| 1 | /* |
| 2 | File: fs/xattr.c |
| 3 | |
| 4 | Extended attribute handling. |
| 5 | |
| 6 | Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> |
| 7 | Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> |
| 8 | Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> |
| 9 | */ |
| 10 | #include <linux/fs.h> |
| 11 | #include <linux/slab.h> |
| 12 | #include <linux/file.h> |
| 13 | #include <linux/xattr.h> |
| 14 | #include <linux/mount.h> |
| 15 | #include <linux/namei.h> |
| 16 | #include <linux/security.h> |
| 17 | #include <linux/evm.h> |
| 18 | #include <linux/syscalls.h> |
| 19 | #include <linux/export.h> |
| 20 | #include <linux/fsnotify.h> |
| 21 | #include <linux/audit.h> |
| 22 | #include <linux/vmalloc.h> |
| 23 | #include <linux/posix_acl_xattr.h> |
| 24 | |
| 25 | #include <linux/uaccess.h> |
| 26 | |
| 27 | static const char * |
| 28 | strcmp_prefix(const char *a, const char *a_prefix) |
| 29 | { |
| 30 | while (*a_prefix && *a == *a_prefix) { |
| 31 | a++; |
| 32 | a_prefix++; |
| 33 | } |
| 34 | return *a_prefix ? NULL : a; |
| 35 | } |
| 36 | |
| 37 | /* |
| 38 | * In order to implement different sets of xattr operations for each xattr |
| 39 | * prefix, a filesystem should create a null-terminated array of struct |
| 40 | * xattr_handler (one for each prefix) and hang a pointer to it off of the |
| 41 | * s_xattr field of the superblock. |
| 42 | */ |
| 43 | #define for_each_xattr_handler(handlers, handler) \ |
| 44 | if (handlers) \ |
| 45 | for ((handler) = *(handlers)++; \ |
| 46 | (handler) != NULL; \ |
| 47 | (handler) = *(handlers)++) |
| 48 | |
| 49 | /* |
| 50 | * Find the xattr_handler with the matching prefix. |
| 51 | */ |
| 52 | static const struct xattr_handler * |
| 53 | xattr_resolve_name(struct inode *inode, const char **name) |
| 54 | { |
| 55 | const struct xattr_handler **handlers = inode->i_sb->s_xattr; |
| 56 | const struct xattr_handler *handler; |
| 57 | |
| 58 | if (!(inode->i_opflags & IOP_XATTR)) { |
| 59 | if (unlikely(is_bad_inode(inode))) |
| 60 | return ERR_PTR(-EIO); |
| 61 | return ERR_PTR(-EOPNOTSUPP); |
| 62 | } |
| 63 | for_each_xattr_handler(handlers, handler) { |
| 64 | const char *n; |
| 65 | |
| 66 | n = strcmp_prefix(*name, xattr_prefix(handler)); |
| 67 | if (n) { |
| 68 | if (!handler->prefix ^ !*n) { |
| 69 | if (*n) |
| 70 | continue; |
| 71 | return ERR_PTR(-EINVAL); |
| 72 | } |
| 73 | *name = n; |
| 74 | return handler; |
| 75 | } |
| 76 | } |
| 77 | return ERR_PTR(-EOPNOTSUPP); |
| 78 | } |
| 79 | |
| 80 | /* |
| 81 | * Check permissions for extended attribute access. This is a bit complicated |
| 82 | * because different namespaces have very different rules. |
| 83 | */ |
| 84 | static int |
| 85 | xattr_permission(struct inode *inode, const char *name, int mask) |
| 86 | { |
| 87 | /* |
| 88 | * We can never set or remove an extended attribute on a read-only |
| 89 | * filesystem or on an immutable / append-only inode. |
| 90 | */ |
| 91 | if (mask & MAY_WRITE) { |
| 92 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
| 93 | return -EPERM; |
| 94 | /* |
| 95 | * Updating an xattr will likely cause i_uid and i_gid |
| 96 | * to be writen back improperly if their true value is |
| 97 | * unknown to the vfs. |
| 98 | */ |
| 99 | if (HAS_UNMAPPED_ID(inode)) |
| 100 | return -EPERM; |
| 101 | } |
| 102 | |
| 103 | /* |
| 104 | * No restriction for security.* and system.* from the VFS. Decision |
| 105 | * on these is left to the underlying filesystem / security module. |
| 106 | */ |
| 107 | if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || |
| 108 | !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) |
| 109 | return 0; |
| 110 | |
| 111 | /* |
| 112 | * The trusted.* namespace can only be accessed by privileged users. |
| 113 | */ |
| 114 | if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { |
| 115 | if (!capable(CAP_SYS_ADMIN)) |
| 116 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; |
| 117 | return 0; |
| 118 | } |
| 119 | |
| 120 | /* |
| 121 | * In the user.* namespace, only regular files and directories can have |
| 122 | * extended attributes. For sticky directories, only the owner and |
| 123 | * privileged users can write attributes. |
| 124 | */ |
| 125 | if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { |
| 126 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
| 127 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; |
| 128 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && |
| 129 | (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) |
| 130 | return -EPERM; |
| 131 | } |
| 132 | |
| 133 | return inode_permission(inode, mask); |
| 134 | } |
| 135 | |
| 136 | int |
| 137 | __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, |
| 138 | const void *value, size_t size, int flags) |
| 139 | { |
| 140 | const struct xattr_handler *handler; |
| 141 | |
| 142 | handler = xattr_resolve_name(inode, &name); |
| 143 | if (IS_ERR(handler)) |
| 144 | return PTR_ERR(handler); |
| 145 | if (!handler->set) |
| 146 | return -EOPNOTSUPP; |
| 147 | if (size == 0) |
| 148 | value = ""; /* empty EA, do not remove */ |
| 149 | return handler->set(handler, dentry, inode, name, value, size, flags); |
| 150 | } |
| 151 | EXPORT_SYMBOL(__vfs_setxattr); |
| 152 | |
| 153 | /** |
| 154 | * __vfs_setxattr_noperm - perform setxattr operation without performing |
| 155 | * permission checks. |
| 156 | * |
| 157 | * @dentry - object to perform setxattr on |
| 158 | * @name - xattr name to set |
| 159 | * @value - value to set @name to |
| 160 | * @size - size of @value |
| 161 | * @flags - flags to pass into filesystem operations |
| 162 | * |
| 163 | * returns the result of the internal setxattr or setsecurity operations. |
| 164 | * |
| 165 | * This function requires the caller to lock the inode's i_mutex before it |
| 166 | * is executed. It also assumes that the caller will make the appropriate |
| 167 | * permission checks. |
| 168 | */ |
| 169 | int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, |
| 170 | const void *value, size_t size, int flags) |
| 171 | { |
| 172 | struct inode *inode = dentry->d_inode; |
| 173 | int error = -EAGAIN; |
| 174 | int issec = !strncmp(name, XATTR_SECURITY_PREFIX, |
| 175 | XATTR_SECURITY_PREFIX_LEN); |
| 176 | |
| 177 | if (issec) |
| 178 | inode->i_flags &= ~S_NOSEC; |
| 179 | if (inode->i_opflags & IOP_XATTR) { |
| 180 | error = __vfs_setxattr(dentry, inode, name, value, size, flags); |
| 181 | if (!error) { |
| 182 | fsnotify_xattr(dentry); |
| 183 | security_inode_post_setxattr(dentry, name, value, |
| 184 | size, flags); |
| 185 | } |
| 186 | } else { |
| 187 | if (unlikely(is_bad_inode(inode))) |
| 188 | return -EIO; |
| 189 | } |
| 190 | if (error == -EAGAIN) { |
| 191 | error = -EOPNOTSUPP; |
| 192 | |
| 193 | if (issec) { |
| 194 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; |
| 195 | |
| 196 | error = security_inode_setsecurity(inode, suffix, value, |
| 197 | size, flags); |
| 198 | if (!error) |
| 199 | fsnotify_xattr(dentry); |
| 200 | } |
| 201 | } |
| 202 | |
| 203 | return error; |
| 204 | } |
| 205 | |
| 206 | |
| 207 | int |
| 208 | vfs_setxattr(struct dentry *dentry, const char *name, const void *value, |
| 209 | size_t size, int flags) |
| 210 | { |
| 211 | struct inode *inode = dentry->d_inode; |
| 212 | int error; |
| 213 | |
| 214 | error = xattr_permission(inode, name, MAY_WRITE); |
| 215 | if (error) |
| 216 | return error; |
| 217 | |
| 218 | inode_lock(inode); |
| 219 | error = security_inode_setxattr(dentry, name, value, size, flags); |
| 220 | if (error) |
| 221 | goto out; |
| 222 | |
| 223 | error = __vfs_setxattr_noperm(dentry, name, value, size, flags); |
| 224 | |
| 225 | out: |
| 226 | inode_unlock(inode); |
| 227 | return error; |
| 228 | } |
| 229 | EXPORT_SYMBOL_GPL(vfs_setxattr); |
| 230 | |
| 231 | static ssize_t |
| 232 | xattr_getsecurity(struct inode *inode, const char *name, void *value, |
| 233 | size_t size) |
| 234 | { |
| 235 | void *buffer = NULL; |
| 236 | ssize_t len; |
| 237 | |
| 238 | if (!value || !size) { |
| 239 | len = security_inode_getsecurity(inode, name, &buffer, false); |
| 240 | goto out_noalloc; |
| 241 | } |
| 242 | |
| 243 | len = security_inode_getsecurity(inode, name, &buffer, true); |
| 244 | if (len < 0) |
| 245 | return len; |
| 246 | if (size < len) { |
| 247 | len = -ERANGE; |
| 248 | goto out; |
| 249 | } |
| 250 | memcpy(value, buffer, len); |
| 251 | out: |
| 252 | kfree(buffer); |
| 253 | out_noalloc: |
| 254 | return len; |
| 255 | } |
| 256 | |
| 257 | /* |
| 258 | * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr |
| 259 | * |
| 260 | * Allocate memory, if not already allocated, or re-allocate correct size, |
| 261 | * before retrieving the extended attribute. |
| 262 | * |
| 263 | * Returns the result of alloc, if failed, or the getxattr operation. |
| 264 | */ |
| 265 | ssize_t |
| 266 | vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, |
| 267 | size_t xattr_size, gfp_t flags) |
| 268 | { |
| 269 | const struct xattr_handler *handler; |
| 270 | struct inode *inode = dentry->d_inode; |
| 271 | char *value = *xattr_value; |
| 272 | int error; |
| 273 | |
| 274 | error = xattr_permission(inode, name, MAY_READ); |
| 275 | if (error) |
| 276 | return error; |
| 277 | |
| 278 | handler = xattr_resolve_name(inode, &name); |
| 279 | if (IS_ERR(handler)) |
| 280 | return PTR_ERR(handler); |
| 281 | if (!handler->get) |
| 282 | return -EOPNOTSUPP; |
| 283 | error = handler->get(handler, dentry, inode, name, NULL, 0); |
| 284 | if (error < 0) |
| 285 | return error; |
| 286 | |
| 287 | if (!value || (error > xattr_size)) { |
| 288 | value = krealloc(*xattr_value, error + 1, flags); |
| 289 | if (!value) |
| 290 | return -ENOMEM; |
| 291 | memset(value, 0, error + 1); |
| 292 | } |
| 293 | |
| 294 | error = handler->get(handler, dentry, inode, name, value, error); |
| 295 | *xattr_value = value; |
| 296 | return error; |
| 297 | } |
| 298 | |
| 299 | ssize_t |
| 300 | __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, |
| 301 | void *value, size_t size) |
| 302 | { |
| 303 | const struct xattr_handler *handler; |
| 304 | |
| 305 | handler = xattr_resolve_name(inode, &name); |
| 306 | if (IS_ERR(handler)) |
| 307 | return PTR_ERR(handler); |
| 308 | if (!handler->get) |
| 309 | return -EOPNOTSUPP; |
| 310 | return handler->get(handler, dentry, inode, name, value, size); |
| 311 | } |
| 312 | EXPORT_SYMBOL(__vfs_getxattr); |
| 313 | |
| 314 | ssize_t |
| 315 | vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) |
| 316 | { |
| 317 | struct inode *inode = dentry->d_inode; |
| 318 | int error; |
| 319 | |
| 320 | error = xattr_permission(inode, name, MAY_READ); |
| 321 | if (error) |
| 322 | return error; |
| 323 | |
| 324 | error = security_inode_getxattr(dentry, name); |
| 325 | if (error) |
| 326 | return error; |
| 327 | |
| 328 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
| 329 | XATTR_SECURITY_PREFIX_LEN)) { |
| 330 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; |
| 331 | int ret = xattr_getsecurity(inode, suffix, value, size); |
| 332 | /* |
| 333 | * Only overwrite the return value if a security module |
| 334 | * is actually active. |
| 335 | */ |
| 336 | if (ret == -EOPNOTSUPP) |
| 337 | goto nolsm; |
| 338 | return ret; |
| 339 | } |
| 340 | nolsm: |
| 341 | return __vfs_getxattr(dentry, inode, name, value, size); |
| 342 | } |
| 343 | EXPORT_SYMBOL_GPL(vfs_getxattr); |
| 344 | |
| 345 | ssize_t |
| 346 | vfs_listxattr(struct dentry *dentry, char *list, size_t size) |
| 347 | { |
| 348 | struct inode *inode = d_inode(dentry); |
| 349 | ssize_t error; |
| 350 | |
| 351 | error = security_inode_listxattr(dentry); |
| 352 | if (error) |
| 353 | return error; |
| 354 | if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { |
| 355 | error = inode->i_op->listxattr(dentry, list, size); |
| 356 | } else { |
| 357 | error = security_inode_listsecurity(inode, list, size); |
| 358 | if (size && error > size) |
| 359 | error = -ERANGE; |
| 360 | } |
| 361 | return error; |
| 362 | } |
| 363 | EXPORT_SYMBOL_GPL(vfs_listxattr); |
| 364 | |
| 365 | int |
| 366 | __vfs_removexattr(struct dentry *dentry, const char *name) |
| 367 | { |
| 368 | struct inode *inode = d_inode(dentry); |
| 369 | const struct xattr_handler *handler; |
| 370 | |
| 371 | handler = xattr_resolve_name(inode, &name); |
| 372 | if (IS_ERR(handler)) |
| 373 | return PTR_ERR(handler); |
| 374 | if (!handler->set) |
| 375 | return -EOPNOTSUPP; |
| 376 | return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE); |
| 377 | } |
| 378 | EXPORT_SYMBOL(__vfs_removexattr); |
| 379 | |
| 380 | int |
| 381 | vfs_removexattr(struct dentry *dentry, const char *name) |
| 382 | { |
| 383 | struct inode *inode = dentry->d_inode; |
| 384 | int error; |
| 385 | |
| 386 | error = xattr_permission(inode, name, MAY_WRITE); |
| 387 | if (error) |
| 388 | return error; |
| 389 | |
| 390 | inode_lock(inode); |
| 391 | error = security_inode_removexattr(dentry, name); |
| 392 | if (error) |
| 393 | goto out; |
| 394 | |
| 395 | error = __vfs_removexattr(dentry, name); |
| 396 | |
| 397 | if (!error) { |
| 398 | fsnotify_xattr(dentry); |
| 399 | evm_inode_post_removexattr(dentry, name); |
| 400 | } |
| 401 | |
| 402 | out: |
| 403 | inode_unlock(inode); |
| 404 | return error; |
| 405 | } |
| 406 | EXPORT_SYMBOL_GPL(vfs_removexattr); |
| 407 | |
| 408 | |
| 409 | /* |
| 410 | * Extended attribute SET operations |
| 411 | */ |
| 412 | static long |
| 413 | setxattr(struct dentry *d, const char __user *name, const void __user *value, |
| 414 | size_t size, int flags) |
| 415 | { |
| 416 | int error; |
| 417 | void *kvalue = NULL; |
| 418 | char kname[XATTR_NAME_MAX + 1]; |
| 419 | |
| 420 | if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) |
| 421 | return -EINVAL; |
| 422 | |
| 423 | error = strncpy_from_user(kname, name, sizeof(kname)); |
| 424 | if (error == 0 || error == sizeof(kname)) |
| 425 | error = -ERANGE; |
| 426 | if (error < 0) |
| 427 | return error; |
| 428 | |
| 429 | if (size) { |
| 430 | if (size > XATTR_SIZE_MAX) |
| 431 | return -E2BIG; |
| 432 | kvalue = kvmalloc(size, GFP_KERNEL); |
| 433 | if (!kvalue) |
| 434 | return -ENOMEM; |
| 435 | if (copy_from_user(kvalue, value, size)) { |
| 436 | error = -EFAULT; |
| 437 | goto out; |
| 438 | } |
| 439 | if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || |
| 440 | (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) |
| 441 | posix_acl_fix_xattr_from_user(kvalue, size); |
| 442 | else if (strcmp(kname, XATTR_NAME_CAPS) == 0) { |
| 443 | error = cap_convert_nscap(d, &kvalue, size); |
| 444 | if (error < 0) |
| 445 | goto out; |
| 446 | size = error; |
| 447 | } |
| 448 | } |
| 449 | |
| 450 | error = vfs_setxattr(d, kname, kvalue, size, flags); |
| 451 | out: |
| 452 | kvfree(kvalue); |
| 453 | |
| 454 | return error; |
| 455 | } |
| 456 | |
| 457 | static int path_setxattr(const char __user *pathname, |
| 458 | const char __user *name, const void __user *value, |
| 459 | size_t size, int flags, unsigned int lookup_flags) |
| 460 | { |
| 461 | struct path path; |
| 462 | int error; |
| 463 | retry: |
| 464 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
| 465 | if (error) |
| 466 | return error; |
| 467 | error = mnt_want_write(path.mnt); |
| 468 | if (!error) { |
| 469 | error = setxattr(path.dentry, name, value, size, flags); |
| 470 | mnt_drop_write(path.mnt); |
| 471 | } |
| 472 | path_put(&path); |
| 473 | if (retry_estale(error, lookup_flags)) { |
| 474 | lookup_flags |= LOOKUP_REVAL; |
| 475 | goto retry; |
| 476 | } |
| 477 | return error; |
| 478 | } |
| 479 | |
| 480 | SYSCALL_DEFINE5(setxattr, const char __user *, pathname, |
| 481 | const char __user *, name, const void __user *, value, |
| 482 | size_t, size, int, flags) |
| 483 | { |
| 484 | return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); |
| 485 | } |
| 486 | |
| 487 | SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, |
| 488 | const char __user *, name, const void __user *, value, |
| 489 | size_t, size, int, flags) |
| 490 | { |
| 491 | return path_setxattr(pathname, name, value, size, flags, 0); |
| 492 | } |
| 493 | |
| 494 | SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, |
| 495 | const void __user *,value, size_t, size, int, flags) |
| 496 | { |
| 497 | struct fd f = fdget(fd); |
| 498 | int error = -EBADF; |
| 499 | |
| 500 | if (!f.file) |
| 501 | return error; |
| 502 | audit_file(f.file); |
| 503 | error = mnt_want_write_file(f.file); |
| 504 | if (!error) { |
| 505 | error = setxattr(f.file->f_path.dentry, name, value, size, flags); |
| 506 | mnt_drop_write_file(f.file); |
| 507 | } |
| 508 | fdput(f); |
| 509 | return error; |
| 510 | } |
| 511 | |
| 512 | /* |
| 513 | * Extended attribute GET operations |
| 514 | */ |
| 515 | static ssize_t |
| 516 | getxattr(struct dentry *d, const char __user *name, void __user *value, |
| 517 | size_t size) |
| 518 | { |
| 519 | ssize_t error; |
| 520 | void *kvalue = NULL; |
| 521 | char kname[XATTR_NAME_MAX + 1]; |
| 522 | |
| 523 | error = strncpy_from_user(kname, name, sizeof(kname)); |
| 524 | if (error == 0 || error == sizeof(kname)) |
| 525 | error = -ERANGE; |
| 526 | if (error < 0) |
| 527 | return error; |
| 528 | |
| 529 | if (size) { |
| 530 | if (size > XATTR_SIZE_MAX) |
| 531 | size = XATTR_SIZE_MAX; |
| 532 | kvalue = kvzalloc(size, GFP_KERNEL); |
| 533 | if (!kvalue) |
| 534 | return -ENOMEM; |
| 535 | } |
| 536 | |
| 537 | error = vfs_getxattr(d, kname, kvalue, size); |
| 538 | if (error > 0) { |
| 539 | if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || |
| 540 | (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) |
| 541 | posix_acl_fix_xattr_to_user(kvalue, error); |
| 542 | if (size && copy_to_user(value, kvalue, error)) |
| 543 | error = -EFAULT; |
| 544 | } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { |
| 545 | /* The file system tried to returned a value bigger |
| 546 | than XATTR_SIZE_MAX bytes. Not possible. */ |
| 547 | error = -E2BIG; |
| 548 | } |
| 549 | |
| 550 | kvfree(kvalue); |
| 551 | |
| 552 | return error; |
| 553 | } |
| 554 | |
| 555 | static ssize_t path_getxattr(const char __user *pathname, |
| 556 | const char __user *name, void __user *value, |
| 557 | size_t size, unsigned int lookup_flags) |
| 558 | { |
| 559 | struct path path; |
| 560 | ssize_t error; |
| 561 | retry: |
| 562 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
| 563 | if (error) |
| 564 | return error; |
| 565 | error = getxattr(path.dentry, name, value, size); |
| 566 | path_put(&path); |
| 567 | if (retry_estale(error, lookup_flags)) { |
| 568 | lookup_flags |= LOOKUP_REVAL; |
| 569 | goto retry; |
| 570 | } |
| 571 | return error; |
| 572 | } |
| 573 | |
| 574 | SYSCALL_DEFINE4(getxattr, const char __user *, pathname, |
| 575 | const char __user *, name, void __user *, value, size_t, size) |
| 576 | { |
| 577 | return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); |
| 578 | } |
| 579 | |
| 580 | SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, |
| 581 | const char __user *, name, void __user *, value, size_t, size) |
| 582 | { |
| 583 | return path_getxattr(pathname, name, value, size, 0); |
| 584 | } |
| 585 | |
| 586 | SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, |
| 587 | void __user *, value, size_t, size) |
| 588 | { |
| 589 | struct fd f = fdget(fd); |
| 590 | ssize_t error = -EBADF; |
| 591 | |
| 592 | if (!f.file) |
| 593 | return error; |
| 594 | audit_file(f.file); |
| 595 | error = getxattr(f.file->f_path.dentry, name, value, size); |
| 596 | fdput(f); |
| 597 | return error; |
| 598 | } |
| 599 | |
| 600 | /* |
| 601 | * Extended attribute LIST operations |
| 602 | */ |
| 603 | static ssize_t |
| 604 | listxattr(struct dentry *d, char __user *list, size_t size) |
| 605 | { |
| 606 | ssize_t error; |
| 607 | char *klist = NULL; |
| 608 | |
| 609 | if (size) { |
| 610 | if (size > XATTR_LIST_MAX) |
| 611 | size = XATTR_LIST_MAX; |
| 612 | klist = kvmalloc(size, GFP_KERNEL); |
| 613 | if (!klist) |
| 614 | return -ENOMEM; |
| 615 | } |
| 616 | |
| 617 | error = vfs_listxattr(d, klist, size); |
| 618 | if (error > 0) { |
| 619 | if (size && copy_to_user(list, klist, error)) |
| 620 | error = -EFAULT; |
| 621 | } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { |
| 622 | /* The file system tried to returned a list bigger |
| 623 | than XATTR_LIST_MAX bytes. Not possible. */ |
| 624 | error = -E2BIG; |
| 625 | } |
| 626 | |
| 627 | kvfree(klist); |
| 628 | |
| 629 | return error; |
| 630 | } |
| 631 | |
| 632 | static ssize_t path_listxattr(const char __user *pathname, char __user *list, |
| 633 | size_t size, unsigned int lookup_flags) |
| 634 | { |
| 635 | struct path path; |
| 636 | ssize_t error; |
| 637 | retry: |
| 638 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
| 639 | if (error) |
| 640 | return error; |
| 641 | error = listxattr(path.dentry, list, size); |
| 642 | path_put(&path); |
| 643 | if (retry_estale(error, lookup_flags)) { |
| 644 | lookup_flags |= LOOKUP_REVAL; |
| 645 | goto retry; |
| 646 | } |
| 647 | return error; |
| 648 | } |
| 649 | |
| 650 | SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, |
| 651 | size_t, size) |
| 652 | { |
| 653 | return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); |
| 654 | } |
| 655 | |
| 656 | SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, |
| 657 | size_t, size) |
| 658 | { |
| 659 | return path_listxattr(pathname, list, size, 0); |
| 660 | } |
| 661 | |
| 662 | SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) |
| 663 | { |
| 664 | struct fd f = fdget(fd); |
| 665 | ssize_t error = -EBADF; |
| 666 | |
| 667 | if (!f.file) |
| 668 | return error; |
| 669 | audit_file(f.file); |
| 670 | error = listxattr(f.file->f_path.dentry, list, size); |
| 671 | fdput(f); |
| 672 | return error; |
| 673 | } |
| 674 | |
| 675 | /* |
| 676 | * Extended attribute REMOVE operations |
| 677 | */ |
| 678 | static long |
| 679 | removexattr(struct dentry *d, const char __user *name) |
| 680 | { |
| 681 | int error; |
| 682 | char kname[XATTR_NAME_MAX + 1]; |
| 683 | |
| 684 | error = strncpy_from_user(kname, name, sizeof(kname)); |
| 685 | if (error == 0 || error == sizeof(kname)) |
| 686 | error = -ERANGE; |
| 687 | if (error < 0) |
| 688 | return error; |
| 689 | |
| 690 | return vfs_removexattr(d, kname); |
| 691 | } |
| 692 | |
| 693 | static int path_removexattr(const char __user *pathname, |
| 694 | const char __user *name, unsigned int lookup_flags) |
| 695 | { |
| 696 | struct path path; |
| 697 | int error; |
| 698 | retry: |
| 699 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
| 700 | if (error) |
| 701 | return error; |
| 702 | error = mnt_want_write(path.mnt); |
| 703 | if (!error) { |
| 704 | error = removexattr(path.dentry, name); |
| 705 | mnt_drop_write(path.mnt); |
| 706 | } |
| 707 | path_put(&path); |
| 708 | if (retry_estale(error, lookup_flags)) { |
| 709 | lookup_flags |= LOOKUP_REVAL; |
| 710 | goto retry; |
| 711 | } |
| 712 | return error; |
| 713 | } |
| 714 | |
| 715 | SYSCALL_DEFINE2(removexattr, const char __user *, pathname, |
| 716 | const char __user *, name) |
| 717 | { |
| 718 | return path_removexattr(pathname, name, LOOKUP_FOLLOW); |
| 719 | } |
| 720 | |
| 721 | SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, |
| 722 | const char __user *, name) |
| 723 | { |
| 724 | return path_removexattr(pathname, name, 0); |
| 725 | } |
| 726 | |
| 727 | SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) |
| 728 | { |
| 729 | struct fd f = fdget(fd); |
| 730 | int error = -EBADF; |
| 731 | |
| 732 | if (!f.file) |
| 733 | return error; |
| 734 | audit_file(f.file); |
| 735 | error = mnt_want_write_file(f.file); |
| 736 | if (!error) { |
| 737 | error = removexattr(f.file->f_path.dentry, name); |
| 738 | mnt_drop_write_file(f.file); |
| 739 | } |
| 740 | fdput(f); |
| 741 | return error; |
| 742 | } |
| 743 | |
| 744 | /* |
| 745 | * Combine the results of the list() operation from every xattr_handler in the |
| 746 | * list. |
| 747 | */ |
| 748 | ssize_t |
| 749 | generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) |
| 750 | { |
| 751 | const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; |
| 752 | unsigned int size = 0; |
| 753 | |
| 754 | if (!buffer) { |
| 755 | for_each_xattr_handler(handlers, handler) { |
| 756 | if (!handler->name || |
| 757 | (handler->list && !handler->list(dentry))) |
| 758 | continue; |
| 759 | size += strlen(handler->name) + 1; |
| 760 | } |
| 761 | } else { |
| 762 | char *buf = buffer; |
| 763 | size_t len; |
| 764 | |
| 765 | for_each_xattr_handler(handlers, handler) { |
| 766 | if (!handler->name || |
| 767 | (handler->list && !handler->list(dentry))) |
| 768 | continue; |
| 769 | len = strlen(handler->name); |
| 770 | if (len + 1 > buffer_size) |
| 771 | return -ERANGE; |
| 772 | memcpy(buf, handler->name, len + 1); |
| 773 | buf += len + 1; |
| 774 | buffer_size -= len + 1; |
| 775 | } |
| 776 | size = buf - buffer; |
| 777 | } |
| 778 | return size; |
| 779 | } |
| 780 | EXPORT_SYMBOL(generic_listxattr); |
| 781 | |
| 782 | /** |
| 783 | * xattr_full_name - Compute full attribute name from suffix |
| 784 | * |
| 785 | * @handler: handler of the xattr_handler operation |
| 786 | * @name: name passed to the xattr_handler operation |
| 787 | * |
| 788 | * The get and set xattr handler operations are called with the remainder of |
| 789 | * the attribute name after skipping the handler's prefix: for example, "foo" |
| 790 | * is passed to the get operation of a handler with prefix "user." to get |
| 791 | * attribute "user.foo". The full name is still "there" in the name though. |
| 792 | * |
| 793 | * Note: the list xattr handler operation when called from the vfs is passed a |
| 794 | * NULL name; some file systems use this operation internally, with varying |
| 795 | * semantics. |
| 796 | */ |
| 797 | const char *xattr_full_name(const struct xattr_handler *handler, |
| 798 | const char *name) |
| 799 | { |
| 800 | size_t prefix_len = strlen(xattr_prefix(handler)); |
| 801 | |
| 802 | return name - prefix_len; |
| 803 | } |
| 804 | EXPORT_SYMBOL(xattr_full_name); |
| 805 | |
| 806 | /* |
| 807 | * Allocate new xattr and copy in the value; but leave the name to callers. |
| 808 | */ |
| 809 | struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) |
| 810 | { |
| 811 | struct simple_xattr *new_xattr; |
| 812 | size_t len; |
| 813 | |
| 814 | /* wrap around? */ |
| 815 | len = sizeof(*new_xattr) + size; |
| 816 | if (len < sizeof(*new_xattr)) |
| 817 | return NULL; |
| 818 | |
| 819 | new_xattr = kmalloc(len, GFP_KERNEL); |
| 820 | if (!new_xattr) |
| 821 | return NULL; |
| 822 | |
| 823 | new_xattr->size = size; |
| 824 | memcpy(new_xattr->value, value, size); |
| 825 | return new_xattr; |
| 826 | } |
| 827 | |
| 828 | /* |
| 829 | * xattr GET operation for in-memory/pseudo filesystems |
| 830 | */ |
| 831 | int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, |
| 832 | void *buffer, size_t size) |
| 833 | { |
| 834 | struct simple_xattr *xattr; |
| 835 | int ret = -ENODATA; |
| 836 | |
| 837 | spin_lock(&xattrs->lock); |
| 838 | list_for_each_entry(xattr, &xattrs->head, list) { |
| 839 | if (strcmp(name, xattr->name)) |
| 840 | continue; |
| 841 | |
| 842 | ret = xattr->size; |
| 843 | if (buffer) { |
| 844 | if (size < xattr->size) |
| 845 | ret = -ERANGE; |
| 846 | else |
| 847 | memcpy(buffer, xattr->value, xattr->size); |
| 848 | } |
| 849 | break; |
| 850 | } |
| 851 | spin_unlock(&xattrs->lock); |
| 852 | return ret; |
| 853 | } |
| 854 | |
| 855 | /** |
| 856 | * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems |
| 857 | * @xattrs: target simple_xattr list |
| 858 | * @name: name of the extended attribute |
| 859 | * @value: value of the xattr. If %NULL, will remove the attribute. |
| 860 | * @size: size of the new xattr |
| 861 | * @flags: %XATTR_{CREATE|REPLACE} |
| 862 | * |
| 863 | * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails |
| 864 | * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; |
| 865 | * otherwise, fails with -ENODATA. |
| 866 | * |
| 867 | * Returns 0 on success, -errno on failure. |
| 868 | */ |
| 869 | int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, |
| 870 | const void *value, size_t size, int flags) |
| 871 | { |
| 872 | struct simple_xattr *xattr; |
| 873 | struct simple_xattr *new_xattr = NULL; |
| 874 | int err = 0; |
| 875 | |
| 876 | /* value == NULL means remove */ |
| 877 | if (value) { |
| 878 | new_xattr = simple_xattr_alloc(value, size); |
| 879 | if (!new_xattr) |
| 880 | return -ENOMEM; |
| 881 | |
| 882 | new_xattr->name = kstrdup(name, GFP_KERNEL); |
| 883 | if (!new_xattr->name) { |
| 884 | kfree(new_xattr); |
| 885 | return -ENOMEM; |
| 886 | } |
| 887 | } |
| 888 | |
| 889 | spin_lock(&xattrs->lock); |
| 890 | list_for_each_entry(xattr, &xattrs->head, list) { |
| 891 | if (!strcmp(name, xattr->name)) { |
| 892 | if (flags & XATTR_CREATE) { |
| 893 | xattr = new_xattr; |
| 894 | err = -EEXIST; |
| 895 | } else if (new_xattr) { |
| 896 | list_replace(&xattr->list, &new_xattr->list); |
| 897 | } else { |
| 898 | list_del(&xattr->list); |
| 899 | } |
| 900 | goto out; |
| 901 | } |
| 902 | } |
| 903 | if (flags & XATTR_REPLACE) { |
| 904 | xattr = new_xattr; |
| 905 | err = -ENODATA; |
| 906 | } else { |
| 907 | list_add(&new_xattr->list, &xattrs->head); |
| 908 | xattr = NULL; |
| 909 | } |
| 910 | out: |
| 911 | spin_unlock(&xattrs->lock); |
| 912 | if (xattr) { |
| 913 | kfree(xattr->name); |
| 914 | kfree(xattr); |
| 915 | } |
| 916 | return err; |
| 917 | |
| 918 | } |
| 919 | |
| 920 | static bool xattr_is_trusted(const char *name) |
| 921 | { |
| 922 | return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); |
| 923 | } |
| 924 | |
| 925 | static int xattr_list_one(char **buffer, ssize_t *remaining_size, |
| 926 | const char *name) |
| 927 | { |
| 928 | size_t len = strlen(name) + 1; |
| 929 | if (*buffer) { |
| 930 | if (*remaining_size < len) |
| 931 | return -ERANGE; |
| 932 | memcpy(*buffer, name, len); |
| 933 | *buffer += len; |
| 934 | } |
| 935 | *remaining_size -= len; |
| 936 | return 0; |
| 937 | } |
| 938 | |
| 939 | /* |
| 940 | * xattr LIST operation for in-memory/pseudo filesystems |
| 941 | */ |
| 942 | ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, |
| 943 | char *buffer, size_t size) |
| 944 | { |
| 945 | bool trusted = capable(CAP_SYS_ADMIN); |
| 946 | struct simple_xattr *xattr; |
| 947 | ssize_t remaining_size = size; |
| 948 | int err = 0; |
| 949 | |
| 950 | #ifdef CONFIG_FS_POSIX_ACL |
| 951 | if (IS_POSIXACL(inode)) { |
| 952 | if (inode->i_acl) { |
| 953 | err = xattr_list_one(&buffer, &remaining_size, |
| 954 | XATTR_NAME_POSIX_ACL_ACCESS); |
| 955 | if (err) |
| 956 | return err; |
| 957 | } |
| 958 | if (inode->i_default_acl) { |
| 959 | err = xattr_list_one(&buffer, &remaining_size, |
| 960 | XATTR_NAME_POSIX_ACL_DEFAULT); |
| 961 | if (err) |
| 962 | return err; |
| 963 | } |
| 964 | } |
| 965 | #endif |
| 966 | |
| 967 | spin_lock(&xattrs->lock); |
| 968 | list_for_each_entry(xattr, &xattrs->head, list) { |
| 969 | /* skip "trusted." attributes for unprivileged callers */ |
| 970 | if (!trusted && xattr_is_trusted(xattr->name)) |
| 971 | continue; |
| 972 | |
| 973 | err = xattr_list_one(&buffer, &remaining_size, xattr->name); |
| 974 | if (err) |
| 975 | break; |
| 976 | } |
| 977 | spin_unlock(&xattrs->lock); |
| 978 | |
| 979 | return err ? err : size - remaining_size; |
| 980 | } |
| 981 | |
| 982 | /* |
| 983 | * Adds an extended attribute to the list |
| 984 | */ |
| 985 | void simple_xattr_list_add(struct simple_xattrs *xattrs, |
| 986 | struct simple_xattr *new_xattr) |
| 987 | { |
| 988 | spin_lock(&xattrs->lock); |
| 989 | list_add(&new_xattr->list, &xattrs->head); |
| 990 | spin_unlock(&xattrs->lock); |
| 991 | } |