1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 File: fs/xattr.c 4 5 Extended attribute handling. 6 7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 10 */ 11 #include <linux/fs.h> 12 #include <linux/slab.h> 13 #include <linux/file.h> 14 #include <linux/xattr.h> 15 #include <linux/mount.h> 16 #include <linux/namei.h> 17 #include <linux/security.h> 18 #include <linux/evm.h> 19 #include <linux/syscalls.h> 20 #include <linux/export.h> 21 #include <linux/fsnotify.h> 22 #include <linux/audit.h> 23 #include <linux/vmalloc.h> 24 #include <linux/posix_acl_xattr.h> 25 26 #include <linux/uaccess.h> 27 28 #include "internal.h" 29 30 static const char * 31 strcmp_prefix(const char *a, const char *a_prefix) 32 { 33 while (*a_prefix && *a == *a_prefix) { 34 a++; 35 a_prefix++; 36 } 37 return *a_prefix ? NULL : a; 38 } 39 40 /* 41 * In order to implement different sets of xattr operations for each xattr 42 * prefix, a filesystem should create a null-terminated array of struct 43 * xattr_handler (one for each prefix) and hang a pointer to it off of the 44 * s_xattr field of the superblock. 45 */ 46 #define for_each_xattr_handler(handlers, handler) \ 47 if (handlers) \ 48 for ((handler) = *(handlers)++; \ 49 (handler) != NULL; \ 50 (handler) = *(handlers)++) 51 52 /* 53 * Find the xattr_handler with the matching prefix. 54 */ 55 static const struct xattr_handler * 56 xattr_resolve_name(struct inode *inode, const char **name) 57 { 58 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 59 const struct xattr_handler *handler; 60 61 if (!(inode->i_opflags & IOP_XATTR)) { 62 if (unlikely(is_bad_inode(inode))) 63 return ERR_PTR(-EIO); 64 return ERR_PTR(-EOPNOTSUPP); 65 } 66 for_each_xattr_handler(handlers, handler) { 67 const char *n; 68 69 n = strcmp_prefix(*name, xattr_prefix(handler)); 70 if (n) { 71 if (!handler->prefix ^ !*n) { 72 if (*n) 73 continue; 74 return ERR_PTR(-EINVAL); 75 } 76 *name = n; 77 return handler; 78 } 79 } 80 return ERR_PTR(-EOPNOTSUPP); 81 } 82 83 /** 84 * may_write_xattr - check whether inode allows writing xattr 85 * @mnt_userns: User namespace of the mount the inode was found from 86 * @inode: the inode on which to set an xattr 87 * 88 * Check whether the inode allows writing xattrs. Specifically, we can never 89 * set or remove an extended attribute on a read-only filesystem or on an 90 * immutable / append-only inode. 91 * 92 * We also need to ensure that the inode has a mapping in the mount to 93 * not risk writing back invalid i_{g,u}id values. 94 * 95 * Return: On success zero is returned. On error a negative errno is returned. 96 */ 97 int may_write_xattr(struct user_namespace *mnt_userns, struct inode *inode) 98 { 99 if (IS_IMMUTABLE(inode)) 100 return -EPERM; 101 if (IS_APPEND(inode)) 102 return -EPERM; 103 if (HAS_UNMAPPED_ID(mnt_userns, inode)) 104 return -EPERM; 105 return 0; 106 } 107 108 /* 109 * Check permissions for extended attribute access. This is a bit complicated 110 * because different namespaces have very different rules. 111 */ 112 static int 113 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode, 114 const char *name, int mask) 115 { 116 if (mask & MAY_WRITE) { 117 int ret; 118 119 ret = may_write_xattr(mnt_userns, inode); 120 if (ret) 121 return ret; 122 } 123 124 /* 125 * No restriction for security.* and system.* from the VFS. Decision 126 * on these is left to the underlying filesystem / security module. 127 */ 128 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 129 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 130 return 0; 131 132 /* 133 * The trusted.* namespace can only be accessed by privileged users. 134 */ 135 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 136 if (!capable(CAP_SYS_ADMIN)) 137 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 138 return 0; 139 } 140 141 /* 142 * In the user.* namespace, only regular files and directories can have 143 * extended attributes. For sticky directories, only the owner and 144 * privileged users can write attributes. 145 */ 146 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 147 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 148 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 149 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 150 (mask & MAY_WRITE) && 151 !inode_owner_or_capable(mnt_userns, inode)) 152 return -EPERM; 153 } 154 155 return inode_permission(mnt_userns, inode, mask); 156 } 157 158 /* 159 * Look for any handler that deals with the specified namespace. 160 */ 161 int 162 xattr_supported_namespace(struct inode *inode, const char *prefix) 163 { 164 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 165 const struct xattr_handler *handler; 166 size_t preflen; 167 168 if (!(inode->i_opflags & IOP_XATTR)) { 169 if (unlikely(is_bad_inode(inode))) 170 return -EIO; 171 return -EOPNOTSUPP; 172 } 173 174 preflen = strlen(prefix); 175 176 for_each_xattr_handler(handlers, handler) { 177 if (!strncmp(xattr_prefix(handler), prefix, preflen)) 178 return 0; 179 } 180 181 return -EOPNOTSUPP; 182 } 183 EXPORT_SYMBOL(xattr_supported_namespace); 184 185 int 186 __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 187 struct inode *inode, const char *name, const void *value, 188 size_t size, int flags) 189 { 190 const struct xattr_handler *handler; 191 192 if (is_posix_acl_xattr(name)) 193 return -EOPNOTSUPP; 194 195 handler = xattr_resolve_name(inode, &name); 196 if (IS_ERR(handler)) 197 return PTR_ERR(handler); 198 if (!handler->set) 199 return -EOPNOTSUPP; 200 if (size == 0) 201 value = ""; /* empty EA, do not remove */ 202 return handler->set(handler, mnt_userns, dentry, inode, name, value, 203 size, flags); 204 } 205 EXPORT_SYMBOL(__vfs_setxattr); 206 207 /** 208 * __vfs_setxattr_noperm - perform setxattr operation without performing 209 * permission checks. 210 * 211 * @mnt_userns: user namespace of the mount the inode was found from 212 * @dentry: object to perform setxattr on 213 * @name: xattr name to set 214 * @value: value to set @name to 215 * @size: size of @value 216 * @flags: flags to pass into filesystem operations 217 * 218 * returns the result of the internal setxattr or setsecurity operations. 219 * 220 * This function requires the caller to lock the inode's i_mutex before it 221 * is executed. It also assumes that the caller will make the appropriate 222 * permission checks. 223 */ 224 int __vfs_setxattr_noperm(struct user_namespace *mnt_userns, 225 struct dentry *dentry, const char *name, 226 const void *value, size_t size, int flags) 227 { 228 struct inode *inode = dentry->d_inode; 229 int error = -EAGAIN; 230 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 231 XATTR_SECURITY_PREFIX_LEN); 232 233 if (issec) 234 inode->i_flags &= ~S_NOSEC; 235 if (inode->i_opflags & IOP_XATTR) { 236 error = __vfs_setxattr(mnt_userns, dentry, inode, name, value, 237 size, flags); 238 if (!error) { 239 fsnotify_xattr(dentry); 240 security_inode_post_setxattr(dentry, name, value, 241 size, flags); 242 } 243 } else { 244 if (unlikely(is_bad_inode(inode))) 245 return -EIO; 246 } 247 if (error == -EAGAIN) { 248 error = -EOPNOTSUPP; 249 250 if (issec) { 251 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 252 253 error = security_inode_setsecurity(inode, suffix, value, 254 size, flags); 255 if (!error) 256 fsnotify_xattr(dentry); 257 } 258 } 259 260 return error; 261 } 262 263 /** 264 * __vfs_setxattr_locked - set an extended attribute while holding the inode 265 * lock 266 * 267 * @mnt_userns: user namespace of the mount of the target inode 268 * @dentry: object to perform setxattr on 269 * @name: xattr name to set 270 * @value: value to set @name to 271 * @size: size of @value 272 * @flags: flags to pass into filesystem operations 273 * @delegated_inode: on return, will contain an inode pointer that 274 * a delegation was broken on, NULL if none. 275 */ 276 int 277 __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry, 278 const char *name, const void *value, size_t size, 279 int flags, struct inode **delegated_inode) 280 { 281 struct inode *inode = dentry->d_inode; 282 int error; 283 284 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE); 285 if (error) 286 return error; 287 288 error = security_inode_setxattr(mnt_userns, dentry, name, value, size, 289 flags); 290 if (error) 291 goto out; 292 293 error = try_break_deleg(inode, delegated_inode); 294 if (error) 295 goto out; 296 297 error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value, 298 size, flags); 299 300 out: 301 return error; 302 } 303 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked); 304 305 int 306 vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 307 const char *name, const void *value, size_t size, int flags) 308 { 309 struct inode *inode = dentry->d_inode; 310 struct inode *delegated_inode = NULL; 311 const void *orig_value = value; 312 int error; 313 314 if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { 315 error = cap_convert_nscap(mnt_userns, dentry, &value, size); 316 if (error < 0) 317 return error; 318 size = error; 319 } 320 321 retry_deleg: 322 inode_lock(inode); 323 error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size, 324 flags, &delegated_inode); 325 inode_unlock(inode); 326 327 if (delegated_inode) { 328 error = break_deleg_wait(&delegated_inode); 329 if (!error) 330 goto retry_deleg; 331 } 332 if (value != orig_value) 333 kfree(value); 334 335 return error; 336 } 337 EXPORT_SYMBOL_GPL(vfs_setxattr); 338 339 static ssize_t 340 xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode, 341 const char *name, void *value, size_t size) 342 { 343 void *buffer = NULL; 344 ssize_t len; 345 346 if (!value || !size) { 347 len = security_inode_getsecurity(mnt_userns, inode, name, 348 &buffer, false); 349 goto out_noalloc; 350 } 351 352 len = security_inode_getsecurity(mnt_userns, inode, name, &buffer, 353 true); 354 if (len < 0) 355 return len; 356 if (size < len) { 357 len = -ERANGE; 358 goto out; 359 } 360 memcpy(value, buffer, len); 361 out: 362 kfree(buffer); 363 out_noalloc: 364 return len; 365 } 366 367 /* 368 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 369 * 370 * Allocate memory, if not already allocated, or re-allocate correct size, 371 * before retrieving the extended attribute. The xattr value buffer should 372 * always be freed by the caller, even on error. 373 * 374 * Returns the result of alloc, if failed, or the getxattr operation. 375 */ 376 int 377 vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry, 378 const char *name, char **xattr_value, size_t xattr_size, 379 gfp_t flags) 380 { 381 const struct xattr_handler *handler; 382 struct inode *inode = dentry->d_inode; 383 char *value = *xattr_value; 384 int error; 385 386 error = xattr_permission(mnt_userns, inode, name, MAY_READ); 387 if (error) 388 return error; 389 390 handler = xattr_resolve_name(inode, &name); 391 if (IS_ERR(handler)) 392 return PTR_ERR(handler); 393 if (!handler->get) 394 return -EOPNOTSUPP; 395 error = handler->get(handler, dentry, inode, name, NULL, 0); 396 if (error < 0) 397 return error; 398 399 if (!value || (error > xattr_size)) { 400 value = krealloc(*xattr_value, error + 1, flags); 401 if (!value) 402 return -ENOMEM; 403 memset(value, 0, error + 1); 404 } 405 406 error = handler->get(handler, dentry, inode, name, value, error); 407 *xattr_value = value; 408 return error; 409 } 410 411 ssize_t 412 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, 413 void *value, size_t size) 414 { 415 const struct xattr_handler *handler; 416 417 if (is_posix_acl_xattr(name)) 418 return -EOPNOTSUPP; 419 420 handler = xattr_resolve_name(inode, &name); 421 if (IS_ERR(handler)) 422 return PTR_ERR(handler); 423 if (!handler->get) 424 return -EOPNOTSUPP; 425 return handler->get(handler, dentry, inode, name, value, size); 426 } 427 EXPORT_SYMBOL(__vfs_getxattr); 428 429 ssize_t 430 vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 431 const char *name, void *value, size_t size) 432 { 433 struct inode *inode = dentry->d_inode; 434 int error; 435 436 error = xattr_permission(mnt_userns, inode, name, MAY_READ); 437 if (error) 438 return error; 439 440 error = security_inode_getxattr(dentry, name); 441 if (error) 442 return error; 443 444 if (!strncmp(name, XATTR_SECURITY_PREFIX, 445 XATTR_SECURITY_PREFIX_LEN)) { 446 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 447 int ret = xattr_getsecurity(mnt_userns, inode, suffix, value, 448 size); 449 /* 450 * Only overwrite the return value if a security module 451 * is actually active. 452 */ 453 if (ret == -EOPNOTSUPP) 454 goto nolsm; 455 return ret; 456 } 457 nolsm: 458 return __vfs_getxattr(dentry, inode, name, value, size); 459 } 460 EXPORT_SYMBOL_GPL(vfs_getxattr); 461 462 ssize_t 463 vfs_listxattr(struct dentry *dentry, char *list, size_t size) 464 { 465 struct inode *inode = d_inode(dentry); 466 ssize_t error; 467 468 error = security_inode_listxattr(dentry); 469 if (error) 470 return error; 471 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { 472 error = inode->i_op->listxattr(dentry, list, size); 473 } else { 474 error = security_inode_listsecurity(inode, list, size); 475 if (size && error > size) 476 error = -ERANGE; 477 } 478 return error; 479 } 480 EXPORT_SYMBOL_GPL(vfs_listxattr); 481 482 int 483 __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry, 484 const char *name) 485 { 486 struct inode *inode = d_inode(dentry); 487 const struct xattr_handler *handler; 488 489 if (is_posix_acl_xattr(name)) 490 return -EOPNOTSUPP; 491 492 handler = xattr_resolve_name(inode, &name); 493 if (IS_ERR(handler)) 494 return PTR_ERR(handler); 495 if (!handler->set) 496 return -EOPNOTSUPP; 497 return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0, 498 XATTR_REPLACE); 499 } 500 EXPORT_SYMBOL(__vfs_removexattr); 501 502 /** 503 * __vfs_removexattr_locked - set an extended attribute while holding the inode 504 * lock 505 * 506 * @mnt_userns: user namespace of the mount of the target inode 507 * @dentry: object to perform setxattr on 508 * @name: name of xattr to remove 509 * @delegated_inode: on return, will contain an inode pointer that 510 * a delegation was broken on, NULL if none. 511 */ 512 int 513 __vfs_removexattr_locked(struct user_namespace *mnt_userns, 514 struct dentry *dentry, const char *name, 515 struct inode **delegated_inode) 516 { 517 struct inode *inode = dentry->d_inode; 518 int error; 519 520 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE); 521 if (error) 522 return error; 523 524 error = security_inode_removexattr(mnt_userns, dentry, name); 525 if (error) 526 goto out; 527 528 error = try_break_deleg(inode, delegated_inode); 529 if (error) 530 goto out; 531 532 error = __vfs_removexattr(mnt_userns, dentry, name); 533 534 if (!error) { 535 fsnotify_xattr(dentry); 536 evm_inode_post_removexattr(dentry, name); 537 } 538 539 out: 540 return error; 541 } 542 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked); 543 544 int 545 vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry, 546 const char *name) 547 { 548 struct inode *inode = dentry->d_inode; 549 struct inode *delegated_inode = NULL; 550 int error; 551 552 retry_deleg: 553 inode_lock(inode); 554 error = __vfs_removexattr_locked(mnt_userns, dentry, 555 name, &delegated_inode); 556 inode_unlock(inode); 557 558 if (delegated_inode) { 559 error = break_deleg_wait(&delegated_inode); 560 if (!error) 561 goto retry_deleg; 562 } 563 564 return error; 565 } 566 EXPORT_SYMBOL_GPL(vfs_removexattr); 567 568 /* 569 * Extended attribute SET operations 570 */ 571 572 int setxattr_copy(const char __user *name, struct xattr_ctx *ctx) 573 { 574 int error; 575 576 if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE)) 577 return -EINVAL; 578 579 error = strncpy_from_user(ctx->kname->name, name, 580 sizeof(ctx->kname->name)); 581 if (error == 0 || error == sizeof(ctx->kname->name)) 582 return -ERANGE; 583 if (error < 0) 584 return error; 585 586 error = 0; 587 if (ctx->size) { 588 if (ctx->size > XATTR_SIZE_MAX) 589 return -E2BIG; 590 591 ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size); 592 if (IS_ERR(ctx->kvalue)) { 593 error = PTR_ERR(ctx->kvalue); 594 ctx->kvalue = NULL; 595 } 596 } 597 598 return error; 599 } 600 601 int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, 602 struct xattr_ctx *ctx) 603 { 604 if (is_posix_acl_xattr(ctx->kname->name)) 605 return do_set_acl(idmap, dentry, ctx->kname->name, 606 ctx->kvalue, ctx->size); 607 608 return vfs_setxattr(mnt_idmap_owner(idmap), dentry, ctx->kname->name, 609 ctx->kvalue, ctx->size, ctx->flags); 610 } 611 612 static long 613 setxattr(struct mnt_idmap *idmap, struct dentry *d, 614 const char __user *name, const void __user *value, size_t size, 615 int flags) 616 { 617 struct xattr_name kname; 618 struct xattr_ctx ctx = { 619 .cvalue = value, 620 .kvalue = NULL, 621 .size = size, 622 .kname = &kname, 623 .flags = flags, 624 }; 625 int error; 626 627 error = setxattr_copy(name, &ctx); 628 if (error) 629 return error; 630 631 error = do_setxattr(idmap, d, &ctx); 632 633 kvfree(ctx.kvalue); 634 return error; 635 } 636 637 static int path_setxattr(const char __user *pathname, 638 const char __user *name, const void __user *value, 639 size_t size, int flags, unsigned int lookup_flags) 640 { 641 struct path path; 642 int error; 643 644 retry: 645 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 646 if (error) 647 return error; 648 error = mnt_want_write(path.mnt); 649 if (!error) { 650 error = setxattr(mnt_idmap(path.mnt), path.dentry, name, 651 value, size, flags); 652 mnt_drop_write(path.mnt); 653 } 654 path_put(&path); 655 if (retry_estale(error, lookup_flags)) { 656 lookup_flags |= LOOKUP_REVAL; 657 goto retry; 658 } 659 return error; 660 } 661 662 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 663 const char __user *, name, const void __user *, value, 664 size_t, size, int, flags) 665 { 666 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 667 } 668 669 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 670 const char __user *, name, const void __user *, value, 671 size_t, size, int, flags) 672 { 673 return path_setxattr(pathname, name, value, size, flags, 0); 674 } 675 676 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 677 const void __user *,value, size_t, size, int, flags) 678 { 679 struct fd f = fdget(fd); 680 int error = -EBADF; 681 682 if (!f.file) 683 return error; 684 audit_file(f.file); 685 error = mnt_want_write_file(f.file); 686 if (!error) { 687 error = setxattr(file_mnt_idmap(f.file), 688 f.file->f_path.dentry, name, 689 value, size, flags); 690 mnt_drop_write_file(f.file); 691 } 692 fdput(f); 693 return error; 694 } 695 696 /* 697 * Extended attribute GET operations 698 */ 699 ssize_t 700 do_getxattr(struct mnt_idmap *idmap, struct dentry *d, 701 struct xattr_ctx *ctx) 702 { 703 ssize_t error; 704 char *kname = ctx->kname->name; 705 706 if (ctx->size) { 707 if (ctx->size > XATTR_SIZE_MAX) 708 ctx->size = XATTR_SIZE_MAX; 709 ctx->kvalue = kvzalloc(ctx->size, GFP_KERNEL); 710 if (!ctx->kvalue) 711 return -ENOMEM; 712 } 713 714 if (is_posix_acl_xattr(ctx->kname->name)) 715 error = do_get_acl(idmap, d, kname, ctx->kvalue, ctx->size); 716 else 717 error = vfs_getxattr(mnt_idmap_owner(idmap), d, kname, 718 ctx->kvalue, ctx->size); 719 if (error > 0) { 720 if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error)) 721 error = -EFAULT; 722 } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) { 723 /* The file system tried to returned a value bigger 724 than XATTR_SIZE_MAX bytes. Not possible. */ 725 error = -E2BIG; 726 } 727 728 return error; 729 } 730 731 static ssize_t 732 getxattr(struct mnt_idmap *idmap, struct dentry *d, 733 const char __user *name, void __user *value, size_t size) 734 { 735 ssize_t error; 736 struct xattr_name kname; 737 struct xattr_ctx ctx = { 738 .value = value, 739 .kvalue = NULL, 740 .size = size, 741 .kname = &kname, 742 .flags = 0, 743 }; 744 745 error = strncpy_from_user(kname.name, name, sizeof(kname.name)); 746 if (error == 0 || error == sizeof(kname.name)) 747 error = -ERANGE; 748 if (error < 0) 749 return error; 750 751 error = do_getxattr(idmap, d, &ctx); 752 753 kvfree(ctx.kvalue); 754 return error; 755 } 756 757 static ssize_t path_getxattr(const char __user *pathname, 758 const char __user *name, void __user *value, 759 size_t size, unsigned int lookup_flags) 760 { 761 struct path path; 762 ssize_t error; 763 retry: 764 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 765 if (error) 766 return error; 767 error = getxattr(mnt_idmap(path.mnt), path.dentry, name, value, size); 768 path_put(&path); 769 if (retry_estale(error, lookup_flags)) { 770 lookup_flags |= LOOKUP_REVAL; 771 goto retry; 772 } 773 return error; 774 } 775 776 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 777 const char __user *, name, void __user *, value, size_t, size) 778 { 779 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 780 } 781 782 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 783 const char __user *, name, void __user *, value, size_t, size) 784 { 785 return path_getxattr(pathname, name, value, size, 0); 786 } 787 788 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 789 void __user *, value, size_t, size) 790 { 791 struct fd f = fdget(fd); 792 ssize_t error = -EBADF; 793 794 if (!f.file) 795 return error; 796 audit_file(f.file); 797 error = getxattr(file_mnt_idmap(f.file), f.file->f_path.dentry, 798 name, value, size); 799 fdput(f); 800 return error; 801 } 802 803 /* 804 * Extended attribute LIST operations 805 */ 806 static ssize_t 807 listxattr(struct dentry *d, char __user *list, size_t size) 808 { 809 ssize_t error; 810 char *klist = NULL; 811 812 if (size) { 813 if (size > XATTR_LIST_MAX) 814 size = XATTR_LIST_MAX; 815 klist = kvmalloc(size, GFP_KERNEL); 816 if (!klist) 817 return -ENOMEM; 818 } 819 820 error = vfs_listxattr(d, klist, size); 821 if (error > 0) { 822 if (size && copy_to_user(list, klist, error)) 823 error = -EFAULT; 824 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 825 /* The file system tried to returned a list bigger 826 than XATTR_LIST_MAX bytes. Not possible. */ 827 error = -E2BIG; 828 } 829 830 kvfree(klist); 831 832 return error; 833 } 834 835 static ssize_t path_listxattr(const char __user *pathname, char __user *list, 836 size_t size, unsigned int lookup_flags) 837 { 838 struct path path; 839 ssize_t error; 840 retry: 841 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 842 if (error) 843 return error; 844 error = listxattr(path.dentry, list, size); 845 path_put(&path); 846 if (retry_estale(error, lookup_flags)) { 847 lookup_flags |= LOOKUP_REVAL; 848 goto retry; 849 } 850 return error; 851 } 852 853 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 854 size_t, size) 855 { 856 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 857 } 858 859 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 860 size_t, size) 861 { 862 return path_listxattr(pathname, list, size, 0); 863 } 864 865 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 866 { 867 struct fd f = fdget(fd); 868 ssize_t error = -EBADF; 869 870 if (!f.file) 871 return error; 872 audit_file(f.file); 873 error = listxattr(f.file->f_path.dentry, list, size); 874 fdput(f); 875 return error; 876 } 877 878 /* 879 * Extended attribute REMOVE operations 880 */ 881 static long 882 removexattr(struct mnt_idmap *idmap, struct dentry *d, 883 const char __user *name) 884 { 885 int error; 886 char kname[XATTR_NAME_MAX + 1]; 887 888 error = strncpy_from_user(kname, name, sizeof(kname)); 889 if (error == 0 || error == sizeof(kname)) 890 error = -ERANGE; 891 if (error < 0) 892 return error; 893 894 if (is_posix_acl_xattr(kname)) 895 return vfs_remove_acl(mnt_idmap_owner(idmap), d, kname); 896 897 return vfs_removexattr(mnt_idmap_owner(idmap), d, kname); 898 } 899 900 static int path_removexattr(const char __user *pathname, 901 const char __user *name, unsigned int lookup_flags) 902 { 903 struct path path; 904 int error; 905 retry: 906 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 907 if (error) 908 return error; 909 error = mnt_want_write(path.mnt); 910 if (!error) { 911 error = removexattr(mnt_idmap(path.mnt), path.dentry, name); 912 mnt_drop_write(path.mnt); 913 } 914 path_put(&path); 915 if (retry_estale(error, lookup_flags)) { 916 lookup_flags |= LOOKUP_REVAL; 917 goto retry; 918 } 919 return error; 920 } 921 922 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 923 const char __user *, name) 924 { 925 return path_removexattr(pathname, name, LOOKUP_FOLLOW); 926 } 927 928 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 929 const char __user *, name) 930 { 931 return path_removexattr(pathname, name, 0); 932 } 933 934 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 935 { 936 struct fd f = fdget(fd); 937 int error = -EBADF; 938 939 if (!f.file) 940 return error; 941 audit_file(f.file); 942 error = mnt_want_write_file(f.file); 943 if (!error) { 944 error = removexattr(file_mnt_idmap(f.file), 945 f.file->f_path.dentry, name); 946 mnt_drop_write_file(f.file); 947 } 948 fdput(f); 949 return error; 950 } 951 952 /* 953 * Combine the results of the list() operation from every xattr_handler in the 954 * list. 955 */ 956 ssize_t 957 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 958 { 959 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 960 unsigned int size = 0; 961 962 if (!buffer) { 963 for_each_xattr_handler(handlers, handler) { 964 if (!handler->name || 965 (handler->list && !handler->list(dentry))) 966 continue; 967 size += strlen(handler->name) + 1; 968 } 969 } else { 970 char *buf = buffer; 971 size_t len; 972 973 for_each_xattr_handler(handlers, handler) { 974 if (!handler->name || 975 (handler->list && !handler->list(dentry))) 976 continue; 977 len = strlen(handler->name); 978 if (len + 1 > buffer_size) 979 return -ERANGE; 980 memcpy(buf, handler->name, len + 1); 981 buf += len + 1; 982 buffer_size -= len + 1; 983 } 984 size = buf - buffer; 985 } 986 return size; 987 } 988 EXPORT_SYMBOL(generic_listxattr); 989 990 /** 991 * xattr_full_name - Compute full attribute name from suffix 992 * 993 * @handler: handler of the xattr_handler operation 994 * @name: name passed to the xattr_handler operation 995 * 996 * The get and set xattr handler operations are called with the remainder of 997 * the attribute name after skipping the handler's prefix: for example, "foo" 998 * is passed to the get operation of a handler with prefix "user." to get 999 * attribute "user.foo". The full name is still "there" in the name though. 1000 * 1001 * Note: the list xattr handler operation when called from the vfs is passed a 1002 * NULL name; some file systems use this operation internally, with varying 1003 * semantics. 1004 */ 1005 const char *xattr_full_name(const struct xattr_handler *handler, 1006 const char *name) 1007 { 1008 size_t prefix_len = strlen(xattr_prefix(handler)); 1009 1010 return name - prefix_len; 1011 } 1012 EXPORT_SYMBOL(xattr_full_name); 1013 1014 /** 1015 * free_simple_xattr - free an xattr object 1016 * @xattr: the xattr object 1017 * 1018 * Free the xattr object. Can handle @xattr being NULL. 1019 */ 1020 static inline void free_simple_xattr(struct simple_xattr *xattr) 1021 { 1022 if (xattr) 1023 kfree(xattr->name); 1024 kvfree(xattr); 1025 } 1026 1027 /** 1028 * simple_xattr_alloc - allocate new xattr object 1029 * @value: value of the xattr object 1030 * @size: size of @value 1031 * 1032 * Allocate a new xattr object and initialize respective members. The caller is 1033 * responsible for handling the name of the xattr. 1034 * 1035 * Return: On success a new xattr object is returned. On failure NULL is 1036 * returned. 1037 */ 1038 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 1039 { 1040 struct simple_xattr *new_xattr; 1041 size_t len; 1042 1043 /* wrap around? */ 1044 len = sizeof(*new_xattr) + size; 1045 if (len < sizeof(*new_xattr)) 1046 return NULL; 1047 1048 new_xattr = kvmalloc(len, GFP_KERNEL); 1049 if (!new_xattr) 1050 return NULL; 1051 1052 new_xattr->size = size; 1053 memcpy(new_xattr->value, value, size); 1054 return new_xattr; 1055 } 1056 1057 /** 1058 * rbtree_simple_xattr_cmp - compare xattr name with current rbtree xattr entry 1059 * @key: xattr name 1060 * @node: current node 1061 * 1062 * Compare the xattr name with the xattr name attached to @node in the rbtree. 1063 * 1064 * Return: Negative value if continuing left, positive if continuing right, 0 1065 * if the xattr attached to @node matches @key. 1066 */ 1067 static int rbtree_simple_xattr_cmp(const void *key, const struct rb_node *node) 1068 { 1069 const char *xattr_name = key; 1070 const struct simple_xattr *xattr; 1071 1072 xattr = rb_entry(node, struct simple_xattr, rb_node); 1073 return strcmp(xattr->name, xattr_name); 1074 } 1075 1076 /** 1077 * rbtree_simple_xattr_node_cmp - compare two xattr rbtree nodes 1078 * @new_node: new node 1079 * @node: current node 1080 * 1081 * Compare the xattr attached to @new_node with the xattr attached to @node. 1082 * 1083 * Return: Negative value if continuing left, positive if continuing right, 0 1084 * if the xattr attached to @new_node matches the xattr attached to @node. 1085 */ 1086 static int rbtree_simple_xattr_node_cmp(struct rb_node *new_node, 1087 const struct rb_node *node) 1088 { 1089 struct simple_xattr *xattr; 1090 xattr = rb_entry(new_node, struct simple_xattr, rb_node); 1091 return rbtree_simple_xattr_cmp(xattr->name, node); 1092 } 1093 1094 /** 1095 * simple_xattr_get - get an xattr object 1096 * @xattrs: the header of the xattr object 1097 * @name: the name of the xattr to retrieve 1098 * @buffer: the buffer to store the value into 1099 * @size: the size of @buffer 1100 * 1101 * Try to find and retrieve the xattr object associated with @name. 1102 * If @buffer is provided store the value of @xattr in @buffer 1103 * otherwise just return the length. The size of @buffer is limited 1104 * to XATTR_SIZE_MAX which currently is 65536. 1105 * 1106 * Return: On success the length of the xattr value is returned. On error a 1107 * negative error code is returned. 1108 */ 1109 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 1110 void *buffer, size_t size) 1111 { 1112 struct simple_xattr *xattr = NULL; 1113 struct rb_node *rbp; 1114 int ret = -ENODATA; 1115 1116 read_lock(&xattrs->lock); 1117 rbp = rb_find(name, &xattrs->rb_root, rbtree_simple_xattr_cmp); 1118 if (rbp) { 1119 xattr = rb_entry(rbp, struct simple_xattr, rb_node); 1120 ret = xattr->size; 1121 if (buffer) { 1122 if (size < xattr->size) 1123 ret = -ERANGE; 1124 else 1125 memcpy(buffer, xattr->value, xattr->size); 1126 } 1127 } 1128 read_unlock(&xattrs->lock); 1129 return ret; 1130 } 1131 1132 /** 1133 * simple_xattr_set - set an xattr object 1134 * @xattrs: the header of the xattr object 1135 * @name: the name of the xattr to retrieve 1136 * @value: the value to store along the xattr 1137 * @size: the size of @value 1138 * @flags: the flags determining how to set the xattr 1139 * @removed_size: the size of the removed xattr 1140 * 1141 * Set a new xattr object. 1142 * If @value is passed a new xattr object will be allocated. If XATTR_REPLACE 1143 * is specified in @flags a matching xattr object for @name must already exist. 1144 * If it does it will be replaced with the new xattr object. If it doesn't we 1145 * fail. If XATTR_CREATE is specified and a matching xattr does already exist 1146 * we fail. If it doesn't we create a new xattr. If @flags is zero we simply 1147 * insert the new xattr replacing any existing one. 1148 * 1149 * If @value is empty and a matching xattr object is found we delete it if 1150 * XATTR_REPLACE is specified in @flags or @flags is zero. 1151 * 1152 * If @value is empty and no matching xattr object for @name is found we do 1153 * nothing if XATTR_CREATE is specified in @flags or @flags is zero. For 1154 * XATTR_REPLACE we fail as mentioned above. 1155 * 1156 * Return: On success zero and on error a negative error code is returned. 1157 */ 1158 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, 1159 const void *value, size_t size, int flags, 1160 ssize_t *removed_size) 1161 { 1162 struct simple_xattr *xattr = NULL, *new_xattr = NULL; 1163 struct rb_node *parent = NULL, **rbp; 1164 int err = 0, ret; 1165 1166 if (removed_size) 1167 *removed_size = -1; 1168 1169 /* value == NULL means remove */ 1170 if (value) { 1171 new_xattr = simple_xattr_alloc(value, size); 1172 if (!new_xattr) 1173 return -ENOMEM; 1174 1175 new_xattr->name = kstrdup(name, GFP_KERNEL); 1176 if (!new_xattr->name) { 1177 free_simple_xattr(new_xattr); 1178 return -ENOMEM; 1179 } 1180 } 1181 1182 write_lock(&xattrs->lock); 1183 rbp = &xattrs->rb_root.rb_node; 1184 while (*rbp) { 1185 parent = *rbp; 1186 ret = rbtree_simple_xattr_cmp(name, *rbp); 1187 if (ret < 0) 1188 rbp = &(*rbp)->rb_left; 1189 else if (ret > 0) 1190 rbp = &(*rbp)->rb_right; 1191 else 1192 xattr = rb_entry(*rbp, struct simple_xattr, rb_node); 1193 if (xattr) 1194 break; 1195 } 1196 1197 if (xattr) { 1198 /* Fail if XATTR_CREATE is requested and the xattr exists. */ 1199 if (flags & XATTR_CREATE) { 1200 err = -EEXIST; 1201 goto out_unlock; 1202 } 1203 1204 if (new_xattr) 1205 rb_replace_node(&xattr->rb_node, &new_xattr->rb_node, 1206 &xattrs->rb_root); 1207 else 1208 rb_erase(&xattr->rb_node, &xattrs->rb_root); 1209 if (!err && removed_size) 1210 *removed_size = xattr->size; 1211 } else { 1212 /* Fail if XATTR_REPLACE is requested but no xattr is found. */ 1213 if (flags & XATTR_REPLACE) { 1214 err = -ENODATA; 1215 goto out_unlock; 1216 } 1217 1218 /* 1219 * If XATTR_CREATE or no flags are specified together with a 1220 * new value simply insert it. 1221 */ 1222 if (new_xattr) { 1223 rb_link_node(&new_xattr->rb_node, parent, rbp); 1224 rb_insert_color(&new_xattr->rb_node, &xattrs->rb_root); 1225 } 1226 1227 /* 1228 * If XATTR_CREATE or no flags are specified and neither an 1229 * old or new xattr exist then we don't need to do anything. 1230 */ 1231 } 1232 1233 out_unlock: 1234 write_unlock(&xattrs->lock); 1235 if (err) 1236 free_simple_xattr(new_xattr); 1237 else 1238 free_simple_xattr(xattr); 1239 return err; 1240 1241 } 1242 1243 static bool xattr_is_trusted(const char *name) 1244 { 1245 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 1246 } 1247 1248 static int xattr_list_one(char **buffer, ssize_t *remaining_size, 1249 const char *name) 1250 { 1251 size_t len = strlen(name) + 1; 1252 if (*buffer) { 1253 if (*remaining_size < len) 1254 return -ERANGE; 1255 memcpy(*buffer, name, len); 1256 *buffer += len; 1257 } 1258 *remaining_size -= len; 1259 return 0; 1260 } 1261 1262 /** 1263 * simple_xattr_list - list all xattr objects 1264 * @inode: inode from which to get the xattrs 1265 * @xattrs: the header of the xattr object 1266 * @buffer: the buffer to store all xattrs into 1267 * @size: the size of @buffer 1268 * 1269 * List all xattrs associated with @inode. If @buffer is NULL we returned 1270 * the required size of the buffer. If @buffer is provided we store the 1271 * xattrs value into it provided it is big enough. 1272 * 1273 * Note, the number of xattr names that can be listed with listxattr(2) is 1274 * limited to XATTR_LIST_MAX aka 65536 bytes. If a larger buffer is passed 1275 * then vfs_listxattr() caps it to XATTR_LIST_MAX and if more xattr names 1276 * are found it will return -E2BIG. 1277 * 1278 * Return: On success the required size or the size of the copied xattrs is 1279 * returned. On error a negative error code is returned. 1280 */ 1281 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 1282 char *buffer, size_t size) 1283 { 1284 bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); 1285 struct simple_xattr *xattr; 1286 struct rb_node *rbp; 1287 ssize_t remaining_size = size; 1288 int err = 0; 1289 1290 #ifdef CONFIG_FS_POSIX_ACL 1291 if (IS_POSIXACL(inode)) { 1292 if (inode->i_acl) { 1293 err = xattr_list_one(&buffer, &remaining_size, 1294 XATTR_NAME_POSIX_ACL_ACCESS); 1295 if (err) 1296 return err; 1297 } 1298 if (inode->i_default_acl) { 1299 err = xattr_list_one(&buffer, &remaining_size, 1300 XATTR_NAME_POSIX_ACL_DEFAULT); 1301 if (err) 1302 return err; 1303 } 1304 } 1305 #endif 1306 1307 read_lock(&xattrs->lock); 1308 for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) { 1309 xattr = rb_entry(rbp, struct simple_xattr, rb_node); 1310 1311 /* skip "trusted." attributes for unprivileged callers */ 1312 if (!trusted && xattr_is_trusted(xattr->name)) 1313 continue; 1314 1315 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 1316 if (err) 1317 break; 1318 } 1319 read_unlock(&xattrs->lock); 1320 1321 return err ? err : size - remaining_size; 1322 } 1323 1324 /** 1325 * rbtree_simple_xattr_less - compare two xattr rbtree nodes 1326 * @new_node: new node 1327 * @node: current node 1328 * 1329 * Compare the xattr attached to @new_node with the xattr attached to @node. 1330 * Note that this function technically tolerates duplicate entries. 1331 * 1332 * Return: True if insertion point in the rbtree is found. 1333 */ 1334 static bool rbtree_simple_xattr_less(struct rb_node *new_node, 1335 const struct rb_node *node) 1336 { 1337 return rbtree_simple_xattr_node_cmp(new_node, node) < 0; 1338 } 1339 1340 /** 1341 * simple_xattr_add - add xattr objects 1342 * @xattrs: the header of the xattr object 1343 * @new_xattr: the xattr object to add 1344 * 1345 * Add an xattr object to @xattrs. This assumes no replacement or removal 1346 * of matching xattrs is wanted. Should only be called during inode 1347 * initialization when a few distinct initial xattrs are supposed to be set. 1348 */ 1349 void simple_xattr_add(struct simple_xattrs *xattrs, 1350 struct simple_xattr *new_xattr) 1351 { 1352 write_lock(&xattrs->lock); 1353 rb_add(&new_xattr->rb_node, &xattrs->rb_root, rbtree_simple_xattr_less); 1354 write_unlock(&xattrs->lock); 1355 } 1356 1357 /** 1358 * simple_xattrs_init - initialize new xattr header 1359 * @xattrs: header to initialize 1360 * 1361 * Initialize relevant fields of a an xattr header. 1362 */ 1363 void simple_xattrs_init(struct simple_xattrs *xattrs) 1364 { 1365 xattrs->rb_root = RB_ROOT; 1366 rwlock_init(&xattrs->lock); 1367 } 1368 1369 /** 1370 * simple_xattrs_free - free xattrs 1371 * @xattrs: xattr header whose xattrs to destroy 1372 * 1373 * Destroy all xattrs in @xattr. When this is called no one can hold a 1374 * reference to any of the xattrs anymore. 1375 */ 1376 void simple_xattrs_free(struct simple_xattrs *xattrs) 1377 { 1378 struct rb_node *rbp; 1379 1380 rbp = rb_first(&xattrs->rb_root); 1381 while (rbp) { 1382 struct simple_xattr *xattr; 1383 struct rb_node *rbp_next; 1384 1385 rbp_next = rb_next(rbp); 1386 xattr = rb_entry(rbp, struct simple_xattr, rb_node); 1387 rb_erase(&xattr->rb_node, &xattrs->rb_root); 1388 free_simple_xattr(xattr); 1389 rbp = rbp_next; 1390 } 1391 } 1392