the-tree/fs/xattr.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003   File: fs/xattr.c
0004
0005   Extended attribute handling.
0006
0007   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
0008   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
0009   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
0010  */
0011 #include <linux/fs.h>
0012 #include <linux/slab.h>
0013 #include <linux/file.h>
0014 #include <linux/xattr.h>
0015 #include <linux/mount.h>
0016 #include <linux/namei.h>
0017 #include <linux/security.h>
0018 #include <linux/evm.h>
0019 #include <linux/syscalls.h>
0020 #include <linux/export.h>
0021 #include <linux/fsnotify.h>
0022 #include <linux/audit.h>
0023 #include <linux/vmalloc.h>
0024 #include <linux/posix_acl_xattr.h>
0025
0026 #include <linux/uaccess.h>
0027
0028 #include "internal.h"
0029
0030 static const char *
0031 strcmp_prefix(const char *a, const char *a_prefix)
0032 {
0033     while (*a_prefix && *a == *a_prefix) {
0034         a++;
0035         a_prefix++;
0036     }
0037     return *a_prefix ? NULL : a;
0038 }
0039
0040 /*
0041  * In order to implement different sets of xattr operations for each xattr
0042  * prefix, a filesystem should create a null-terminated array of struct
0043  * xattr_handler (one for each prefix) and hang a pointer to it off of the
0044  * s_xattr field of the superblock.
0045  */
0046 #define for_each_xattr_handler(handlers, handler)       \
0047     if (handlers)                       \
0048         for ((handler) = *(handlers)++;         \
0049             (handler) != NULL;          \
0050             (handler) = *(handlers)++)
0051
0052 /*
0053  * Find the xattr_handler with the matching prefix.
0054  */
0055 static const struct xattr_handler *
0056 xattr_resolve_name(struct inode *inode, const char **name)
0057 {
0058     const struct xattr_handler **handlers = inode->i_sb->s_xattr;
0059     const struct xattr_handler *handler;
0060
0061     if (!(inode->i_opflags & IOP_XATTR)) {
0062         if (unlikely(is_bad_inode(inode)))
0063             return ERR_PTR(-EIO);
0064         return ERR_PTR(-EOPNOTSUPP);
0065     }
0066     for_each_xattr_handler(handlers, handler) {
0067         const char *n;
0068
0069         n = strcmp_prefix(*name, xattr_prefix(handler));
0070         if (n) {
0071             if (!handler->prefix ^ !*n) {
0072                 if (*n)
0073                     continue;
0074                 return ERR_PTR(-EINVAL);
0075             }
0076             *name = n;
0077             return handler;
0078         }
0079     }
0080     return ERR_PTR(-EOPNOTSUPP);
0081 }
0082
0083 /*
0084  * Check permissions for extended attribute access.  This is a bit complicated
0085  * because different namespaces have very different rules.
0086  */
0087 static int
0088 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
0089          const char *name, int mask)
0090 {
0091     /*
0092      * We can never set or remove an extended attribute on a read-only
0093      * filesystem  or on an immutable / append-only inode.
0094      */
0095     if (mask & MAY_WRITE) {
0096         if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
0097             return -EPERM;
0098         /*
0099          * Updating an xattr will likely cause i_uid and i_gid
0100          * to be writen back improperly if their true value is
0101          * unknown to the vfs.
0102          */
0103         if (HAS_UNMAPPED_ID(mnt_userns, inode))
0104             return -EPERM;
0105     }
0106
0107     /*
0108      * No restriction for security.* and system.* from the VFS.  Decision
0109      * on these is left to the underlying filesystem / security module.
0110      */
0111     if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
0112         !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
0113         return 0;
0114
0115     /*
0116      * The trusted.* namespace can only be accessed by privileged users.
0117      */
0118     if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
0119         if (!capable(CAP_SYS_ADMIN))
0120             return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
0121         return 0;
0122     }
0123
0124     /*
0125      * In the user.* namespace, only regular files and directories can have
0126      * extended attributes. For sticky directories, only the owner and
0127      * privileged users can write attributes.
0128      */
0129     if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
0130         if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
0131             return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
0132         if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
0133             (mask & MAY_WRITE) &&
0134             !inode_owner_or_capable(mnt_userns, inode))
0135             return -EPERM;
0136     }
0137
0138     return inode_permission(mnt_userns, inode, mask);
0139 }
0140
0141 /*
0142  * Look for any handler that deals with the specified namespace.
0143  */
0144 int
0145 xattr_supported_namespace(struct inode *inode, const char *prefix)
0146 {
0147     const struct xattr_handler **handlers = inode->i_sb->s_xattr;
0148     const struct xattr_handler *handler;
0149     size_t preflen;
0150
0151     if (!(inode->i_opflags & IOP_XATTR)) {
0152         if (unlikely(is_bad_inode(inode)))
0153             return -EIO;
0154         return -EOPNOTSUPP;
0155     }
0156
0157     preflen = strlen(prefix);
0158
0159     for_each_xattr_handler(handlers, handler) {
0160         if (!strncmp(xattr_prefix(handler), prefix, preflen))
0161             return 0;
0162     }
0163
0164     return -EOPNOTSUPP;
0165 }
0166 EXPORT_SYMBOL(xattr_supported_namespace);
0167
0168 int
0169 __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
0170            struct inode *inode, const char *name, const void *value,
0171            size_t size, int flags)
0172 {
0173     const struct xattr_handler *handler;
0174
0175     handler = xattr_resolve_name(inode, &name);
0176     if (IS_ERR(handler))
0177         return PTR_ERR(handler);
0178     if (!handler->set)
0179         return -EOPNOTSUPP;
0180     if (size == 0)
0181         value = "";  /* empty EA, do not remove */
0182     return handler->set(handler, mnt_userns, dentry, inode, name, value,
0183                 size, flags);
0184 }
0185 EXPORT_SYMBOL(__vfs_setxattr);
0186
0187 /**
0188  *  __vfs_setxattr_noperm - perform setxattr operation without performing
0189  *  permission checks.
0190  *
0191  *  @mnt_userns: user namespace of the mount the inode was found from
0192  *  @dentry: object to perform setxattr on
0193  *  @name: xattr name to set
0194  *  @value: value to set @name to
0195  *  @size: size of @value
0196  *  @flags: flags to pass into filesystem operations
0197  *
0198  *  returns the result of the internal setxattr or setsecurity operations.
0199  *
0200  *  This function requires the caller to lock the inode's i_mutex before it
0201  *  is executed. It also assumes that the caller will make the appropriate
0202  *  permission checks.
0203  */
0204 int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
0205               struct dentry *dentry, const char *name,
0206               const void *value, size_t size, int flags)
0207 {
0208     struct inode *inode = dentry->d_inode;
0209     int error = -EAGAIN;
0210     int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
0211                    XATTR_SECURITY_PREFIX_LEN);
0212
0213     if (issec)
0214         inode->i_flags &= ~S_NOSEC;
0215     if (inode->i_opflags & IOP_XATTR) {
0216         error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
0217                        size, flags);
0218         if (!error) {
0219             fsnotify_xattr(dentry);
0220             security_inode_post_setxattr(dentry, name, value,
0221                              size, flags);
0222         }
0223     } else {
0224         if (unlikely(is_bad_inode(inode)))
0225             return -EIO;
0226     }
0227     if (error == -EAGAIN) {
0228         error = -EOPNOTSUPP;
0229
0230         if (issec) {
0231             const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
0232
0233             error = security_inode_setsecurity(inode, suffix, value,
0234                                size, flags);
0235             if (!error)
0236                 fsnotify_xattr(dentry);
0237         }
0238     }
0239
0240     return error;
0241 }
0242
0243 /**
0244  * __vfs_setxattr_locked - set an extended attribute while holding the inode
0245  * lock
0246  *
0247  *  @mnt_userns: user namespace of the mount of the target inode
0248  *  @dentry: object to perform setxattr on
0249  *  @name: xattr name to set
0250  *  @value: value to set @name to
0251  *  @size: size of @value
0252  *  @flags: flags to pass into filesystem operations
0253  *  @delegated_inode: on return, will contain an inode pointer that
0254  *  a delegation was broken on, NULL if none.
0255  */
0256 int
0257 __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
0258               const char *name, const void *value, size_t size,
0259               int flags, struct inode **delegated_inode)
0260 {
0261     struct inode *inode = dentry->d_inode;
0262     int error;
0263
0264     error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
0265     if (error)
0266         return error;
0267
0268     error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
0269                     flags);
0270     if (error)
0271         goto out;
0272
0273     error = try_break_deleg(inode, delegated_inode);
0274     if (error)
0275         goto out;
0276
0277     error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
0278                       size, flags);
0279
0280 out:
0281     return error;
0282 }
0283 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
0284
0285 static inline bool is_posix_acl_xattr(const char *name)
0286 {
0287     return (strcmp(name, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
0288            (strcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0);
0289 }
0290
0291 int
0292 vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
0293          const char *name, void *value, size_t size, int flags)
0294 {
0295     struct inode *inode = dentry->d_inode;
0296     struct inode *delegated_inode = NULL;
0297     const void  *orig_value = value;
0298     int error;
0299
0300     if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
0301         error = cap_convert_nscap(mnt_userns, dentry,
0302                       (const void **)&value, size);
0303         if (error < 0)
0304             return error;
0305         size = error;
0306     }
0307
0308     if (size && is_posix_acl_xattr(name))
0309         posix_acl_setxattr_idmapped_mnt(mnt_userns, inode, value, size);
0310
0311 retry_deleg:
0312     inode_lock(inode);
0313     error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
0314                       flags, &delegated_inode);
0315     inode_unlock(inode);
0316
0317     if (delegated_inode) {
0318         error = break_deleg_wait(&delegated_inode);
0319         if (!error)
0320             goto retry_deleg;
0321     }
0322     if (value != orig_value)
0323         kfree(value);
0324
0325     return error;
0326 }
0327 EXPORT_SYMBOL_GPL(vfs_setxattr);
0328
0329 static ssize_t
0330 xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
0331           const char *name, void *value, size_t size)
0332 {
0333     void *buffer = NULL;
0334     ssize_t len;
0335
0336     if (!value || !size) {
0337         len = security_inode_getsecurity(mnt_userns, inode, name,
0338                          &buffer, false);
0339         goto out_noalloc;
0340     }
0341
0342     len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
0343                      true);
0344     if (len < 0)
0345         return len;
0346     if (size < len) {
0347         len = -ERANGE;
0348         goto out;
0349     }
0350     memcpy(value, buffer, len);
0351 out:
0352     kfree(buffer);
0353 out_noalloc:
0354     return len;
0355 }
0356
0357 /*
0358  * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
0359  *
0360  * Allocate memory, if not already allocated, or re-allocate correct size,
0361  * before retrieving the extended attribute.
0362  *
0363  * Returns the result of alloc, if failed, or the getxattr operation.
0364  */
0365 ssize_t
0366 vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
0367            const char *name, char **xattr_value, size_t xattr_size,
0368            gfp_t flags)
0369 {
0370     const struct xattr_handler *handler;
0371     struct inode *inode = dentry->d_inode;
0372     char *value = *xattr_value;
0373     int error;
0374
0375     error = xattr_permission(mnt_userns, inode, name, MAY_READ);
0376     if (error)
0377         return error;
0378
0379     handler = xattr_resolve_name(inode, &name);
0380     if (IS_ERR(handler))
0381         return PTR_ERR(handler);
0382     if (!handler->get)
0383         return -EOPNOTSUPP;
0384     error = handler->get(handler, dentry, inode, name, NULL, 0);
0385     if (error < 0)
0386         return error;
0387
0388     if (!value || (error > xattr_size)) {
0389         value = krealloc(*xattr_value, error + 1, flags);
0390         if (!value)
0391             return -ENOMEM;
0392         memset(value, 0, error + 1);
0393     }
0394
0395     error = handler->get(handler, dentry, inode, name, value, error);
0396     *xattr_value = value;
0397     return error;
0398 }
0399
0400 ssize_t
0401 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
0402            void *value, size_t size)
0403 {
0404     const struct xattr_handler *handler;
0405
0406     handler = xattr_resolve_name(inode, &name);
0407     if (IS_ERR(handler))
0408         return PTR_ERR(handler);
0409     if (!handler->get)
0410         return -EOPNOTSUPP;
0411     return handler->get(handler, dentry, inode, name, value, size);
0412 }
0413 EXPORT_SYMBOL(__vfs_getxattr);
0414
0415 ssize_t
0416 vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
0417          const char *name, void *value, size_t size)
0418 {
0419     struct inode *inode = dentry->d_inode;
0420     int error;
0421
0422     error = xattr_permission(mnt_userns, inode, name, MAY_READ);
0423     if (error)
0424         return error;
0425
0426     error = security_inode_getxattr(dentry, name);
0427     if (error)
0428         return error;
0429
0430     if (!strncmp(name, XATTR_SECURITY_PREFIX,
0431                 XATTR_SECURITY_PREFIX_LEN)) {
0432         const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
0433         int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
0434                         size);
0435         /*
0436          * Only overwrite the return value if a security module
0437          * is actually active.
0438          */
0439         if (ret == -EOPNOTSUPP)
0440             goto nolsm;
0441         return ret;
0442     }
0443 nolsm:
0444     error = __vfs_getxattr(dentry, inode, name, value, size);
0445     if (error > 0 && is_posix_acl_xattr(name))
0446         posix_acl_getxattr_idmapped_mnt(mnt_userns, inode, value, size);
0447     return error;
0448 }
0449 EXPORT_SYMBOL_GPL(vfs_getxattr);
0450
0451 ssize_t
0452 vfs_listxattr(struct dentry *dentry, char *list, size_t size)
0453 {
0454     struct inode *inode = d_inode(dentry);
0455     ssize_t error;
0456
0457     error = security_inode_listxattr(dentry);
0458     if (error)
0459         return error;
0460     if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
0461         error = inode->i_op->listxattr(dentry, list, size);
0462     } else {
0463         error = security_inode_listsecurity(inode, list, size);
0464         if (size && error > size)
0465             error = -ERANGE;
0466     }
0467     return error;
0468 }
0469 EXPORT_SYMBOL_GPL(vfs_listxattr);
0470
0471 int
0472 __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
0473           const char *name)
0474 {
0475     struct inode *inode = d_inode(dentry);
0476     const struct xattr_handler *handler;
0477
0478     handler = xattr_resolve_name(inode, &name);
0479     if (IS_ERR(handler))
0480         return PTR_ERR(handler);
0481     if (!handler->set)
0482         return -EOPNOTSUPP;
0483     return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
0484                 XATTR_REPLACE);
0485 }
0486 EXPORT_SYMBOL(__vfs_removexattr);
0487
0488 /**
0489  * __vfs_removexattr_locked - set an extended attribute while holding the inode
0490  * lock
0491  *
0492  *  @mnt_userns: user namespace of the mount of the target inode
0493  *  @dentry: object to perform setxattr on
0494  *  @name: name of xattr to remove
0495  *  @delegated_inode: on return, will contain an inode pointer that
0496  *  a delegation was broken on, NULL if none.
0497  */
0498 int
0499 __vfs_removexattr_locked(struct user_namespace *mnt_userns,
0500              struct dentry *dentry, const char *name,
0501              struct inode **delegated_inode)
0502 {
0503     struct inode *inode = dentry->d_inode;
0504     int error;
0505
0506     error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
0507     if (error)
0508         return error;
0509
0510     error = security_inode_removexattr(mnt_userns, dentry, name);
0511     if (error)
0512         goto out;
0513
0514     error = try_break_deleg(inode, delegated_inode);
0515     if (error)
0516         goto out;
0517
0518     error = __vfs_removexattr(mnt_userns, dentry, name);
0519
0520     if (!error) {
0521         fsnotify_xattr(dentry);
0522         evm_inode_post_removexattr(dentry, name);
0523     }
0524
0525 out:
0526     return error;
0527 }
0528 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
0529
0530 int
0531 vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
0532         const char *name)
0533 {
0534     struct inode *inode = dentry->d_inode;
0535     struct inode *delegated_inode = NULL;
0536     int error;
0537
0538 retry_deleg:
0539     inode_lock(inode);
0540     error = __vfs_removexattr_locked(mnt_userns, dentry,
0541                      name, &delegated_inode);
0542     inode_unlock(inode);
0543
0544     if (delegated_inode) {
0545         error = break_deleg_wait(&delegated_inode);
0546         if (!error)
0547             goto retry_deleg;
0548     }
0549
0550     return error;
0551 }
0552 EXPORT_SYMBOL_GPL(vfs_removexattr);
0553
0554 /*
0555  * Extended attribute SET operations
0556  */
0557
0558 int setxattr_copy(const char __user *name, struct xattr_ctx *ctx)
0559 {
0560     int error;
0561
0562     if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE))
0563         return -EINVAL;
0564
0565     error = strncpy_from_user(ctx->kname->name, name,
0566                 sizeof(ctx->kname->name));
0567     if (error == 0 || error == sizeof(ctx->kname->name))
0568         return  -ERANGE;
0569     if (error < 0)
0570         return error;
0571
0572     error = 0;
0573     if (ctx->size) {
0574         if (ctx->size > XATTR_SIZE_MAX)
0575             return -E2BIG;
0576
0577         ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size);
0578         if (IS_ERR(ctx->kvalue)) {
0579             error = PTR_ERR(ctx->kvalue);
0580             ctx->kvalue = NULL;
0581         }
0582     }
0583
0584     return error;
0585 }
0586
0587 static void setxattr_convert(struct user_namespace *mnt_userns,
0588                  struct dentry *d, struct xattr_ctx *ctx)
0589 {
0590     if (ctx->size &&
0591         ((strcmp(ctx->kname->name, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
0592         (strcmp(ctx->kname->name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)))
0593         posix_acl_fix_xattr_from_user(ctx->kvalue, ctx->size);
0594 }
0595
0596 int do_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
0597         struct xattr_ctx *ctx)
0598 {
0599     setxattr_convert(mnt_userns, dentry, ctx);
0600     return vfs_setxattr(mnt_userns, dentry, ctx->kname->name,
0601             ctx->kvalue, ctx->size, ctx->flags);
0602 }
0603
0604 static long
0605 setxattr(struct user_namespace *mnt_userns, struct dentry *d,
0606     const char __user *name, const void __user *value, size_t size,
0607     int flags)
0608 {
0609     struct xattr_name kname;
0610     struct xattr_ctx ctx = {
0611         .cvalue   = value,
0612         .kvalue   = NULL,
0613         .size     = size,
0614         .kname    = &kname,
0615         .flags    = flags,
0616     };
0617     int error;
0618
0619     error = setxattr_copy(name, &ctx);
0620     if (error)
0621         return error;
0622
0623     error = do_setxattr(mnt_userns, d, &ctx);
0624
0625     kvfree(ctx.kvalue);
0626     return error;
0627 }
0628
0629 static int path_setxattr(const char __user *pathname,
0630              const char __user *name, const void __user *value,
0631              size_t size, int flags, unsigned int lookup_flags)
0632 {
0633     struct path path;
0634     int error;
0635
0636 retry:
0637     error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
0638     if (error)
0639         return error;
0640     error = mnt_want_write(path.mnt);
0641     if (!error) {
0642         error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
0643                  value, size, flags);
0644         mnt_drop_write(path.mnt);
0645     }
0646     path_put(&path);
0647     if (retry_estale(error, lookup_flags)) {
0648         lookup_flags |= LOOKUP_REVAL;
0649         goto retry;
0650     }
0651     return error;
0652 }
0653
0654 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
0655         const char __user *, name, const void __user *, value,
0656         size_t, size, int, flags)
0657 {
0658     return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
0659 }
0660
0661 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
0662         const char __user *, name, const void __user *, value,
0663         size_t, size, int, flags)
0664 {
0665     return path_setxattr(pathname, name, value, size, flags, 0);
0666 }
0667
0668 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
0669         const void __user *,value, size_t, size, int, flags)
0670 {
0671     struct fd f = fdget(fd);
0672     int error = -EBADF;
0673
0674     if (!f.file)
0675         return error;
0676     audit_file(f.file);
0677     error = mnt_want_write_file(f.file);
0678     if (!error) {
0679         error = setxattr(file_mnt_user_ns(f.file),
0680                  f.file->f_path.dentry, name,
0681                  value, size, flags);
0682         mnt_drop_write_file(f.file);
0683     }
0684     fdput(f);
0685     return error;
0686 }
0687
0688 /*
0689  * Extended attribute GET operations
0690  */
0691 ssize_t
0692 do_getxattr(struct user_namespace *mnt_userns, struct dentry *d,
0693     struct xattr_ctx *ctx)
0694 {
0695     ssize_t error;
0696     char *kname = ctx->kname->name;
0697
0698     if (ctx->size) {
0699         if (ctx->size > XATTR_SIZE_MAX)
0700             ctx->size = XATTR_SIZE_MAX;
0701         ctx->kvalue = kvzalloc(ctx->size, GFP_KERNEL);
0702         if (!ctx->kvalue)
0703             return -ENOMEM;
0704     }
0705
0706     error = vfs_getxattr(mnt_userns, d, kname, ctx->kvalue, ctx->size);
0707     if (error > 0) {
0708         if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
0709             (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
0710             posix_acl_fix_xattr_to_user(ctx->kvalue, error);
0711         if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error))
0712             error = -EFAULT;
0713     } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) {
0714         /* The file system tried to returned a value bigger
0715            than XATTR_SIZE_MAX bytes. Not possible. */
0716         error = -E2BIG;
0717     }
0718
0719     return error;
0720 }
0721
0722 static ssize_t
0723 getxattr(struct user_namespace *mnt_userns, struct dentry *d,
0724      const char __user *name, void __user *value, size_t size)
0725 {
0726     ssize_t error;
0727     struct xattr_name kname;
0728     struct xattr_ctx ctx = {
0729         .value    = value,
0730         .kvalue   = NULL,
0731         .size     = size,
0732         .kname    = &kname,
0733         .flags    = 0,
0734     };
0735
0736     error = strncpy_from_user(kname.name, name, sizeof(kname.name));
0737     if (error == 0 || error == sizeof(kname.name))
0738         error = -ERANGE;
0739     if (error < 0)
0740         return error;
0741
0742     error =  do_getxattr(mnt_userns, d, &ctx);
0743
0744     kvfree(ctx.kvalue);
0745     return error;
0746 }
0747
0748 static ssize_t path_getxattr(const char __user *pathname,
0749                  const char __user *name, void __user *value,
0750                  size_t size, unsigned int lookup_flags)
0751 {
0752     struct path path;
0753     ssize_t error;
0754 retry:
0755     error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
0756     if (error)
0757         return error;
0758     error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
0759     path_put(&path);
0760     if (retry_estale(error, lookup_flags)) {
0761         lookup_flags |= LOOKUP_REVAL;
0762         goto retry;
0763     }
0764     return error;
0765 }
0766
0767 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
0768         const char __user *, name, void __user *, value, size_t, size)
0769 {
0770     return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
0771 }
0772
0773 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
0774         const char __user *, name, void __user *, value, size_t, size)
0775 {
0776     return path_getxattr(pathname, name, value, size, 0);
0777 }
0778
0779 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
0780         void __user *, value, size_t, size)
0781 {
0782     struct fd f = fdget(fd);
0783     ssize_t error = -EBADF;
0784
0785     if (!f.file)
0786         return error;
0787     audit_file(f.file);
0788     error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
0789              name, value, size);
0790     fdput(f);
0791     return error;
0792 }
0793
0794 /*
0795  * Extended attribute LIST operations
0796  */
0797 static ssize_t
0798 listxattr(struct dentry *d, char __user *list, size_t size)
0799 {
0800     ssize_t error;
0801     char *klist = NULL;
0802
0803     if (size) {
0804         if (size > XATTR_LIST_MAX)
0805             size = XATTR_LIST_MAX;
0806         klist = kvmalloc(size, GFP_KERNEL);
0807         if (!klist)
0808             return -ENOMEM;
0809     }
0810
0811     error = vfs_listxattr(d, klist, size);
0812     if (error > 0) {
0813         if (size && copy_to_user(list, klist, error))
0814             error = -EFAULT;
0815     } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
0816         /* The file system tried to returned a list bigger
0817            than XATTR_LIST_MAX bytes. Not possible. */
0818         error = -E2BIG;
0819     }
0820
0821     kvfree(klist);
0822
0823     return error;
0824 }
0825
0826 static ssize_t path_listxattr(const char __user *pathname, char __user *list,
0827                   size_t size, unsigned int lookup_flags)
0828 {
0829     struct path path;
0830     ssize_t error;
0831 retry:
0832     error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
0833     if (error)
0834         return error;
0835     error = listxattr(path.dentry, list, size);
0836     path_put(&path);
0837     if (retry_estale(error, lookup_flags)) {
0838         lookup_flags |= LOOKUP_REVAL;
0839         goto retry;
0840     }
0841     return error;
0842 }
0843
0844 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
0845         size_t, size)
0846 {
0847     return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
0848 }
0849
0850 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
0851         size_t, size)
0852 {
0853     return path_listxattr(pathname, list, size, 0);
0854 }
0855
0856 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
0857 {
0858     struct fd f = fdget(fd);
0859     ssize_t error = -EBADF;
0860
0861     if (!f.file)
0862         return error;
0863     audit_file(f.file);
0864     error = listxattr(f.file->f_path.dentry, list, size);
0865     fdput(f);
0866     return error;
0867 }
0868
0869 /*
0870  * Extended attribute REMOVE operations
0871  */
0872 static long
0873 removexattr(struct user_namespace *mnt_userns, struct dentry *d,
0874         const char __user *name)
0875 {
0876     int error;
0877     char kname[XATTR_NAME_MAX + 1];
0878
0879     error = strncpy_from_user(kname, name, sizeof(kname));
0880     if (error == 0 || error == sizeof(kname))
0881         error = -ERANGE;
0882     if (error < 0)
0883         return error;
0884
0885     return vfs_removexattr(mnt_userns, d, kname);
0886 }
0887
0888 static int path_removexattr(const char __user *pathname,
0889                 const char __user *name, unsigned int lookup_flags)
0890 {
0891     struct path path;
0892     int error;
0893 retry:
0894     error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
0895     if (error)
0896         return error;
0897     error = mnt_want_write(path.mnt);
0898     if (!error) {
0899         error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
0900         mnt_drop_write(path.mnt);
0901     }
0902     path_put(&path);
0903     if (retry_estale(error, lookup_flags)) {
0904         lookup_flags |= LOOKUP_REVAL;
0905         goto retry;
0906     }
0907     return error;
0908 }
0909
0910 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
0911         const char __user *, name)
0912 {
0913     return path_removexattr(pathname, name, LOOKUP_FOLLOW);
0914 }
0915
0916 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
0917         const char __user *, name)
0918 {
0919     return path_removexattr(pathname, name, 0);
0920 }
0921
0922 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
0923 {
0924     struct fd f = fdget(fd);
0925     int error = -EBADF;
0926
0927     if (!f.file)
0928         return error;
0929     audit_file(f.file);
0930     error = mnt_want_write_file(f.file);
0931     if (!error) {
0932         error = removexattr(file_mnt_user_ns(f.file),
0933                     f.file->f_path.dentry, name);
0934         mnt_drop_write_file(f.file);
0935     }
0936     fdput(f);
0937     return error;
0938 }
0939
0940 /*
0941  * Combine the results of the list() operation from every xattr_handler in the
0942  * list.
0943  */
0944 ssize_t
0945 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
0946 {
0947     const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
0948     unsigned int size = 0;
0949
0950     if (!buffer) {
0951         for_each_xattr_handler(handlers, handler) {
0952             if (!handler->name ||
0953                 (handler->list && !handler->list(dentry)))
0954                 continue;
0955             size += strlen(handler->name) + 1;
0956         }
0957     } else {
0958         char *buf = buffer;
0959         size_t len;
0960
0961         for_each_xattr_handler(handlers, handler) {
0962             if (!handler->name ||
0963                 (handler->list && !handler->list(dentry)))
0964                 continue;
0965             len = strlen(handler->name);
0966             if (len + 1 > buffer_size)
0967                 return -ERANGE;
0968             memcpy(buf, handler->name, len + 1);
0969             buf += len + 1;
0970             buffer_size -= len + 1;
0971         }
0972         size = buf - buffer;
0973     }
0974     return size;
0975 }
0976 EXPORT_SYMBOL(generic_listxattr);
0977
0978 /**
0979  * xattr_full_name  -  Compute full attribute name from suffix
0980  *
0981  * @handler:    handler of the xattr_handler operation
0982  * @name:   name passed to the xattr_handler operation
0983  *
0984  * The get and set xattr handler operations are called with the remainder of
0985  * the attribute name after skipping the handler's prefix: for example, "foo"
0986  * is passed to the get operation of a handler with prefix "user." to get
0987  * attribute "user.foo".  The full name is still "there" in the name though.
0988  *
0989  * Note: the list xattr handler operation when called from the vfs is passed a
0990  * NULL name; some file systems use this operation internally, with varying
0991  * semantics.
0992  */
0993 const char *xattr_full_name(const struct xattr_handler *handler,
0994                 const char *name)
0995 {
0996     size_t prefix_len = strlen(xattr_prefix(handler));
0997
0998     return name - prefix_len;
0999 }
1000 EXPORT_SYMBOL(xattr_full_name);
1001
1002 /*
1003  * Allocate new xattr and copy in the value; but leave the name to callers.
1004  */
1005 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
1006 {
1007     struct simple_xattr *new_xattr;
1008     size_t len;
1009
1010     /* wrap around? */
1011     len = sizeof(*new_xattr) + size;
1012     if (len < sizeof(*new_xattr))
1013         return NULL;
1014
1015     new_xattr = kvmalloc(len, GFP_KERNEL);
1016     if (!new_xattr)
1017         return NULL;
1018
1019     new_xattr->size = size;
1020     memcpy(new_xattr->value, value, size);
1021     return new_xattr;
1022 }
1023
1024 /*
1025  * xattr GET operation for in-memory/pseudo filesystems
1026  */
1027 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
1028              void *buffer, size_t size)
1029 {
1030     struct simple_xattr *xattr;
1031     int ret = -ENODATA;
1032
1033     spin_lock(&xattrs->lock);
1034     list_for_each_entry(xattr, &xattrs->head, list) {
1035         if (strcmp(name, xattr->name))
1036             continue;
1037
1038         ret = xattr->size;
1039         if (buffer) {
1040             if (size < xattr->size)
1041                 ret = -ERANGE;
1042             else
1043                 memcpy(buffer, xattr->value, xattr->size);
1044         }
1045         break;
1046     }
1047     spin_unlock(&xattrs->lock);
1048     return ret;
1049 }
1050
1051 /**
1052  * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
1053  * @xattrs: target simple_xattr list
1054  * @name: name of the extended attribute
1055  * @value: value of the xattr. If %NULL, will remove the attribute.
1056  * @size: size of the new xattr
1057  * @flags: %XATTR_{CREATE|REPLACE}
1058  * @removed_size: returns size of the removed xattr, -1 if none removed
1059  *
1060  * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
1061  * with -EEXIST.  If %XATTR_REPLACE is set, the xattr should exist;
1062  * otherwise, fails with -ENODATA.
1063  *
1064  * Returns 0 on success, -errno on failure.
1065  */
1066 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
1067              const void *value, size_t size, int flags,
1068              ssize_t *removed_size)
1069 {
1070     struct simple_xattr *xattr;
1071     struct simple_xattr *new_xattr = NULL;
1072     int err = 0;
1073
1074     if (removed_size)
1075         *removed_size = -1;
1076
1077     /* value == NULL means remove */
1078     if (value) {
1079         new_xattr = simple_xattr_alloc(value, size);
1080         if (!new_xattr)
1081             return -ENOMEM;
1082
1083         new_xattr->name = kstrdup(name, GFP_KERNEL);
1084         if (!new_xattr->name) {
1085             kvfree(new_xattr);
1086             return -ENOMEM;
1087         }
1088     }
1089
1090     spin_lock(&xattrs->lock);
1091     list_for_each_entry(xattr, &xattrs->head, list) {
1092         if (!strcmp(name, xattr->name)) {
1093             if (flags & XATTR_CREATE) {
1094                 xattr = new_xattr;
1095                 err = -EEXIST;
1096             } else if (new_xattr) {
1097                 list_replace(&xattr->list, &new_xattr->list);
1098                 if (removed_size)
1099                     *removed_size = xattr->size;
1100             } else {
1101                 list_del(&xattr->list);
1102                 if (removed_size)
1103                     *removed_size = xattr->size;
1104             }
1105             goto out;
1106         }
1107     }
1108     if (flags & XATTR_REPLACE) {
1109         xattr = new_xattr;
1110         err = -ENODATA;
1111     } else {
1112         list_add(&new_xattr->list, &xattrs->head);
1113         xattr = NULL;
1114     }
1115 out:
1116     spin_unlock(&xattrs->lock);
1117     if (xattr) {
1118         kfree(xattr->name);
1119         kvfree(xattr);
1120     }
1121     return err;
1122
1123 }
1124
1125 static bool xattr_is_trusted(const char *name)
1126 {
1127     return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
1128 }
1129
1130 static int xattr_list_one(char **buffer, ssize_t *remaining_size,
1131               const char *name)
1132 {
1133     size_t len = strlen(name) + 1;
1134     if (*buffer) {
1135         if (*remaining_size < len)
1136             return -ERANGE;
1137         memcpy(*buffer, name, len);
1138         *buffer += len;
1139     }
1140     *remaining_size -= len;
1141     return 0;
1142 }
1143
1144 /*
1145  * xattr LIST operation for in-memory/pseudo filesystems
1146  */
1147 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1148               char *buffer, size_t size)
1149 {
1150     bool trusted = capable(CAP_SYS_ADMIN);
1151     struct simple_xattr *xattr;
1152     ssize_t remaining_size = size;
1153     int err = 0;
1154
1155 #ifdef CONFIG_FS_POSIX_ACL
1156     if (IS_POSIXACL(inode)) {
1157         if (inode->i_acl) {
1158             err = xattr_list_one(&buffer, &remaining_size,
1159                          XATTR_NAME_POSIX_ACL_ACCESS);
1160             if (err)
1161                 return err;
1162         }
1163         if (inode->i_default_acl) {
1164             err = xattr_list_one(&buffer, &remaining_size,
1165                          XATTR_NAME_POSIX_ACL_DEFAULT);
1166             if (err)
1167                 return err;
1168         }
1169     }
1170 #endif
1171
1172     spin_lock(&xattrs->lock);
1173     list_for_each_entry(xattr, &xattrs->head, list) {
1174         /* skip "trusted." attributes for unprivileged callers */
1175         if (!trusted && xattr_is_trusted(xattr->name))
1176             continue;
1177
1178         err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1179         if (err)
1180             break;
1181     }
1182     spin_unlock(&xattrs->lock);
1183
1184     return err ? err : size - remaining_size;
1185 }
1186
1187 /*
1188  * Adds an extended attribute to the list
1189  */
1190 void simple_xattr_list_add(struct simple_xattrs *xattrs,
1191                struct simple_xattr *new_xattr)
1192 {
1193     spin_lock(&xattrs->lock);
1194     list_add(&new_xattr->list, &xattrs->head);
1195     spin_unlock(&xattrs->lock);
1196 }