blob: 1c91835ac431678ade125fbbe0451a7de0383358
1 | /* |
2 | File: fs/xattr.c |
3 | |
4 | Extended attribute handling. |
5 | |
6 | Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> |
7 | Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> |
8 | Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> |
9 | */ |
10 | #include <linux/fs.h> |
11 | #include <linux/slab.h> |
12 | #include <linux/file.h> |
13 | #include <linux/xattr.h> |
14 | #include <linux/mount.h> |
15 | #include <linux/namei.h> |
16 | #include <linux/security.h> |
17 | #include <linux/evm.h> |
18 | #include <linux/syscalls.h> |
19 | #include <linux/export.h> |
20 | #include <linux/fsnotify.h> |
21 | #include <linux/audit.h> |
22 | #include <linux/vmalloc.h> |
23 | #include <linux/posix_acl_xattr.h> |
24 | |
25 | #include <asm/uaccess.h> |
26 | |
27 | static const char * |
28 | strcmp_prefix(const char *a, const char *a_prefix) |
29 | { |
30 | while (*a_prefix && *a == *a_prefix) { |
31 | a++; |
32 | a_prefix++; |
33 | } |
34 | return *a_prefix ? NULL : a; |
35 | } |
36 | |
37 | /* |
38 | * In order to implement different sets of xattr operations for each xattr |
39 | * prefix, a filesystem should create a null-terminated array of struct |
40 | * xattr_handler (one for each prefix) and hang a pointer to it off of the |
41 | * s_xattr field of the superblock. |
42 | */ |
43 | #define for_each_xattr_handler(handlers, handler) \ |
44 | if (handlers) \ |
45 | for ((handler) = *(handlers)++; \ |
46 | (handler) != NULL; \ |
47 | (handler) = *(handlers)++) |
48 | |
49 | /* |
50 | * Find the xattr_handler with the matching prefix. |
51 | */ |
52 | static const struct xattr_handler * |
53 | xattr_resolve_name(struct inode *inode, const char **name) |
54 | { |
55 | const struct xattr_handler **handlers = inode->i_sb->s_xattr; |
56 | const struct xattr_handler *handler; |
57 | |
58 | if (!(inode->i_opflags & IOP_XATTR)) { |
59 | if (unlikely(is_bad_inode(inode))) |
60 | return ERR_PTR(-EIO); |
61 | return ERR_PTR(-EOPNOTSUPP); |
62 | } |
63 | for_each_xattr_handler(handlers, handler) { |
64 | const char *n; |
65 | |
66 | n = strcmp_prefix(*name, xattr_prefix(handler)); |
67 | if (n) { |
68 | if (!handler->prefix ^ !*n) { |
69 | if (*n) |
70 | continue; |
71 | return ERR_PTR(-EINVAL); |
72 | } |
73 | *name = n; |
74 | return handler; |
75 | } |
76 | } |
77 | return ERR_PTR(-EOPNOTSUPP); |
78 | } |
79 | |
80 | /* |
81 | * Check permissions for extended attribute access. This is a bit complicated |
82 | * because different namespaces have very different rules. |
83 | */ |
84 | static int |
85 | xattr_permission(struct inode *inode, const char *name, int mask) |
86 | { |
87 | /* |
88 | * We can never set or remove an extended attribute on a read-only |
89 | * filesystem or on an immutable / append-only inode. |
90 | */ |
91 | if (mask & MAY_WRITE) { |
92 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
93 | return -EPERM; |
94 | /* |
95 | * Updating an xattr will likely cause i_uid and i_gid |
96 | * to be writen back improperly if their true value is |
97 | * unknown to the vfs. |
98 | */ |
99 | if (HAS_UNMAPPED_ID(inode)) |
100 | return -EPERM; |
101 | } |
102 | |
103 | /* |
104 | * No restriction for security.* and system.* from the VFS. Decision |
105 | * on these is left to the underlying filesystem / security module. |
106 | */ |
107 | if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || |
108 | !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) |
109 | return 0; |
110 | |
111 | /* |
112 | * The trusted.* namespace can only be accessed by privileged users. |
113 | */ |
114 | if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { |
115 | if (!capable(CAP_SYS_ADMIN)) |
116 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; |
117 | return 0; |
118 | } |
119 | |
120 | /* |
121 | * In the user.* namespace, only regular files and directories can have |
122 | * extended attributes. For sticky directories, only the owner and |
123 | * privileged users can write attributes. |
124 | */ |
125 | if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { |
126 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
127 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; |
128 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && |
129 | (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) |
130 | return -EPERM; |
131 | } |
132 | |
133 | return inode_permission2(ERR_PTR(-EOPNOTSUPP), inode, mask); |
134 | } |
135 | |
136 | int |
137 | __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, |
138 | const void *value, size_t size, int flags) |
139 | { |
140 | const struct xattr_handler *handler; |
141 | |
142 | handler = xattr_resolve_name(inode, &name); |
143 | if (IS_ERR(handler)) |
144 | return PTR_ERR(handler); |
145 | if (!handler->set) |
146 | return -EOPNOTSUPP; |
147 | if (size == 0) |
148 | value = ""; /* empty EA, do not remove */ |
149 | return handler->set(handler, dentry, inode, name, value, size, flags); |
150 | } |
151 | EXPORT_SYMBOL(__vfs_setxattr); |
152 | |
153 | /** |
154 | * __vfs_setxattr_noperm - perform setxattr operation without performing |
155 | * permission checks. |
156 | * |
157 | * @dentry - object to perform setxattr on |
158 | * @name - xattr name to set |
159 | * @value - value to set @name to |
160 | * @size - size of @value |
161 | * @flags - flags to pass into filesystem operations |
162 | * |
163 | * returns the result of the internal setxattr or setsecurity operations. |
164 | * |
165 | * This function requires the caller to lock the inode's i_mutex before it |
166 | * is executed. It also assumes that the caller will make the appropriate |
167 | * permission checks. |
168 | */ |
169 | int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, |
170 | const void *value, size_t size, int flags) |
171 | { |
172 | struct inode *inode = dentry->d_inode; |
173 | int error = -EAGAIN; |
174 | int issec = !strncmp(name, XATTR_SECURITY_PREFIX, |
175 | XATTR_SECURITY_PREFIX_LEN); |
176 | |
177 | if (issec) |
178 | inode->i_flags &= ~S_NOSEC; |
179 | if (inode->i_opflags & IOP_XATTR) { |
180 | error = __vfs_setxattr(dentry, inode, name, value, size, flags); |
181 | if (!error) { |
182 | fsnotify_xattr(dentry); |
183 | security_inode_post_setxattr(dentry, name, value, |
184 | size, flags); |
185 | } |
186 | } else { |
187 | if (unlikely(is_bad_inode(inode))) |
188 | return -EIO; |
189 | } |
190 | if (error == -EAGAIN) { |
191 | error = -EOPNOTSUPP; |
192 | |
193 | if (issec) { |
194 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; |
195 | |
196 | error = security_inode_setsecurity(inode, suffix, value, |
197 | size, flags); |
198 | if (!error) |
199 | fsnotify_xattr(dentry); |
200 | } |
201 | } |
202 | |
203 | return error; |
204 | } |
205 | |
206 | |
207 | int |
208 | vfs_setxattr(struct dentry *dentry, const char *name, const void *value, |
209 | size_t size, int flags) |
210 | { |
211 | struct inode *inode = dentry->d_inode; |
212 | int error; |
213 | |
214 | error = xattr_permission(inode, name, MAY_WRITE); |
215 | if (error) |
216 | return error; |
217 | |
218 | inode_lock(inode); |
219 | error = security_inode_setxattr(dentry, name, value, size, flags); |
220 | if (error) |
221 | goto out; |
222 | |
223 | error = __vfs_setxattr_noperm(dentry, name, value, size, flags); |
224 | |
225 | out: |
226 | inode_unlock(inode); |
227 | return error; |
228 | } |
229 | EXPORT_SYMBOL_GPL(vfs_setxattr); |
230 | |
231 | ssize_t |
232 | xattr_getsecurity(struct inode *inode, const char *name, void *value, |
233 | size_t size) |
234 | { |
235 | void *buffer = NULL; |
236 | ssize_t len; |
237 | |
238 | if (!value || !size) { |
239 | len = security_inode_getsecurity(inode, name, &buffer, false); |
240 | goto out_noalloc; |
241 | } |
242 | |
243 | len = security_inode_getsecurity(inode, name, &buffer, true); |
244 | if (len < 0) |
245 | return len; |
246 | if (size < len) { |
247 | len = -ERANGE; |
248 | goto out; |
249 | } |
250 | memcpy(value, buffer, len); |
251 | out: |
252 | kfree(buffer); |
253 | out_noalloc: |
254 | return len; |
255 | } |
256 | EXPORT_SYMBOL_GPL(xattr_getsecurity); |
257 | |
258 | /* |
259 | * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr |
260 | * |
261 | * Allocate memory, if not already allocated, or re-allocate correct size, |
262 | * before retrieving the extended attribute. |
263 | * |
264 | * Returns the result of alloc, if failed, or the getxattr operation. |
265 | */ |
266 | ssize_t |
267 | vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, |
268 | size_t xattr_size, gfp_t flags) |
269 | { |
270 | const struct xattr_handler *handler; |
271 | struct inode *inode = dentry->d_inode; |
272 | char *value = *xattr_value; |
273 | int error; |
274 | |
275 | error = xattr_permission(inode, name, MAY_READ); |
276 | if (error) |
277 | return error; |
278 | |
279 | handler = xattr_resolve_name(inode, &name); |
280 | if (IS_ERR(handler)) |
281 | return PTR_ERR(handler); |
282 | if (!handler->get) |
283 | return -EOPNOTSUPP; |
284 | error = handler->get(handler, dentry, inode, name, NULL, 0); |
285 | if (error < 0) |
286 | return error; |
287 | |
288 | if (!value || (error > xattr_size)) { |
289 | value = krealloc(*xattr_value, error + 1, flags); |
290 | if (!value) |
291 | return -ENOMEM; |
292 | memset(value, 0, error + 1); |
293 | } |
294 | |
295 | error = handler->get(handler, dentry, inode, name, value, error); |
296 | *xattr_value = value; |
297 | return error; |
298 | } |
299 | |
300 | ssize_t |
301 | __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, |
302 | void *value, size_t size) |
303 | { |
304 | const struct xattr_handler *handler; |
305 | |
306 | handler = xattr_resolve_name(inode, &name); |
307 | if (IS_ERR(handler)) |
308 | return PTR_ERR(handler); |
309 | if (!handler->get) |
310 | return -EOPNOTSUPP; |
311 | return handler->get(handler, dentry, inode, name, value, size); |
312 | } |
313 | EXPORT_SYMBOL(__vfs_getxattr); |
314 | |
315 | ssize_t |
316 | vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) |
317 | { |
318 | struct inode *inode = dentry->d_inode; |
319 | int error; |
320 | |
321 | error = xattr_permission(inode, name, MAY_READ); |
322 | if (error) |
323 | return error; |
324 | |
325 | error = security_inode_getxattr(dentry, name); |
326 | if (error) |
327 | return error; |
328 | |
329 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
330 | XATTR_SECURITY_PREFIX_LEN)) { |
331 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; |
332 | int ret = xattr_getsecurity(inode, suffix, value, size); |
333 | /* |
334 | * Only overwrite the return value if a security module |
335 | * is actually active. |
336 | */ |
337 | if (ret == -EOPNOTSUPP) |
338 | goto nolsm; |
339 | return ret; |
340 | } |
341 | nolsm: |
342 | return __vfs_getxattr(dentry, inode, name, value, size); |
343 | } |
344 | EXPORT_SYMBOL_GPL(vfs_getxattr); |
345 | |
346 | ssize_t |
347 | vfs_listxattr(struct dentry *dentry, char *list, size_t size) |
348 | { |
349 | struct inode *inode = d_inode(dentry); |
350 | ssize_t error; |
351 | |
352 | error = security_inode_listxattr(dentry); |
353 | if (error) |
354 | return error; |
355 | if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { |
356 | error = -EOPNOTSUPP; |
357 | error = inode->i_op->listxattr(dentry, list, size); |
358 | } else { |
359 | error = security_inode_listsecurity(inode, list, size); |
360 | if (size && error > size) |
361 | error = -ERANGE; |
362 | } |
363 | return error; |
364 | } |
365 | EXPORT_SYMBOL_GPL(vfs_listxattr); |
366 | |
367 | int |
368 | __vfs_removexattr(struct dentry *dentry, const char *name) |
369 | { |
370 | struct inode *inode = d_inode(dentry); |
371 | const struct xattr_handler *handler; |
372 | |
373 | handler = xattr_resolve_name(inode, &name); |
374 | if (IS_ERR(handler)) |
375 | return PTR_ERR(handler); |
376 | if (!handler->set) |
377 | return -EOPNOTSUPP; |
378 | return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE); |
379 | } |
380 | EXPORT_SYMBOL(__vfs_removexattr); |
381 | |
382 | int |
383 | vfs_removexattr(struct dentry *dentry, const char *name) |
384 | { |
385 | struct inode *inode = dentry->d_inode; |
386 | int error; |
387 | |
388 | error = xattr_permission(inode, name, MAY_WRITE); |
389 | if (error) |
390 | return error; |
391 | |
392 | inode_lock(inode); |
393 | error = security_inode_removexattr(dentry, name); |
394 | if (error) |
395 | goto out; |
396 | |
397 | error = __vfs_removexattr(dentry, name); |
398 | |
399 | if (!error) { |
400 | fsnotify_xattr(dentry); |
401 | evm_inode_post_removexattr(dentry, name); |
402 | } |
403 | |
404 | out: |
405 | inode_unlock(inode); |
406 | return error; |
407 | } |
408 | EXPORT_SYMBOL_GPL(vfs_removexattr); |
409 | |
410 | |
411 | /* |
412 | * Extended attribute SET operations |
413 | */ |
414 | static long |
415 | setxattr(struct dentry *d, const char __user *name, const void __user *value, |
416 | size_t size, int flags) |
417 | { |
418 | int error; |
419 | void *kvalue = NULL; |
420 | char kname[XATTR_NAME_MAX + 1]; |
421 | |
422 | if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) |
423 | return -EINVAL; |
424 | |
425 | error = strncpy_from_user(kname, name, sizeof(kname)); |
426 | if (error == 0 || error == sizeof(kname)) |
427 | error = -ERANGE; |
428 | if (error < 0) |
429 | return error; |
430 | |
431 | if (size) { |
432 | if (size > XATTR_SIZE_MAX) |
433 | return -E2BIG; |
434 | kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); |
435 | if (!kvalue) { |
436 | kvalue = vmalloc(size); |
437 | if (!kvalue) |
438 | return -ENOMEM; |
439 | } |
440 | if (copy_from_user(kvalue, value, size)) { |
441 | error = -EFAULT; |
442 | goto out; |
443 | } |
444 | if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || |
445 | (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) |
446 | posix_acl_fix_xattr_from_user(kvalue, size); |
447 | } |
448 | |
449 | error = vfs_setxattr(d, kname, kvalue, size, flags); |
450 | out: |
451 | kvfree(kvalue); |
452 | |
453 | return error; |
454 | } |
455 | |
456 | static int path_setxattr(const char __user *pathname, |
457 | const char __user *name, const void __user *value, |
458 | size_t size, int flags, unsigned int lookup_flags) |
459 | { |
460 | struct path path; |
461 | int error; |
462 | retry: |
463 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
464 | if (error) |
465 | return error; |
466 | error = mnt_want_write(path.mnt); |
467 | if (!error) { |
468 | error = setxattr(path.dentry, name, value, size, flags); |
469 | mnt_drop_write(path.mnt); |
470 | } |
471 | path_put(&path); |
472 | if (retry_estale(error, lookup_flags)) { |
473 | lookup_flags |= LOOKUP_REVAL; |
474 | goto retry; |
475 | } |
476 | return error; |
477 | } |
478 | |
479 | SYSCALL_DEFINE5(setxattr, const char __user *, pathname, |
480 | const char __user *, name, const void __user *, value, |
481 | size_t, size, int, flags) |
482 | { |
483 | return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); |
484 | } |
485 | |
486 | SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, |
487 | const char __user *, name, const void __user *, value, |
488 | size_t, size, int, flags) |
489 | { |
490 | return path_setxattr(pathname, name, value, size, flags, 0); |
491 | } |
492 | |
493 | SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, |
494 | const void __user *,value, size_t, size, int, flags) |
495 | { |
496 | struct fd f = fdget(fd); |
497 | int error = -EBADF; |
498 | |
499 | if (!f.file) |
500 | return error; |
501 | audit_file(f.file); |
502 | error = mnt_want_write_file(f.file); |
503 | if (!error) { |
504 | error = setxattr(f.file->f_path.dentry, name, value, size, flags); |
505 | mnt_drop_write_file(f.file); |
506 | } |
507 | fdput(f); |
508 | return error; |
509 | } |
510 | |
511 | /* |
512 | * Extended attribute GET operations |
513 | */ |
514 | static ssize_t |
515 | getxattr(struct dentry *d, const char __user *name, void __user *value, |
516 | size_t size) |
517 | { |
518 | ssize_t error; |
519 | void *kvalue = NULL; |
520 | char kname[XATTR_NAME_MAX + 1]; |
521 | |
522 | error = strncpy_from_user(kname, name, sizeof(kname)); |
523 | if (error == 0 || error == sizeof(kname)) |
524 | error = -ERANGE; |
525 | if (error < 0) |
526 | return error; |
527 | |
528 | if (size) { |
529 | if (size > XATTR_SIZE_MAX) |
530 | size = XATTR_SIZE_MAX; |
531 | kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); |
532 | if (!kvalue) { |
533 | kvalue = vzalloc(size); |
534 | if (!kvalue) |
535 | return -ENOMEM; |
536 | } |
537 | } |
538 | |
539 | error = vfs_getxattr(d, kname, kvalue, size); |
540 | if (error > 0) { |
541 | if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || |
542 | (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) |
543 | posix_acl_fix_xattr_to_user(kvalue, error); |
544 | if (size && copy_to_user(value, kvalue, error)) |
545 | error = -EFAULT; |
546 | } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { |
547 | /* The file system tried to returned a value bigger |
548 | than XATTR_SIZE_MAX bytes. Not possible. */ |
549 | error = -E2BIG; |
550 | } |
551 | |
552 | kvfree(kvalue); |
553 | |
554 | return error; |
555 | } |
556 | |
557 | static ssize_t path_getxattr(const char __user *pathname, |
558 | const char __user *name, void __user *value, |
559 | size_t size, unsigned int lookup_flags) |
560 | { |
561 | struct path path; |
562 | ssize_t error; |
563 | retry: |
564 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
565 | if (error) |
566 | return error; |
567 | error = getxattr(path.dentry, name, value, size); |
568 | path_put(&path); |
569 | if (retry_estale(error, lookup_flags)) { |
570 | lookup_flags |= LOOKUP_REVAL; |
571 | goto retry; |
572 | } |
573 | return error; |
574 | } |
575 | |
576 | SYSCALL_DEFINE4(getxattr, const char __user *, pathname, |
577 | const char __user *, name, void __user *, value, size_t, size) |
578 | { |
579 | return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); |
580 | } |
581 | |
582 | SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, |
583 | const char __user *, name, void __user *, value, size_t, size) |
584 | { |
585 | return path_getxattr(pathname, name, value, size, 0); |
586 | } |
587 | |
588 | SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, |
589 | void __user *, value, size_t, size) |
590 | { |
591 | struct fd f = fdget(fd); |
592 | ssize_t error = -EBADF; |
593 | |
594 | if (!f.file) |
595 | return error; |
596 | audit_file(f.file); |
597 | error = getxattr(f.file->f_path.dentry, name, value, size); |
598 | fdput(f); |
599 | return error; |
600 | } |
601 | |
602 | /* |
603 | * Extended attribute LIST operations |
604 | */ |
605 | static ssize_t |
606 | listxattr(struct dentry *d, char __user *list, size_t size) |
607 | { |
608 | ssize_t error; |
609 | char *klist = NULL; |
610 | |
611 | if (size) { |
612 | if (size > XATTR_LIST_MAX) |
613 | size = XATTR_LIST_MAX; |
614 | klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); |
615 | if (!klist) { |
616 | klist = vmalloc(size); |
617 | if (!klist) |
618 | return -ENOMEM; |
619 | } |
620 | } |
621 | |
622 | error = vfs_listxattr(d, klist, size); |
623 | if (error > 0) { |
624 | if (size && copy_to_user(list, klist, error)) |
625 | error = -EFAULT; |
626 | } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { |
627 | /* The file system tried to returned a list bigger |
628 | than XATTR_LIST_MAX bytes. Not possible. */ |
629 | error = -E2BIG; |
630 | } |
631 | |
632 | kvfree(klist); |
633 | |
634 | return error; |
635 | } |
636 | |
637 | static ssize_t path_listxattr(const char __user *pathname, char __user *list, |
638 | size_t size, unsigned int lookup_flags) |
639 | { |
640 | struct path path; |
641 | ssize_t error; |
642 | retry: |
643 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
644 | if (error) |
645 | return error; |
646 | error = listxattr(path.dentry, list, size); |
647 | path_put(&path); |
648 | if (retry_estale(error, lookup_flags)) { |
649 | lookup_flags |= LOOKUP_REVAL; |
650 | goto retry; |
651 | } |
652 | return error; |
653 | } |
654 | |
655 | SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, |
656 | size_t, size) |
657 | { |
658 | return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); |
659 | } |
660 | |
661 | SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, |
662 | size_t, size) |
663 | { |
664 | return path_listxattr(pathname, list, size, 0); |
665 | } |
666 | |
667 | SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) |
668 | { |
669 | struct fd f = fdget(fd); |
670 | ssize_t error = -EBADF; |
671 | |
672 | if (!f.file) |
673 | return error; |
674 | audit_file(f.file); |
675 | error = listxattr(f.file->f_path.dentry, list, size); |
676 | fdput(f); |
677 | return error; |
678 | } |
679 | |
680 | /* |
681 | * Extended attribute REMOVE operations |
682 | */ |
683 | static long |
684 | removexattr(struct dentry *d, const char __user *name) |
685 | { |
686 | int error; |
687 | char kname[XATTR_NAME_MAX + 1]; |
688 | |
689 | error = strncpy_from_user(kname, name, sizeof(kname)); |
690 | if (error == 0 || error == sizeof(kname)) |
691 | error = -ERANGE; |
692 | if (error < 0) |
693 | return error; |
694 | |
695 | return vfs_removexattr(d, kname); |
696 | } |
697 | |
698 | static int path_removexattr(const char __user *pathname, |
699 | const char __user *name, unsigned int lookup_flags) |
700 | { |
701 | struct path path; |
702 | int error; |
703 | retry: |
704 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
705 | if (error) |
706 | return error; |
707 | error = mnt_want_write(path.mnt); |
708 | if (!error) { |
709 | error = removexattr(path.dentry, name); |
710 | mnt_drop_write(path.mnt); |
711 | } |
712 | path_put(&path); |
713 | if (retry_estale(error, lookup_flags)) { |
714 | lookup_flags |= LOOKUP_REVAL; |
715 | goto retry; |
716 | } |
717 | return error; |
718 | } |
719 | |
720 | SYSCALL_DEFINE2(removexattr, const char __user *, pathname, |
721 | const char __user *, name) |
722 | { |
723 | return path_removexattr(pathname, name, LOOKUP_FOLLOW); |
724 | } |
725 | |
726 | SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, |
727 | const char __user *, name) |
728 | { |
729 | return path_removexattr(pathname, name, 0); |
730 | } |
731 | |
732 | SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) |
733 | { |
734 | struct fd f = fdget(fd); |
735 | int error = -EBADF; |
736 | |
737 | if (!f.file) |
738 | return error; |
739 | audit_file(f.file); |
740 | error = mnt_want_write_file(f.file); |
741 | if (!error) { |
742 | error = removexattr(f.file->f_path.dentry, name); |
743 | mnt_drop_write_file(f.file); |
744 | } |
745 | fdput(f); |
746 | return error; |
747 | } |
748 | |
749 | /* |
750 | * Combine the results of the list() operation from every xattr_handler in the |
751 | * list. |
752 | */ |
753 | ssize_t |
754 | generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) |
755 | { |
756 | const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; |
757 | unsigned int size = 0; |
758 | |
759 | if (!buffer) { |
760 | for_each_xattr_handler(handlers, handler) { |
761 | if (!handler->name || |
762 | (handler->list && !handler->list(dentry))) |
763 | continue; |
764 | size += strlen(handler->name) + 1; |
765 | } |
766 | } else { |
767 | char *buf = buffer; |
768 | size_t len; |
769 | |
770 | for_each_xattr_handler(handlers, handler) { |
771 | if (!handler->name || |
772 | (handler->list && !handler->list(dentry))) |
773 | continue; |
774 | len = strlen(handler->name); |
775 | if (len + 1 > buffer_size) |
776 | return -ERANGE; |
777 | memcpy(buf, handler->name, len + 1); |
778 | buf += len + 1; |
779 | buffer_size -= len + 1; |
780 | } |
781 | size = buf - buffer; |
782 | } |
783 | return size; |
784 | } |
785 | EXPORT_SYMBOL(generic_listxattr); |
786 | |
787 | /** |
788 | * xattr_full_name - Compute full attribute name from suffix |
789 | * |
790 | * @handler: handler of the xattr_handler operation |
791 | * @name: name passed to the xattr_handler operation |
792 | * |
793 | * The get and set xattr handler operations are called with the remainder of |
794 | * the attribute name after skipping the handler's prefix: for example, "foo" |
795 | * is passed to the get operation of a handler with prefix "user." to get |
796 | * attribute "user.foo". The full name is still "there" in the name though. |
797 | * |
798 | * Note: the list xattr handler operation when called from the vfs is passed a |
799 | * NULL name; some file systems use this operation internally, with varying |
800 | * semantics. |
801 | */ |
802 | const char *xattr_full_name(const struct xattr_handler *handler, |
803 | const char *name) |
804 | { |
805 | size_t prefix_len = strlen(xattr_prefix(handler)); |
806 | |
807 | return name - prefix_len; |
808 | } |
809 | EXPORT_SYMBOL(xattr_full_name); |
810 | |
811 | /* |
812 | * Allocate new xattr and copy in the value; but leave the name to callers. |
813 | */ |
814 | struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) |
815 | { |
816 | struct simple_xattr *new_xattr; |
817 | size_t len; |
818 | |
819 | /* wrap around? */ |
820 | len = sizeof(*new_xattr) + size; |
821 | if (len < sizeof(*new_xattr)) |
822 | return NULL; |
823 | |
824 | new_xattr = kmalloc(len, GFP_KERNEL); |
825 | if (!new_xattr) |
826 | return NULL; |
827 | |
828 | new_xattr->size = size; |
829 | memcpy(new_xattr->value, value, size); |
830 | return new_xattr; |
831 | } |
832 | |
833 | /* |
834 | * xattr GET operation for in-memory/pseudo filesystems |
835 | */ |
836 | int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, |
837 | void *buffer, size_t size) |
838 | { |
839 | struct simple_xattr *xattr; |
840 | int ret = -ENODATA; |
841 | |
842 | spin_lock(&xattrs->lock); |
843 | list_for_each_entry(xattr, &xattrs->head, list) { |
844 | if (strcmp(name, xattr->name)) |
845 | continue; |
846 | |
847 | ret = xattr->size; |
848 | if (buffer) { |
849 | if (size < xattr->size) |
850 | ret = -ERANGE; |
851 | else |
852 | memcpy(buffer, xattr->value, xattr->size); |
853 | } |
854 | break; |
855 | } |
856 | spin_unlock(&xattrs->lock); |
857 | return ret; |
858 | } |
859 | |
860 | /** |
861 | * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems |
862 | * @xattrs: target simple_xattr list |
863 | * @name: name of the extended attribute |
864 | * @value: value of the xattr. If %NULL, will remove the attribute. |
865 | * @size: size of the new xattr |
866 | * @flags: %XATTR_{CREATE|REPLACE} |
867 | * |
868 | * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails |
869 | * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; |
870 | * otherwise, fails with -ENODATA. |
871 | * |
872 | * Returns 0 on success, -errno on failure. |
873 | */ |
874 | int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, |
875 | const void *value, size_t size, int flags) |
876 | { |
877 | struct simple_xattr *xattr; |
878 | struct simple_xattr *new_xattr = NULL; |
879 | int err = 0; |
880 | |
881 | /* value == NULL means remove */ |
882 | if (value) { |
883 | new_xattr = simple_xattr_alloc(value, size); |
884 | if (!new_xattr) |
885 | return -ENOMEM; |
886 | |
887 | new_xattr->name = kstrdup(name, GFP_KERNEL); |
888 | if (!new_xattr->name) { |
889 | kfree(new_xattr); |
890 | return -ENOMEM; |
891 | } |
892 | } |
893 | |
894 | spin_lock(&xattrs->lock); |
895 | list_for_each_entry(xattr, &xattrs->head, list) { |
896 | if (!strcmp(name, xattr->name)) { |
897 | if (flags & XATTR_CREATE) { |
898 | xattr = new_xattr; |
899 | err = -EEXIST; |
900 | } else if (new_xattr) { |
901 | list_replace(&xattr->list, &new_xattr->list); |
902 | } else { |
903 | list_del(&xattr->list); |
904 | } |
905 | goto out; |
906 | } |
907 | } |
908 | if (flags & XATTR_REPLACE) { |
909 | xattr = new_xattr; |
910 | err = -ENODATA; |
911 | } else { |
912 | list_add(&new_xattr->list, &xattrs->head); |
913 | xattr = NULL; |
914 | } |
915 | out: |
916 | spin_unlock(&xattrs->lock); |
917 | if (xattr) { |
918 | kfree(xattr->name); |
919 | kfree(xattr); |
920 | } |
921 | return err; |
922 | |
923 | } |
924 | |
925 | static bool xattr_is_trusted(const char *name) |
926 | { |
927 | return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); |
928 | } |
929 | |
930 | static int xattr_list_one(char **buffer, ssize_t *remaining_size, |
931 | const char *name) |
932 | { |
933 | size_t len = strlen(name) + 1; |
934 | if (*buffer) { |
935 | if (*remaining_size < len) |
936 | return -ERANGE; |
937 | memcpy(*buffer, name, len); |
938 | *buffer += len; |
939 | } |
940 | *remaining_size -= len; |
941 | return 0; |
942 | } |
943 | |
944 | /* |
945 | * xattr LIST operation for in-memory/pseudo filesystems |
946 | */ |
947 | ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, |
948 | char *buffer, size_t size) |
949 | { |
950 | bool trusted = capable(CAP_SYS_ADMIN); |
951 | struct simple_xattr *xattr; |
952 | ssize_t remaining_size = size; |
953 | int err = 0; |
954 | |
955 | #ifdef CONFIG_FS_POSIX_ACL |
956 | if (IS_POSIXACL(inode)) { |
957 | if (inode->i_acl) { |
958 | err = xattr_list_one(&buffer, &remaining_size, |
959 | XATTR_NAME_POSIX_ACL_ACCESS); |
960 | if (err) |
961 | return err; |
962 | } |
963 | if (inode->i_default_acl) { |
964 | err = xattr_list_one(&buffer, &remaining_size, |
965 | XATTR_NAME_POSIX_ACL_DEFAULT); |
966 | if (err) |
967 | return err; |
968 | } |
969 | } |
970 | #endif |
971 | |
972 | spin_lock(&xattrs->lock); |
973 | list_for_each_entry(xattr, &xattrs->head, list) { |
974 | /* skip "trusted." attributes for unprivileged callers */ |
975 | if (!trusted && xattr_is_trusted(xattr->name)) |
976 | continue; |
977 | |
978 | err = xattr_list_one(&buffer, &remaining_size, xattr->name); |
979 | if (err) |
980 | break; |
981 | } |
982 | spin_unlock(&xattrs->lock); |
983 | |
984 | return err ? err : size - remaining_size; |
985 | } |
986 | |
987 | /* |
988 | * Adds an extended attribute to the list |
989 | */ |
990 | void simple_xattr_list_add(struct simple_xattrs *xattrs, |
991 | struct simple_xattr *new_xattr) |
992 | { |
993 | spin_lock(&xattrs->lock); |
994 | list_add(&new_xattr->list, &xattrs->head); |
995 | spin_unlock(&xattrs->lock); |
996 | } |
997 |