LCOV - code coverage report
Current view: top level - fs - xattr.c (source / functions) Hit Total Coverage
Test: landlock.info Lines: 288 499 57.7 %
Date: 2021-04-22 12:43:58 Functions: 30 59 50.8 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0-only
       2             : /*
       3             :   File: fs/xattr.c
       4             : 
       5             :   Extended attribute handling.
       6             : 
       7             :   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
       8             :   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
       9             :   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
      10             :  */
      11             : #include <linux/fs.h>
      12             : #include <linux/slab.h>
      13             : #include <linux/file.h>
      14             : #include <linux/xattr.h>
      15             : #include <linux/mount.h>
      16             : #include <linux/namei.h>
      17             : #include <linux/security.h>
      18             : #include <linux/evm.h>
      19             : #include <linux/syscalls.h>
      20             : #include <linux/export.h>
      21             : #include <linux/fsnotify.h>
      22             : #include <linux/audit.h>
      23             : #include <linux/vmalloc.h>
      24             : #include <linux/posix_acl_xattr.h>
      25             : 
      26             : #include <linux/uaccess.h>
      27             : 
      28             : static const char *
      29        4961 : strcmp_prefix(const char *a, const char *a_prefix)
      30             : {
      31        8103 :         while (*a_prefix && *a == *a_prefix) {
      32        3142 :                 a++;
      33        3142 :                 a_prefix++;
      34             :         }
      35        4961 :         return *a_prefix ? NULL : a;
      36             : }
      37             : 
      38             : /*
      39             :  * In order to implement different sets of xattr operations for each xattr
      40             :  * prefix, a filesystem should create a null-terminated array of struct
      41             :  * xattr_handler (one for each prefix) and hang a pointer to it off of the
      42             :  * s_xattr field of the superblock.
      43             :  */
      44             : #define for_each_xattr_handler(handlers, handler)               \
      45             :         if (handlers)                                           \
      46             :                 for ((handler) = *(handlers)++;                 \
      47             :                         (handler) != NULL;                      \
      48             :                         (handler) = *(handlers)++)
      49             : 
      50             : /*
      51             :  * Find the xattr_handler with the matching prefix.
      52             :  */
      53             : static const struct xattr_handler *
      54        1880 : xattr_resolve_name(struct inode *inode, const char **name)
      55             : {
      56        1880 :         const struct xattr_handler **handlers = inode->i_sb->s_xattr;
      57        1880 :         const struct xattr_handler *handler;
      58             : 
      59        1880 :         if (!(inode->i_opflags & IOP_XATTR)) {
      60           5 :                 if (unlikely(is_bad_inode(inode)))
      61        1880 :                         return ERR_PTR(-EIO);
      62           5 :                 return ERR_PTR(-EOPNOTSUPP);
      63             :         }
      64        6476 :         for_each_xattr_handler(handlers, handler) {
      65        4961 :                 const char *n;
      66             : 
      67        9562 :                 n = strcmp_prefix(*name, xattr_prefix(handler));
      68         360 :                 if (n) {
      69         360 :                         if (!handler->prefix ^ !*n) {
      70           0 :                                 if (*n)
      71           0 :                                         continue;
      72        1880 :                                 return ERR_PTR(-EINVAL);
      73             :                         }
      74         360 :                         *name = n;
      75         360 :                         return handler;
      76             :                 }
      77             :         }
      78        1880 :         return ERR_PTR(-EOPNOTSUPP);
      79             : }
      80             : 
      81             : /*
      82             :  * Check permissions for extended attribute access.  This is a bit complicated
      83             :  * because different namespaces have very different rules.
      84             :  */
      85             : static int
      86         142 : xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
      87             :                  const char *name, int mask)
      88             : {
      89             :         /*
      90             :          * We can never set or remove an extended attribute on a read-only
      91             :          * filesystem  or on an immutable / append-only inode.
      92             :          */
      93         142 :         if (mask & MAY_WRITE) {
      94          69 :                 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
      95             :                         return -EPERM;
      96             :                 /*
      97             :                  * Updating an xattr will likely cause i_uid and i_gid
      98             :                  * to be writen back improperly if their true value is
      99             :                  * unknown to the vfs.
     100             :                  */
     101         138 :                 if (HAS_UNMAPPED_ID(mnt_userns, inode))
     102             :                         return -EPERM;
     103             :         }
     104             : 
     105             :         /*
     106             :          * No restriction for security.* and system.* from the VFS.  Decision
     107             :          * on these is left to the underlying filesystem / security module.
     108             :          */
     109         142 :         if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
     110         142 :             !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
     111             :                 return 0;
     112             : 
     113             :         /*
     114             :          * The trusted.* namespace can only be accessed by privileged users.
     115             :          */
     116         108 :         if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
     117         107 :                 if (!capable(CAP_SYS_ADMIN))
     118           0 :                         return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
     119             :                 return 0;
     120             :         }
     121             : 
     122             :         /*
     123             :          * In the user.* namespace, only regular files and directories can have
     124             :          * extended attributes. For sticky directories, only the owner and
     125             :          * privileged users can write attributes.
     126             :          */
     127           1 :         if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
     128           1 :                 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
     129           0 :                         return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
     130           1 :                 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
     131           0 :                     (mask & MAY_WRITE) &&
     132           0 :                     !inode_owner_or_capable(mnt_userns, inode))
     133             :                         return -EPERM;
     134             :         }
     135             : 
     136           1 :         return inode_permission(mnt_userns, inode, mask);
     137             : }
     138             : 
     139             : /*
     140             :  * Look for any handler that deals with the specified namespace.
     141             :  */
     142             : int
     143           0 : xattr_supported_namespace(struct inode *inode, const char *prefix)
     144             : {
     145           0 :         const struct xattr_handler **handlers = inode->i_sb->s_xattr;
     146           0 :         const struct xattr_handler *handler;
     147           0 :         size_t preflen;
     148             : 
     149           0 :         if (!(inode->i_opflags & IOP_XATTR)) {
     150           0 :                 if (unlikely(is_bad_inode(inode)))
     151             :                         return -EIO;
     152           0 :                 return -EOPNOTSUPP;
     153             :         }
     154             : 
     155           0 :         preflen = strlen(prefix);
     156             : 
     157           0 :         for_each_xattr_handler(handlers, handler) {
     158           0 :                 if (!strncmp(xattr_prefix(handler), prefix, preflen))
     159             :                         return 0;
     160             :         }
     161             : 
     162             :         return -EOPNOTSUPP;
     163             : }
     164             : EXPORT_SYMBOL(xattr_supported_namespace);
     165             : 
     166             : int
     167          61 : __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
     168             :                struct inode *inode, const char *name, const void *value,
     169             :                size_t size, int flags)
     170             : {
     171          61 :         const struct xattr_handler *handler;
     172             : 
     173          61 :         handler = xattr_resolve_name(inode, &name);
     174          61 :         if (IS_ERR(handler))
     175           2 :                 return PTR_ERR(handler);
     176          59 :         if (!handler->set)
     177             :                 return -EOPNOTSUPP;
     178          59 :         if (size == 0)
     179           6 :                 value = "";  /* empty EA, do not remove */
     180          59 :         return handler->set(handler, mnt_userns, dentry, inode, name, value,
     181             :                             size, flags);
     182             : }
     183             : EXPORT_SYMBOL(__vfs_setxattr);
     184             : 
     185             : /**
     186             :  *  __vfs_setxattr_noperm - perform setxattr operation without performing
     187             :  *  permission checks.
     188             :  *
     189             :  *  @mnt_userns - user namespace of the mount the inode was found from
     190             :  *  @dentry - object to perform setxattr on
     191             :  *  @name - xattr name to set
     192             :  *  @value - value to set @name to
     193             :  *  @size - size of @value
     194             :  *  @flags - flags to pass into filesystem operations
     195             :  *
     196             :  *  returns the result of the internal setxattr or setsecurity operations.
     197             :  *
     198             :  *  This function requires the caller to lock the inode's i_mutex before it
     199             :  *  is executed. It also assumes that the caller will make the appropriate
     200             :  *  permission checks.
     201             :  */
     202          61 : int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
     203             :                           struct dentry *dentry, const char *name,
     204             :                           const void *value, size_t size, int flags)
     205             : {
     206          61 :         struct inode *inode = dentry->d_inode;
     207          61 :         int error = -EAGAIN;
     208          61 :         int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
     209             :                                    XATTR_SECURITY_PREFIX_LEN);
     210             : 
     211          61 :         if (issec)
     212           0 :                 inode->i_flags &= ~S_NOSEC;
     213          61 :         if (inode->i_opflags & IOP_XATTR) {
     214          61 :                 error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
     215             :                                        size, flags);
     216          61 :                 if (!error) {
     217          59 :                         fsnotify_xattr(dentry);
     218          59 :                         security_inode_post_setxattr(dentry, name, value,
     219             :                                                      size, flags);
     220             :                 }
     221             :         } else {
     222           0 :                 if (unlikely(is_bad_inode(inode)))
     223             :                         return -EIO;
     224             :         }
     225          61 :         if (error == -EAGAIN) {
     226           0 :                 error = -EOPNOTSUPP;
     227             : 
     228           0 :                 if (issec) {
     229           0 :                         const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
     230             : 
     231           0 :                         error = security_inode_setsecurity(inode, suffix, value,
     232             :                                                            size, flags);
     233           0 :                         if (!error)
     234           0 :                                 fsnotify_xattr(dentry);
     235             :                 }
     236             :         }
     237             : 
     238             :         return error;
     239             : }
     240             : 
     241             : /**
     242             :  * __vfs_setxattr_locked - set an extended attribute while holding the inode
     243             :  * lock
     244             :  *
     245             :  *  @dentry: object to perform setxattr on
     246             :  *  @name: xattr name to set
     247             :  *  @value: value to set @name to
     248             :  *  @size: size of @value
     249             :  *  @flags: flags to pass into filesystem operations
     250             :  *  @delegated_inode: on return, will contain an inode pointer that
     251             :  *  a delegation was broken on, NULL if none.
     252             :  */
     253             : int
     254          61 : __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
     255             :                       const char *name, const void *value, size_t size,
     256             :                       int flags, struct inode **delegated_inode)
     257             : {
     258          61 :         struct inode *inode = dentry->d_inode;
     259          61 :         int error;
     260             : 
     261          61 :         error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
     262          61 :         if (error)
     263             :                 return error;
     264             : 
     265          61 :         error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
     266             :                                         flags);
     267          61 :         if (error)
     268           0 :                 goto out;
     269             : 
     270          61 :         error = try_break_deleg(inode, delegated_inode);
     271          61 :         if (error)
     272           0 :                 goto out;
     273             : 
     274          61 :         error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
     275             :                                       size, flags);
     276             : 
     277             : out:
     278             :         return error;
     279             : }
     280             : EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
     281             : 
     282             : int
     283          61 : vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
     284             :              const char *name, const void *value, size_t size, int flags)
     285             : {
     286          61 :         struct inode *inode = dentry->d_inode;
     287          61 :         struct inode *delegated_inode = NULL;
     288          61 :         const void  *orig_value = value;
     289          61 :         int error;
     290             : 
     291          61 :         if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
     292           0 :                 error = cap_convert_nscap(mnt_userns, dentry, &value, size);
     293           0 :                 if (error < 0)
     294             :                         return error;
     295           0 :                 size = error;
     296             :         }
     297             : 
     298          61 : retry_deleg:
     299          61 :         inode_lock(inode);
     300          61 :         error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
     301             :                                       flags, &delegated_inode);
     302          61 :         inode_unlock(inode);
     303             : 
     304          61 :         if (delegated_inode) {
     305           0 :                 error = break_deleg_wait(&delegated_inode);
     306           0 :                 if (!error)
     307           0 :                         goto retry_deleg;
     308             :         }
     309          61 :         if (value != orig_value)
     310           0 :                 kfree(value);
     311             : 
     312             :         return error;
     313             : }
     314             : EXPORT_SYMBOL_GPL(vfs_setxattr);
     315             : 
     316             : static ssize_t
     317           0 : xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
     318             :                   const char *name, void *value, size_t size)
     319             : {
     320           0 :         void *buffer = NULL;
     321           0 :         ssize_t len;
     322             : 
     323           0 :         if (!value || !size) {
     324           0 :                 len = security_inode_getsecurity(mnt_userns, inode, name,
     325             :                                                  &buffer, false);
     326           0 :                 goto out_noalloc;
     327             :         }
     328             : 
     329           0 :         len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
     330             :                                          true);
     331           0 :         if (len < 0)
     332             :                 return len;
     333           0 :         if (size < len) {
     334           0 :                 len = -ERANGE;
     335           0 :                 goto out;
     336             :         }
     337           0 :         memcpy(value, buffer, len);
     338           0 : out:
     339           0 :         kfree(buffer);
     340             : out_noalloc:
     341             :         return len;
     342             : }
     343             : 
     344             : /*
     345             :  * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
     346             :  *
     347             :  * Allocate memory, if not already allocated, or re-allocate correct size,
     348             :  * before retrieving the extended attribute.
     349             :  *
     350             :  * Returns the result of alloc, if failed, or the getxattr operation.
     351             :  */
     352             : ssize_t
     353           0 : vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
     354             :                    const char *name, char **xattr_value, size_t xattr_size,
     355             :                    gfp_t flags)
     356             : {
     357           0 :         const struct xattr_handler *handler;
     358           0 :         struct inode *inode = dentry->d_inode;
     359           0 :         char *value = *xattr_value;
     360           0 :         int error;
     361             : 
     362           0 :         error = xattr_permission(mnt_userns, inode, name, MAY_READ);
     363           0 :         if (error)
     364           0 :                 return error;
     365             : 
     366           0 :         handler = xattr_resolve_name(inode, &name);
     367           0 :         if (IS_ERR(handler))
     368           0 :                 return PTR_ERR(handler);
     369           0 :         if (!handler->get)
     370             :                 return -EOPNOTSUPP;
     371           0 :         error = handler->get(handler, dentry, inode, name, NULL, 0);
     372           0 :         if (error < 0)
     373           0 :                 return error;
     374             : 
     375           0 :         if (!value || (error > xattr_size)) {
     376           0 :                 value = krealloc(*xattr_value, error + 1, flags);
     377           0 :                 if (!value)
     378             :                         return -ENOMEM;
     379           0 :                 memset(value, 0, error + 1);
     380             :         }
     381             : 
     382           0 :         error = handler->get(handler, dentry, inode, name, value, error);
     383           0 :         *xattr_value = value;
     384           0 :         return error;
     385             : }
     386             : 
     387             : ssize_t
     388        1811 : __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
     389             :                void *value, size_t size)
     390             : {
     391        1811 :         const struct xattr_handler *handler;
     392             : 
     393        1811 :         handler = xattr_resolve_name(inode, &name);
     394        1811 :         if (IS_ERR(handler))
     395        1512 :                 return PTR_ERR(handler);
     396         299 :         if (!handler->get)
     397             :                 return -EOPNOTSUPP;
     398         299 :         return handler->get(handler, dentry, inode, name, value, size);
     399             : }
     400             : EXPORT_SYMBOL(__vfs_getxattr);
     401             : 
     402             : ssize_t
     403          73 : vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
     404             :              const char *name, void *value, size_t size)
     405             : {
     406          73 :         struct inode *inode = dentry->d_inode;
     407          73 :         int error;
     408             : 
     409          73 :         error = xattr_permission(mnt_userns, inode, name, MAY_READ);
     410          73 :         if (error)
     411           0 :                 return error;
     412             : 
     413          73 :         error = security_inode_getxattr(dentry, name);
     414          73 :         if (error)
     415           0 :                 return error;
     416             : 
     417          73 :         if (!strncmp(name, XATTR_SECURITY_PREFIX,
     418             :                                 XATTR_SECURITY_PREFIX_LEN)) {
     419           0 :                 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
     420           0 :                 int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
     421             :                                             size);
     422             :                 /*
     423             :                  * Only overwrite the return value if a security module
     424             :                  * is actually active.
     425             :                  */
     426           0 :                 if (ret == -EOPNOTSUPP)
     427           0 :                         goto nolsm;
     428           0 :                 return ret;
     429             :         }
     430          73 : nolsm:
     431          73 :         return __vfs_getxattr(dentry, inode, name, value, size);
     432             : }
     433             : EXPORT_SYMBOL_GPL(vfs_getxattr);
     434             : 
     435             : ssize_t
     436           4 : vfs_listxattr(struct dentry *dentry, char *list, size_t size)
     437             : {
     438           4 :         struct inode *inode = d_inode(dentry);
     439           4 :         ssize_t error;
     440             : 
     441           4 :         error = security_inode_listxattr(dentry);
     442           4 :         if (error)
     443             :                 return error;
     444           4 :         if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
     445           4 :                 error = inode->i_op->listxattr(dentry, list, size);
     446             :         } else {
     447           0 :                 error = security_inode_listsecurity(inode, list, size);
     448           0 :                 if (size && error > size)
     449           0 :                         error = -ERANGE;
     450             :         }
     451             :         return error;
     452             : }
     453             : EXPORT_SYMBOL_GPL(vfs_listxattr);
     454             : 
     455             : int
     456           8 : __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
     457             :                   const char *name)
     458             : {
     459           8 :         struct inode *inode = d_inode(dentry);
     460           8 :         const struct xattr_handler *handler;
     461             : 
     462           8 :         handler = xattr_resolve_name(inode, &name);
     463           8 :         if (IS_ERR(handler))
     464           6 :                 return PTR_ERR(handler);
     465           2 :         if (!handler->set)
     466             :                 return -EOPNOTSUPP;
     467           2 :         return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
     468             :                             XATTR_REPLACE);
     469             : }
     470             : EXPORT_SYMBOL(__vfs_removexattr);
     471             : 
     472             : /**
     473             :  * __vfs_removexattr_locked - set an extended attribute while holding the inode
     474             :  * lock
     475             :  *
     476             :  *  @dentry: object to perform setxattr on
     477             :  *  @name: name of xattr to remove
     478             :  *  @delegated_inode: on return, will contain an inode pointer that
     479             :  *  a delegation was broken on, NULL if none.
     480             :  */
     481             : int
     482           8 : __vfs_removexattr_locked(struct user_namespace *mnt_userns,
     483             :                          struct dentry *dentry, const char *name,
     484             :                          struct inode **delegated_inode)
     485             : {
     486           8 :         struct inode *inode = dentry->d_inode;
     487           8 :         int error;
     488             : 
     489           8 :         error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
     490           8 :         if (error)
     491             :                 return error;
     492             : 
     493           8 :         error = security_inode_removexattr(mnt_userns, dentry, name);
     494           8 :         if (error)
     495           0 :                 goto out;
     496             : 
     497           8 :         error = try_break_deleg(inode, delegated_inode);
     498           8 :         if (error)
     499           0 :                 goto out;
     500             : 
     501           8 :         error = __vfs_removexattr(mnt_userns, dentry, name);
     502             : 
     503           8 :         if (!error) {
     504           2 :                 fsnotify_xattr(dentry);
     505           2 :                 evm_inode_post_removexattr(dentry, name);
     506             :         }
     507             : 
     508           6 : out:
     509             :         return error;
     510             : }
     511             : EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
     512             : 
     513             : int
     514           8 : vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
     515             :                 const char *name)
     516             : {
     517           8 :         struct inode *inode = dentry->d_inode;
     518           8 :         struct inode *delegated_inode = NULL;
     519           8 :         int error;
     520             : 
     521           8 : retry_deleg:
     522           8 :         inode_lock(inode);
     523           8 :         error = __vfs_removexattr_locked(mnt_userns, dentry,
     524             :                                          name, &delegated_inode);
     525           8 :         inode_unlock(inode);
     526             : 
     527           8 :         if (delegated_inode) {
     528           0 :                 error = break_deleg_wait(&delegated_inode);
     529           0 :                 if (!error)
     530           0 :                         goto retry_deleg;
     531             :         }
     532             : 
     533           8 :         return error;
     534             : }
     535             : EXPORT_SYMBOL_GPL(vfs_removexattr);
     536             : 
     537             : /*
     538             :  * Extended attribute SET operations
     539             :  */
     540             : static long
     541          49 : setxattr(struct user_namespace *mnt_userns, struct dentry *d,
     542             :          const char __user *name, const void __user *value, size_t size,
     543             :          int flags)
     544             : {
     545          49 :         int error;
     546          49 :         void *kvalue = NULL;
     547          49 :         char kname[XATTR_NAME_MAX + 1];
     548             : 
     549          49 :         if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
     550             :                 return -EINVAL;
     551             : 
     552          49 :         error = strncpy_from_user(kname, name, sizeof(kname));
     553          49 :         if (error == 0 || error == sizeof(kname))
     554             :                 error = -ERANGE;
     555          49 :         if (error < 0)
     556           0 :                 return error;
     557             : 
     558          49 :         if (size) {
     559          49 :                 if (size > XATTR_SIZE_MAX)
     560             :                         return -E2BIG;
     561          49 :                 kvalue = kvmalloc(size, GFP_KERNEL);
     562          49 :                 if (!kvalue)
     563             :                         return -ENOMEM;
     564          98 :                 if (copy_from_user(kvalue, value, size)) {
     565           0 :                         error = -EFAULT;
     566           0 :                         goto out;
     567             :                 }
     568          49 :                 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
     569             :                     (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
     570          49 :                         posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
     571             :         }
     572             : 
     573          49 :         error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
     574          49 : out:
     575          49 :         kvfree(kvalue);
     576             : 
     577          49 :         return error;
     578             : }
     579             : 
     580          47 : static int path_setxattr(const char __user *pathname,
     581             :                          const char __user *name, const void __user *value,
     582             :                          size_t size, int flags, unsigned int lookup_flags)
     583             : {
     584          47 :         struct path path;
     585          47 :         int error;
     586             : 
     587          47 : retry:
     588          47 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     589          47 :         if (error)
     590           0 :                 return error;
     591          47 :         error = mnt_want_write(path.mnt);
     592          47 :         if (!error) {
     593          47 :                 error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
     594             :                                  value, size, flags);
     595          47 :                 mnt_drop_write(path.mnt);
     596             :         }
     597          47 :         path_put(&path);
     598          94 :         if (retry_estale(error, lookup_flags)) {
     599           0 :                 lookup_flags |= LOOKUP_REVAL;
     600           0 :                 goto retry;
     601             :         }
     602             :         return error;
     603             : }
     604             : 
     605          94 : SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
     606             :                 const char __user *, name, const void __user *, value,
     607             :                 size_t, size, int, flags)
     608             : {
     609          47 :         return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
     610             : }
     611             : 
     612           0 : SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
     613             :                 const char __user *, name, const void __user *, value,
     614             :                 size_t, size, int, flags)
     615             : {
     616           0 :         return path_setxattr(pathname, name, value, size, flags, 0);
     617             : }
     618             : 
     619           4 : SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
     620             :                 const void __user *,value, size_t, size, int, flags)
     621             : {
     622           2 :         struct fd f = fdget(fd);
     623           2 :         int error = -EBADF;
     624             : 
     625           2 :         if (!f.file)
     626             :                 return error;
     627           2 :         audit_file(f.file);
     628           2 :         error = mnt_want_write_file(f.file);
     629           2 :         if (!error) {
     630           2 :                 error = setxattr(file_mnt_user_ns(f.file),
     631             :                                  f.file->f_path.dentry, name,
     632             :                                  value, size, flags);
     633           2 :                 mnt_drop_write_file(f.file);
     634             :         }
     635           2 :         fdput(f);
     636           2 :         return error;
     637             : }
     638             : 
     639             : /*
     640             :  * Extended attribute GET operations
     641             :  */
     642             : static ssize_t
     643          27 : getxattr(struct user_namespace *mnt_userns, struct dentry *d,
     644             :          const char __user *name, void __user *value, size_t size)
     645             : {
     646          27 :         ssize_t error;
     647          27 :         void *kvalue = NULL;
     648          27 :         char kname[XATTR_NAME_MAX + 1];
     649             : 
     650          27 :         error = strncpy_from_user(kname, name, sizeof(kname));
     651          27 :         if (error == 0 || error == sizeof(kname))
     652             :                 error = -ERANGE;
     653          27 :         if (error < 0)
     654           0 :                 return error;
     655             : 
     656          27 :         if (size) {
     657          27 :                 if (size > XATTR_SIZE_MAX)
     658             :                         size = XATTR_SIZE_MAX;
     659          27 :                 kvalue = kvzalloc(size, GFP_KERNEL);
     660          27 :                 if (!kvalue)
     661             :                         return -ENOMEM;
     662             :         }
     663             : 
     664          27 :         error = vfs_getxattr(mnt_userns, d, kname, kvalue, size);
     665          27 :         if (error > 0) {
     666           0 :                 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
     667             :                     (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
     668           0 :                         posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error);
     669           0 :                 if (size && copy_to_user(value, kvalue, error))
     670           0 :                         error = -EFAULT;
     671          27 :         } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
     672             :                 /* The file system tried to returned a value bigger
     673             :                    than XATTR_SIZE_MAX bytes. Not possible. */
     674           0 :                 error = -E2BIG;
     675             :         }
     676             : 
     677          27 :         kvfree(kvalue);
     678             : 
     679          27 :         return error;
     680             : }
     681             : 
     682          14 : static ssize_t path_getxattr(const char __user *pathname,
     683             :                              const char __user *name, void __user *value,
     684             :                              size_t size, unsigned int lookup_flags)
     685             : {
     686          14 :         struct path path;
     687          14 :         ssize_t error;
     688          14 : retry:
     689          14 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     690          14 :         if (error)
     691           0 :                 return error;
     692          14 :         error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
     693          14 :         path_put(&path);
     694          28 :         if (retry_estale(error, lookup_flags)) {
     695           0 :                 lookup_flags |= LOOKUP_REVAL;
     696           0 :                 goto retry;
     697             :         }
     698             :         return error;
     699             : }
     700             : 
     701          28 : SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
     702             :                 const char __user *, name, void __user *, value, size_t, size)
     703             : {
     704          14 :         return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
     705             : }
     706             : 
     707           0 : SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
     708             :                 const char __user *, name, void __user *, value, size_t, size)
     709             : {
     710           0 :         return path_getxattr(pathname, name, value, size, 0);
     711             : }
     712             : 
     713          26 : SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
     714             :                 void __user *, value, size_t, size)
     715             : {
     716          13 :         struct fd f = fdget(fd);
     717          13 :         ssize_t error = -EBADF;
     718             : 
     719          13 :         if (!f.file)
     720             :                 return error;
     721          13 :         audit_file(f.file);
     722          13 :         error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
     723             :                          name, value, size);
     724          13 :         fdput(f);
     725          13 :         return error;
     726             : }
     727             : 
     728             : /*
     729             :  * Extended attribute LIST operations
     730             :  */
     731             : static ssize_t
     732           0 : listxattr(struct dentry *d, char __user *list, size_t size)
     733             : {
     734           0 :         ssize_t error;
     735           0 :         char *klist = NULL;
     736             : 
     737           0 :         if (size) {
     738           0 :                 if (size > XATTR_LIST_MAX)
     739             :                         size = XATTR_LIST_MAX;
     740           0 :                 klist = kvmalloc(size, GFP_KERNEL);
     741           0 :                 if (!klist)
     742             :                         return -ENOMEM;
     743             :         }
     744             : 
     745           0 :         error = vfs_listxattr(d, klist, size);
     746           0 :         if (error > 0) {
     747           0 :                 if (size && copy_to_user(list, klist, error))
     748           0 :                         error = -EFAULT;
     749           0 :         } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
     750             :                 /* The file system tried to returned a list bigger
     751             :                    than XATTR_LIST_MAX bytes. Not possible. */
     752           0 :                 error = -E2BIG;
     753             :         }
     754             : 
     755           0 :         kvfree(klist);
     756             : 
     757           0 :         return error;
     758             : }
     759             : 
     760           0 : static ssize_t path_listxattr(const char __user *pathname, char __user *list,
     761             :                               size_t size, unsigned int lookup_flags)
     762             : {
     763           0 :         struct path path;
     764           0 :         ssize_t error;
     765           0 : retry:
     766           0 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     767           0 :         if (error)
     768           0 :                 return error;
     769           0 :         error = listxattr(path.dentry, list, size);
     770           0 :         path_put(&path);
     771           0 :         if (retry_estale(error, lookup_flags)) {
     772           0 :                 lookup_flags |= LOOKUP_REVAL;
     773           0 :                 goto retry;
     774             :         }
     775             :         return error;
     776             : }
     777             : 
     778           0 : SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
     779             :                 size_t, size)
     780             : {
     781           0 :         return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
     782             : }
     783             : 
     784           0 : SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
     785             :                 size_t, size)
     786             : {
     787           0 :         return path_listxattr(pathname, list, size, 0);
     788             : }
     789             : 
     790           0 : SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
     791             : {
     792           0 :         struct fd f = fdget(fd);
     793           0 :         ssize_t error = -EBADF;
     794             : 
     795           0 :         if (!f.file)
     796             :                 return error;
     797           0 :         audit_file(f.file);
     798           0 :         error = listxattr(f.file->f_path.dentry, list, size);
     799           0 :         fdput(f);
     800           0 :         return error;
     801             : }
     802             : 
     803             : /*
     804             :  * Extended attribute REMOVE operations
     805             :  */
     806             : static long
     807           2 : removexattr(struct user_namespace *mnt_userns, struct dentry *d,
     808             :             const char __user *name)
     809             : {
     810           2 :         int error;
     811           2 :         char kname[XATTR_NAME_MAX + 1];
     812             : 
     813           2 :         error = strncpy_from_user(kname, name, sizeof(kname));
     814           2 :         if (error == 0 || error == sizeof(kname))
     815             :                 error = -ERANGE;
     816           2 :         if (error < 0)
     817           0 :                 return error;
     818             : 
     819           2 :         return vfs_removexattr(mnt_userns, d, kname);
     820             : }
     821             : 
     822           2 : static int path_removexattr(const char __user *pathname,
     823             :                             const char __user *name, unsigned int lookup_flags)
     824             : {
     825           2 :         struct path path;
     826           2 :         int error;
     827           2 : retry:
     828           2 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     829           2 :         if (error)
     830           0 :                 return error;
     831           2 :         error = mnt_want_write(path.mnt);
     832           2 :         if (!error) {
     833           2 :                 error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
     834           2 :                 mnt_drop_write(path.mnt);
     835             :         }
     836           2 :         path_put(&path);
     837           4 :         if (retry_estale(error, lookup_flags)) {
     838           0 :                 lookup_flags |= LOOKUP_REVAL;
     839           0 :                 goto retry;
     840             :         }
     841             :         return error;
     842             : }
     843             : 
     844           4 : SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
     845             :                 const char __user *, name)
     846             : {
     847           2 :         return path_removexattr(pathname, name, LOOKUP_FOLLOW);
     848             : }
     849             : 
     850           0 : SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
     851             :                 const char __user *, name)
     852             : {
     853           0 :         return path_removexattr(pathname, name, 0);
     854             : }
     855             : 
     856           0 : SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
     857             : {
     858           0 :         struct fd f = fdget(fd);
     859           0 :         int error = -EBADF;
     860             : 
     861           0 :         if (!f.file)
     862             :                 return error;
     863           0 :         audit_file(f.file);
     864           0 :         error = mnt_want_write_file(f.file);
     865           0 :         if (!error) {
     866           0 :                 error = removexattr(file_mnt_user_ns(f.file),
     867             :                                     f.file->f_path.dentry, name);
     868           0 :                 mnt_drop_write_file(f.file);
     869             :         }
     870           0 :         fdput(f);
     871           0 :         return error;
     872             : }
     873             : 
     874             : /*
     875             :  * Combine the results of the list() operation from every xattr_handler in the
     876             :  * list.
     877             :  */
     878             : ssize_t
     879           0 : generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
     880             : {
     881           0 :         const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
     882           0 :         unsigned int size = 0;
     883             : 
     884           0 :         if (!buffer) {
     885           0 :                 for_each_xattr_handler(handlers, handler) {
     886           0 :                         if (!handler->name ||
     887           0 :                             (handler->list && !handler->list(dentry)))
     888           0 :                                 continue;
     889           0 :                         size += strlen(handler->name) + 1;
     890             :                 }
     891             :         } else {
     892           0 :                 char *buf = buffer;
     893           0 :                 size_t len;
     894             : 
     895           0 :                 for_each_xattr_handler(handlers, handler) {
     896           0 :                         if (!handler->name ||
     897           0 :                             (handler->list && !handler->list(dentry)))
     898           0 :                                 continue;
     899           0 :                         len = strlen(handler->name);
     900           0 :                         if (len + 1 > buffer_size)
     901             :                                 return -ERANGE;
     902           0 :                         memcpy(buf, handler->name, len + 1);
     903           0 :                         buf += len + 1;
     904           0 :                         buffer_size -= len + 1;
     905             :                 }
     906           0 :                 size = buf - buffer;
     907             :         }
     908           0 :         return size;
     909             : }
     910             : EXPORT_SYMBOL(generic_listxattr);
     911             : 
     912             : /**
     913             :  * xattr_full_name  -  Compute full attribute name from suffix
     914             :  *
     915             :  * @handler:    handler of the xattr_handler operation
     916             :  * @name:       name passed to the xattr_handler operation
     917             :  *
     918             :  * The get and set xattr handler operations are called with the remainder of
     919             :  * the attribute name after skipping the handler's prefix: for example, "foo"
     920             :  * is passed to the get operation of a handler with prefix "user." to get
     921             :  * attribute "user.foo".  The full name is still "there" in the name though.
     922             :  *
     923             :  * Note: the list xattr handler operation when called from the vfs is passed a
     924             :  * NULL name; some file systems use this operation internally, with varying
     925             :  * semantics.
     926             :  */
     927         360 : const char *xattr_full_name(const struct xattr_handler *handler,
     928             :                             const char *name)
     929             : {
     930         360 :         size_t prefix_len = strlen(xattr_prefix(handler));
     931             : 
     932         360 :         return name - prefix_len;
     933             : }
     934             : EXPORT_SYMBOL(xattr_full_name);
     935             : 
     936             : /*
     937             :  * Allocate new xattr and copy in the value; but leave the name to callers.
     938             :  */
     939          59 : struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
     940             : {
     941          59 :         struct simple_xattr *new_xattr;
     942          59 :         size_t len;
     943             : 
     944             :         /* wrap around? */
     945          59 :         len = sizeof(*new_xattr) + size;
     946          59 :         if (len < sizeof(*new_xattr))
     947             :                 return NULL;
     948             : 
     949          59 :         new_xattr = kvmalloc(len, GFP_KERNEL);
     950          59 :         if (!new_xattr)
     951             :                 return NULL;
     952             : 
     953          59 :         new_xattr->size = size;
     954          59 :         memcpy(new_xattr->value, value, size);
     955          59 :         return new_xattr;
     956             : }
     957             : 
     958             : /*
     959             :  * xattr GET operation for in-memory/pseudo filesystems
     960             :  */
     961         299 : int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
     962             :                      void *buffer, size_t size)
     963             : {
     964         299 :         struct simple_xattr *xattr;
     965         299 :         int ret = -ENODATA;
     966             : 
     967         299 :         spin_lock(&xattrs->lock);
     968         301 :         list_for_each_entry(xattr, &xattrs->head, list) {
     969           2 :                 if (strcmp(name, xattr->name))
     970           2 :                         continue;
     971             : 
     972           0 :                 ret = xattr->size;
     973           0 :                 if (buffer) {
     974           0 :                         if (size < xattr->size)
     975             :                                 ret = -ERANGE;
     976             :                         else
     977           0 :                                 memcpy(buffer, xattr->value, xattr->size);
     978             :                 }
     979             :                 break;
     980             :         }
     981         299 :         spin_unlock(&xattrs->lock);
     982         299 :         return ret;
     983             : }
     984             : 
     985             : /**
     986             :  * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
     987             :  * @xattrs: target simple_xattr list
     988             :  * @name: name of the extended attribute
     989             :  * @value: value of the xattr. If %NULL, will remove the attribute.
     990             :  * @size: size of the new xattr
     991             :  * @flags: %XATTR_{CREATE|REPLACE}
     992             :  * @removed_size: returns size of the removed xattr, -1 if none removed
     993             :  *
     994             :  * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
     995             :  * with -EEXIST.  If %XATTR_REPLACE is set, the xattr should exist;
     996             :  * otherwise, fails with -ENODATA.
     997             :  *
     998             :  * Returns 0 on success, -errno on failure.
     999             :  */
    1000          61 : int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
    1001             :                      const void *value, size_t size, int flags,
    1002             :                      ssize_t *removed_size)
    1003             : {
    1004          61 :         struct simple_xattr *xattr;
    1005          61 :         struct simple_xattr *new_xattr = NULL;
    1006          61 :         int err = 0;
    1007             : 
    1008          61 :         if (removed_size)
    1009           0 :                 *removed_size = -1;
    1010             : 
    1011             :         /* value == NULL means remove */
    1012          61 :         if (value) {
    1013          59 :                 new_xattr = simple_xattr_alloc(value, size);
    1014          59 :                 if (!new_xattr)
    1015             :                         return -ENOMEM;
    1016             : 
    1017          59 :                 new_xattr->name = kstrdup(name, GFP_KERNEL);
    1018          59 :                 if (!new_xattr->name) {
    1019           0 :                         kvfree(new_xattr);
    1020           0 :                         return -ENOMEM;
    1021             :                 }
    1022             :         }
    1023             : 
    1024          61 :         spin_lock(&xattrs->lock);
    1025          63 :         list_for_each_entry(xattr, &xattrs->head, list) {
    1026           4 :                 if (!strcmp(name, xattr->name)) {
    1027           2 :                         if (flags & XATTR_CREATE) {
    1028             :                                 xattr = new_xattr;
    1029             :                                 err = -EEXIST;
    1030           2 :                         } else if (new_xattr) {
    1031           0 :                                 list_replace(&xattr->list, &new_xattr->list);
    1032           0 :                                 if (removed_size)
    1033           0 :                                         *removed_size = xattr->size;
    1034             :                         } else {
    1035           2 :                                 list_del(&xattr->list);
    1036           2 :                                 if (removed_size)
    1037           0 :                                         *removed_size = xattr->size;
    1038             :                         }
    1039           2 :                         goto out;
    1040             :                 }
    1041             :         }
    1042          59 :         if (flags & XATTR_REPLACE) {
    1043             :                 xattr = new_xattr;
    1044             :                 err = -ENODATA;
    1045             :         } else {
    1046          59 :                 list_add(&new_xattr->list, &xattrs->head);
    1047          59 :                 xattr = NULL;
    1048             :         }
    1049          61 : out:
    1050          61 :         spin_unlock(&xattrs->lock);
    1051          61 :         if (xattr) {
    1052           2 :                 kfree(xattr->name);
    1053           2 :                 kvfree(xattr);
    1054             :         }
    1055             :         return err;
    1056             : 
    1057             : }
    1058             : 
    1059           0 : static bool xattr_is_trusted(const char *name)
    1060             : {
    1061           0 :         return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
    1062             : }
    1063             : 
    1064           0 : static int xattr_list_one(char **buffer, ssize_t *remaining_size,
    1065             :                           const char *name)
    1066             : {
    1067           0 :         size_t len = strlen(name) + 1;
    1068           0 :         if (*buffer) {
    1069           0 :                 if (*remaining_size < len)
    1070             :                         return -ERANGE;
    1071           0 :                 memcpy(*buffer, name, len);
    1072           0 :                 *buffer += len;
    1073             :         }
    1074           0 :         *remaining_size -= len;
    1075           0 :         return 0;
    1076             : }
    1077             : 
    1078             : /*
    1079             :  * xattr LIST operation for in-memory/pseudo filesystems
    1080             :  */
    1081           4 : ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
    1082             :                           char *buffer, size_t size)
    1083             : {
    1084           4 :         bool trusted = capable(CAP_SYS_ADMIN);
    1085           4 :         struct simple_xattr *xattr;
    1086           4 :         ssize_t remaining_size = size;
    1087           4 :         int err = 0;
    1088             : 
    1089             : #ifdef CONFIG_FS_POSIX_ACL
    1090             :         if (IS_POSIXACL(inode)) {
    1091             :                 if (inode->i_acl) {
    1092             :                         err = xattr_list_one(&buffer, &remaining_size,
    1093             :                                              XATTR_NAME_POSIX_ACL_ACCESS);
    1094             :                         if (err)
    1095             :                                 return err;
    1096             :                 }
    1097             :                 if (inode->i_default_acl) {
    1098             :                         err = xattr_list_one(&buffer, &remaining_size,
    1099             :                                              XATTR_NAME_POSIX_ACL_DEFAULT);
    1100             :                         if (err)
    1101             :                                 return err;
    1102             :                 }
    1103             :         }
    1104             : #endif
    1105             : 
    1106           4 :         spin_lock(&xattrs->lock);
    1107           4 :         list_for_each_entry(xattr, &xattrs->head, list) {
    1108             :                 /* skip "trusted." attributes for unprivileged callers */
    1109           0 :                 if (!trusted && xattr_is_trusted(xattr->name))
    1110           0 :                         continue;
    1111             : 
    1112           0 :                 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
    1113           0 :                 if (err)
    1114             :                         break;
    1115             :         }
    1116           4 :         spin_unlock(&xattrs->lock);
    1117             : 
    1118           4 :         return err ? err : size - remaining_size;
    1119             : }
    1120             : 
    1121             : /*
    1122             :  * Adds an extended attribute to the list
    1123             :  */
    1124           0 : void simple_xattr_list_add(struct simple_xattrs *xattrs,
    1125             :                            struct simple_xattr *new_xattr)
    1126             : {
    1127           0 :         spin_lock(&xattrs->lock);
    1128           0 :         list_add(&new_xattr->list, &xattrs->head);
    1129           0 :         spin_unlock(&xattrs->lock);
    1130           0 : }

Generated by: LCOV version 1.14