int ret = xattr_getsecurity(idmap, inode, suffix, value, 464 size); 465 /* 466 * Only overwrite the return value if a security module 467 * is actually active. 468 */ 469 if (ret == -EOPNOTSUPP) 470 goto nolsm; 471 return ret; 472 } 473 nolsm: 474 return __vfs_getxattr(dentry, inode, name, value, size); 475 } 476 EXPORT_SYMBOL_GPL(vfs_getxattr); 477 478 /** 479 * vfs_listxattr - retrieve \0 separated list of xattr names 480 * @dentry: the dentry from whose inode the xattr names are retrieved 481 * @list: buffer to store xattr names into 482 * @size: size of the buffer 483 * 484 * This function returns the names of all xattrs associated with the 485 * inode of @dentry. 486 * 487 * Note, for legacy reasons the vfs_listxattr() function lists POSIX 488 * ACLs as well. Since POSIX ACLs are decoupled from IOP_XATTR the 489 * vfs_listxattr() function doesn't check for this flag since a 490 * filesystem could implement POSIX ACLs without implementing any other 491 * xattrs. 492 * 493 * However, since all codepaths that remove IOP_XATTR also assign of 494 * inode operations that either don't implement or implement a stub 495 * ->listxattr() operation. 496 * 497 * Return: On success, the size of the buffer that was used. On error a 498 * negative error code. 499 */ 500 ssize_t 501 vfs_listxattr(struct dentry *dentry, char *list, size_t size) 502 { 503 struct inode *inode = d_inode(dentry); 504 ssize_t error; 505 506 error = security_inode_listxattr(dentry); 507 if (error) 508 return error; 509 510 if (inode->i_op->listxattr) { 511 error = inode->i_op->listxattr(dentry, list, size); 512 } else { 513 error = security_inode_listsecurity(inode, list, size); 514 if (size && error > size) 515 error = -ERANGE; 516 } 517 return error; 518 } 519 EXPORT_SYMBOL_GPL(vfs_listxattr); 520 521 int 522 __vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, 523 const char *name) 524 { 525 struct inode *inode = d_inode(dentry); 526 const struct xattr_handler *handler; 527 528 if (is_posix_acl_xattr(name)) 529 return -EOPNOTSUPP; 530 531 handler = xattr_resolve_name(inode, &name); 532 if (IS_ERR(handler)) 533 return PTR_ERR(handler); 534 if (!handler->set) 535 return -EOPNOTSUPP; 536 return handler->set(handler, idmap, dentry, inode, name, NULL, 0, 537 XATTR_REPLACE); 538 } 539 EXPORT_SYMBOL(__vfs_removexattr); 540 541 /** 542 * __vfs_removexattr_locked - set an extended attribute while holding the inode 543 * lock 544 * 545 * @idmap: idmap of the mount of the target inode 546 * @dentry: object to perform setxattr on 547 * @name: name of xattr to remove 548 * @delegated_inode: on return, will contain an inode pointer that 549 * a delegation was broken on, NULL if none. 550 */ 551 int 552 __vfs_removexattr_locked(struct mnt_idmap *idmap, 553 struct dentry *dentry, const char *name, 554 struct delegated_inode *delegated_inode) 555 { 556 struct inode *inode = dentry->d_inode; 557 int error; 558 559 error = xattr_permission(idmap, inode, name, MAY_WRITE); 560 if (error) 561 return error; 562 563 error = security_inode_removexattr(idmap, dentry, name); 564 if (error) 565 goto out; 566 567 error = try_break_deleg(inode, delegated_inode); 568 if (error) 569 goto out; 570 571 error = __vfs_removexattr(idmap, dentry, name); 572 if (error) 573 return error; 574 575 fsnotify_xattr(dentry); 576 security_inode_post_removexattr(dentry, name); 577 578 out: 579 return error; 580 } 581 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked); 582 583 int 584 vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, 585 const char *name) 586 { 587 struct inode *inode = dentry->d_inode; 588 struct delegated_inode delegated_inode = { }; 589 int error; 590 591 retry_deleg: 592 inode_lock(inode); 593 error = __vfs_removexattr_locked(idmap, dentry, 594 name, &delegated_inode); 595 inode_unlock(inode); 596 597 if (is_delegated(&delegated_inode)) { 598 error = break_deleg_wait(&delegated_inode); 599 if (!error) 600 goto retry_deleg; 601 } 602 603 return error; 604 } 605 EXPORT_SYMBOL_GPL(vfs_removexattr); 606 607 int import_xattr_name(struct xattr_name *kname, const char __user *name) 608 { 609 int error = strncpy_from_user(kname->name, name, 610 sizeof(kname->name)); 611 if (error == 0 || error == sizeof(kname->name)) 612 return -ERANGE; 613 if (error < 0) 614 return error; 615 return 0; 616 } 617 618 /* 619 * Extended attribute SET operations 620 */ 621 622 int setxattr_copy(const char __user *name, struct kernel_xattr_ctx *ctx) 623 { 624 int error; 625 626 if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE)) 627 return -EINVAL; 628 629 error = import_xattr_name(ctx->kname, name); 630 if (error) 631 return error; 632 633 if (ctx->size) { 634 if (ctx->size > XATTR_SIZE_MAX) 635 return -E2BIG; 636 637 ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size); 638 if (IS_ERR(ctx->kvalue)) { 639 error = PTR_ERR(ctx->kvalue); 640 ctx->kvalue = NULL; 641 } 642 } 643 644 return error; 645 } 646 647 static int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 648 struct kernel_xattr_ctx *ctx) 649 { 650 if (is_posix_acl_xattr(ctx->kname->name)) 651 return do_set_acl(idmap, dentry, ctx->kname->name, 652 ctx->kvalue, ctx->size); 653 654 return vfs_setxattr(idmap, dentry, ctx->kname->name, 655 ctx->kvalue, ctx->size, ctx->flags); 656 } 657 658 int file_setxattr(struct file *f, struct kernel_xattr_ctx *ctx) 659 { 660 int error = mnt_want_write_file(f); 661 662 if (!error) { 663 audit_file(f); 664 error = do_setxattr(file_mnt_idmap(f), f->f_path.dentry, ctx); 665 mnt_drop_write_file(f); 666 } 667 return error; 668 } 669 670 int filename_setxattr(int dfd, struct filename *filename, 671 unsigned int lookup_flags, struct kernel_xattr_ctx *ctx) 672 { 673 struct path path; 674 int error; 675 676 retry: 677 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 678 if (error) 679 return error; 680 error = mnt_want_write(path.mnt); 681 if (!error) { 682 error = do_setxattr(mnt_idmap(path.mnt), path.dentry, ctx); 683 mnt_drop_write(path.mnt); 684 } 685 path_put(&path); 686 if (retry_estale(error, lookup_flags)) { 687 lookup_flags |= LOOKUP_REVAL; 688 goto retry; 689 } 690 return error; 691 } 692 693 static int path_setxattrat(int dfd, const char __user *pathname, 694 unsigned int at_flags, const char __user *name, 695 const void __user *value, size_t size, int flags) 696 { 697 struct xattr_name kname; 698 struct kernel_xattr_ctx ctx = { 699 .cvalue = value, 700 .kvalue = NULL, 701 .size = size, 702 .kname = &kname, 703 .flags = flags, 704 }; 705 unsigned int lookup_flags = 0; 706 int error; 707 708 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 709 return -EINVAL; 710 711 if (!(at_flags & AT_SYMLINK_NOFOLLOW)) 712 lookup_flags = LOOKUP_FOLLOW; 713 714 error = setxattr_copy(name, &ctx); 715 if (error) 716 return error; 717 718 CLASS(filename_maybe_null, filename)(pathname, at_flags); 719 if (!filename && dfd >= 0) { 720 CLASS(fd, f)(dfd); 721 if (fd_empty(f)) 722 error = -EBADF; 723 else 724 error = file_setxattr(fd_file(f), &ctx); 725 } else { 726 error = filename_setxattr(dfd, filename, lookup_flags, &ctx); 727 } 728 kvfree(ctx.kvalue); 729 return error; 730 } 731 732 SYSCALL_DEFINE6(setxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags, 733 const char __user *, name, const struct xattr_args __user *, uargs, 734 size_t, usize) 735 { 736 struct xattr_args args = {}; 737 int error; 738 739 BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0); 740 BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST); 741 742 if (unlikely(usize < XATTR_ARGS_SIZE_VER0)) 743 return -EINVAL; 744 if (usize > PAGE_SIZE) 745 return -E2BIG; 746 747 error = copy_struct_from_user(&args, sizeof(args), uargs, usize); 748 if (error) 749 return error; 750 751 return path_setxattrat(dfd, pathname, at_flags, name, 752 u64_to_user_ptr(args.value), args.size, 753 args.flags); 754 } 755 756 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 757 const char __user *, name, const void __user *, value, 758 size_t, size, int, flags) 759 { 760 return path_setxattrat(AT_FDCWD, pathname, 0, name, value, size, flags); 761 } 762 763 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 764 const char __user *, name, const void __user *, value, 765 size_t, size, int, flags) 766 { 767 return path_setxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name, 768 value, size, flags); 769 } 770 771 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 772 const void __user *,value, size_t, size, int, flags) 773 { 774 return path_setxattrat(fd, NULL, AT_EMPTY_PATH, name, 775 value, size, flags); 776 } 777 778 /* 779 * Extended attribute GET operations 780 */ 781 static ssize_t 782 do_getxattr(struct mnt_idmap *idmap, struct dentry *d, 783 struct kernel_xattr_ctx *ctx) 784 { 785 ssize_t error; 786 char *kname = ctx->kname->name; 787 void *kvalue = NULL; 788 789 if (ctx->size) { 790 if (ctx->size > XATTR_SIZE_MAX) 791 ctx->size = XATTR_SIZE_MAX; 792 kvalue = kvzalloc(ctx->size, GFP_KERNEL); 793 if (!kvalue) 794 return -ENOMEM; 795 } 796 797 if (is_posix_acl_xattr(kname)) 798 error = do_get_acl(idmap, d, kname, kvalue, ctx->size); 799 else 800 error = vfs_getxattr(idmap, d, kname, kvalue, ctx->size); 801 if (error > 0) { 802 if (ctx->size && copy_to_user(ctx->value, kvalue, error)) 803 error = -EFAULT; 804 } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) { 805 /* The file system tried to returned a value bigger 806 than XATTR_SIZE_MAX bytes. Not possible. */ 807 error = -E2BIG; 808 } 809 810 kvfree(kvalue); 811 return error; 812 } 813 814 ssize_t file_getxattr(struct file *f, struct kernel_xattr_ctx *ctx) 815 { 816 audit_file(f); 817 return do_getxattr(file_mnt_idmap(f), f->f_path.dentry, ctx); 818 } 819 820 ssize_t filename_getxattr(int dfd, struct filename *filename, 821 unsigned int lookup_flags, struct kernel_xattr_ctx *ctx) 822 { 823 struct path path; 824 ssize_t error; 825 retry: 826 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 827 if (error) 828 return error; 829 error = do_getxattr(mnt_idmap(path.mnt), path.dentry, ctx); 830 path_put(&path); 831 if (retry_estale(error, lookup_flags)) { 832 lookup_flags |= LOOKUP_REVAL; 833 goto retry; 834 } 835 return error; 836 } 837 838 static ssize_t path_getxattrat(int dfd, const char __user *pathname, 839 unsigned int at_flags, const char __user *name, 840 void __user *value, size_t size) 841 { 842 struct xattr_name kname; 843 struct kernel_xattr_ctx ctx = { 844 .value = value, 845 .size = size, 846 .kname = &kname, 847 .flags = 0, 848 }; 849 ssize_t error; 850 851 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 852 return -EINVAL; 853 854 error = import_xattr_name(&kname, name); 855 if (error) 856 return error; 857 858 CLASS(filename_maybe_null, filename)(pathname, at_flags); 859 if (!filename && dfd >= 0) { 860 CLASS(fd, f)(dfd); 861 if (fd_empty(f)) 862 return -EBADF; 863 return file_getxattr(fd_file(f), &ctx); 864 } else { 865 int lookup_flags = 0; 866 if (!(at_flags & AT_SYMLINK_NOFOLLOW)) 867 lookup_flags = LOOKUP_FOLLOW; 868 return filename_getxattr(dfd, filename, lookup_flags, &ctx); 869 } 870 } 871 872 SYSCALL_DEFINE6(getxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags, 873 const char __user *, name, struct xattr_args __user *, uargs, size_t, usize) 874 { 875 struct xattr_args args = {}; 876 int error; 877 878 BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0); 879 BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST); 880 881 if (unlikely(usize < XATTR_ARGS_SIZE_VER0)) 882 return -EINVAL; 883 if (usize > PAGE_SIZE) 884 return -E2BIG; 885 886 error = copy_struct_from_user(&args, sizeof(args), uargs, usize); 887 if (error) 888 return error; 889 890 if (args.flags != 0) 891 return -EINVAL; 892 893 return path_getxattrat(dfd, pathname, at_flags, name, 894 u64_to_user_ptr(args.value), args.size); 895 } 896 897 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 898 const char __user *, name, void __user *, value, size_t, size) 899 { 900 return path_getxattrat(AT_FDCWD, pathname, 0, name, value, size); 901 } 902 903 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 904 const char __user *, name, void __user *, value, size_t, size) 905 { 906 return path_getxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name, 907 value, size); 908 } 909 910 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 911 void __user *, value, size_t, size) 912 { 913 return path_getxattrat(fd, NULL, AT_EMPTY_PATH, name, value, size); 914 } 915 916 /* 917 * Extended attribute LIST operations 918 */ 919 static ssize_t 920 listxattr(struct dentry *d, char __user *list, size_t size) 921 { 922 ssize_t error; 923 char *klist = NULL; 924 925 if (size) { 926 if (size > XATTR_LIST_MAX) 927 size = XATTR_LIST_MAX; 928 klist = kvmalloc(size, GFP_KERNEL); 929 if (!klist) 930 return -ENOMEM; 931 } 932 933 error = vfs_listxattr(d, klist, size); 934 if (error > 0) { 935 if (size && copy_to_user(list, klist, error)) 936 error = -EFAULT; 937 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 938 /* The file system tried to returned a list bigger 939 than XATTR_LIST_MAX bytes. Not possible. */ 940 error = -E2BIG; 941 } 942 943 kvfree(klist); 944 945 return error; 946 } 947 948 static 949 ssize_t file_listxattr(struct file *f, char __user *list, size_t size) 950 { 951 audit_file(f); 952 return listxattr(f->f_path.dentry, list, size); 953 } 954 955 static 956 ssize_t filename_listxattr(int dfd, struct filename *filename, 957 unsigned int lookup_flags, 958 char __user *list, size_t size) 959 { 960 struct path path; 961 ssize_t error; 962 retry: 963 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 964 if (error) 965 return error; 966 error = listxattr(path.dentry, list, size); 967 path_put(&path); 968 if (retry_estale(error, lookup_flags)) { 969 lookup_flags |= LOOKUP_REVAL; 970 goto retry; 971 } 972 return error; 973 } 974 975 static ssize_t path_listxattrat(int dfd, const char __user *pathname, 976 unsigned int at_flags, char __user *list, 977 size_t size) 978 { 979 int lookup_flags; 980 981 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 982 return -EINVAL; 983 984 CLASS(filename_maybe_null, filename)(pathname, at_flags); 985 if (!filename) { 986 CLASS(fd, f)(dfd); 987 if (fd_empty(f)) 988 return -EBADF; 989 return file_listxattr(fd_file(f), list, size); 990 } 991 992 lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; 993 return filename_listxattr(dfd, filename, lookup_flags, list, size); 994 } 995 996 SYSCALL_DEFINE5(listxattrat, int, dfd, const char __user *, pathname, 997 unsigned int, at_flags, 998 char __user *, list, size_t, size) 999 { 1000 return path_listxattrat(dfd, pathname, at_flags, list, size); 1001 } 1002 1003 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 1004 size_t, size) 1005 { 1006 return path_listxattrat(AT_FDCWD, pathname, 0, list, size); 1007 } 1008 1009 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 1010 size_t, size) 1011 { 1012 return path_listxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, list, size); 1013 } 1014 1015 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 1016 { 1017 return path_listxattrat(fd, NULL, AT_EMPTY_PATH, list, size); 1018 } 1019 1020 /* 1021 * Extended attribute REMOVE operations 1022 */ 1023 static long 1024 removexattr(struct mnt_idmap *idmap, struct dentry *d, const char *name) 1025 { 1026 if (is_posix_acl_xattr(name)) 1027 return vfs_remove_acl(idmap, d, name); 1028 return vfs_removexattr(idmap, d, name); 1029 } 1030 1031 static int file_removexattr(struct file *f, struct xattr_name *kname) 1032 { 1033 int error = mnt_want_write_file(f); 1034 1035 if (!error) { 1036 audit_file(f); 1037 error = removexattr(file_mnt_idmap(f), 1038 f->f_path.dentry, kname->name); 1039 mnt_drop_write_file(f); 1040 } 1041 return error; 1042 } 1043 1044 static int filename_removexattr(int dfd, struct filename *filename, 1045 unsigned int lookup_flags, struct xattr_name *kname) 1046 { 1047 struct path path; 1048 int error; 1049 1050 retry: 1051 error = filename_lookup(dfd, filename, lookup_flags, &path, NULL); 1052 if (error) 1053 return error; 1054 error = mnt_want_write(path.mnt); 1055 if (!error) { 1056 error = removexattr(mnt_idmap(path.mnt), path.dentry, kname->name); 1057 mnt_drop_write(path.mnt); 1058 } 1059 path_put(&path); 1060 if (retry_estale(error, lookup_flags)) { 1061 lookup_flags |= LOOKUP_REVAL; 1062 goto retry; 1063 } 1064 return error; 1065 } 1066 1067 static int path_removexattrat(int dfd, const char __user *pathname, 1068 unsigned int at_flags, const char __user *name) 1069 { 1070 struct xattr_name kname; 1071 unsigned int lookup_flags; 1072 int error; 1073 1074 if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 1075 return -EINVAL; 1076 1077 error = import_xattr_name(&kname, name); 1078 if (error) 1079 return error; 1080 1081 CLASS(filename_maybe_null, filename)(pathname, at_flags); 1082 if (!filename) { 1083 CLASS(fd, f)(dfd); 1084 if (fd_empty(f)) 1085 return -EBADF; 1086 return file_removexattr(fd_file(f), &kname); 1087 } 1088 lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; 1089 return filename_removexattr(dfd, filename, lookup_flags, &kname); 1090 } 1091 1092 SYSCALL_DEFINE4(removexattrat, int, dfd, const char __user *, pathname, 1093 unsigned int, at_flags, const char __user *, name) 1094 { 1095 return path_removexattrat(dfd, pathname, at_flags, name); 1096 } 1097 1098 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 1099 const char __user *, name) 1100 { 1101 return path_removexattrat(AT_FDCWD, pathname, 0, name); 1102 } 1103 1104 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 1105 const char __user *, name) 1106 { 1107 return path_removexattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name); 1108 } 1109 1110 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 1111 { 1112 return path_removexattrat(fd, NULL, AT_EMPTY_PATH, name); 1113 } 1114 1115 int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name) 1116 { 1117 size_t len; 1118 1119 len = strlen(name) + 1; 1120 if (*buffer) { 1121 if (*remaining_size < len) 1122 return -ERANGE; 1123 memcpy(*buffer, name, len); 1124 *buffer += len; 1125 } 1126 *remaining_size -= len; 1127 return 0; 1128 } 1129 1130 /** 1131 * generic_listxattr - run through a dentry's xattr list() operations 1132 * @dentry: dentry to list the xattrs 1133 * @buffer: result buffer 1134 * @buffer_size: size of @buffer 1135 * 1136 * Combine the results of the list() operation from every xattr_handler in the 1137 * xattr_handler stack. 1138 * 1139 * Note that this will not include the entries for POSIX ACLs. 1140 */ 1141 ssize_t 1142 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 1143 { 1144 const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr; 1145 ssize_t remaining_size = buffer_size; 1146 1147 for_each_xattr_handler(handlers, handler) { 1148 int err; 1149 1150 if (!handler->name || (handler->list && !handler->list(dentry))) 1151 continue; 1152 err = xattr_list_one(&buffer, &remaining_size, handler->name); 1153 if (err) 1154 return err; 1155 } 1156 1157 return buffer_size - remaining_size; 1158 } 1159 EXPORT_SYMBOL(generic_listxattr); 1160 1161 /** 1162 * xattr_full_name - Compute full attribute name from suffix 1163 * 1164 * @handler: handler of the xattr_handler operation 1165 * @name: name passed to the xattr_handler operation 1166 * 1167 * The get and set xattr handler operations are called with the remainder of 1168 * the attribute name after skipping the handler's prefix: for example, "foo" 1169 * is passed to the get operation of a handler with prefix "user." to get 1170 * attribute "user.foo". The full name is still "there" in the name though. 1171 * 1172 * Note: the list xattr handler operation when called from the vfs is passed a 1173 * NULL name; some file systems use this operation internally, with varying 1174 * semantics. 1175 */ 1176 const char *xattr_full_name(const struct xattr_handler *handler, 1177 const char *name) 1178 { 1179 size_t prefix_len = strlen(xattr_prefix(handler)); 1180 1181 return name - prefix_len; 1182 } 1183 EXPORT_SYMBOL(xattr_full_name); 1184 1185 /** 1186 * simple_xattr_space - estimate the memory used by a simple xattr 1187 * @name: the full name of the xattr 1188 * @size: the size of its value 1189 * 1190 * This takes no account of how much larger the two slab objects actually are: 1191 * that would depend on the slab implementation, when what is required is a 1192 * deterministic number, which grows with name length and size and quantity. 1193 * 1194 * Return: The approximate number of bytes of memory used by such an xattr. 1195 */ 1196 size_t simple_xattr_space(const char *name, size_t size) 1197 { 1198 /* 1199 * Use "40" instead of sizeof(struct simple_xattr), to return the 1200 * same result on 32-bit and 64-bit, and even if simple_xattr grows. 1201 */ 1202 return 40 + size + strlen(name); 1203 } 1204 1205 /** 1206 * simple_xattr_free - free an xattr object 1207 * @xattr: the xattr object 1208 * 1209 * Free the xattr object. Can handle @xattr being NULL. 1210 */ 1211 void simple_xattr_free(struct simple_xattr *xattr) 1212 { 1213 if (xattr) 1214 kfree(xattr->name); 1215 kvfree(xattr); 1216 } 1217 1218 static void simple_xattr_rcu_free(struct rcu_head *head) 1219 { 1220 struct simple_xattr *xattr = container_of(head, struct simple_xattr, rcu); 1221 1222 simple_xattr_free(xattr); 1223 } 1224 1225 /** 1226 * simple_xattr_free_rcu - free an xattr object with RCU delay 1227 * @xattr: the xattr object 1228 * 1229 * Free the xattr object after an RCU grace period. This must be used when 1230 * the xattr was removed from a data structure that concurrent RCU readers 1231 * may still be traversing. Can handle @xattr being NULL. 1232 */ 1233 void simple_xattr_free_rcu(struct simple_xattr *xattr) 1234 { 1235 if (xattr) 1236 call_rcu(&xattr->rcu, simple_xattr_rcu_free); 1237 } 1238 1239 /** 1240 * simple_xattr_alloc - allocate new xattr object 1241 * @value: value of the xattr object 1242 * @size: size of @value 1243 * 1244 * Allocate a new xattr object and initialize respective members. The caller is 1245 * responsible for handling the name of the xattr. 1246 * 1247 * Return: New xattr object on success, NULL if @value is NULL, ERR_PTR on 1248 * failure. 1249 */ 1250 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 1251 { 1252 struct simple_xattr *new_xattr; 1253 size_t len; 1254 1255 if (!value) 1256 return NULL; 1257 1258 /* wrap around? */ 1259 len = sizeof(*new_xattr) + size; 1260 if (len < sizeof(*new_xattr)) 1261 return ERR_PTR(-ENOMEM); 1262 1263 new_xattr = kvmalloc(len, GFP_KERNEL_ACCOUNT); 1264 if (!new_xattr) 1265 return ERR_PTR(-ENOMEM); 1266 1267 new_xattr->size = size; 1268 memcpy(new_xattr->value, value, size); 1269 return new_xattr; 1270 } 1271 1272 static u32 simple_xattr_hashfn(const void *data, u32 len, u32 seed) 1273 { 1274 const char *name = data; 1275 return jhash(name, strlen(name), seed); 1276 } 1277 1278 static u32 simple_xattr_obj_hashfn(const void *obj, u32 len, u32 seed) 1279 { 1280 const struct simple_xattr *xattr = obj; 1281 return jhash(xattr->name, strlen(xattr->name), seed); 1282 } 1283 1284 static int simple_xattr_obj_cmpfn(struct rhashtable_compare_arg *arg, 1285 const void *obj) 1286 { 1287 const struct simple_xattr *xattr = obj; 1288 return strcmp(xattr->name, arg->key); 1289 } 1290 1291 static const struct rhashtable_params simple_xattr_params = { 1292 .head_offset = offsetof(struct simple_xattr, hash_node), 1293 .hashfn = simple_xattr_hashfn, 1294 .obj_hashfn = simple_xattr_obj_hashfn, 1295 .obj_cmpfn = simple_xattr_obj_cmpfn, 1296 .automatic_shrinking = true, 1297 }; 1298 1299 /** 1300 * simple_xattr_get - get an xattr object 1301 * @xattrs: the header of the xattr object 1302 * @name: the name of the xattr to retrieve 1303 * @buffer: the buffer to store the value into 1304 * @size: the size of @buffer 1305 * 1306 * Try to find and retrieve the xattr object associated with @name. 1307 * If @buffer is provided store the value of @xattr in @buffer 1308 * otherwise just return the length. The size of @buffer is limited 1309 * to XATTR_SIZE_MAX which currently is 65536. 1310 * 1311 * Return: On success the length of the xattr value is returned. On error a 1312 * negative error code is returned. 1313 */ 1314 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 1315 void *buffer, size_t size) 1316 { 1317 struct simple_xattr *xattr; 1318 int ret = -ENODATA; 1319 1320 guard(rcu)(); 1321 xattr = rhashtable_lookup(&xattrs->ht, name, simple_xattr_params); 1322 if (xattr) { 1323 ret = xattr->size; 1324 if (buffer) { 1325 if (size < xattr->size) 1326 ret = -ERANGE; 1327 else 1328 memcpy(buffer, xattr->value, xattr->size); 1329 } 1330 } 1331 return ret; 1332 } 1333 1334 /** 1335 * simple_xattr_set - set an xattr object 1336 * @xattrs: the header of the xattr object 1337 * @name: the name of the xattr to retrieve 1338 * @value: the value to store along the xattr 1339 * @size: the size of @value 1340 * @flags: the flags determining how to set the xattr 1341 * 1342 * Set a new xattr object. 1343 * If @value is passed a new xattr object will be allocated. If XATTR_REPLACE 1344 * is specified in @flags a matching xattr object for @name must already exist. 1345 * If it does it will be replaced with the new xattr object. If it doesn't we 1346 * fail. If XATTR_CREATE is specified and a matching xattr does already exist 1347 * we fail. If it doesn't we create a new xattr. If @flags is zero we simply 1348 * insert the new xattr replacing any existing one. 1349 * 1350 * If @value is empty and a matching xattr object is found we delete it if 1351 * XATTR_REPLACE is specified in @flags or @flags is zero. 1352 * 1353 * If @value is empty and no matching xattr object for @name is found we do 1354 * nothing if XATTR_CREATE is specified in @flags or @flags is zero. For 1355 * XATTR_REPLACE we fail as mentioned above. 1356 * 1357 * Note: Callers must externally serialize writes. All current callers hold 1358 * the inode lock for write operations. The lookup->replace/remove sequence 1359 * is not atomic with respect to the rhashtable's per-bucket locking, but 1360 * is safe because writes are serialized by the caller. 1361 * 1362 * Return: On success, the removed or replaced xattr is returned, to be freed 1363 * by the caller; or NULL if none. On failure a negative error code is returned. 1364 */ 1365 struct simple_xattr *simple_xattr_set(struct simple_xattrs *xattrs, 1366 const char *name, const void *value, 1367 size_t size, int flags) 1368 { 1369 struct simple_xattr *old_xattr = NULL; 1370 int err; 1371 1372 CLASS(simple_xattr, new_xattr)(value, size); 1373 if (IS_ERR(new_xattr)) 1374 return new_xattr; 1375 1376 if (new_xattr) { 1377 new_xattr->name = kstrdup(name, GFP_KERNEL_ACCOUNT); 1378 if (!new_xattr->name) 1379 return ERR_PTR(-ENOMEM); 1380 } 1381 1382 /* Lookup is safe without RCU here since writes are serialized. */ 1383 old_xattr = rhashtable_lookup_fast(&xattrs->ht, name, 1384 simple_xattr_params); 1385 1386 if (old_xattr) { 1387 /* Fail if XATTR_CREATE is requested and the xattr exists. */ 1388 if (flags & XATTR_CREATE) 1389 return ERR_PTR(-EEXIST); 1390 1391 if (new_xattr) { 1392 err = rhashtable_replace_fast(&xattrs->ht, 1393 &old_xattr->hash_node, 1394 &new_xattr->hash_node, 1395 simple_xattr_params); 1396 if (err) 1397 return ERR_PTR(err); 1398 } else { 1399 err = rhashtable_remove_fast(&xattrs->ht, 1400 &old_xattr->hash_node, 1401 simple_xattr_params); 1402 if (err) 1403 return ERR_PTR(err); 1404 } 1405 } else { 1406 /* Fail if XATTR_REPLACE is requested but no xattr is found. */ 1407 if (flags & XATTR_REPLACE) 1408 return ERR_PTR(-ENODATA); 1409 1410 /* 1411 * If XATTR_CREATE or no flags are specified together with a 1412 * new value simply insert it. 1413 */ 1414 if (new_xattr) { 1415 err = rhashtable_insert_fast(&xattrs->ht, 1416 &new_xattr->hash_node, 1417 simple_xattr_params); 1418 if (err) 1419 return ERR_PTR(err); 1420 } 1421 1422 /* 1423 * If XATTR_CREATE or no flags are specified and neither an 1424 * old or new xattr exist then we don't need to do anything. 1425 */ 1426 } 1427 1428 retain_and_null_ptr(new_xattr); 1429 return old_xattr; 1430 } 1431 1432 static inline void simple_xattr_limits_dec(struct simple_xattr_limits *limits, 1433 size_t size) 1434 { 1435 atomic_sub(size, &limits->xattr_size); 1436 atomic_dec(&limits->nr_xattrs); 1437 } 1438 1439 static inline int simple_xattr_limits_inc(struct simple_xattr_limits *limits, 1440 size_t size) 1441 { 1442 if (atomic_inc_return(&limits->nr_xattrs) > SIMPLE_XATTR_MAX_NR) { 1443 atomic_dec(&limits->nr_xattrs); 1444 return -ENOSPC; 1445 } 1446 1447 if (atomic_add_return(size, &limits->xattr_size) <= SIMPLE_XATTR_MAX_SIZE) 1448 return 0; 1449 1450 simple_xattr_limits_dec(limits, size); 1451 return -ENOSPC; 1452 } 1453 1454 /** 1455 * simple_xattr_set_limited - set an xattr with per-inode user.* limits 1456 * @xattrs: the header of the xattr object 1457 * @limits: per-inode limit counters for user.* xattrs 1458 * @name: the name of the xattr to set or remove 1459 * @value: the value to store (NULL to remove) 1460 * @size: the size of @value 1461 * @flags: XATTR_CREATE, XATTR_REPLACE, or 0 1462 * 1463 * Like simple_xattr_set(), but enforces per-inode count and total value size 1464 * limits for user.* xattrs. Uses speculative pre-increment of the atomic 1465 * counters to avoid races without requiring external locks. 1466 * 1467 * Return: On success zero is returned. On failure a negative error code is 1468 * returned. 1469 */ 1470 int simple_xattr_set_limited(struct simple_xattrs *xattrs, 1471 struct simple_xattr_limits *limits, 1472 const char *name, const void *value, 1473 size_t size, int flags) 1474 { 1475 struct simple_xattr *old_xattr; 1476 int ret; 1477 1478 if (value) { 1479 ret = simple_xattr_limits_inc(limits, size); 1480 if (ret) 1481 return ret; 1482 } 1483 1484 old_xattr = simple_xattr_set(xattrs, name, value, size, flags); 1485 if (IS_ERR(old_xattr)) { 1486 if (value) 1487 simple_xattr_limits_dec(limits, size); 1488 return PTR_ERR(old_xattr); 1489 } 1490 if (old_xattr) { 1491 simple_xattr_limits_dec(limits, old_xattr->size); 1492 simple_xattr_free_rcu(old_xattr); 1493 } 1494 return 0; 1495 } 1496 1497 static bool xattr_is_trusted(const char *name) 1498 { 1499 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 1500 } 1501 1502 static bool xattr_is_maclabel(const char *name) 1503 { 1504 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 1505 1506 return !strncmp(name, XATTR_SECURITY_PREFIX, 1507 XATTR_SECURITY_PREFIX_LEN) && 1508 security_ismaclabel(suffix); 1509 } 1510 1511 /** 1512 * simple_xattr_list - list all xattr objects 1513 * @inode: inode from which to get the xattrs 1514 * @xattrs: the header of the xattr object 1515 * @buffer: the buffer to store all xattrs into 1516 * @size: the size of @buffer 1517 * 1518 * List all xattrs associated with @inode. If @buffer is NULL we returned 1519 * the required size of the buffer. If @buffer is provided we store the 1520 * xattrs value into it provided it is big enough. 1521 * 1522 * Note, the number of xattr names that can be listed with listxattr(2) is 1523 * limited to XATTR_LIST_MAX aka 65536 bytes. If a larger buffer is passed 1524 * then vfs_listxattr() caps it to XATTR_LIST_MAX and if more xattr names 1525 * are found it will return -E2BIG. 1526 * 1527 * Return: On success the required size or the size of the copied xattrs is 1528 * returned. On error a negative error code is returned. 1529 */ 1530 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 1531 char *buffer, size_t size) 1532 { 1533 bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); 1534 struct rhashtable_iter iter; 1535 struct simple_xattr *xattr; 1536 ssize_t remaining_size = size; 1537 int err = 0; 1538 1539 err = posix_acl_listxattr(inode, &buffer, &remaining_size); 1540 if (err) 1541 return err; 1542 1543 err = security_inode_listsecurity(inode, buffer, remaining_size); 1544 if (err < 0) 1545 return err; 1546 1547 if (buffer) { 1548 if (remaining_size < err) 1549 return -ERANGE; 1550 buffer += err; 1551 } 1552 remaining_size -= err; 1553 err = 0; 1554 1555 if (!xattrs) 1556 return size - remaining_size; 1557 1558 rhashtable_walk_enter(&xattrs->ht, &iter); 1559 rhashtable_walk_start(&iter); 1560 1561 while ((xattr = rhashtable_walk_next(&iter)) != NULL) { 1562 if (IS_ERR(xattr)) { 1563 if (PTR_ERR(xattr) == -EAGAIN) 1564 continue; 1565 err = PTR_ERR(xattr); 1566 break; 1567 } 1568 1569 /* skip "trusted." attributes for unprivileged callers */ 1570 if (!trusted && xattr_is_trusted(xattr->name)) 1571 continue; 1572 1573 /* skip MAC labels; these are provided by LSM above */ 1574 if (xattr_is_maclabel(xattr->name)) 1575 continue; 1576 1577 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 1578 if (err) 1579 break; 1580 } 1581 1582 rhashtable_walk_stop(&iter); 1583 rhashtable_walk_exit(&iter); 1584 1585 return err ? err : size - remaining_size; 1586 } 1587 1588 /** 1589 * simple_xattr_add - add xattr objects 1590 * @xattrs: the header of the xattr object 1591 * @new_xattr: the xattr object to add 1592 * 1593 * Add an xattr object to @xattrs. This assumes no replacement or removal 1594 * of matching xattrs is wanted. Should only be called during inode 1595 * initialization when a few distinct initial xattrs are supposed to be set. 1596 * 1597 * Return: On success zero is returned. On failure a negative error code is 1598 * returned. 1599 */ 1600 int simple_xattr_add(struct simple_xattrs *xattrs, 1601 struct simple_xattr *new_xattr) 1602 { 1603 return rhashtable_insert_fast(&xattrs->ht, &new_xattr->hash_node, 1604 simple_xattr_params); 1605 } 1606 1607 /** 1608 * simple_xattrs_init - initialize new xattr header 1609 * @xattrs: header to initialize 1610 * 1611 * Initialize the rhashtable used to store xattr objects. 1612 * 1613 * Return: On success zero is returned. On failure a negative error code is 1614 * returned. 1615 */ 1616 int simple_xattrs_init(struct simple_xattrs *xattrs) 1617 { 1618 return rhashtable_init(&xattrs->ht, &simple_xattr_params); 1619 } 1620 1621 /** 1622 * simple_xattrs_alloc - allocate and initialize a new xattr header 1623 * 1624 * Dynamically allocate a simple_xattrs header and initialize the 1625 * underlying rhashtable. This is intended for consumers that want 1626 * to lazily allocate xattr storage only when the first xattr is set, 1627 * avoiding the per-inode rhashtable overhead when no xattrs are used. 1628 * 1629 * Return: On success a new simple_xattrs is returned. On failure an 1630 * ERR_PTR is returned. 1631 */ 1632 struct simple_xattrs *simple_xattrs_alloc(void) 1633 { 1634 struct simple_xattrs *xattrs __free(kfree) = NULL; 1635 int ret; 1636 1637 xattrs = kzalloc(sizeof(*xattrs), GFP_KERNEL); 1638 if (!xattrs) 1639 return ERR_PTR(-ENOMEM); 1640 1641 ret = simple_xattrs_init(xattrs); 1642 if (ret) 1643 return ERR_PTR(ret); 1644 1645 return no_free_ptr(xattrs); 1646 } 1647 1648 /** 1649 * simple_xattrs_lazy_alloc - get or allocate xattrs for a set operation 1650 * @xattrsp: pointer to the xattrs pointer (may point to NULL) 1651 * @value: value being set (NULL means remove) 1652 * @flags: xattr set flags 1653 * 1654 * For lazily-allocated xattrs on the write path. If no xattrs exist yet 1655 * and this is a remove operation, returns the appropriate result without 1656 * allocating. Otherwise ensures xattrs is allocated and published with 1657 * store-release semantics. 1658 * 1659 * Return: On success a valid pointer to the xattrs is returned. On 1660 * failure or early-exit an ERR_PTR or NULL is returned. Callers should 1661 * check with IS_ERR_OR_NULL() and propagate with PTR_ERR() which 1662 * correctly returns 0 for the NULL no-op case. 1663 */ 1664 struct simple_xattrs *simple_xattrs_lazy_alloc(struct simple_xattrs **xattrsp, 1665 const void *value, int flags) 1666 { 1667 struct simple_xattrs *xattrs; 1668 1669 xattrs = READ_ONCE(*xattrsp); 1670 if (xattrs) 1671 return xattrs; 1672 1673 if (!value) 1674 return (flags & XATTR_REPLACE) ? ERR_PTR(-ENODATA) : NULL; 1675 1676 xattrs = simple_xattrs_alloc(); 1677 if (!IS_ERR(xattrs)) 1678 smp_store_release(xattrsp, xattrs); 1679 return xattrs; 1680 } 1681 1682 static void simple_xattr_ht_free(void *ptr, void *arg) 1683 { 1684 struct simple_xattr *xattr = ptr; 1685 size_t *freed_space = arg; 1686 1687 if (freed_space) 1688 *freed_space += simple_xattr_space(xattr->name, xattr->size); 1689 simple_xattr_free(xattr); 1690 } 1691 1692 /** 1693 * simple_xattrs_free - free xattrs 1694 * @xattrs: xattr header whose xattrs to destroy 1695 * @freed_space: approximate number of bytes of memory freed from @xattrs 1696 * 1697 * Destroy all xattrs in @xattr. When this is called no one can hold a 1698 * reference to any of the xattrs anymore. 1699 */ 1700 void simple_xattrs_free(struct simple_xattrs *xattrs, size_t *freed_space) 1701 { 1702 might_sleep(); 1703 1704 if (freed_space) 1705 *freed_space = 0; 1706 rhashtable_free_and_destroy(&xattrs->ht, simple_xattr_ht_free, 1707 freed_space); 1708 } 1709