1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3   File: fs/xattr.c
4 
5   Extended attribute handling.
6 
7   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10  */
11 #include <linux/fs.h>
12 #include <linux/slab.h>
13 #include <linux/file.h>
14 #include <linux/xattr.h>
15 #include <linux/mount.h>
16 #include <linux/namei.h>
17 #include <linux/security.h>
18 #include <linux/evm.h>
19 #include <linux/syscalls.h>
20 #include <linux/export.h>
21 #include <linux/fsnotify.h>
22 #include <linux/audit.h>
23 #include <linux/vmalloc.h>
24 #include <linux/posix_acl_xattr.h>
25 
26 #include <linux/uaccess.h>
27 
28 static const char *
strcmp_prefix(const char * a,const char * a_prefix)29 strcmp_prefix(const char *a, const char *a_prefix)
30 {
31 	while (*a_prefix && *a == *a_prefix) {
32 		a++;
33 		a_prefix++;
34 	}
35 	return *a_prefix ? NULL : a;
36 }
37 
38 /*
39  * In order to implement different sets of xattr operations for each xattr
40  * prefix, a filesystem should create a null-terminated array of struct
41  * xattr_handler (one for each prefix) and hang a pointer to it off of the
42  * s_xattr field of the superblock.
43  */
44 #define for_each_xattr_handler(handlers, handler)		\
45 	if (handlers)						\
46 		for ((handler) = *(handlers)++;			\
47 			(handler) != NULL;			\
48 			(handler) = *(handlers)++)
49 
50 /*
51  * Find the xattr_handler with the matching prefix.
52  */
53 static const struct xattr_handler *
xattr_resolve_name(struct inode * inode,const char ** name)54 xattr_resolve_name(struct inode *inode, const char **name)
55 {
56 	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 	const struct xattr_handler *handler;
58 
59 	if (!(inode->i_opflags & IOP_XATTR)) {
60 		if (unlikely(is_bad_inode(inode)))
61 			return ERR_PTR(-EIO);
62 		return ERR_PTR(-EOPNOTSUPP);
63 	}
64 	for_each_xattr_handler(handlers, handler) {
65 		const char *n;
66 
67 		n = strcmp_prefix(*name, xattr_prefix(handler));
68 		if (n) {
69 			if (!handler->prefix ^ !*n) {
70 				if (*n)
71 					continue;
72 				return ERR_PTR(-EINVAL);
73 			}
74 			*name = n;
75 			return handler;
76 		}
77 	}
78 	return ERR_PTR(-EOPNOTSUPP);
79 }
80 
81 /*
82  * Check permissions for extended attribute access.  This is a bit complicated
83  * because different namespaces have very different rules.
84  */
85 static int
xattr_permission(struct user_namespace * mnt_userns,struct inode * inode,const char * name,int mask)86 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
87 		 const char *name, int mask)
88 {
89 	/*
90 	 * We can never set or remove an extended attribute on a read-only
91 	 * filesystem  or on an immutable / append-only inode.
92 	 */
93 	if (mask & MAY_WRITE) {
94 		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
95 			return -EPERM;
96 		/*
97 		 * Updating an xattr will likely cause i_uid and i_gid
98 		 * to be writen back improperly if their true value is
99 		 * unknown to the vfs.
100 		 */
101 		if (HAS_UNMAPPED_ID(mnt_userns, inode))
102 			return -EPERM;
103 	}
104 
105 	/*
106 	 * No restriction for security.* and system.* from the VFS.  Decision
107 	 * on these is left to the underlying filesystem / security module.
108 	 */
109 	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
110 	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
111 		return 0;
112 
113 	/*
114 	 * The trusted.* namespace can only be accessed by privileged users.
115 	 */
116 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
117 		if (!capable(CAP_SYS_ADMIN))
118 			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
119 		return 0;
120 	}
121 
122 	/*
123 	 * In the user.* namespace, only regular files and directories can have
124 	 * extended attributes. For sticky directories, only the owner and
125 	 * privileged users can write attributes.
126 	 */
127 	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
128 		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
129 			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
130 		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
131 		    (mask & MAY_WRITE) &&
132 		    !inode_owner_or_capable(mnt_userns, inode))
133 			return -EPERM;
134 	}
135 
136 	return inode_permission(mnt_userns, inode, mask);
137 }
138 
139 /*
140  * Look for any handler that deals with the specified namespace.
141  */
142 int
xattr_supported_namespace(struct inode * inode,const char * prefix)143 xattr_supported_namespace(struct inode *inode, const char *prefix)
144 {
145 	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
146 	const struct xattr_handler *handler;
147 	size_t preflen;
148 
149 	if (!(inode->i_opflags & IOP_XATTR)) {
150 		if (unlikely(is_bad_inode(inode)))
151 			return -EIO;
152 		return -EOPNOTSUPP;
153 	}
154 
155 	preflen = strlen(prefix);
156 
157 	for_each_xattr_handler(handlers, handler) {
158 		if (!strncmp(xattr_prefix(handler), prefix, preflen))
159 			return 0;
160 	}
161 
162 	return -EOPNOTSUPP;
163 }
164 EXPORT_SYMBOL(xattr_supported_namespace);
165 
166 int
__vfs_setxattr(struct user_namespace * mnt_userns,struct dentry * dentry,struct inode * inode,const char * name,const void * value,size_t size,int flags)167 __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
168 	       struct inode *inode, const char *name, const void *value,
169 	       size_t size, int flags)
170 {
171 	const struct xattr_handler *handler;
172 
173 	handler = xattr_resolve_name(inode, &name);
174 	if (IS_ERR(handler))
175 		return PTR_ERR(handler);
176 	if (!handler->set)
177 		return -EOPNOTSUPP;
178 	if (size == 0)
179 		value = "";  /* empty EA, do not remove */
180 	return handler->set(handler, mnt_userns, dentry, inode, name, value,
181 			    size, flags);
182 }
183 EXPORT_SYMBOL(__vfs_setxattr);
184 
185 /**
186  *  __vfs_setxattr_noperm - perform setxattr operation without performing
187  *  permission checks.
188  *
189  *  @mnt_userns: user namespace of the mount the inode was found from
190  *  @dentry: object to perform setxattr on
191  *  @name: xattr name to set
192  *  @value: value to set @name to
193  *  @size: size of @value
194  *  @flags: flags to pass into filesystem operations
195  *
196  *  returns the result of the internal setxattr or setsecurity operations.
197  *
198  *  This function requires the caller to lock the inode's i_mutex before it
199  *  is executed. It also assumes that the caller will make the appropriate
200  *  permission checks.
201  */
__vfs_setxattr_noperm(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name,const void * value,size_t size,int flags)202 int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
203 			  struct dentry *dentry, const char *name,
204 			  const void *value, size_t size, int flags)
205 {
206 	struct inode *inode = dentry->d_inode;
207 	int error = -EAGAIN;
208 	int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
209 				   XATTR_SECURITY_PREFIX_LEN);
210 
211 	if (issec)
212 		inode->i_flags &= ~S_NOSEC;
213 	if (inode->i_opflags & IOP_XATTR) {
214 		error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
215 				       size, flags);
216 		if (!error) {
217 			fsnotify_xattr(dentry);
218 			security_inode_post_setxattr(dentry, name, value,
219 						     size, flags);
220 		}
221 	} else {
222 		if (unlikely(is_bad_inode(inode)))
223 			return -EIO;
224 	}
225 	if (error == -EAGAIN) {
226 		error = -EOPNOTSUPP;
227 
228 		if (issec) {
229 			const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
230 
231 			error = security_inode_setsecurity(inode, suffix, value,
232 							   size, flags);
233 			if (!error)
234 				fsnotify_xattr(dentry);
235 		}
236 	}
237 
238 	return error;
239 }
240 
241 /**
242  * __vfs_setxattr_locked - set an extended attribute while holding the inode
243  * lock
244  *
245  *  @mnt_userns: user namespace of the mount of the target inode
246  *  @dentry: object to perform setxattr on
247  *  @name: xattr name to set
248  *  @value: value to set @name to
249  *  @size: size of @value
250  *  @flags: flags to pass into filesystem operations
251  *  @delegated_inode: on return, will contain an inode pointer that
252  *  a delegation was broken on, NULL if none.
253  */
254 int
__vfs_setxattr_locked(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name,const void * value,size_t size,int flags,struct inode ** delegated_inode)255 __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
256 		      const char *name, const void *value, size_t size,
257 		      int flags, struct inode **delegated_inode)
258 {
259 	struct inode *inode = dentry->d_inode;
260 	int error;
261 
262 	error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
263 	if (error)
264 		return error;
265 
266 	error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
267 					flags);
268 	if (error)
269 		goto out;
270 
271 	error = try_break_deleg(inode, delegated_inode);
272 	if (error)
273 		goto out;
274 
275 	error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
276 				      size, flags);
277 
278 out:
279 	return error;
280 }
281 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
282 
283 int
vfs_setxattr(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name,const void * value,size_t size,int flags)284 vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
285 	     const char *name, const void *value, size_t size, int flags)
286 {
287 	struct inode *inode = dentry->d_inode;
288 	struct inode *delegated_inode = NULL;
289 	const void  *orig_value = value;
290 	int error;
291 
292 	if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
293 		error = cap_convert_nscap(mnt_userns, dentry, &value, size);
294 		if (error < 0)
295 			return error;
296 		size = error;
297 	}
298 
299 retry_deleg:
300 	inode_lock(inode);
301 	error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
302 				      flags, &delegated_inode);
303 	inode_unlock(inode);
304 
305 	if (delegated_inode) {
306 		error = break_deleg_wait(&delegated_inode);
307 		if (!error)
308 			goto retry_deleg;
309 	}
310 	if (value != orig_value)
311 		kfree(value);
312 
313 	return error;
314 }
315 EXPORT_SYMBOL_GPL(vfs_setxattr);
316 
317 static ssize_t
xattr_getsecurity(struct user_namespace * mnt_userns,struct inode * inode,const char * name,void * value,size_t size)318 xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
319 		  const char *name, void *value, size_t size)
320 {
321 	void *buffer = NULL;
322 	ssize_t len;
323 
324 	if (!value || !size) {
325 		len = security_inode_getsecurity(mnt_userns, inode, name,
326 						 &buffer, false);
327 		goto out_noalloc;
328 	}
329 
330 	len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
331 					 true);
332 	if (len < 0)
333 		return len;
334 	if (size < len) {
335 		len = -ERANGE;
336 		goto out;
337 	}
338 	memcpy(value, buffer, len);
339 out:
340 	kfree(buffer);
341 out_noalloc:
342 	return len;
343 }
344 
345 /*
346  * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
347  *
348  * Allocate memory, if not already allocated, or re-allocate correct size,
349  * before retrieving the extended attribute.
350  *
351  * Returns the result of alloc, if failed, or the getxattr operation.
352  */
353 ssize_t
vfs_getxattr_alloc(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name,char ** xattr_value,size_t xattr_size,gfp_t flags)354 vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
355 		   const char *name, char **xattr_value, size_t xattr_size,
356 		   gfp_t flags)
357 {
358 	const struct xattr_handler *handler;
359 	struct inode *inode = dentry->d_inode;
360 	char *value = *xattr_value;
361 	int error;
362 
363 	error = xattr_permission(mnt_userns, inode, name, MAY_READ);
364 	if (error)
365 		return error;
366 
367 	handler = xattr_resolve_name(inode, &name);
368 	if (IS_ERR(handler))
369 		return PTR_ERR(handler);
370 	if (!handler->get)
371 		return -EOPNOTSUPP;
372 	error = handler->get(handler, dentry, inode, name, NULL, 0);
373 	if (error < 0)
374 		return error;
375 
376 	if (!value || (error > xattr_size)) {
377 		value = krealloc(*xattr_value, error + 1, flags);
378 		if (!value)
379 			return -ENOMEM;
380 		memset(value, 0, error + 1);
381 	}
382 
383 	error = handler->get(handler, dentry, inode, name, value, error);
384 	*xattr_value = value;
385 	return error;
386 }
387 
388 ssize_t
__vfs_getxattr(struct dentry * dentry,struct inode * inode,const char * name,void * value,size_t size)389 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
390 	       void *value, size_t size)
391 {
392 	const struct xattr_handler *handler;
393 
394 	handler = xattr_resolve_name(inode, &name);
395 	if (IS_ERR(handler))
396 		return PTR_ERR(handler);
397 	if (!handler->get)
398 		return -EOPNOTSUPP;
399 	return handler->get(handler, dentry, inode, name, value, size);
400 }
401 EXPORT_SYMBOL(__vfs_getxattr);
402 
403 ssize_t
vfs_getxattr(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name,void * value,size_t size)404 vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
405 	     const char *name, void *value, size_t size)
406 {
407 	struct inode *inode = dentry->d_inode;
408 	int error;
409 
410 	error = xattr_permission(mnt_userns, inode, name, MAY_READ);
411 	if (error)
412 		return error;
413 
414 	error = security_inode_getxattr(dentry, name);
415 	if (error)
416 		return error;
417 
418 	if (!strncmp(name, XATTR_SECURITY_PREFIX,
419 				XATTR_SECURITY_PREFIX_LEN)) {
420 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
421 		int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
422 					    size);
423 		/*
424 		 * Only overwrite the return value if a security module
425 		 * is actually active.
426 		 */
427 		if (ret == -EOPNOTSUPP)
428 			goto nolsm;
429 		return ret;
430 	}
431 nolsm:
432 	return __vfs_getxattr(dentry, inode, name, value, size);
433 }
434 EXPORT_SYMBOL_GPL(vfs_getxattr);
435 
436 ssize_t
vfs_listxattr(struct dentry * dentry,char * list,size_t size)437 vfs_listxattr(struct dentry *dentry, char *list, size_t size)
438 {
439 	struct inode *inode = d_inode(dentry);
440 	ssize_t error;
441 
442 	error = security_inode_listxattr(dentry);
443 	if (error)
444 		return error;
445 	if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
446 		error = inode->i_op->listxattr(dentry, list, size);
447 	} else {
448 		error = security_inode_listsecurity(inode, list, size);
449 		if (size && error > size)
450 			error = -ERANGE;
451 	}
452 	return error;
453 }
454 EXPORT_SYMBOL_GPL(vfs_listxattr);
455 
456 int
__vfs_removexattr(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name)457 __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
458 		  const char *name)
459 {
460 	struct inode *inode = d_inode(dentry);
461 	const struct xattr_handler *handler;
462 
463 	handler = xattr_resolve_name(inode, &name);
464 	if (IS_ERR(handler))
465 		return PTR_ERR(handler);
466 	if (!handler->set)
467 		return -EOPNOTSUPP;
468 	return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
469 			    XATTR_REPLACE);
470 }
471 EXPORT_SYMBOL(__vfs_removexattr);
472 
473 /**
474  * __vfs_removexattr_locked - set an extended attribute while holding the inode
475  * lock
476  *
477  *  @mnt_userns: user namespace of the mount of the target inode
478  *  @dentry: object to perform setxattr on
479  *  @name: name of xattr to remove
480  *  @delegated_inode: on return, will contain an inode pointer that
481  *  a delegation was broken on, NULL if none.
482  */
483 int
__vfs_removexattr_locked(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name,struct inode ** delegated_inode)484 __vfs_removexattr_locked(struct user_namespace *mnt_userns,
485 			 struct dentry *dentry, const char *name,
486 			 struct inode **delegated_inode)
487 {
488 	struct inode *inode = dentry->d_inode;
489 	int error;
490 
491 	error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
492 	if (error)
493 		return error;
494 
495 	error = security_inode_removexattr(mnt_userns, dentry, name);
496 	if (error)
497 		goto out;
498 
499 	error = try_break_deleg(inode, delegated_inode);
500 	if (error)
501 		goto out;
502 
503 	error = __vfs_removexattr(mnt_userns, dentry, name);
504 
505 	if (!error) {
506 		fsnotify_xattr(dentry);
507 		evm_inode_post_removexattr(dentry, name);
508 	}
509 
510 out:
511 	return error;
512 }
513 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
514 
515 int
vfs_removexattr(struct user_namespace * mnt_userns,struct dentry * dentry,const char * name)516 vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
517 		const char *name)
518 {
519 	struct inode *inode = dentry->d_inode;
520 	struct inode *delegated_inode = NULL;
521 	int error;
522 
523 retry_deleg:
524 	inode_lock(inode);
525 	error = __vfs_removexattr_locked(mnt_userns, dentry,
526 					 name, &delegated_inode);
527 	inode_unlock(inode);
528 
529 	if (delegated_inode) {
530 		error = break_deleg_wait(&delegated_inode);
531 		if (!error)
532 			goto retry_deleg;
533 	}
534 
535 	return error;
536 }
537 EXPORT_SYMBOL_GPL(vfs_removexattr);
538 
539 /*
540  * Extended attribute SET operations
541  */
542 static long
setxattr(struct user_namespace * mnt_userns,struct dentry * d,const char __user * name,const void __user * value,size_t size,int flags)543 setxattr(struct user_namespace *mnt_userns, struct dentry *d,
544 	 const char __user *name, const void __user *value, size_t size,
545 	 int flags)
546 {
547 	int error;
548 	void *kvalue = NULL;
549 	char kname[XATTR_NAME_MAX + 1];
550 
551 	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
552 		return -EINVAL;
553 
554 	error = strncpy_from_user(kname, name, sizeof(kname));
555 	if (error == 0 || error == sizeof(kname))
556 		error = -ERANGE;
557 	if (error < 0)
558 		return error;
559 
560 	if (size) {
561 		if (size > XATTR_SIZE_MAX)
562 			return -E2BIG;
563 		kvalue = kvmalloc(size, GFP_KERNEL);
564 		if (!kvalue)
565 			return -ENOMEM;
566 		if (copy_from_user(kvalue, value, size)) {
567 			error = -EFAULT;
568 			goto out;
569 		}
570 		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
571 		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
572 			posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
573 	}
574 
575 	error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
576 out:
577 	kvfree(kvalue);
578 
579 	return error;
580 }
581 
path_setxattr(const char __user * pathname,const char __user * name,const void __user * value,size_t size,int flags,unsigned int lookup_flags)582 static int path_setxattr(const char __user *pathname,
583 			 const char __user *name, const void __user *value,
584 			 size_t size, int flags, unsigned int lookup_flags)
585 {
586 	struct path path;
587 	int error;
588 
589 retry:
590 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
591 	if (error)
592 		return error;
593 	error = mnt_want_write(path.mnt);
594 	if (!error) {
595 		error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
596 				 value, size, flags);
597 		mnt_drop_write(path.mnt);
598 	}
599 	path_put(&path);
600 	if (retry_estale(error, lookup_flags)) {
601 		lookup_flags |= LOOKUP_REVAL;
602 		goto retry;
603 	}
604 	return error;
605 }
606 
SYSCALL_DEFINE5(setxattr,const char __user *,pathname,const char __user *,name,const void __user *,value,size_t,size,int,flags)607 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
608 		const char __user *, name, const void __user *, value,
609 		size_t, size, int, flags)
610 {
611 	return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
612 }
613 
SYSCALL_DEFINE5(lsetxattr,const char __user *,pathname,const char __user *,name,const void __user *,value,size_t,size,int,flags)614 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
615 		const char __user *, name, const void __user *, value,
616 		size_t, size, int, flags)
617 {
618 	return path_setxattr(pathname, name, value, size, flags, 0);
619 }
620 
SYSCALL_DEFINE5(fsetxattr,int,fd,const char __user *,name,const void __user *,value,size_t,size,int,flags)621 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
622 		const void __user *,value, size_t, size, int, flags)
623 {
624 	struct fd f = fdget(fd);
625 	int error = -EBADF;
626 
627 	if (!f.file)
628 		return error;
629 	audit_file(f.file);
630 	error = mnt_want_write_file(f.file);
631 	if (!error) {
632 		error = setxattr(file_mnt_user_ns(f.file),
633 				 f.file->f_path.dentry, name,
634 				 value, size, flags);
635 		mnt_drop_write_file(f.file);
636 	}
637 	fdput(f);
638 	return error;
639 }
640 
641 /*
642  * Extended attribute GET operations
643  */
644 static ssize_t
getxattr(struct user_namespace * mnt_userns,struct dentry * d,const char __user * name,void __user * value,size_t size)645 getxattr(struct user_namespace *mnt_userns, struct dentry *d,
646 	 const char __user *name, void __user *value, size_t size)
647 {
648 	ssize_t error;
649 	void *kvalue = NULL;
650 	char kname[XATTR_NAME_MAX + 1];
651 
652 	error = strncpy_from_user(kname, name, sizeof(kname));
653 	if (error == 0 || error == sizeof(kname))
654 		error = -ERANGE;
655 	if (error < 0)
656 		return error;
657 
658 	if (size) {
659 		if (size > XATTR_SIZE_MAX)
660 			size = XATTR_SIZE_MAX;
661 		kvalue = kvzalloc(size, GFP_KERNEL);
662 		if (!kvalue)
663 			return -ENOMEM;
664 	}
665 
666 	error = vfs_getxattr(mnt_userns, d, kname, kvalue, size);
667 	if (error > 0) {
668 		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
669 		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
670 			posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error);
671 		if (size && copy_to_user(value, kvalue, error))
672 			error = -EFAULT;
673 	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
674 		/* The file system tried to returned a value bigger
675 		   than XATTR_SIZE_MAX bytes. Not possible. */
676 		error = -E2BIG;
677 	}
678 
679 	kvfree(kvalue);
680 
681 	return error;
682 }
683 
path_getxattr(const char __user * pathname,const char __user * name,void __user * value,size_t size,unsigned int lookup_flags)684 static ssize_t path_getxattr(const char __user *pathname,
685 			     const char __user *name, void __user *value,
686 			     size_t size, unsigned int lookup_flags)
687 {
688 	struct path path;
689 	ssize_t error;
690 retry:
691 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
692 	if (error)
693 		return error;
694 	error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
695 	path_put(&path);
696 	if (retry_estale(error, lookup_flags)) {
697 		lookup_flags |= LOOKUP_REVAL;
698 		goto retry;
699 	}
700 	return error;
701 }
702 
SYSCALL_DEFINE4(getxattr,const char __user *,pathname,const char __user *,name,void __user *,value,size_t,size)703 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
704 		const char __user *, name, void __user *, value, size_t, size)
705 {
706 	return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
707 }
708 
SYSCALL_DEFINE4(lgetxattr,const char __user *,pathname,const char __user *,name,void __user *,value,size_t,size)709 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
710 		const char __user *, name, void __user *, value, size_t, size)
711 {
712 	return path_getxattr(pathname, name, value, size, 0);
713 }
714 
SYSCALL_DEFINE4(fgetxattr,int,fd,const char __user *,name,void __user *,value,size_t,size)715 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
716 		void __user *, value, size_t, size)
717 {
718 	struct fd f = fdget(fd);
719 	ssize_t error = -EBADF;
720 
721 	if (!f.file)
722 		return error;
723 	audit_file(f.file);
724 	error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
725 			 name, value, size);
726 	fdput(f);
727 	return error;
728 }
729 
730 /*
731  * Extended attribute LIST operations
732  */
733 static ssize_t
listxattr(struct dentry * d,char __user * list,size_t size)734 listxattr(struct dentry *d, char __user *list, size_t size)
735 {
736 	ssize_t error;
737 	char *klist = NULL;
738 
739 	if (size) {
740 		if (size > XATTR_LIST_MAX)
741 			size = XATTR_LIST_MAX;
742 		klist = kvmalloc(size, GFP_KERNEL);
743 		if (!klist)
744 			return -ENOMEM;
745 	}
746 
747 	error = vfs_listxattr(d, klist, size);
748 	if (error > 0) {
749 		if (size && copy_to_user(list, klist, error))
750 			error = -EFAULT;
751 	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
752 		/* The file system tried to returned a list bigger
753 		   than XATTR_LIST_MAX bytes. Not possible. */
754 		error = -E2BIG;
755 	}
756 
757 	kvfree(klist);
758 
759 	return error;
760 }
761 
path_listxattr(const char __user * pathname,char __user * list,size_t size,unsigned int lookup_flags)762 static ssize_t path_listxattr(const char __user *pathname, char __user *list,
763 			      size_t size, unsigned int lookup_flags)
764 {
765 	struct path path;
766 	ssize_t error;
767 retry:
768 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
769 	if (error)
770 		return error;
771 	error = listxattr(path.dentry, list, size);
772 	path_put(&path);
773 	if (retry_estale(error, lookup_flags)) {
774 		lookup_flags |= LOOKUP_REVAL;
775 		goto retry;
776 	}
777 	return error;
778 }
779 
SYSCALL_DEFINE3(listxattr,const char __user *,pathname,char __user *,list,size_t,size)780 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
781 		size_t, size)
782 {
783 	return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
784 }
785 
SYSCALL_DEFINE3(llistxattr,const char __user *,pathname,char __user *,list,size_t,size)786 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
787 		size_t, size)
788 {
789 	return path_listxattr(pathname, list, size, 0);
790 }
791 
SYSCALL_DEFINE3(flistxattr,int,fd,char __user *,list,size_t,size)792 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
793 {
794 	struct fd f = fdget(fd);
795 	ssize_t error = -EBADF;
796 
797 	if (!f.file)
798 		return error;
799 	audit_file(f.file);
800 	error = listxattr(f.file->f_path.dentry, list, size);
801 	fdput(f);
802 	return error;
803 }
804 
805 /*
806  * Extended attribute REMOVE operations
807  */
808 static long
removexattr(struct user_namespace * mnt_userns,struct dentry * d,const char __user * name)809 removexattr(struct user_namespace *mnt_userns, struct dentry *d,
810 	    const char __user *name)
811 {
812 	int error;
813 	char kname[XATTR_NAME_MAX + 1];
814 
815 	error = strncpy_from_user(kname, name, sizeof(kname));
816 	if (error == 0 || error == sizeof(kname))
817 		error = -ERANGE;
818 	if (error < 0)
819 		return error;
820 
821 	return vfs_removexattr(mnt_userns, d, kname);
822 }
823 
path_removexattr(const char __user * pathname,const char __user * name,unsigned int lookup_flags)824 static int path_removexattr(const char __user *pathname,
825 			    const char __user *name, unsigned int lookup_flags)
826 {
827 	struct path path;
828 	int error;
829 retry:
830 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
831 	if (error)
832 		return error;
833 	error = mnt_want_write(path.mnt);
834 	if (!error) {
835 		error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
836 		mnt_drop_write(path.mnt);
837 	}
838 	path_put(&path);
839 	if (retry_estale(error, lookup_flags)) {
840 		lookup_flags |= LOOKUP_REVAL;
841 		goto retry;
842 	}
843 	return error;
844 }
845 
SYSCALL_DEFINE2(removexattr,const char __user *,pathname,const char __user *,name)846 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
847 		const char __user *, name)
848 {
849 	return path_removexattr(pathname, name, LOOKUP_FOLLOW);
850 }
851 
SYSCALL_DEFINE2(lremovexattr,const char __user *,pathname,const char __user *,name)852 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
853 		const char __user *, name)
854 {
855 	return path_removexattr(pathname, name, 0);
856 }
857 
SYSCALL_DEFINE2(fremovexattr,int,fd,const char __user *,name)858 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
859 {
860 	struct fd f = fdget(fd);
861 	int error = -EBADF;
862 
863 	if (!f.file)
864 		return error;
865 	audit_file(f.file);
866 	error = mnt_want_write_file(f.file);
867 	if (!error) {
868 		error = removexattr(file_mnt_user_ns(f.file),
869 				    f.file->f_path.dentry, name);
870 		mnt_drop_write_file(f.file);
871 	}
872 	fdput(f);
873 	return error;
874 }
875 
876 /*
877  * Combine the results of the list() operation from every xattr_handler in the
878  * list.
879  */
880 ssize_t
generic_listxattr(struct dentry * dentry,char * buffer,size_t buffer_size)881 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
882 {
883 	const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
884 	unsigned int size = 0;
885 
886 	if (!buffer) {
887 		for_each_xattr_handler(handlers, handler) {
888 			if (!handler->name ||
889 			    (handler->list && !handler->list(dentry)))
890 				continue;
891 			size += strlen(handler->name) + 1;
892 		}
893 	} else {
894 		char *buf = buffer;
895 		size_t len;
896 
897 		for_each_xattr_handler(handlers, handler) {
898 			if (!handler->name ||
899 			    (handler->list && !handler->list(dentry)))
900 				continue;
901 			len = strlen(handler->name);
902 			if (len + 1 > buffer_size)
903 				return -ERANGE;
904 			memcpy(buf, handler->name, len + 1);
905 			buf += len + 1;
906 			buffer_size -= len + 1;
907 		}
908 		size = buf - buffer;
909 	}
910 	return size;
911 }
912 EXPORT_SYMBOL(generic_listxattr);
913 
914 /**
915  * xattr_full_name  -  Compute full attribute name from suffix
916  *
917  * @handler:	handler of the xattr_handler operation
918  * @name:	name passed to the xattr_handler operation
919  *
920  * The get and set xattr handler operations are called with the remainder of
921  * the attribute name after skipping the handler's prefix: for example, "foo"
922  * is passed to the get operation of a handler with prefix "user." to get
923  * attribute "user.foo".  The full name is still "there" in the name though.
924  *
925  * Note: the list xattr handler operation when called from the vfs is passed a
926  * NULL name; some file systems use this operation internally, with varying
927  * semantics.
928  */
xattr_full_name(const struct xattr_handler * handler,const char * name)929 const char *xattr_full_name(const struct xattr_handler *handler,
930 			    const char *name)
931 {
932 	size_t prefix_len = strlen(xattr_prefix(handler));
933 
934 	return name - prefix_len;
935 }
936 EXPORT_SYMBOL(xattr_full_name);
937 
938 /*
939  * Allocate new xattr and copy in the value; but leave the name to callers.
940  */
simple_xattr_alloc(const void * value,size_t size)941 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
942 {
943 	struct simple_xattr *new_xattr;
944 	size_t len;
945 
946 	/* wrap around? */
947 	len = sizeof(*new_xattr) + size;
948 	if (len < sizeof(*new_xattr))
949 		return NULL;
950 
951 	new_xattr = kvmalloc(len, GFP_KERNEL);
952 	if (!new_xattr)
953 		return NULL;
954 
955 	new_xattr->size = size;
956 	memcpy(new_xattr->value, value, size);
957 	return new_xattr;
958 }
959 
960 /*
961  * xattr GET operation for in-memory/pseudo filesystems
962  */
simple_xattr_get(struct simple_xattrs * xattrs,const char * name,void * buffer,size_t size)963 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
964 		     void *buffer, size_t size)
965 {
966 	struct simple_xattr *xattr;
967 	int ret = -ENODATA;
968 
969 	spin_lock(&xattrs->lock);
970 	list_for_each_entry(xattr, &xattrs->head, list) {
971 		if (strcmp(name, xattr->name))
972 			continue;
973 
974 		ret = xattr->size;
975 		if (buffer) {
976 			if (size < xattr->size)
977 				ret = -ERANGE;
978 			else
979 				memcpy(buffer, xattr->value, xattr->size);
980 		}
981 		break;
982 	}
983 	spin_unlock(&xattrs->lock);
984 	return ret;
985 }
986 
987 /**
988  * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
989  * @xattrs: target simple_xattr list
990  * @name: name of the extended attribute
991  * @value: value of the xattr. If %NULL, will remove the attribute.
992  * @size: size of the new xattr
993  * @flags: %XATTR_{CREATE|REPLACE}
994  * @removed_size: returns size of the removed xattr, -1 if none removed
995  *
996  * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
997  * with -EEXIST.  If %XATTR_REPLACE is set, the xattr should exist;
998  * otherwise, fails with -ENODATA.
999  *
1000  * Returns 0 on success, -errno on failure.
1001  */
simple_xattr_set(struct simple_xattrs * xattrs,const char * name,const void * value,size_t size,int flags,ssize_t * removed_size)1002 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
1003 		     const void *value, size_t size, int flags,
1004 		     ssize_t *removed_size)
1005 {
1006 	struct simple_xattr *xattr;
1007 	struct simple_xattr *new_xattr = NULL;
1008 	int err = 0;
1009 
1010 	if (removed_size)
1011 		*removed_size = -1;
1012 
1013 	/* value == NULL means remove */
1014 	if (value) {
1015 		new_xattr = simple_xattr_alloc(value, size);
1016 		if (!new_xattr)
1017 			return -ENOMEM;
1018 
1019 		new_xattr->name = kstrdup(name, GFP_KERNEL);
1020 		if (!new_xattr->name) {
1021 			kvfree(new_xattr);
1022 			return -ENOMEM;
1023 		}
1024 	}
1025 
1026 	spin_lock(&xattrs->lock);
1027 	list_for_each_entry(xattr, &xattrs->head, list) {
1028 		if (!strcmp(name, xattr->name)) {
1029 			if (flags & XATTR_CREATE) {
1030 				xattr = new_xattr;
1031 				err = -EEXIST;
1032 			} else if (new_xattr) {
1033 				list_replace(&xattr->list, &new_xattr->list);
1034 				if (removed_size)
1035 					*removed_size = xattr->size;
1036 			} else {
1037 				list_del(&xattr->list);
1038 				if (removed_size)
1039 					*removed_size = xattr->size;
1040 			}
1041 			goto out;
1042 		}
1043 	}
1044 	if (flags & XATTR_REPLACE) {
1045 		xattr = new_xattr;
1046 		err = -ENODATA;
1047 	} else {
1048 		list_add(&new_xattr->list, &xattrs->head);
1049 		xattr = NULL;
1050 	}
1051 out:
1052 	spin_unlock(&xattrs->lock);
1053 	if (xattr) {
1054 		kfree(xattr->name);
1055 		kvfree(xattr);
1056 	}
1057 	return err;
1058 
1059 }
1060 
xattr_is_trusted(const char * name)1061 static bool xattr_is_trusted(const char *name)
1062 {
1063 	return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
1064 }
1065 
xattr_list_one(char ** buffer,ssize_t * remaining_size,const char * name)1066 static int xattr_list_one(char **buffer, ssize_t *remaining_size,
1067 			  const char *name)
1068 {
1069 	size_t len = strlen(name) + 1;
1070 	if (*buffer) {
1071 		if (*remaining_size < len)
1072 			return -ERANGE;
1073 		memcpy(*buffer, name, len);
1074 		*buffer += len;
1075 	}
1076 	*remaining_size -= len;
1077 	return 0;
1078 }
1079 
1080 /*
1081  * xattr LIST operation for in-memory/pseudo filesystems
1082  */
simple_xattr_list(struct inode * inode,struct simple_xattrs * xattrs,char * buffer,size_t size)1083 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1084 			  char *buffer, size_t size)
1085 {
1086 	bool trusted = capable(CAP_SYS_ADMIN);
1087 	struct simple_xattr *xattr;
1088 	ssize_t remaining_size = size;
1089 	int err = 0;
1090 
1091 #ifdef CONFIG_FS_POSIX_ACL
1092 	if (IS_POSIXACL(inode)) {
1093 		if (inode->i_acl) {
1094 			err = xattr_list_one(&buffer, &remaining_size,
1095 					     XATTR_NAME_POSIX_ACL_ACCESS);
1096 			if (err)
1097 				return err;
1098 		}
1099 		if (inode->i_default_acl) {
1100 			err = xattr_list_one(&buffer, &remaining_size,
1101 					     XATTR_NAME_POSIX_ACL_DEFAULT);
1102 			if (err)
1103 				return err;
1104 		}
1105 	}
1106 #endif
1107 
1108 	spin_lock(&xattrs->lock);
1109 	list_for_each_entry(xattr, &xattrs->head, list) {
1110 		/* skip "trusted." attributes for unprivileged callers */
1111 		if (!trusted && xattr_is_trusted(xattr->name))
1112 			continue;
1113 
1114 		err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1115 		if (err)
1116 			break;
1117 	}
1118 	spin_unlock(&xattrs->lock);
1119 
1120 	return err ? err : size - remaining_size;
1121 }
1122 
1123 /*
1124  * Adds an extended attribute to the list
1125  */
simple_xattr_list_add(struct simple_xattrs * xattrs,struct simple_xattr * new_xattr)1126 void simple_xattr_list_add(struct simple_xattrs *xattrs,
1127 			   struct simple_xattr *new_xattr)
1128 {
1129 	spin_lock(&xattrs->lock);
1130 	list_add(&new_xattr->list, &xattrs->head);
1131 	spin_unlock(&xattrs->lock);
1132 }
1133