xattr.c 23.5 KB
Newer Older
L
Linus Torvalds 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
  File: fs/xattr.c

  Extended attribute handling.

  Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
  Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
  Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
 */
#include <linux/fs.h>
#include <linux/slab.h>
#include <linux/file.h>
#include <linux/xattr.h>
14
#include <linux/mount.h>
L
Linus Torvalds 已提交
15 16
#include <linux/namei.h>
#include <linux/security.h>
M
Mimi Zohar 已提交
17
#include <linux/evm.h>
L
Linus Torvalds 已提交
18
#include <linux/syscalls.h>
19
#include <linux/export.h>
R
Robert Love 已提交
20
#include <linux/fsnotify.h>
21
#include <linux/audit.h>
22
#include <linux/vmalloc.h>
23
#include <linux/posix_acl_xattr.h>
L
Linus Torvalds 已提交
24

25
#include <asm/uaccess.h>
26

27 28 29 30 31 32 33 34 35 36 37 38
static const char *
strcmp_prefix(const char *a, const char *a_prefix)
{
	while (*a_prefix && *a == *a_prefix) {
		a++;
		a_prefix++;
	}
	return *a_prefix ? NULL : a;
}

/*
 * In order to implement different sets of xattr operations for each xattr
39 40 41
 * prefix, a filesystem should create a null-terminated array of struct
 * xattr_handler (one for each prefix) and hang a pointer to it off of the
 * s_xattr field of the superblock.
42 43 44 45 46 47 48 49 50 51 52
 */
#define for_each_xattr_handler(handlers, handler)		\
	if (handlers)						\
		for ((handler) = *(handlers)++;			\
			(handler) != NULL;			\
			(handler) = *(handlers)++)

/*
 * Find the xattr_handler with the matching prefix.
 */
static const struct xattr_handler *
53
xattr_resolve_name(struct inode *inode, const char **name)
54
{
55
	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
56 57
	const struct xattr_handler *handler;

58 59 60
	if (!(inode->i_opflags & IOP_XATTR)) {
		if (unlikely(is_bad_inode(inode)))
			return ERR_PTR(-EIO);
61
		return ERR_PTR(-EOPNOTSUPP);
62
	}
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
	for_each_xattr_handler(handlers, handler) {
		const char *n;

		n = strcmp_prefix(*name, xattr_prefix(handler));
		if (n) {
			if (!handler->prefix ^ !*n) {
				if (*n)
					continue;
				return ERR_PTR(-EINVAL);
			}
			*name = n;
			return handler;
		}
	}
	return ERR_PTR(-EOPNOTSUPP);
}

80 81 82 83 84 85 86 87 88 89 90 91 92 93
/*
 * Check permissions for extended attribute access.  This is a bit complicated
 * because different namespaces have very different rules.
 */
static int
xattr_permission(struct inode *inode, const char *name, int mask)
{
	/*
	 * We can never set or remove an extended attribute on a read-only
	 * filesystem  or on an immutable / append-only inode.
	 */
	if (mask & MAY_WRITE) {
		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
			return -EPERM;
94 95 96 97 98 99 100
		/*
		 * Updating an xattr will likely cause i_uid and i_gid
		 * to be writen back improperly if their true value is
		 * unknown to the vfs.
		 */
		if (HAS_UNMAPPED_ID(inode))
			return -EPERM;
101 102 103 104 105 106 107 108 109 110 111
	}

	/*
	 * No restriction for security.* and system.* from the VFS.  Decision
	 * on these is left to the underlying filesystem / security module.
	 */
	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
		return 0;

	/*
112
	 * The trusted.* namespace can only be accessed by privileged users.
113
	 */
114 115 116 117 118
	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
		if (!capable(CAP_SYS_ADMIN))
			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
		return 0;
	}
119

120 121
	/*
	 * In the user.* namespace, only regular files and directories can have
122
	 * extended attributes. For sticky directories, only the owner and
123
	 * privileged users can write attributes.
124
	 */
125
	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
126
		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
127
			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
128
		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
129
		    (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
130 131 132
			return -EPERM;
	}

133
	return inode_permission(inode, mask);
134 135
}

136 137 138 139
int
__vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
	       const void *value, size_t size, int flags)
{
140 141 142 143 144 145
	const struct xattr_handler *handler;

	handler = xattr_resolve_name(inode, &name);
	if (IS_ERR(handler))
		return PTR_ERR(handler);
	if (!handler->set)
146
		return -EOPNOTSUPP;
147 148 149
	if (size == 0)
		value = "";  /* empty EA, do not remove */
	return handler->set(handler, dentry, inode, name, value, size, flags);
150 151 152
}
EXPORT_SYMBOL(__vfs_setxattr);

153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170
/**
 *  __vfs_setxattr_noperm - perform setxattr operation without performing
 *  permission checks.
 *
 *  @dentry - object to perform setxattr on
 *  @name - xattr name to set
 *  @value - value to set @name to
 *  @size - size of @value
 *  @flags - flags to pass into filesystem operations
 *
 *  returns the result of the internal setxattr or setsecurity operations.
 *
 *  This function requires the caller to lock the inode's i_mutex before it
 *  is executed. It also assumes that the caller will make the appropriate
 *  permission checks.
 */
int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
		const void *value, size_t size, int flags)
171 172
{
	struct inode *inode = dentry->d_inode;
173
	int error = -EAGAIN;
174 175
	int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
				   XATTR_SECURITY_PREFIX_LEN);
176

177 178
	if (issec)
		inode->i_flags &= ~S_NOSEC;
179
	if (inode->i_opflags & IOP_XATTR) {
180
		error = __vfs_setxattr(dentry, inode, name, value, size, flags);
181 182 183 184 185
		if (!error) {
			fsnotify_xattr(dentry);
			security_inode_post_setxattr(dentry, name, value,
						     size, flags);
		}
186
	} else {
187 188
		if (unlikely(is_bad_inode(inode)))
			return -EIO;
189 190 191 192 193 194 195 196 197 198 199 200
	}
	if (error == -EAGAIN) {
		error = -EOPNOTSUPP;

		if (issec) {
			const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;

			error = security_inode_setsecurity(inode, suffix, value,
							   size, flags);
			if (!error)
				fsnotify_xattr(dentry);
		}
201
	}
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217

	return error;
}


int
vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
		size_t size, int flags)
{
	struct inode *inode = dentry->d_inode;
	int error;

	error = xattr_permission(inode, name, MAY_WRITE);
	if (error)
		return error;

A
Al Viro 已提交
218
	inode_lock(inode);
219 220 221 222 223 224
	error = security_inode_setxattr(dentry, name, value, size, flags);
	if (error)
		goto out;

	error = __vfs_setxattr_noperm(dentry, name, value, size, flags);

225
out:
A
Al Viro 已提交
226
	inode_unlock(inode);
227 228 229 230
	return error;
}
EXPORT_SYMBOL_GPL(vfs_setxattr);

231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257
ssize_t
xattr_getsecurity(struct inode *inode, const char *name, void *value,
			size_t size)
{
	void *buffer = NULL;
	ssize_t len;

	if (!value || !size) {
		len = security_inode_getsecurity(inode, name, &buffer, false);
		goto out_noalloc;
	}

	len = security_inode_getsecurity(inode, name, &buffer, true);
	if (len < 0)
		return len;
	if (size < len) {
		len = -ERANGE;
		goto out;
	}
	memcpy(value, buffer, len);
out:
	security_release_secctx(buffer, len);
out_noalloc:
	return len;
}
EXPORT_SYMBOL_GPL(xattr_getsecurity);

258 259 260 261 262 263 264 265 266 267 268 269
/*
 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
 *
 * Allocate memory, if not already allocated, or re-allocate correct size,
 * before retrieving the extended attribute.
 *
 * Returns the result of alloc, if failed, or the getxattr operation.
 */
ssize_t
vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
		   size_t xattr_size, gfp_t flags)
{
270
	const struct xattr_handler *handler;
271 272 273 274 275 276 277 278
	struct inode *inode = dentry->d_inode;
	char *value = *xattr_value;
	int error;

	error = xattr_permission(inode, name, MAY_READ);
	if (error)
		return error;

279 280 281 282
	handler = xattr_resolve_name(inode, &name);
	if (IS_ERR(handler))
		return PTR_ERR(handler);
	if (!handler->get)
283
		return -EOPNOTSUPP;
284
	error = handler->get(handler, dentry, inode, name, NULL, 0);
285 286 287 288 289 290 291 292 293 294
	if (error < 0)
		return error;

	if (!value || (error > xattr_size)) {
		value = krealloc(*xattr_value, error + 1, flags);
		if (!value)
			return -ENOMEM;
		memset(value, 0, error + 1);
	}

295
	error = handler->get(handler, dentry, inode, name, value, error);
296 297 298 299
	*xattr_value = value;
	return error;
}

300 301 302 303
ssize_t
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
	       void *value, size_t size)
{
304 305 306 307 308 309
	const struct xattr_handler *handler;

	handler = xattr_resolve_name(inode, &name);
	if (IS_ERR(handler))
		return PTR_ERR(handler);
	if (!handler->get)
310
		return -EOPNOTSUPP;
311
	return handler->get(handler, dentry, inode, name, value, size);
312 313 314
}
EXPORT_SYMBOL(__vfs_getxattr);

315
ssize_t
316
vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
317 318 319 320
{
	struct inode *inode = dentry->d_inode;
	int error;

321 322 323 324
	error = xattr_permission(inode, name, MAY_READ);
	if (error)
		return error;

325 326 327 328 329
	error = security_inode_getxattr(dentry, name);
	if (error)
		return error;

	if (!strncmp(name, XATTR_SECURITY_PREFIX,
330 331
				XATTR_SECURITY_PREFIX_LEN)) {
		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
332
		int ret = xattr_getsecurity(inode, suffix, value, size);
333 334 335 336
		/*
		 * Only overwrite the return value if a security module
		 * is actually active.
		 */
337 338 339
		if (ret == -EOPNOTSUPP)
			goto nolsm;
		return ret;
340
	}
341
nolsm:
342
	return __vfs_getxattr(dentry, inode, name, value, size);
343 344 345
}
EXPORT_SYMBOL_GPL(vfs_getxattr);

B
Bill Nottingham 已提交
346
ssize_t
347
vfs_listxattr(struct dentry *dentry, char *list, size_t size)
B
Bill Nottingham 已提交
348
{
349
	struct inode *inode = d_inode(dentry);
B
Bill Nottingham 已提交
350 351
	ssize_t error;

352
	error = security_inode_listxattr(dentry);
B
Bill Nottingham 已提交
353 354
	if (error)
		return error;
355 356 357
	if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
		error = -EOPNOTSUPP;
		error = inode->i_op->listxattr(dentry, list, size);
B
Bill Nottingham 已提交
358
	} else {
359
		error = security_inode_listsecurity(inode, list, size);
B
Bill Nottingham 已提交
360 361 362 363 364 365 366
		if (size && error > size)
			error = -ERANGE;
	}
	return error;
}
EXPORT_SYMBOL_GPL(vfs_listxattr);

367
int
368
__vfs_removexattr(struct dentry *dentry, const char *name)
369
{
370 371
	struct inode *inode = d_inode(dentry);
	const struct xattr_handler *handler;
372

373 374 375 376
	handler = xattr_resolve_name(inode, &name);
	if (IS_ERR(handler))
		return PTR_ERR(handler);
	if (!handler->set)
377
		return -EOPNOTSUPP;
378
	return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
379 380 381 382 383 384 385 386
}
EXPORT_SYMBOL(__vfs_removexattr);

int
vfs_removexattr(struct dentry *dentry, const char *name)
{
	struct inode *inode = dentry->d_inode;
	int error;
387

388 389 390 391
	error = xattr_permission(inode, name, MAY_WRITE);
	if (error)
		return error;

A
Al Viro 已提交
392
	inode_lock(inode);
393
	error = security_inode_removexattr(dentry, name);
394 395
	if (error)
		goto out;
396

397
	error = __vfs_removexattr(dentry, name);
398

M
Mimi Zohar 已提交
399
	if (!error) {
400
		fsnotify_xattr(dentry);
M
Mimi Zohar 已提交
401 402
		evm_inode_post_removexattr(dentry, name);
	}
403 404

out:
A
Al Viro 已提交
405
	inode_unlock(inode);
406 407 408 409 410
	return error;
}
EXPORT_SYMBOL_GPL(vfs_removexattr);


L
Linus Torvalds 已提交
411 412 413 414
/*
 * Extended attribute SET operations
 */
static long
415
setxattr(struct dentry *d, const char __user *name, const void __user *value,
L
Linus Torvalds 已提交
416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433
	 size_t size, int flags)
{
	int error;
	void *kvalue = NULL;
	char kname[XATTR_NAME_MAX + 1];

	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
		return -EINVAL;

	error = strncpy_from_user(kname, name, sizeof(kname));
	if (error == 0 || error == sizeof(kname))
		error = -ERANGE;
	if (error < 0)
		return error;

	if (size) {
		if (size > XATTR_SIZE_MAX)
			return -E2BIG;
434 435
		kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN);
		if (!kvalue) {
R
Richard Weinberger 已提交
436 437
			kvalue = vmalloc(size);
			if (!kvalue)
438 439 440 441 442 443
				return -ENOMEM;
		}
		if (copy_from_user(kvalue, value, size)) {
			error = -EFAULT;
			goto out;
		}
444 445 446
		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
			posix_acl_fix_xattr_from_user(kvalue, size);
L
Linus Torvalds 已提交
447 448
	}

449
	error = vfs_setxattr(d, kname, kvalue, size, flags);
450
out:
R
Richard Weinberger 已提交
451 452
	kvfree(kvalue);

L
Linus Torvalds 已提交
453 454 455
	return error;
}

456 457 458
static int path_setxattr(const char __user *pathname,
			 const char __user *name, const void __user *value,
			 size_t size, int flags, unsigned int lookup_flags)
L
Linus Torvalds 已提交
459
{
460
	struct path path;
L
Linus Torvalds 已提交
461
	int error;
462 463
retry:
	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
L
Linus Torvalds 已提交
464 465
	if (error)
		return error;
466
	error = mnt_want_write(path.mnt);
467
	if (!error) {
468 469
		error = setxattr(path.dentry, name, value, size, flags);
		mnt_drop_write(path.mnt);
470
	}
471
	path_put(&path);
472 473 474 475
	if (retry_estale(error, lookup_flags)) {
		lookup_flags |= LOOKUP_REVAL;
		goto retry;
	}
L
Linus Torvalds 已提交
476 477 478
	return error;
}

479 480 481 482 483 484 485
SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
		const char __user *, name, const void __user *, value,
		size_t, size, int, flags)
{
	return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
}

486 487 488
SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
		const char __user *, name, const void __user *, value,
		size_t, size, int, flags)
L
Linus Torvalds 已提交
489
{
490
	return path_setxattr(pathname, name, value, size, flags, 0);
L
Linus Torvalds 已提交
491 492
}

493 494
SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
		const void __user *,value, size_t, size, int, flags)
L
Linus Torvalds 已提交
495
{
496
	struct fd f = fdget(fd);
L
Linus Torvalds 已提交
497 498
	int error = -EBADF;

499
	if (!f.file)
L
Linus Torvalds 已提交
500
		return error;
A
Al Viro 已提交
501
	audit_file(f.file);
502
	error = mnt_want_write_file(f.file);
503
	if (!error) {
A
Al Viro 已提交
504
		error = setxattr(f.file->f_path.dentry, name, value, size, flags);
505
		mnt_drop_write_file(f.file);
506
	}
507
	fdput(f);
L
Linus Torvalds 已提交
508 509 510 511 512 513 514
	return error;
}

/*
 * Extended attribute GET operations
 */
static ssize_t
515 516
getxattr(struct dentry *d, const char __user *name, void __user *value,
	 size_t size)
L
Linus Torvalds 已提交
517 518 519 520 521 522 523 524 525 526 527 528 529 530
{
	ssize_t error;
	void *kvalue = NULL;
	char kname[XATTR_NAME_MAX + 1];

	error = strncpy_from_user(kname, name, sizeof(kname));
	if (error == 0 || error == sizeof(kname))
		error = -ERANGE;
	if (error < 0)
		return error;

	if (size) {
		if (size > XATTR_SIZE_MAX)
			size = XATTR_SIZE_MAX;
531 532
		kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
		if (!kvalue) {
R
Richard Weinberger 已提交
533 534
			kvalue = vmalloc(size);
			if (!kvalue)
535 536
				return -ENOMEM;
		}
L
Linus Torvalds 已提交
537 538
	}

539
	error = vfs_getxattr(d, kname, kvalue, size);
540
	if (error > 0) {
541 542 543
		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
			posix_acl_fix_xattr_to_user(kvalue, size);
544 545 546 547 548 549
		if (size && copy_to_user(value, kvalue, error))
			error = -EFAULT;
	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
		/* The file system tried to returned a value bigger
		   than XATTR_SIZE_MAX bytes. Not possible. */
		error = -E2BIG;
L
Linus Torvalds 已提交
550
	}
R
Richard Weinberger 已提交
551 552 553

	kvfree(kvalue);

L
Linus Torvalds 已提交
554 555 556
	return error;
}

557 558 559
static ssize_t path_getxattr(const char __user *pathname,
			     const char __user *name, void __user *value,
			     size_t size, unsigned int lookup_flags)
L
Linus Torvalds 已提交
560
{
561
	struct path path;
L
Linus Torvalds 已提交
562
	ssize_t error;
563 564
retry:
	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
L
Linus Torvalds 已提交
565 566
	if (error)
		return error;
567 568
	error = getxattr(path.dentry, name, value, size);
	path_put(&path);
569 570 571 572
	if (retry_estale(error, lookup_flags)) {
		lookup_flags |= LOOKUP_REVAL;
		goto retry;
	}
L
Linus Torvalds 已提交
573 574 575
	return error;
}

576 577 578 579 580 581
SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
		const char __user *, name, void __user *, value, size_t, size)
{
	return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
}

582 583
SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
		const char __user *, name, void __user *, value, size_t, size)
L
Linus Torvalds 已提交
584
{
585
	return path_getxattr(pathname, name, value, size, 0);
L
Linus Torvalds 已提交
586 587
}

588 589
SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
		void __user *, value, size_t, size)
L
Linus Torvalds 已提交
590
{
591
	struct fd f = fdget(fd);
L
Linus Torvalds 已提交
592 593
	ssize_t error = -EBADF;

594
	if (!f.file)
L
Linus Torvalds 已提交
595
		return error;
A
Al Viro 已提交
596
	audit_file(f.file);
597 598
	error = getxattr(f.file->f_path.dentry, name, value, size);
	fdput(f);
L
Linus Torvalds 已提交
599 600 601 602 603 604 605 606 607 608 609 610 611 612 613
	return error;
}

/*
 * Extended attribute LIST operations
 */
static ssize_t
listxattr(struct dentry *d, char __user *list, size_t size)
{
	ssize_t error;
	char *klist = NULL;

	if (size) {
		if (size > XATTR_LIST_MAX)
			size = XATTR_LIST_MAX;
614
		klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL);
615
		if (!klist) {
R
Richard Weinberger 已提交
616 617
			klist = vmalloc(size);
			if (!klist)
618 619
				return -ENOMEM;
		}
L
Linus Torvalds 已提交
620 621
	}

B
Bill Nottingham 已提交
622
	error = vfs_listxattr(d, klist, size);
623 624 625 626 627 628 629
	if (error > 0) {
		if (size && copy_to_user(list, klist, error))
			error = -EFAULT;
	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
		/* The file system tried to returned a list bigger
		   than XATTR_LIST_MAX bytes. Not possible. */
		error = -E2BIG;
L
Linus Torvalds 已提交
630
	}
R
Richard Weinberger 已提交
631 632 633

	kvfree(klist);

L
Linus Torvalds 已提交
634 635 636
	return error;
}

637 638
static ssize_t path_listxattr(const char __user *pathname, char __user *list,
			      size_t size, unsigned int lookup_flags)
L
Linus Torvalds 已提交
639
{
640
	struct path path;
L
Linus Torvalds 已提交
641
	ssize_t error;
642 643
retry:
	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
L
Linus Torvalds 已提交
644 645
	if (error)
		return error;
646 647
	error = listxattr(path.dentry, list, size);
	path_put(&path);
648 649 650 651
	if (retry_estale(error, lookup_flags)) {
		lookup_flags |= LOOKUP_REVAL;
		goto retry;
	}
L
Linus Torvalds 已提交
652 653 654
	return error;
}

655 656 657 658 659 660
SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
		size_t, size)
{
	return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
}

661 662
SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
		size_t, size)
L
Linus Torvalds 已提交
663
{
664
	return path_listxattr(pathname, list, size, 0);
L
Linus Torvalds 已提交
665 666
}

667
SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
L
Linus Torvalds 已提交
668
{
669
	struct fd f = fdget(fd);
L
Linus Torvalds 已提交
670 671
	ssize_t error = -EBADF;

672
	if (!f.file)
L
Linus Torvalds 已提交
673
		return error;
A
Al Viro 已提交
674
	audit_file(f.file);
675 676
	error = listxattr(f.file->f_path.dentry, list, size);
	fdput(f);
L
Linus Torvalds 已提交
677 678 679 680 681 682 683
	return error;
}

/*
 * Extended attribute REMOVE operations
 */
static long
684
removexattr(struct dentry *d, const char __user *name)
L
Linus Torvalds 已提交
685 686 687 688 689 690 691 692 693 694
{
	int error;
	char kname[XATTR_NAME_MAX + 1];

	error = strncpy_from_user(kname, name, sizeof(kname));
	if (error == 0 || error == sizeof(kname))
		error = -ERANGE;
	if (error < 0)
		return error;

695
	return vfs_removexattr(d, kname);
L
Linus Torvalds 已提交
696 697
}

698 699
static int path_removexattr(const char __user *pathname,
			    const char __user *name, unsigned int lookup_flags)
L
Linus Torvalds 已提交
700
{
701
	struct path path;
L
Linus Torvalds 已提交
702
	int error;
703 704
retry:
	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
L
Linus Torvalds 已提交
705 706
	if (error)
		return error;
707
	error = mnt_want_write(path.mnt);
708
	if (!error) {
709 710
		error = removexattr(path.dentry, name);
		mnt_drop_write(path.mnt);
711
	}
712
	path_put(&path);
713 714 715 716
	if (retry_estale(error, lookup_flags)) {
		lookup_flags |= LOOKUP_REVAL;
		goto retry;
	}
L
Linus Torvalds 已提交
717 718 719
	return error;
}

720 721 722 723 724 725
SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
		const char __user *, name)
{
	return path_removexattr(pathname, name, LOOKUP_FOLLOW);
}

726 727
SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
		const char __user *, name)
L
Linus Torvalds 已提交
728
{
729
	return path_removexattr(pathname, name, 0);
L
Linus Torvalds 已提交
730 731
}

732
SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
L
Linus Torvalds 已提交
733
{
734
	struct fd f = fdget(fd);
L
Linus Torvalds 已提交
735 736
	int error = -EBADF;

737
	if (!f.file)
L
Linus Torvalds 已提交
738
		return error;
A
Al Viro 已提交
739
	audit_file(f.file);
740
	error = mnt_want_write_file(f.file);
741
	if (!error) {
A
Al Viro 已提交
742
		error = removexattr(f.file->f_path.dentry, name);
743
		mnt_drop_write_file(f.file);
744
	}
745
	fdput(f);
L
Linus Torvalds 已提交
746 747 748 749 750 751 752 753 754 755
	return error;
}

/*
 * Combine the results of the list() operation from every xattr_handler in the
 * list.
 */
ssize_t
generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
{
756
	const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
L
Linus Torvalds 已提交
757 758 759
	unsigned int size = 0;

	if (!buffer) {
760
		for_each_xattr_handler(handlers, handler) {
761 762
			if (!handler->name ||
			    (handler->list && !handler->list(dentry)))
763
				continue;
764
			size += strlen(handler->name) + 1;
765
		}
L
Linus Torvalds 已提交
766 767
	} else {
		char *buf = buffer;
768
		size_t len;
L
Linus Torvalds 已提交
769 770

		for_each_xattr_handler(handlers, handler) {
771 772
			if (!handler->name ||
			    (handler->list && !handler->list(dentry)))
773
				continue;
774 775
			len = strlen(handler->name);
			if (len + 1 > buffer_size)
L
Linus Torvalds 已提交
776
				return -ERANGE;
777 778 779
			memcpy(buf, handler->name, len + 1);
			buf += len + 1;
			buffer_size -= len + 1;
L
Linus Torvalds 已提交
780 781 782 783 784 785
		}
		size = buf - buffer;
	}
	return size;
}
EXPORT_SYMBOL(generic_listxattr);
786

A
Andreas Gruenbacher 已提交
787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804
/**
 * xattr_full_name  -  Compute full attribute name from suffix
 *
 * @handler:	handler of the xattr_handler operation
 * @name:	name passed to the xattr_handler operation
 *
 * The get and set xattr handler operations are called with the remainder of
 * the attribute name after skipping the handler's prefix: for example, "foo"
 * is passed to the get operation of a handler with prefix "user." to get
 * attribute "user.foo".  The full name is still "there" in the name though.
 *
 * Note: the list xattr handler operation when called from the vfs is passed a
 * NULL name; some file systems use this operation internally, with varying
 * semantics.
 */
const char *xattr_full_name(const struct xattr_handler *handler,
			    const char *name)
{
805
	size_t prefix_len = strlen(xattr_prefix(handler));
A
Andreas Gruenbacher 已提交
806 807 808 809 810

	return name - prefix_len;
}
EXPORT_SYMBOL(xattr_full_name);

811 812 813 814 815 816 817 818 819 820
/*
 * Allocate new xattr and copy in the value; but leave the name to callers.
 */
struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
{
	struct simple_xattr *new_xattr;
	size_t len;

	/* wrap around? */
	len = sizeof(*new_xattr) + size;
821
	if (len < sizeof(*new_xattr))
822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859
		return NULL;

	new_xattr = kmalloc(len, GFP_KERNEL);
	if (!new_xattr)
		return NULL;

	new_xattr->size = size;
	memcpy(new_xattr->value, value, size);
	return new_xattr;
}

/*
 * xattr GET operation for in-memory/pseudo filesystems
 */
int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
		     void *buffer, size_t size)
{
	struct simple_xattr *xattr;
	int ret = -ENODATA;

	spin_lock(&xattrs->lock);
	list_for_each_entry(xattr, &xattrs->head, list) {
		if (strcmp(name, xattr->name))
			continue;

		ret = xattr->size;
		if (buffer) {
			if (size < xattr->size)
				ret = -ERANGE;
			else
				memcpy(buffer, xattr->value, xattr->size);
		}
		break;
	}
	spin_unlock(&xattrs->lock);
	return ret;
}

860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875
/**
 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
 * @xattrs: target simple_xattr list
 * @name: name of the extended attribute
 * @value: value of the xattr. If %NULL, will remove the attribute.
 * @size: size of the new xattr
 * @flags: %XATTR_{CREATE|REPLACE}
 *
 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
 * with -EEXIST.  If %XATTR_REPLACE is set, the xattr should exist;
 * otherwise, fails with -ENODATA.
 *
 * Returns 0 on success, -errno on failure.
 */
int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
		     const void *value, size_t size, int flags)
876 877
{
	struct simple_xattr *xattr;
878
	struct simple_xattr *new_xattr = NULL;
879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929
	int err = 0;

	/* value == NULL means remove */
	if (value) {
		new_xattr = simple_xattr_alloc(value, size);
		if (!new_xattr)
			return -ENOMEM;

		new_xattr->name = kstrdup(name, GFP_KERNEL);
		if (!new_xattr->name) {
			kfree(new_xattr);
			return -ENOMEM;
		}
	}

	spin_lock(&xattrs->lock);
	list_for_each_entry(xattr, &xattrs->head, list) {
		if (!strcmp(name, xattr->name)) {
			if (flags & XATTR_CREATE) {
				xattr = new_xattr;
				err = -EEXIST;
			} else if (new_xattr) {
				list_replace(&xattr->list, &new_xattr->list);
			} else {
				list_del(&xattr->list);
			}
			goto out;
		}
	}
	if (flags & XATTR_REPLACE) {
		xattr = new_xattr;
		err = -ENODATA;
	} else {
		list_add(&new_xattr->list, &xattrs->head);
		xattr = NULL;
	}
out:
	spin_unlock(&xattrs->lock);
	if (xattr) {
		kfree(xattr->name);
		kfree(xattr);
	}
	return err;

}

static bool xattr_is_trusted(const char *name)
{
	return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
}

930 931 932 933 934 935 936 937 938 939 940 941 942 943
static int xattr_list_one(char **buffer, ssize_t *remaining_size,
			  const char *name)
{
	size_t len = strlen(name) + 1;
	if (*buffer) {
		if (*remaining_size < len)
			return -ERANGE;
		memcpy(*buffer, name, len);
		*buffer += len;
	}
	*remaining_size -= len;
	return 0;
}

944 945 946
/*
 * xattr LIST operation for in-memory/pseudo filesystems
 */
947 948
ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
			  char *buffer, size_t size)
949 950 951
{
	bool trusted = capable(CAP_SYS_ADMIN);
	struct simple_xattr *xattr;
952
	ssize_t remaining_size = size;
953
	int err = 0;
954 955 956 957 958 959 960 961 962 963 964 965 966 967 968

#ifdef CONFIG_FS_POSIX_ACL
	if (inode->i_acl) {
		err = xattr_list_one(&buffer, &remaining_size,
				     XATTR_NAME_POSIX_ACL_ACCESS);
		if (err)
			return err;
	}
	if (inode->i_default_acl) {
		err = xattr_list_one(&buffer, &remaining_size,
				     XATTR_NAME_POSIX_ACL_DEFAULT);
		if (err)
			return err;
	}
#endif
969 970 971 972 973 974 975

	spin_lock(&xattrs->lock);
	list_for_each_entry(xattr, &xattrs->head, list) {
		/* skip "trusted." attributes for unprivileged callers */
		if (!trusted && xattr_is_trusted(xattr->name))
			continue;

976 977
		err = xattr_list_one(&buffer, &remaining_size, xattr->name);
		if (err)
978
			break;
979 980 981
	}
	spin_unlock(&xattrs->lock);

982
	return err ? err : size - remaining_size;
983 984
}

985 986 987
/*
 * Adds an extended attribute to the list
 */
988 989 990 991 992 993 994
void simple_xattr_list_add(struct simple_xattrs *xattrs,
			   struct simple_xattr *new_xattr)
{
	spin_lock(&xattrs->lock);
	list_add(&new_xattr->list, &xattrs->head);
	spin_unlock(&xattrs->lock);
}