LCOV - code coverage report
Current view: top level - fs - xattr.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 3 466 0.6 %
Date: 2023-04-06 08:38:28 Functions: 1 54 1.9 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0-only
       2             : /*
       3             :   File: fs/xattr.c
       4             : 
       5             :   Extended attribute handling.
       6             : 
       7             :   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
       8             :   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
       9             :   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
      10             :  */
      11             : #include <linux/fs.h>
      12             : #include <linux/filelock.h>
      13             : #include <linux/slab.h>
      14             : #include <linux/file.h>
      15             : #include <linux/xattr.h>
      16             : #include <linux/mount.h>
      17             : #include <linux/namei.h>
      18             : #include <linux/security.h>
      19             : #include <linux/evm.h>
      20             : #include <linux/syscalls.h>
      21             : #include <linux/export.h>
      22             : #include <linux/fsnotify.h>
      23             : #include <linux/audit.h>
      24             : #include <linux/vmalloc.h>
      25             : #include <linux/posix_acl_xattr.h>
      26             : 
      27             : #include <linux/uaccess.h>
      28             : 
      29             : #include "internal.h"
      30             : 
      31             : static const char *
      32             : strcmp_prefix(const char *a, const char *a_prefix)
      33             : {
      34           0 :         while (*a_prefix && *a == *a_prefix) {
      35           0 :                 a++;
      36           0 :                 a_prefix++;
      37             :         }
      38           0 :         return *a_prefix ? NULL : a;
      39             : }
      40             : 
      41             : /*
      42             :  * In order to implement different sets of xattr operations for each xattr
      43             :  * prefix, a filesystem should create a null-terminated array of struct
      44             :  * xattr_handler (one for each prefix) and hang a pointer to it off of the
      45             :  * s_xattr field of the superblock.
      46             :  */
      47             : #define for_each_xattr_handler(handlers, handler)               \
      48             :         if (handlers)                                           \
      49             :                 for ((handler) = *(handlers)++;                 \
      50             :                         (handler) != NULL;                      \
      51             :                         (handler) = *(handlers)++)
      52             : 
      53             : /*
      54             :  * Find the xattr_handler with the matching prefix.
      55             :  */
      56             : static const struct xattr_handler *
      57           0 : xattr_resolve_name(struct inode *inode, const char **name)
      58             : {
      59           0 :         const struct xattr_handler **handlers = inode->i_sb->s_xattr;
      60             :         const struct xattr_handler *handler;
      61             : 
      62           0 :         if (!(inode->i_opflags & IOP_XATTR)) {
      63           0 :                 if (unlikely(is_bad_inode(inode)))
      64             :                         return ERR_PTR(-EIO);
      65           0 :                 return ERR_PTR(-EOPNOTSUPP);
      66             :         }
      67           0 :         for_each_xattr_handler(handlers, handler) {
      68             :                 const char *n;
      69             : 
      70           0 :                 n = strcmp_prefix(*name, xattr_prefix(handler));
      71           0 :                 if (n) {
      72           0 :                         if (!handler->prefix ^ !*n) {
      73           0 :                                 if (*n)
      74           0 :                                         continue;
      75             :                                 return ERR_PTR(-EINVAL);
      76             :                         }
      77           0 :                         *name = n;
      78           0 :                         return handler;
      79             :                 }
      80             :         }
      81             :         return ERR_PTR(-EOPNOTSUPP);
      82             : }
      83             : 
      84             : /**
      85             :  * may_write_xattr - check whether inode allows writing xattr
      86             :  * @idmap: idmap of the mount the inode was found from
      87             :  * @inode: the inode on which to set an xattr
      88             :  *
      89             :  * Check whether the inode allows writing xattrs. Specifically, we can never
      90             :  * set or remove an extended attribute on a read-only filesystem  or on an
      91             :  * immutable / append-only inode.
      92             :  *
      93             :  * We also need to ensure that the inode has a mapping in the mount to
      94             :  * not risk writing back invalid i_{g,u}id values.
      95             :  *
      96             :  * Return: On success zero is returned. On error a negative errno is returned.
      97             :  */
      98           0 : int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode)
      99             : {
     100           0 :         if (IS_IMMUTABLE(inode))
     101             :                 return -EPERM;
     102           0 :         if (IS_APPEND(inode))
     103             :                 return -EPERM;
     104           0 :         if (HAS_UNMAPPED_ID(idmap, inode))
     105             :                 return -EPERM;
     106           0 :         return 0;
     107             : }
     108             : 
     109             : /*
     110             :  * Check permissions for extended attribute access.  This is a bit complicated
     111             :  * because different namespaces have very different rules.
     112             :  */
     113             : static int
     114           0 : xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
     115             :                  const char *name, int mask)
     116             : {
     117           0 :         if (mask & MAY_WRITE) {
     118             :                 int ret;
     119             : 
     120           0 :                 ret = may_write_xattr(idmap, inode);
     121           0 :                 if (ret)
     122             :                         return ret;
     123             :         }
     124             : 
     125             :         /*
     126             :          * No restriction for security.* and system.* from the VFS.  Decision
     127             :          * on these is left to the underlying filesystem / security module.
     128             :          */
     129           0 :         if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
     130           0 :             !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
     131             :                 return 0;
     132             : 
     133             :         /*
     134             :          * The trusted.* namespace can only be accessed by privileged users.
     135             :          */
     136           0 :         if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
     137           0 :                 if (!capable(CAP_SYS_ADMIN))
     138           0 :                         return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
     139             :                 return 0;
     140             :         }
     141             : 
     142             :         /*
     143             :          * In the user.* namespace, only regular files and directories can have
     144             :          * extended attributes. For sticky directories, only the owner and
     145             :          * privileged users can write attributes.
     146             :          */
     147           0 :         if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
     148           0 :                 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
     149           0 :                         return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
     150           0 :                 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
     151           0 :                     (mask & MAY_WRITE) &&
     152           0 :                     !inode_owner_or_capable(idmap, inode))
     153             :                         return -EPERM;
     154             :         }
     155             : 
     156           0 :         return inode_permission(idmap, inode, mask);
     157             : }
     158             : 
     159             : /*
     160             :  * Look for any handler that deals with the specified namespace.
     161             :  */
     162             : int
     163           0 : xattr_supported_namespace(struct inode *inode, const char *prefix)
     164             : {
     165           0 :         const struct xattr_handler **handlers = inode->i_sb->s_xattr;
     166             :         const struct xattr_handler *handler;
     167             :         size_t preflen;
     168             : 
     169           0 :         if (!(inode->i_opflags & IOP_XATTR)) {
     170           0 :                 if (unlikely(is_bad_inode(inode)))
     171             :                         return -EIO;
     172           0 :                 return -EOPNOTSUPP;
     173             :         }
     174             : 
     175           0 :         preflen = strlen(prefix);
     176             : 
     177           0 :         for_each_xattr_handler(handlers, handler) {
     178           0 :                 if (!strncmp(xattr_prefix(handler), prefix, preflen))
     179             :                         return 0;
     180             :         }
     181             : 
     182             :         return -EOPNOTSUPP;
     183             : }
     184             : EXPORT_SYMBOL(xattr_supported_namespace);
     185             : 
     186             : int
     187           0 : __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
     188             :                struct inode *inode, const char *name, const void *value,
     189             :                size_t size, int flags)
     190             : {
     191             :         const struct xattr_handler *handler;
     192             : 
     193           0 :         if (is_posix_acl_xattr(name))
     194             :                 return -EOPNOTSUPP;
     195             : 
     196           0 :         handler = xattr_resolve_name(inode, &name);
     197           0 :         if (IS_ERR(handler))
     198           0 :                 return PTR_ERR(handler);
     199           0 :         if (!handler->set)
     200             :                 return -EOPNOTSUPP;
     201           0 :         if (size == 0)
     202           0 :                 value = "";  /* empty EA, do not remove */
     203           0 :         return handler->set(handler, idmap, dentry, inode, name, value,
     204             :                             size, flags);
     205             : }
     206             : EXPORT_SYMBOL(__vfs_setxattr);
     207             : 
     208             : /**
     209             :  *  __vfs_setxattr_noperm - perform setxattr operation without performing
     210             :  *  permission checks.
     211             :  *
     212             :  *  @idmap: idmap of the mount the inode was found from
     213             :  *  @dentry: object to perform setxattr on
     214             :  *  @name: xattr name to set
     215             :  *  @value: value to set @name to
     216             :  *  @size: size of @value
     217             :  *  @flags: flags to pass into filesystem operations
     218             :  *
     219             :  *  returns the result of the internal setxattr or setsecurity operations.
     220             :  *
     221             :  *  This function requires the caller to lock the inode's i_mutex before it
     222             :  *  is executed. It also assumes that the caller will make the appropriate
     223             :  *  permission checks.
     224             :  */
     225           0 : int __vfs_setxattr_noperm(struct mnt_idmap *idmap,
     226             :                           struct dentry *dentry, const char *name,
     227             :                           const void *value, size_t size, int flags)
     228             : {
     229           0 :         struct inode *inode = dentry->d_inode;
     230           0 :         int error = -EAGAIN;
     231           0 :         int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
     232             :                                    XATTR_SECURITY_PREFIX_LEN);
     233             : 
     234           0 :         if (issec)
     235           0 :                 inode->i_flags &= ~S_NOSEC;
     236           0 :         if (inode->i_opflags & IOP_XATTR) {
     237           0 :                 error = __vfs_setxattr(idmap, dentry, inode, name, value,
     238             :                                        size, flags);
     239           0 :                 if (!error) {
     240             :                         fsnotify_xattr(dentry);
     241             :                         security_inode_post_setxattr(dentry, name, value,
     242             :                                                      size, flags);
     243             :                 }
     244             :         } else {
     245           0 :                 if (unlikely(is_bad_inode(inode)))
     246             :                         return -EIO;
     247             :         }
     248           0 :         if (error == -EAGAIN) {
     249           0 :                 error = -EOPNOTSUPP;
     250             : 
     251             :                 if (issec) {
     252             :                         const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
     253             : 
     254             :                         error = security_inode_setsecurity(inode, suffix, value,
     255             :                                                            size, flags);
     256             :                         if (!error)
     257             :                                 fsnotify_xattr(dentry);
     258             :                 }
     259             :         }
     260             : 
     261             :         return error;
     262             : }
     263             : 
     264             : /**
     265             :  * __vfs_setxattr_locked - set an extended attribute while holding the inode
     266             :  * lock
     267             :  *
     268             :  *  @idmap: idmap of the mount of the target inode
     269             :  *  @dentry: object to perform setxattr on
     270             :  *  @name: xattr name to set
     271             :  *  @value: value to set @name to
     272             :  *  @size: size of @value
     273             :  *  @flags: flags to pass into filesystem operations
     274             :  *  @delegated_inode: on return, will contain an inode pointer that
     275             :  *  a delegation was broken on, NULL if none.
     276             :  */
     277             : int
     278           0 : __vfs_setxattr_locked(struct mnt_idmap *idmap, struct dentry *dentry,
     279             :                       const char *name, const void *value, size_t size,
     280             :                       int flags, struct inode **delegated_inode)
     281             : {
     282           0 :         struct inode *inode = dentry->d_inode;
     283             :         int error;
     284             : 
     285           0 :         error = xattr_permission(idmap, inode, name, MAY_WRITE);
     286           0 :         if (error)
     287             :                 return error;
     288             : 
     289           0 :         error = security_inode_setxattr(idmap, dentry, name, value, size,
     290             :                                         flags);
     291           0 :         if (error)
     292             :                 goto out;
     293             : 
     294           0 :         error = try_break_deleg(inode, delegated_inode);
     295           0 :         if (error)
     296             :                 goto out;
     297             : 
     298           0 :         error = __vfs_setxattr_noperm(idmap, dentry, name, value,
     299             :                                       size, flags);
     300             : 
     301             : out:
     302             :         return error;
     303             : }
     304             : EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
     305             : 
     306             : int
     307           0 : vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
     308             :              const char *name, const void *value, size_t size, int flags)
     309             : {
     310           0 :         struct inode *inode = dentry->d_inode;
     311           0 :         struct inode *delegated_inode = NULL;
     312           0 :         const void  *orig_value = value;
     313             :         int error;
     314             : 
     315           0 :         if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
     316           0 :                 error = cap_convert_nscap(idmap, dentry, &value, size);
     317           0 :                 if (error < 0)
     318             :                         return error;
     319           0 :                 size = error;
     320             :         }
     321             : 
     322             : retry_deleg:
     323           0 :         inode_lock(inode);
     324           0 :         error = __vfs_setxattr_locked(idmap, dentry, name, value, size,
     325             :                                       flags, &delegated_inode);
     326           0 :         inode_unlock(inode);
     327             : 
     328           0 :         if (delegated_inode) {
     329           0 :                 error = break_deleg_wait(&delegated_inode);
     330           0 :                 if (!error)
     331             :                         goto retry_deleg;
     332             :         }
     333           0 :         if (value != orig_value)
     334           0 :                 kfree(value);
     335             : 
     336             :         return error;
     337             : }
     338             : EXPORT_SYMBOL_GPL(vfs_setxattr);
     339             : 
     340             : static ssize_t
     341           0 : xattr_getsecurity(struct mnt_idmap *idmap, struct inode *inode,
     342             :                   const char *name, void *value, size_t size)
     343             : {
     344           0 :         void *buffer = NULL;
     345             :         ssize_t len;
     346             : 
     347           0 :         if (!value || !size) {
     348           0 :                 len = security_inode_getsecurity(idmap, inode, name,
     349             :                                                  &buffer, false);
     350           0 :                 goto out_noalloc;
     351             :         }
     352             : 
     353           0 :         len = security_inode_getsecurity(idmap, inode, name, &buffer,
     354             :                                          true);
     355           0 :         if (len < 0)
     356             :                 return len;
     357           0 :         if (size < len) {
     358             :                 len = -ERANGE;
     359             :                 goto out;
     360             :         }
     361           0 :         memcpy(value, buffer, len);
     362             : out:
     363           0 :         kfree(buffer);
     364             : out_noalloc:
     365             :         return len;
     366             : }
     367             : 
     368             : /*
     369             :  * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
     370             :  *
     371             :  * Allocate memory, if not already allocated, or re-allocate correct size,
     372             :  * before retrieving the extended attribute.  The xattr value buffer should
     373             :  * always be freed by the caller, even on error.
     374             :  *
     375             :  * Returns the result of alloc, if failed, or the getxattr operation.
     376             :  */
     377             : int
     378           0 : vfs_getxattr_alloc(struct mnt_idmap *idmap, struct dentry *dentry,
     379             :                    const char *name, char **xattr_value, size_t xattr_size,
     380             :                    gfp_t flags)
     381             : {
     382             :         const struct xattr_handler *handler;
     383           0 :         struct inode *inode = dentry->d_inode;
     384           0 :         char *value = *xattr_value;
     385             :         int error;
     386             : 
     387           0 :         error = xattr_permission(idmap, inode, name, MAY_READ);
     388           0 :         if (error)
     389             :                 return error;
     390             : 
     391           0 :         handler = xattr_resolve_name(inode, &name);
     392           0 :         if (IS_ERR(handler))
     393           0 :                 return PTR_ERR(handler);
     394           0 :         if (!handler->get)
     395             :                 return -EOPNOTSUPP;
     396           0 :         error = handler->get(handler, dentry, inode, name, NULL, 0);
     397           0 :         if (error < 0)
     398             :                 return error;
     399             : 
     400           0 :         if (!value || (error > xattr_size)) {
     401           0 :                 value = krealloc(*xattr_value, error + 1, flags);
     402           0 :                 if (!value)
     403             :                         return -ENOMEM;
     404           0 :                 memset(value, 0, error + 1);
     405             :         }
     406             : 
     407           0 :         error = handler->get(handler, dentry, inode, name, value, error);
     408           0 :         *xattr_value = value;
     409           0 :         return error;
     410             : }
     411             : 
     412             : ssize_t
     413           0 : __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
     414             :                void *value, size_t size)
     415             : {
     416             :         const struct xattr_handler *handler;
     417             : 
     418           0 :         if (is_posix_acl_xattr(name))
     419             :                 return -EOPNOTSUPP;
     420             : 
     421           0 :         handler = xattr_resolve_name(inode, &name);
     422           0 :         if (IS_ERR(handler))
     423           0 :                 return PTR_ERR(handler);
     424           0 :         if (!handler->get)
     425             :                 return -EOPNOTSUPP;
     426           0 :         return handler->get(handler, dentry, inode, name, value, size);
     427             : }
     428             : EXPORT_SYMBOL(__vfs_getxattr);
     429             : 
     430             : ssize_t
     431           0 : vfs_getxattr(struct mnt_idmap *idmap, struct dentry *dentry,
     432             :              const char *name, void *value, size_t size)
     433             : {
     434           0 :         struct inode *inode = dentry->d_inode;
     435             :         int error;
     436             : 
     437           0 :         error = xattr_permission(idmap, inode, name, MAY_READ);
     438           0 :         if (error)
     439           0 :                 return error;
     440             : 
     441           0 :         error = security_inode_getxattr(dentry, name);
     442             :         if (error)
     443             :                 return error;
     444             : 
     445           0 :         if (!strncmp(name, XATTR_SECURITY_PREFIX,
     446             :                                 XATTR_SECURITY_PREFIX_LEN)) {
     447           0 :                 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
     448           0 :                 int ret = xattr_getsecurity(idmap, inode, suffix, value,
     449             :                                             size);
     450             :                 /*
     451             :                  * Only overwrite the return value if a security module
     452             :                  * is actually active.
     453             :                  */
     454           0 :                 if (ret == -EOPNOTSUPP)
     455             :                         goto nolsm;
     456           0 :                 return ret;
     457             :         }
     458             : nolsm:
     459           0 :         return __vfs_getxattr(dentry, inode, name, value, size);
     460             : }
     461             : EXPORT_SYMBOL_GPL(vfs_getxattr);
     462             : 
     463             : ssize_t
     464           0 : vfs_listxattr(struct dentry *dentry, char *list, size_t size)
     465             : {
     466           0 :         struct inode *inode = d_inode(dentry);
     467             :         ssize_t error;
     468             : 
     469           0 :         error = security_inode_listxattr(dentry);
     470             :         if (error)
     471             :                 return error;
     472           0 :         if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
     473           0 :                 error = inode->i_op->listxattr(dentry, list, size);
     474             :         } else {
     475             :                 error = security_inode_listsecurity(inode, list, size);
     476             :                 if (size && error > size)
     477             :                         error = -ERANGE;
     478             :         }
     479             :         return error;
     480             : }
     481             : EXPORT_SYMBOL_GPL(vfs_listxattr);
     482             : 
     483             : int
     484           0 : __vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
     485             :                   const char *name)
     486             : {
     487           0 :         struct inode *inode = d_inode(dentry);
     488             :         const struct xattr_handler *handler;
     489             : 
     490           0 :         if (is_posix_acl_xattr(name))
     491             :                 return -EOPNOTSUPP;
     492             : 
     493           0 :         handler = xattr_resolve_name(inode, &name);
     494           0 :         if (IS_ERR(handler))
     495           0 :                 return PTR_ERR(handler);
     496           0 :         if (!handler->set)
     497             :                 return -EOPNOTSUPP;
     498           0 :         return handler->set(handler, idmap, dentry, inode, name, NULL, 0,
     499             :                             XATTR_REPLACE);
     500             : }
     501             : EXPORT_SYMBOL(__vfs_removexattr);
     502             : 
     503             : /**
     504             :  * __vfs_removexattr_locked - set an extended attribute while holding the inode
     505             :  * lock
     506             :  *
     507             :  *  @idmap: idmap of the mount of the target inode
     508             :  *  @dentry: object to perform setxattr on
     509             :  *  @name: name of xattr to remove
     510             :  *  @delegated_inode: on return, will contain an inode pointer that
     511             :  *  a delegation was broken on, NULL if none.
     512             :  */
     513             : int
     514           0 : __vfs_removexattr_locked(struct mnt_idmap *idmap,
     515             :                          struct dentry *dentry, const char *name,
     516             :                          struct inode **delegated_inode)
     517             : {
     518           0 :         struct inode *inode = dentry->d_inode;
     519             :         int error;
     520             : 
     521           0 :         error = xattr_permission(idmap, inode, name, MAY_WRITE);
     522           0 :         if (error)
     523             :                 return error;
     524             : 
     525           0 :         error = security_inode_removexattr(idmap, dentry, name);
     526           0 :         if (error)
     527             :                 goto out;
     528             : 
     529           0 :         error = try_break_deleg(inode, delegated_inode);
     530           0 :         if (error)
     531             :                 goto out;
     532             : 
     533           0 :         error = __vfs_removexattr(idmap, dentry, name);
     534             : 
     535           0 :         if (!error) {
     536             :                 fsnotify_xattr(dentry);
     537             :                 evm_inode_post_removexattr(dentry, name);
     538             :         }
     539             : 
     540             : out:
     541             :         return error;
     542             : }
     543             : EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
     544             : 
     545             : int
     546           0 : vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
     547             :                 const char *name)
     548             : {
     549           0 :         struct inode *inode = dentry->d_inode;
     550           0 :         struct inode *delegated_inode = NULL;
     551             :         int error;
     552             : 
     553             : retry_deleg:
     554           0 :         inode_lock(inode);
     555           0 :         error = __vfs_removexattr_locked(idmap, dentry,
     556             :                                          name, &delegated_inode);
     557           0 :         inode_unlock(inode);
     558             : 
     559           0 :         if (delegated_inode) {
     560           0 :                 error = break_deleg_wait(&delegated_inode);
     561           0 :                 if (!error)
     562             :                         goto retry_deleg;
     563             :         }
     564             : 
     565           0 :         return error;
     566             : }
     567             : EXPORT_SYMBOL_GPL(vfs_removexattr);
     568             : 
     569             : /*
     570             :  * Extended attribute SET operations
     571             :  */
     572             : 
     573           0 : int setxattr_copy(const char __user *name, struct xattr_ctx *ctx)
     574             : {
     575             :         int error;
     576             : 
     577           0 :         if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE))
     578             :                 return -EINVAL;
     579             : 
     580           0 :         error = strncpy_from_user(ctx->kname->name, name,
     581             :                                 sizeof(ctx->kname->name));
     582           0 :         if (error == 0 || error == sizeof(ctx->kname->name))
     583             :                 return  -ERANGE;
     584           0 :         if (error < 0)
     585             :                 return error;
     586             : 
     587           0 :         error = 0;
     588           0 :         if (ctx->size) {
     589           0 :                 if (ctx->size > XATTR_SIZE_MAX)
     590             :                         return -E2BIG;
     591             : 
     592           0 :                 ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size);
     593           0 :                 if (IS_ERR(ctx->kvalue)) {
     594           0 :                         error = PTR_ERR(ctx->kvalue);
     595           0 :                         ctx->kvalue = NULL;
     596             :                 }
     597             :         }
     598             : 
     599             :         return error;
     600             : }
     601             : 
     602           0 : int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
     603             :                 struct xattr_ctx *ctx)
     604             : {
     605           0 :         if (is_posix_acl_xattr(ctx->kname->name))
     606             :                 return do_set_acl(idmap, dentry, ctx->kname->name,
     607             :                                   ctx->kvalue, ctx->size);
     608             : 
     609           0 :         return vfs_setxattr(idmap, dentry, ctx->kname->name,
     610           0 :                         ctx->kvalue, ctx->size, ctx->flags);
     611             : }
     612             : 
     613             : static long
     614           0 : setxattr(struct mnt_idmap *idmap, struct dentry *d,
     615             :         const char __user *name, const void __user *value, size_t size,
     616             :         int flags)
     617             : {
     618             :         struct xattr_name kname;
     619           0 :         struct xattr_ctx ctx = {
     620             :                 .cvalue   = value,
     621             :                 .kvalue   = NULL,
     622             :                 .size     = size,
     623             :                 .kname    = &kname,
     624             :                 .flags    = flags,
     625             :         };
     626             :         int error;
     627             : 
     628           0 :         error = setxattr_copy(name, &ctx);
     629           0 :         if (error)
     630           0 :                 return error;
     631             : 
     632           0 :         error = do_setxattr(idmap, d, &ctx);
     633             : 
     634           0 :         kvfree(ctx.kvalue);
     635           0 :         return error;
     636             : }
     637             : 
     638           0 : static int path_setxattr(const char __user *pathname,
     639             :                          const char __user *name, const void __user *value,
     640             :                          size_t size, int flags, unsigned int lookup_flags)
     641             : {
     642             :         struct path path;
     643             :         int error;
     644             : 
     645             : retry:
     646           0 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     647           0 :         if (error)
     648             :                 return error;
     649           0 :         error = mnt_want_write(path.mnt);
     650           0 :         if (!error) {
     651           0 :                 error = setxattr(mnt_idmap(path.mnt), path.dentry, name,
     652             :                                  value, size, flags);
     653           0 :                 mnt_drop_write(path.mnt);
     654             :         }
     655           0 :         path_put(&path);
     656           0 :         if (retry_estale(error, lookup_flags)) {
     657           0 :                 lookup_flags |= LOOKUP_REVAL;
     658           0 :                 goto retry;
     659             :         }
     660             :         return error;
     661             : }
     662             : 
     663           0 : SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
     664             :                 const char __user *, name, const void __user *, value,
     665             :                 size_t, size, int, flags)
     666             : {
     667           0 :         return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
     668             : }
     669             : 
     670           0 : SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
     671             :                 const char __user *, name, const void __user *, value,
     672             :                 size_t, size, int, flags)
     673             : {
     674           0 :         return path_setxattr(pathname, name, value, size, flags, 0);
     675             : }
     676             : 
     677           0 : SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
     678             :                 const void __user *,value, size_t, size, int, flags)
     679             : {
     680           0 :         struct fd f = fdget(fd);
     681           0 :         int error = -EBADF;
     682             : 
     683           0 :         if (!f.file)
     684             :                 return error;
     685           0 :         audit_file(f.file);
     686           0 :         error = mnt_want_write_file(f.file);
     687           0 :         if (!error) {
     688           0 :                 error = setxattr(file_mnt_idmap(f.file),
     689             :                                  f.file->f_path.dentry, name,
     690             :                                  value, size, flags);
     691           0 :                 mnt_drop_write_file(f.file);
     692             :         }
     693           0 :         fdput(f);
     694           0 :         return error;
     695             : }
     696             : 
     697             : /*
     698             :  * Extended attribute GET operations
     699             :  */
     700             : ssize_t
     701           0 : do_getxattr(struct mnt_idmap *idmap, struct dentry *d,
     702             :         struct xattr_ctx *ctx)
     703             : {
     704             :         ssize_t error;
     705           0 :         char *kname = ctx->kname->name;
     706             : 
     707           0 :         if (ctx->size) {
     708           0 :                 if (ctx->size > XATTR_SIZE_MAX)
     709           0 :                         ctx->size = XATTR_SIZE_MAX;
     710           0 :                 ctx->kvalue = kvzalloc(ctx->size, GFP_KERNEL);
     711           0 :                 if (!ctx->kvalue)
     712             :                         return -ENOMEM;
     713             :         }
     714             : 
     715           0 :         if (is_posix_acl_xattr(ctx->kname->name))
     716             :                 error = do_get_acl(idmap, d, kname, ctx->kvalue, ctx->size);
     717             :         else
     718           0 :                 error = vfs_getxattr(idmap, d, kname, ctx->kvalue, ctx->size);
     719           0 :         if (error > 0) {
     720           0 :                 if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error))
     721           0 :                         error = -EFAULT;
     722           0 :         } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) {
     723             :                 /* The file system tried to returned a value bigger
     724             :                    than XATTR_SIZE_MAX bytes. Not possible. */
     725           0 :                 error = -E2BIG;
     726             :         }
     727             : 
     728             :         return error;
     729             : }
     730             : 
     731             : static ssize_t
     732           0 : getxattr(struct mnt_idmap *idmap, struct dentry *d,
     733             :          const char __user *name, void __user *value, size_t size)
     734             : {
     735             :         ssize_t error;
     736             :         struct xattr_name kname;
     737           0 :         struct xattr_ctx ctx = {
     738             :                 .value    = value,
     739             :                 .kvalue   = NULL,
     740             :                 .size     = size,
     741             :                 .kname    = &kname,
     742             :                 .flags    = 0,
     743             :         };
     744             : 
     745           0 :         error = strncpy_from_user(kname.name, name, sizeof(kname.name));
     746           0 :         if (error == 0 || error == sizeof(kname.name))
     747           0 :                 error = -ERANGE;
     748           0 :         if (error < 0)
     749             :                 return error;
     750             : 
     751           0 :         error =  do_getxattr(idmap, d, &ctx);
     752             : 
     753           0 :         kvfree(ctx.kvalue);
     754           0 :         return error;
     755             : }
     756             : 
     757           0 : static ssize_t path_getxattr(const char __user *pathname,
     758             :                              const char __user *name, void __user *value,
     759             :                              size_t size, unsigned int lookup_flags)
     760             : {
     761             :         struct path path;
     762             :         ssize_t error;
     763             : retry:
     764           0 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     765           0 :         if (error)
     766             :                 return error;
     767           0 :         error = getxattr(mnt_idmap(path.mnt), path.dentry, name, value, size);
     768           0 :         path_put(&path);
     769           0 :         if (retry_estale(error, lookup_flags)) {
     770           0 :                 lookup_flags |= LOOKUP_REVAL;
     771           0 :                 goto retry;
     772             :         }
     773             :         return error;
     774             : }
     775             : 
     776           0 : SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
     777             :                 const char __user *, name, void __user *, value, size_t, size)
     778             : {
     779           0 :         return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
     780             : }
     781             : 
     782           0 : SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
     783             :                 const char __user *, name, void __user *, value, size_t, size)
     784             : {
     785           0 :         return path_getxattr(pathname, name, value, size, 0);
     786             : }
     787             : 
     788           0 : SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
     789             :                 void __user *, value, size_t, size)
     790             : {
     791           0 :         struct fd f = fdget(fd);
     792           0 :         ssize_t error = -EBADF;
     793             : 
     794           0 :         if (!f.file)
     795             :                 return error;
     796           0 :         audit_file(f.file);
     797           0 :         error = getxattr(file_mnt_idmap(f.file), f.file->f_path.dentry,
     798             :                          name, value, size);
     799           0 :         fdput(f);
     800             :         return error;
     801             : }
     802             : 
     803             : /*
     804             :  * Extended attribute LIST operations
     805             :  */
     806             : static ssize_t
     807           0 : listxattr(struct dentry *d, char __user *list, size_t size)
     808             : {
     809             :         ssize_t error;
     810           0 :         char *klist = NULL;
     811             : 
     812           0 :         if (size) {
     813           0 :                 if (size > XATTR_LIST_MAX)
     814           0 :                         size = XATTR_LIST_MAX;
     815           0 :                 klist = kvmalloc(size, GFP_KERNEL);
     816           0 :                 if (!klist)
     817             :                         return -ENOMEM;
     818             :         }
     819             : 
     820           0 :         error = vfs_listxattr(d, klist, size);
     821           0 :         if (error > 0) {
     822           0 :                 if (size && copy_to_user(list, klist, error))
     823           0 :                         error = -EFAULT;
     824           0 :         } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
     825             :                 /* The file system tried to returned a list bigger
     826             :                    than XATTR_LIST_MAX bytes. Not possible. */
     827           0 :                 error = -E2BIG;
     828             :         }
     829             : 
     830           0 :         kvfree(klist);
     831             : 
     832           0 :         return error;
     833             : }
     834             : 
     835           0 : static ssize_t path_listxattr(const char __user *pathname, char __user *list,
     836             :                               size_t size, unsigned int lookup_flags)
     837             : {
     838             :         struct path path;
     839             :         ssize_t error;
     840             : retry:
     841           0 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     842           0 :         if (error)
     843             :                 return error;
     844           0 :         error = listxattr(path.dentry, list, size);
     845           0 :         path_put(&path);
     846           0 :         if (retry_estale(error, lookup_flags)) {
     847           0 :                 lookup_flags |= LOOKUP_REVAL;
     848           0 :                 goto retry;
     849             :         }
     850             :         return error;
     851             : }
     852             : 
     853           0 : SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
     854             :                 size_t, size)
     855             : {
     856           0 :         return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
     857             : }
     858             : 
     859           0 : SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
     860             :                 size_t, size)
     861             : {
     862           0 :         return path_listxattr(pathname, list, size, 0);
     863             : }
     864             : 
     865           0 : SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
     866             : {
     867           0 :         struct fd f = fdget(fd);
     868           0 :         ssize_t error = -EBADF;
     869             : 
     870           0 :         if (!f.file)
     871             :                 return error;
     872           0 :         audit_file(f.file);
     873           0 :         error = listxattr(f.file->f_path.dentry, list, size);
     874           0 :         fdput(f);
     875             :         return error;
     876             : }
     877             : 
     878             : /*
     879             :  * Extended attribute REMOVE operations
     880             :  */
     881             : static long
     882           0 : removexattr(struct mnt_idmap *idmap, struct dentry *d,
     883             :             const char __user *name)
     884             : {
     885             :         int error;
     886             :         char kname[XATTR_NAME_MAX + 1];
     887             : 
     888           0 :         error = strncpy_from_user(kname, name, sizeof(kname));
     889           0 :         if (error == 0 || error == sizeof(kname))
     890           0 :                 error = -ERANGE;
     891           0 :         if (error < 0)
     892           0 :                 return error;
     893             : 
     894           0 :         if (is_posix_acl_xattr(kname))
     895             :                 return vfs_remove_acl(idmap, d, kname);
     896             : 
     897           0 :         return vfs_removexattr(idmap, d, kname);
     898             : }
     899             : 
     900           0 : static int path_removexattr(const char __user *pathname,
     901             :                             const char __user *name, unsigned int lookup_flags)
     902             : {
     903             :         struct path path;
     904             :         int error;
     905             : retry:
     906           0 :         error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
     907           0 :         if (error)
     908             :                 return error;
     909           0 :         error = mnt_want_write(path.mnt);
     910           0 :         if (!error) {
     911           0 :                 error = removexattr(mnt_idmap(path.mnt), path.dentry, name);
     912           0 :                 mnt_drop_write(path.mnt);
     913             :         }
     914           0 :         path_put(&path);
     915           0 :         if (retry_estale(error, lookup_flags)) {
     916           0 :                 lookup_flags |= LOOKUP_REVAL;
     917           0 :                 goto retry;
     918             :         }
     919             :         return error;
     920             : }
     921             : 
     922           0 : SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
     923             :                 const char __user *, name)
     924             : {
     925           0 :         return path_removexattr(pathname, name, LOOKUP_FOLLOW);
     926             : }
     927             : 
     928           0 : SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
     929             :                 const char __user *, name)
     930             : {
     931           0 :         return path_removexattr(pathname, name, 0);
     932             : }
     933             : 
     934           0 : SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
     935             : {
     936           0 :         struct fd f = fdget(fd);
     937           0 :         int error = -EBADF;
     938             : 
     939           0 :         if (!f.file)
     940             :                 return error;
     941           0 :         audit_file(f.file);
     942           0 :         error = mnt_want_write_file(f.file);
     943           0 :         if (!error) {
     944           0 :                 error = removexattr(file_mnt_idmap(f.file),
     945             :                                     f.file->f_path.dentry, name);
     946           0 :                 mnt_drop_write_file(f.file);
     947             :         }
     948           0 :         fdput(f);
     949           0 :         return error;
     950             : }
     951             : 
     952             : /*
     953             :  * Combine the results of the list() operation from every xattr_handler in the
     954             :  * list.
     955             :  */
     956             : ssize_t
     957           0 : generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
     958             : {
     959           0 :         const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
     960           0 :         unsigned int size = 0;
     961             : 
     962           0 :         if (!buffer) {
     963           0 :                 for_each_xattr_handler(handlers, handler) {
     964           0 :                         if (!handler->name ||
     965           0 :                             (handler->list && !handler->list(dentry)))
     966           0 :                                 continue;
     967           0 :                         size += strlen(handler->name) + 1;
     968             :                 }
     969             :         } else {
     970           0 :                 char *buf = buffer;
     971             :                 size_t len;
     972             : 
     973           0 :                 for_each_xattr_handler(handlers, handler) {
     974           0 :                         if (!handler->name ||
     975           0 :                             (handler->list && !handler->list(dentry)))
     976           0 :                                 continue;
     977           0 :                         len = strlen(handler->name);
     978           0 :                         if (len + 1 > buffer_size)
     979             :                                 return -ERANGE;
     980           0 :                         memcpy(buf, handler->name, len + 1);
     981           0 :                         buf += len + 1;
     982           0 :                         buffer_size -= len + 1;
     983             :                 }
     984           0 :                 size = buf - buffer;
     985             :         }
     986           0 :         return size;
     987             : }
     988             : EXPORT_SYMBOL(generic_listxattr);
     989             : 
     990             : /**
     991             :  * xattr_full_name  -  Compute full attribute name from suffix
     992             :  *
     993             :  * @handler:    handler of the xattr_handler operation
     994             :  * @name:       name passed to the xattr_handler operation
     995             :  *
     996             :  * The get and set xattr handler operations are called with the remainder of
     997             :  * the attribute name after skipping the handler's prefix: for example, "foo"
     998             :  * is passed to the get operation of a handler with prefix "user." to get
     999             :  * attribute "user.foo".  The full name is still "there" in the name though.
    1000             :  *
    1001             :  * Note: the list xattr handler operation when called from the vfs is passed a
    1002             :  * NULL name; some file systems use this operation internally, with varying
    1003             :  * semantics.
    1004             :  */
    1005           0 : const char *xattr_full_name(const struct xattr_handler *handler,
    1006             :                             const char *name)
    1007             : {
    1008           0 :         size_t prefix_len = strlen(xattr_prefix(handler));
    1009             : 
    1010           0 :         return name - prefix_len;
    1011             : }
    1012             : EXPORT_SYMBOL(xattr_full_name);
    1013             : 
    1014             : /**
    1015             :  * free_simple_xattr - free an xattr object
    1016             :  * @xattr: the xattr object
    1017             :  *
    1018             :  * Free the xattr object. Can handle @xattr being NULL.
    1019             :  */
    1020           0 : static inline void free_simple_xattr(struct simple_xattr *xattr)
    1021             : {
    1022           0 :         if (xattr)
    1023           0 :                 kfree(xattr->name);
    1024           0 :         kvfree(xattr);
    1025           0 : }
    1026             : 
    1027             : /**
    1028             :  * simple_xattr_alloc - allocate new xattr object
    1029             :  * @value: value of the xattr object
    1030             :  * @size: size of @value
    1031             :  *
    1032             :  * Allocate a new xattr object and initialize respective members. The caller is
    1033             :  * responsible for handling the name of the xattr.
    1034             :  *
    1035             :  * Return: On success a new xattr object is returned. On failure NULL is
    1036             :  * returned.
    1037             :  */
    1038           0 : struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
    1039             : {
    1040             :         struct simple_xattr *new_xattr;
    1041             :         size_t len;
    1042             : 
    1043             :         /* wrap around? */
    1044           0 :         len = sizeof(*new_xattr) + size;
    1045           0 :         if (len < sizeof(*new_xattr))
    1046             :                 return NULL;
    1047             : 
    1048           0 :         new_xattr = kvmalloc(len, GFP_KERNEL);
    1049           0 :         if (!new_xattr)
    1050             :                 return NULL;
    1051             : 
    1052           0 :         new_xattr->size = size;
    1053           0 :         memcpy(new_xattr->value, value, size);
    1054           0 :         return new_xattr;
    1055             : }
    1056             : 
    1057             : /**
    1058             :  * rbtree_simple_xattr_cmp - compare xattr name with current rbtree xattr entry
    1059             :  * @key: xattr name
    1060             :  * @node: current node
    1061             :  *
    1062             :  * Compare the xattr name with the xattr name attached to @node in the rbtree.
    1063             :  *
    1064             :  * Return: Negative value if continuing left, positive if continuing right, 0
    1065             :  * if the xattr attached to @node matches @key.
    1066             :  */
    1067             : static int rbtree_simple_xattr_cmp(const void *key, const struct rb_node *node)
    1068             : {
    1069           0 :         const char *xattr_name = key;
    1070             :         const struct simple_xattr *xattr;
    1071             : 
    1072           0 :         xattr = rb_entry(node, struct simple_xattr, rb_node);
    1073           0 :         return strcmp(xattr->name, xattr_name);
    1074             : }
    1075             : 
    1076             : /**
    1077             :  * rbtree_simple_xattr_node_cmp - compare two xattr rbtree nodes
    1078             :  * @new_node: new node
    1079             :  * @node: current node
    1080             :  *
    1081             :  * Compare the xattr attached to @new_node with the xattr attached to @node.
    1082             :  *
    1083             :  * Return: Negative value if continuing left, positive if continuing right, 0
    1084             :  * if the xattr attached to @new_node matches the xattr attached to @node.
    1085             :  */
    1086             : static int rbtree_simple_xattr_node_cmp(struct rb_node *new_node,
    1087             :                                         const struct rb_node *node)
    1088             : {
    1089             :         struct simple_xattr *xattr;
    1090           0 :         xattr = rb_entry(new_node, struct simple_xattr, rb_node);
    1091           0 :         return rbtree_simple_xattr_cmp(xattr->name, node);
    1092             : }
    1093             : 
    1094             : /**
    1095             :  * simple_xattr_get - get an xattr object
    1096             :  * @xattrs: the header of the xattr object
    1097             :  * @name: the name of the xattr to retrieve
    1098             :  * @buffer: the buffer to store the value into
    1099             :  * @size: the size of @buffer
    1100             :  *
    1101             :  * Try to find and retrieve the xattr object associated with @name.
    1102             :  * If @buffer is provided store the value of @xattr in @buffer
    1103             :  * otherwise just return the length. The size of @buffer is limited
    1104             :  * to XATTR_SIZE_MAX which currently is 65536.
    1105             :  *
    1106             :  * Return: On success the length of the xattr value is returned. On error a
    1107             :  * negative error code is returned.
    1108             :  */
    1109           0 : int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
    1110             :                      void *buffer, size_t size)
    1111             : {
    1112           0 :         struct simple_xattr *xattr = NULL;
    1113             :         struct rb_node *rbp;
    1114           0 :         int ret = -ENODATA;
    1115             : 
    1116           0 :         read_lock(&xattrs->lock);
    1117           0 :         rbp = rb_find(name, &xattrs->rb_root, rbtree_simple_xattr_cmp);
    1118           0 :         if (rbp) {
    1119           0 :                 xattr = rb_entry(rbp, struct simple_xattr, rb_node);
    1120           0 :                 ret = xattr->size;
    1121           0 :                 if (buffer) {
    1122           0 :                         if (size < xattr->size)
    1123             :                                 ret = -ERANGE;
    1124             :                         else
    1125           0 :                                 memcpy(buffer, xattr->value, xattr->size);
    1126             :                 }
    1127             :         }
    1128           0 :         read_unlock(&xattrs->lock);
    1129           0 :         return ret;
    1130             : }
    1131             : 
    1132             : /**
    1133             :  * simple_xattr_set - set an xattr object
    1134             :  * @xattrs: the header of the xattr object
    1135             :  * @name: the name of the xattr to retrieve
    1136             :  * @value: the value to store along the xattr
    1137             :  * @size: the size of @value
    1138             :  * @flags: the flags determining how to set the xattr
    1139             :  * @removed_size: the size of the removed xattr
    1140             :  *
    1141             :  * Set a new xattr object.
    1142             :  * If @value is passed a new xattr object will be allocated. If XATTR_REPLACE
    1143             :  * is specified in @flags a matching xattr object for @name must already exist.
    1144             :  * If it does it will be replaced with the new xattr object. If it doesn't we
    1145             :  * fail. If XATTR_CREATE is specified and a matching xattr does already exist
    1146             :  * we fail. If it doesn't we create a new xattr. If @flags is zero we simply
    1147             :  * insert the new xattr replacing any existing one.
    1148             :  *
    1149             :  * If @value is empty and a matching xattr object is found we delete it if
    1150             :  * XATTR_REPLACE is specified in @flags or @flags is zero.
    1151             :  *
    1152             :  * If @value is empty and no matching xattr object for @name is found we do
    1153             :  * nothing if XATTR_CREATE is specified in @flags or @flags is zero. For
    1154             :  * XATTR_REPLACE we fail as mentioned above.
    1155             :  *
    1156             :  * Return: On success zero and on error a negative error code is returned.
    1157             :  */
    1158           0 : int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
    1159             :                      const void *value, size_t size, int flags,
    1160             :                      ssize_t *removed_size)
    1161             : {
    1162           0 :         struct simple_xattr *xattr = NULL, *new_xattr = NULL;
    1163           0 :         struct rb_node *parent = NULL, **rbp;
    1164           0 :         int err = 0, ret;
    1165             : 
    1166           0 :         if (removed_size)
    1167           0 :                 *removed_size = -1;
    1168             : 
    1169             :         /* value == NULL means remove */
    1170           0 :         if (value) {
    1171           0 :                 new_xattr = simple_xattr_alloc(value, size);
    1172           0 :                 if (!new_xattr)
    1173             :                         return -ENOMEM;
    1174             : 
    1175           0 :                 new_xattr->name = kstrdup(name, GFP_KERNEL);
    1176           0 :                 if (!new_xattr->name) {
    1177           0 :                         free_simple_xattr(new_xattr);
    1178           0 :                         return -ENOMEM;
    1179             :                 }
    1180             :         }
    1181             : 
    1182           0 :         write_lock(&xattrs->lock);
    1183           0 :         rbp = &xattrs->rb_root.rb_node;
    1184           0 :         while (*rbp) {
    1185           0 :                 parent = *rbp;
    1186           0 :                 ret = rbtree_simple_xattr_cmp(name, *rbp);
    1187           0 :                 if (ret < 0)
    1188           0 :                         rbp = &(*rbp)->rb_left;
    1189           0 :                 else if (ret > 0)
    1190           0 :                         rbp = &(*rbp)->rb_right;
    1191             :                 else
    1192           0 :                         xattr = rb_entry(*rbp, struct simple_xattr, rb_node);
    1193           0 :                 if (xattr)
    1194             :                         break;
    1195             :         }
    1196             : 
    1197           0 :         if (xattr) {
    1198             :                 /* Fail if XATTR_CREATE is requested and the xattr exists. */
    1199           0 :                 if (flags & XATTR_CREATE) {
    1200             :                         err = -EEXIST;
    1201             :                         goto out_unlock;
    1202             :                 }
    1203             : 
    1204           0 :                 if (new_xattr)
    1205           0 :                         rb_replace_node(&xattr->rb_node, &new_xattr->rb_node,
    1206             :                                         &xattrs->rb_root);
    1207             :                 else
    1208           0 :                         rb_erase(&xattr->rb_node, &xattrs->rb_root);
    1209           0 :                 if (!err && removed_size)
    1210           0 :                         *removed_size = xattr->size;
    1211             :         } else {
    1212             :                 /* Fail if XATTR_REPLACE is requested but no xattr is found. */
    1213           0 :                 if (flags & XATTR_REPLACE) {
    1214             :                         err = -ENODATA;
    1215             :                         goto out_unlock;
    1216             :                 }
    1217             : 
    1218             :                 /*
    1219             :                  * If XATTR_CREATE or no flags are specified together with a
    1220             :                  * new value simply insert it.
    1221             :                  */
    1222           0 :                 if (new_xattr) {
    1223           0 :                         rb_link_node(&new_xattr->rb_node, parent, rbp);
    1224           0 :                         rb_insert_color(&new_xattr->rb_node, &xattrs->rb_root);
    1225             :                 }
    1226             : 
    1227             :                 /*
    1228             :                  * If XATTR_CREATE or no flags are specified and neither an
    1229             :                  * old or new xattr exist then we don't need to do anything.
    1230             :                  */
    1231             :         }
    1232             : 
    1233             : out_unlock:
    1234           0 :         write_unlock(&xattrs->lock);
    1235           0 :         if (err)
    1236           0 :                 free_simple_xattr(new_xattr);
    1237             :         else
    1238           0 :                 free_simple_xattr(xattr);
    1239             :         return err;
    1240             : 
    1241             : }
    1242             : 
    1243             : static bool xattr_is_trusted(const char *name)
    1244             : {
    1245           0 :         return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
    1246             : }
    1247             : 
    1248           0 : static int xattr_list_one(char **buffer, ssize_t *remaining_size,
    1249             :                           const char *name)
    1250             : {
    1251           0 :         size_t len = strlen(name) + 1;
    1252           0 :         if (*buffer) {
    1253           0 :                 if (*remaining_size < len)
    1254             :                         return -ERANGE;
    1255           0 :                 memcpy(*buffer, name, len);
    1256           0 :                 *buffer += len;
    1257             :         }
    1258           0 :         *remaining_size -= len;
    1259           0 :         return 0;
    1260             : }
    1261             : 
    1262             : /**
    1263             :  * simple_xattr_list - list all xattr objects
    1264             :  * @inode: inode from which to get the xattrs
    1265             :  * @xattrs: the header of the xattr object
    1266             :  * @buffer: the buffer to store all xattrs into
    1267             :  * @size: the size of @buffer
    1268             :  *
    1269             :  * List all xattrs associated with @inode. If @buffer is NULL we returned
    1270             :  * the required size of the buffer. If @buffer is provided we store the
    1271             :  * xattrs value into it provided it is big enough.
    1272             :  *
    1273             :  * Note, the number of xattr names that can be listed with listxattr(2) is
    1274             :  * limited to XATTR_LIST_MAX aka 65536 bytes. If a larger buffer is passed
    1275             :  * then vfs_listxattr() caps it to XATTR_LIST_MAX and if more xattr names
    1276             :  * are found it will return -E2BIG.
    1277             :  *
    1278             :  * Return: On success the required size or the size of the copied xattrs is
    1279             :  * returned. On error a negative error code is returned.
    1280             :  */
    1281           0 : ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
    1282             :                           char *buffer, size_t size)
    1283             : {
    1284           0 :         bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
    1285             :         struct simple_xattr *xattr;
    1286             :         struct rb_node *rbp;
    1287           0 :         ssize_t remaining_size = size;
    1288           0 :         int err = 0;
    1289             : 
    1290             : #ifdef CONFIG_FS_POSIX_ACL
    1291             :         if (IS_POSIXACL(inode)) {
    1292             :                 if (inode->i_acl) {
    1293             :                         err = xattr_list_one(&buffer, &remaining_size,
    1294             :                                              XATTR_NAME_POSIX_ACL_ACCESS);
    1295             :                         if (err)
    1296             :                                 return err;
    1297             :                 }
    1298             :                 if (inode->i_default_acl) {
    1299             :                         err = xattr_list_one(&buffer, &remaining_size,
    1300             :                                              XATTR_NAME_POSIX_ACL_DEFAULT);
    1301             :                         if (err)
    1302             :                                 return err;
    1303             :                 }
    1304             :         }
    1305             : #endif
    1306             : 
    1307           0 :         read_lock(&xattrs->lock);
    1308           0 :         for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
    1309           0 :                 xattr = rb_entry(rbp, struct simple_xattr, rb_node);
    1310             : 
    1311             :                 /* skip "trusted." attributes for unprivileged callers */
    1312           0 :                 if (!trusted && xattr_is_trusted(xattr->name))
    1313           0 :                         continue;
    1314             : 
    1315           0 :                 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
    1316           0 :                 if (err)
    1317             :                         break;
    1318             :         }
    1319           0 :         read_unlock(&xattrs->lock);
    1320             : 
    1321           0 :         return err ? err : size - remaining_size;
    1322             : }
    1323             : 
    1324             : /**
    1325             :  * rbtree_simple_xattr_less - compare two xattr rbtree nodes
    1326             :  * @new_node: new node
    1327             :  * @node: current node
    1328             :  *
    1329             :  * Compare the xattr attached to @new_node with the xattr attached to @node.
    1330             :  * Note that this function technically tolerates duplicate entries.
    1331             :  *
    1332             :  * Return: True if insertion point in the rbtree is found.
    1333             :  */
    1334             : static bool rbtree_simple_xattr_less(struct rb_node *new_node,
    1335             :                                      const struct rb_node *node)
    1336             : {
    1337           0 :         return rbtree_simple_xattr_node_cmp(new_node, node) < 0;
    1338             : }
    1339             : 
    1340             : /**
    1341             :  * simple_xattr_add - add xattr objects
    1342             :  * @xattrs: the header of the xattr object
    1343             :  * @new_xattr: the xattr object to add
    1344             :  *
    1345             :  * Add an xattr object to @xattrs. This assumes no replacement or removal
    1346             :  * of matching xattrs is wanted. Should only be called during inode
    1347             :  * initialization when a few distinct initial xattrs are supposed to be set.
    1348             :  */
    1349           0 : void simple_xattr_add(struct simple_xattrs *xattrs,
    1350             :                       struct simple_xattr *new_xattr)
    1351             : {
    1352           0 :         write_lock(&xattrs->lock);
    1353           0 :         rb_add(&new_xattr->rb_node, &xattrs->rb_root, rbtree_simple_xattr_less);
    1354           0 :         write_unlock(&xattrs->lock);
    1355           0 : }
    1356             : 
    1357             : /**
    1358             :  * simple_xattrs_init - initialize new xattr header
    1359             :  * @xattrs: header to initialize
    1360             :  *
    1361             :  * Initialize relevant fields of a an xattr header.
    1362             :  */
    1363           1 : void simple_xattrs_init(struct simple_xattrs *xattrs)
    1364             : {
    1365           1 :         xattrs->rb_root = RB_ROOT;
    1366             :         rwlock_init(&xattrs->lock);
    1367           1 : }
    1368             : 
    1369             : /**
    1370             :  * simple_xattrs_free - free xattrs
    1371             :  * @xattrs: xattr header whose xattrs to destroy
    1372             :  *
    1373             :  * Destroy all xattrs in @xattr. When this is called no one can hold a
    1374             :  * reference to any of the xattrs anymore.
    1375             :  */
    1376           0 : void simple_xattrs_free(struct simple_xattrs *xattrs)
    1377             : {
    1378             :         struct rb_node *rbp;
    1379             : 
    1380           0 :         rbp = rb_first(&xattrs->rb_root);
    1381           0 :         while (rbp) {
    1382             :                 struct simple_xattr *xattr;
    1383             :                 struct rb_node *rbp_next;
    1384             : 
    1385           0 :                 rbp_next = rb_next(rbp);
    1386           0 :                 xattr = rb_entry(rbp, struct simple_xattr, rb_node);
    1387           0 :                 rb_erase(&xattr->rb_node, &xattrs->rb_root);
    1388           0 :                 free_simple_xattr(xattr);
    1389           0 :                 rbp = rbp_next;
    1390             :         }
    1391           0 : }

Generated by: LCOV version 1.14