]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | File: fs/xattr.c | |
3 | ||
4 | Extended attribute handling. | |
5 | ||
6 | Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> | |
7 | Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> | |
8 | Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> | |
9 | */ | |
10 | #include <linux/fs.h> | |
11 | #include <linux/slab.h> | |
12 | #include <linux/file.h> | |
13 | #include <linux/xattr.h> | |
14 | #include <linux/mount.h> | |
15 | #include <linux/namei.h> | |
16 | #include <linux/security.h> | |
17 | #include <linux/evm.h> | |
18 | #include <linux/syscalls.h> | |
19 | #include <linux/export.h> | |
20 | #include <linux/fsnotify.h> | |
21 | #include <linux/audit.h> | |
22 | #include <linux/vmalloc.h> | |
23 | #include <linux/posix_acl_xattr.h> | |
24 | ||
25 | #include <linux/uaccess.h> | |
26 | ||
27 | static const char * | |
28 | strcmp_prefix(const char *a, const char *a_prefix) | |
29 | { | |
30 | while (*a_prefix && *a == *a_prefix) { | |
31 | a++; | |
32 | a_prefix++; | |
33 | } | |
34 | return *a_prefix ? NULL : a; | |
35 | } | |
36 | ||
37 | /* | |
38 | * In order to implement different sets of xattr operations for each xattr | |
39 | * prefix, a filesystem should create a null-terminated array of struct | |
40 | * xattr_handler (one for each prefix) and hang a pointer to it off of the | |
41 | * s_xattr field of the superblock. | |
42 | */ | |
43 | #define for_each_xattr_handler(handlers, handler) \ | |
44 | if (handlers) \ | |
45 | for ((handler) = *(handlers)++; \ | |
46 | (handler) != NULL; \ | |
47 | (handler) = *(handlers)++) | |
48 | ||
49 | /* | |
50 | * Find the xattr_handler with the matching prefix. | |
51 | */ | |
52 | static const struct xattr_handler * | |
53 | xattr_resolve_name(struct inode *inode, const char **name) | |
54 | { | |
55 | const struct xattr_handler **handlers = inode->i_sb->s_xattr; | |
56 | const struct xattr_handler *handler; | |
57 | ||
58 | if (!(inode->i_opflags & IOP_XATTR)) { | |
59 | if (unlikely(is_bad_inode(inode))) | |
60 | return ERR_PTR(-EIO); | |
61 | return ERR_PTR(-EOPNOTSUPP); | |
62 | } | |
63 | for_each_xattr_handler(handlers, handler) { | |
64 | const char *n; | |
65 | ||
66 | n = strcmp_prefix(*name, xattr_prefix(handler)); | |
67 | if (n) { | |
68 | if (!handler->prefix ^ !*n) { | |
69 | if (*n) | |
70 | continue; | |
71 | return ERR_PTR(-EINVAL); | |
72 | } | |
73 | *name = n; | |
74 | return handler; | |
75 | } | |
76 | } | |
77 | return ERR_PTR(-EOPNOTSUPP); | |
78 | } | |
79 | ||
80 | /* | |
81 | * Check permissions for extended attribute access. This is a bit complicated | |
82 | * because different namespaces have very different rules. | |
83 | */ | |
84 | static int | |
85 | xattr_permission(struct inode *inode, const char *name, int mask) | |
86 | { | |
87 | /* | |
88 | * We can never set or remove an extended attribute on a read-only | |
89 | * filesystem or on an immutable / append-only inode. | |
90 | */ | |
91 | if (mask & MAY_WRITE) { | |
92 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) | |
93 | return -EPERM; | |
94 | /* | |
95 | * Updating an xattr will likely cause i_uid and i_gid | |
96 | * to be writen back improperly if their true value is | |
97 | * unknown to the vfs. | |
98 | */ | |
99 | if (HAS_UNMAPPED_ID(inode)) | |
100 | return -EPERM; | |
101 | } | |
102 | ||
103 | /* | |
104 | * No restriction for security.* and system.* from the VFS. Decision | |
105 | * on these is left to the underlying filesystem / security module. | |
106 | */ | |
107 | if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || | |
108 | !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) | |
109 | return 0; | |
110 | ||
111 | /* | |
112 | * The trusted.* namespace can only be accessed by privileged users. | |
113 | */ | |
114 | if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { | |
115 | if (!capable(CAP_SYS_ADMIN)) | |
116 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; | |
117 | return 0; | |
118 | } | |
119 | ||
120 | /* | |
121 | * In the user.* namespace, only regular files and directories can have | |
122 | * extended attributes. For sticky directories, only the owner and | |
123 | * privileged users can write attributes. | |
124 | */ | |
125 | if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { | |
126 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) | |
127 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; | |
128 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && | |
129 | (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) | |
130 | return -EPERM; | |
131 | } | |
132 | ||
133 | return inode_permission(inode, mask); | |
134 | } | |
135 | ||
136 | int | |
137 | __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, | |
138 | const void *value, size_t size, int flags) | |
139 | { | |
140 | const struct xattr_handler *handler; | |
141 | ||
142 | handler = xattr_resolve_name(inode, &name); | |
143 | if (IS_ERR(handler)) | |
144 | return PTR_ERR(handler); | |
145 | if (!handler->set) | |
146 | return -EOPNOTSUPP; | |
147 | if (size == 0) | |
148 | value = ""; /* empty EA, do not remove */ | |
149 | return handler->set(handler, dentry, inode, name, value, size, flags); | |
150 | } | |
151 | EXPORT_SYMBOL(__vfs_setxattr); | |
152 | ||
153 | /** | |
154 | * __vfs_setxattr_noperm - perform setxattr operation without performing | |
155 | * permission checks. | |
156 | * | |
157 | * @dentry - object to perform setxattr on | |
158 | * @name - xattr name to set | |
159 | * @value - value to set @name to | |
160 | * @size - size of @value | |
161 | * @flags - flags to pass into filesystem operations | |
162 | * | |
163 | * returns the result of the internal setxattr or setsecurity operations. | |
164 | * | |
165 | * This function requires the caller to lock the inode's i_mutex before it | |
166 | * is executed. It also assumes that the caller will make the appropriate | |
167 | * permission checks. | |
168 | */ | |
169 | int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, | |
170 | const void *value, size_t size, int flags) | |
171 | { | |
172 | struct inode *inode = dentry->d_inode; | |
173 | int error = -EAGAIN; | |
174 | int issec = !strncmp(name, XATTR_SECURITY_PREFIX, | |
175 | XATTR_SECURITY_PREFIX_LEN); | |
176 | ||
177 | if (issec) | |
178 | inode->i_flags &= ~S_NOSEC; | |
179 | if (inode->i_opflags & IOP_XATTR) { | |
180 | error = __vfs_setxattr(dentry, inode, name, value, size, flags); | |
181 | if (!error) { | |
182 | fsnotify_xattr(dentry); | |
183 | security_inode_post_setxattr(dentry, name, value, | |
184 | size, flags); | |
185 | } | |
186 | } else { | |
187 | if (unlikely(is_bad_inode(inode))) | |
188 | return -EIO; | |
189 | } | |
190 | if (error == -EAGAIN) { | |
191 | error = -EOPNOTSUPP; | |
192 | ||
193 | if (issec) { | |
194 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; | |
195 | ||
196 | error = security_inode_setsecurity(inode, suffix, value, | |
197 | size, flags); | |
198 | if (!error) | |
199 | fsnotify_xattr(dentry); | |
200 | } | |
201 | } | |
202 | ||
203 | return error; | |
204 | } | |
205 | EXPORT_SYMBOL_GPL(__vfs_setxattr_noperm); | |
206 | ||
207 | ||
208 | int | |
209 | vfs_setxattr(struct dentry *dentry, const char *name, const void *value, | |
210 | size_t size, int flags) | |
211 | { | |
212 | struct inode *inode = dentry->d_inode; | |
213 | int error; | |
214 | ||
215 | error = xattr_permission(inode, name, MAY_WRITE); | |
216 | if (error) | |
217 | return error; | |
218 | ||
219 | inode_lock(inode); | |
220 | error = security_inode_setxattr(dentry, name, value, size, flags); | |
221 | if (error) | |
222 | goto out; | |
223 | ||
224 | error = __vfs_setxattr_noperm(dentry, name, value, size, flags); | |
225 | ||
226 | out: | |
227 | inode_unlock(inode); | |
228 | return error; | |
229 | } | |
230 | EXPORT_SYMBOL_GPL(vfs_setxattr); | |
231 | ||
232 | ssize_t | |
233 | xattr_getsecurity(struct inode *inode, const char *name, void *value, | |
234 | size_t size) | |
235 | { | |
236 | void *buffer = NULL; | |
237 | ssize_t len; | |
238 | ||
239 | if (!value || !size) { | |
240 | len = security_inode_getsecurity(inode, name, &buffer, false); | |
241 | goto out_noalloc; | |
242 | } | |
243 | ||
244 | len = security_inode_getsecurity(inode, name, &buffer, true); | |
245 | if (len < 0) | |
246 | return len; | |
247 | if (size < len) { | |
248 | len = -ERANGE; | |
249 | goto out; | |
250 | } | |
251 | memcpy(value, buffer, len); | |
252 | out: | |
253 | security_release_secctx(buffer, len); | |
254 | out_noalloc: | |
255 | return len; | |
256 | } | |
257 | EXPORT_SYMBOL_GPL(xattr_getsecurity); | |
258 | ||
259 | /* | |
260 | * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr | |
261 | * | |
262 | * Allocate memory, if not already allocated, or re-allocate correct size, | |
263 | * before retrieving the extended attribute. | |
264 | * | |
265 | * Returns the result of alloc, if failed, or the getxattr operation. | |
266 | */ | |
267 | ssize_t | |
268 | vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, | |
269 | size_t xattr_size, gfp_t flags) | |
270 | { | |
271 | const struct xattr_handler *handler; | |
272 | struct inode *inode = dentry->d_inode; | |
273 | char *value = *xattr_value; | |
274 | int error; | |
275 | ||
276 | error = xattr_permission(inode, name, MAY_READ); | |
277 | if (error) | |
278 | return error; | |
279 | ||
280 | handler = xattr_resolve_name(inode, &name); | |
281 | if (IS_ERR(handler)) | |
282 | return PTR_ERR(handler); | |
283 | if (!handler->get) | |
284 | return -EOPNOTSUPP; | |
285 | error = handler->get(handler, dentry, inode, name, NULL, 0); | |
286 | if (error < 0) | |
287 | return error; | |
288 | ||
289 | if (!value || (error > xattr_size)) { | |
290 | value = krealloc(*xattr_value, error + 1, flags); | |
291 | if (!value) | |
292 | return -ENOMEM; | |
293 | memset(value, 0, error + 1); | |
294 | } | |
295 | ||
296 | error = handler->get(handler, dentry, inode, name, value, error); | |
297 | *xattr_value = value; | |
298 | return error; | |
299 | } | |
300 | EXPORT_SYMBOL_GPL(vfs_getxattr_alloc); | |
301 | ||
302 | ssize_t | |
303 | __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, | |
304 | void *value, size_t size) | |
305 | { | |
306 | const struct xattr_handler *handler; | |
307 | ||
308 | handler = xattr_resolve_name(inode, &name); | |
309 | if (IS_ERR(handler)) | |
310 | return PTR_ERR(handler); | |
311 | if (!handler->get) | |
312 | return -EOPNOTSUPP; | |
313 | return handler->get(handler, dentry, inode, name, value, size); | |
314 | } | |
315 | EXPORT_SYMBOL(__vfs_getxattr); | |
316 | ||
317 | ssize_t | |
318 | vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) | |
319 | { | |
320 | struct inode *inode = dentry->d_inode; | |
321 | int error; | |
322 | ||
323 | error = xattr_permission(inode, name, MAY_READ); | |
324 | if (error) | |
325 | return error; | |
326 | ||
327 | error = security_inode_getxattr(dentry, name); | |
328 | if (error) | |
329 | return error; | |
330 | ||
331 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | |
332 | XATTR_SECURITY_PREFIX_LEN)) { | |
333 | const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; | |
334 | int ret = xattr_getsecurity(inode, suffix, value, size); | |
335 | /* | |
336 | * Only overwrite the return value if a security module | |
337 | * is actually active. | |
338 | */ | |
339 | if (ret == -EOPNOTSUPP) | |
340 | goto nolsm; | |
341 | return ret; | |
342 | } | |
343 | nolsm: | |
344 | return __vfs_getxattr(dentry, inode, name, value, size); | |
345 | } | |
346 | EXPORT_SYMBOL_GPL(vfs_getxattr); | |
347 | ||
348 | ssize_t | |
349 | vfs_listxattr(struct dentry *dentry, char *list, size_t size) | |
350 | { | |
351 | struct inode *inode = d_inode(dentry); | |
352 | ssize_t error; | |
353 | ||
354 | error = security_inode_listxattr(dentry); | |
355 | if (error) | |
356 | return error; | |
357 | if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { | |
358 | error = -EOPNOTSUPP; | |
359 | error = inode->i_op->listxattr(dentry, list, size); | |
360 | } else { | |
361 | error = security_inode_listsecurity(inode, list, size); | |
362 | if (size && error > size) | |
363 | error = -ERANGE; | |
364 | } | |
365 | return error; | |
366 | } | |
367 | EXPORT_SYMBOL_GPL(vfs_listxattr); | |
368 | ||
369 | int | |
370 | __vfs_removexattr(struct dentry *dentry, const char *name) | |
371 | { | |
372 | struct inode *inode = d_inode(dentry); | |
373 | const struct xattr_handler *handler; | |
374 | ||
375 | handler = xattr_resolve_name(inode, &name); | |
376 | if (IS_ERR(handler)) | |
377 | return PTR_ERR(handler); | |
378 | if (!handler->set) | |
379 | return -EOPNOTSUPP; | |
380 | return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE); | |
381 | } | |
382 | EXPORT_SYMBOL(__vfs_removexattr); | |
383 | ||
384 | /** | |
385 | * __vfs_removexattr_noperm - perform removexattr operation without | |
386 | * performing permission checks. | |
387 | * | |
388 | * @dentry - object to perform setxattr on | |
389 | * @name - xattr name to set | |
390 | * | |
391 | * returns the result of the internal setxattr or setsecurity operations. | |
392 | * | |
393 | * This function requires the caller to lock the inode's i_mutex before it | |
394 | * is executed. It also assumes that the caller will make the appropriate | |
395 | * permission checks. | |
396 | */ | |
397 | int | |
398 | __vfs_removexattr_noperm(struct dentry *dentry, const char *name) | |
399 | { | |
400 | int error; | |
401 | ||
402 | error =__vfs_removexattr(dentry, name); | |
403 | if (!error) { | |
404 | fsnotify_xattr(dentry); | |
405 | evm_inode_post_removexattr(dentry, name); | |
406 | } | |
407 | return error; | |
408 | } | |
409 | EXPORT_SYMBOL_GPL(__vfs_removexattr_noperm); | |
410 | ||
411 | int | |
412 | vfs_removexattr(struct dentry *dentry, const char *name) | |
413 | { | |
414 | struct inode *inode = dentry->d_inode; | |
415 | int error; | |
416 | ||
417 | error = xattr_permission(inode, name, MAY_WRITE); | |
418 | if (error) | |
419 | return error; | |
420 | ||
421 | inode_lock(inode); | |
422 | error = security_inode_removexattr(dentry, name); | |
423 | if (error) | |
424 | goto out; | |
425 | ||
426 | error = __vfs_removexattr_noperm(dentry, name); | |
427 | ||
428 | out: | |
429 | inode_unlock(inode); | |
430 | return error; | |
431 | } | |
432 | EXPORT_SYMBOL_GPL(vfs_removexattr); | |
433 | ||
434 | ||
435 | /* | |
436 | * Extended attribute SET operations | |
437 | */ | |
438 | static long | |
439 | setxattr(struct dentry *d, const char __user *name, const void __user *value, | |
440 | size_t size, int flags) | |
441 | { | |
442 | int error; | |
443 | void *kvalue = NULL; | |
444 | char kname[XATTR_NAME_MAX + 1]; | |
445 | ||
446 | if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) | |
447 | return -EINVAL; | |
448 | ||
449 | error = strncpy_from_user(kname, name, sizeof(kname)); | |
450 | if (error == 0 || error == sizeof(kname)) | |
451 | error = -ERANGE; | |
452 | if (error < 0) | |
453 | return error; | |
454 | ||
455 | if (size) { | |
456 | if (size > XATTR_SIZE_MAX) | |
457 | return -E2BIG; | |
458 | kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); | |
459 | if (!kvalue) { | |
460 | kvalue = vmalloc(size); | |
461 | if (!kvalue) | |
462 | return -ENOMEM; | |
463 | } | |
464 | if (copy_from_user(kvalue, value, size)) { | |
465 | error = -EFAULT; | |
466 | goto out; | |
467 | } | |
468 | if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || | |
469 | (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) | |
470 | posix_acl_fix_xattr_from_user(kvalue, size); | |
471 | } | |
472 | ||
473 | error = vfs_setxattr(d, kname, kvalue, size, flags); | |
474 | out: | |
475 | kvfree(kvalue); | |
476 | ||
477 | return error; | |
478 | } | |
479 | ||
480 | static int path_setxattr(const char __user *pathname, | |
481 | const char __user *name, const void __user *value, | |
482 | size_t size, int flags, unsigned int lookup_flags) | |
483 | { | |
484 | struct path path; | |
485 | int error; | |
486 | retry: | |
487 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
488 | if (error) | |
489 | return error; | |
490 | error = mnt_want_write(path.mnt); | |
491 | if (!error) { | |
492 | error = setxattr(path.dentry, name, value, size, flags); | |
493 | mnt_drop_write(path.mnt); | |
494 | } | |
495 | path_put(&path); | |
496 | if (retry_estale(error, lookup_flags)) { | |
497 | lookup_flags |= LOOKUP_REVAL; | |
498 | goto retry; | |
499 | } | |
500 | return error; | |
501 | } | |
502 | ||
503 | SYSCALL_DEFINE5(setxattr, const char __user *, pathname, | |
504 | const char __user *, name, const void __user *, value, | |
505 | size_t, size, int, flags) | |
506 | { | |
507 | return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); | |
508 | } | |
509 | ||
510 | SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, | |
511 | const char __user *, name, const void __user *, value, | |
512 | size_t, size, int, flags) | |
513 | { | |
514 | return path_setxattr(pathname, name, value, size, flags, 0); | |
515 | } | |
516 | ||
517 | SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, | |
518 | const void __user *,value, size_t, size, int, flags) | |
519 | { | |
520 | struct fd f = fdget(fd); | |
521 | int error = -EBADF; | |
522 | ||
523 | if (!f.file) | |
524 | return error; | |
525 | audit_file(f.file); | |
526 | error = mnt_want_write_file(f.file); | |
527 | if (!error) { | |
528 | error = setxattr(f.file->f_path.dentry, name, value, size, flags); | |
529 | mnt_drop_write_file(f.file); | |
530 | } | |
531 | fdput(f); | |
532 | return error; | |
533 | } | |
534 | ||
535 | /* | |
536 | * Extended attribute GET operations | |
537 | */ | |
538 | static ssize_t | |
539 | getxattr(struct dentry *d, const char __user *name, void __user *value, | |
540 | size_t size) | |
541 | { | |
542 | ssize_t error; | |
543 | void *kvalue = NULL; | |
544 | char kname[XATTR_NAME_MAX + 1]; | |
545 | ||
546 | error = strncpy_from_user(kname, name, sizeof(kname)); | |
547 | if (error == 0 || error == sizeof(kname)) | |
548 | error = -ERANGE; | |
549 | if (error < 0) | |
550 | return error; | |
551 | ||
552 | if (size) { | |
553 | if (size > XATTR_SIZE_MAX) | |
554 | size = XATTR_SIZE_MAX; | |
555 | kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); | |
556 | if (!kvalue) { | |
557 | kvalue = vzalloc(size); | |
558 | if (!kvalue) | |
559 | return -ENOMEM; | |
560 | } | |
561 | } | |
562 | ||
563 | error = vfs_getxattr(d, kname, kvalue, size); | |
564 | if (error > 0) { | |
565 | if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || | |
566 | (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) | |
567 | posix_acl_fix_xattr_to_user(kvalue, size); | |
568 | if (size && copy_to_user(value, kvalue, error)) | |
569 | error = -EFAULT; | |
570 | } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { | |
571 | /* The file system tried to returned a value bigger | |
572 | than XATTR_SIZE_MAX bytes. Not possible. */ | |
573 | error = -E2BIG; | |
574 | } | |
575 | ||
576 | kvfree(kvalue); | |
577 | ||
578 | return error; | |
579 | } | |
580 | ||
581 | static ssize_t path_getxattr(const char __user *pathname, | |
582 | const char __user *name, void __user *value, | |
583 | size_t size, unsigned int lookup_flags) | |
584 | { | |
585 | struct path path; | |
586 | ssize_t error; | |
587 | retry: | |
588 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
589 | if (error) | |
590 | return error; | |
591 | error = getxattr(path.dentry, name, value, size); | |
592 | path_put(&path); | |
593 | if (retry_estale(error, lookup_flags)) { | |
594 | lookup_flags |= LOOKUP_REVAL; | |
595 | goto retry; | |
596 | } | |
597 | return error; | |
598 | } | |
599 | ||
600 | SYSCALL_DEFINE4(getxattr, const char __user *, pathname, | |
601 | const char __user *, name, void __user *, value, size_t, size) | |
602 | { | |
603 | return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); | |
604 | } | |
605 | ||
606 | SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, | |
607 | const char __user *, name, void __user *, value, size_t, size) | |
608 | { | |
609 | return path_getxattr(pathname, name, value, size, 0); | |
610 | } | |
611 | ||
612 | SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, | |
613 | void __user *, value, size_t, size) | |
614 | { | |
615 | struct fd f = fdget(fd); | |
616 | ssize_t error = -EBADF; | |
617 | ||
618 | if (!f.file) | |
619 | return error; | |
620 | audit_file(f.file); | |
621 | error = getxattr(f.file->f_path.dentry, name, value, size); | |
622 | fdput(f); | |
623 | return error; | |
624 | } | |
625 | ||
626 | /* | |
627 | * Extended attribute LIST operations | |
628 | */ | |
629 | static ssize_t | |
630 | listxattr(struct dentry *d, char __user *list, size_t size) | |
631 | { | |
632 | ssize_t error; | |
633 | char *klist = NULL; | |
634 | ||
635 | if (size) { | |
636 | if (size > XATTR_LIST_MAX) | |
637 | size = XATTR_LIST_MAX; | |
638 | klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); | |
639 | if (!klist) { | |
640 | klist = vmalloc(size); | |
641 | if (!klist) | |
642 | return -ENOMEM; | |
643 | } | |
644 | } | |
645 | ||
646 | error = vfs_listxattr(d, klist, size); | |
647 | if (error > 0) { | |
648 | if (size && copy_to_user(list, klist, error)) | |
649 | error = -EFAULT; | |
650 | } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { | |
651 | /* The file system tried to returned a list bigger | |
652 | than XATTR_LIST_MAX bytes. Not possible. */ | |
653 | error = -E2BIG; | |
654 | } | |
655 | ||
656 | kvfree(klist); | |
657 | ||
658 | return error; | |
659 | } | |
660 | ||
661 | static ssize_t path_listxattr(const char __user *pathname, char __user *list, | |
662 | size_t size, unsigned int lookup_flags) | |
663 | { | |
664 | struct path path; | |
665 | ssize_t error; | |
666 | retry: | |
667 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
668 | if (error) | |
669 | return error; | |
670 | error = listxattr(path.dentry, list, size); | |
671 | path_put(&path); | |
672 | if (retry_estale(error, lookup_flags)) { | |
673 | lookup_flags |= LOOKUP_REVAL; | |
674 | goto retry; | |
675 | } | |
676 | return error; | |
677 | } | |
678 | ||
679 | SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, | |
680 | size_t, size) | |
681 | { | |
682 | return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); | |
683 | } | |
684 | ||
685 | SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, | |
686 | size_t, size) | |
687 | { | |
688 | return path_listxattr(pathname, list, size, 0); | |
689 | } | |
690 | ||
691 | SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) | |
692 | { | |
693 | struct fd f = fdget(fd); | |
694 | ssize_t error = -EBADF; | |
695 | ||
696 | if (!f.file) | |
697 | return error; | |
698 | audit_file(f.file); | |
699 | error = listxattr(f.file->f_path.dentry, list, size); | |
700 | fdput(f); | |
701 | return error; | |
702 | } | |
703 | ||
704 | /* | |
705 | * Extended attribute REMOVE operations | |
706 | */ | |
707 | static long | |
708 | removexattr(struct dentry *d, const char __user *name) | |
709 | { | |
710 | int error; | |
711 | char kname[XATTR_NAME_MAX + 1]; | |
712 | ||
713 | error = strncpy_from_user(kname, name, sizeof(kname)); | |
714 | if (error == 0 || error == sizeof(kname)) | |
715 | error = -ERANGE; | |
716 | if (error < 0) | |
717 | return error; | |
718 | ||
719 | return vfs_removexattr(d, kname); | |
720 | } | |
721 | ||
722 | static int path_removexattr(const char __user *pathname, | |
723 | const char __user *name, unsigned int lookup_flags) | |
724 | { | |
725 | struct path path; | |
726 | int error; | |
727 | retry: | |
728 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); | |
729 | if (error) | |
730 | return error; | |
731 | error = mnt_want_write(path.mnt); | |
732 | if (!error) { | |
733 | error = removexattr(path.dentry, name); | |
734 | mnt_drop_write(path.mnt); | |
735 | } | |
736 | path_put(&path); | |
737 | if (retry_estale(error, lookup_flags)) { | |
738 | lookup_flags |= LOOKUP_REVAL; | |
739 | goto retry; | |
740 | } | |
741 | return error; | |
742 | } | |
743 | ||
744 | SYSCALL_DEFINE2(removexattr, const char __user *, pathname, | |
745 | const char __user *, name) | |
746 | { | |
747 | return path_removexattr(pathname, name, LOOKUP_FOLLOW); | |
748 | } | |
749 | ||
750 | SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, | |
751 | const char __user *, name) | |
752 | { | |
753 | return path_removexattr(pathname, name, 0); | |
754 | } | |
755 | ||
756 | SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) | |
757 | { | |
758 | struct fd f = fdget(fd); | |
759 | int error = -EBADF; | |
760 | ||
761 | if (!f.file) | |
762 | return error; | |
763 | audit_file(f.file); | |
764 | error = mnt_want_write_file(f.file); | |
765 | if (!error) { | |
766 | error = removexattr(f.file->f_path.dentry, name); | |
767 | mnt_drop_write_file(f.file); | |
768 | } | |
769 | fdput(f); | |
770 | return error; | |
771 | } | |
772 | ||
773 | /* | |
774 | * Combine the results of the list() operation from every xattr_handler in the | |
775 | * list. | |
776 | */ | |
777 | ssize_t | |
778 | generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) | |
779 | { | |
780 | const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; | |
781 | unsigned int size = 0; | |
782 | ||
783 | if (!buffer) { | |
784 | for_each_xattr_handler(handlers, handler) { | |
785 | if (!handler->name || | |
786 | (handler->list && !handler->list(dentry))) | |
787 | continue; | |
788 | size += strlen(handler->name) + 1; | |
789 | } | |
790 | } else { | |
791 | char *buf = buffer; | |
792 | size_t len; | |
793 | ||
794 | for_each_xattr_handler(handlers, handler) { | |
795 | if (!handler->name || | |
796 | (handler->list && !handler->list(dentry))) | |
797 | continue; | |
798 | len = strlen(handler->name); | |
799 | if (len + 1 > buffer_size) | |
800 | return -ERANGE; | |
801 | memcpy(buf, handler->name, len + 1); | |
802 | buf += len + 1; | |
803 | buffer_size -= len + 1; | |
804 | } | |
805 | size = buf - buffer; | |
806 | } | |
807 | return size; | |
808 | } | |
809 | EXPORT_SYMBOL(generic_listxattr); | |
810 | ||
811 | /** | |
812 | * xattr_full_name - Compute full attribute name from suffix | |
813 | * | |
814 | * @handler: handler of the xattr_handler operation | |
815 | * @name: name passed to the xattr_handler operation | |
816 | * | |
817 | * The get and set xattr handler operations are called with the remainder of | |
818 | * the attribute name after skipping the handler's prefix: for example, "foo" | |
819 | * is passed to the get operation of a handler with prefix "user." to get | |
820 | * attribute "user.foo". The full name is still "there" in the name though. | |
821 | * | |
822 | * Note: the list xattr handler operation when called from the vfs is passed a | |
823 | * NULL name; some file systems use this operation internally, with varying | |
824 | * semantics. | |
825 | */ | |
826 | const char *xattr_full_name(const struct xattr_handler *handler, | |
827 | const char *name) | |
828 | { | |
829 | size_t prefix_len = strlen(xattr_prefix(handler)); | |
830 | ||
831 | return name - prefix_len; | |
832 | } | |
833 | EXPORT_SYMBOL(xattr_full_name); | |
834 | ||
835 | /* | |
836 | * Allocate new xattr and copy in the value; but leave the name to callers. | |
837 | */ | |
838 | struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) | |
839 | { | |
840 | struct simple_xattr *new_xattr; | |
841 | size_t len; | |
842 | ||
843 | /* wrap around? */ | |
844 | len = sizeof(*new_xattr) + size; | |
845 | if (len < sizeof(*new_xattr)) | |
846 | return NULL; | |
847 | ||
848 | new_xattr = kmalloc(len, GFP_KERNEL); | |
849 | if (!new_xattr) | |
850 | return NULL; | |
851 | ||
852 | new_xattr->size = size; | |
853 | memcpy(new_xattr->value, value, size); | |
854 | return new_xattr; | |
855 | } | |
856 | ||
857 | /* | |
858 | * xattr GET operation for in-memory/pseudo filesystems | |
859 | */ | |
860 | int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, | |
861 | void *buffer, size_t size) | |
862 | { | |
863 | struct simple_xattr *xattr; | |
864 | int ret = -ENODATA; | |
865 | ||
866 | spin_lock(&xattrs->lock); | |
867 | list_for_each_entry(xattr, &xattrs->head, list) { | |
868 | if (strcmp(name, xattr->name)) | |
869 | continue; | |
870 | ||
871 | ret = xattr->size; | |
872 | if (buffer) { | |
873 | if (size < xattr->size) | |
874 | ret = -ERANGE; | |
875 | else | |
876 | memcpy(buffer, xattr->value, xattr->size); | |
877 | } | |
878 | break; | |
879 | } | |
880 | spin_unlock(&xattrs->lock); | |
881 | return ret; | |
882 | } | |
883 | ||
884 | /** | |
885 | * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems | |
886 | * @xattrs: target simple_xattr list | |
887 | * @name: name of the extended attribute | |
888 | * @value: value of the xattr. If %NULL, will remove the attribute. | |
889 | * @size: size of the new xattr | |
890 | * @flags: %XATTR_{CREATE|REPLACE} | |
891 | * | |
892 | * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails | |
893 | * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; | |
894 | * otherwise, fails with -ENODATA. | |
895 | * | |
896 | * Returns 0 on success, -errno on failure. | |
897 | */ | |
898 | int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, | |
899 | const void *value, size_t size, int flags) | |
900 | { | |
901 | struct simple_xattr *xattr; | |
902 | struct simple_xattr *new_xattr = NULL; | |
903 | int err = 0; | |
904 | ||
905 | /* value == NULL means remove */ | |
906 | if (value) { | |
907 | new_xattr = simple_xattr_alloc(value, size); | |
908 | if (!new_xattr) | |
909 | return -ENOMEM; | |
910 | ||
911 | new_xattr->name = kstrdup(name, GFP_KERNEL); | |
912 | if (!new_xattr->name) { | |
913 | kfree(new_xattr); | |
914 | return -ENOMEM; | |
915 | } | |
916 | } | |
917 | ||
918 | spin_lock(&xattrs->lock); | |
919 | list_for_each_entry(xattr, &xattrs->head, list) { | |
920 | if (!strcmp(name, xattr->name)) { | |
921 | if (flags & XATTR_CREATE) { | |
922 | xattr = new_xattr; | |
923 | err = -EEXIST; | |
924 | } else if (new_xattr) { | |
925 | list_replace(&xattr->list, &new_xattr->list); | |
926 | } else { | |
927 | list_del(&xattr->list); | |
928 | } | |
929 | goto out; | |
930 | } | |
931 | } | |
932 | if (flags & XATTR_REPLACE) { | |
933 | xattr = new_xattr; | |
934 | err = -ENODATA; | |
935 | } else { | |
936 | list_add(&new_xattr->list, &xattrs->head); | |
937 | xattr = NULL; | |
938 | } | |
939 | out: | |
940 | spin_unlock(&xattrs->lock); | |
941 | if (xattr) { | |
942 | kfree(xattr->name); | |
943 | kfree(xattr); | |
944 | } | |
945 | return err; | |
946 | ||
947 | } | |
948 | ||
949 | static bool xattr_is_trusted(const char *name) | |
950 | { | |
951 | return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); | |
952 | } | |
953 | ||
954 | static int xattr_list_one(char **buffer, ssize_t *remaining_size, | |
955 | const char *name) | |
956 | { | |
957 | size_t len = strlen(name) + 1; | |
958 | if (*buffer) { | |
959 | if (*remaining_size < len) | |
960 | return -ERANGE; | |
961 | memcpy(*buffer, name, len); | |
962 | *buffer += len; | |
963 | } | |
964 | *remaining_size -= len; | |
965 | return 0; | |
966 | } | |
967 | ||
968 | /* | |
969 | * xattr LIST operation for in-memory/pseudo filesystems | |
970 | */ | |
971 | ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, | |
972 | char *buffer, size_t size) | |
973 | { | |
974 | bool trusted = capable(CAP_SYS_ADMIN); | |
975 | struct simple_xattr *xattr; | |
976 | ssize_t remaining_size = size; | |
977 | int err = 0; | |
978 | ||
979 | #ifdef CONFIG_FS_POSIX_ACL | |
980 | if (inode->i_acl) { | |
981 | err = xattr_list_one(&buffer, &remaining_size, | |
982 | XATTR_NAME_POSIX_ACL_ACCESS); | |
983 | if (err) | |
984 | return err; | |
985 | } | |
986 | if (inode->i_default_acl) { | |
987 | err = xattr_list_one(&buffer, &remaining_size, | |
988 | XATTR_NAME_POSIX_ACL_DEFAULT); | |
989 | if (err) | |
990 | return err; | |
991 | } | |
992 | #endif | |
993 | ||
994 | spin_lock(&xattrs->lock); | |
995 | list_for_each_entry(xattr, &xattrs->head, list) { | |
996 | /* skip "trusted." attributes for unprivileged callers */ | |
997 | if (!trusted && xattr_is_trusted(xattr->name)) | |
998 | continue; | |
999 | ||
1000 | err = xattr_list_one(&buffer, &remaining_size, xattr->name); | |
1001 | if (err) | |
1002 | break; | |
1003 | } | |
1004 | spin_unlock(&xattrs->lock); | |
1005 | ||
1006 | return err ? err : size - remaining_size; | |
1007 | } | |
1008 | ||
1009 | /* | |
1010 | * Adds an extended attribute to the list | |
1011 | */ | |
1012 | void simple_xattr_list_add(struct simple_xattrs *xattrs, | |
1013 | struct simple_xattr *new_xattr) | |
1014 | { | |
1015 | spin_lock(&xattrs->lock); | |
1016 | list_add(&new_xattr->list, &xattrs->head); | |
1017 | spin_unlock(&xattrs->lock); | |
1018 | } |