Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-only
2 : /*
3 : File: fs/xattr.c
4 :
5 : Extended attribute handling.
6 :
7 : Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8 : Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9 : Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 : */
11 : #include <linux/fs.h>
12 : #include <linux/slab.h>
13 : #include <linux/file.h>
14 : #include <linux/xattr.h>
15 : #include <linux/mount.h>
16 : #include <linux/namei.h>
17 : #include <linux/security.h>
18 : #include <linux/evm.h>
19 : #include <linux/syscalls.h>
20 : #include <linux/export.h>
21 : #include <linux/fsnotify.h>
22 : #include <linux/audit.h>
23 : #include <linux/vmalloc.h>
24 : #include <linux/posix_acl_xattr.h>
25 :
26 : #include <linux/uaccess.h>
27 :
28 : static const char *
29 4961 : strcmp_prefix(const char *a, const char *a_prefix)
30 : {
31 8103 : while (*a_prefix && *a == *a_prefix) {
32 3142 : a++;
33 3142 : a_prefix++;
34 : }
35 4961 : return *a_prefix ? NULL : a;
36 : }
37 :
38 : /*
39 : * In order to implement different sets of xattr operations for each xattr
40 : * prefix, a filesystem should create a null-terminated array of struct
41 : * xattr_handler (one for each prefix) and hang a pointer to it off of the
42 : * s_xattr field of the superblock.
43 : */
44 : #define for_each_xattr_handler(handlers, handler) \
45 : if (handlers) \
46 : for ((handler) = *(handlers)++; \
47 : (handler) != NULL; \
48 : (handler) = *(handlers)++)
49 :
50 : /*
51 : * Find the xattr_handler with the matching prefix.
52 : */
53 : static const struct xattr_handler *
54 1880 : xattr_resolve_name(struct inode *inode, const char **name)
55 : {
56 1880 : const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 1880 : const struct xattr_handler *handler;
58 :
59 1880 : if (!(inode->i_opflags & IOP_XATTR)) {
60 5 : if (unlikely(is_bad_inode(inode)))
61 1880 : return ERR_PTR(-EIO);
62 5 : return ERR_PTR(-EOPNOTSUPP);
63 : }
64 6476 : for_each_xattr_handler(handlers, handler) {
65 4961 : const char *n;
66 :
67 9562 : n = strcmp_prefix(*name, xattr_prefix(handler));
68 360 : if (n) {
69 360 : if (!handler->prefix ^ !*n) {
70 0 : if (*n)
71 0 : continue;
72 1880 : return ERR_PTR(-EINVAL);
73 : }
74 360 : *name = n;
75 360 : return handler;
76 : }
77 : }
78 1880 : return ERR_PTR(-EOPNOTSUPP);
79 : }
80 :
81 : /*
82 : * Check permissions for extended attribute access. This is a bit complicated
83 : * because different namespaces have very different rules.
84 : */
85 : static int
86 142 : xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
87 : const char *name, int mask)
88 : {
89 : /*
90 : * We can never set or remove an extended attribute on a read-only
91 : * filesystem or on an immutable / append-only inode.
92 : */
93 142 : if (mask & MAY_WRITE) {
94 69 : if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
95 : return -EPERM;
96 : /*
97 : * Updating an xattr will likely cause i_uid and i_gid
98 : * to be writen back improperly if their true value is
99 : * unknown to the vfs.
100 : */
101 138 : if (HAS_UNMAPPED_ID(mnt_userns, inode))
102 : return -EPERM;
103 : }
104 :
105 : /*
106 : * No restriction for security.* and system.* from the VFS. Decision
107 : * on these is left to the underlying filesystem / security module.
108 : */
109 142 : if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
110 142 : !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
111 : return 0;
112 :
113 : /*
114 : * The trusted.* namespace can only be accessed by privileged users.
115 : */
116 108 : if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
117 107 : if (!capable(CAP_SYS_ADMIN))
118 0 : return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
119 : return 0;
120 : }
121 :
122 : /*
123 : * In the user.* namespace, only regular files and directories can have
124 : * extended attributes. For sticky directories, only the owner and
125 : * privileged users can write attributes.
126 : */
127 1 : if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
128 1 : if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
129 0 : return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
130 1 : if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
131 0 : (mask & MAY_WRITE) &&
132 0 : !inode_owner_or_capable(mnt_userns, inode))
133 : return -EPERM;
134 : }
135 :
136 1 : return inode_permission(mnt_userns, inode, mask);
137 : }
138 :
139 : /*
140 : * Look for any handler that deals with the specified namespace.
141 : */
142 : int
143 0 : xattr_supported_namespace(struct inode *inode, const char *prefix)
144 : {
145 0 : const struct xattr_handler **handlers = inode->i_sb->s_xattr;
146 0 : const struct xattr_handler *handler;
147 0 : size_t preflen;
148 :
149 0 : if (!(inode->i_opflags & IOP_XATTR)) {
150 0 : if (unlikely(is_bad_inode(inode)))
151 : return -EIO;
152 0 : return -EOPNOTSUPP;
153 : }
154 :
155 0 : preflen = strlen(prefix);
156 :
157 0 : for_each_xattr_handler(handlers, handler) {
158 0 : if (!strncmp(xattr_prefix(handler), prefix, preflen))
159 : return 0;
160 : }
161 :
162 : return -EOPNOTSUPP;
163 : }
164 : EXPORT_SYMBOL(xattr_supported_namespace);
165 :
166 : int
167 61 : __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
168 : struct inode *inode, const char *name, const void *value,
169 : size_t size, int flags)
170 : {
171 61 : const struct xattr_handler *handler;
172 :
173 61 : handler = xattr_resolve_name(inode, &name);
174 61 : if (IS_ERR(handler))
175 2 : return PTR_ERR(handler);
176 59 : if (!handler->set)
177 : return -EOPNOTSUPP;
178 59 : if (size == 0)
179 6 : value = ""; /* empty EA, do not remove */
180 59 : return handler->set(handler, mnt_userns, dentry, inode, name, value,
181 : size, flags);
182 : }
183 : EXPORT_SYMBOL(__vfs_setxattr);
184 :
185 : /**
186 : * __vfs_setxattr_noperm - perform setxattr operation without performing
187 : * permission checks.
188 : *
189 : * @mnt_userns - user namespace of the mount the inode was found from
190 : * @dentry - object to perform setxattr on
191 : * @name - xattr name to set
192 : * @value - value to set @name to
193 : * @size - size of @value
194 : * @flags - flags to pass into filesystem operations
195 : *
196 : * returns the result of the internal setxattr or setsecurity operations.
197 : *
198 : * This function requires the caller to lock the inode's i_mutex before it
199 : * is executed. It also assumes that the caller will make the appropriate
200 : * permission checks.
201 : */
202 61 : int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
203 : struct dentry *dentry, const char *name,
204 : const void *value, size_t size, int flags)
205 : {
206 61 : struct inode *inode = dentry->d_inode;
207 61 : int error = -EAGAIN;
208 61 : int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
209 : XATTR_SECURITY_PREFIX_LEN);
210 :
211 61 : if (issec)
212 0 : inode->i_flags &= ~S_NOSEC;
213 61 : if (inode->i_opflags & IOP_XATTR) {
214 61 : error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
215 : size, flags);
216 61 : if (!error) {
217 59 : fsnotify_xattr(dentry);
218 59 : security_inode_post_setxattr(dentry, name, value,
219 : size, flags);
220 : }
221 : } else {
222 0 : if (unlikely(is_bad_inode(inode)))
223 : return -EIO;
224 : }
225 61 : if (error == -EAGAIN) {
226 0 : error = -EOPNOTSUPP;
227 :
228 0 : if (issec) {
229 0 : const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
230 :
231 0 : error = security_inode_setsecurity(inode, suffix, value,
232 : size, flags);
233 0 : if (!error)
234 0 : fsnotify_xattr(dentry);
235 : }
236 : }
237 :
238 : return error;
239 : }
240 :
241 : /**
242 : * __vfs_setxattr_locked - set an extended attribute while holding the inode
243 : * lock
244 : *
245 : * @dentry: object to perform setxattr on
246 : * @name: xattr name to set
247 : * @value: value to set @name to
248 : * @size: size of @value
249 : * @flags: flags to pass into filesystem operations
250 : * @delegated_inode: on return, will contain an inode pointer that
251 : * a delegation was broken on, NULL if none.
252 : */
253 : int
254 61 : __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
255 : const char *name, const void *value, size_t size,
256 : int flags, struct inode **delegated_inode)
257 : {
258 61 : struct inode *inode = dentry->d_inode;
259 61 : int error;
260 :
261 61 : error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
262 61 : if (error)
263 : return error;
264 :
265 61 : error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
266 : flags);
267 61 : if (error)
268 0 : goto out;
269 :
270 61 : error = try_break_deleg(inode, delegated_inode);
271 61 : if (error)
272 0 : goto out;
273 :
274 61 : error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
275 : size, flags);
276 :
277 : out:
278 : return error;
279 : }
280 : EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
281 :
282 : int
283 61 : vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
284 : const char *name, const void *value, size_t size, int flags)
285 : {
286 61 : struct inode *inode = dentry->d_inode;
287 61 : struct inode *delegated_inode = NULL;
288 61 : const void *orig_value = value;
289 61 : int error;
290 :
291 61 : if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
292 0 : error = cap_convert_nscap(mnt_userns, dentry, &value, size);
293 0 : if (error < 0)
294 : return error;
295 0 : size = error;
296 : }
297 :
298 61 : retry_deleg:
299 61 : inode_lock(inode);
300 61 : error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
301 : flags, &delegated_inode);
302 61 : inode_unlock(inode);
303 :
304 61 : if (delegated_inode) {
305 0 : error = break_deleg_wait(&delegated_inode);
306 0 : if (!error)
307 0 : goto retry_deleg;
308 : }
309 61 : if (value != orig_value)
310 0 : kfree(value);
311 :
312 : return error;
313 : }
314 : EXPORT_SYMBOL_GPL(vfs_setxattr);
315 :
316 : static ssize_t
317 0 : xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
318 : const char *name, void *value, size_t size)
319 : {
320 0 : void *buffer = NULL;
321 0 : ssize_t len;
322 :
323 0 : if (!value || !size) {
324 0 : len = security_inode_getsecurity(mnt_userns, inode, name,
325 : &buffer, false);
326 0 : goto out_noalloc;
327 : }
328 :
329 0 : len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
330 : true);
331 0 : if (len < 0)
332 : return len;
333 0 : if (size < len) {
334 0 : len = -ERANGE;
335 0 : goto out;
336 : }
337 0 : memcpy(value, buffer, len);
338 0 : out:
339 0 : kfree(buffer);
340 : out_noalloc:
341 : return len;
342 : }
343 :
344 : /*
345 : * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
346 : *
347 : * Allocate memory, if not already allocated, or re-allocate correct size,
348 : * before retrieving the extended attribute.
349 : *
350 : * Returns the result of alloc, if failed, or the getxattr operation.
351 : */
352 : ssize_t
353 0 : vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
354 : const char *name, char **xattr_value, size_t xattr_size,
355 : gfp_t flags)
356 : {
357 0 : const struct xattr_handler *handler;
358 0 : struct inode *inode = dentry->d_inode;
359 0 : char *value = *xattr_value;
360 0 : int error;
361 :
362 0 : error = xattr_permission(mnt_userns, inode, name, MAY_READ);
363 0 : if (error)
364 0 : return error;
365 :
366 0 : handler = xattr_resolve_name(inode, &name);
367 0 : if (IS_ERR(handler))
368 0 : return PTR_ERR(handler);
369 0 : if (!handler->get)
370 : return -EOPNOTSUPP;
371 0 : error = handler->get(handler, dentry, inode, name, NULL, 0);
372 0 : if (error < 0)
373 0 : return error;
374 :
375 0 : if (!value || (error > xattr_size)) {
376 0 : value = krealloc(*xattr_value, error + 1, flags);
377 0 : if (!value)
378 : return -ENOMEM;
379 0 : memset(value, 0, error + 1);
380 : }
381 :
382 0 : error = handler->get(handler, dentry, inode, name, value, error);
383 0 : *xattr_value = value;
384 0 : return error;
385 : }
386 :
387 : ssize_t
388 1811 : __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
389 : void *value, size_t size)
390 : {
391 1811 : const struct xattr_handler *handler;
392 :
393 1811 : handler = xattr_resolve_name(inode, &name);
394 1811 : if (IS_ERR(handler))
395 1512 : return PTR_ERR(handler);
396 299 : if (!handler->get)
397 : return -EOPNOTSUPP;
398 299 : return handler->get(handler, dentry, inode, name, value, size);
399 : }
400 : EXPORT_SYMBOL(__vfs_getxattr);
401 :
402 : ssize_t
403 73 : vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
404 : const char *name, void *value, size_t size)
405 : {
406 73 : struct inode *inode = dentry->d_inode;
407 73 : int error;
408 :
409 73 : error = xattr_permission(mnt_userns, inode, name, MAY_READ);
410 73 : if (error)
411 0 : return error;
412 :
413 73 : error = security_inode_getxattr(dentry, name);
414 73 : if (error)
415 0 : return error;
416 :
417 73 : if (!strncmp(name, XATTR_SECURITY_PREFIX,
418 : XATTR_SECURITY_PREFIX_LEN)) {
419 0 : const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
420 0 : int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
421 : size);
422 : /*
423 : * Only overwrite the return value if a security module
424 : * is actually active.
425 : */
426 0 : if (ret == -EOPNOTSUPP)
427 0 : goto nolsm;
428 0 : return ret;
429 : }
430 73 : nolsm:
431 73 : return __vfs_getxattr(dentry, inode, name, value, size);
432 : }
433 : EXPORT_SYMBOL_GPL(vfs_getxattr);
434 :
435 : ssize_t
436 4 : vfs_listxattr(struct dentry *dentry, char *list, size_t size)
437 : {
438 4 : struct inode *inode = d_inode(dentry);
439 4 : ssize_t error;
440 :
441 4 : error = security_inode_listxattr(dentry);
442 4 : if (error)
443 : return error;
444 4 : if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
445 4 : error = inode->i_op->listxattr(dentry, list, size);
446 : } else {
447 0 : error = security_inode_listsecurity(inode, list, size);
448 0 : if (size && error > size)
449 0 : error = -ERANGE;
450 : }
451 : return error;
452 : }
453 : EXPORT_SYMBOL_GPL(vfs_listxattr);
454 :
455 : int
456 8 : __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
457 : const char *name)
458 : {
459 8 : struct inode *inode = d_inode(dentry);
460 8 : const struct xattr_handler *handler;
461 :
462 8 : handler = xattr_resolve_name(inode, &name);
463 8 : if (IS_ERR(handler))
464 6 : return PTR_ERR(handler);
465 2 : if (!handler->set)
466 : return -EOPNOTSUPP;
467 2 : return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
468 : XATTR_REPLACE);
469 : }
470 : EXPORT_SYMBOL(__vfs_removexattr);
471 :
472 : /**
473 : * __vfs_removexattr_locked - set an extended attribute while holding the inode
474 : * lock
475 : *
476 : * @dentry: object to perform setxattr on
477 : * @name: name of xattr to remove
478 : * @delegated_inode: on return, will contain an inode pointer that
479 : * a delegation was broken on, NULL if none.
480 : */
481 : int
482 8 : __vfs_removexattr_locked(struct user_namespace *mnt_userns,
483 : struct dentry *dentry, const char *name,
484 : struct inode **delegated_inode)
485 : {
486 8 : struct inode *inode = dentry->d_inode;
487 8 : int error;
488 :
489 8 : error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
490 8 : if (error)
491 : return error;
492 :
493 8 : error = security_inode_removexattr(mnt_userns, dentry, name);
494 8 : if (error)
495 0 : goto out;
496 :
497 8 : error = try_break_deleg(inode, delegated_inode);
498 8 : if (error)
499 0 : goto out;
500 :
501 8 : error = __vfs_removexattr(mnt_userns, dentry, name);
502 :
503 8 : if (!error) {
504 2 : fsnotify_xattr(dentry);
505 2 : evm_inode_post_removexattr(dentry, name);
506 : }
507 :
508 6 : out:
509 : return error;
510 : }
511 : EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
512 :
513 : int
514 8 : vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
515 : const char *name)
516 : {
517 8 : struct inode *inode = dentry->d_inode;
518 8 : struct inode *delegated_inode = NULL;
519 8 : int error;
520 :
521 8 : retry_deleg:
522 8 : inode_lock(inode);
523 8 : error = __vfs_removexattr_locked(mnt_userns, dentry,
524 : name, &delegated_inode);
525 8 : inode_unlock(inode);
526 :
527 8 : if (delegated_inode) {
528 0 : error = break_deleg_wait(&delegated_inode);
529 0 : if (!error)
530 0 : goto retry_deleg;
531 : }
532 :
533 8 : return error;
534 : }
535 : EXPORT_SYMBOL_GPL(vfs_removexattr);
536 :
537 : /*
538 : * Extended attribute SET operations
539 : */
540 : static long
541 49 : setxattr(struct user_namespace *mnt_userns, struct dentry *d,
542 : const char __user *name, const void __user *value, size_t size,
543 : int flags)
544 : {
545 49 : int error;
546 49 : void *kvalue = NULL;
547 49 : char kname[XATTR_NAME_MAX + 1];
548 :
549 49 : if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
550 : return -EINVAL;
551 :
552 49 : error = strncpy_from_user(kname, name, sizeof(kname));
553 49 : if (error == 0 || error == sizeof(kname))
554 : error = -ERANGE;
555 49 : if (error < 0)
556 0 : return error;
557 :
558 49 : if (size) {
559 49 : if (size > XATTR_SIZE_MAX)
560 : return -E2BIG;
561 49 : kvalue = kvmalloc(size, GFP_KERNEL);
562 49 : if (!kvalue)
563 : return -ENOMEM;
564 98 : if (copy_from_user(kvalue, value, size)) {
565 0 : error = -EFAULT;
566 0 : goto out;
567 : }
568 49 : if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
569 : (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
570 49 : posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
571 : }
572 :
573 49 : error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
574 49 : out:
575 49 : kvfree(kvalue);
576 :
577 49 : return error;
578 : }
579 :
580 47 : static int path_setxattr(const char __user *pathname,
581 : const char __user *name, const void __user *value,
582 : size_t size, int flags, unsigned int lookup_flags)
583 : {
584 47 : struct path path;
585 47 : int error;
586 :
587 47 : retry:
588 47 : error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
589 47 : if (error)
590 0 : return error;
591 47 : error = mnt_want_write(path.mnt);
592 47 : if (!error) {
593 47 : error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
594 : value, size, flags);
595 47 : mnt_drop_write(path.mnt);
596 : }
597 47 : path_put(&path);
598 94 : if (retry_estale(error, lookup_flags)) {
599 0 : lookup_flags |= LOOKUP_REVAL;
600 0 : goto retry;
601 : }
602 : return error;
603 : }
604 :
605 94 : SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
606 : const char __user *, name, const void __user *, value,
607 : size_t, size, int, flags)
608 : {
609 47 : return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
610 : }
611 :
612 0 : SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
613 : const char __user *, name, const void __user *, value,
614 : size_t, size, int, flags)
615 : {
616 0 : return path_setxattr(pathname, name, value, size, flags, 0);
617 : }
618 :
619 4 : SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
620 : const void __user *,value, size_t, size, int, flags)
621 : {
622 2 : struct fd f = fdget(fd);
623 2 : int error = -EBADF;
624 :
625 2 : if (!f.file)
626 : return error;
627 2 : audit_file(f.file);
628 2 : error = mnt_want_write_file(f.file);
629 2 : if (!error) {
630 2 : error = setxattr(file_mnt_user_ns(f.file),
631 : f.file->f_path.dentry, name,
632 : value, size, flags);
633 2 : mnt_drop_write_file(f.file);
634 : }
635 2 : fdput(f);
636 2 : return error;
637 : }
638 :
639 : /*
640 : * Extended attribute GET operations
641 : */
642 : static ssize_t
643 27 : getxattr(struct user_namespace *mnt_userns, struct dentry *d,
644 : const char __user *name, void __user *value, size_t size)
645 : {
646 27 : ssize_t error;
647 27 : void *kvalue = NULL;
648 27 : char kname[XATTR_NAME_MAX + 1];
649 :
650 27 : error = strncpy_from_user(kname, name, sizeof(kname));
651 27 : if (error == 0 || error == sizeof(kname))
652 : error = -ERANGE;
653 27 : if (error < 0)
654 0 : return error;
655 :
656 27 : if (size) {
657 27 : if (size > XATTR_SIZE_MAX)
658 : size = XATTR_SIZE_MAX;
659 27 : kvalue = kvzalloc(size, GFP_KERNEL);
660 27 : if (!kvalue)
661 : return -ENOMEM;
662 : }
663 :
664 27 : error = vfs_getxattr(mnt_userns, d, kname, kvalue, size);
665 27 : if (error > 0) {
666 0 : if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
667 : (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
668 0 : posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error);
669 0 : if (size && copy_to_user(value, kvalue, error))
670 0 : error = -EFAULT;
671 27 : } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
672 : /* The file system tried to returned a value bigger
673 : than XATTR_SIZE_MAX bytes. Not possible. */
674 0 : error = -E2BIG;
675 : }
676 :
677 27 : kvfree(kvalue);
678 :
679 27 : return error;
680 : }
681 :
682 14 : static ssize_t path_getxattr(const char __user *pathname,
683 : const char __user *name, void __user *value,
684 : size_t size, unsigned int lookup_flags)
685 : {
686 14 : struct path path;
687 14 : ssize_t error;
688 14 : retry:
689 14 : error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
690 14 : if (error)
691 0 : return error;
692 14 : error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
693 14 : path_put(&path);
694 28 : if (retry_estale(error, lookup_flags)) {
695 0 : lookup_flags |= LOOKUP_REVAL;
696 0 : goto retry;
697 : }
698 : return error;
699 : }
700 :
701 28 : SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
702 : const char __user *, name, void __user *, value, size_t, size)
703 : {
704 14 : return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
705 : }
706 :
707 0 : SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
708 : const char __user *, name, void __user *, value, size_t, size)
709 : {
710 0 : return path_getxattr(pathname, name, value, size, 0);
711 : }
712 :
713 26 : SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
714 : void __user *, value, size_t, size)
715 : {
716 13 : struct fd f = fdget(fd);
717 13 : ssize_t error = -EBADF;
718 :
719 13 : if (!f.file)
720 : return error;
721 13 : audit_file(f.file);
722 13 : error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
723 : name, value, size);
724 13 : fdput(f);
725 13 : return error;
726 : }
727 :
728 : /*
729 : * Extended attribute LIST operations
730 : */
731 : static ssize_t
732 0 : listxattr(struct dentry *d, char __user *list, size_t size)
733 : {
734 0 : ssize_t error;
735 0 : char *klist = NULL;
736 :
737 0 : if (size) {
738 0 : if (size > XATTR_LIST_MAX)
739 : size = XATTR_LIST_MAX;
740 0 : klist = kvmalloc(size, GFP_KERNEL);
741 0 : if (!klist)
742 : return -ENOMEM;
743 : }
744 :
745 0 : error = vfs_listxattr(d, klist, size);
746 0 : if (error > 0) {
747 0 : if (size && copy_to_user(list, klist, error))
748 0 : error = -EFAULT;
749 0 : } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
750 : /* The file system tried to returned a list bigger
751 : than XATTR_LIST_MAX bytes. Not possible. */
752 0 : error = -E2BIG;
753 : }
754 :
755 0 : kvfree(klist);
756 :
757 0 : return error;
758 : }
759 :
760 0 : static ssize_t path_listxattr(const char __user *pathname, char __user *list,
761 : size_t size, unsigned int lookup_flags)
762 : {
763 0 : struct path path;
764 0 : ssize_t error;
765 0 : retry:
766 0 : error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
767 0 : if (error)
768 0 : return error;
769 0 : error = listxattr(path.dentry, list, size);
770 0 : path_put(&path);
771 0 : if (retry_estale(error, lookup_flags)) {
772 0 : lookup_flags |= LOOKUP_REVAL;
773 0 : goto retry;
774 : }
775 : return error;
776 : }
777 :
778 0 : SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
779 : size_t, size)
780 : {
781 0 : return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
782 : }
783 :
784 0 : SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
785 : size_t, size)
786 : {
787 0 : return path_listxattr(pathname, list, size, 0);
788 : }
789 :
790 0 : SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
791 : {
792 0 : struct fd f = fdget(fd);
793 0 : ssize_t error = -EBADF;
794 :
795 0 : if (!f.file)
796 : return error;
797 0 : audit_file(f.file);
798 0 : error = listxattr(f.file->f_path.dentry, list, size);
799 0 : fdput(f);
800 0 : return error;
801 : }
802 :
803 : /*
804 : * Extended attribute REMOVE operations
805 : */
806 : static long
807 2 : removexattr(struct user_namespace *mnt_userns, struct dentry *d,
808 : const char __user *name)
809 : {
810 2 : int error;
811 2 : char kname[XATTR_NAME_MAX + 1];
812 :
813 2 : error = strncpy_from_user(kname, name, sizeof(kname));
814 2 : if (error == 0 || error == sizeof(kname))
815 : error = -ERANGE;
816 2 : if (error < 0)
817 0 : return error;
818 :
819 2 : return vfs_removexattr(mnt_userns, d, kname);
820 : }
821 :
822 2 : static int path_removexattr(const char __user *pathname,
823 : const char __user *name, unsigned int lookup_flags)
824 : {
825 2 : struct path path;
826 2 : int error;
827 2 : retry:
828 2 : error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
829 2 : if (error)
830 0 : return error;
831 2 : error = mnt_want_write(path.mnt);
832 2 : if (!error) {
833 2 : error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
834 2 : mnt_drop_write(path.mnt);
835 : }
836 2 : path_put(&path);
837 4 : if (retry_estale(error, lookup_flags)) {
838 0 : lookup_flags |= LOOKUP_REVAL;
839 0 : goto retry;
840 : }
841 : return error;
842 : }
843 :
844 4 : SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
845 : const char __user *, name)
846 : {
847 2 : return path_removexattr(pathname, name, LOOKUP_FOLLOW);
848 : }
849 :
850 0 : SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
851 : const char __user *, name)
852 : {
853 0 : return path_removexattr(pathname, name, 0);
854 : }
855 :
856 0 : SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
857 : {
858 0 : struct fd f = fdget(fd);
859 0 : int error = -EBADF;
860 :
861 0 : if (!f.file)
862 : return error;
863 0 : audit_file(f.file);
864 0 : error = mnt_want_write_file(f.file);
865 0 : if (!error) {
866 0 : error = removexattr(file_mnt_user_ns(f.file),
867 : f.file->f_path.dentry, name);
868 0 : mnt_drop_write_file(f.file);
869 : }
870 0 : fdput(f);
871 0 : return error;
872 : }
873 :
874 : /*
875 : * Combine the results of the list() operation from every xattr_handler in the
876 : * list.
877 : */
878 : ssize_t
879 0 : generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
880 : {
881 0 : const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
882 0 : unsigned int size = 0;
883 :
884 0 : if (!buffer) {
885 0 : for_each_xattr_handler(handlers, handler) {
886 0 : if (!handler->name ||
887 0 : (handler->list && !handler->list(dentry)))
888 0 : continue;
889 0 : size += strlen(handler->name) + 1;
890 : }
891 : } else {
892 0 : char *buf = buffer;
893 0 : size_t len;
894 :
895 0 : for_each_xattr_handler(handlers, handler) {
896 0 : if (!handler->name ||
897 0 : (handler->list && !handler->list(dentry)))
898 0 : continue;
899 0 : len = strlen(handler->name);
900 0 : if (len + 1 > buffer_size)
901 : return -ERANGE;
902 0 : memcpy(buf, handler->name, len + 1);
903 0 : buf += len + 1;
904 0 : buffer_size -= len + 1;
905 : }
906 0 : size = buf - buffer;
907 : }
908 0 : return size;
909 : }
910 : EXPORT_SYMBOL(generic_listxattr);
911 :
912 : /**
913 : * xattr_full_name - Compute full attribute name from suffix
914 : *
915 : * @handler: handler of the xattr_handler operation
916 : * @name: name passed to the xattr_handler operation
917 : *
918 : * The get and set xattr handler operations are called with the remainder of
919 : * the attribute name after skipping the handler's prefix: for example, "foo"
920 : * is passed to the get operation of a handler with prefix "user." to get
921 : * attribute "user.foo". The full name is still "there" in the name though.
922 : *
923 : * Note: the list xattr handler operation when called from the vfs is passed a
924 : * NULL name; some file systems use this operation internally, with varying
925 : * semantics.
926 : */
927 360 : const char *xattr_full_name(const struct xattr_handler *handler,
928 : const char *name)
929 : {
930 360 : size_t prefix_len = strlen(xattr_prefix(handler));
931 :
932 360 : return name - prefix_len;
933 : }
934 : EXPORT_SYMBOL(xattr_full_name);
935 :
936 : /*
937 : * Allocate new xattr and copy in the value; but leave the name to callers.
938 : */
939 59 : struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
940 : {
941 59 : struct simple_xattr *new_xattr;
942 59 : size_t len;
943 :
944 : /* wrap around? */
945 59 : len = sizeof(*new_xattr) + size;
946 59 : if (len < sizeof(*new_xattr))
947 : return NULL;
948 :
949 59 : new_xattr = kvmalloc(len, GFP_KERNEL);
950 59 : if (!new_xattr)
951 : return NULL;
952 :
953 59 : new_xattr->size = size;
954 59 : memcpy(new_xattr->value, value, size);
955 59 : return new_xattr;
956 : }
957 :
958 : /*
959 : * xattr GET operation for in-memory/pseudo filesystems
960 : */
961 299 : int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
962 : void *buffer, size_t size)
963 : {
964 299 : struct simple_xattr *xattr;
965 299 : int ret = -ENODATA;
966 :
967 299 : spin_lock(&xattrs->lock);
968 301 : list_for_each_entry(xattr, &xattrs->head, list) {
969 2 : if (strcmp(name, xattr->name))
970 2 : continue;
971 :
972 0 : ret = xattr->size;
973 0 : if (buffer) {
974 0 : if (size < xattr->size)
975 : ret = -ERANGE;
976 : else
977 0 : memcpy(buffer, xattr->value, xattr->size);
978 : }
979 : break;
980 : }
981 299 : spin_unlock(&xattrs->lock);
982 299 : return ret;
983 : }
984 :
985 : /**
986 : * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
987 : * @xattrs: target simple_xattr list
988 : * @name: name of the extended attribute
989 : * @value: value of the xattr. If %NULL, will remove the attribute.
990 : * @size: size of the new xattr
991 : * @flags: %XATTR_{CREATE|REPLACE}
992 : * @removed_size: returns size of the removed xattr, -1 if none removed
993 : *
994 : * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
995 : * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
996 : * otherwise, fails with -ENODATA.
997 : *
998 : * Returns 0 on success, -errno on failure.
999 : */
1000 61 : int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
1001 : const void *value, size_t size, int flags,
1002 : ssize_t *removed_size)
1003 : {
1004 61 : struct simple_xattr *xattr;
1005 61 : struct simple_xattr *new_xattr = NULL;
1006 61 : int err = 0;
1007 :
1008 61 : if (removed_size)
1009 0 : *removed_size = -1;
1010 :
1011 : /* value == NULL means remove */
1012 61 : if (value) {
1013 59 : new_xattr = simple_xattr_alloc(value, size);
1014 59 : if (!new_xattr)
1015 : return -ENOMEM;
1016 :
1017 59 : new_xattr->name = kstrdup(name, GFP_KERNEL);
1018 59 : if (!new_xattr->name) {
1019 0 : kvfree(new_xattr);
1020 0 : return -ENOMEM;
1021 : }
1022 : }
1023 :
1024 61 : spin_lock(&xattrs->lock);
1025 63 : list_for_each_entry(xattr, &xattrs->head, list) {
1026 4 : if (!strcmp(name, xattr->name)) {
1027 2 : if (flags & XATTR_CREATE) {
1028 : xattr = new_xattr;
1029 : err = -EEXIST;
1030 2 : } else if (new_xattr) {
1031 0 : list_replace(&xattr->list, &new_xattr->list);
1032 0 : if (removed_size)
1033 0 : *removed_size = xattr->size;
1034 : } else {
1035 2 : list_del(&xattr->list);
1036 2 : if (removed_size)
1037 0 : *removed_size = xattr->size;
1038 : }
1039 2 : goto out;
1040 : }
1041 : }
1042 59 : if (flags & XATTR_REPLACE) {
1043 : xattr = new_xattr;
1044 : err = -ENODATA;
1045 : } else {
1046 59 : list_add(&new_xattr->list, &xattrs->head);
1047 59 : xattr = NULL;
1048 : }
1049 61 : out:
1050 61 : spin_unlock(&xattrs->lock);
1051 61 : if (xattr) {
1052 2 : kfree(xattr->name);
1053 2 : kvfree(xattr);
1054 : }
1055 : return err;
1056 :
1057 : }
1058 :
1059 0 : static bool xattr_is_trusted(const char *name)
1060 : {
1061 0 : return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
1062 : }
1063 :
1064 0 : static int xattr_list_one(char **buffer, ssize_t *remaining_size,
1065 : const char *name)
1066 : {
1067 0 : size_t len = strlen(name) + 1;
1068 0 : if (*buffer) {
1069 0 : if (*remaining_size < len)
1070 : return -ERANGE;
1071 0 : memcpy(*buffer, name, len);
1072 0 : *buffer += len;
1073 : }
1074 0 : *remaining_size -= len;
1075 0 : return 0;
1076 : }
1077 :
1078 : /*
1079 : * xattr LIST operation for in-memory/pseudo filesystems
1080 : */
1081 4 : ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1082 : char *buffer, size_t size)
1083 : {
1084 4 : bool trusted = capable(CAP_SYS_ADMIN);
1085 4 : struct simple_xattr *xattr;
1086 4 : ssize_t remaining_size = size;
1087 4 : int err = 0;
1088 :
1089 : #ifdef CONFIG_FS_POSIX_ACL
1090 : if (IS_POSIXACL(inode)) {
1091 : if (inode->i_acl) {
1092 : err = xattr_list_one(&buffer, &remaining_size,
1093 : XATTR_NAME_POSIX_ACL_ACCESS);
1094 : if (err)
1095 : return err;
1096 : }
1097 : if (inode->i_default_acl) {
1098 : err = xattr_list_one(&buffer, &remaining_size,
1099 : XATTR_NAME_POSIX_ACL_DEFAULT);
1100 : if (err)
1101 : return err;
1102 : }
1103 : }
1104 : #endif
1105 :
1106 4 : spin_lock(&xattrs->lock);
1107 4 : list_for_each_entry(xattr, &xattrs->head, list) {
1108 : /* skip "trusted." attributes for unprivileged callers */
1109 0 : if (!trusted && xattr_is_trusted(xattr->name))
1110 0 : continue;
1111 :
1112 0 : err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1113 0 : if (err)
1114 : break;
1115 : }
1116 4 : spin_unlock(&xattrs->lock);
1117 :
1118 4 : return err ? err : size - remaining_size;
1119 : }
1120 :
1121 : /*
1122 : * Adds an extended attribute to the list
1123 : */
1124 0 : void simple_xattr_list_add(struct simple_xattrs *xattrs,
1125 : struct simple_xattr *new_xattr)
1126 : {
1127 0 : spin_lock(&xattrs->lock);
1128 0 : list_add(&new_xattr->list, &xattrs->head);
1129 0 : spin_unlock(&xattrs->lock);
1130 0 : }
|
