[linux.git] / fs / xattr.c

/*
  File: fs/xattr.c

  Extended attribute handling.

  Copyright (C) 2001 by Andreas Gruenbacher <[email protected]>
  Copyright (C) 2001 SGI - Silicon Graphics, Inc <[email protected]>
  Copyright (c) 2004 Red Hat, Inc., James Morris <[email protected]>
 */
#include <linux/fs.h>
#include <linux/slab.h>
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/mount.h>
#include <linux/namei.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/module.h>
#include <linux/fsnotify.h>
#include <linux/audit.h>
#include <asm/uaccess.h>


/*
 * Check permissions for extended attribute access.  This is a bit complicated
 * because different namespaces have very different rules.
 */
static int
xattr_permission(struct inode *inode, const char *name, int mask)
{
	/*
	 * We can never set or remove an extended attribute on a read-only
	 * filesystem  or on an immutable / append-only inode.
	 */
	if (mask & MAY_WRITE) {
		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
			return -EPERM;
	}

	/*
	 * No restriction for security.* and system.* from the VFS.  Decision
	 * on these is left to the underlying filesystem / security module.
	 */
	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
		return 0;

	/*
	 * The trusted.* namespace can only be accessed by a privileged user.
	 */
	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
		return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);

	/* In user.* namespace, only regular files and directories can have
	 * extended attributes. For sticky directories, only the owner and
	 * privileged user can write attributes.
	 */
	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
			return -EPERM;
		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
		    (mask & MAY_WRITE) && !is_owner_or_cap(inode))
			return -EPERM;
	}

	return inode_permission(inode, mask);
}

/**
 *  __vfs_setxattr_noperm - perform setxattr operation without performing
 *  permission checks.
 *
 *  @dentry - object to perform setxattr on
 *  @name - xattr name to set
 *  @value - value to set @name to
 *  @size - size of @value
 *  @flags - flags to pass into filesystem operations
 *
 *  returns the result of the internal setxattr or setsecurity operations.
 *
 *  This function requires the caller to lock the inode's i_mutex before it
 *  is executed. It also assumes that the caller will make the appropriate
 *  permission checks.
 */
int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
		const void *value, size_t size, int flags)
{
	struct inode *inode = dentry->d_inode;
	int error = -EOPNOTSUPP;

	if (inode->i_op->setxattr) {
		error = inode->i_op->setxattr(dentry, name, value, size, flags);
		if (!error) {
			fsnotify_xattr(dentry);
			security_inode_post_setxattr(dentry, name, value,
						     size, flags);
		}
	} else if (!strncmp(name, XATTR_SECURITY_PREFIX,
				XATTR_SECURITY_PREFIX_LEN)) {
		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
		error = security_inode_setsecurity(inode, suffix, value,
						   size, flags);
		if (!error)
			fsnotify_xattr(dentry);
	}

	return error;
}


int
vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
		size_t size, int flags)
{
	struct inode *inode = dentry->d_inode;
	int error;

	error = xattr_permission(inode, name, MAY_WRITE);
	if (error)
		return error;

	mutex_lock(&inode->i_mutex);
	error = security_inode_setxattr(dentry, name, value, size, flags);
	if (error)
		goto out;

	error = __vfs_setxattr_noperm(dentry, name, value, size, flags);

out:
	mutex_unlock(&inode->i_mutex);
	return error;
}
EXPORT_SYMBOL_GPL(vfs_setxattr);

ssize_t
xattr_getsecurity(struct inode *inode, const char *name, void *value,
			size_t size)
{
	void *buffer = NULL;
	ssize_t len;

	if (!value || !size) {
		len = security_inode_getsecurity(inode, name, &buffer, false);
		goto out_noalloc;
	}

	len = security_inode_getsecurity(inode, name, &buffer, true);
	if (len < 0)
		return len;
	if (size < len) {
		len = -ERANGE;
		goto out;
	}
	memcpy(value, buffer, len);
out:
	security_release_secctx(buffer, len);
out_noalloc:
	return len;
}
EXPORT_SYMBOL_GPL(xattr_getsecurity);

ssize_t
vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
{
	struct inode *inode = dentry->d_inode;
	int error;

	error = xattr_permission(inode, name, MAY_READ);
	if (error)
		return error;

	error = security_inode_getxattr(dentry, name);
	if (error)
		return error;

	if (!strncmp(name, XATTR_SECURITY_PREFIX,
				XATTR_SECURITY_PREFIX_LEN)) {
		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
		int ret = xattr_getsecurity(inode, suffix, value, size);
		/*
		 * Only overwrite the return value if a security module
		 * is actually active.
		 */
		if (ret == -EOPNOTSUPP)
			goto nolsm;
		return ret;
	}
nolsm:
	if (inode->i_op->getxattr)
		error = inode->i_op->getxattr(dentry, name, value, size);
	else
		error = -EOPNOTSUPP;

	return error;
}
EXPORT_SYMBOL_GPL(vfs_getxattr);

ssize_t
vfs_listxattr(struct dentry *d, char *list, size_t size)
{
	ssize_t error;

	error = security_inode_listxattr(d);
	if (error)
		return error;
	error = -EOPNOTSUPP;
	if (d->d_inode->i_op->listxattr) {
		error = d->d_inode->i_op->listxattr(d, list, size);
	} else {
		error = security_inode_listsecurity(d->d_inode, list, size);
		if (size && error > size)
			error = -ERANGE;
	}
	return error;
}
EXPORT_SYMBOL_GPL(vfs_listxattr);

int
vfs_removexattr(struct dentry *dentry, const char *name)
{
	struct inode *inode = dentry->d_inode;
	int error;

	if (!inode->i_op->removexattr)
		return -EOPNOTSUPP;

	error = xattr_permission(inode, name, MAY_WRITE);
	if (error)
		return error;

	error = security_inode_removexattr(dentry, name);
	if (error)
		return error;

	mutex_lock(&inode->i_mutex);
	error = inode->i_op->removexattr(dentry, name);
	mutex_unlock(&inode->i_mutex);

	if (!error)
		fsnotify_xattr(dentry);
	return error;
}
EXPORT_SYMBOL_GPL(vfs_removexattr);


/*
 * Extended attribute SET operations
 */
static long
setxattr(struct dentry *d, const char __user *name, const void __user *value,
	 size_t size, int flags)
{
	int error;
	void *kvalue = NULL;
	char kname[XATTR_NAME_MAX + 1];

	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
		return -EINVAL;

	error = strncpy_from_user(kname, name, sizeof(kname));
	if (error == 0 || error == sizeof(kname))
		error = -ERANGE;
	if (error < 0)
		return error;

	if (size) {
		if (size > XATTR_SIZE_MAX)
			return -E2BIG;
		kvalue = memdup_user(value, size);
		if (IS_ERR(kvalue))
			return PTR_ERR(kvalue);
	}

	error = vfs_setxattr(d, kname, kvalue, size, flags);
	kfree(kvalue);
	return error;
}

SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
		const char __user *, name, const void __user *, value,
		size_t, size, int, flags)
{
	struct path path;
	int error;

	error = user_path(pathname, &path);
	if (error)
		return error;
	error = mnt_want_write(path.mnt);
	if (!error) {
		error = setxattr(path.dentry, name, value, size, flags);
		mnt_drop_write(path.mnt);
	}
	path_put(&path);
	return error;
}

SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
		const char __user *, name, const void __user *, value,
		size_t, size, int, flags)
{
	struct path path;
	int error;

	error = user_lpath(pathname, &path);
	if (error)
		return error;
	error = mnt_want_write(path.mnt);
	if (!error) {
		error = setxattr(path.dentry, name, value, size, flags);
		mnt_drop_write(path.mnt);
	}
	path_put(&path);
	return error;
}

SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
		const void __user *,value, size_t, size, int, flags)
{
	struct file *f;
	struct dentry *dentry;
	int error = -EBADF;

	f = fget(fd);
	if (!f)
		return error;
	dentry = f->f_path.dentry;
	audit_inode(NULL, dentry);
	error = mnt_want_write_file(f);
	if (!error) {
		error = setxattr(dentry, name, value, size, flags);
		mnt_drop_write(f->f_path.mnt);
	}
	fput(f);
	return error;
}

/*
 * Extended attribute GET operations
 */
static ssize_t
getxattr(struct dentry *d, const char __user *name, void __user *value,
	 size_t size)
{
	ssize_t error;
	void *kvalue = NULL;
	char kname[XATTR_NAME_MAX + 1];

	error = strncpy_from_user(kname, name, sizeof(kname));
	if (error == 0 || error == sizeof(kname))
		error = -ERANGE;
	if (error < 0)
		return error;

	if (size) {
		if (size > XATTR_SIZE_MAX)
			size = XATTR_SIZE_MAX;
		kvalue = kzalloc(size, GFP_KERNEL);
		if (!kvalue)
			return -ENOMEM;
	}

	error = vfs_getxattr(d, kname, kvalue, size);
	if (error > 0) {
		if (size && copy_to_user(value, kvalue, error))
			error = -EFAULT;
	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
		/* The file system tried to returned a value bigger
		   than XATTR_SIZE_MAX bytes. Not possible. */
		error = -E2BIG;
	}
	kfree(kvalue);
	return error;
}

SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
		const char __user *, name, void __user *, value, size_t, size)
{
	struct path path;
	ssize_t error;

	error = user_path(pathname, &path);
	if (error)
		return error;
	error = getxattr(path.dentry, name, value, size);
	path_put(&path);
	return error;
}

SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
		const char __user *, name, void __user *, value, size_t, size)
{
	struct path path;
	ssize_t error;

	error = user_lpath(pathname, &path);
	if (error)
		return error;
	error = getxattr(path.dentry, name, value, size);
	path_put(&path);
	return error;
}

SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
		void __user *, value, size_t, size)
{
	struct file *f;
	ssize_t error = -EBADF;

	f = fget(fd);
	if (!f)
		return error;
	audit_inode(NULL, f->f_path.dentry);
	error = getxattr(f->f_path.dentry, name, value, size);
	fput(f);
	return error;
}

/*
 * Extended attribute LIST operations
 */
static ssize_t
listxattr(struct dentry *d, char __user *list, size_t size)
{
	ssize_t error;
	char *klist = NULL;

	if (size) {
		if (size > XATTR_LIST_MAX)
			size = XATTR_LIST_MAX;
		klist = kmalloc(size, GFP_KERNEL);
		if (!klist)
			return -ENOMEM;
	}

	error = vfs_listxattr(d, klist, size);
	if (error > 0) {
		if (size && copy_to_user(list, klist, error))
			error = -EFAULT;
	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
		/* The file system tried to returned a list bigger
		   than XATTR_LIST_MAX bytes. Not possible. */
		error = -E2BIG;
	}
	kfree(klist);
	return error;
}

SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
		size_t, size)
{
	struct path path;
	ssize_t error;

	error = user_path(pathname, &path);
	if (error)
		return error;
	error = listxattr(path.dentry, list, size);
	path_put(&path);
	return error;
}

SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
		size_t, size)
{
	struct path path;
	ssize_t error;

	error = user_lpath(pathname, &path);
	if (error)
		return error;
	error = listxattr(path.dentry, list, size);
	path_put(&path);
	return error;
}

SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
{
	struct file *f;
	ssize_t error = -EBADF;

	f = fget(fd);
	if (!f)
		return error;
	audit_inode(NULL, f->f_path.dentry);
	error = listxattr(f->f_path.dentry, list, size);
	fput(f);
	return error;
}

/*
 * Extended attribute REMOVE operations
 */
static long
removexattr(struct dentry *d, const char __user *name)
{
	int error;
	char kname[XATTR_NAME_MAX + 1];

	error = strncpy_from_user(kname, name, sizeof(kname));
	if (error == 0 || error == sizeof(kname))
		error = -ERANGE;
	if (error < 0)
		return error;

	return vfs_removexattr(d, kname);
}

SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
		const char __user *, name)
{
	struct path path;
	int error;

	error = user_path(pathname, &path);
	if (error)
		return error;
	error = mnt_want_write(path.mnt);
	if (!error) {
		error = removexattr(path.dentry, name);
		mnt_drop_write(path.mnt);
	}
	path_put(&path);
	return error;
}

SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
		const char __user *, name)
{
	struct path path;
	int error;

	error = user_lpath(pathname, &path);
	if (error)
		return error;
	error = mnt_want_write(path.mnt);
	if (!error) {
		error = removexattr(path.dentry, name);
		mnt_drop_write(path.mnt);
	}
	path_put(&path);
	return error;
}

SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
{
	struct file *f;
	struct dentry *dentry;
	int error = -EBADF;

	f = fget(fd);
	if (!f)
		return error;
	dentry = f->f_path.dentry;
	audit_inode(NULL, dentry);
	error = mnt_want_write_file(f);
	if (!error) {
		error = removexattr(dentry, name);
		mnt_drop_write(f->f_path.mnt);
	}
	fput(f);
	return error;
}


static const char *
strcmp_prefix(const char *a, const char *a_prefix)
{
	while (*a_prefix && *a == *a_prefix) {
		a++;
		a_prefix++;
	}
	return *a_prefix ? NULL : a;
}

/*
 * In order to implement different sets of xattr operations for each xattr
 * prefix with the generic xattr API, a filesystem should create a
 * null-terminated array of struct xattr_handler (one for each prefix) and
 * hang a pointer to it off of the s_xattr field of the superblock.
 *
 * The generic_fooxattr() functions will use this list to dispatch xattr
 * operations to the correct xattr_handler.
 */
#define for_each_xattr_handler(handlers, handler)		\
		for ((handler) = *(handlers)++;			\
			(handler) != NULL;			\
			(handler) = *(handlers)++)

/*
 * Find the xattr_handler with the matching prefix.
 */
static struct xattr_handler *
xattr_resolve_name(struct xattr_handler **handlers, const char **name)
{
	struct xattr_handler *handler;

	if (!*name)
		return NULL;

	for_each_xattr_handler(handlers, handler) {
		const char *n = strcmp_prefix(*name, handler->prefix);
		if (n) {
			*name = n;
			break;
		}
	}
	return handler;
}

/*
 * Find the handler for the prefix and dispatch its get() operation.
 */
ssize_t
generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
{
	struct xattr_handler *handler;
	struct inode *inode = dentry->d_inode;

	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
	if (!handler)
		return -EOPNOTSUPP;
	return handler->get(inode, name, buffer, size);
}

/*
 * Combine the results of the list() operation from every xattr_handler in the
 * list.
 */
ssize_t
generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
{
	struct inode *inode = dentry->d_inode;
	struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr;
	unsigned int size = 0;

	if (!buffer) {
		for_each_xattr_handler(handlers, handler)
			size += handler->list(inode, NULL, 0, NULL, 0);
	} else {
		char *buf = buffer;

		for_each_xattr_handler(handlers, handler) {
			size = handler->list(inode, buf, buffer_size, NULL, 0);
			if (size > buffer_size)
				return -ERANGE;
			buf += size;
			buffer_size -= size;
		}
		size = buf - buffer;
	}
	return size;
}

/*
 * Find the handler for the prefix and dispatch its set() operation.
 */
int
generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
{
	struct xattr_handler *handler;
	struct inode *inode = dentry->d_inode;

	if (size == 0)
		value = "";  /* empty EA, do not remove */
	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
	if (!handler)
		return -EOPNOTSUPP;
	return handler->set(inode, name, value, size, flags);
}

/*
 * Find the handler for the prefix and dispatch its set() operation to remove
 * any associated extended attribute.
 */
int
generic_removexattr(struct dentry *dentry, const char *name)
{
	struct xattr_handler *handler;
	struct inode *inode = dentry->d_inode;

	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
	if (!handler)
		return -EOPNOTSUPP;
	return handler->set(inode, name, NULL, 0, XATTR_REPLACE);
}

EXPORT_SYMBOL(generic_getxattr);
EXPORT_SYMBOL(generic_listxattr);
EXPORT_SYMBOL(generic_setxattr);
EXPORT_SYMBOL(generic_removexattr);
Commit	Line	Data
1da177e4 LT	1	/*
	2	File: fs/xattr.c
	3
	4	Extended attribute handling.
	5
	6	Copyright (C) 2001 by Andreas Gruenbacher <[email protected]>
	7	Copyright (C) 2001 SGI - Silicon Graphics, Inc <[email protected]>
	8	Copyright (c) 2004 Red Hat, Inc., James Morris <[email protected]>
	9	*/
	10	#include <linux/fs.h>
	11	#include <linux/slab.h>
1da177e4 LT	12	#include <linux/file.h>
1da177e4 LT	13	#include <linux/xattr.h>
18f335af	14	#include <linux/mount.h>
1da177e4 LT	15	#include <linux/namei.h>
	16	#include <linux/security.h>
	17	#include <linux/syscalls.h>
	18	#include <linux/module.h>
0eeca283	19	#include <linux/fsnotify.h>
73241ccc	20	#include <linux/audit.h>
1da177e4 LT	21	#include <asm/uaccess.h>
1da177e4 LT	22
5be196e5	23
e0ad7b07	24	/*
	25	* Check permissions for extended attribute access. This is a bit complicated
	26	* because different namespaces have very different rules.
	27	*/
	28	static int
	29	xattr_permission(struct inode inode, const char name, int mask)
	30	{
	31	/*
	32	* We can never set or remove an extended attribute on a read-only
	33	* filesystem or on an immutable / append-only inode.
	34	*/
	35	if (mask & MAY_WRITE) {
e0ad7b07	36	if (IS_IMMUTABLE(inode) \|\| IS_APPEND(inode))
	37	return -EPERM;
	38	}
	39
	40	/*
	41	* No restriction for security.* and system.* from the VFS. Decision
	42	* on these is left to the underlying filesystem / security module.
	43	*/
	44	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) \|\|
	45	!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
	46	return 0;
	47
	48	/*
f1f2d871	49	* The trusted.* namespace can only be accessed by a privileged user.
e0ad7b07	50	*/
	51	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
	52	return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
	53
f1f2d871 AG	54	/* In user.* namespace, only regular files and directories can have
	55	* extended attributes. For sticky directories, only the owner and
	56	* privileged user can write attributes.
	57	*/
e0ad7b07	58	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
f1f2d871 AG	59	if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
	60	return -EPERM;
	61	if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
3bd858ab	62	(mask & MAY_WRITE) && !is_owner_or_cap(inode))
e0ad7b07	63	return -EPERM;
	64	}
	65
f419a2e3	66	return inode_permission(inode, mask);
e0ad7b07	67	}
e0ad7b07	68
b1ab7e4b DQ	69	/**
	70	* __vfs_setxattr_noperm - perform setxattr operation without performing
	71	* permission checks.
	72	*
	73	* @dentry - object to perform setxattr on
	74	* @name - xattr name to set
	75	* @value - value to set @name to
	76	* @size - size of @value
	77	* @flags - flags to pass into filesystem operations
	78	*
	79	* returns the result of the internal setxattr or setsecurity operations.
	80	*
	81	* This function requires the caller to lock the inode's i_mutex before it
	82	* is executed. It also assumes that the caller will make the appropriate
	83	* permission checks.
	84	*/
	85	int __vfs_setxattr_noperm(struct dentry dentry, const char name,
	86	const void *value, size_t size, int flags)
5be196e5 CH	87	{
5be196e5 CH	88	struct inode *inode = dentry->d_inode;
b1ab7e4b	89	int error = -EOPNOTSUPP;
e0ad7b07	90
5be196e5 CH	91	if (inode->i_op->setxattr) {
	92	error = inode->i_op->setxattr(dentry, name, value, size, flags);
	93	if (!error) {
	94	fsnotify_xattr(dentry);
	95	security_inode_post_setxattr(dentry, name, value,
	96	size, flags);
	97	}
	98	} else if (!strncmp(name, XATTR_SECURITY_PREFIX,
e0ad7b07	99	XATTR_SECURITY_PREFIX_LEN)) {
e0ad7b07	100	const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
5be196e5 CH	101	error = security_inode_setsecurity(inode, suffix, value,
	102	size, flags);
	103	if (!error)
	104	fsnotify_xattr(dentry);
	105	}
b1ab7e4b DQ	106
	107	return error;
	108	}
	109
	110
	111	int
	112	vfs_setxattr(struct dentry dentry, const char name, const void *value,
	113	size_t size, int flags)
	114	{
	115	struct inode *inode = dentry->d_inode;
	116	int error;
	117
	118	error = xattr_permission(inode, name, MAY_WRITE);
	119	if (error)
	120	return error;
	121
	122	mutex_lock(&inode->i_mutex);
	123	error = security_inode_setxattr(dentry, name, value, size, flags);
	124	if (error)
	125	goto out;
	126
	127	error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
	128
5be196e5 CH	129	out:
	130	mutex_unlock(&inode->i_mutex);
	131	return error;
	132	}
	133	EXPORT_SYMBOL_GPL(vfs_setxattr);
	134
42492594 DQ	135	ssize_t
	136	xattr_getsecurity(struct inode inode, const char name, void *value,
	137	size_t size)
	138	{
	139	void *buffer = NULL;
	140	ssize_t len;
	141
	142	if (!value \|\| !size) {
	143	len = security_inode_getsecurity(inode, name, &buffer, false);
	144	goto out_noalloc;
	145	}
	146
	147	len = security_inode_getsecurity(inode, name, &buffer, true);
	148	if (len < 0)
	149	return len;
	150	if (size < len) {
	151	len = -ERANGE;
	152	goto out;
	153	}
	154	memcpy(value, buffer, len);
	155	out:
	156	security_release_secctx(buffer, len);
	157	out_noalloc:
	158	return len;
	159	}
	160	EXPORT_SYMBOL_GPL(xattr_getsecurity);
	161
5be196e5	162	ssize_t
8f0cfa52	163	vfs_getxattr(struct dentry dentry, const char name, void *value, size_t size)
5be196e5 CH	164	{
	165	struct inode *inode = dentry->d_inode;
	166	int error;
	167
e0ad7b07	168	error = xattr_permission(inode, name, MAY_READ);
	169	if (error)
	170	return error;
	171
5be196e5 CH	172	error = security_inode_getxattr(dentry, name);
	173	if (error)
	174	return error;
	175
5be196e5	176	if (!strncmp(name, XATTR_SECURITY_PREFIX,
e0ad7b07	177	XATTR_SECURITY_PREFIX_LEN)) {
e0ad7b07	178	const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
42492594	179	int ret = xattr_getsecurity(inode, suffix, value, size);
5be196e5 CH	180	/*
	181	* Only overwrite the return value if a security module
	182	* is actually active.
	183	*/
4bea5805 DQ	184	if (ret == -EOPNOTSUPP)
	185	goto nolsm;
	186	return ret;
5be196e5	187	}
4bea5805 DQ	188	nolsm:
	189	if (inode->i_op->getxattr)
	190	error = inode->i_op->getxattr(dentry, name, value, size);
	191	else
	192	error = -EOPNOTSUPP;
5be196e5 CH	193
	194	return error;
	195	}
	196	EXPORT_SYMBOL_GPL(vfs_getxattr);
	197
659564c8 BN	198	ssize_t
	199	vfs_listxattr(struct dentry d, char list, size_t size)
	200	{
	201	ssize_t error;
	202
	203	error = security_inode_listxattr(d);
	204	if (error)
	205	return error;
	206	error = -EOPNOTSUPP;
acfa4380	207	if (d->d_inode->i_op->listxattr) {
659564c8 BN	208	error = d->d_inode->i_op->listxattr(d, list, size);
	209	} else {
	210	error = security_inode_listsecurity(d->d_inode, list, size);
	211	if (size && error > size)
	212	error = -ERANGE;
	213	}
	214	return error;
	215	}
	216	EXPORT_SYMBOL_GPL(vfs_listxattr);
	217
5be196e5	218	int
8f0cfa52	219	vfs_removexattr(struct dentry dentry, const char name)
5be196e5 CH	220	{
	221	struct inode *inode = dentry->d_inode;
	222	int error;
	223
	224	if (!inode->i_op->removexattr)
	225	return -EOPNOTSUPP;
	226
e0ad7b07	227	error = xattr_permission(inode, name, MAY_WRITE);
	228	if (error)
	229	return error;
	230
5be196e5 CH	231	error = security_inode_removexattr(dentry, name);
	232	if (error)
	233	return error;
	234
	235	mutex_lock(&inode->i_mutex);
	236	error = inode->i_op->removexattr(dentry, name);
	237	mutex_unlock(&inode->i_mutex);
	238
	239	if (!error)
	240	fsnotify_xattr(dentry);
	241	return error;
	242	}
	243	EXPORT_SYMBOL_GPL(vfs_removexattr);
	244
	245
1da177e4 LT	246	/*
	247	* Extended attribute SET operations
	248	*/
	249	static long
8f0cfa52	250	setxattr(struct dentry d, const char __user name, const void __user *value,
1da177e4 LT	251	size_t size, int flags)
	252	{
	253	int error;
	254	void *kvalue = NULL;
	255	char kname[XATTR_NAME_MAX + 1];
	256
	257	if (flags & ~(XATTR_CREATE\|XATTR_REPLACE))
	258	return -EINVAL;
	259
	260	error = strncpy_from_user(kname, name, sizeof(kname));
	261	if (error == 0 \|\| error == sizeof(kname))
	262	error = -ERANGE;
	263	if (error < 0)
	264	return error;
	265
	266	if (size) {
	267	if (size > XATTR_SIZE_MAX)
	268	return -E2BIG;
3939fcde LZ	269	kvalue = memdup_user(value, size);
	270	if (IS_ERR(kvalue))
	271	return PTR_ERR(kvalue);
1da177e4 LT	272	}
1da177e4 LT	273
5be196e5	274	error = vfs_setxattr(d, kname, kvalue, size, flags);
f99d49ad	275	kfree(kvalue);
1da177e4 LT	276	return error;
	277	}
	278
64fd1de3 HC	279	SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
	280	const char __user , name, const void __user , value,
	281	size_t, size, int, flags)
1da177e4	282	{
2d8f3038	283	struct path path;
1da177e4 LT	284	int error;
1da177e4 LT	285
2d8f3038	286	error = user_path(pathname, &path);
1da177e4 LT	287	if (error)
1da177e4 LT	288	return error;
2d8f3038	289	error = mnt_want_write(path.mnt);
18f335af	290	if (!error) {
2d8f3038 AV	291	error = setxattr(path.dentry, name, value, size, flags);
2d8f3038 AV	292	mnt_drop_write(path.mnt);
18f335af	293	}
2d8f3038	294	path_put(&path);
1da177e4 LT	295	return error;
	296	}
	297
64fd1de3 HC	298	SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
	299	const char __user , name, const void __user , value,
	300	size_t, size, int, flags)
1da177e4	301	{
2d8f3038	302	struct path path;
1da177e4 LT	303	int error;
1da177e4 LT	304
2d8f3038	305	error = user_lpath(pathname, &path);
1da177e4 LT	306	if (error)
1da177e4 LT	307	return error;
2d8f3038	308	error = mnt_want_write(path.mnt);
18f335af	309	if (!error) {
2d8f3038 AV	310	error = setxattr(path.dentry, name, value, size, flags);
2d8f3038 AV	311	mnt_drop_write(path.mnt);
18f335af	312	}
2d8f3038	313	path_put(&path);
1da177e4 LT	314	return error;
	315	}
	316
64fd1de3 HC	317	SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
64fd1de3 HC	318	const void __user *,value, size_t, size, int, flags)
1da177e4 LT	319	{
1da177e4 LT	320	struct file *f;
73241ccc	321	struct dentry *dentry;
1da177e4 LT	322	int error = -EBADF;
	323
	324	f = fget(fd);
	325	if (!f)
	326	return error;
0f7fc9e4	327	dentry = f->f_path.dentry;
5a190ae6	328	audit_inode(NULL, dentry);
96029c4e	329	error = mnt_want_write_file(f);
18f335af DH	330	if (!error) {
	331	error = setxattr(dentry, name, value, size, flags);
	332	mnt_drop_write(f->f_path.mnt);
	333	}
1da177e4 LT	334	fput(f);
	335	return error;
	336	}
	337
	338	/*
	339	* Extended attribute GET operations
	340	*/
	341	static ssize_t
8f0cfa52 DH	342	getxattr(struct dentry d, const char __user name, void __user *value,
8f0cfa52 DH	343	size_t size)
1da177e4 LT	344	{
	345	ssize_t error;
	346	void *kvalue = NULL;
	347	char kname[XATTR_NAME_MAX + 1];
	348
	349	error = strncpy_from_user(kname, name, sizeof(kname));
	350	if (error == 0 \|\| error == sizeof(kname))
	351	error = -ERANGE;
	352	if (error < 0)
	353	return error;
	354
	355	if (size) {
	356	if (size > XATTR_SIZE_MAX)
	357	size = XATTR_SIZE_MAX;
d381d8a9	358	kvalue = kzalloc(size, GFP_KERNEL);
1da177e4 LT	359	if (!kvalue)
	360	return -ENOMEM;
	361	}
	362
5be196e5	363	error = vfs_getxattr(d, kname, kvalue, size);
f549d6c1 SS	364	if (error > 0) {
	365	if (size && copy_to_user(value, kvalue, error))
	366	error = -EFAULT;
	367	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
	368	/* The file system tried to returned a value bigger
	369	than XATTR_SIZE_MAX bytes. Not possible. */
	370	error = -E2BIG;
1da177e4	371	}
f99d49ad	372	kfree(kvalue);
1da177e4 LT	373	return error;
	374	}
	375
64fd1de3 HC	376	SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
64fd1de3 HC	377	const char __user , name, void __user , value, size_t, size)
1da177e4	378	{
2d8f3038	379	struct path path;
1da177e4 LT	380	ssize_t error;
1da177e4 LT	381
2d8f3038	382	error = user_path(pathname, &path);
1da177e4 LT	383	if (error)
1da177e4 LT	384	return error;
2d8f3038 AV	385	error = getxattr(path.dentry, name, value, size);
2d8f3038 AV	386	path_put(&path);
1da177e4 LT	387	return error;
	388	}
	389
64fd1de3 HC	390	SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
64fd1de3 HC	391	const char __user , name, void __user , value, size_t, size)
1da177e4	392	{
2d8f3038	393	struct path path;
1da177e4 LT	394	ssize_t error;
1da177e4 LT	395
2d8f3038	396	error = user_lpath(pathname, &path);
1da177e4 LT	397	if (error)
1da177e4 LT	398	return error;
2d8f3038 AV	399	error = getxattr(path.dentry, name, value, size);
2d8f3038 AV	400	path_put(&path);
1da177e4 LT	401	return error;
	402	}
	403
64fd1de3 HC	404	SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
64fd1de3 HC	405	void __user *, value, size_t, size)
1da177e4 LT	406	{
	407	struct file *f;
	408	ssize_t error = -EBADF;
	409
	410	f = fget(fd);
	411	if (!f)
	412	return error;
5a190ae6	413	audit_inode(NULL, f->f_path.dentry);
0f7fc9e4	414	error = getxattr(f->f_path.dentry, name, value, size);
1da177e4 LT	415	fput(f);
	416	return error;
	417	}
	418
	419	/*
	420	* Extended attribute LIST operations
	421	*/
	422	static ssize_t
	423	listxattr(struct dentry d, char __user list, size_t size)
	424	{
	425	ssize_t error;
	426	char *klist = NULL;
	427
	428	if (size) {
	429	if (size > XATTR_LIST_MAX)
	430	size = XATTR_LIST_MAX;
	431	klist = kmalloc(size, GFP_KERNEL);
	432	if (!klist)
	433	return -ENOMEM;
	434	}
	435
659564c8	436	error = vfs_listxattr(d, klist, size);
f549d6c1 SS	437	if (error > 0) {
	438	if (size && copy_to_user(list, klist, error))
	439	error = -EFAULT;
	440	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
	441	/* The file system tried to returned a list bigger
	442	than XATTR_LIST_MAX bytes. Not possible. */
	443	error = -E2BIG;
1da177e4	444	}
f99d49ad	445	kfree(klist);
1da177e4 LT	446	return error;
	447	}
	448
64fd1de3 HC	449	SYSCALL_DEFINE3(listxattr, const char __user , pathname, char __user , list,
64fd1de3 HC	450	size_t, size)
1da177e4	451	{
2d8f3038	452	struct path path;
1da177e4 LT	453	ssize_t error;
1da177e4 LT	454
2d8f3038	455	error = user_path(pathname, &path);
1da177e4 LT	456	if (error)
1da177e4 LT	457	return error;
2d8f3038 AV	458	error = listxattr(path.dentry, list, size);
2d8f3038 AV	459	path_put(&path);
1da177e4 LT	460	return error;
	461	}
	462
64fd1de3 HC	463	SYSCALL_DEFINE3(llistxattr, const char __user , pathname, char __user , list,
64fd1de3 HC	464	size_t, size)
1da177e4	465	{
2d8f3038	466	struct path path;
1da177e4 LT	467	ssize_t error;
1da177e4 LT	468
2d8f3038	469	error = user_lpath(pathname, &path);
1da177e4 LT	470	if (error)
1da177e4 LT	471	return error;
2d8f3038 AV	472	error = listxattr(path.dentry, list, size);
2d8f3038 AV	473	path_put(&path);
1da177e4 LT	474	return error;
	475	}
	476
64fd1de3	477	SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
1da177e4 LT	478	{
	479	struct file *f;
	480	ssize_t error = -EBADF;
	481
	482	f = fget(fd);
	483	if (!f)
	484	return error;
5a190ae6	485	audit_inode(NULL, f->f_path.dentry);
0f7fc9e4	486	error = listxattr(f->f_path.dentry, list, size);
1da177e4 LT	487	fput(f);
	488	return error;
	489	}
	490
	491	/*
	492	* Extended attribute REMOVE operations
	493	*/
	494	static long
8f0cfa52	495	removexattr(struct dentry d, const char __user name)
1da177e4 LT	496	{
	497	int error;
	498	char kname[XATTR_NAME_MAX + 1];
	499
	500	error = strncpy_from_user(kname, name, sizeof(kname));
	501	if (error == 0 \|\| error == sizeof(kname))
	502	error = -ERANGE;
	503	if (error < 0)
	504	return error;
	505
5be196e5	506	return vfs_removexattr(d, kname);
1da177e4 LT	507	}
1da177e4 LT	508
64fd1de3 HC	509	SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
64fd1de3 HC	510	const char __user *, name)
1da177e4	511	{
2d8f3038	512	struct path path;
1da177e4 LT	513	int error;
1da177e4 LT	514
2d8f3038	515	error = user_path(pathname, &path);
1da177e4 LT	516	if (error)
1da177e4 LT	517	return error;
2d8f3038	518	error = mnt_want_write(path.mnt);
18f335af	519	if (!error) {
2d8f3038 AV	520	error = removexattr(path.dentry, name);
2d8f3038 AV	521	mnt_drop_write(path.mnt);
18f335af	522	}
2d8f3038	523	path_put(&path);
1da177e4 LT	524	return error;
	525	}
	526
6a6160a7 HC	527	SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
6a6160a7 HC	528	const char __user *, name)
1da177e4	529	{
2d8f3038	530	struct path path;
1da177e4 LT	531	int error;
1da177e4 LT	532
2d8f3038	533	error = user_lpath(pathname, &path);
1da177e4 LT	534	if (error)
1da177e4 LT	535	return error;
2d8f3038	536	error = mnt_want_write(path.mnt);
18f335af	537	if (!error) {
2d8f3038 AV	538	error = removexattr(path.dentry, name);
2d8f3038 AV	539	mnt_drop_write(path.mnt);
18f335af	540	}
2d8f3038	541	path_put(&path);
1da177e4 LT	542	return error;
	543	}
	544
6a6160a7	545	SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
1da177e4 LT	546	{
1da177e4 LT	547	struct file *f;
73241ccc	548	struct dentry *dentry;
1da177e4 LT	549	int error = -EBADF;
	550
	551	f = fget(fd);
	552	if (!f)
	553	return error;
0f7fc9e4	554	dentry = f->f_path.dentry;
5a190ae6	555	audit_inode(NULL, dentry);
96029c4e	556	error = mnt_want_write_file(f);
18f335af DH	557	if (!error) {
	558	error = removexattr(dentry, name);
	559	mnt_drop_write(f->f_path.mnt);
	560	}
1da177e4 LT	561	fput(f);
	562	return error;
	563	}
	564
	565
	566	static const char *
	567	strcmp_prefix(const char a, const char a_prefix)
	568	{
	569	while (a_prefix && a == *a_prefix) {
	570	a++;
	571	a_prefix++;
	572	}
	573	return *a_prefix ? NULL : a;
	574	}
	575
	576	/*
	577	* In order to implement different sets of xattr operations for each xattr
	578	* prefix with the generic xattr API, a filesystem should create a
	579	* null-terminated array of struct xattr_handler (one for each prefix) and
	580	* hang a pointer to it off of the s_xattr field of the superblock.
	581	*
	582	* The generic_fooxattr() functions will use this list to dispatch xattr
	583	* operations to the correct xattr_handler.
	584	*/
	585	#define for_each_xattr_handler(handlers, handler) \
	586	for ((handler) = *(handlers)++; \
	587	(handler) != NULL; \
	588	(handler) = *(handlers)++)
	589
	590	/*
	591	* Find the xattr_handler with the matching prefix.
	592	*/
	593	static struct xattr_handler *
	594	xattr_resolve_name(struct xattr_handler handlers, const char name)
	595	{
	596	struct xattr_handler *handler;
	597
	598	if (!*name)
	599	return NULL;
	600
	601	for_each_xattr_handler(handlers, handler) {
	602	const char n = strcmp_prefix(name, handler->prefix);
	603	if (n) {
	604	*name = n;
	605	break;
	606	}
	607	}
	608	return handler;
	609	}
	610
	611	/*
	612	* Find the handler for the prefix and dispatch its get() operation.
	613	*/
	614	ssize_t
	615	generic_getxattr(struct dentry dentry, const char name, void *buffer, size_t size)
	616	{
	617	struct xattr_handler *handler;
	618	struct inode *inode = dentry->d_inode;
	619
	620	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
	621	if (!handler)
	622	return -EOPNOTSUPP;
	623	return handler->get(inode, name, buffer, size);
	624	}
625
626	/*
627	* Combine the results of the list() operation from every xattr_handler in the
628	* list.
629	*/
630	ssize_t
631	generic_listxattr(struct dentry dentry, char buffer, size_t buffer_size)
632	{
633	struct inode *inode = dentry->d_inode;
634	struct xattr_handler handler, *handlers = inode->i_sb->s_xattr;
635	unsigned int size = 0;
636
637	if (!buffer) {
638	for_each_xattr_handler(handlers, handler)
639	size += handler->list(inode, NULL, 0, NULL, 0);
640	} else {
641	char *buf = buffer;
642
643	for_each_xattr_handler(handlers, handler) {
644	size = handler->list(inode, buf, buffer_size, NULL, 0);
645	if (size > buffer_size)
646	return -ERANGE;
647	buf += size;
648	buffer_size -= size;
649	}
650	size = buf - buffer;
651	}
652	return size;
653	}
654
655	/*
656	* Find the handler for the prefix and dispatch its set() operation.
657	*/
658	int
659	generic_setxattr(struct dentry dentry, const char name, const void *value, size_t size, int flags)
660	{
661	struct xattr_handler *handler;
662	struct inode *inode = dentry->d_inode;
663
664	if (size == 0)
665	value = ""; /* empty EA, do not remove */
666	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
667	if (!handler)
668	return -EOPNOTSUPP;
669	return handler->set(inode, name, value, size, flags);
670	}
671
672	/*
673	* Find the handler for the prefix and dispatch its set() operation to remove
674	* any associated extended attribute.
675	*/
676	int
677	generic_removexattr(struct dentry dentry, const char name)
678	{
679	struct xattr_handler *handler;
680	struct inode *inode = dentry->d_inode;
681
682	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
683	if (!handler)
684	return -EOPNOTSUPP;
685	return handler->set(inode, name, NULL, 0, XATTR_REPLACE);
686	}
687
688	EXPORT_SYMBOL(generic_getxattr);
689	EXPORT_SYMBOL(generic_listxattr);
690	EXPORT_SYMBOL(generic_setxattr);
691	EXPORT_SYMBOL(generic_removexattr);