xattr.c 40 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. File: fs/xattr.c
  4. Extended attribute handling.
  5. Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
  6. Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
  7. Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
  8. */
  9. #include <linux/fs.h>
  10. #include <linux/filelock.h>
  11. #include <linux/slab.h>
  12. #include <linux/file.h>
  13. #include <linux/xattr.h>
  14. #include <linux/mount.h>
  15. #include <linux/namei.h>
  16. #include <linux/security.h>
  17. #include <linux/syscalls.h>
  18. #include <linux/export.h>
  19. #include <linux/fsnotify.h>
  20. #include <linux/audit.h>
  21. #include <linux/vmalloc.h>
  22. #include <linux/posix_acl_xattr.h>
  23. #include <linux/uaccess.h>
  24. #include "internal.h"
  25. static const char *
  26. strcmp_prefix(const char *a, const char *a_prefix)
  27. {
  28. while (*a_prefix && *a == *a_prefix) {
  29. a++;
  30. a_prefix++;
  31. }
  32. return *a_prefix ? NULL : a;
  33. }
  34. /*
  35. * In order to implement different sets of xattr operations for each xattr
  36. * prefix, a filesystem should create a null-terminated array of struct
  37. * xattr_handler (one for each prefix) and hang a pointer to it off of the
  38. * s_xattr field of the superblock.
  39. */
  40. #define for_each_xattr_handler(handlers, handler) \
  41. if (handlers) \
  42. for ((handler) = *(handlers)++; \
  43. (handler) != NULL; \
  44. (handler) = *(handlers)++)
  45. /*
  46. * Find the xattr_handler with the matching prefix.
  47. */
  48. static const struct xattr_handler *
  49. xattr_resolve_name(struct inode *inode, const char **name)
  50. {
  51. const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
  52. const struct xattr_handler *handler;
  53. if (!(inode->i_opflags & IOP_XATTR)) {
  54. if (unlikely(is_bad_inode(inode)))
  55. return ERR_PTR(-EIO);
  56. return ERR_PTR(-EOPNOTSUPP);
  57. }
  58. for_each_xattr_handler(handlers, handler) {
  59. const char *n;
  60. n = strcmp_prefix(*name, xattr_prefix(handler));
  61. if (n) {
  62. if (!handler->prefix ^ !*n) {
  63. if (*n)
  64. continue;
  65. return ERR_PTR(-EINVAL);
  66. }
  67. *name = n;
  68. return handler;
  69. }
  70. }
  71. return ERR_PTR(-EOPNOTSUPP);
  72. }
  73. /**
  74. * may_write_xattr - check whether inode allows writing xattr
  75. * @idmap: idmap of the mount the inode was found from
  76. * @inode: the inode on which to set an xattr
  77. *
  78. * Check whether the inode allows writing xattrs. Specifically, we can never
  79. * set or remove an extended attribute on a read-only filesystem or on an
  80. * immutable / append-only inode.
  81. *
  82. * We also need to ensure that the inode has a mapping in the mount to
  83. * not risk writing back invalid i_{g,u}id values.
  84. *
  85. * Return: On success zero is returned. On error a negative errno is returned.
  86. */
  87. int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode)
  88. {
  89. if (IS_IMMUTABLE(inode))
  90. return -EPERM;
  91. if (IS_APPEND(inode))
  92. return -EPERM;
  93. if (HAS_UNMAPPED_ID(idmap, inode))
  94. return -EPERM;
  95. return 0;
  96. }
  97. /*
  98. * Check permissions for extended attribute access. This is a bit complicated
  99. * because different namespaces have very different rules.
  100. */
  101. static int
  102. xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
  103. const char *name, int mask)
  104. {
  105. if (mask & MAY_WRITE) {
  106. int ret;
  107. ret = may_write_xattr(idmap, inode);
  108. if (ret)
  109. return ret;
  110. }
  111. /*
  112. * No restriction for security.* and system.* from the VFS. Decision
  113. * on these is left to the underlying filesystem / security module.
  114. */
  115. if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
  116. !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
  117. return 0;
  118. /*
  119. * The trusted.* namespace can only be accessed by privileged users.
  120. */
  121. if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
  122. if (!capable(CAP_SYS_ADMIN))
  123. return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
  124. return 0;
  125. }
  126. /*
  127. * In the user.* namespace, only regular files and directories can have
  128. * extended attributes. For sticky directories, only the owner and
  129. * privileged users can write attributes.
  130. */
  131. if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
  132. if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
  133. return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
  134. if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
  135. (mask & MAY_WRITE) &&
  136. !inode_owner_or_capable(idmap, inode))
  137. return -EPERM;
  138. }
  139. return inode_permission(idmap, inode, mask);
  140. }
  141. /*
  142. * Look for any handler that deals with the specified namespace.
  143. */
  144. int
  145. xattr_supports_user_prefix(struct inode *inode)
  146. {
  147. const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
  148. const struct xattr_handler *handler;
  149. if (!(inode->i_opflags & IOP_XATTR)) {
  150. if (unlikely(is_bad_inode(inode)))
  151. return -EIO;
  152. return -EOPNOTSUPP;
  153. }
  154. for_each_xattr_handler(handlers, handler) {
  155. if (!strncmp(xattr_prefix(handler), XATTR_USER_PREFIX,
  156. XATTR_USER_PREFIX_LEN))
  157. return 0;
  158. }
  159. return -EOPNOTSUPP;
  160. }
  161. EXPORT_SYMBOL(xattr_supports_user_prefix);
  162. int
  163. __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
  164. struct inode *inode, const char *name, const void *value,
  165. size_t size, int flags)
  166. {
  167. const struct xattr_handler *handler;
  168. if (is_posix_acl_xattr(name))
  169. return -EOPNOTSUPP;
  170. handler = xattr_resolve_name(inode, &name);
  171. if (IS_ERR(handler))
  172. return PTR_ERR(handler);
  173. if (!handler->set)
  174. return -EOPNOTSUPP;
  175. if (size == 0)
  176. value = ""; /* empty EA, do not remove */
  177. return handler->set(handler, idmap, dentry, inode, name, value,
  178. size, flags);
  179. }
  180. EXPORT_SYMBOL(__vfs_setxattr);
  181. /**
  182. * __vfs_setxattr_noperm - perform setxattr operation without performing
  183. * permission checks.
  184. *
  185. * @idmap: idmap of the mount the inode was found from
  186. * @dentry: object to perform setxattr on
  187. * @name: xattr name to set
  188. * @value: value to set @name to
  189. * @size: size of @value
  190. * @flags: flags to pass into filesystem operations
  191. *
  192. * returns the result of the internal setxattr or setsecurity operations.
  193. *
  194. * This function requires the caller to lock the inode's i_rwsem before it
  195. * is executed. It also assumes that the caller will make the appropriate
  196. * permission checks.
  197. */
  198. int __vfs_setxattr_noperm(struct mnt_idmap *idmap,
  199. struct dentry *dentry, const char *name,
  200. const void *value, size_t size, int flags)
  201. {
  202. struct inode *inode = dentry->d_inode;
  203. int error = -EAGAIN;
  204. int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
  205. XATTR_SECURITY_PREFIX_LEN);
  206. if (issec)
  207. inode->i_flags &= ~S_NOSEC;
  208. if (inode->i_opflags & IOP_XATTR) {
  209. error = __vfs_setxattr(idmap, dentry, inode, name, value,
  210. size, flags);
  211. if (!error) {
  212. fsnotify_xattr(dentry);
  213. security_inode_post_setxattr(dentry, name, value,
  214. size, flags);
  215. }
  216. } else {
  217. if (unlikely(is_bad_inode(inode)))
  218. return -EIO;
  219. }
  220. if (error == -EAGAIN) {
  221. error = -EOPNOTSUPP;
  222. if (issec) {
  223. const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
  224. error = security_inode_setsecurity(inode, suffix, value,
  225. size, flags);
  226. if (!error)
  227. fsnotify_xattr(dentry);
  228. }
  229. }
  230. return error;
  231. }
  232. /**
  233. * __vfs_setxattr_locked - set an extended attribute while holding the inode
  234. * lock
  235. *
  236. * @idmap: idmap of the mount of the target inode
  237. * @dentry: object to perform setxattr on
  238. * @name: xattr name to set
  239. * @value: value to set @name to
  240. * @size: size of @value
  241. * @flags: flags to pass into filesystem operations
  242. * @delegated_inode: on return, will contain an inode pointer that
  243. * a delegation was broken on, NULL if none.
  244. */
  245. int
  246. __vfs_setxattr_locked(struct mnt_idmap *idmap, struct dentry *dentry,
  247. const char *name, const void *value, size_t size,
  248. int flags, struct delegated_inode *delegated_inode)
  249. {
  250. struct inode *inode = dentry->d_inode;
  251. int error;
  252. error = xattr_permission(idmap, inode, name, MAY_WRITE);
  253. if (error)
  254. return error;
  255. error = security_inode_setxattr(idmap, dentry, name, value, size,
  256. flags);
  257. if (error)
  258. goto out;
  259. error = try_break_deleg(inode, delegated_inode);
  260. if (error)
  261. goto out;
  262. error = __vfs_setxattr_noperm(idmap, dentry, name, value,
  263. size, flags);
  264. out:
  265. return error;
  266. }
  267. EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
  268. int
  269. vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
  270. const char *name, const void *value, size_t size, int flags)
  271. {
  272. struct inode *inode = dentry->d_inode;
  273. struct delegated_inode delegated_inode = { };
  274. const void *orig_value = value;
  275. int error;
  276. if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
  277. error = cap_convert_nscap(idmap, dentry, &value, size);
  278. if (error < 0)
  279. return error;
  280. size = error;
  281. }
  282. retry_deleg:
  283. inode_lock(inode);
  284. error = __vfs_setxattr_locked(idmap, dentry, name, value, size,
  285. flags, &delegated_inode);
  286. inode_unlock(inode);
  287. if (is_delegated(&delegated_inode)) {
  288. error = break_deleg_wait(&delegated_inode);
  289. if (!error)
  290. goto retry_deleg;
  291. }
  292. if (value != orig_value)
  293. kfree(value);
  294. return error;
  295. }
  296. EXPORT_SYMBOL_GPL(vfs_setxattr);
  297. static ssize_t
  298. xattr_getsecurity(struct mnt_idmap *idmap, struct inode *inode,
  299. const char *name, void *value, size_t size)
  300. {
  301. void *buffer = NULL;
  302. ssize_t len;
  303. if (!value || !size) {
  304. len = security_inode_getsecurity(idmap, inode, name,
  305. &buffer, false);
  306. goto out_noalloc;
  307. }
  308. len = security_inode_getsecurity(idmap, inode, name, &buffer,
  309. true);
  310. if (len < 0)
  311. return len;
  312. if (size < len) {
  313. len = -ERANGE;
  314. goto out;
  315. }
  316. memcpy(value, buffer, len);
  317. out:
  318. kfree(buffer);
  319. out_noalloc:
  320. return len;
  321. }
  322. /*
  323. * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
  324. *
  325. * Allocate memory, if not already allocated, or re-allocate correct size,
  326. * before retrieving the extended attribute. The xattr value buffer should
  327. * always be freed by the caller, even on error.
  328. *
  329. * Returns the result of alloc, if failed, or the getxattr operation.
  330. */
  331. int
  332. vfs_getxattr_alloc(struct mnt_idmap *idmap, struct dentry *dentry,
  333. const char *name, char **xattr_value, size_t xattr_size,
  334. gfp_t flags)
  335. {
  336. const struct xattr_handler *handler;
  337. struct inode *inode = dentry->d_inode;
  338. char *value = *xattr_value;
  339. int error;
  340. error = xattr_permission(idmap, inode, name, MAY_READ);
  341. if (error)
  342. return error;
  343. handler = xattr_resolve_name(inode, &name);
  344. if (IS_ERR(handler))
  345. return PTR_ERR(handler);
  346. if (!handler->get)
  347. return -EOPNOTSUPP;
  348. error = handler->get(handler, dentry, inode, name, NULL, 0);
  349. if (error < 0)
  350. return error;
  351. if (!value || (error > xattr_size)) {
  352. value = krealloc(*xattr_value, error + 1, flags);
  353. if (!value)
  354. return -ENOMEM;
  355. memset(value, 0, error + 1);
  356. }
  357. error = handler->get(handler, dentry, inode, name, value, error);
  358. *xattr_value = value;
  359. return error;
  360. }
  361. ssize_t
  362. __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
  363. void *value, size_t size)
  364. {
  365. const struct xattr_handler *handler;
  366. if (is_posix_acl_xattr(name))
  367. return -EOPNOTSUPP;
  368. handler = xattr_resolve_name(inode, &name);
  369. if (IS_ERR(handler))
  370. return PTR_ERR(handler);
  371. if (!handler->get)
  372. return -EOPNOTSUPP;
  373. return handler->get(handler, dentry, inode, name, value, size);
  374. }
  375. EXPORT_SYMBOL(__vfs_getxattr);
  376. ssize_t
  377. vfs_getxattr(struct mnt_idmap *idmap, struct dentry *dentry,
  378. const char *name, void *value, size_t size)
  379. {
  380. struct inode *inode = dentry->d_inode;
  381. int error;
  382. error = xattr_permission(idmap, inode, name, MAY_READ);
  383. if (error)
  384. return error;
  385. error = security_inode_getxattr(dentry, name);
  386. if (error)
  387. return error;
  388. if (!strncmp(name, XATTR_SECURITY_PREFIX,
  389. XATTR_SECURITY_PREFIX_LEN)) {
  390. const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
  391. int ret = xattr_getsecurity(idmap, inode, suffix, value,
  392. size);
  393. /*
  394. * Only overwrite the return value if a security module
  395. * is actually active.
  396. */
  397. if (ret == -EOPNOTSUPP)
  398. goto nolsm;
  399. return ret;
  400. }
  401. nolsm:
  402. return __vfs_getxattr(dentry, inode, name, value, size);
  403. }
  404. EXPORT_SYMBOL_GPL(vfs_getxattr);
  405. /**
  406. * vfs_listxattr - retrieve \0 separated list of xattr names
  407. * @dentry: the dentry from whose inode the xattr names are retrieved
  408. * @list: buffer to store xattr names into
  409. * @size: size of the buffer
  410. *
  411. * This function returns the names of all xattrs associated with the
  412. * inode of @dentry.
  413. *
  414. * Note, for legacy reasons the vfs_listxattr() function lists POSIX
  415. * ACLs as well. Since POSIX ACLs are decoupled from IOP_XATTR the
  416. * vfs_listxattr() function doesn't check for this flag since a
  417. * filesystem could implement POSIX ACLs without implementing any other
  418. * xattrs.
  419. *
  420. * However, since all codepaths that remove IOP_XATTR also assign of
  421. * inode operations that either don't implement or implement a stub
  422. * ->listxattr() operation.
  423. *
  424. * Return: On success, the size of the buffer that was used. On error a
  425. * negative error code.
  426. */
  427. ssize_t
  428. vfs_listxattr(struct dentry *dentry, char *list, size_t size)
  429. {
  430. struct inode *inode = d_inode(dentry);
  431. ssize_t error;
  432. error = security_inode_listxattr(dentry);
  433. if (error)
  434. return error;
  435. if (inode->i_op->listxattr) {
  436. error = inode->i_op->listxattr(dentry, list, size);
  437. } else {
  438. error = security_inode_listsecurity(inode, list, size);
  439. if (size && error > size)
  440. error = -ERANGE;
  441. }
  442. return error;
  443. }
  444. EXPORT_SYMBOL_GPL(vfs_listxattr);
  445. int
  446. __vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
  447. const char *name)
  448. {
  449. struct inode *inode = d_inode(dentry);
  450. const struct xattr_handler *handler;
  451. if (is_posix_acl_xattr(name))
  452. return -EOPNOTSUPP;
  453. handler = xattr_resolve_name(inode, &name);
  454. if (IS_ERR(handler))
  455. return PTR_ERR(handler);
  456. if (!handler->set)
  457. return -EOPNOTSUPP;
  458. return handler->set(handler, idmap, dentry, inode, name, NULL, 0,
  459. XATTR_REPLACE);
  460. }
  461. EXPORT_SYMBOL(__vfs_removexattr);
  462. /**
  463. * __vfs_removexattr_locked - set an extended attribute while holding the inode
  464. * lock
  465. *
  466. * @idmap: idmap of the mount of the target inode
  467. * @dentry: object to perform setxattr on
  468. * @name: name of xattr to remove
  469. * @delegated_inode: on return, will contain an inode pointer that
  470. * a delegation was broken on, NULL if none.
  471. */
  472. int
  473. __vfs_removexattr_locked(struct mnt_idmap *idmap,
  474. struct dentry *dentry, const char *name,
  475. struct delegated_inode *delegated_inode)
  476. {
  477. struct inode *inode = dentry->d_inode;
  478. int error;
  479. error = xattr_permission(idmap, inode, name, MAY_WRITE);
  480. if (error)
  481. return error;
  482. error = security_inode_removexattr(idmap, dentry, name);
  483. if (error)
  484. goto out;
  485. error = try_break_deleg(inode, delegated_inode);
  486. if (error)
  487. goto out;
  488. error = __vfs_removexattr(idmap, dentry, name);
  489. if (error)
  490. return error;
  491. fsnotify_xattr(dentry);
  492. security_inode_post_removexattr(dentry, name);
  493. out:
  494. return error;
  495. }
  496. EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
  497. int
  498. vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
  499. const char *name)
  500. {
  501. struct inode *inode = dentry->d_inode;
  502. struct delegated_inode delegated_inode = { };
  503. int error;
  504. retry_deleg:
  505. inode_lock(inode);
  506. error = __vfs_removexattr_locked(idmap, dentry,
  507. name, &delegated_inode);
  508. inode_unlock(inode);
  509. if (is_delegated(&delegated_inode)) {
  510. error = break_deleg_wait(&delegated_inode);
  511. if (!error)
  512. goto retry_deleg;
  513. }
  514. return error;
  515. }
  516. EXPORT_SYMBOL_GPL(vfs_removexattr);
  517. int import_xattr_name(struct xattr_name *kname, const char __user *name)
  518. {
  519. int error = strncpy_from_user(kname->name, name,
  520. sizeof(kname->name));
  521. if (error == 0 || error == sizeof(kname->name))
  522. return -ERANGE;
  523. if (error < 0)
  524. return error;
  525. return 0;
  526. }
  527. /*
  528. * Extended attribute SET operations
  529. */
  530. int setxattr_copy(const char __user *name, struct kernel_xattr_ctx *ctx)
  531. {
  532. int error;
  533. if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE))
  534. return -EINVAL;
  535. error = import_xattr_name(ctx->kname, name);
  536. if (error)
  537. return error;
  538. if (ctx->size) {
  539. if (ctx->size > XATTR_SIZE_MAX)
  540. return -E2BIG;
  541. ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size);
  542. if (IS_ERR(ctx->kvalue)) {
  543. error = PTR_ERR(ctx->kvalue);
  544. ctx->kvalue = NULL;
  545. }
  546. }
  547. return error;
  548. }
  549. static int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
  550. struct kernel_xattr_ctx *ctx)
  551. {
  552. if (is_posix_acl_xattr(ctx->kname->name))
  553. return do_set_acl(idmap, dentry, ctx->kname->name,
  554. ctx->kvalue, ctx->size);
  555. return vfs_setxattr(idmap, dentry, ctx->kname->name,
  556. ctx->kvalue, ctx->size, ctx->flags);
  557. }
  558. int file_setxattr(struct file *f, struct kernel_xattr_ctx *ctx)
  559. {
  560. int error = mnt_want_write_file(f);
  561. if (!error) {
  562. audit_file(f);
  563. error = do_setxattr(file_mnt_idmap(f), f->f_path.dentry, ctx);
  564. mnt_drop_write_file(f);
  565. }
  566. return error;
  567. }
  568. int filename_setxattr(int dfd, struct filename *filename,
  569. unsigned int lookup_flags, struct kernel_xattr_ctx *ctx)
  570. {
  571. struct path path;
  572. int error;
  573. retry:
  574. error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
  575. if (error)
  576. return error;
  577. error = mnt_want_write(path.mnt);
  578. if (!error) {
  579. error = do_setxattr(mnt_idmap(path.mnt), path.dentry, ctx);
  580. mnt_drop_write(path.mnt);
  581. }
  582. path_put(&path);
  583. if (retry_estale(error, lookup_flags)) {
  584. lookup_flags |= LOOKUP_REVAL;
  585. goto retry;
  586. }
  587. return error;
  588. }
  589. static int path_setxattrat(int dfd, const char __user *pathname,
  590. unsigned int at_flags, const char __user *name,
  591. const void __user *value, size_t size, int flags)
  592. {
  593. struct xattr_name kname;
  594. struct kernel_xattr_ctx ctx = {
  595. .cvalue = value,
  596. .kvalue = NULL,
  597. .size = size,
  598. .kname = &kname,
  599. .flags = flags,
  600. };
  601. unsigned int lookup_flags = 0;
  602. int error;
  603. if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
  604. return -EINVAL;
  605. if (!(at_flags & AT_SYMLINK_NOFOLLOW))
  606. lookup_flags = LOOKUP_FOLLOW;
  607. error = setxattr_copy(name, &ctx);
  608. if (error)
  609. return error;
  610. CLASS(filename_maybe_null, filename)(pathname, at_flags);
  611. if (!filename && dfd >= 0) {
  612. CLASS(fd, f)(dfd);
  613. if (fd_empty(f))
  614. error = -EBADF;
  615. else
  616. error = file_setxattr(fd_file(f), &ctx);
  617. } else {
  618. error = filename_setxattr(dfd, filename, lookup_flags, &ctx);
  619. }
  620. kvfree(ctx.kvalue);
  621. return error;
  622. }
  623. SYSCALL_DEFINE6(setxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags,
  624. const char __user *, name, const struct xattr_args __user *, uargs,
  625. size_t, usize)
  626. {
  627. struct xattr_args args = {};
  628. int error;
  629. BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0);
  630. BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST);
  631. if (unlikely(usize < XATTR_ARGS_SIZE_VER0))
  632. return -EINVAL;
  633. if (usize > PAGE_SIZE)
  634. return -E2BIG;
  635. error = copy_struct_from_user(&args, sizeof(args), uargs, usize);
  636. if (error)
  637. return error;
  638. return path_setxattrat(dfd, pathname, at_flags, name,
  639. u64_to_user_ptr(args.value), args.size,
  640. args.flags);
  641. }
  642. SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
  643. const char __user *, name, const void __user *, value,
  644. size_t, size, int, flags)
  645. {
  646. return path_setxattrat(AT_FDCWD, pathname, 0, name, value, size, flags);
  647. }
  648. SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
  649. const char __user *, name, const void __user *, value,
  650. size_t, size, int, flags)
  651. {
  652. return path_setxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name,
  653. value, size, flags);
  654. }
  655. SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
  656. const void __user *,value, size_t, size, int, flags)
  657. {
  658. return path_setxattrat(fd, NULL, AT_EMPTY_PATH, name,
  659. value, size, flags);
  660. }
  661. /*
  662. * Extended attribute GET operations
  663. */
  664. static ssize_t
  665. do_getxattr(struct mnt_idmap *idmap, struct dentry *d,
  666. struct kernel_xattr_ctx *ctx)
  667. {
  668. ssize_t error;
  669. char *kname = ctx->kname->name;
  670. void *kvalue = NULL;
  671. if (ctx->size) {
  672. if (ctx->size > XATTR_SIZE_MAX)
  673. ctx->size = XATTR_SIZE_MAX;
  674. kvalue = kvzalloc(ctx->size, GFP_KERNEL);
  675. if (!kvalue)
  676. return -ENOMEM;
  677. }
  678. if (is_posix_acl_xattr(kname))
  679. error = do_get_acl(idmap, d, kname, kvalue, ctx->size);
  680. else
  681. error = vfs_getxattr(idmap, d, kname, kvalue, ctx->size);
  682. if (error > 0) {
  683. if (ctx->size && copy_to_user(ctx->value, kvalue, error))
  684. error = -EFAULT;
  685. } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) {
  686. /* The file system tried to returned a value bigger
  687. than XATTR_SIZE_MAX bytes. Not possible. */
  688. error = -E2BIG;
  689. }
  690. kvfree(kvalue);
  691. return error;
  692. }
  693. ssize_t file_getxattr(struct file *f, struct kernel_xattr_ctx *ctx)
  694. {
  695. audit_file(f);
  696. return do_getxattr(file_mnt_idmap(f), f->f_path.dentry, ctx);
  697. }
  698. ssize_t filename_getxattr(int dfd, struct filename *filename,
  699. unsigned int lookup_flags, struct kernel_xattr_ctx *ctx)
  700. {
  701. struct path path;
  702. ssize_t error;
  703. retry:
  704. error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
  705. if (error)
  706. return error;
  707. error = do_getxattr(mnt_idmap(path.mnt), path.dentry, ctx);
  708. path_put(&path);
  709. if (retry_estale(error, lookup_flags)) {
  710. lookup_flags |= LOOKUP_REVAL;
  711. goto retry;
  712. }
  713. return error;
  714. }
  715. static ssize_t path_getxattrat(int dfd, const char __user *pathname,
  716. unsigned int at_flags, const char __user *name,
  717. void __user *value, size_t size)
  718. {
  719. struct xattr_name kname;
  720. struct kernel_xattr_ctx ctx = {
  721. .value = value,
  722. .size = size,
  723. .kname = &kname,
  724. .flags = 0,
  725. };
  726. ssize_t error;
  727. if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
  728. return -EINVAL;
  729. error = import_xattr_name(&kname, name);
  730. if (error)
  731. return error;
  732. CLASS(filename_maybe_null, filename)(pathname, at_flags);
  733. if (!filename && dfd >= 0) {
  734. CLASS(fd, f)(dfd);
  735. if (fd_empty(f))
  736. return -EBADF;
  737. return file_getxattr(fd_file(f), &ctx);
  738. } else {
  739. int lookup_flags = 0;
  740. if (!(at_flags & AT_SYMLINK_NOFOLLOW))
  741. lookup_flags = LOOKUP_FOLLOW;
  742. return filename_getxattr(dfd, filename, lookup_flags, &ctx);
  743. }
  744. }
  745. SYSCALL_DEFINE6(getxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags,
  746. const char __user *, name, struct xattr_args __user *, uargs, size_t, usize)
  747. {
  748. struct xattr_args args = {};
  749. int error;
  750. BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0);
  751. BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST);
  752. if (unlikely(usize < XATTR_ARGS_SIZE_VER0))
  753. return -EINVAL;
  754. if (usize > PAGE_SIZE)
  755. return -E2BIG;
  756. error = copy_struct_from_user(&args, sizeof(args), uargs, usize);
  757. if (error)
  758. return error;
  759. if (args.flags != 0)
  760. return -EINVAL;
  761. return path_getxattrat(dfd, pathname, at_flags, name,
  762. u64_to_user_ptr(args.value), args.size);
  763. }
  764. SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
  765. const char __user *, name, void __user *, value, size_t, size)
  766. {
  767. return path_getxattrat(AT_FDCWD, pathname, 0, name, value, size);
  768. }
  769. SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
  770. const char __user *, name, void __user *, value, size_t, size)
  771. {
  772. return path_getxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name,
  773. value, size);
  774. }
  775. SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
  776. void __user *, value, size_t, size)
  777. {
  778. return path_getxattrat(fd, NULL, AT_EMPTY_PATH, name, value, size);
  779. }
  780. /*
  781. * Extended attribute LIST operations
  782. */
  783. static ssize_t
  784. listxattr(struct dentry *d, char __user *list, size_t size)
  785. {
  786. ssize_t error;
  787. char *klist = NULL;
  788. if (size) {
  789. if (size > XATTR_LIST_MAX)
  790. size = XATTR_LIST_MAX;
  791. klist = kvmalloc(size, GFP_KERNEL);
  792. if (!klist)
  793. return -ENOMEM;
  794. }
  795. error = vfs_listxattr(d, klist, size);
  796. if (error > 0) {
  797. if (size && copy_to_user(list, klist, error))
  798. error = -EFAULT;
  799. } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
  800. /* The file system tried to returned a list bigger
  801. than XATTR_LIST_MAX bytes. Not possible. */
  802. error = -E2BIG;
  803. }
  804. kvfree(klist);
  805. return error;
  806. }
  807. static
  808. ssize_t file_listxattr(struct file *f, char __user *list, size_t size)
  809. {
  810. audit_file(f);
  811. return listxattr(f->f_path.dentry, list, size);
  812. }
  813. static
  814. ssize_t filename_listxattr(int dfd, struct filename *filename,
  815. unsigned int lookup_flags,
  816. char __user *list, size_t size)
  817. {
  818. struct path path;
  819. ssize_t error;
  820. retry:
  821. error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
  822. if (error)
  823. return error;
  824. error = listxattr(path.dentry, list, size);
  825. path_put(&path);
  826. if (retry_estale(error, lookup_flags)) {
  827. lookup_flags |= LOOKUP_REVAL;
  828. goto retry;
  829. }
  830. return error;
  831. }
  832. static ssize_t path_listxattrat(int dfd, const char __user *pathname,
  833. unsigned int at_flags, char __user *list,
  834. size_t size)
  835. {
  836. int lookup_flags;
  837. if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
  838. return -EINVAL;
  839. CLASS(filename_maybe_null, filename)(pathname, at_flags);
  840. if (!filename) {
  841. CLASS(fd, f)(dfd);
  842. if (fd_empty(f))
  843. return -EBADF;
  844. return file_listxattr(fd_file(f), list, size);
  845. }
  846. lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
  847. return filename_listxattr(dfd, filename, lookup_flags, list, size);
  848. }
  849. SYSCALL_DEFINE5(listxattrat, int, dfd, const char __user *, pathname,
  850. unsigned int, at_flags,
  851. char __user *, list, size_t, size)
  852. {
  853. return path_listxattrat(dfd, pathname, at_flags, list, size);
  854. }
  855. SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
  856. size_t, size)
  857. {
  858. return path_listxattrat(AT_FDCWD, pathname, 0, list, size);
  859. }
  860. SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
  861. size_t, size)
  862. {
  863. return path_listxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, list, size);
  864. }
  865. SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
  866. {
  867. return path_listxattrat(fd, NULL, AT_EMPTY_PATH, list, size);
  868. }
  869. /*
  870. * Extended attribute REMOVE operations
  871. */
  872. static long
  873. removexattr(struct mnt_idmap *idmap, struct dentry *d, const char *name)
  874. {
  875. if (is_posix_acl_xattr(name))
  876. return vfs_remove_acl(idmap, d, name);
  877. return vfs_removexattr(idmap, d, name);
  878. }
  879. static int file_removexattr(struct file *f, struct xattr_name *kname)
  880. {
  881. int error = mnt_want_write_file(f);
  882. if (!error) {
  883. audit_file(f);
  884. error = removexattr(file_mnt_idmap(f),
  885. f->f_path.dentry, kname->name);
  886. mnt_drop_write_file(f);
  887. }
  888. return error;
  889. }
  890. static int filename_removexattr(int dfd, struct filename *filename,
  891. unsigned int lookup_flags, struct xattr_name *kname)
  892. {
  893. struct path path;
  894. int error;
  895. retry:
  896. error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
  897. if (error)
  898. return error;
  899. error = mnt_want_write(path.mnt);
  900. if (!error) {
  901. error = removexattr(mnt_idmap(path.mnt), path.dentry, kname->name);
  902. mnt_drop_write(path.mnt);
  903. }
  904. path_put(&path);
  905. if (retry_estale(error, lookup_flags)) {
  906. lookup_flags |= LOOKUP_REVAL;
  907. goto retry;
  908. }
  909. return error;
  910. }
  911. static int path_removexattrat(int dfd, const char __user *pathname,
  912. unsigned int at_flags, const char __user *name)
  913. {
  914. struct xattr_name kname;
  915. unsigned int lookup_flags;
  916. int error;
  917. if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
  918. return -EINVAL;
  919. error = import_xattr_name(&kname, name);
  920. if (error)
  921. return error;
  922. CLASS(filename_maybe_null, filename)(pathname, at_flags);
  923. if (!filename) {
  924. CLASS(fd, f)(dfd);
  925. if (fd_empty(f))
  926. return -EBADF;
  927. return file_removexattr(fd_file(f), &kname);
  928. }
  929. lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
  930. return filename_removexattr(dfd, filename, lookup_flags, &kname);
  931. }
  932. SYSCALL_DEFINE4(removexattrat, int, dfd, const char __user *, pathname,
  933. unsigned int, at_flags, const char __user *, name)
  934. {
  935. return path_removexattrat(dfd, pathname, at_flags, name);
  936. }
  937. SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
  938. const char __user *, name)
  939. {
  940. return path_removexattrat(AT_FDCWD, pathname, 0, name);
  941. }
  942. SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
  943. const char __user *, name)
  944. {
  945. return path_removexattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name);
  946. }
  947. SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
  948. {
  949. return path_removexattrat(fd, NULL, AT_EMPTY_PATH, name);
  950. }
  951. int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name)
  952. {
  953. size_t len;
  954. len = strlen(name) + 1;
  955. if (*buffer) {
  956. if (*remaining_size < len)
  957. return -ERANGE;
  958. memcpy(*buffer, name, len);
  959. *buffer += len;
  960. }
  961. *remaining_size -= len;
  962. return 0;
  963. }
  964. /**
  965. * generic_listxattr - run through a dentry's xattr list() operations
  966. * @dentry: dentry to list the xattrs
  967. * @buffer: result buffer
  968. * @buffer_size: size of @buffer
  969. *
  970. * Combine the results of the list() operation from every xattr_handler in the
  971. * xattr_handler stack.
  972. *
  973. * Note that this will not include the entries for POSIX ACLs.
  974. */
  975. ssize_t
  976. generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
  977. {
  978. const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr;
  979. ssize_t remaining_size = buffer_size;
  980. for_each_xattr_handler(handlers, handler) {
  981. int err;
  982. if (!handler->name || (handler->list && !handler->list(dentry)))
  983. continue;
  984. err = xattr_list_one(&buffer, &remaining_size, handler->name);
  985. if (err)
  986. return err;
  987. }
  988. return buffer_size - remaining_size;
  989. }
  990. EXPORT_SYMBOL(generic_listxattr);
  991. /**
  992. * xattr_full_name - Compute full attribute name from suffix
  993. *
  994. * @handler: handler of the xattr_handler operation
  995. * @name: name passed to the xattr_handler operation
  996. *
  997. * The get and set xattr handler operations are called with the remainder of
  998. * the attribute name after skipping the handler's prefix: for example, "foo"
  999. * is passed to the get operation of a handler with prefix "user." to get
  1000. * attribute "user.foo". The full name is still "there" in the name though.
  1001. *
  1002. * Note: the list xattr handler operation when called from the vfs is passed a
  1003. * NULL name; some file systems use this operation internally, with varying
  1004. * semantics.
  1005. */
  1006. const char *xattr_full_name(const struct xattr_handler *handler,
  1007. const char *name)
  1008. {
  1009. size_t prefix_len = strlen(xattr_prefix(handler));
  1010. return name - prefix_len;
  1011. }
  1012. EXPORT_SYMBOL(xattr_full_name);
  1013. /**
  1014. * simple_xattr_space - estimate the memory used by a simple xattr
  1015. * @name: the full name of the xattr
  1016. * @size: the size of its value
  1017. *
  1018. * This takes no account of how much larger the two slab objects actually are:
  1019. * that would depend on the slab implementation, when what is required is a
  1020. * deterministic number, which grows with name length and size and quantity.
  1021. *
  1022. * Return: The approximate number of bytes of memory used by such an xattr.
  1023. */
  1024. size_t simple_xattr_space(const char *name, size_t size)
  1025. {
  1026. /*
  1027. * Use "40" instead of sizeof(struct simple_xattr), to return the
  1028. * same result on 32-bit and 64-bit, and even if simple_xattr grows.
  1029. */
  1030. return 40 + size + strlen(name);
  1031. }
  1032. /**
  1033. * simple_xattr_free - free an xattr object
  1034. * @xattr: the xattr object
  1035. *
  1036. * Free the xattr object. Can handle @xattr being NULL.
  1037. */
  1038. void simple_xattr_free(struct simple_xattr *xattr)
  1039. {
  1040. if (xattr)
  1041. kfree(xattr->name);
  1042. kvfree(xattr);
  1043. }
  1044. /**
  1045. * simple_xattr_alloc - allocate new xattr object
  1046. * @value: value of the xattr object
  1047. * @size: size of @value
  1048. *
  1049. * Allocate a new xattr object and initialize respective members. The caller is
  1050. * responsible for handling the name of the xattr.
  1051. *
  1052. * Return: On success a new xattr object is returned. On failure NULL is
  1053. * returned.
  1054. */
  1055. struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
  1056. {
  1057. struct simple_xattr *new_xattr;
  1058. size_t len;
  1059. /* wrap around? */
  1060. len = sizeof(*new_xattr) + size;
  1061. if (len < sizeof(*new_xattr))
  1062. return NULL;
  1063. new_xattr = kvmalloc(len, GFP_KERNEL_ACCOUNT);
  1064. if (!new_xattr)
  1065. return NULL;
  1066. new_xattr->size = size;
  1067. memcpy(new_xattr->value, value, size);
  1068. return new_xattr;
  1069. }
  1070. /**
  1071. * rbtree_simple_xattr_cmp - compare xattr name with current rbtree xattr entry
  1072. * @key: xattr name
  1073. * @node: current node
  1074. *
  1075. * Compare the xattr name with the xattr name attached to @node in the rbtree.
  1076. *
  1077. * Return: Negative value if continuing left, positive if continuing right, 0
  1078. * if the xattr attached to @node matches @key.
  1079. */
  1080. static int rbtree_simple_xattr_cmp(const void *key, const struct rb_node *node)
  1081. {
  1082. const char *xattr_name = key;
  1083. const struct simple_xattr *xattr;
  1084. xattr = rb_entry(node, struct simple_xattr, rb_node);
  1085. return strcmp(xattr->name, xattr_name);
  1086. }
  1087. /**
  1088. * rbtree_simple_xattr_node_cmp - compare two xattr rbtree nodes
  1089. * @new_node: new node
  1090. * @node: current node
  1091. *
  1092. * Compare the xattr attached to @new_node with the xattr attached to @node.
  1093. *
  1094. * Return: Negative value if continuing left, positive if continuing right, 0
  1095. * if the xattr attached to @new_node matches the xattr attached to @node.
  1096. */
  1097. static int rbtree_simple_xattr_node_cmp(struct rb_node *new_node,
  1098. const struct rb_node *node)
  1099. {
  1100. struct simple_xattr *xattr;
  1101. xattr = rb_entry(new_node, struct simple_xattr, rb_node);
  1102. return rbtree_simple_xattr_cmp(xattr->name, node);
  1103. }
  1104. /**
  1105. * simple_xattr_get - get an xattr object
  1106. * @xattrs: the header of the xattr object
  1107. * @name: the name of the xattr to retrieve
  1108. * @buffer: the buffer to store the value into
  1109. * @size: the size of @buffer
  1110. *
  1111. * Try to find and retrieve the xattr object associated with @name.
  1112. * If @buffer is provided store the value of @xattr in @buffer
  1113. * otherwise just return the length. The size of @buffer is limited
  1114. * to XATTR_SIZE_MAX which currently is 65536.
  1115. *
  1116. * Return: On success the length of the xattr value is returned. On error a
  1117. * negative error code is returned.
  1118. */
  1119. int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
  1120. void *buffer, size_t size)
  1121. {
  1122. struct simple_xattr *xattr = NULL;
  1123. struct rb_node *rbp;
  1124. int ret = -ENODATA;
  1125. read_lock(&xattrs->lock);
  1126. rbp = rb_find(name, &xattrs->rb_root, rbtree_simple_xattr_cmp);
  1127. if (rbp) {
  1128. xattr = rb_entry(rbp, struct simple_xattr, rb_node);
  1129. ret = xattr->size;
  1130. if (buffer) {
  1131. if (size < xattr->size)
  1132. ret = -ERANGE;
  1133. else
  1134. memcpy(buffer, xattr->value, xattr->size);
  1135. }
  1136. }
  1137. read_unlock(&xattrs->lock);
  1138. return ret;
  1139. }
  1140. /**
  1141. * simple_xattr_set - set an xattr object
  1142. * @xattrs: the header of the xattr object
  1143. * @name: the name of the xattr to retrieve
  1144. * @value: the value to store along the xattr
  1145. * @size: the size of @value
  1146. * @flags: the flags determining how to set the xattr
  1147. *
  1148. * Set a new xattr object.
  1149. * If @value is passed a new xattr object will be allocated. If XATTR_REPLACE
  1150. * is specified in @flags a matching xattr object for @name must already exist.
  1151. * If it does it will be replaced with the new xattr object. If it doesn't we
  1152. * fail. If XATTR_CREATE is specified and a matching xattr does already exist
  1153. * we fail. If it doesn't we create a new xattr. If @flags is zero we simply
  1154. * insert the new xattr replacing any existing one.
  1155. *
  1156. * If @value is empty and a matching xattr object is found we delete it if
  1157. * XATTR_REPLACE is specified in @flags or @flags is zero.
  1158. *
  1159. * If @value is empty and no matching xattr object for @name is found we do
  1160. * nothing if XATTR_CREATE is specified in @flags or @flags is zero. For
  1161. * XATTR_REPLACE we fail as mentioned above.
  1162. *
  1163. * Return: On success, the removed or replaced xattr is returned, to be freed
  1164. * by the caller; or NULL if none. On failure a negative error code is returned.
  1165. */
  1166. struct simple_xattr *simple_xattr_set(struct simple_xattrs *xattrs,
  1167. const char *name, const void *value,
  1168. size_t size, int flags)
  1169. {
  1170. struct simple_xattr *old_xattr = NULL, *new_xattr = NULL;
  1171. struct rb_node *parent = NULL, **rbp;
  1172. int err = 0, ret;
  1173. /* value == NULL means remove */
  1174. if (value) {
  1175. new_xattr = simple_xattr_alloc(value, size);
  1176. if (!new_xattr)
  1177. return ERR_PTR(-ENOMEM);
  1178. new_xattr->name = kstrdup(name, GFP_KERNEL_ACCOUNT);
  1179. if (!new_xattr->name) {
  1180. simple_xattr_free(new_xattr);
  1181. return ERR_PTR(-ENOMEM);
  1182. }
  1183. }
  1184. write_lock(&xattrs->lock);
  1185. rbp = &xattrs->rb_root.rb_node;
  1186. while (*rbp) {
  1187. parent = *rbp;
  1188. ret = rbtree_simple_xattr_cmp(name, *rbp);
  1189. if (ret < 0)
  1190. rbp = &(*rbp)->rb_left;
  1191. else if (ret > 0)
  1192. rbp = &(*rbp)->rb_right;
  1193. else
  1194. old_xattr = rb_entry(*rbp, struct simple_xattr, rb_node);
  1195. if (old_xattr)
  1196. break;
  1197. }
  1198. if (old_xattr) {
  1199. /* Fail if XATTR_CREATE is requested and the xattr exists. */
  1200. if (flags & XATTR_CREATE) {
  1201. err = -EEXIST;
  1202. goto out_unlock;
  1203. }
  1204. if (new_xattr)
  1205. rb_replace_node(&old_xattr->rb_node,
  1206. &new_xattr->rb_node, &xattrs->rb_root);
  1207. else
  1208. rb_erase(&old_xattr->rb_node, &xattrs->rb_root);
  1209. } else {
  1210. /* Fail if XATTR_REPLACE is requested but no xattr is found. */
  1211. if (flags & XATTR_REPLACE) {
  1212. err = -ENODATA;
  1213. goto out_unlock;
  1214. }
  1215. /*
  1216. * If XATTR_CREATE or no flags are specified together with a
  1217. * new value simply insert it.
  1218. */
  1219. if (new_xattr) {
  1220. rb_link_node(&new_xattr->rb_node, parent, rbp);
  1221. rb_insert_color(&new_xattr->rb_node, &xattrs->rb_root);
  1222. }
  1223. /*
  1224. * If XATTR_CREATE or no flags are specified and neither an
  1225. * old or new xattr exist then we don't need to do anything.
  1226. */
  1227. }
  1228. out_unlock:
  1229. write_unlock(&xattrs->lock);
  1230. if (!err)
  1231. return old_xattr;
  1232. simple_xattr_free(new_xattr);
  1233. return ERR_PTR(err);
  1234. }
  1235. static bool xattr_is_trusted(const char *name)
  1236. {
  1237. return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
  1238. }
  1239. static bool xattr_is_maclabel(const char *name)
  1240. {
  1241. const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
  1242. return !strncmp(name, XATTR_SECURITY_PREFIX,
  1243. XATTR_SECURITY_PREFIX_LEN) &&
  1244. security_ismaclabel(suffix);
  1245. }
  1246. /**
  1247. * simple_xattr_list - list all xattr objects
  1248. * @inode: inode from which to get the xattrs
  1249. * @xattrs: the header of the xattr object
  1250. * @buffer: the buffer to store all xattrs into
  1251. * @size: the size of @buffer
  1252. *
  1253. * List all xattrs associated with @inode. If @buffer is NULL we returned
  1254. * the required size of the buffer. If @buffer is provided we store the
  1255. * xattrs value into it provided it is big enough.
  1256. *
  1257. * Note, the number of xattr names that can be listed with listxattr(2) is
  1258. * limited to XATTR_LIST_MAX aka 65536 bytes. If a larger buffer is passed
  1259. * then vfs_listxattr() caps it to XATTR_LIST_MAX and if more xattr names
  1260. * are found it will return -E2BIG.
  1261. *
  1262. * Return: On success the required size or the size of the copied xattrs is
  1263. * returned. On error a negative error code is returned.
  1264. */
  1265. ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
  1266. char *buffer, size_t size)
  1267. {
  1268. bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
  1269. struct simple_xattr *xattr;
  1270. struct rb_node *rbp;
  1271. ssize_t remaining_size = size;
  1272. int err = 0;
  1273. err = posix_acl_listxattr(inode, &buffer, &remaining_size);
  1274. if (err)
  1275. return err;
  1276. err = security_inode_listsecurity(inode, buffer, remaining_size);
  1277. if (err < 0)
  1278. return err;
  1279. if (buffer) {
  1280. if (remaining_size < err)
  1281. return -ERANGE;
  1282. buffer += err;
  1283. }
  1284. remaining_size -= err;
  1285. err = 0;
  1286. read_lock(&xattrs->lock);
  1287. for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
  1288. xattr = rb_entry(rbp, struct simple_xattr, rb_node);
  1289. /* skip "trusted." attributes for unprivileged callers */
  1290. if (!trusted && xattr_is_trusted(xattr->name))
  1291. continue;
  1292. /* skip MAC labels; these are provided by LSM above */
  1293. if (xattr_is_maclabel(xattr->name))
  1294. continue;
  1295. err = xattr_list_one(&buffer, &remaining_size, xattr->name);
  1296. if (err)
  1297. break;
  1298. }
  1299. read_unlock(&xattrs->lock);
  1300. return err ? err : size - remaining_size;
  1301. }
  1302. /**
  1303. * rbtree_simple_xattr_less - compare two xattr rbtree nodes
  1304. * @new_node: new node
  1305. * @node: current node
  1306. *
  1307. * Compare the xattr attached to @new_node with the xattr attached to @node.
  1308. * Note that this function technically tolerates duplicate entries.
  1309. *
  1310. * Return: True if insertion point in the rbtree is found.
  1311. */
  1312. static bool rbtree_simple_xattr_less(struct rb_node *new_node,
  1313. const struct rb_node *node)
  1314. {
  1315. return rbtree_simple_xattr_node_cmp(new_node, node) < 0;
  1316. }
  1317. /**
  1318. * simple_xattr_add - add xattr objects
  1319. * @xattrs: the header of the xattr object
  1320. * @new_xattr: the xattr object to add
  1321. *
  1322. * Add an xattr object to @xattrs. This assumes no replacement or removal
  1323. * of matching xattrs is wanted. Should only be called during inode
  1324. * initialization when a few distinct initial xattrs are supposed to be set.
  1325. */
  1326. void simple_xattr_add(struct simple_xattrs *xattrs,
  1327. struct simple_xattr *new_xattr)
  1328. {
  1329. write_lock(&xattrs->lock);
  1330. rb_add(&new_xattr->rb_node, &xattrs->rb_root, rbtree_simple_xattr_less);
  1331. write_unlock(&xattrs->lock);
  1332. }
  1333. /**
  1334. * simple_xattrs_init - initialize new xattr header
  1335. * @xattrs: header to initialize
  1336. *
  1337. * Initialize relevant fields of a an xattr header.
  1338. */
  1339. void simple_xattrs_init(struct simple_xattrs *xattrs)
  1340. {
  1341. xattrs->rb_root = RB_ROOT;
  1342. rwlock_init(&xattrs->lock);
  1343. }
  1344. /**
  1345. * simple_xattrs_free - free xattrs
  1346. * @xattrs: xattr header whose xattrs to destroy
  1347. * @freed_space: approximate number of bytes of memory freed from @xattrs
  1348. *
  1349. * Destroy all xattrs in @xattr. When this is called no one can hold a
  1350. * reference to any of the xattrs anymore.
  1351. */
  1352. void simple_xattrs_free(struct simple_xattrs *xattrs, size_t *freed_space)
  1353. {
  1354. struct rb_node *rbp;
  1355. if (freed_space)
  1356. *freed_space = 0;
  1357. rbp = rb_first(&xattrs->rb_root);
  1358. while (rbp) {
  1359. struct simple_xattr *xattr;
  1360. struct rb_node *rbp_next;
  1361. rbp_next = rb_next(rbp);
  1362. xattr = rb_entry(rbp, struct simple_xattr, rb_node);
  1363. rb_erase(&xattr->rb_node, &xattrs->rb_root);
  1364. if (freed_space)
  1365. *freed_space += simple_xattr_space(xattr->name,
  1366. xattr->size);
  1367. simple_xattr_free(xattr);
  1368. rbp = rbp_next;
  1369. }
  1370. }