]>
Commit | Line | Data |
---|---|---|
457c8996 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
1da177e4 LT |
2 | /* |
3 | File: fs/xattr.c | |
4 | ||
5 | Extended attribute handling. | |
6 | ||
7 | Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> | |
8 | Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> | |
9 | Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> | |
10 | */ | |
11 | #include <linux/fs.h> | |
12 | #include <linux/slab.h> | |
1da177e4 LT |
13 | #include <linux/file.h> |
14 | #include <linux/xattr.h> | |
18f335af | 15 | #include <linux/mount.h> |
1da177e4 LT |
16 | #include <linux/namei.h> |
17 | #include <linux/security.h> | |
c7b87de2 | 18 | #include <linux/evm.h> |
1da177e4 | 19 | #include <linux/syscalls.h> |
630d9c47 | 20 | #include <linux/export.h> |
0eeca283 | 21 | #include <linux/fsnotify.h> |
73241ccc | 22 | #include <linux/audit.h> |
0d08d7b7 | 23 | #include <linux/vmalloc.h> |
2f6f0654 | 24 | #include <linux/posix_acl_xattr.h> |
1da177e4 | 25 | |
7c0f6ba6 | 26 | #include <linux/uaccess.h> |
5be196e5 | 27 | |
1a91794c SR |
28 | #include "internal.h" |
29 | ||
b6ba1177 AG |
30 | static const char * |
31 | strcmp_prefix(const char *a, const char *a_prefix) | |
32 | { | |
33 | while (*a_prefix && *a == *a_prefix) { | |
34 | a++; | |
35 | a_prefix++; | |
36 | } | |
37 | return *a_prefix ? NULL : a; | |
38 | } | |
39 | ||
40 | /* | |
41 | * In order to implement different sets of xattr operations for each xattr | |
6c6ef9f2 AG |
42 | * prefix, a filesystem should create a null-terminated array of struct |
43 | * xattr_handler (one for each prefix) and hang a pointer to it off of the | |
44 | * s_xattr field of the superblock. | |
b6ba1177 AG |
45 | */ |
46 | #define for_each_xattr_handler(handlers, handler) \ | |
47 | if (handlers) \ | |
48 | for ((handler) = *(handlers)++; \ | |
49 | (handler) != NULL; \ | |
50 | (handler) = *(handlers)++) | |
51 | ||
52 | /* | |
53 | * Find the xattr_handler with the matching prefix. | |
54 | */ | |
55 | static const struct xattr_handler * | |
d0a5b995 | 56 | xattr_resolve_name(struct inode *inode, const char **name) |
b6ba1177 | 57 | { |
d0a5b995 | 58 | const struct xattr_handler **handlers = inode->i_sb->s_xattr; |
b6ba1177 AG |
59 | const struct xattr_handler *handler; |
60 | ||
5f6e59ae AG |
61 | if (!(inode->i_opflags & IOP_XATTR)) { |
62 | if (unlikely(is_bad_inode(inode))) | |
63 | return ERR_PTR(-EIO); | |
d0a5b995 | 64 | return ERR_PTR(-EOPNOTSUPP); |
5f6e59ae | 65 | } |
b6ba1177 AG |
66 | for_each_xattr_handler(handlers, handler) { |
67 | const char *n; | |
68 | ||
69 | n = strcmp_prefix(*name, xattr_prefix(handler)); | |
70 | if (n) { | |
71 | if (!handler->prefix ^ !*n) { | |
72 | if (*n) | |
73 | continue; | |
74 | return ERR_PTR(-EINVAL); | |
75 | } | |
76 | *name = n; | |
77 | return handler; | |
78 | } | |
79 | } | |
80 | return ERR_PTR(-EOPNOTSUPP); | |
81 | } | |
82 | ||
56851bc9 CB |
83 | /** |
84 | * may_write_xattr - check whether inode allows writing xattr | |
4609e1f1 | 85 | * @idmap: idmap of the mount the inode was found from |
56851bc9 CB |
86 | * @inode: the inode on which to set an xattr |
87 | * | |
88 | * Check whether the inode allows writing xattrs. Specifically, we can never | |
89 | * set or remove an extended attribute on a read-only filesystem or on an | |
90 | * immutable / append-only inode. | |
91 | * | |
92 | * We also need to ensure that the inode has a mapping in the mount to | |
93 | * not risk writing back invalid i_{g,u}id values. | |
94 | * | |
95 | * Return: On success zero is returned. On error a negative errno is returned. | |
96 | */ | |
4609e1f1 | 97 | int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode) |
56851bc9 CB |
98 | { |
99 | if (IS_IMMUTABLE(inode)) | |
100 | return -EPERM; | |
101 | if (IS_APPEND(inode)) | |
102 | return -EPERM; | |
4609e1f1 | 103 | if (HAS_UNMAPPED_ID(idmap, inode)) |
56851bc9 CB |
104 | return -EPERM; |
105 | return 0; | |
106 | } | |
107 | ||
e0ad7b07 | 108 | /* |
109 | * Check permissions for extended attribute access. This is a bit complicated | |
110 | * because different namespaces have very different rules. | |
111 | */ | |
112 | static int | |
4609e1f1 | 113 | xattr_permission(struct mnt_idmap *idmap, struct inode *inode, |
c7c7a1a1 | 114 | const char *name, int mask) |
e0ad7b07 | 115 | { |
4609e1f1 CB |
116 | struct user_namespace *mnt_userns = mnt_idmap_owner(idmap); |
117 | ||
e0ad7b07 | 118 | if (mask & MAY_WRITE) { |
56851bc9 CB |
119 | int ret; |
120 | ||
4609e1f1 | 121 | ret = may_write_xattr(idmap, inode); |
56851bc9 CB |
122 | if (ret) |
123 | return ret; | |
e0ad7b07 | 124 | } |
125 | ||
126 | /* | |
127 | * No restriction for security.* and system.* from the VFS. Decision | |
128 | * on these is left to the underlying filesystem / security module. | |
129 | */ | |
130 | if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || | |
131 | !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) | |
132 | return 0; | |
133 | ||
134 | /* | |
55b23bde | 135 | * The trusted.* namespace can only be accessed by privileged users. |
e0ad7b07 | 136 | */ |
55b23bde AG |
137 | if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { |
138 | if (!capable(CAP_SYS_ADMIN)) | |
139 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; | |
140 | return 0; | |
141 | } | |
e0ad7b07 | 142 | |
55b23bde AG |
143 | /* |
144 | * In the user.* namespace, only regular files and directories can have | |
f1f2d871 | 145 | * extended attributes. For sticky directories, only the owner and |
55b23bde | 146 | * privileged users can write attributes. |
f1f2d871 | 147 | */ |
e0ad7b07 | 148 | if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { |
f1f2d871 | 149 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
55b23bde | 150 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; |
f1f2d871 | 151 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && |
21cb47be | 152 | (mask & MAY_WRITE) && |
c7c7a1a1 | 153 | !inode_owner_or_capable(mnt_userns, inode)) |
e0ad7b07 | 154 | return -EPERM; |
155 | } | |
156 | ||
4609e1f1 | 157 | return inode_permission(idmap, inode, mask); |
e0ad7b07 | 158 | } |
159 | ||
cab8d289 FL |
160 | /* |
161 | * Look for any handler that deals with the specified namespace. | |
162 | */ | |
163 | int | |
164 | xattr_supported_namespace(struct inode *inode, const char *prefix) | |
165 | { | |
166 | const struct xattr_handler **handlers = inode->i_sb->s_xattr; | |
167 | const struct xattr_handler *handler; | |
168 | size_t preflen; | |
169 | ||
170 | if (!(inode->i_opflags & IOP_XATTR)) { | |
171 | if (unlikely(is_bad_inode(inode))) | |
172 | return -EIO; | |
173 | return -EOPNOTSUPP; | |
174 | } | |
175 | ||
176 | preflen = strlen(prefix); | |
177 | ||
178 | for_each_xattr_handler(handlers, handler) { | |
179 | if (!strncmp(xattr_prefix(handler), prefix, preflen)) | |
180 | return 0; | |
181 | } | |
182 | ||
183 | return -EOPNOTSUPP; | |
184 | } | |
185 | EXPORT_SYMBOL(xattr_supported_namespace); | |
186 | ||
5d6c3191 | 187 | int |
39f60c1c | 188 | __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, |
c7c7a1a1 TA |
189 | struct inode *inode, const char *name, const void *value, |
190 | size_t size, int flags) | |
5d6c3191 | 191 | { |
6c6ef9f2 AG |
192 | const struct xattr_handler *handler; |
193 | ||
318e6685 CB |
194 | if (is_posix_acl_xattr(name)) |
195 | return -EOPNOTSUPP; | |
196 | ||
6c6ef9f2 AG |
197 | handler = xattr_resolve_name(inode, &name); |
198 | if (IS_ERR(handler)) | |
199 | return PTR_ERR(handler); | |
200 | if (!handler->set) | |
5d6c3191 | 201 | return -EOPNOTSUPP; |
6c6ef9f2 AG |
202 | if (size == 0) |
203 | value = ""; /* empty EA, do not remove */ | |
39f60c1c | 204 | return handler->set(handler, idmap, dentry, inode, name, value, |
e65ce2a5 | 205 | size, flags); |
5d6c3191 AG |
206 | } |
207 | EXPORT_SYMBOL(__vfs_setxattr); | |
208 | ||
b1ab7e4b DQ |
209 | /** |
210 | * __vfs_setxattr_noperm - perform setxattr operation without performing | |
211 | * permission checks. | |
212 | * | |
39f60c1c | 213 | * @idmap: idmap of the mount the inode was found from |
6961fed4 RD |
214 | * @dentry: object to perform setxattr on |
215 | * @name: xattr name to set | |
216 | * @value: value to set @name to | |
217 | * @size: size of @value | |
218 | * @flags: flags to pass into filesystem operations | |
b1ab7e4b DQ |
219 | * |
220 | * returns the result of the internal setxattr or setsecurity operations. | |
221 | * | |
222 | * This function requires the caller to lock the inode's i_mutex before it | |
223 | * is executed. It also assumes that the caller will make the appropriate | |
224 | * permission checks. | |
225 | */ | |
39f60c1c | 226 | int __vfs_setxattr_noperm(struct mnt_idmap *idmap, |
c7c7a1a1 TA |
227 | struct dentry *dentry, const char *name, |
228 | const void *value, size_t size, int flags) | |
5be196e5 CH |
229 | { |
230 | struct inode *inode = dentry->d_inode; | |
4a590153 | 231 | int error = -EAGAIN; |
69b45732 AK |
232 | int issec = !strncmp(name, XATTR_SECURITY_PREFIX, |
233 | XATTR_SECURITY_PREFIX_LEN); | |
e0ad7b07 | 234 | |
69b45732 AK |
235 | if (issec) |
236 | inode->i_flags &= ~S_NOSEC; | |
6c6ef9f2 | 237 | if (inode->i_opflags & IOP_XATTR) { |
39f60c1c | 238 | error = __vfs_setxattr(idmap, dentry, inode, name, value, |
c7c7a1a1 | 239 | size, flags); |
5be196e5 CH |
240 | if (!error) { |
241 | fsnotify_xattr(dentry); | |
242 | security_inode_post_setxattr(dentry, name, value, | |
243 | size, flags); | |
244 | } | |
4a590153 | 245 | } else { |
5f6e59ae AG |
246 | if (unlikely(is_bad_inode(inode))) |
247 | return -EIO; | |
4a590153 AG |
248 | } |
249 | if (error == -EAGAIN) { | |
250 | error = -EOPNOTSUPP; | |
251 | ||
252 | if (issec) { | |
253 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; | |
254 | ||
255 | error = security_inode_setsecurity(inode, suffix, value, | |
256 | size, flags); | |
257 | if (!error) | |
258 | fsnotify_xattr(dentry); | |
259 | } | |
5be196e5 | 260 | } |
b1ab7e4b DQ |
261 | |
262 | return error; | |
263 | } | |
264 | ||
08b5d501 | 265 | /** |
da5c1c0b | 266 | * __vfs_setxattr_locked - set an extended attribute while holding the inode |
08b5d501 FL |
267 | * lock |
268 | * | |
4609e1f1 | 269 | * @idmap: idmap of the mount of the target inode |
da5c1c0b RD |
270 | * @dentry: object to perform setxattr on |
271 | * @name: xattr name to set | |
272 | * @value: value to set @name to | |
273 | * @size: size of @value | |
274 | * @flags: flags to pass into filesystem operations | |
275 | * @delegated_inode: on return, will contain an inode pointer that | |
08b5d501 FL |
276 | * a delegation was broken on, NULL if none. |
277 | */ | |
b1ab7e4b | 278 | int |
4609e1f1 | 279 | __vfs_setxattr_locked(struct mnt_idmap *idmap, struct dentry *dentry, |
c7c7a1a1 TA |
280 | const char *name, const void *value, size_t size, |
281 | int flags, struct inode **delegated_inode) | |
b1ab7e4b DQ |
282 | { |
283 | struct inode *inode = dentry->d_inode; | |
284 | int error; | |
285 | ||
4609e1f1 | 286 | error = xattr_permission(idmap, inode, name, MAY_WRITE); |
b1ab7e4b DQ |
287 | if (error) |
288 | return error; | |
289 | ||
39f60c1c | 290 | error = security_inode_setxattr(idmap, dentry, name, value, size, |
71bc356f | 291 | flags); |
b1ab7e4b DQ |
292 | if (error) |
293 | goto out; | |
294 | ||
08b5d501 FL |
295 | error = try_break_deleg(inode, delegated_inode); |
296 | if (error) | |
297 | goto out; | |
298 | ||
39f60c1c | 299 | error = __vfs_setxattr_noperm(idmap, dentry, name, value, |
c7c7a1a1 | 300 | size, flags); |
b1ab7e4b | 301 | |
5be196e5 | 302 | out: |
08b5d501 FL |
303 | return error; |
304 | } | |
305 | EXPORT_SYMBOL_GPL(__vfs_setxattr_locked); | |
306 | ||
307 | int | |
4609e1f1 | 308 | vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, |
6344e669 | 309 | const char *name, const void *value, size_t size, int flags) |
08b5d501 FL |
310 | { |
311 | struct inode *inode = dentry->d_inode; | |
312 | struct inode *delegated_inode = NULL; | |
7c03e2cd | 313 | const void *orig_value = value; |
08b5d501 FL |
314 | int error; |
315 | ||
7c03e2cd | 316 | if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { |
39f60c1c | 317 | error = cap_convert_nscap(idmap, dentry, &value, size); |
7c03e2cd MS |
318 | if (error < 0) |
319 | return error; | |
320 | size = error; | |
321 | } | |
322 | ||
08b5d501 FL |
323 | retry_deleg: |
324 | inode_lock(inode); | |
4609e1f1 | 325 | error = __vfs_setxattr_locked(idmap, dentry, name, value, size, |
c7c7a1a1 | 326 | flags, &delegated_inode); |
5955102c | 327 | inode_unlock(inode); |
08b5d501 FL |
328 | |
329 | if (delegated_inode) { | |
330 | error = break_deleg_wait(&delegated_inode); | |
331 | if (!error) | |
332 | goto retry_deleg; | |
333 | } | |
7c03e2cd MS |
334 | if (value != orig_value) |
335 | kfree(value); | |
336 | ||
5be196e5 CH |
337 | return error; |
338 | } | |
339 | EXPORT_SYMBOL_GPL(vfs_setxattr); | |
340 | ||
2220c5b0 | 341 | static ssize_t |
4609e1f1 | 342 | xattr_getsecurity(struct mnt_idmap *idmap, struct inode *inode, |
71bc356f | 343 | const char *name, void *value, size_t size) |
42492594 DQ |
344 | { |
345 | void *buffer = NULL; | |
346 | ssize_t len; | |
347 | ||
348 | if (!value || !size) { | |
4609e1f1 | 349 | len = security_inode_getsecurity(idmap, inode, name, |
71bc356f | 350 | &buffer, false); |
42492594 DQ |
351 | goto out_noalloc; |
352 | } | |
353 | ||
4609e1f1 | 354 | len = security_inode_getsecurity(idmap, inode, name, &buffer, |
71bc356f | 355 | true); |
42492594 DQ |
356 | if (len < 0) |
357 | return len; | |
358 | if (size < len) { | |
359 | len = -ERANGE; | |
360 | goto out; | |
361 | } | |
362 | memcpy(value, buffer, len); | |
363 | out: | |
57e7ba04 | 364 | kfree(buffer); |
42492594 DQ |
365 | out_noalloc: |
366 | return len; | |
367 | } | |
42492594 | 368 | |
1601fbad MZ |
369 | /* |
370 | * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr | |
371 | * | |
372 | * Allocate memory, if not already allocated, or re-allocate correct size, | |
f6fbd8cb PM |
373 | * before retrieving the extended attribute. The xattr value buffer should |
374 | * always be freed by the caller, even on error. | |
1601fbad MZ |
375 | * |
376 | * Returns the result of alloc, if failed, or the getxattr operation. | |
377 | */ | |
f6fbd8cb | 378 | int |
4609e1f1 | 379 | vfs_getxattr_alloc(struct mnt_idmap *idmap, struct dentry *dentry, |
c7c7a1a1 TA |
380 | const char *name, char **xattr_value, size_t xattr_size, |
381 | gfp_t flags) | |
1601fbad | 382 | { |
6c6ef9f2 | 383 | const struct xattr_handler *handler; |
1601fbad MZ |
384 | struct inode *inode = dentry->d_inode; |
385 | char *value = *xattr_value; | |
386 | int error; | |
387 | ||
4609e1f1 | 388 | error = xattr_permission(idmap, inode, name, MAY_READ); |
1601fbad MZ |
389 | if (error) |
390 | return error; | |
391 | ||
6c6ef9f2 AG |
392 | handler = xattr_resolve_name(inode, &name); |
393 | if (IS_ERR(handler)) | |
394 | return PTR_ERR(handler); | |
395 | if (!handler->get) | |
1601fbad | 396 | return -EOPNOTSUPP; |
6c6ef9f2 | 397 | error = handler->get(handler, dentry, inode, name, NULL, 0); |
1601fbad MZ |
398 | if (error < 0) |
399 | return error; | |
400 | ||
401 | if (!value || (error > xattr_size)) { | |
402 | value = krealloc(*xattr_value, error + 1, flags); | |
403 | if (!value) | |
404 | return -ENOMEM; | |
405 | memset(value, 0, error + 1); | |
406 | } | |
407 | ||
6c6ef9f2 | 408 | error = handler->get(handler, dentry, inode, name, value, error); |
1601fbad MZ |
409 | *xattr_value = value; |
410 | return error; | |
411 | } | |
412 | ||
5d6c3191 AG |
413 | ssize_t |
414 | __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, | |
415 | void *value, size_t size) | |
416 | { | |
6c6ef9f2 AG |
417 | const struct xattr_handler *handler; |
418 | ||
318e6685 CB |
419 | if (is_posix_acl_xattr(name)) |
420 | return -EOPNOTSUPP; | |
421 | ||
6c6ef9f2 AG |
422 | handler = xattr_resolve_name(inode, &name); |
423 | if (IS_ERR(handler)) | |
424 | return PTR_ERR(handler); | |
425 | if (!handler->get) | |
5d6c3191 | 426 | return -EOPNOTSUPP; |
6c6ef9f2 | 427 | return handler->get(handler, dentry, inode, name, value, size); |
5d6c3191 AG |
428 | } |
429 | EXPORT_SYMBOL(__vfs_getxattr); | |
430 | ||
5be196e5 | 431 | ssize_t |
4609e1f1 | 432 | vfs_getxattr(struct mnt_idmap *idmap, struct dentry *dentry, |
c7c7a1a1 | 433 | const char *name, void *value, size_t size) |
5be196e5 CH |
434 | { |
435 | struct inode *inode = dentry->d_inode; | |
436 | int error; | |
437 | ||
4609e1f1 | 438 | error = xattr_permission(idmap, inode, name, MAY_READ); |
e0ad7b07 | 439 | if (error) |
440 | return error; | |
441 | ||
5be196e5 CH |
442 | error = security_inode_getxattr(dentry, name); |
443 | if (error) | |
444 | return error; | |
445 | ||
5be196e5 | 446 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
e0ad7b07 | 447 | XATTR_SECURITY_PREFIX_LEN)) { |
448 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; | |
4609e1f1 | 449 | int ret = xattr_getsecurity(idmap, inode, suffix, value, |
71bc356f | 450 | size); |
5be196e5 CH |
451 | /* |
452 | * Only overwrite the return value if a security module | |
453 | * is actually active. | |
454 | */ | |
4bea5805 DQ |
455 | if (ret == -EOPNOTSUPP) |
456 | goto nolsm; | |
457 | return ret; | |
5be196e5 | 458 | } |
4bea5805 | 459 | nolsm: |
0a26bde2 | 460 | return __vfs_getxattr(dentry, inode, name, value, size); |
5be196e5 CH |
461 | } |
462 | EXPORT_SYMBOL_GPL(vfs_getxattr); | |
463 | ||
659564c8 | 464 | ssize_t |
bf3ee713 | 465 | vfs_listxattr(struct dentry *dentry, char *list, size_t size) |
659564c8 | 466 | { |
bf3ee713 | 467 | struct inode *inode = d_inode(dentry); |
659564c8 BN |
468 | ssize_t error; |
469 | ||
bf3ee713 | 470 | error = security_inode_listxattr(dentry); |
659564c8 BN |
471 | if (error) |
472 | return error; | |
bf3ee713 | 473 | if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { |
bf3ee713 | 474 | error = inode->i_op->listxattr(dentry, list, size); |
659564c8 | 475 | } else { |
bf3ee713 | 476 | error = security_inode_listsecurity(inode, list, size); |
659564c8 BN |
477 | if (size && error > size) |
478 | error = -ERANGE; | |
479 | } | |
480 | return error; | |
481 | } | |
482 | EXPORT_SYMBOL_GPL(vfs_listxattr); | |
483 | ||
5be196e5 | 484 | int |
39f60c1c | 485 | __vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, |
c7c7a1a1 | 486 | const char *name) |
5be196e5 | 487 | { |
6c6ef9f2 AG |
488 | struct inode *inode = d_inode(dentry); |
489 | const struct xattr_handler *handler; | |
5be196e5 | 490 | |
318e6685 CB |
491 | if (is_posix_acl_xattr(name)) |
492 | return -EOPNOTSUPP; | |
493 | ||
6c6ef9f2 AG |
494 | handler = xattr_resolve_name(inode, &name); |
495 | if (IS_ERR(handler)) | |
496 | return PTR_ERR(handler); | |
497 | if (!handler->set) | |
5be196e5 | 498 | return -EOPNOTSUPP; |
39f60c1c | 499 | return handler->set(handler, idmap, dentry, inode, name, NULL, 0, |
c7c7a1a1 | 500 | XATTR_REPLACE); |
5d6c3191 AG |
501 | } |
502 | EXPORT_SYMBOL(__vfs_removexattr); | |
503 | ||
08b5d501 | 504 | /** |
da5c1c0b | 505 | * __vfs_removexattr_locked - set an extended attribute while holding the inode |
08b5d501 FL |
506 | * lock |
507 | * | |
4609e1f1 | 508 | * @idmap: idmap of the mount of the target inode |
da5c1c0b RD |
509 | * @dentry: object to perform setxattr on |
510 | * @name: name of xattr to remove | |
511 | * @delegated_inode: on return, will contain an inode pointer that | |
08b5d501 FL |
512 | * a delegation was broken on, NULL if none. |
513 | */ | |
5d6c3191 | 514 | int |
4609e1f1 | 515 | __vfs_removexattr_locked(struct mnt_idmap *idmap, |
c7c7a1a1 TA |
516 | struct dentry *dentry, const char *name, |
517 | struct inode **delegated_inode) | |
5d6c3191 AG |
518 | { |
519 | struct inode *inode = dentry->d_inode; | |
520 | int error; | |
5be196e5 | 521 | |
4609e1f1 | 522 | error = xattr_permission(idmap, inode, name, MAY_WRITE); |
e0ad7b07 | 523 | if (error) |
524 | return error; | |
525 | ||
39f60c1c | 526 | error = security_inode_removexattr(idmap, dentry, name); |
7c51bb00 DK |
527 | if (error) |
528 | goto out; | |
5be196e5 | 529 | |
08b5d501 FL |
530 | error = try_break_deleg(inode, delegated_inode); |
531 | if (error) | |
532 | goto out; | |
533 | ||
39f60c1c | 534 | error = __vfs_removexattr(idmap, dentry, name); |
5be196e5 | 535 | |
c7b87de2 | 536 | if (!error) { |
5be196e5 | 537 | fsnotify_xattr(dentry); |
c7b87de2 MZ |
538 | evm_inode_post_removexattr(dentry, name); |
539 | } | |
7c51bb00 DK |
540 | |
541 | out: | |
08b5d501 FL |
542 | return error; |
543 | } | |
544 | EXPORT_SYMBOL_GPL(__vfs_removexattr_locked); | |
545 | ||
546 | int | |
4609e1f1 | 547 | vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, |
c7c7a1a1 | 548 | const char *name) |
08b5d501 FL |
549 | { |
550 | struct inode *inode = dentry->d_inode; | |
551 | struct inode *delegated_inode = NULL; | |
552 | int error; | |
553 | ||
554 | retry_deleg: | |
555 | inode_lock(inode); | |
4609e1f1 | 556 | error = __vfs_removexattr_locked(idmap, dentry, |
c7c7a1a1 | 557 | name, &delegated_inode); |
5955102c | 558 | inode_unlock(inode); |
08b5d501 FL |
559 | |
560 | if (delegated_inode) { | |
561 | error = break_deleg_wait(&delegated_inode); | |
562 | if (!error) | |
563 | goto retry_deleg; | |
564 | } | |
565 | ||
5be196e5 CH |
566 | return error; |
567 | } | |
568 | EXPORT_SYMBOL_GPL(vfs_removexattr); | |
569 | ||
1da177e4 LT |
570 | /* |
571 | * Extended attribute SET operations | |
572 | */ | |
1a91794c SR |
573 | |
574 | int setxattr_copy(const char __user *name, struct xattr_ctx *ctx) | |
1da177e4 LT |
575 | { |
576 | int error; | |
1da177e4 | 577 | |
1a91794c | 578 | if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE)) |
1da177e4 LT |
579 | return -EINVAL; |
580 | ||
1a91794c SR |
581 | error = strncpy_from_user(ctx->kname->name, name, |
582 | sizeof(ctx->kname->name)); | |
583 | if (error == 0 || error == sizeof(ctx->kname->name)) | |
584 | return -ERANGE; | |
1da177e4 LT |
585 | if (error < 0) |
586 | return error; | |
587 | ||
1a91794c SR |
588 | error = 0; |
589 | if (ctx->size) { | |
590 | if (ctx->size > XATTR_SIZE_MAX) | |
1da177e4 | 591 | return -E2BIG; |
1a91794c SR |
592 | |
593 | ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size); | |
594 | if (IS_ERR(ctx->kvalue)) { | |
595 | error = PTR_ERR(ctx->kvalue); | |
596 | ctx->kvalue = NULL; | |
44c82498 | 597 | } |
1da177e4 LT |
598 | } |
599 | ||
1a91794c SR |
600 | return error; |
601 | } | |
602 | ||
5a6f52d2 | 603 | int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, |
1a91794c SR |
604 | struct xattr_ctx *ctx) |
605 | { | |
318e6685 | 606 | if (is_posix_acl_xattr(ctx->kname->name)) |
5a6f52d2 | 607 | return do_set_acl(idmap, dentry, ctx->kname->name, |
318e6685 CB |
608 | ctx->kvalue, ctx->size); |
609 | ||
4609e1f1 | 610 | return vfs_setxattr(idmap, dentry, ctx->kname->name, |
1a91794c SR |
611 | ctx->kvalue, ctx->size, ctx->flags); |
612 | } | |
613 | ||
614 | static long | |
5a6f52d2 | 615 | setxattr(struct mnt_idmap *idmap, struct dentry *d, |
1a91794c SR |
616 | const char __user *name, const void __user *value, size_t size, |
617 | int flags) | |
618 | { | |
619 | struct xattr_name kname; | |
620 | struct xattr_ctx ctx = { | |
621 | .cvalue = value, | |
622 | .kvalue = NULL, | |
623 | .size = size, | |
624 | .kname = &kname, | |
625 | .flags = flags, | |
626 | }; | |
627 | int error; | |
628 | ||
629 | error = setxattr_copy(name, &ctx); | |
630 | if (error) | |
631 | return error; | |
632 | ||
5a6f52d2 | 633 | error = do_setxattr(idmap, d, &ctx); |
0b2a6f23 | 634 | |
1a91794c | 635 | kvfree(ctx.kvalue); |
1da177e4 LT |
636 | return error; |
637 | } | |
638 | ||
8cc43116 EB |
639 | static int path_setxattr(const char __user *pathname, |
640 | const char __user *name, const void __user *value, | |
641 | size_t size, int flags, unsigned int lookup_flags) | |
1da177e4 | 642 | { |
2d8f3038 | 643 | struct path path; |
1da177e4 | 644 | int error; |
c7c7a1a1 | 645 | |
68f1bb8b JL |
646 | retry: |
647 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
1da177e4 LT |
648 | if (error) |
649 | return error; | |
2d8f3038 | 650 | error = mnt_want_write(path.mnt); |
18f335af | 651 | if (!error) { |
5a6f52d2 | 652 | error = setxattr(mnt_idmap(path.mnt), path.dentry, name, |
c7c7a1a1 | 653 | value, size, flags); |
2d8f3038 | 654 | mnt_drop_write(path.mnt); |
18f335af | 655 | } |
2d8f3038 | 656 | path_put(&path); |
68f1bb8b JL |
657 | if (retry_estale(error, lookup_flags)) { |
658 | lookup_flags |= LOOKUP_REVAL; | |
659 | goto retry; | |
660 | } | |
1da177e4 LT |
661 | return error; |
662 | } | |
663 | ||
8cc43116 EB |
664 | SYSCALL_DEFINE5(setxattr, const char __user *, pathname, |
665 | const char __user *, name, const void __user *, value, | |
666 | size_t, size, int, flags) | |
667 | { | |
668 | return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); | |
669 | } | |
670 | ||
64fd1de3 HC |
671 | SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, |
672 | const char __user *, name, const void __user *, value, | |
673 | size_t, size, int, flags) | |
1da177e4 | 674 | { |
8cc43116 | 675 | return path_setxattr(pathname, name, value, size, flags, 0); |
1da177e4 LT |
676 | } |
677 | ||
64fd1de3 HC |
678 | SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, |
679 | const void __user *,value, size_t, size, int, flags) | |
1da177e4 | 680 | { |
2903ff01 | 681 | struct fd f = fdget(fd); |
1da177e4 LT |
682 | int error = -EBADF; |
683 | ||
2903ff01 | 684 | if (!f.file) |
1da177e4 | 685 | return error; |
9f45f5bf | 686 | audit_file(f.file); |
6742cee0 | 687 | error = mnt_want_write_file(f.file); |
18f335af | 688 | if (!error) { |
5a6f52d2 | 689 | error = setxattr(file_mnt_idmap(f.file), |
c7c7a1a1 TA |
690 | f.file->f_path.dentry, name, |
691 | value, size, flags); | |
6742cee0 | 692 | mnt_drop_write_file(f.file); |
18f335af | 693 | } |
2903ff01 | 694 | fdput(f); |
1da177e4 LT |
695 | return error; |
696 | } | |
697 | ||
698 | /* | |
699 | * Extended attribute GET operations | |
700 | */ | |
c975cad9 | 701 | ssize_t |
5a6f52d2 | 702 | do_getxattr(struct mnt_idmap *idmap, struct dentry *d, |
c975cad9 | 703 | struct xattr_ctx *ctx) |
1da177e4 LT |
704 | { |
705 | ssize_t error; | |
c975cad9 | 706 | char *kname = ctx->kname->name; |
1da177e4 | 707 | |
c975cad9 SR |
708 | if (ctx->size) { |
709 | if (ctx->size > XATTR_SIZE_MAX) | |
710 | ctx->size = XATTR_SIZE_MAX; | |
711 | ctx->kvalue = kvzalloc(ctx->size, GFP_KERNEL); | |
712 | if (!ctx->kvalue) | |
752ade68 | 713 | return -ENOMEM; |
1da177e4 LT |
714 | } |
715 | ||
318e6685 | 716 | if (is_posix_acl_xattr(ctx->kname->name)) |
5a6f52d2 | 717 | error = do_get_acl(idmap, d, kname, ctx->kvalue, ctx->size); |
318e6685 | 718 | else |
4609e1f1 | 719 | error = vfs_getxattr(idmap, d, kname, ctx->kvalue, ctx->size); |
f549d6c1 | 720 | if (error > 0) { |
c975cad9 | 721 | if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error)) |
f549d6c1 | 722 | error = -EFAULT; |
c975cad9 | 723 | } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) { |
f549d6c1 SS |
724 | /* The file system tried to returned a value bigger |
725 | than XATTR_SIZE_MAX bytes. Not possible. */ | |
726 | error = -E2BIG; | |
1da177e4 | 727 | } |
0b2a6f23 | 728 | |
c975cad9 SR |
729 | return error; |
730 | } | |
731 | ||
732 | static ssize_t | |
5a6f52d2 | 733 | getxattr(struct mnt_idmap *idmap, struct dentry *d, |
c975cad9 SR |
734 | const char __user *name, void __user *value, size_t size) |
735 | { | |
736 | ssize_t error; | |
737 | struct xattr_name kname; | |
738 | struct xattr_ctx ctx = { | |
739 | .value = value, | |
740 | .kvalue = NULL, | |
741 | .size = size, | |
742 | .kname = &kname, | |
743 | .flags = 0, | |
744 | }; | |
745 | ||
746 | error = strncpy_from_user(kname.name, name, sizeof(kname.name)); | |
747 | if (error == 0 || error == sizeof(kname.name)) | |
748 | error = -ERANGE; | |
749 | if (error < 0) | |
750 | return error; | |
751 | ||
5a6f52d2 | 752 | error = do_getxattr(idmap, d, &ctx); |
0b2a6f23 | 753 | |
c975cad9 | 754 | kvfree(ctx.kvalue); |
1da177e4 LT |
755 | return error; |
756 | } | |
757 | ||
8cc43116 EB |
758 | static ssize_t path_getxattr(const char __user *pathname, |
759 | const char __user *name, void __user *value, | |
760 | size_t size, unsigned int lookup_flags) | |
1da177e4 | 761 | { |
2d8f3038 | 762 | struct path path; |
1da177e4 | 763 | ssize_t error; |
60e66b48 JL |
764 | retry: |
765 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
1da177e4 LT |
766 | if (error) |
767 | return error; | |
5a6f52d2 | 768 | error = getxattr(mnt_idmap(path.mnt), path.dentry, name, value, size); |
2d8f3038 | 769 | path_put(&path); |
60e66b48 JL |
770 | if (retry_estale(error, lookup_flags)) { |
771 | lookup_flags |= LOOKUP_REVAL; | |
772 | goto retry; | |
773 | } | |
1da177e4 LT |
774 | return error; |
775 | } | |
776 | ||
8cc43116 EB |
777 | SYSCALL_DEFINE4(getxattr, const char __user *, pathname, |
778 | const char __user *, name, void __user *, value, size_t, size) | |
779 | { | |
780 | return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); | |
781 | } | |
782 | ||
64fd1de3 HC |
783 | SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, |
784 | const char __user *, name, void __user *, value, size_t, size) | |
1da177e4 | 785 | { |
8cc43116 | 786 | return path_getxattr(pathname, name, value, size, 0); |
1da177e4 LT |
787 | } |
788 | ||
64fd1de3 HC |
789 | SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, |
790 | void __user *, value, size_t, size) | |
1da177e4 | 791 | { |
2903ff01 | 792 | struct fd f = fdget(fd); |
1da177e4 LT |
793 | ssize_t error = -EBADF; |
794 | ||
2903ff01 | 795 | if (!f.file) |
1da177e4 | 796 | return error; |
9f45f5bf | 797 | audit_file(f.file); |
5a6f52d2 | 798 | error = getxattr(file_mnt_idmap(f.file), f.file->f_path.dentry, |
c7c7a1a1 | 799 | name, value, size); |
2903ff01 | 800 | fdput(f); |
1da177e4 LT |
801 | return error; |
802 | } | |
803 | ||
804 | /* | |
805 | * Extended attribute LIST operations | |
806 | */ | |
807 | static ssize_t | |
808 | listxattr(struct dentry *d, char __user *list, size_t size) | |
809 | { | |
810 | ssize_t error; | |
811 | char *klist = NULL; | |
812 | ||
813 | if (size) { | |
814 | if (size > XATTR_LIST_MAX) | |
815 | size = XATTR_LIST_MAX; | |
752ade68 MH |
816 | klist = kvmalloc(size, GFP_KERNEL); |
817 | if (!klist) | |
818 | return -ENOMEM; | |
1da177e4 LT |
819 | } |
820 | ||
659564c8 | 821 | error = vfs_listxattr(d, klist, size); |
f549d6c1 SS |
822 | if (error > 0) { |
823 | if (size && copy_to_user(list, klist, error)) | |
824 | error = -EFAULT; | |
825 | } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { | |
826 | /* The file system tried to returned a list bigger | |
827 | than XATTR_LIST_MAX bytes. Not possible. */ | |
828 | error = -E2BIG; | |
1da177e4 | 829 | } |
0b2a6f23 RW |
830 | |
831 | kvfree(klist); | |
832 | ||
1da177e4 LT |
833 | return error; |
834 | } | |
835 | ||
8cc43116 EB |
836 | static ssize_t path_listxattr(const char __user *pathname, char __user *list, |
837 | size_t size, unsigned int lookup_flags) | |
1da177e4 | 838 | { |
2d8f3038 | 839 | struct path path; |
1da177e4 | 840 | ssize_t error; |
10a90cf3 JL |
841 | retry: |
842 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
1da177e4 LT |
843 | if (error) |
844 | return error; | |
2d8f3038 AV |
845 | error = listxattr(path.dentry, list, size); |
846 | path_put(&path); | |
10a90cf3 JL |
847 | if (retry_estale(error, lookup_flags)) { |
848 | lookup_flags |= LOOKUP_REVAL; | |
849 | goto retry; | |
850 | } | |
1da177e4 LT |
851 | return error; |
852 | } | |
853 | ||
8cc43116 EB |
854 | SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, |
855 | size_t, size) | |
856 | { | |
857 | return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); | |
858 | } | |
859 | ||
64fd1de3 HC |
860 | SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, |
861 | size_t, size) | |
1da177e4 | 862 | { |
8cc43116 | 863 | return path_listxattr(pathname, list, size, 0); |
1da177e4 LT |
864 | } |
865 | ||
64fd1de3 | 866 | SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) |
1da177e4 | 867 | { |
2903ff01 | 868 | struct fd f = fdget(fd); |
1da177e4 LT |
869 | ssize_t error = -EBADF; |
870 | ||
2903ff01 | 871 | if (!f.file) |
1da177e4 | 872 | return error; |
9f45f5bf | 873 | audit_file(f.file); |
2903ff01 AV |
874 | error = listxattr(f.file->f_path.dentry, list, size); |
875 | fdput(f); | |
1da177e4 LT |
876 | return error; |
877 | } | |
878 | ||
879 | /* | |
880 | * Extended attribute REMOVE operations | |
881 | */ | |
882 | static long | |
5a6f52d2 | 883 | removexattr(struct mnt_idmap *idmap, struct dentry *d, |
c7c7a1a1 | 884 | const char __user *name) |
1da177e4 LT |
885 | { |
886 | int error; | |
887 | char kname[XATTR_NAME_MAX + 1]; | |
888 | ||
889 | error = strncpy_from_user(kname, name, sizeof(kname)); | |
890 | if (error == 0 || error == sizeof(kname)) | |
891 | error = -ERANGE; | |
892 | if (error < 0) | |
893 | return error; | |
894 | ||
318e6685 | 895 | if (is_posix_acl_xattr(kname)) |
13e83a49 | 896 | return vfs_remove_acl(idmap, d, kname); |
318e6685 | 897 | |
4609e1f1 | 898 | return vfs_removexattr(idmap, d, kname); |
1da177e4 LT |
899 | } |
900 | ||
8cc43116 EB |
901 | static int path_removexattr(const char __user *pathname, |
902 | const char __user *name, unsigned int lookup_flags) | |
1da177e4 | 903 | { |
2d8f3038 | 904 | struct path path; |
1da177e4 | 905 | int error; |
12f06212 JL |
906 | retry: |
907 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
1da177e4 LT |
908 | if (error) |
909 | return error; | |
2d8f3038 | 910 | error = mnt_want_write(path.mnt); |
18f335af | 911 | if (!error) { |
5a6f52d2 | 912 | error = removexattr(mnt_idmap(path.mnt), path.dentry, name); |
2d8f3038 | 913 | mnt_drop_write(path.mnt); |
18f335af | 914 | } |
2d8f3038 | 915 | path_put(&path); |
12f06212 JL |
916 | if (retry_estale(error, lookup_flags)) { |
917 | lookup_flags |= LOOKUP_REVAL; | |
918 | goto retry; | |
919 | } | |
1da177e4 LT |
920 | return error; |
921 | } | |
922 | ||
8cc43116 EB |
923 | SYSCALL_DEFINE2(removexattr, const char __user *, pathname, |
924 | const char __user *, name) | |
925 | { | |
926 | return path_removexattr(pathname, name, LOOKUP_FOLLOW); | |
927 | } | |
928 | ||
6a6160a7 HC |
929 | SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, |
930 | const char __user *, name) | |
1da177e4 | 931 | { |
8cc43116 | 932 | return path_removexattr(pathname, name, 0); |
1da177e4 LT |
933 | } |
934 | ||
6a6160a7 | 935 | SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) |
1da177e4 | 936 | { |
2903ff01 | 937 | struct fd f = fdget(fd); |
1da177e4 LT |
938 | int error = -EBADF; |
939 | ||
2903ff01 | 940 | if (!f.file) |
1da177e4 | 941 | return error; |
9f45f5bf | 942 | audit_file(f.file); |
6742cee0 | 943 | error = mnt_want_write_file(f.file); |
18f335af | 944 | if (!error) { |
5a6f52d2 | 945 | error = removexattr(file_mnt_idmap(f.file), |
c7c7a1a1 | 946 | f.file->f_path.dentry, name); |
6742cee0 | 947 | mnt_drop_write_file(f.file); |
18f335af | 948 | } |
2903ff01 | 949 | fdput(f); |
1da177e4 LT |
950 | return error; |
951 | } | |
952 | ||
1da177e4 LT |
953 | /* |
954 | * Combine the results of the list() operation from every xattr_handler in the | |
955 | * list. | |
956 | */ | |
957 | ssize_t | |
958 | generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) | |
959 | { | |
bb435453 | 960 | const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; |
1da177e4 LT |
961 | unsigned int size = 0; |
962 | ||
963 | if (!buffer) { | |
431547b3 | 964 | for_each_xattr_handler(handlers, handler) { |
764a5c6b AG |
965 | if (!handler->name || |
966 | (handler->list && !handler->list(dentry))) | |
c4803c49 | 967 | continue; |
764a5c6b | 968 | size += strlen(handler->name) + 1; |
431547b3 | 969 | } |
1da177e4 LT |
970 | } else { |
971 | char *buf = buffer; | |
764a5c6b | 972 | size_t len; |
1da177e4 LT |
973 | |
974 | for_each_xattr_handler(handlers, handler) { | |
764a5c6b AG |
975 | if (!handler->name || |
976 | (handler->list && !handler->list(dentry))) | |
c4803c49 | 977 | continue; |
764a5c6b AG |
978 | len = strlen(handler->name); |
979 | if (len + 1 > buffer_size) | |
1da177e4 | 980 | return -ERANGE; |
764a5c6b AG |
981 | memcpy(buf, handler->name, len + 1); |
982 | buf += len + 1; | |
983 | buffer_size -= len + 1; | |
1da177e4 LT |
984 | } |
985 | size = buf - buffer; | |
986 | } | |
987 | return size; | |
988 | } | |
1da177e4 | 989 | EXPORT_SYMBOL(generic_listxattr); |
38f38657 | 990 | |
e409de99 AG |
991 | /** |
992 | * xattr_full_name - Compute full attribute name from suffix | |
993 | * | |
994 | * @handler: handler of the xattr_handler operation | |
995 | * @name: name passed to the xattr_handler operation | |
996 | * | |
997 | * The get and set xattr handler operations are called with the remainder of | |
998 | * the attribute name after skipping the handler's prefix: for example, "foo" | |
999 | * is passed to the get operation of a handler with prefix "user." to get | |
1000 | * attribute "user.foo". The full name is still "there" in the name though. | |
1001 | * | |
1002 | * Note: the list xattr handler operation when called from the vfs is passed a | |
1003 | * NULL name; some file systems use this operation internally, with varying | |
1004 | * semantics. | |
1005 | */ | |
1006 | const char *xattr_full_name(const struct xattr_handler *handler, | |
1007 | const char *name) | |
1008 | { | |
98e9cb57 | 1009 | size_t prefix_len = strlen(xattr_prefix(handler)); |
e409de99 AG |
1010 | |
1011 | return name - prefix_len; | |
1012 | } | |
1013 | EXPORT_SYMBOL(xattr_full_name); | |
1014 | ||
3b4c7bc0 CB |
1015 | /** |
1016 | * free_simple_xattr - free an xattr object | |
1017 | * @xattr: the xattr object | |
1018 | * | |
1019 | * Free the xattr object. Can handle @xattr being NULL. | |
1020 | */ | |
1021 | static inline void free_simple_xattr(struct simple_xattr *xattr) | |
1022 | { | |
1023 | if (xattr) | |
1024 | kfree(xattr->name); | |
1025 | kvfree(xattr); | |
1026 | } | |
1027 | ||
1028 | /** | |
1029 | * simple_xattr_alloc - allocate new xattr object | |
1030 | * @value: value of the xattr object | |
1031 | * @size: size of @value | |
1032 | * | |
1033 | * Allocate a new xattr object and initialize respective members. The caller is | |
1034 | * responsible for handling the name of the xattr. | |
1035 | * | |
1036 | * Return: On success a new xattr object is returned. On failure NULL is | |
1037 | * returned. | |
38f38657 AR |
1038 | */ |
1039 | struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) | |
1040 | { | |
1041 | struct simple_xattr *new_xattr; | |
1042 | size_t len; | |
1043 | ||
1044 | /* wrap around? */ | |
1045 | len = sizeof(*new_xattr) + size; | |
4e66d445 | 1046 | if (len < sizeof(*new_xattr)) |
38f38657 AR |
1047 | return NULL; |
1048 | ||
fdc85222 | 1049 | new_xattr = kvmalloc(len, GFP_KERNEL); |
38f38657 AR |
1050 | if (!new_xattr) |
1051 | return NULL; | |
1052 | ||
1053 | new_xattr->size = size; | |
1054 | memcpy(new_xattr->value, value, size); | |
1055 | return new_xattr; | |
1056 | } | |
1057 | ||
3b4c7bc0 CB |
1058 | /** |
1059 | * rbtree_simple_xattr_cmp - compare xattr name with current rbtree xattr entry | |
1060 | * @key: xattr name | |
1061 | * @node: current node | |
1062 | * | |
1063 | * Compare the xattr name with the xattr name attached to @node in the rbtree. | |
1064 | * | |
1065 | * Return: Negative value if continuing left, positive if continuing right, 0 | |
1066 | * if the xattr attached to @node matches @key. | |
1067 | */ | |
1068 | static int rbtree_simple_xattr_cmp(const void *key, const struct rb_node *node) | |
1069 | { | |
1070 | const char *xattr_name = key; | |
1071 | const struct simple_xattr *xattr; | |
1072 | ||
1073 | xattr = rb_entry(node, struct simple_xattr, rb_node); | |
1074 | return strcmp(xattr->name, xattr_name); | |
1075 | } | |
1076 | ||
1077 | /** | |
1078 | * rbtree_simple_xattr_node_cmp - compare two xattr rbtree nodes | |
1079 | * @new_node: new node | |
1080 | * @node: current node | |
1081 | * | |
1082 | * Compare the xattr attached to @new_node with the xattr attached to @node. | |
1083 | * | |
1084 | * Return: Negative value if continuing left, positive if continuing right, 0 | |
1085 | * if the xattr attached to @new_node matches the xattr attached to @node. | |
1086 | */ | |
1087 | static int rbtree_simple_xattr_node_cmp(struct rb_node *new_node, | |
1088 | const struct rb_node *node) | |
1089 | { | |
1090 | struct simple_xattr *xattr; | |
1091 | xattr = rb_entry(new_node, struct simple_xattr, rb_node); | |
1092 | return rbtree_simple_xattr_cmp(xattr->name, node); | |
1093 | } | |
1094 | ||
1095 | /** | |
1096 | * simple_xattr_get - get an xattr object | |
1097 | * @xattrs: the header of the xattr object | |
1098 | * @name: the name of the xattr to retrieve | |
1099 | * @buffer: the buffer to store the value into | |
1100 | * @size: the size of @buffer | |
1101 | * | |
1102 | * Try to find and retrieve the xattr object associated with @name. | |
1103 | * If @buffer is provided store the value of @xattr in @buffer | |
1104 | * otherwise just return the length. The size of @buffer is limited | |
1105 | * to XATTR_SIZE_MAX which currently is 65536. | |
1106 | * | |
1107 | * Return: On success the length of the xattr value is returned. On error a | |
1108 | * negative error code is returned. | |
38f38657 AR |
1109 | */ |
1110 | int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, | |
1111 | void *buffer, size_t size) | |
1112 | { | |
3b4c7bc0 CB |
1113 | struct simple_xattr *xattr = NULL; |
1114 | struct rb_node *rbp; | |
38f38657 AR |
1115 | int ret = -ENODATA; |
1116 | ||
3b4c7bc0 CB |
1117 | read_lock(&xattrs->lock); |
1118 | rbp = rb_find(name, &xattrs->rb_root, rbtree_simple_xattr_cmp); | |
1119 | if (rbp) { | |
1120 | xattr = rb_entry(rbp, struct simple_xattr, rb_node); | |
38f38657 AR |
1121 | ret = xattr->size; |
1122 | if (buffer) { | |
1123 | if (size < xattr->size) | |
1124 | ret = -ERANGE; | |
1125 | else | |
1126 | memcpy(buffer, xattr->value, xattr->size); | |
1127 | } | |
38f38657 | 1128 | } |
3b4c7bc0 | 1129 | read_unlock(&xattrs->lock); |
38f38657 AR |
1130 | return ret; |
1131 | } | |
1132 | ||
aa7c5241 | 1133 | /** |
3b4c7bc0 CB |
1134 | * simple_xattr_set - set an xattr object |
1135 | * @xattrs: the header of the xattr object | |
1136 | * @name: the name of the xattr to retrieve | |
1137 | * @value: the value to store along the xattr | |
1138 | * @size: the size of @value | |
1139 | * @flags: the flags determining how to set the xattr | |
1140 | * @removed_size: the size of the removed xattr | |
1141 | * | |
1142 | * Set a new xattr object. | |
1143 | * If @value is passed a new xattr object will be allocated. If XATTR_REPLACE | |
1144 | * is specified in @flags a matching xattr object for @name must already exist. | |
1145 | * If it does it will be replaced with the new xattr object. If it doesn't we | |
1146 | * fail. If XATTR_CREATE is specified and a matching xattr does already exist | |
1147 | * we fail. If it doesn't we create a new xattr. If @flags is zero we simply | |
1148 | * insert the new xattr replacing any existing one. | |
1149 | * | |
1150 | * If @value is empty and a matching xattr object is found we delete it if | |
1151 | * XATTR_REPLACE is specified in @flags or @flags is zero. | |
aa7c5241 | 1152 | * |
3b4c7bc0 CB |
1153 | * If @value is empty and no matching xattr object for @name is found we do |
1154 | * nothing if XATTR_CREATE is specified in @flags or @flags is zero. For | |
1155 | * XATTR_REPLACE we fail as mentioned above. | |
aa7c5241 | 1156 | * |
3b4c7bc0 | 1157 | * Return: On success zero and on error a negative error code is returned. |
aa7c5241 AG |
1158 | */ |
1159 | int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, | |
a46a2295 DX |
1160 | const void *value, size_t size, int flags, |
1161 | ssize_t *removed_size) | |
38f38657 | 1162 | { |
3b4c7bc0 CB |
1163 | struct simple_xattr *xattr = NULL, *new_xattr = NULL; |
1164 | struct rb_node *parent = NULL, **rbp; | |
1165 | int err = 0, ret; | |
38f38657 | 1166 | |
772b3140 DX |
1167 | if (removed_size) |
1168 | *removed_size = -1; | |
1169 | ||
38f38657 AR |
1170 | /* value == NULL means remove */ |
1171 | if (value) { | |
1172 | new_xattr = simple_xattr_alloc(value, size); | |
1173 | if (!new_xattr) | |
1174 | return -ENOMEM; | |
1175 | ||
1176 | new_xattr->name = kstrdup(name, GFP_KERNEL); | |
1177 | if (!new_xattr->name) { | |
3b4c7bc0 | 1178 | free_simple_xattr(new_xattr); |
38f38657 AR |
1179 | return -ENOMEM; |
1180 | } | |
1181 | } | |
1182 | ||
3b4c7bc0 CB |
1183 | write_lock(&xattrs->lock); |
1184 | rbp = &xattrs->rb_root.rb_node; | |
1185 | while (*rbp) { | |
1186 | parent = *rbp; | |
1187 | ret = rbtree_simple_xattr_cmp(name, *rbp); | |
1188 | if (ret < 0) | |
1189 | rbp = &(*rbp)->rb_left; | |
1190 | else if (ret > 0) | |
1191 | rbp = &(*rbp)->rb_right; | |
1192 | else | |
1193 | xattr = rb_entry(*rbp, struct simple_xattr, rb_node); | |
1194 | if (xattr) | |
1195 | break; | |
38f38657 | 1196 | } |
3b4c7bc0 | 1197 | |
38f38657 | 1198 | if (xattr) { |
3b4c7bc0 CB |
1199 | /* Fail if XATTR_CREATE is requested and the xattr exists. */ |
1200 | if (flags & XATTR_CREATE) { | |
1201 | err = -EEXIST; | |
1202 | goto out_unlock; | |
1203 | } | |
1204 | ||
1205 | if (new_xattr) | |
1206 | rb_replace_node(&xattr->rb_node, &new_xattr->rb_node, | |
1207 | &xattrs->rb_root); | |
1208 | else | |
1209 | rb_erase(&xattr->rb_node, &xattrs->rb_root); | |
1210 | if (!err && removed_size) | |
1211 | *removed_size = xattr->size; | |
1212 | } else { | |
1213 | /* Fail if XATTR_REPLACE is requested but no xattr is found. */ | |
1214 | if (flags & XATTR_REPLACE) { | |
1215 | err = -ENODATA; | |
1216 | goto out_unlock; | |
1217 | } | |
1218 | ||
1219 | /* | |
1220 | * If XATTR_CREATE or no flags are specified together with a | |
1221 | * new value simply insert it. | |
1222 | */ | |
1223 | if (new_xattr) { | |
1224 | rb_link_node(&new_xattr->rb_node, parent, rbp); | |
1225 | rb_insert_color(&new_xattr->rb_node, &xattrs->rb_root); | |
1226 | } | |
1227 | ||
1228 | /* | |
1229 | * If XATTR_CREATE or no flags are specified and neither an | |
1230 | * old or new xattr exist then we don't need to do anything. | |
1231 | */ | |
38f38657 | 1232 | } |
3b4c7bc0 CB |
1233 | |
1234 | out_unlock: | |
1235 | write_unlock(&xattrs->lock); | |
1236 | if (err) | |
1237 | free_simple_xattr(new_xattr); | |
1238 | else | |
1239 | free_simple_xattr(xattr); | |
38f38657 AR |
1240 | return err; |
1241 | ||
1242 | } | |
1243 | ||
38f38657 AR |
1244 | static bool xattr_is_trusted(const char *name) |
1245 | { | |
1246 | return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); | |
1247 | } | |
1248 | ||
786534b9 AG |
1249 | static int xattr_list_one(char **buffer, ssize_t *remaining_size, |
1250 | const char *name) | |
1251 | { | |
1252 | size_t len = strlen(name) + 1; | |
1253 | if (*buffer) { | |
1254 | if (*remaining_size < len) | |
1255 | return -ERANGE; | |
1256 | memcpy(*buffer, name, len); | |
1257 | *buffer += len; | |
1258 | } | |
1259 | *remaining_size -= len; | |
1260 | return 0; | |
1261 | } | |
1262 | ||
3b4c7bc0 CB |
1263 | /** |
1264 | * simple_xattr_list - list all xattr objects | |
1265 | * @inode: inode from which to get the xattrs | |
1266 | * @xattrs: the header of the xattr object | |
1267 | * @buffer: the buffer to store all xattrs into | |
1268 | * @size: the size of @buffer | |
1269 | * | |
1270 | * List all xattrs associated with @inode. If @buffer is NULL we returned | |
1271 | * the required size of the buffer. If @buffer is provided we store the | |
1272 | * xattrs value into it provided it is big enough. | |
1273 | * | |
1274 | * Note, the number of xattr names that can be listed with listxattr(2) is | |
1275 | * limited to XATTR_LIST_MAX aka 65536 bytes. If a larger buffer is passed | |
1276 | * then vfs_listxattr() caps it to XATTR_LIST_MAX and if more xattr names | |
1277 | * are found it will return -E2BIG. | |
1278 | * | |
1279 | * Return: On success the required size or the size of the copied xattrs is | |
1280 | * returned. On error a negative error code is returned. | |
38f38657 | 1281 | */ |
786534b9 AG |
1282 | ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, |
1283 | char *buffer, size_t size) | |
38f38657 | 1284 | { |
e7eda157 | 1285 | bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); |
38f38657 | 1286 | struct simple_xattr *xattr; |
3b4c7bc0 | 1287 | struct rb_node *rbp; |
786534b9 | 1288 | ssize_t remaining_size = size; |
0e9a7da5 | 1289 | int err = 0; |
786534b9 AG |
1290 | |
1291 | #ifdef CONFIG_FS_POSIX_ACL | |
ffc4c922 AG |
1292 | if (IS_POSIXACL(inode)) { |
1293 | if (inode->i_acl) { | |
1294 | err = xattr_list_one(&buffer, &remaining_size, | |
1295 | XATTR_NAME_POSIX_ACL_ACCESS); | |
1296 | if (err) | |
1297 | return err; | |
1298 | } | |
1299 | if (inode->i_default_acl) { | |
1300 | err = xattr_list_one(&buffer, &remaining_size, | |
1301 | XATTR_NAME_POSIX_ACL_DEFAULT); | |
1302 | if (err) | |
1303 | return err; | |
1304 | } | |
786534b9 AG |
1305 | } |
1306 | #endif | |
38f38657 | 1307 | |
3b4c7bc0 CB |
1308 | read_lock(&xattrs->lock); |
1309 | for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) { | |
1310 | xattr = rb_entry(rbp, struct simple_xattr, rb_node); | |
1311 | ||
38f38657 AR |
1312 | /* skip "trusted." attributes for unprivileged callers */ |
1313 | if (!trusted && xattr_is_trusted(xattr->name)) | |
1314 | continue; | |
1315 | ||
786534b9 AG |
1316 | err = xattr_list_one(&buffer, &remaining_size, xattr->name); |
1317 | if (err) | |
0e9a7da5 | 1318 | break; |
38f38657 | 1319 | } |
3b4c7bc0 | 1320 | read_unlock(&xattrs->lock); |
38f38657 | 1321 | |
0e9a7da5 | 1322 | return err ? err : size - remaining_size; |
38f38657 AR |
1323 | } |
1324 | ||
3b4c7bc0 CB |
1325 | /** |
1326 | * rbtree_simple_xattr_less - compare two xattr rbtree nodes | |
1327 | * @new_node: new node | |
1328 | * @node: current node | |
1329 | * | |
1330 | * Compare the xattr attached to @new_node with the xattr attached to @node. | |
1331 | * Note that this function technically tolerates duplicate entries. | |
1332 | * | |
1333 | * Return: True if insertion point in the rbtree is found. | |
4895768b | 1334 | */ |
3b4c7bc0 CB |
1335 | static bool rbtree_simple_xattr_less(struct rb_node *new_node, |
1336 | const struct rb_node *node) | |
38f38657 | 1337 | { |
3b4c7bc0 CB |
1338 | return rbtree_simple_xattr_node_cmp(new_node, node) < 0; |
1339 | } | |
1340 | ||
1341 | /** | |
1342 | * simple_xattr_add - add xattr objects | |
1343 | * @xattrs: the header of the xattr object | |
1344 | * @new_xattr: the xattr object to add | |
1345 | * | |
1346 | * Add an xattr object to @xattrs. This assumes no replacement or removal | |
1347 | * of matching xattrs is wanted. Should only be called during inode | |
1348 | * initialization when a few distinct initial xattrs are supposed to be set. | |
1349 | */ | |
1350 | void simple_xattr_add(struct simple_xattrs *xattrs, | |
1351 | struct simple_xattr *new_xattr) | |
1352 | { | |
1353 | write_lock(&xattrs->lock); | |
1354 | rb_add(&new_xattr->rb_node, &xattrs->rb_root, rbtree_simple_xattr_less); | |
1355 | write_unlock(&xattrs->lock); | |
1356 | } | |
1357 | ||
1358 | /** | |
1359 | * simple_xattrs_init - initialize new xattr header | |
1360 | * @xattrs: header to initialize | |
1361 | * | |
1362 | * Initialize relevant fields of a an xattr header. | |
4895768b | 1363 | */ |
3b4c7bc0 | 1364 | void simple_xattrs_init(struct simple_xattrs *xattrs) |
38f38657 | 1365 | { |
3b4c7bc0 CB |
1366 | xattrs->rb_root = RB_ROOT; |
1367 | rwlock_init(&xattrs->lock); | |
1368 | } | |
1369 | ||
1370 | /** | |
1371 | * simple_xattrs_free - free xattrs | |
1372 | * @xattrs: xattr header whose xattrs to destroy | |
1373 | * | |
1374 | * Destroy all xattrs in @xattr. When this is called no one can hold a | |
1375 | * reference to any of the xattrs anymore. | |
1376 | */ | |
1377 | void simple_xattrs_free(struct simple_xattrs *xattrs) | |
1378 | { | |
1379 | struct rb_node *rbp; | |
1380 | ||
1381 | rbp = rb_first(&xattrs->rb_root); | |
1382 | while (rbp) { | |
1383 | struct simple_xattr *xattr; | |
1384 | struct rb_node *rbp_next; | |
1385 | ||
1386 | rbp_next = rb_next(rbp); | |
1387 | xattr = rb_entry(rbp, struct simple_xattr, rb_node); | |
1388 | rb_erase(&xattr->rb_node, &xattrs->rb_root); | |
1389 | free_simple_xattr(xattr); | |
1390 | rbp = rbp_next; | |
1391 | } | |
38f38657 | 1392 | } |