1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 File: fs/xattr.c 4 5 Extended attribute handling. 6 7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 10 */ 11 #include <linux/fs.h> 12 #include <linux/slab.h> 13 #include <linux/file.h> 14 #include <linux/xattr.h> 15 #include <linux/mount.h> 16 #include <linux/namei.h> 17 #include <linux/security.h> 18 #include <linux/evm.h> 19 #include <linux/syscalls.h> 20 #include <linux/export.h> 21 #include <linux/fsnotify.h> 22 #include <linux/audit.h> 23 #include <linux/vmalloc.h> 24 #include <linux/posix_acl_xattr.h> 25 26 #include <linux/uaccess.h> 27 28 #include "internal.h" 29 30 static const char * 31 strcmp_prefix(const char *a, const char *a_prefix) 32 { 33 while (*a_prefix && *a == *a_prefix) { 34 a++; 35 a_prefix++; 36 } 37 return *a_prefix ? NULL : a; 38 } 39 40 /* 41 * In order to implement different sets of xattr operations for each xattr 42 * prefix, a filesystem should create a null-terminated array of struct 43 * xattr_handler (one for each prefix) and hang a pointer to it off of the 44 * s_xattr field of the superblock. 45 */ 46 #define for_each_xattr_handler(handlers, handler) \ 47 if (handlers) \ 48 for ((handler) = *(handlers)++; \ 49 (handler) != NULL; \ 50 (handler) = *(handlers)++) 51 52 /* 53 * Find the xattr_handler with the matching prefix. 54 */ 55 static const struct xattr_handler * 56 xattr_resolve_name(struct inode *inode, const char **name) 57 { 58 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 59 const struct xattr_handler *handler; 60 61 if (!(inode->i_opflags & IOP_XATTR)) { 62 if (unlikely(is_bad_inode(inode))) 63 return ERR_PTR(-EIO); 64 return ERR_PTR(-EOPNOTSUPP); 65 } 66 for_each_xattr_handler(handlers, handler) { 67 const char *n; 68 69 n = strcmp_prefix(*name, xattr_prefix(handler)); 70 if (n) { 71 if (!handler->prefix ^ !*n) { 72 if (*n) 73 continue; 74 return ERR_PTR(-EINVAL); 75 } 76 *name = n; 77 return handler; 78 } 79 } 80 return ERR_PTR(-EOPNOTSUPP); 81 } 82 83 /* 84 * Check permissions for extended attribute access. This is a bit complicated 85 * because different namespaces have very different rules. 86 */ 87 static int 88 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode, 89 const char *name, int mask) 90 { 91 /* 92 * We can never set or remove an extended attribute on a read-only 93 * filesystem or on an immutable / append-only inode. 94 */ 95 if (mask & MAY_WRITE) { 96 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 97 return -EPERM; 98 /* 99 * Updating an xattr will likely cause i_uid and i_gid 100 * to be writen back improperly if their true value is 101 * unknown to the vfs. 102 */ 103 if (HAS_UNMAPPED_ID(mnt_userns, inode)) 104 return -EPERM; 105 } 106 107 /* 108 * No restriction for security.* and system.* from the VFS. Decision 109 * on these is left to the underlying filesystem / security module. 110 */ 111 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 112 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 113 return 0; 114 115 /* 116 * The trusted.* namespace can only be accessed by privileged users. 117 */ 118 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 119 if (!capable(CAP_SYS_ADMIN)) 120 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 121 return 0; 122 } 123 124 /* 125 * In the user.* namespace, only regular files and directories can have 126 * extended attributes. For sticky directories, only the owner and 127 * privileged users can write attributes. 128 */ 129 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 130 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 131 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 132 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 133 (mask & MAY_WRITE) && 134 !inode_owner_or_capable(mnt_userns, inode)) 135 return -EPERM; 136 } 137 138 return inode_permission(mnt_userns, inode, mask); 139 } 140 141 /* 142 * Look for any handler that deals with the specified namespace. 143 */ 144 int 145 xattr_supported_namespace(struct inode *inode, const char *prefix) 146 { 147 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 148 const struct xattr_handler *handler; 149 size_t preflen; 150 151 if (!(inode->i_opflags & IOP_XATTR)) { 152 if (unlikely(is_bad_inode(inode))) 153 return -EIO; 154 return -EOPNOTSUPP; 155 } 156 157 preflen = strlen(prefix); 158 159 for_each_xattr_handler(handlers, handler) { 160 if (!strncmp(xattr_prefix(handler), prefix, preflen)) 161 return 0; 162 } 163 164 return -EOPNOTSUPP; 165 } 166 EXPORT_SYMBOL(xattr_supported_namespace); 167 168 int 169 __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 170 struct inode *inode, const char *name, const void *value, 171 size_t size, int flags) 172 { 173 const struct xattr_handler *handler; 174 175 handler = xattr_resolve_name(inode, &name); 176 if (IS_ERR(handler)) 177 return PTR_ERR(handler); 178 if (!handler->set) 179 return -EOPNOTSUPP; 180 if (size == 0) 181 value = ""; /* empty EA, do not remove */ 182 return handler->set(handler, mnt_userns, dentry, inode, name, value, 183 size, flags); 184 } 185 EXPORT_SYMBOL(__vfs_setxattr); 186 187 /** 188 * __vfs_setxattr_noperm - perform setxattr operation without performing 189 * permission checks. 190 * 191 * @mnt_userns: user namespace of the mount the inode was found from 192 * @dentry: object to perform setxattr on 193 * @name: xattr name to set 194 * @value: value to set @name to 195 * @size: size of @value 196 * @flags: flags to pass into filesystem operations 197 * 198 * returns the result of the internal setxattr or setsecurity operations. 199 * 200 * This function requires the caller to lock the inode's i_mutex before it 201 * is executed. It also assumes that the caller will make the appropriate 202 * permission checks. 203 */ 204 int __vfs_setxattr_noperm(struct user_namespace *mnt_userns, 205 struct dentry *dentry, const char *name, 206 const void *value, size_t size, int flags) 207 { 208 struct inode *inode = dentry->d_inode; 209 int error = -EAGAIN; 210 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 211 XATTR_SECURITY_PREFIX_LEN); 212 213 if (issec) 214 inode->i_flags &= ~S_NOSEC; 215 if (inode->i_opflags & IOP_XATTR) { 216 error = __vfs_setxattr(mnt_userns, dentry, inode, name, value, 217 size, flags); 218 if (!error) { 219 fsnotify_xattr(dentry); 220 security_inode_post_setxattr(dentry, name, value, 221 size, flags); 222 } 223 } else { 224 if (unlikely(is_bad_inode(inode))) 225 return -EIO; 226 } 227 if (error == -EAGAIN) { 228 error = -EOPNOTSUPP; 229 230 if (issec) { 231 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 232 233 error = security_inode_setsecurity(inode, suffix, value, 234 size, flags); 235 if (!error) 236 fsnotify_xattr(dentry); 237 } 238 } 239 240 return error; 241 } 242 243 /** 244 * __vfs_setxattr_locked - set an extended attribute while holding the inode 245 * lock 246 * 247 * @mnt_userns: user namespace of the mount of the target inode 248 * @dentry: object to perform setxattr on 249 * @name: xattr name to set 250 * @value: value to set @name to 251 * @size: size of @value 252 * @flags: flags to pass into filesystem operations 253 * @delegated_inode: on return, will contain an inode pointer that 254 * a delegation was broken on, NULL if none. 255 */ 256 int 257 __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry, 258 const char *name, const void *value, size_t size, 259 int flags, struct inode **delegated_inode) 260 { 261 struct inode *inode = dentry->d_inode; 262 int error; 263 264 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE); 265 if (error) 266 return error; 267 268 error = security_inode_setxattr(mnt_userns, dentry, name, value, size, 269 flags); 270 if (error) 271 goto out; 272 273 error = try_break_deleg(inode, delegated_inode); 274 if (error) 275 goto out; 276 277 error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value, 278 size, flags); 279 280 out: 281 return error; 282 } 283 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked); 284 285 static inline bool is_posix_acl_xattr(const char *name) 286 { 287 return (strcmp(name, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 288 (strcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0); 289 } 290 291 int 292 vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 293 const char *name, void *value, size_t size, int flags) 294 { 295 struct inode *inode = dentry->d_inode; 296 struct inode *delegated_inode = NULL; 297 const void *orig_value = value; 298 int error; 299 300 if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { 301 error = cap_convert_nscap(mnt_userns, dentry, 302 (const void **)&value, size); 303 if (error < 0) 304 return error; 305 size = error; 306 } 307 308 if (size && is_posix_acl_xattr(name)) 309 posix_acl_setxattr_idmapped_mnt(mnt_userns, inode, value, size); 310 311 retry_deleg: 312 inode_lock(inode); 313 error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size, 314 flags, &delegated_inode); 315 inode_unlock(inode); 316 317 if (delegated_inode) { 318 error = break_deleg_wait(&delegated_inode); 319 if (!error) 320 goto retry_deleg; 321 } 322 if (value != orig_value) 323 kfree(value); 324 325 return error; 326 } 327 EXPORT_SYMBOL_GPL(vfs_setxattr); 328 329 static ssize_t 330 xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode, 331 const char *name, void *value, size_t size) 332 { 333 void *buffer = NULL; 334 ssize_t len; 335 336 if (!value || !size) { 337 len = security_inode_getsecurity(mnt_userns, inode, name, 338 &buffer, false); 339 goto out_noalloc; 340 } 341 342 len = security_inode_getsecurity(mnt_userns, inode, name, &buffer, 343 true); 344 if (len < 0) 345 return len; 346 if (size < len) { 347 len = -ERANGE; 348 goto out; 349 } 350 memcpy(value, buffer, len); 351 out: 352 kfree(buffer); 353 out_noalloc: 354 return len; 355 } 356 357 /* 358 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 359 * 360 * Allocate memory, if not already allocated, or re-allocate correct size, 361 * before retrieving the extended attribute. 362 * 363 * Returns the result of alloc, if failed, or the getxattr operation. 364 */ 365 ssize_t 366 vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry, 367 const char *name, char **xattr_value, size_t xattr_size, 368 gfp_t flags) 369 { 370 const struct xattr_handler *handler; 371 struct inode *inode = dentry->d_inode; 372 char *value = *xattr_value; 373 int error; 374 375 error = xattr_permission(mnt_userns, inode, name, MAY_READ); 376 if (error) 377 return error; 378 379 handler = xattr_resolve_name(inode, &name); 380 if (IS_ERR(handler)) 381 return PTR_ERR(handler); 382 if (!handler->get) 383 return -EOPNOTSUPP; 384 error = handler->get(handler, dentry, inode, name, NULL, 0); 385 if (error < 0) 386 return error; 387 388 if (!value || (error > xattr_size)) { 389 value = krealloc(*xattr_value, error + 1, flags); 390 if (!value) 391 return -ENOMEM; 392 memset(value, 0, error + 1); 393 } 394 395 error = handler->get(handler, dentry, inode, name, value, error); 396 *xattr_value = value; 397 return error; 398 } 399 400 ssize_t 401 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, 402 void *value, size_t size) 403 { 404 const struct xattr_handler *handler; 405 406 handler = xattr_resolve_name(inode, &name); 407 if (IS_ERR(handler)) 408 return PTR_ERR(handler); 409 if (!handler->get) 410 return -EOPNOTSUPP; 411 return handler->get(handler, dentry, inode, name, value, size); 412 } 413 EXPORT_SYMBOL(__vfs_getxattr); 414 415 ssize_t 416 vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 417 const char *name, void *value, size_t size) 418 { 419 struct inode *inode = dentry->d_inode; 420 int error; 421 422 error = xattr_permission(mnt_userns, inode, name, MAY_READ); 423 if (error) 424 return error; 425 426 error = security_inode_getxattr(dentry, name); 427 if (error) 428 return error; 429 430 if (!strncmp(name, XATTR_SECURITY_PREFIX, 431 XATTR_SECURITY_PREFIX_LEN)) { 432 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 433 int ret = xattr_getsecurity(mnt_userns, inode, suffix, value, 434 size); 435 /* 436 * Only overwrite the return value if a security module 437 * is actually active. 438 */ 439 if (ret == -EOPNOTSUPP) 440 goto nolsm; 441 return ret; 442 } 443 nolsm: 444 error = __vfs_getxattr(dentry, inode, name, value, size); 445 if (error > 0 && is_posix_acl_xattr(name)) 446 posix_acl_getxattr_idmapped_mnt(mnt_userns, inode, value, size); 447 return error; 448 } 449 EXPORT_SYMBOL_GPL(vfs_getxattr); 450 451 ssize_t 452 vfs_listxattr(struct dentry *dentry, char *list, size_t size) 453 { 454 struct inode *inode = d_inode(dentry); 455 ssize_t error; 456 457 error = security_inode_listxattr(dentry); 458 if (error) 459 return error; 460 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { 461 error = inode->i_op->listxattr(dentry, list, size); 462 } else { 463 error = security_inode_listsecurity(inode, list, size); 464 if (size && error > size) 465 error = -ERANGE; 466 } 467 return error; 468 } 469 EXPORT_SYMBOL_GPL(vfs_listxattr); 470 471 int 472 __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry, 473 const char *name) 474 { 475 struct inode *inode = d_inode(dentry); 476 const struct xattr_handler *handler; 477 478 handler = xattr_resolve_name(inode, &name); 479 if (IS_ERR(handler)) 480 return PTR_ERR(handler); 481 if (!handler->set) 482 return -EOPNOTSUPP; 483 return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0, 484 XATTR_REPLACE); 485 } 486 EXPORT_SYMBOL(__vfs_removexattr); 487 488 /** 489 * __vfs_removexattr_locked - set an extended attribute while holding the inode 490 * lock 491 * 492 * @mnt_userns: user namespace of the mount of the target inode 493 * @dentry: object to perform setxattr on 494 * @name: name of xattr to remove 495 * @delegated_inode: on return, will contain an inode pointer that 496 * a delegation was broken on, NULL if none. 497 */ 498 int 499 __vfs_removexattr_locked(struct user_namespace *mnt_userns, 500 struct dentry *dentry, const char *name, 501 struct inode **delegated_inode) 502 { 503 struct inode *inode = dentry->d_inode; 504 int error; 505 506 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE); 507 if (error) 508 return error; 509 510 error = security_inode_removexattr(mnt_userns, dentry, name); 511 if (error) 512 goto out; 513 514 error = try_break_deleg(inode, delegated_inode); 515 if (error) 516 goto out; 517 518 error = __vfs_removexattr(mnt_userns, dentry, name); 519 520 if (!error) { 521 fsnotify_xattr(dentry); 522 evm_inode_post_removexattr(dentry, name); 523 } 524 525 out: 526 return error; 527 } 528 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked); 529 530 int 531 vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry, 532 const char *name) 533 { 534 struct inode *inode = dentry->d_inode; 535 struct inode *delegated_inode = NULL; 536 int error; 537 538 retry_deleg: 539 inode_lock(inode); 540 error = __vfs_removexattr_locked(mnt_userns, dentry, 541 name, &delegated_inode); 542 inode_unlock(inode); 543 544 if (delegated_inode) { 545 error = break_deleg_wait(&delegated_inode); 546 if (!error) 547 goto retry_deleg; 548 } 549 550 return error; 551 } 552 EXPORT_SYMBOL_GPL(vfs_removexattr); 553 554 /* 555 * Extended attribute SET operations 556 */ 557 558 int setxattr_copy(const char __user *name, struct xattr_ctx *ctx) 559 { 560 int error; 561 562 if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE)) 563 return -EINVAL; 564 565 error = strncpy_from_user(ctx->kname->name, name, 566 sizeof(ctx->kname->name)); 567 if (error == 0 || error == sizeof(ctx->kname->name)) 568 return -ERANGE; 569 if (error < 0) 570 return error; 571 572 error = 0; 573 if (ctx->size) { 574 if (ctx->size > XATTR_SIZE_MAX) 575 return -E2BIG; 576 577 ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size); 578 if (IS_ERR(ctx->kvalue)) { 579 error = PTR_ERR(ctx->kvalue); 580 ctx->kvalue = NULL; 581 } 582 } 583 584 return error; 585 } 586 587 static void setxattr_convert(struct user_namespace *mnt_userns, 588 struct dentry *d, struct xattr_ctx *ctx) 589 { 590 if (ctx->size && 591 ((strcmp(ctx->kname->name, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 592 (strcmp(ctx->kname->name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))) 593 posix_acl_fix_xattr_from_user(ctx->kvalue, ctx->size); 594 } 595 596 int do_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 597 struct xattr_ctx *ctx) 598 { 599 setxattr_convert(mnt_userns, dentry, ctx); 600 return vfs_setxattr(mnt_userns, dentry, ctx->kname->name, 601 ctx->kvalue, ctx->size, ctx->flags); 602 } 603 604 static long 605 setxattr(struct user_namespace *mnt_userns, struct dentry *d, 606 const char __user *name, const void __user *value, size_t size, 607 int flags) 608 { 609 struct xattr_name kname; 610 struct xattr_ctx ctx = { 611 .cvalue = value, 612 .kvalue = NULL, 613 .size = size, 614 .kname = &kname, 615 .flags = flags, 616 }; 617 int error; 618 619 error = setxattr_copy(name, &ctx); 620 if (error) 621 return error; 622 623 error = do_setxattr(mnt_userns, d, &ctx); 624 625 kvfree(ctx.kvalue); 626 return error; 627 } 628 629 static int path_setxattr(const char __user *pathname, 630 const char __user *name, const void __user *value, 631 size_t size, int flags, unsigned int lookup_flags) 632 { 633 struct path path; 634 int error; 635 636 retry: 637 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 638 if (error) 639 return error; 640 error = mnt_want_write(path.mnt); 641 if (!error) { 642 error = setxattr(mnt_user_ns(path.mnt), path.dentry, name, 643 value, size, flags); 644 mnt_drop_write(path.mnt); 645 } 646 path_put(&path); 647 if (retry_estale(error, lookup_flags)) { 648 lookup_flags |= LOOKUP_REVAL; 649 goto retry; 650 } 651 return error; 652 } 653 654 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 655 const char __user *, name, const void __user *, value, 656 size_t, size, int, flags) 657 { 658 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 659 } 660 661 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 662 const char __user *, name, const void __user *, value, 663 size_t, size, int, flags) 664 { 665 return path_setxattr(pathname, name, value, size, flags, 0); 666 } 667 668 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 669 const void __user *,value, size_t, size, int, flags) 670 { 671 struct fd f = fdget(fd); 672 int error = -EBADF; 673 674 if (!f.file) 675 return error; 676 audit_file(f.file); 677 error = mnt_want_write_file(f.file); 678 if (!error) { 679 error = setxattr(file_mnt_user_ns(f.file), 680 f.file->f_path.dentry, name, 681 value, size, flags); 682 mnt_drop_write_file(f.file); 683 } 684 fdput(f); 685 return error; 686 } 687 688 /* 689 * Extended attribute GET operations 690 */ 691 ssize_t 692 do_getxattr(struct user_namespace *mnt_userns, struct dentry *d, 693 struct xattr_ctx *ctx) 694 { 695 ssize_t error; 696 char *kname = ctx->kname->name; 697 698 if (ctx->size) { 699 if (ctx->size > XATTR_SIZE_MAX) 700 ctx->size = XATTR_SIZE_MAX; 701 ctx->kvalue = kvzalloc(ctx->size, GFP_KERNEL); 702 if (!ctx->kvalue) 703 return -ENOMEM; 704 } 705 706 error = vfs_getxattr(mnt_userns, d, kname, ctx->kvalue, ctx->size); 707 if (error > 0) { 708 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 709 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 710 posix_acl_fix_xattr_to_user(ctx->kvalue, error); 711 if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error)) 712 error = -EFAULT; 713 } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) { 714 /* The file system tried to returned a value bigger 715 than XATTR_SIZE_MAX bytes. Not possible. */ 716 error = -E2BIG; 717 } 718 719 return error; 720 } 721 722 static ssize_t 723 getxattr(struct user_namespace *mnt_userns, struct dentry *d, 724 const char __user *name, void __user *value, size_t size) 725 { 726 ssize_t error; 727 struct xattr_name kname; 728 struct xattr_ctx ctx = { 729 .value = value, 730 .kvalue = NULL, 731 .size = size, 732 .kname = &kname, 733 .flags = 0, 734 }; 735 736 error = strncpy_from_user(kname.name, name, sizeof(kname.name)); 737 if (error == 0 || error == sizeof(kname.name)) 738 error = -ERANGE; 739 if (error < 0) 740 return error; 741 742 error = do_getxattr(mnt_userns, d, &ctx); 743 744 kvfree(ctx.kvalue); 745 return error; 746 } 747 748 static ssize_t path_getxattr(const char __user *pathname, 749 const char __user *name, void __user *value, 750 size_t size, unsigned int lookup_flags) 751 { 752 struct path path; 753 ssize_t error; 754 retry: 755 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 756 if (error) 757 return error; 758 error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size); 759 path_put(&path); 760 if (retry_estale(error, lookup_flags)) { 761 lookup_flags |= LOOKUP_REVAL; 762 goto retry; 763 } 764 return error; 765 } 766 767 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 768 const char __user *, name, void __user *, value, size_t, size) 769 { 770 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 771 } 772 773 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 774 const char __user *, name, void __user *, value, size_t, size) 775 { 776 return path_getxattr(pathname, name, value, size, 0); 777 } 778 779 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 780 void __user *, value, size_t, size) 781 { 782 struct fd f = fdget(fd); 783 ssize_t error = -EBADF; 784 785 if (!f.file) 786 return error; 787 audit_file(f.file); 788 error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry, 789 name, value, size); 790 fdput(f); 791 return error; 792 } 793 794 /* 795 * Extended attribute LIST operations 796 */ 797 static ssize_t 798 listxattr(struct dentry *d, char __user *list, size_t size) 799 { 800 ssize_t error; 801 char *klist = NULL; 802 803 if (size) { 804 if (size > XATTR_LIST_MAX) 805 size = XATTR_LIST_MAX; 806 klist = kvmalloc(size, GFP_KERNEL); 807 if (!klist) 808 return -ENOMEM; 809 } 810 811 error = vfs_listxattr(d, klist, size); 812 if (error > 0) { 813 if (size && copy_to_user(list, klist, error)) 814 error = -EFAULT; 815 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 816 /* The file system tried to returned a list bigger 817 than XATTR_LIST_MAX bytes. Not possible. */ 818 error = -E2BIG; 819 } 820 821 kvfree(klist); 822 823 return error; 824 } 825 826 static ssize_t path_listxattr(const char __user *pathname, char __user *list, 827 size_t size, unsigned int lookup_flags) 828 { 829 struct path path; 830 ssize_t error; 831 retry: 832 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 833 if (error) 834 return error; 835 error = listxattr(path.dentry, list, size); 836 path_put(&path); 837 if (retry_estale(error, lookup_flags)) { 838 lookup_flags |= LOOKUP_REVAL; 839 goto retry; 840 } 841 return error; 842 } 843 844 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 845 size_t, size) 846 { 847 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 848 } 849 850 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 851 size_t, size) 852 { 853 return path_listxattr(pathname, list, size, 0); 854 } 855 856 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 857 { 858 struct fd f = fdget(fd); 859 ssize_t error = -EBADF; 860 861 if (!f.file) 862 return error; 863 audit_file(f.file); 864 error = listxattr(f.file->f_path.dentry, list, size); 865 fdput(f); 866 return error; 867 } 868 869 /* 870 * Extended attribute REMOVE operations 871 */ 872 static long 873 removexattr(struct user_namespace *mnt_userns, struct dentry *d, 874 const char __user *name) 875 { 876 int error; 877 char kname[XATTR_NAME_MAX + 1]; 878 879 error = strncpy_from_user(kname, name, sizeof(kname)); 880 if (error == 0 || error == sizeof(kname)) 881 error = -ERANGE; 882 if (error < 0) 883 return error; 884 885 return vfs_removexattr(mnt_userns, d, kname); 886 } 887 888 static int path_removexattr(const char __user *pathname, 889 const char __user *name, unsigned int lookup_flags) 890 { 891 struct path path; 892 int error; 893 retry: 894 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 895 if (error) 896 return error; 897 error = mnt_want_write(path.mnt); 898 if (!error) { 899 error = removexattr(mnt_user_ns(path.mnt), path.dentry, name); 900 mnt_drop_write(path.mnt); 901 } 902 path_put(&path); 903 if (retry_estale(error, lookup_flags)) { 904 lookup_flags |= LOOKUP_REVAL; 905 goto retry; 906 } 907 return error; 908 } 909 910 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 911 const char __user *, name) 912 { 913 return path_removexattr(pathname, name, LOOKUP_FOLLOW); 914 } 915 916 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 917 const char __user *, name) 918 { 919 return path_removexattr(pathname, name, 0); 920 } 921 922 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 923 { 924 struct fd f = fdget(fd); 925 int error = -EBADF; 926 927 if (!f.file) 928 return error; 929 audit_file(f.file); 930 error = mnt_want_write_file(f.file); 931 if (!error) { 932 error = removexattr(file_mnt_user_ns(f.file), 933 f.file->f_path.dentry, name); 934 mnt_drop_write_file(f.file); 935 } 936 fdput(f); 937 return error; 938 } 939 940 /* 941 * Combine the results of the list() operation from every xattr_handler in the 942 * list. 943 */ 944 ssize_t 945 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 946 { 947 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 948 unsigned int size = 0; 949 950 if (!buffer) { 951 for_each_xattr_handler(handlers, handler) { 952 if (!handler->name || 953 (handler->list && !handler->list(dentry))) 954 continue; 955 size += strlen(handler->name) + 1; 956 } 957 } else { 958 char *buf = buffer; 959 size_t len; 960 961 for_each_xattr_handler(handlers, handler) { 962 if (!handler->name || 963 (handler->list && !handler->list(dentry))) 964 continue; 965 len = strlen(handler->name); 966 if (len + 1 > buffer_size) 967 return -ERANGE; 968 memcpy(buf, handler->name, len + 1); 969 buf += len + 1; 970 buffer_size -= len + 1; 971 } 972 size = buf - buffer; 973 } 974 return size; 975 } 976 EXPORT_SYMBOL(generic_listxattr); 977 978 /** 979 * xattr_full_name - Compute full attribute name from suffix 980 * 981 * @handler: handler of the xattr_handler operation 982 * @name: name passed to the xattr_handler operation 983 * 984 * The get and set xattr handler operations are called with the remainder of 985 * the attribute name after skipping the handler's prefix: for example, "foo" 986 * is passed to the get operation of a handler with prefix "user." to get 987 * attribute "user.foo". The full name is still "there" in the name though. 988 * 989 * Note: the list xattr handler operation when called from the vfs is passed a 990 * NULL name; some file systems use this operation internally, with varying 991 * semantics. 992 */ 993 const char *xattr_full_name(const struct xattr_handler *handler, 994 const char *name) 995 { 996 size_t prefix_len = strlen(xattr_prefix(handler)); 997 998 return name - prefix_len; 999 } 1000 EXPORT_SYMBOL(xattr_full_name); 1001 1002 /* 1003 * Allocate new xattr and copy in the value; but leave the name to callers. 1004 */ 1005 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 1006 { 1007 struct simple_xattr *new_xattr; 1008 size_t len; 1009 1010 /* wrap around? */ 1011 len = sizeof(*new_xattr) + size; 1012 if (len < sizeof(*new_xattr)) 1013 return NULL; 1014 1015 new_xattr = kvmalloc(len, GFP_KERNEL); 1016 if (!new_xattr) 1017 return NULL; 1018 1019 new_xattr->size = size; 1020 memcpy(new_xattr->value, value, size); 1021 return new_xattr; 1022 } 1023 1024 /* 1025 * xattr GET operation for in-memory/pseudo filesystems 1026 */ 1027 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 1028 void *buffer, size_t size) 1029 { 1030 struct simple_xattr *xattr; 1031 int ret = -ENODATA; 1032 1033 spin_lock(&xattrs->lock); 1034 list_for_each_entry(xattr, &xattrs->head, list) { 1035 if (strcmp(name, xattr->name)) 1036 continue; 1037 1038 ret = xattr->size; 1039 if (buffer) { 1040 if (size < xattr->size) 1041 ret = -ERANGE; 1042 else 1043 memcpy(buffer, xattr->value, xattr->size); 1044 } 1045 break; 1046 } 1047 spin_unlock(&xattrs->lock); 1048 return ret; 1049 } 1050 1051 /** 1052 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems 1053 * @xattrs: target simple_xattr list 1054 * @name: name of the extended attribute 1055 * @value: value of the xattr. If %NULL, will remove the attribute. 1056 * @size: size of the new xattr 1057 * @flags: %XATTR_{CREATE|REPLACE} 1058 * @removed_size: returns size of the removed xattr, -1 if none removed 1059 * 1060 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails 1061 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; 1062 * otherwise, fails with -ENODATA. 1063 * 1064 * Returns 0 on success, -errno on failure. 1065 */ 1066 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, 1067 const void *value, size_t size, int flags, 1068 ssize_t *removed_size) 1069 { 1070 struct simple_xattr *xattr; 1071 struct simple_xattr *new_xattr = NULL; 1072 int err = 0; 1073 1074 if (removed_size) 1075 *removed_size = -1; 1076 1077 /* value == NULL means remove */ 1078 if (value) { 1079 new_xattr = simple_xattr_alloc(value, size); 1080 if (!new_xattr) 1081 return -ENOMEM; 1082 1083 new_xattr->name = kstrdup(name, GFP_KERNEL); 1084 if (!new_xattr->name) { 1085 kvfree(new_xattr); 1086 return -ENOMEM; 1087 } 1088 } 1089 1090 spin_lock(&xattrs->lock); 1091 list_for_each_entry(xattr, &xattrs->head, list) { 1092 if (!strcmp(name, xattr->name)) { 1093 if (flags & XATTR_CREATE) { 1094 xattr = new_xattr; 1095 err = -EEXIST; 1096 } else if (new_xattr) { 1097 list_replace(&xattr->list, &new_xattr->list); 1098 if (removed_size) 1099 *removed_size = xattr->size; 1100 } else { 1101 list_del(&xattr->list); 1102 if (removed_size) 1103 *removed_size = xattr->size; 1104 } 1105 goto out; 1106 } 1107 } 1108 if (flags & XATTR_REPLACE) { 1109 xattr = new_xattr; 1110 err = -ENODATA; 1111 } else { 1112 list_add(&new_xattr->list, &xattrs->head); 1113 xattr = NULL; 1114 } 1115 out: 1116 spin_unlock(&xattrs->lock); 1117 if (xattr) { 1118 kfree(xattr->name); 1119 kvfree(xattr); 1120 } 1121 return err; 1122 1123 } 1124 1125 static bool xattr_is_trusted(const char *name) 1126 { 1127 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 1128 } 1129 1130 static int xattr_list_one(char **buffer, ssize_t *remaining_size, 1131 const char *name) 1132 { 1133 size_t len = strlen(name) + 1; 1134 if (*buffer) { 1135 if (*remaining_size < len) 1136 return -ERANGE; 1137 memcpy(*buffer, name, len); 1138 *buffer += len; 1139 } 1140 *remaining_size -= len; 1141 return 0; 1142 } 1143 1144 /* 1145 * xattr LIST operation for in-memory/pseudo filesystems 1146 */ 1147 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 1148 char *buffer, size_t size) 1149 { 1150 bool trusted = capable(CAP_SYS_ADMIN); 1151 struct simple_xattr *xattr; 1152 ssize_t remaining_size = size; 1153 int err = 0; 1154 1155 #ifdef CONFIG_FS_POSIX_ACL 1156 if (IS_POSIXACL(inode)) { 1157 if (inode->i_acl) { 1158 err = xattr_list_one(&buffer, &remaining_size, 1159 XATTR_NAME_POSIX_ACL_ACCESS); 1160 if (err) 1161 return err; 1162 } 1163 if (inode->i_default_acl) { 1164 err = xattr_list_one(&buffer, &remaining_size, 1165 XATTR_NAME_POSIX_ACL_DEFAULT); 1166 if (err) 1167 return err; 1168 } 1169 } 1170 #endif 1171 1172 spin_lock(&xattrs->lock); 1173 list_for_each_entry(xattr, &xattrs->head, list) { 1174 /* skip "trusted." attributes for unprivileged callers */ 1175 if (!trusted && xattr_is_trusted(xattr->name)) 1176 continue; 1177 1178 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 1179 if (err) 1180 break; 1181 } 1182 spin_unlock(&xattrs->lock); 1183 1184 return err ? err : size - remaining_size; 1185 } 1186 1187 /* 1188 * Adds an extended attribute to the list 1189 */ 1190 void simple_xattr_list_add(struct simple_xattrs *xattrs, 1191 struct simple_xattr *new_xattr) 1192 { 1193 spin_lock(&xattrs->lock); 1194 list_add(&new_xattr->list, &xattrs->head); 1195 spin_unlock(&xattrs->lock); 1196 } 1197