1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 File: fs/xattr.c
4
5 Extended attribute handling.
6
7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 */
11 #include <linux/fs.h>
12 #include <linux/slab.h>
13 #include <linux/file.h>
14 #include <linux/xattr.h>
15 #include <linux/mount.h>
16 #include <linux/namei.h>
17 #include <linux/security.h>
18 #include <linux/evm.h>
19 #include <linux/syscalls.h>
20 #include <linux/export.h>
21 #include <linux/fsnotify.h>
22 #include <linux/audit.h>
23 #include <linux/vmalloc.h>
24 #include <linux/posix_acl_xattr.h>
25
26 #include <linux/uaccess.h>
27
28 static const char *
strcmp_prefix(const char * a,const char * a_prefix)29 strcmp_prefix(const char *a, const char *a_prefix)
30 {
31 while (*a_prefix && *a == *a_prefix) {
32 a++;
33 a_prefix++;
34 }
35 return *a_prefix ? NULL : a;
36 }
37
38 /*
39 * In order to implement different sets of xattr operations for each xattr
40 * prefix, a filesystem should create a null-terminated array of struct
41 * xattr_handler (one for each prefix) and hang a pointer to it off of the
42 * s_xattr field of the superblock.
43 */
44 #define for_each_xattr_handler(handlers, handler) \
45 if (handlers) \
46 for ((handler) = *(handlers)++; \
47 (handler) != NULL; \
48 (handler) = *(handlers)++)
49
50 /*
51 * Find the xattr_handler with the matching prefix.
52 */
53 static const struct xattr_handler *
xattr_resolve_name(struct inode * inode,const char ** name)54 xattr_resolve_name(struct inode *inode, const char **name)
55 {
56 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 const struct xattr_handler *handler;
58
59 if (!(inode->i_opflags & IOP_XATTR)) {
60 if (unlikely(is_bad_inode(inode)))
61 return ERR_PTR(-EIO);
62 return ERR_PTR(-EOPNOTSUPP);
63 }
64 for_each_xattr_handler(handlers, handler) {
65 const char *n;
66
67 n = strcmp_prefix(*name, xattr_prefix(handler));
68 if (n) {
69 if (!handler->prefix ^ !*n) {
70 if (*n)
71 continue;
72 return ERR_PTR(-EINVAL);
73 }
74 *name = n;
75 return handler;
76 }
77 }
78 return ERR_PTR(-EOPNOTSUPP);
79 }
80
81 /*
82 * Check permissions for extended attribute access. This is a bit complicated
83 * because different namespaces have very different rules.
84 */
85 static int
xattr_permission(struct inode * inode,const char * name,int mask)86 xattr_permission(struct inode *inode, const char *name, int mask)
87 {
88 /*
89 * We can never set or remove an extended attribute on a read-only
90 * filesystem or on an immutable / append-only inode.
91 */
92 if (mask & MAY_WRITE) {
93 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
94 return -EPERM;
95 /*
96 * Updating an xattr will likely cause i_uid and i_gid
97 * to be writen back improperly if their true value is
98 * unknown to the vfs.
99 */
100 if (HAS_UNMAPPED_ID(inode))
101 return -EPERM;
102 }
103
104 /*
105 * No restriction for security.* and system.* from the VFS. Decision
106 * on these is left to the underlying filesystem / security module.
107 */
108 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
109 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
110 return 0;
111
112 /*
113 * The trusted.* namespace can only be accessed by privileged users.
114 */
115 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
116 if (!capable(CAP_SYS_ADMIN))
117 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
118 return 0;
119 }
120
121 /*
122 * In the user.* namespace, only regular files and directories can have
123 * extended attributes. For sticky directories, only the owner and
124 * privileged users can write attributes.
125 */
126 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
127 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
128 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
129 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
130 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
131 return -EPERM;
132 }
133
134 return inode_permission(inode, mask);
135 }
136
137 int
__vfs_setxattr(struct dentry * dentry,struct inode * inode,const char * name,const void * value,size_t size,int flags)138 __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
139 const void *value, size_t size, int flags)
140 {
141 const struct xattr_handler *handler;
142
143 handler = xattr_resolve_name(inode, &name);
144 if (IS_ERR(handler))
145 return PTR_ERR(handler);
146 if (!handler->set)
147 return -EOPNOTSUPP;
148 if (size == 0)
149 value = ""; /* empty EA, do not remove */
150 return handler->set(handler, dentry, inode, name, value, size, flags);
151 }
152 EXPORT_SYMBOL(__vfs_setxattr);
153
154 /**
155 * __vfs_setxattr_noperm - perform setxattr operation without performing
156 * permission checks.
157 *
158 * @dentry - object to perform setxattr on
159 * @name - xattr name to set
160 * @value - value to set @name to
161 * @size - size of @value
162 * @flags - flags to pass into filesystem operations
163 *
164 * returns the result of the internal setxattr or setsecurity operations.
165 *
166 * This function requires the caller to lock the inode's i_mutex before it
167 * is executed. It also assumes that the caller will make the appropriate
168 * permission checks.
169 */
__vfs_setxattr_noperm(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)170 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
171 const void *value, size_t size, int flags)
172 {
173 struct inode *inode = dentry->d_inode;
174 int error = -EAGAIN;
175 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
176 XATTR_SECURITY_PREFIX_LEN);
177
178 if (issec)
179 inode->i_flags &= ~S_NOSEC;
180 if (inode->i_opflags & IOP_XATTR) {
181 error = __vfs_setxattr(dentry, inode, name, value, size, flags);
182 if (!error) {
183 fsnotify_xattr(dentry);
184 security_inode_post_setxattr(dentry, name, value,
185 size, flags);
186 }
187 } else {
188 if (unlikely(is_bad_inode(inode)))
189 return -EIO;
190 }
191 if (error == -EAGAIN) {
192 error = -EOPNOTSUPP;
193
194 if (issec) {
195 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
196
197 error = security_inode_setsecurity(inode, suffix, value,
198 size, flags);
199 if (!error)
200 fsnotify_xattr(dentry);
201 }
202 }
203
204 return error;
205 }
206
207 /**
208 * __vfs_setxattr_locked: set an extended attribute while holding the inode
209 * lock
210 *
211 * @dentry - object to perform setxattr on
212 * @name - xattr name to set
213 * @value - value to set @name to
214 * @size - size of @value
215 * @flags - flags to pass into filesystem operations
216 * @delegated_inode - on return, will contain an inode pointer that
217 * a delegation was broken on, NULL if none.
218 */
219 int
__vfs_setxattr_locked(struct dentry * dentry,const char * name,const void * value,size_t size,int flags,struct inode ** delegated_inode)220 __vfs_setxattr_locked(struct dentry *dentry, const char *name,
221 const void *value, size_t size, int flags,
222 struct inode **delegated_inode)
223 {
224 struct inode *inode = dentry->d_inode;
225 int error;
226
227 error = xattr_permission(inode, name, MAY_WRITE);
228 if (error)
229 return error;
230
231 error = security_inode_setxattr(dentry, name, value, size, flags);
232 if (error)
233 goto out;
234
235 error = try_break_deleg(inode, delegated_inode);
236 if (error)
237 goto out;
238
239 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
240
241 out:
242 return error;
243 }
244 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
245
246 int
vfs_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)247 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
248 size_t size, int flags)
249 {
250 struct inode *inode = dentry->d_inode;
251 struct inode *delegated_inode = NULL;
252 int error;
253
254 retry_deleg:
255 inode_lock(inode);
256 error = __vfs_setxattr_locked(dentry, name, value, size, flags,
257 &delegated_inode);
258 inode_unlock(inode);
259
260 if (delegated_inode) {
261 error = break_deleg_wait(&delegated_inode);
262 if (!error)
263 goto retry_deleg;
264 }
265 return error;
266 }
267 EXPORT_SYMBOL_NS_GPL(vfs_setxattr, ANDROID_GKI_VFS_EXPORT_ONLY);
268
269 static ssize_t
xattr_getsecurity(struct inode * inode,const char * name,void * value,size_t size)270 xattr_getsecurity(struct inode *inode, const char *name, void *value,
271 size_t size)
272 {
273 void *buffer = NULL;
274 ssize_t len;
275
276 if (!value || !size) {
277 len = security_inode_getsecurity(inode, name, &buffer, false);
278 goto out_noalloc;
279 }
280
281 len = security_inode_getsecurity(inode, name, &buffer, true);
282 if (len < 0)
283 return len;
284 if (size < len) {
285 len = -ERANGE;
286 goto out;
287 }
288 memcpy(value, buffer, len);
289 out:
290 kfree(buffer);
291 out_noalloc:
292 return len;
293 }
294
295 /*
296 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
297 *
298 * Allocate memory, if not already allocated, or re-allocate correct size,
299 * before retrieving the extended attribute.
300 *
301 * Returns the result of alloc, if failed, or the getxattr operation.
302 */
303 ssize_t
vfs_getxattr_alloc(struct dentry * dentry,const char * name,char ** xattr_value,size_t xattr_size,gfp_t flags)304 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
305 size_t xattr_size, gfp_t flags)
306 {
307 const struct xattr_handler *handler;
308 struct inode *inode = dentry->d_inode;
309 char *value = *xattr_value;
310 int error;
311
312 error = xattr_permission(inode, name, MAY_READ);
313 if (error)
314 return error;
315
316 handler = xattr_resolve_name(inode, &name);
317 if (IS_ERR(handler))
318 return PTR_ERR(handler);
319 if (!handler->get)
320 return -EOPNOTSUPP;
321 error = handler->get(handler, dentry, inode, name, NULL, 0, 0);
322 if (error < 0)
323 return error;
324
325 if (!value || (error > xattr_size)) {
326 value = krealloc(*xattr_value, error + 1, flags);
327 if (!value)
328 return -ENOMEM;
329 memset(value, 0, error + 1);
330 }
331
332 error = handler->get(handler, dentry, inode, name, value, error, 0);
333 *xattr_value = value;
334 return error;
335 }
336
337 ssize_t
__vfs_getxattr(struct dentry * dentry,struct inode * inode,const char * name,void * value,size_t size,int flags)338 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
339 void *value, size_t size, int flags)
340 {
341 const struct xattr_handler *handler;
342 int error;
343
344 if (flags & XATTR_NOSECURITY)
345 goto nolsm;
346 error = xattr_permission(inode, name, MAY_READ);
347 if (error)
348 return error;
349
350 error = security_inode_getxattr(dentry, name);
351 if (error)
352 return error;
353
354 if (!strncmp(name, XATTR_SECURITY_PREFIX,
355 XATTR_SECURITY_PREFIX_LEN)) {
356 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
357 int ret = xattr_getsecurity(inode, suffix, value, size);
358 /*
359 * Only overwrite the return value if a security module
360 * is actually active.
361 */
362 if (ret == -EOPNOTSUPP)
363 goto nolsm;
364 return ret;
365 }
366 nolsm:
367 handler = xattr_resolve_name(inode, &name);
368 if (IS_ERR(handler))
369 return PTR_ERR(handler);
370 if (!handler->get)
371 return -EOPNOTSUPP;
372 return handler->get(handler, dentry, inode, name, value, size, flags);
373 }
374 EXPORT_SYMBOL(__vfs_getxattr);
375
376 ssize_t
vfs_getxattr(struct dentry * dentry,const char * name,void * value,size_t size)377 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
378 {
379 return __vfs_getxattr(dentry, dentry->d_inode, name, value, size, 0);
380 }
381 EXPORT_SYMBOL_NS_GPL(vfs_getxattr, ANDROID_GKI_VFS_EXPORT_ONLY);
382
383 ssize_t
vfs_listxattr(struct dentry * dentry,char * list,size_t size)384 vfs_listxattr(struct dentry *dentry, char *list, size_t size)
385 {
386 struct inode *inode = d_inode(dentry);
387 ssize_t error;
388
389 error = security_inode_listxattr(dentry);
390 if (error)
391 return error;
392 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
393 error = inode->i_op->listxattr(dentry, list, size);
394 } else {
395 error = security_inode_listsecurity(inode, list, size);
396 if (size && error > size)
397 error = -ERANGE;
398 }
399 return error;
400 }
401 EXPORT_SYMBOL_NS_GPL(vfs_listxattr, ANDROID_GKI_VFS_EXPORT_ONLY);
402
403 int
__vfs_removexattr(struct dentry * dentry,const char * name)404 __vfs_removexattr(struct dentry *dentry, const char *name)
405 {
406 struct inode *inode = d_inode(dentry);
407 const struct xattr_handler *handler;
408
409 handler = xattr_resolve_name(inode, &name);
410 if (IS_ERR(handler))
411 return PTR_ERR(handler);
412 if (!handler->set)
413 return -EOPNOTSUPP;
414 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
415 }
416 EXPORT_SYMBOL(__vfs_removexattr);
417
418 /**
419 * __vfs_removexattr_locked: set an extended attribute while holding the inode
420 * lock
421 *
422 * @dentry - object to perform setxattr on
423 * @name - name of xattr to remove
424 * @delegated_inode - on return, will contain an inode pointer that
425 * a delegation was broken on, NULL if none.
426 */
427 int
__vfs_removexattr_locked(struct dentry * dentry,const char * name,struct inode ** delegated_inode)428 __vfs_removexattr_locked(struct dentry *dentry, const char *name,
429 struct inode **delegated_inode)
430 {
431 struct inode *inode = dentry->d_inode;
432 int error;
433
434 error = xattr_permission(inode, name, MAY_WRITE);
435 if (error)
436 return error;
437
438 error = security_inode_removexattr(dentry, name);
439 if (error)
440 goto out;
441
442 error = try_break_deleg(inode, delegated_inode);
443 if (error)
444 goto out;
445
446 error = __vfs_removexattr(dentry, name);
447
448 if (!error) {
449 fsnotify_xattr(dentry);
450 evm_inode_post_removexattr(dentry, name);
451 }
452
453 out:
454 return error;
455 }
456 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
457
458 int
vfs_removexattr(struct dentry * dentry,const char * name)459 vfs_removexattr(struct dentry *dentry, const char *name)
460 {
461 struct inode *inode = dentry->d_inode;
462 struct inode *delegated_inode = NULL;
463 int error;
464
465 retry_deleg:
466 inode_lock(inode);
467 error = __vfs_removexattr_locked(dentry, name, &delegated_inode);
468 inode_unlock(inode);
469
470 if (delegated_inode) {
471 error = break_deleg_wait(&delegated_inode);
472 if (!error)
473 goto retry_deleg;
474 }
475
476 return error;
477 }
478 EXPORT_SYMBOL_GPL(vfs_removexattr);
479
480 /*
481 * Extended attribute SET operations
482 */
483 static long
setxattr(struct dentry * d,const char __user * name,const void __user * value,size_t size,int flags)484 setxattr(struct dentry *d, const char __user *name, const void __user *value,
485 size_t size, int flags)
486 {
487 int error;
488 void *kvalue = NULL;
489 char kname[XATTR_NAME_MAX + 1];
490
491 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
492 return -EINVAL;
493
494 error = strncpy_from_user(kname, name, sizeof(kname));
495 if (error == 0 || error == sizeof(kname))
496 error = -ERANGE;
497 if (error < 0)
498 return error;
499
500 if (size) {
501 if (size > XATTR_SIZE_MAX)
502 return -E2BIG;
503 kvalue = kvmalloc(size, GFP_KERNEL);
504 if (!kvalue)
505 return -ENOMEM;
506 if (copy_from_user(kvalue, value, size)) {
507 error = -EFAULT;
508 goto out;
509 }
510 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
511 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
512 posix_acl_fix_xattr_from_user(kvalue, size);
513 else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
514 error = cap_convert_nscap(d, &kvalue, size);
515 if (error < 0)
516 goto out;
517 size = error;
518 }
519 }
520
521 error = vfs_setxattr(d, kname, kvalue, size, flags);
522 out:
523 kvfree(kvalue);
524
525 return error;
526 }
527
path_setxattr(const char __user * pathname,const char __user * name,const void __user * value,size_t size,int flags,unsigned int lookup_flags)528 static int path_setxattr(const char __user *pathname,
529 const char __user *name, const void __user *value,
530 size_t size, int flags, unsigned int lookup_flags)
531 {
532 struct path path;
533 int error;
534 retry:
535 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
536 if (error)
537 return error;
538 error = mnt_want_write(path.mnt);
539 if (!error) {
540 error = setxattr(path.dentry, name, value, size, flags);
541 mnt_drop_write(path.mnt);
542 }
543 path_put(&path);
544 if (retry_estale(error, lookup_flags)) {
545 lookup_flags |= LOOKUP_REVAL;
546 goto retry;
547 }
548 return error;
549 }
550
SYSCALL_DEFINE5(setxattr,const char __user *,pathname,const char __user *,name,const void __user *,value,size_t,size,int,flags)551 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
552 const char __user *, name, const void __user *, value,
553 size_t, size, int, flags)
554 {
555 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
556 }
557
SYSCALL_DEFINE5(lsetxattr,const char __user *,pathname,const char __user *,name,const void __user *,value,size_t,size,int,flags)558 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
559 const char __user *, name, const void __user *, value,
560 size_t, size, int, flags)
561 {
562 return path_setxattr(pathname, name, value, size, flags, 0);
563 }
564
SYSCALL_DEFINE5(fsetxattr,int,fd,const char __user *,name,const void __user *,value,size_t,size,int,flags)565 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
566 const void __user *,value, size_t, size, int, flags)
567 {
568 struct fd f = fdget(fd);
569 int error = -EBADF;
570
571 if (!f.file)
572 return error;
573 audit_file(f.file);
574 error = mnt_want_write_file(f.file);
575 if (!error) {
576 error = setxattr(f.file->f_path.dentry, name, value, size, flags);
577 mnt_drop_write_file(f.file);
578 }
579 fdput(f);
580 return error;
581 }
582
583 /*
584 * Extended attribute GET operations
585 */
586 static ssize_t
getxattr(struct dentry * d,const char __user * name,void __user * value,size_t size)587 getxattr(struct dentry *d, const char __user *name, void __user *value,
588 size_t size)
589 {
590 ssize_t error;
591 void *kvalue = NULL;
592 char kname[XATTR_NAME_MAX + 1];
593
594 error = strncpy_from_user(kname, name, sizeof(kname));
595 if (error == 0 || error == sizeof(kname))
596 error = -ERANGE;
597 if (error < 0)
598 return error;
599
600 if (size) {
601 if (size > XATTR_SIZE_MAX)
602 size = XATTR_SIZE_MAX;
603 kvalue = kvzalloc(size, GFP_KERNEL);
604 if (!kvalue)
605 return -ENOMEM;
606 }
607
608 error = vfs_getxattr(d, kname, kvalue, size);
609 if (error > 0) {
610 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
611 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
612 posix_acl_fix_xattr_to_user(kvalue, error);
613 if (size && copy_to_user(value, kvalue, error))
614 error = -EFAULT;
615 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
616 /* The file system tried to returned a value bigger
617 than XATTR_SIZE_MAX bytes. Not possible. */
618 error = -E2BIG;
619 }
620
621 kvfree(kvalue);
622
623 return error;
624 }
625
path_getxattr(const char __user * pathname,const char __user * name,void __user * value,size_t size,unsigned int lookup_flags)626 static ssize_t path_getxattr(const char __user *pathname,
627 const char __user *name, void __user *value,
628 size_t size, unsigned int lookup_flags)
629 {
630 struct path path;
631 ssize_t error;
632 retry:
633 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
634 if (error)
635 return error;
636 error = getxattr(path.dentry, name, value, size);
637 path_put(&path);
638 if (retry_estale(error, lookup_flags)) {
639 lookup_flags |= LOOKUP_REVAL;
640 goto retry;
641 }
642 return error;
643 }
644
SYSCALL_DEFINE4(getxattr,const char __user *,pathname,const char __user *,name,void __user *,value,size_t,size)645 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
646 const char __user *, name, void __user *, value, size_t, size)
647 {
648 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
649 }
650
SYSCALL_DEFINE4(lgetxattr,const char __user *,pathname,const char __user *,name,void __user *,value,size_t,size)651 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
652 const char __user *, name, void __user *, value, size_t, size)
653 {
654 return path_getxattr(pathname, name, value, size, 0);
655 }
656
SYSCALL_DEFINE4(fgetxattr,int,fd,const char __user *,name,void __user *,value,size_t,size)657 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
658 void __user *, value, size_t, size)
659 {
660 struct fd f = fdget(fd);
661 ssize_t error = -EBADF;
662
663 if (!f.file)
664 return error;
665 audit_file(f.file);
666 error = getxattr(f.file->f_path.dentry, name, value, size);
667 fdput(f);
668 return error;
669 }
670
671 /*
672 * Extended attribute LIST operations
673 */
674 static ssize_t
listxattr(struct dentry * d,char __user * list,size_t size)675 listxattr(struct dentry *d, char __user *list, size_t size)
676 {
677 ssize_t error;
678 char *klist = NULL;
679
680 if (size) {
681 if (size > XATTR_LIST_MAX)
682 size = XATTR_LIST_MAX;
683 klist = kvmalloc(size, GFP_KERNEL);
684 if (!klist)
685 return -ENOMEM;
686 }
687
688 error = vfs_listxattr(d, klist, size);
689 if (error > 0) {
690 if (size && copy_to_user(list, klist, error))
691 error = -EFAULT;
692 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
693 /* The file system tried to returned a list bigger
694 than XATTR_LIST_MAX bytes. Not possible. */
695 error = -E2BIG;
696 }
697
698 kvfree(klist);
699
700 return error;
701 }
702
path_listxattr(const char __user * pathname,char __user * list,size_t size,unsigned int lookup_flags)703 static ssize_t path_listxattr(const char __user *pathname, char __user *list,
704 size_t size, unsigned int lookup_flags)
705 {
706 struct path path;
707 ssize_t error;
708 retry:
709 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
710 if (error)
711 return error;
712 error = listxattr(path.dentry, list, size);
713 path_put(&path);
714 if (retry_estale(error, lookup_flags)) {
715 lookup_flags |= LOOKUP_REVAL;
716 goto retry;
717 }
718 return error;
719 }
720
SYSCALL_DEFINE3(listxattr,const char __user *,pathname,char __user *,list,size_t,size)721 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
722 size_t, size)
723 {
724 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
725 }
726
SYSCALL_DEFINE3(llistxattr,const char __user *,pathname,char __user *,list,size_t,size)727 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
728 size_t, size)
729 {
730 return path_listxattr(pathname, list, size, 0);
731 }
732
SYSCALL_DEFINE3(flistxattr,int,fd,char __user *,list,size_t,size)733 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
734 {
735 struct fd f = fdget(fd);
736 ssize_t error = -EBADF;
737
738 if (!f.file)
739 return error;
740 audit_file(f.file);
741 error = listxattr(f.file->f_path.dentry, list, size);
742 fdput(f);
743 return error;
744 }
745
746 /*
747 * Extended attribute REMOVE operations
748 */
749 static long
removexattr(struct dentry * d,const char __user * name)750 removexattr(struct dentry *d, const char __user *name)
751 {
752 int error;
753 char kname[XATTR_NAME_MAX + 1];
754
755 error = strncpy_from_user(kname, name, sizeof(kname));
756 if (error == 0 || error == sizeof(kname))
757 error = -ERANGE;
758 if (error < 0)
759 return error;
760
761 return vfs_removexattr(d, kname);
762 }
763
path_removexattr(const char __user * pathname,const char __user * name,unsigned int lookup_flags)764 static int path_removexattr(const char __user *pathname,
765 const char __user *name, unsigned int lookup_flags)
766 {
767 struct path path;
768 int error;
769 retry:
770 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
771 if (error)
772 return error;
773 error = mnt_want_write(path.mnt);
774 if (!error) {
775 error = removexattr(path.dentry, name);
776 mnt_drop_write(path.mnt);
777 }
778 path_put(&path);
779 if (retry_estale(error, lookup_flags)) {
780 lookup_flags |= LOOKUP_REVAL;
781 goto retry;
782 }
783 return error;
784 }
785
SYSCALL_DEFINE2(removexattr,const char __user *,pathname,const char __user *,name)786 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
787 const char __user *, name)
788 {
789 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
790 }
791
SYSCALL_DEFINE2(lremovexattr,const char __user *,pathname,const char __user *,name)792 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
793 const char __user *, name)
794 {
795 return path_removexattr(pathname, name, 0);
796 }
797
SYSCALL_DEFINE2(fremovexattr,int,fd,const char __user *,name)798 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
799 {
800 struct fd f = fdget(fd);
801 int error = -EBADF;
802
803 if (!f.file)
804 return error;
805 audit_file(f.file);
806 error = mnt_want_write_file(f.file);
807 if (!error) {
808 error = removexattr(f.file->f_path.dentry, name);
809 mnt_drop_write_file(f.file);
810 }
811 fdput(f);
812 return error;
813 }
814
815 /*
816 * Combine the results of the list() operation from every xattr_handler in the
817 * list.
818 */
819 ssize_t
generic_listxattr(struct dentry * dentry,char * buffer,size_t buffer_size)820 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
821 {
822 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
823 unsigned int size = 0;
824
825 if (!buffer) {
826 for_each_xattr_handler(handlers, handler) {
827 if (!handler->name ||
828 (handler->list && !handler->list(dentry)))
829 continue;
830 size += strlen(handler->name) + 1;
831 }
832 } else {
833 char *buf = buffer;
834 size_t len;
835
836 for_each_xattr_handler(handlers, handler) {
837 if (!handler->name ||
838 (handler->list && !handler->list(dentry)))
839 continue;
840 len = strlen(handler->name);
841 if (len + 1 > buffer_size)
842 return -ERANGE;
843 memcpy(buf, handler->name, len + 1);
844 buf += len + 1;
845 buffer_size -= len + 1;
846 }
847 size = buf - buffer;
848 }
849 return size;
850 }
851 EXPORT_SYMBOL(generic_listxattr);
852
853 /**
854 * xattr_full_name - Compute full attribute name from suffix
855 *
856 * @handler: handler of the xattr_handler operation
857 * @name: name passed to the xattr_handler operation
858 *
859 * The get and set xattr handler operations are called with the remainder of
860 * the attribute name after skipping the handler's prefix: for example, "foo"
861 * is passed to the get operation of a handler with prefix "user." to get
862 * attribute "user.foo". The full name is still "there" in the name though.
863 *
864 * Note: the list xattr handler operation when called from the vfs is passed a
865 * NULL name; some file systems use this operation internally, with varying
866 * semantics.
867 */
xattr_full_name(const struct xattr_handler * handler,const char * name)868 const char *xattr_full_name(const struct xattr_handler *handler,
869 const char *name)
870 {
871 size_t prefix_len = strlen(xattr_prefix(handler));
872
873 return name - prefix_len;
874 }
875 EXPORT_SYMBOL(xattr_full_name);
876
877 /*
878 * Allocate new xattr and copy in the value; but leave the name to callers.
879 */
simple_xattr_alloc(const void * value,size_t size)880 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
881 {
882 struct simple_xattr *new_xattr;
883 size_t len;
884
885 /* wrap around? */
886 len = sizeof(*new_xattr) + size;
887 if (len < sizeof(*new_xattr))
888 return NULL;
889
890 new_xattr = kmalloc(len, GFP_KERNEL);
891 if (!new_xattr)
892 return NULL;
893
894 new_xattr->size = size;
895 memcpy(new_xattr->value, value, size);
896 return new_xattr;
897 }
898
899 /*
900 * xattr GET operation for in-memory/pseudo filesystems
901 */
simple_xattr_get(struct simple_xattrs * xattrs,const char * name,void * buffer,size_t size)902 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
903 void *buffer, size_t size)
904 {
905 struct simple_xattr *xattr;
906 int ret = -ENODATA;
907
908 spin_lock(&xattrs->lock);
909 list_for_each_entry(xattr, &xattrs->head, list) {
910 if (strcmp(name, xattr->name))
911 continue;
912
913 ret = xattr->size;
914 if (buffer) {
915 if (size < xattr->size)
916 ret = -ERANGE;
917 else
918 memcpy(buffer, xattr->value, xattr->size);
919 }
920 break;
921 }
922 spin_unlock(&xattrs->lock);
923 return ret;
924 }
925
926 /**
927 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
928 * @xattrs: target simple_xattr list
929 * @name: name of the extended attribute
930 * @value: value of the xattr. If %NULL, will remove the attribute.
931 * @size: size of the new xattr
932 * @flags: %XATTR_{CREATE|REPLACE}
933 *
934 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
935 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
936 * otherwise, fails with -ENODATA.
937 *
938 * Returns 0 on success, -errno on failure.
939 */
simple_xattr_set(struct simple_xattrs * xattrs,const char * name,const void * value,size_t size,int flags)940 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
941 const void *value, size_t size, int flags)
942 {
943 struct simple_xattr *xattr;
944 struct simple_xattr *new_xattr = NULL;
945 int err = 0;
946
947 /* value == NULL means remove */
948 if (value) {
949 new_xattr = simple_xattr_alloc(value, size);
950 if (!new_xattr)
951 return -ENOMEM;
952
953 new_xattr->name = kstrdup(name, GFP_KERNEL);
954 if (!new_xattr->name) {
955 kfree(new_xattr);
956 return -ENOMEM;
957 }
958 }
959
960 spin_lock(&xattrs->lock);
961 list_for_each_entry(xattr, &xattrs->head, list) {
962 if (!strcmp(name, xattr->name)) {
963 if (flags & XATTR_CREATE) {
964 xattr = new_xattr;
965 err = -EEXIST;
966 } else if (new_xattr) {
967 list_replace(&xattr->list, &new_xattr->list);
968 } else {
969 list_del(&xattr->list);
970 }
971 goto out;
972 }
973 }
974 if (flags & XATTR_REPLACE) {
975 xattr = new_xattr;
976 err = -ENODATA;
977 } else {
978 list_add(&new_xattr->list, &xattrs->head);
979 xattr = NULL;
980 }
981 out:
982 spin_unlock(&xattrs->lock);
983 if (xattr) {
984 kfree(xattr->name);
985 kfree(xattr);
986 }
987 return err;
988
989 }
990
xattr_is_trusted(const char * name)991 static bool xattr_is_trusted(const char *name)
992 {
993 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
994 }
995
xattr_list_one(char ** buffer,ssize_t * remaining_size,const char * name)996 static int xattr_list_one(char **buffer, ssize_t *remaining_size,
997 const char *name)
998 {
999 size_t len = strlen(name) + 1;
1000 if (*buffer) {
1001 if (*remaining_size < len)
1002 return -ERANGE;
1003 memcpy(*buffer, name, len);
1004 *buffer += len;
1005 }
1006 *remaining_size -= len;
1007 return 0;
1008 }
1009
1010 /*
1011 * xattr LIST operation for in-memory/pseudo filesystems
1012 */
simple_xattr_list(struct inode * inode,struct simple_xattrs * xattrs,char * buffer,size_t size)1013 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1014 char *buffer, size_t size)
1015 {
1016 bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
1017 struct simple_xattr *xattr;
1018 ssize_t remaining_size = size;
1019 int err = 0;
1020
1021 #ifdef CONFIG_FS_POSIX_ACL
1022 if (IS_POSIXACL(inode)) {
1023 if (inode->i_acl) {
1024 err = xattr_list_one(&buffer, &remaining_size,
1025 XATTR_NAME_POSIX_ACL_ACCESS);
1026 if (err)
1027 return err;
1028 }
1029 if (inode->i_default_acl) {
1030 err = xattr_list_one(&buffer, &remaining_size,
1031 XATTR_NAME_POSIX_ACL_DEFAULT);
1032 if (err)
1033 return err;
1034 }
1035 }
1036 #endif
1037
1038 spin_lock(&xattrs->lock);
1039 list_for_each_entry(xattr, &xattrs->head, list) {
1040 /* skip "trusted." attributes for unprivileged callers */
1041 if (!trusted && xattr_is_trusted(xattr->name))
1042 continue;
1043
1044 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1045 if (err)
1046 break;
1047 }
1048 spin_unlock(&xattrs->lock);
1049
1050 return err ? err : size - remaining_size;
1051 }
1052
1053 /*
1054 * Adds an extended attribute to the list
1055 */
simple_xattr_list_add(struct simple_xattrs * xattrs,struct simple_xattr * new_xattr)1056 void simple_xattr_list_add(struct simple_xattrs *xattrs,
1057 struct simple_xattr *new_xattr)
1058 {
1059 spin_lock(&xattrs->lock);
1060 list_add(&new_xattr->list, &xattrs->head);
1061 spin_unlock(&xattrs->lock);
1062 }
1063