2019-05-19 12:08:55 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
File: fs/xattr.c
|
|
|
|
|
|
|
|
Extended attribute handling.
|
|
|
|
|
|
|
|
Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
|
|
|
|
Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
|
|
|
|
Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
|
|
*/
|
|
|
|
#include <linux/fs.h>
|
2022-11-20 14:15:34 +00:00
|
|
|
#include <linux/filelock.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/file.h>
|
|
|
|
#include <linux/xattr.h>
|
2008-02-15 22:37:38 +00:00
|
|
|
#include <linux/mount.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <linux/namei.h>
|
|
|
|
#include <linux/security.h>
|
|
|
|
#include <linux/syscalls.h>
|
2011-11-17 04:57:37 +00:00
|
|
|
#include <linux/export.h>
|
[PATCH] inotify
inotify is intended to correct the deficiencies of dnotify, particularly
its inability to scale and its terrible user interface:
* dnotify requires the opening of one fd per each directory
that you intend to watch. This quickly results in too many
open files and pins removable media, preventing unmount.
* dnotify is directory-based. You only learn about changes to
directories. Sure, a change to a file in a directory affects
the directory, but you are then forced to keep a cache of
stat structures.
* dnotify's interface to user-space is awful. Signals?
inotify provides a more usable, simple, powerful solution to file change
notification:
* inotify's interface is a system call that returns a fd, not SIGIO.
You get a single fd, which is select()-able.
* inotify has an event that says "the filesystem that the item
you were watching is on was unmounted."
* inotify can watch directories or files.
Inotify is currently used by Beagle (a desktop search infrastructure),
Gamin (a FAM replacement), and other projects.
See Documentation/filesystems/inotify.txt.
Signed-off-by: Robert Love <rml@novell.com>
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-12 21:06:03 +00:00
|
|
|
#include <linux/fsnotify.h>
|
2005-11-03 16:00:25 +00:00
|
|
|
#include <linux/audit.h>
|
2012-04-05 21:25:07 +00:00
|
|
|
#include <linux/vmalloc.h>
|
2012-02-08 02:52:57 +00:00
|
|
|
#include <linux/posix_acl_xattr.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2016-12-24 19:46:01 +00:00
|
|
|
#include <linux/uaccess.h>
|
2006-01-10 04:51:55 +00:00
|
|
|
|
2022-04-25 00:10:46 +00:00
|
|
|
#include "internal.h"
|
|
|
|
|
2016-09-29 15:48:38 +00:00
|
|
|
static const char *
|
|
|
|
strcmp_prefix(const char *a, const char *a_prefix)
|
|
|
|
{
|
|
|
|
while (*a_prefix && *a == *a_prefix) {
|
|
|
|
a++;
|
|
|
|
a_prefix++;
|
|
|
|
}
|
|
|
|
return *a_prefix ? NULL : a;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* In order to implement different sets of xattr operations for each xattr
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
* prefix, a filesystem should create a null-terminated array of struct
|
|
|
|
* xattr_handler (one for each prefix) and hang a pointer to it off of the
|
|
|
|
* s_xattr field of the superblock.
|
2016-09-29 15:48:38 +00:00
|
|
|
*/
|
|
|
|
#define for_each_xattr_handler(handlers, handler) \
|
|
|
|
if (handlers) \
|
|
|
|
for ((handler) = *(handlers)++; \
|
|
|
|
(handler) != NULL; \
|
|
|
|
(handler) = *(handlers)++)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Find the xattr_handler with the matching prefix.
|
|
|
|
*/
|
|
|
|
static const struct xattr_handler *
|
2016-09-29 15:48:39 +00:00
|
|
|
xattr_resolve_name(struct inode *inode, const char **name)
|
2016-09-29 15:48:38 +00:00
|
|
|
{
|
2023-09-30 05:00:05 +00:00
|
|
|
const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
|
2016-09-29 15:48:38 +00:00
|
|
|
const struct xattr_handler *handler;
|
|
|
|
|
2016-09-29 15:48:40 +00:00
|
|
|
if (!(inode->i_opflags & IOP_XATTR)) {
|
|
|
|
if (unlikely(is_bad_inode(inode)))
|
|
|
|
return ERR_PTR(-EIO);
|
2016-09-29 15:48:39 +00:00
|
|
|
return ERR_PTR(-EOPNOTSUPP);
|
2016-09-29 15:48:40 +00:00
|
|
|
}
|
2016-09-29 15:48:38 +00:00
|
|
|
for_each_xattr_handler(handlers, handler) {
|
|
|
|
const char *n;
|
|
|
|
|
|
|
|
n = strcmp_prefix(*name, xattr_prefix(handler));
|
|
|
|
if (n) {
|
|
|
|
if (!handler->prefix ^ !*n) {
|
|
|
|
if (*n)
|
|
|
|
continue;
|
|
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
}
|
|
|
|
*name = n;
|
|
|
|
return handler;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ERR_PTR(-EOPNOTSUPP);
|
|
|
|
}
|
|
|
|
|
2022-09-29 08:47:36 +00:00
|
|
|
/**
|
|
|
|
* may_write_xattr - check whether inode allows writing xattr
|
2023-01-13 11:49:22 +00:00
|
|
|
* @idmap: idmap of the mount the inode was found from
|
2022-09-29 08:47:36 +00:00
|
|
|
* @inode: the inode on which to set an xattr
|
|
|
|
*
|
|
|
|
* Check whether the inode allows writing xattrs. Specifically, we can never
|
|
|
|
* set or remove an extended attribute on a read-only filesystem or on an
|
|
|
|
* immutable / append-only inode.
|
|
|
|
*
|
|
|
|
* We also need to ensure that the inode has a mapping in the mount to
|
|
|
|
* not risk writing back invalid i_{g,u}id values.
|
|
|
|
*
|
|
|
|
* Return: On success zero is returned. On error a negative errno is returned.
|
|
|
|
*/
|
2023-01-13 11:49:22 +00:00
|
|
|
int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode)
|
2022-09-29 08:47:36 +00:00
|
|
|
{
|
|
|
|
if (IS_IMMUTABLE(inode))
|
|
|
|
return -EPERM;
|
|
|
|
if (IS_APPEND(inode))
|
|
|
|
return -EPERM;
|
2023-01-13 11:49:22 +00:00
|
|
|
if (HAS_UNMAPPED_ID(idmap, inode))
|
2022-09-29 08:47:36 +00:00
|
|
|
return -EPERM;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-01-10 04:51:56 +00:00
|
|
|
/*
|
|
|
|
* Check permissions for extended attribute access. This is a bit complicated
|
|
|
|
* because different namespaces have very different rules.
|
|
|
|
*/
|
|
|
|
static int
|
2023-01-13 11:49:22 +00:00
|
|
|
xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
|
2021-01-21 13:19:28 +00:00
|
|
|
const char *name, int mask)
|
2006-01-10 04:51:56 +00:00
|
|
|
{
|
|
|
|
if (mask & MAY_WRITE) {
|
2022-09-29 08:47:36 +00:00
|
|
|
int ret;
|
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
ret = may_write_xattr(idmap, inode);
|
2022-09-29 08:47:36 +00:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
2006-01-10 04:51:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* No restriction for security.* and system.* from the VFS. Decision
|
|
|
|
* on these is left to the underlying filesystem / security module.
|
|
|
|
*/
|
|
|
|
if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
|
|
|
|
!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
2011-05-27 12:50:36 +00:00
|
|
|
* The trusted.* namespace can only be accessed by privileged users.
|
2006-01-10 04:51:56 +00:00
|
|
|
*/
|
2011-05-27 12:50:36 +00:00
|
|
|
if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
|
|
|
|
return 0;
|
|
|
|
}
|
2006-01-10 04:51:56 +00:00
|
|
|
|
2011-05-27 12:50:36 +00:00
|
|
|
/*
|
|
|
|
* In the user.* namespace, only regular files and directories can have
|
2006-11-03 06:07:29 +00:00
|
|
|
* extended attributes. For sticky directories, only the owner and
|
2011-05-27 12:50:36 +00:00
|
|
|
* privileged users can write attributes.
|
2006-11-03 06:07:29 +00:00
|
|
|
*/
|
2006-01-10 04:51:56 +00:00
|
|
|
if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
|
2006-11-03 06:07:29 +00:00
|
|
|
if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
|
2011-05-27 12:50:36 +00:00
|
|
|
return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
|
2006-11-03 06:07:29 +00:00
|
|
|
if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
|
2021-01-21 13:19:25 +00:00
|
|
|
(mask & MAY_WRITE) &&
|
2023-01-13 11:49:26 +00:00
|
|
|
!inode_owner_or_capable(idmap, inode))
|
2006-01-10 04:51:56 +00:00
|
|
|
return -EPERM;
|
|
|
|
}
|
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
return inode_permission(idmap, inode, mask);
|
2006-01-10 04:51:56 +00:00
|
|
|
}
|
|
|
|
|
2020-06-23 22:39:19 +00:00
|
|
|
/*
|
|
|
|
* Look for any handler that deals with the specified namespace.
|
|
|
|
*/
|
|
|
|
int
|
2023-02-01 13:14:54 +00:00
|
|
|
xattr_supports_user_prefix(struct inode *inode)
|
2020-06-23 22:39:19 +00:00
|
|
|
{
|
2023-09-30 05:00:05 +00:00
|
|
|
const struct xattr_handler * const *handlers = inode->i_sb->s_xattr;
|
2020-06-23 22:39:19 +00:00
|
|
|
const struct xattr_handler *handler;
|
|
|
|
|
|
|
|
if (!(inode->i_opflags & IOP_XATTR)) {
|
|
|
|
if (unlikely(is_bad_inode(inode)))
|
|
|
|
return -EIO;
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
}
|
|
|
|
|
|
|
|
for_each_xattr_handler(handlers, handler) {
|
2023-02-01 13:14:54 +00:00
|
|
|
if (!strncmp(xattr_prefix(handler), XATTR_USER_PREFIX,
|
|
|
|
XATTR_USER_PREFIX_LEN))
|
2020-06-23 22:39:19 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
}
|
2023-02-01 13:14:54 +00:00
|
|
|
EXPORT_SYMBOL(xattr_supports_user_prefix);
|
2020-06-23 22:39:19 +00:00
|
|
|
|
2016-09-29 15:48:42 +00:00
|
|
|
int
|
2023-01-13 11:49:23 +00:00
|
|
|
__vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
|
2021-01-21 13:19:28 +00:00
|
|
|
struct inode *inode, const char *name, const void *value,
|
|
|
|
size_t size, int flags)
|
2016-09-29 15:48:42 +00:00
|
|
|
{
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
const struct xattr_handler *handler;
|
|
|
|
|
2022-09-22 15:17:22 +00:00
|
|
|
if (is_posix_acl_xattr(name))
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
handler = xattr_resolve_name(inode, &name);
|
|
|
|
if (IS_ERR(handler))
|
|
|
|
return PTR_ERR(handler);
|
|
|
|
if (!handler->set)
|
2016-09-29 15:48:42 +00:00
|
|
|
return -EOPNOTSUPP;
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
if (size == 0)
|
|
|
|
value = ""; /* empty EA, do not remove */
|
2023-01-13 11:49:23 +00:00
|
|
|
return handler->set(handler, idmap, dentry, inode, name, value,
|
2021-01-21 13:19:27 +00:00
|
|
|
size, flags);
|
2016-09-29 15:48:42 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(__vfs_setxattr);
|
|
|
|
|
2009-09-03 18:25:56 +00:00
|
|
|
/**
|
|
|
|
* __vfs_setxattr_noperm - perform setxattr operation without performing
|
|
|
|
* permission checks.
|
|
|
|
*
|
2023-01-13 11:49:23 +00:00
|
|
|
* @idmap: idmap of the mount the inode was found from
|
2021-02-16 04:29:29 +00:00
|
|
|
* @dentry: object to perform setxattr on
|
|
|
|
* @name: xattr name to set
|
|
|
|
* @value: value to set @name to
|
|
|
|
* @size: size of @value
|
|
|
|
* @flags: flags to pass into filesystem operations
|
2009-09-03 18:25:56 +00:00
|
|
|
*
|
|
|
|
* returns the result of the internal setxattr or setsecurity operations.
|
|
|
|
*
|
|
|
|
* This function requires the caller to lock the inode's i_mutex before it
|
|
|
|
* is executed. It also assumes that the caller will make the appropriate
|
|
|
|
* permission checks.
|
|
|
|
*/
|
2023-01-13 11:49:23 +00:00
|
|
|
int __vfs_setxattr_noperm(struct mnt_idmap *idmap,
|
2021-01-21 13:19:28 +00:00
|
|
|
struct dentry *dentry, const char *name,
|
|
|
|
const void *value, size_t size, int flags)
|
2006-01-10 04:51:55 +00:00
|
|
|
{
|
|
|
|
struct inode *inode = dentry->d_inode;
|
2016-11-13 20:23:34 +00:00
|
|
|
int error = -EAGAIN;
|
2011-05-28 15:25:51 +00:00
|
|
|
int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
|
|
|
|
XATTR_SECURITY_PREFIX_LEN);
|
2006-01-10 04:51:56 +00:00
|
|
|
|
2011-05-28 15:25:51 +00:00
|
|
|
if (issec)
|
|
|
|
inode->i_flags &= ~S_NOSEC;
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
if (inode->i_opflags & IOP_XATTR) {
|
2023-01-13 11:49:23 +00:00
|
|
|
error = __vfs_setxattr(idmap, dentry, inode, name, value,
|
2021-01-21 13:19:28 +00:00
|
|
|
size, flags);
|
2006-01-10 04:51:55 +00:00
|
|
|
if (!error) {
|
|
|
|
fsnotify_xattr(dentry);
|
|
|
|
security_inode_post_setxattr(dentry, name, value,
|
|
|
|
size, flags);
|
|
|
|
}
|
2016-11-13 20:23:34 +00:00
|
|
|
} else {
|
2016-09-29 15:48:40 +00:00
|
|
|
if (unlikely(is_bad_inode(inode)))
|
|
|
|
return -EIO;
|
2016-11-13 20:23:34 +00:00
|
|
|
}
|
|
|
|
if (error == -EAGAIN) {
|
|
|
|
error = -EOPNOTSUPP;
|
|
|
|
|
|
|
|
if (issec) {
|
|
|
|
const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
|
|
|
|
|
|
|
|
error = security_inode_setsecurity(inode, suffix, value,
|
|
|
|
size, flags);
|
|
|
|
if (!error)
|
|
|
|
fsnotify_xattr(dentry);
|
|
|
|
}
|
2006-01-10 04:51:55 +00:00
|
|
|
}
|
2009-09-03 18:25:56 +00:00
|
|
|
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2020-06-23 22:39:18 +00:00
|
|
|
/**
|
2020-10-13 23:48:27 +00:00
|
|
|
* __vfs_setxattr_locked - set an extended attribute while holding the inode
|
2020-06-23 22:39:18 +00:00
|
|
|
* lock
|
|
|
|
*
|
2023-01-13 11:49:22 +00:00
|
|
|
* @idmap: idmap of the mount of the target inode
|
2020-10-13 23:48:27 +00:00
|
|
|
* @dentry: object to perform setxattr on
|
|
|
|
* @name: xattr name to set
|
|
|
|
* @value: value to set @name to
|
|
|
|
* @size: size of @value
|
|
|
|
* @flags: flags to pass into filesystem operations
|
|
|
|
* @delegated_inode: on return, will contain an inode pointer that
|
2020-06-23 22:39:18 +00:00
|
|
|
* a delegation was broken on, NULL if none.
|
|
|
|
*/
|
2009-09-03 18:25:56 +00:00
|
|
|
int
|
2023-01-13 11:49:22 +00:00
|
|
|
__vfs_setxattr_locked(struct mnt_idmap *idmap, struct dentry *dentry,
|
2021-01-21 13:19:28 +00:00
|
|
|
const char *name, const void *value, size_t size,
|
|
|
|
int flags, struct inode **delegated_inode)
|
2009-09-03 18:25:56 +00:00
|
|
|
{
|
|
|
|
struct inode *inode = dentry->d_inode;
|
|
|
|
int error;
|
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
error = xattr_permission(idmap, inode, name, MAY_WRITE);
|
2009-09-03 18:25:56 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
2023-01-13 11:49:23 +00:00
|
|
|
error = security_inode_setxattr(idmap, dentry, name, value, size,
|
2021-01-21 13:19:29 +00:00
|
|
|
flags);
|
2009-09-03 18:25:56 +00:00
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
|
2020-06-23 22:39:18 +00:00
|
|
|
error = try_break_deleg(inode, delegated_inode);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
|
2023-01-13 11:49:23 +00:00
|
|
|
error = __vfs_setxattr_noperm(idmap, dentry, name, value,
|
2021-01-21 13:19:28 +00:00
|
|
|
size, flags);
|
2009-09-03 18:25:56 +00:00
|
|
|
|
2006-01-10 04:51:55 +00:00
|
|
|
out:
|
2020-06-23 22:39:18 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
|
|
|
|
|
|
|
|
int
|
2023-01-13 11:49:22 +00:00
|
|
|
vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
|
2022-08-29 12:38:45 +00:00
|
|
|
const char *name, const void *value, size_t size, int flags)
|
2020-06-23 22:39:18 +00:00
|
|
|
{
|
|
|
|
struct inode *inode = dentry->d_inode;
|
|
|
|
struct inode *delegated_inode = NULL;
|
2020-12-14 14:26:13 +00:00
|
|
|
const void *orig_value = value;
|
2020-06-23 22:39:18 +00:00
|
|
|
int error;
|
|
|
|
|
2020-12-14 14:26:13 +00:00
|
|
|
if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
|
2023-01-13 11:49:23 +00:00
|
|
|
error = cap_convert_nscap(idmap, dentry, &value, size);
|
2020-12-14 14:26:13 +00:00
|
|
|
if (error < 0)
|
|
|
|
return error;
|
|
|
|
size = error;
|
|
|
|
}
|
|
|
|
|
2020-06-23 22:39:18 +00:00
|
|
|
retry_deleg:
|
|
|
|
inode_lock(inode);
|
2023-01-13 11:49:22 +00:00
|
|
|
error = __vfs_setxattr_locked(idmap, dentry, name, value, size,
|
2021-01-21 13:19:28 +00:00
|
|
|
flags, &delegated_inode);
|
2016-01-22 20:40:57 +00:00
|
|
|
inode_unlock(inode);
|
2020-06-23 22:39:18 +00:00
|
|
|
|
|
|
|
if (delegated_inode) {
|
|
|
|
error = break_deleg_wait(&delegated_inode);
|
|
|
|
if (!error)
|
|
|
|
goto retry_deleg;
|
|
|
|
}
|
2020-12-14 14:26:13 +00:00
|
|
|
if (value != orig_value)
|
|
|
|
kfree(value);
|
|
|
|
|
2006-01-10 04:51:55 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vfs_setxattr);
|
|
|
|
|
2018-04-25 01:22:04 +00:00
|
|
|
static ssize_t
|
2023-01-13 11:49:22 +00:00
|
|
|
xattr_getsecurity(struct mnt_idmap *idmap, struct inode *inode,
|
2021-01-21 13:19:29 +00:00
|
|
|
const char *name, void *value, size_t size)
|
2008-02-05 06:29:39 +00:00
|
|
|
{
|
|
|
|
void *buffer = NULL;
|
|
|
|
ssize_t len;
|
|
|
|
|
|
|
|
if (!value || !size) {
|
2023-01-13 11:49:22 +00:00
|
|
|
len = security_inode_getsecurity(idmap, inode, name,
|
2021-01-21 13:19:29 +00:00
|
|
|
&buffer, false);
|
2008-02-05 06:29:39 +00:00
|
|
|
goto out_noalloc;
|
|
|
|
}
|
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
len = security_inode_getsecurity(idmap, inode, name, &buffer,
|
2021-01-21 13:19:29 +00:00
|
|
|
true);
|
2008-02-05 06:29:39 +00:00
|
|
|
if (len < 0)
|
|
|
|
return len;
|
|
|
|
if (size < len) {
|
|
|
|
len = -ERANGE;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
memcpy(value, buffer, len);
|
|
|
|
out:
|
2017-09-19 16:39:08 +00:00
|
|
|
kfree(buffer);
|
2008-02-05 06:29:39 +00:00
|
|
|
out_noalloc:
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
2011-03-09 19:23:34 +00:00
|
|
|
/*
|
|
|
|
* vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
|
|
|
|
*
|
|
|
|
* Allocate memory, if not already allocated, or re-allocate correct size,
|
2022-11-09 19:14:35 +00:00
|
|
|
* before retrieving the extended attribute. The xattr value buffer should
|
|
|
|
* always be freed by the caller, even on error.
|
2011-03-09 19:23:34 +00:00
|
|
|
*
|
|
|
|
* Returns the result of alloc, if failed, or the getxattr operation.
|
|
|
|
*/
|
2022-11-09 19:14:35 +00:00
|
|
|
int
|
2023-01-13 11:49:22 +00:00
|
|
|
vfs_getxattr_alloc(struct mnt_idmap *idmap, struct dentry *dentry,
|
2021-01-21 13:19:28 +00:00
|
|
|
const char *name, char **xattr_value, size_t xattr_size,
|
|
|
|
gfp_t flags)
|
2011-03-09 19:23:34 +00:00
|
|
|
{
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
const struct xattr_handler *handler;
|
2011-03-09 19:23:34 +00:00
|
|
|
struct inode *inode = dentry->d_inode;
|
|
|
|
char *value = *xattr_value;
|
|
|
|
int error;
|
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
error = xattr_permission(idmap, inode, name, MAY_READ);
|
2011-03-09 19:23:34 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
handler = xattr_resolve_name(inode, &name);
|
|
|
|
if (IS_ERR(handler))
|
|
|
|
return PTR_ERR(handler);
|
|
|
|
if (!handler->get)
|
2011-03-09 19:23:34 +00:00
|
|
|
return -EOPNOTSUPP;
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
error = handler->get(handler, dentry, inode, name, NULL, 0);
|
2011-03-09 19:23:34 +00:00
|
|
|
if (error < 0)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
if (!value || (error > xattr_size)) {
|
|
|
|
value = krealloc(*xattr_value, error + 1, flags);
|
|
|
|
if (!value)
|
|
|
|
return -ENOMEM;
|
|
|
|
memset(value, 0, error + 1);
|
|
|
|
}
|
|
|
|
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
error = handler->get(handler, dentry, inode, name, value, error);
|
2011-03-09 19:23:34 +00:00
|
|
|
*xattr_value = value;
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2016-09-29 15:48:42 +00:00
|
|
|
ssize_t
|
|
|
|
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
|
|
|
|
void *value, size_t size)
|
|
|
|
{
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
const struct xattr_handler *handler;
|
|
|
|
|
2022-09-22 15:17:22 +00:00
|
|
|
if (is_posix_acl_xattr(name))
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
handler = xattr_resolve_name(inode, &name);
|
|
|
|
if (IS_ERR(handler))
|
|
|
|
return PTR_ERR(handler);
|
|
|
|
if (!handler->get)
|
2016-09-29 15:48:42 +00:00
|
|
|
return -EOPNOTSUPP;
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
return handler->get(handler, dentry, inode, name, value, size);
|
2016-09-29 15:48:42 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(__vfs_getxattr);
|
|
|
|
|
2006-01-10 04:51:55 +00:00
|
|
|
ssize_t
|
2023-01-13 11:49:22 +00:00
|
|
|
vfs_getxattr(struct mnt_idmap *idmap, struct dentry *dentry,
|
2021-01-21 13:19:28 +00:00
|
|
|
const char *name, void *value, size_t size)
|
2006-01-10 04:51:55 +00:00
|
|
|
{
|
|
|
|
struct inode *inode = dentry->d_inode;
|
|
|
|
int error;
|
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
error = xattr_permission(idmap, inode, name, MAY_READ);
|
2006-01-10 04:51:56 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
2006-01-10 04:51:55 +00:00
|
|
|
error = security_inode_getxattr(dentry, name);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
if (!strncmp(name, XATTR_SECURITY_PREFIX,
|
2006-01-10 04:51:56 +00:00
|
|
|
XATTR_SECURITY_PREFIX_LEN)) {
|
|
|
|
const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
|
2023-01-13 11:49:22 +00:00
|
|
|
int ret = xattr_getsecurity(idmap, inode, suffix, value,
|
2021-01-21 13:19:29 +00:00
|
|
|
size);
|
2006-01-10 04:51:55 +00:00
|
|
|
/*
|
|
|
|
* Only overwrite the return value if a security module
|
|
|
|
* is actually active.
|
|
|
|
*/
|
2008-02-05 06:29:40 +00:00
|
|
|
if (ret == -EOPNOTSUPP)
|
|
|
|
goto nolsm;
|
|
|
|
return ret;
|
2006-01-10 04:51:55 +00:00
|
|
|
}
|
2008-02-05 06:29:40 +00:00
|
|
|
nolsm:
|
2022-09-22 15:17:27 +00:00
|
|
|
return __vfs_getxattr(dentry, inode, name, value, size);
|
2006-01-10 04:51:55 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vfs_getxattr);
|
|
|
|
|
2023-02-01 13:15:01 +00:00
|
|
|
/**
|
|
|
|
* vfs_listxattr - retrieve \0 separated list of xattr names
|
|
|
|
* @dentry: the dentry from whose inode the xattr names are retrieved
|
|
|
|
* @list: buffer to store xattr names into
|
|
|
|
* @size: size of the buffer
|
|
|
|
*
|
|
|
|
* This function returns the names of all xattrs associated with the
|
|
|
|
* inode of @dentry.
|
|
|
|
*
|
|
|
|
* Note, for legacy reasons the vfs_listxattr() function lists POSIX
|
|
|
|
* ACLs as well. Since POSIX ACLs are decoupled from IOP_XATTR the
|
|
|
|
* vfs_listxattr() function doesn't check for this flag since a
|
|
|
|
* filesystem could implement POSIX ACLs without implementing any other
|
|
|
|
* xattrs.
|
|
|
|
*
|
|
|
|
* However, since all codepaths that remove IOP_XATTR also assign of
|
|
|
|
* inode operations that either don't implement or implement a stub
|
|
|
|
* ->listxattr() operation.
|
|
|
|
*
|
|
|
|
* Return: On success, the size of the buffer that was used. On error a
|
|
|
|
* negative error code.
|
|
|
|
*/
|
2006-10-09 20:10:48 +00:00
|
|
|
ssize_t
|
2016-09-29 15:48:43 +00:00
|
|
|
vfs_listxattr(struct dentry *dentry, char *list, size_t size)
|
2006-10-09 20:10:48 +00:00
|
|
|
{
|
2016-09-29 15:48:43 +00:00
|
|
|
struct inode *inode = d_inode(dentry);
|
2006-10-09 20:10:48 +00:00
|
|
|
ssize_t error;
|
|
|
|
|
2016-09-29 15:48:43 +00:00
|
|
|
error = security_inode_listxattr(dentry);
|
2006-10-09 20:10:48 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
2023-02-01 13:15:01 +00:00
|
|
|
|
|
|
|
if (inode->i_op->listxattr) {
|
2016-09-29 15:48:43 +00:00
|
|
|
error = inode->i_op->listxattr(dentry, list, size);
|
2006-10-09 20:10:48 +00:00
|
|
|
} else {
|
2016-09-29 15:48:43 +00:00
|
|
|
error = security_inode_listsecurity(inode, list, size);
|
2006-10-09 20:10:48 +00:00
|
|
|
if (size && error > size)
|
|
|
|
error = -ERANGE;
|
|
|
|
}
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vfs_listxattr);
|
|
|
|
|
2006-01-10 04:51:55 +00:00
|
|
|
int
|
2023-01-13 11:49:23 +00:00
|
|
|
__vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
|
2021-01-21 13:19:28 +00:00
|
|
|
const char *name)
|
2006-01-10 04:51:55 +00:00
|
|
|
{
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
struct inode *inode = d_inode(dentry);
|
|
|
|
const struct xattr_handler *handler;
|
2006-01-10 04:51:55 +00:00
|
|
|
|
2022-09-22 15:17:22 +00:00
|
|
|
if (is_posix_acl_xattr(name))
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
xattr: Stop calling {get,set,remove}xattr inode operations
All filesystems that support xattrs by now do so via xattr handlers.
They all define sb->s_xattr, and their getxattr, setxattr, and
removexattr inode operations use the generic inode operations. On
filesystems that don't support xattrs, the xattr inode operations are
all NULL, and sb->s_xattr is also NULL.
This means that we can remove the getxattr, setxattr, and removexattr
inode operations and directly call the generic handlers, or better,
inline expand those handlers into fs/xattr.c.
Filesystems that do not support xattrs on some inodes should clear the
IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems
have checks to disable xattrs on some inodes in the ->list, ->get, and
->set xattr handler operations instead.) The IOP_XATTR flag is
automatically cleared in inodes of filesystems that don't have xattr
support.
In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a
check for symlinks to orangefs_inode_getxattr to preserve the current,
weird behavior; that check may not be necessary though.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-29 15:48:44 +00:00
|
|
|
handler = xattr_resolve_name(inode, &name);
|
|
|
|
if (IS_ERR(handler))
|
|
|
|
return PTR_ERR(handler);
|
|
|
|
if (!handler->set)
|
2006-01-10 04:51:55 +00:00
|
|
|
return -EOPNOTSUPP;
|
2023-01-13 11:49:23 +00:00
|
|
|
return handler->set(handler, idmap, dentry, inode, name, NULL, 0,
|
2021-01-21 13:19:28 +00:00
|
|
|
XATTR_REPLACE);
|
2016-09-29 15:48:42 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(__vfs_removexattr);
|
|
|
|
|
2020-06-23 22:39:18 +00:00
|
|
|
/**
|
2020-10-13 23:48:27 +00:00
|
|
|
* __vfs_removexattr_locked - set an extended attribute while holding the inode
|
2020-06-23 22:39:18 +00:00
|
|
|
* lock
|
|
|
|
*
|
2023-01-13 11:49:22 +00:00
|
|
|
* @idmap: idmap of the mount of the target inode
|
2020-10-13 23:48:27 +00:00
|
|
|
* @dentry: object to perform setxattr on
|
|
|
|
* @name: name of xattr to remove
|
|
|
|
* @delegated_inode: on return, will contain an inode pointer that
|
2020-06-23 22:39:18 +00:00
|
|
|
* a delegation was broken on, NULL if none.
|
|
|
|
*/
|
2016-09-29 15:48:42 +00:00
|
|
|
int
|
2023-01-13 11:49:22 +00:00
|
|
|
__vfs_removexattr_locked(struct mnt_idmap *idmap,
|
2021-01-21 13:19:28 +00:00
|
|
|
struct dentry *dentry, const char *name,
|
|
|
|
struct inode **delegated_inode)
|
2016-09-29 15:48:42 +00:00
|
|
|
{
|
|
|
|
struct inode *inode = dentry->d_inode;
|
|
|
|
int error;
|
2006-01-10 04:51:55 +00:00
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
error = xattr_permission(idmap, inode, name, MAY_WRITE);
|
2006-01-10 04:51:56 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
2023-01-13 11:49:23 +00:00
|
|
|
error = security_inode_removexattr(idmap, dentry, name);
|
2014-11-20 14:31:01 +00:00
|
|
|
if (error)
|
|
|
|
goto out;
|
2006-01-10 04:51:55 +00:00
|
|
|
|
2020-06-23 22:39:18 +00:00
|
|
|
error = try_break_deleg(inode, delegated_inode);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
|
2023-01-13 11:49:23 +00:00
|
|
|
error = __vfs_removexattr(idmap, dentry, name);
|
2024-02-15 10:30:59 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
2006-01-10 04:51:55 +00:00
|
|
|
|
2024-02-15 10:30:59 +00:00
|
|
|
fsnotify_xattr(dentry);
|
|
|
|
security_inode_post_removexattr(dentry, name);
|
2014-11-20 14:31:01 +00:00
|
|
|
|
|
|
|
out:
|
2020-06-23 22:39:18 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
|
|
|
|
|
|
|
|
int
|
2023-01-13 11:49:22 +00:00
|
|
|
vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
|
2021-01-21 13:19:28 +00:00
|
|
|
const char *name)
|
2020-06-23 22:39:18 +00:00
|
|
|
{
|
|
|
|
struct inode *inode = dentry->d_inode;
|
|
|
|
struct inode *delegated_inode = NULL;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
retry_deleg:
|
|
|
|
inode_lock(inode);
|
2023-01-13 11:49:22 +00:00
|
|
|
error = __vfs_removexattr_locked(idmap, dentry,
|
2021-01-21 13:19:28 +00:00
|
|
|
name, &delegated_inode);
|
2016-01-22 20:40:57 +00:00
|
|
|
inode_unlock(inode);
|
2020-06-23 22:39:18 +00:00
|
|
|
|
|
|
|
if (delegated_inode) {
|
|
|
|
error = break_deleg_wait(&delegated_inode);
|
|
|
|
if (!error)
|
|
|
|
goto retry_deleg;
|
|
|
|
}
|
|
|
|
|
2006-01-10 04:51:55 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(vfs_removexattr);
|
|
|
|
|
2024-09-26 18:11:52 +00:00
|
|
|
int import_xattr_name(struct xattr_name *kname, const char __user *name)
|
|
|
|
{
|
|
|
|
int error = strncpy_from_user(kname->name, name,
|
|
|
|
sizeof(kname->name));
|
|
|
|
if (error == 0 || error == sizeof(kname->name))
|
|
|
|
return -ERANGE;
|
|
|
|
if (error < 0)
|
|
|
|
return error;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
* Extended attribute SET operations
|
|
|
|
*/
|
2022-04-25 00:10:46 +00:00
|
|
|
|
2024-04-26 16:20:15 +00:00
|
|
|
int setxattr_copy(const char __user *name, struct kernel_xattr_ctx *ctx)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
2022-04-25 00:10:46 +00:00
|
|
|
if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE))
|
2005-04-16 22:20:36 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
2024-09-26 18:11:52 +00:00
|
|
|
error = import_xattr_name(ctx->kname, name);
|
|
|
|
if (error)
|
2005-04-16 22:20:36 +00:00
|
|
|
return error;
|
|
|
|
|
2022-04-25 00:10:46 +00:00
|
|
|
if (ctx->size) {
|
|
|
|
if (ctx->size > XATTR_SIZE_MAX)
|
2005-04-16 22:20:36 +00:00
|
|
|
return -E2BIG;
|
2022-04-25 00:10:46 +00:00
|
|
|
|
|
|
|
ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size);
|
|
|
|
if (IS_ERR(ctx->kvalue)) {
|
|
|
|
error = PTR_ERR(ctx->kvalue);
|
|
|
|
ctx->kvalue = NULL;
|
2012-04-05 21:25:07 +00:00
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2022-04-25 00:10:46 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2024-09-26 03:57:57 +00:00
|
|
|
static int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
|
2024-04-26 16:20:15 +00:00
|
|
|
struct kernel_xattr_ctx *ctx)
|
2022-04-25 00:10:46 +00:00
|
|
|
{
|
2022-09-22 15:17:22 +00:00
|
|
|
if (is_posix_acl_xattr(ctx->kname->name))
|
2022-10-28 07:56:20 +00:00
|
|
|
return do_set_acl(idmap, dentry, ctx->kname->name,
|
2022-09-22 15:17:22 +00:00
|
|
|
ctx->kvalue, ctx->size);
|
|
|
|
|
2023-01-13 11:49:22 +00:00
|
|
|
return vfs_setxattr(idmap, dentry, ctx->kname->name,
|
2022-04-25 00:10:46 +00:00
|
|
|
ctx->kvalue, ctx->size, ctx->flags);
|
|
|
|
}
|
|
|
|
|
2024-09-26 03:57:57 +00:00
|
|
|
int file_setxattr(struct file *f, struct kernel_xattr_ctx *ctx)
|
|
|
|
{
|
|
|
|
int error = mnt_want_write_file(f);
|
|
|
|
|
|
|
|
if (!error) {
|
|
|
|
audit_file(f);
|
|
|
|
error = do_setxattr(file_mnt_idmap(f), f->f_path.dentry, ctx);
|
|
|
|
mnt_drop_write_file(f);
|
|
|
|
}
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* unconditionally consumes filename */
|
|
|
|
int filename_setxattr(int dfd, struct filename *filename,
|
|
|
|
unsigned int lookup_flags, struct kernel_xattr_ctx *ctx)
|
2022-04-25 00:10:46 +00:00
|
|
|
{
|
2024-07-23 08:59:54 +00:00
|
|
|
struct path path;
|
2022-04-25 00:10:46 +00:00
|
|
|
int error;
|
|
|
|
|
2012-12-11 17:10:15 +00:00
|
|
|
retry:
|
2024-09-26 03:57:57 +00:00
|
|
|
error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (error)
|
2024-07-23 08:59:54 +00:00
|
|
|
goto out;
|
2008-07-22 13:59:21 +00:00
|
|
|
error = mnt_want_write(path.mnt);
|
2008-02-15 22:37:38 +00:00
|
|
|
if (!error) {
|
2024-09-26 03:57:57 +00:00
|
|
|
error = do_setxattr(mnt_idmap(path.mnt), path.dentry, ctx);
|
2008-07-22 13:59:21 +00:00
|
|
|
mnt_drop_write(path.mnt);
|
2008-02-15 22:37:38 +00:00
|
|
|
}
|
2008-07-22 13:59:21 +00:00
|
|
|
path_put(&path);
|
2012-12-11 17:10:15 +00:00
|
|
|
if (retry_estale(error, lookup_flags)) {
|
|
|
|
lookup_flags |= LOOKUP_REVAL;
|
|
|
|
goto retry;
|
|
|
|
}
|
2024-07-23 08:59:54 +00:00
|
|
|
|
|
|
|
out:
|
2024-09-26 03:57:57 +00:00
|
|
|
putname(filename);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
static int path_setxattrat(int dfd, const char __user *pathname,
|
|
|
|
unsigned int at_flags, const char __user *name,
|
|
|
|
const void __user *value, size_t size, int flags)
|
2024-09-26 03:57:57 +00:00
|
|
|
{
|
|
|
|
struct xattr_name kname;
|
|
|
|
struct kernel_xattr_ctx ctx = {
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
.cvalue = value,
|
|
|
|
.kvalue = NULL,
|
|
|
|
.size = size,
|
|
|
|
.kname = &kname,
|
|
|
|
.flags = flags,
|
2024-09-26 03:57:57 +00:00
|
|
|
};
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
struct filename *filename;
|
|
|
|
unsigned int lookup_flags = 0;
|
2024-09-26 03:57:57 +00:00
|
|
|
int error;
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (!(at_flags & AT_SYMLINK_NOFOLLOW))
|
|
|
|
lookup_flags = LOOKUP_FOLLOW;
|
|
|
|
|
2024-09-26 03:57:57 +00:00
|
|
|
error = setxattr_copy(name, &ctx);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
filename = getname_maybe_null(pathname, at_flags);
|
|
|
|
if (!filename) {
|
|
|
|
CLASS(fd, f)(dfd);
|
|
|
|
if (fd_empty(f))
|
|
|
|
error = -EBADF;
|
|
|
|
else
|
|
|
|
error = file_setxattr(fd_file(f), &ctx);
|
|
|
|
} else {
|
|
|
|
error = filename_setxattr(dfd, filename, lookup_flags, &ctx);
|
|
|
|
}
|
2024-07-23 08:59:54 +00:00
|
|
|
kvfree(ctx.kvalue);
|
2005-04-16 22:20:36 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
SYSCALL_DEFINE6(setxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags,
|
|
|
|
const char __user *, name, const struct xattr_args __user *, uargs,
|
|
|
|
size_t, usize)
|
|
|
|
{
|
|
|
|
struct xattr_args args = {};
|
|
|
|
int error;
|
|
|
|
|
|
|
|
BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0);
|
|
|
|
BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST);
|
|
|
|
|
|
|
|
if (unlikely(usize < XATTR_ARGS_SIZE_VER0))
|
|
|
|
return -EINVAL;
|
|
|
|
if (usize > PAGE_SIZE)
|
|
|
|
return -E2BIG;
|
|
|
|
|
|
|
|
error = copy_struct_from_user(&args, sizeof(args), uargs, usize);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
return path_setxattrat(dfd, pathname, at_flags, name,
|
|
|
|
u64_to_user_ptr(args.value), args.size,
|
|
|
|
args.flags);
|
|
|
|
}
|
|
|
|
|
2014-10-12 16:59:58 +00:00
|
|
|
SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
|
|
|
|
const char __user *, name, const void __user *, value,
|
|
|
|
size_t, size, int, flags)
|
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_setxattrat(AT_FDCWD, pathname, 0, name, value, size, flags);
|
2014-10-12 16:59:58 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:14 +00:00
|
|
|
SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
|
|
|
|
const char __user *, name, const void __user *, value,
|
|
|
|
size_t, size, int, flags)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_setxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name,
|
|
|
|
value, size, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:14 +00:00
|
|
|
SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
|
|
|
|
const void __user *,value, size_t, size, int, flags)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_setxattrat(fd, NULL, AT_EMPTY_PATH, name,
|
|
|
|
value, size, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Extended attribute GET operations
|
|
|
|
*/
|
2024-09-26 21:07:15 +00:00
|
|
|
static ssize_t
|
2022-10-28 07:56:20 +00:00
|
|
|
do_getxattr(struct mnt_idmap *idmap, struct dentry *d,
|
2024-04-26 16:20:15 +00:00
|
|
|
struct kernel_xattr_ctx *ctx)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
ssize_t error;
|
2022-04-25 00:13:50 +00:00
|
|
|
char *kname = ctx->kname->name;
|
2024-09-26 21:07:15 +00:00
|
|
|
void *kvalue = NULL;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2022-04-25 00:13:50 +00:00
|
|
|
if (ctx->size) {
|
|
|
|
if (ctx->size > XATTR_SIZE_MAX)
|
|
|
|
ctx->size = XATTR_SIZE_MAX;
|
2024-09-26 21:07:15 +00:00
|
|
|
kvalue = kvzalloc(ctx->size, GFP_KERNEL);
|
|
|
|
if (!kvalue)
|
2017-05-08 22:57:27 +00:00
|
|
|
return -ENOMEM;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2024-09-26 21:07:15 +00:00
|
|
|
if (is_posix_acl_xattr(kname))
|
|
|
|
error = do_get_acl(idmap, d, kname, kvalue, ctx->size);
|
2022-09-22 15:17:22 +00:00
|
|
|
else
|
2024-09-26 21:07:15 +00:00
|
|
|
error = vfs_getxattr(idmap, d, kname, kvalue, ctx->size);
|
2005-09-03 22:55:18 +00:00
|
|
|
if (error > 0) {
|
2024-09-26 21:07:15 +00:00
|
|
|
if (ctx->size && copy_to_user(ctx->value, kvalue, error))
|
2005-09-03 22:55:18 +00:00
|
|
|
error = -EFAULT;
|
2022-04-25 00:13:50 +00:00
|
|
|
} else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) {
|
2005-09-03 22:55:18 +00:00
|
|
|
/* The file system tried to returned a value bigger
|
|
|
|
than XATTR_SIZE_MAX bytes. Not possible. */
|
|
|
|
error = -E2BIG;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2016-01-02 22:09:47 +00:00
|
|
|
|
2024-09-26 21:07:15 +00:00
|
|
|
kvfree(kvalue);
|
2022-04-25 00:13:50 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2024-09-26 21:07:15 +00:00
|
|
|
ssize_t file_getxattr(struct file *f, struct kernel_xattr_ctx *ctx)
|
2022-04-25 00:13:50 +00:00
|
|
|
{
|
2024-09-26 21:07:15 +00:00
|
|
|
audit_file(f);
|
|
|
|
return do_getxattr(file_mnt_idmap(f), f->f_path.dentry, ctx);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2024-09-26 21:07:15 +00:00
|
|
|
/* unconditionally consumes filename */
|
|
|
|
ssize_t filename_getxattr(int dfd, struct filename *filename,
|
|
|
|
unsigned int lookup_flags, struct kernel_xattr_ctx *ctx)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2008-07-22 13:59:21 +00:00
|
|
|
struct path path;
|
2005-04-16 22:20:36 +00:00
|
|
|
ssize_t error;
|
2012-12-11 17:10:16 +00:00
|
|
|
retry:
|
2024-09-26 21:07:15 +00:00
|
|
|
error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (error)
|
2024-09-26 21:07:15 +00:00
|
|
|
goto out;
|
|
|
|
error = do_getxattr(mnt_idmap(path.mnt), path.dentry, ctx);
|
2008-07-22 13:59:21 +00:00
|
|
|
path_put(&path);
|
2012-12-11 17:10:16 +00:00
|
|
|
if (retry_estale(error, lookup_flags)) {
|
|
|
|
lookup_flags |= LOOKUP_REVAL;
|
|
|
|
goto retry;
|
|
|
|
}
|
2024-09-26 21:07:15 +00:00
|
|
|
out:
|
|
|
|
putname(filename);
|
2005-04-16 22:20:36 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
static ssize_t path_getxattrat(int dfd, const char __user *pathname,
|
|
|
|
unsigned int at_flags, const char __user *name,
|
|
|
|
void __user *value, size_t size)
|
2024-09-26 21:07:15 +00:00
|
|
|
{
|
|
|
|
struct xattr_name kname;
|
|
|
|
struct kernel_xattr_ctx ctx = {
|
|
|
|
.value = value,
|
|
|
|
.size = size,
|
|
|
|
.kname = &kname,
|
|
|
|
.flags = 0,
|
|
|
|
};
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
struct filename *filename;
|
|
|
|
ssize_t error;
|
|
|
|
|
|
|
|
if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
|
|
|
|
return -EINVAL;
|
2024-09-26 21:07:15 +00:00
|
|
|
|
|
|
|
error = import_xattr_name(&kname, name);
|
|
|
|
if (error)
|
|
|
|
return error;
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
|
|
|
|
filename = getname_maybe_null(pathname, at_flags);
|
|
|
|
if (!filename) {
|
|
|
|
CLASS(fd, f)(dfd);
|
|
|
|
if (fd_empty(f))
|
|
|
|
return -EBADF;
|
|
|
|
return file_getxattr(fd_file(f), &ctx);
|
|
|
|
} else {
|
|
|
|
int lookup_flags = 0;
|
|
|
|
if (!(at_flags & AT_SYMLINK_NOFOLLOW))
|
|
|
|
lookup_flags = LOOKUP_FOLLOW;
|
|
|
|
return filename_getxattr(dfd, filename, lookup_flags, &ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
SYSCALL_DEFINE6(getxattrat, int, dfd, const char __user *, pathname, unsigned int, at_flags,
|
|
|
|
const char __user *, name, struct xattr_args __user *, uargs, size_t, usize)
|
|
|
|
{
|
|
|
|
struct xattr_args args = {};
|
|
|
|
int error;
|
|
|
|
|
|
|
|
BUILD_BUG_ON(sizeof(struct xattr_args) < XATTR_ARGS_SIZE_VER0);
|
|
|
|
BUILD_BUG_ON(sizeof(struct xattr_args) != XATTR_ARGS_SIZE_LATEST);
|
|
|
|
|
|
|
|
if (unlikely(usize < XATTR_ARGS_SIZE_VER0))
|
|
|
|
return -EINVAL;
|
|
|
|
if (usize > PAGE_SIZE)
|
|
|
|
return -E2BIG;
|
|
|
|
|
|
|
|
error = copy_struct_from_user(&args, sizeof(args), uargs, usize);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
if (args.flags != 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return path_getxattrat(dfd, pathname, at_flags, name,
|
|
|
|
u64_to_user_ptr(args.value), args.size);
|
2024-09-26 21:07:15 +00:00
|
|
|
}
|
|
|
|
|
2014-10-12 16:59:58 +00:00
|
|
|
SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
|
|
|
|
const char __user *, name, void __user *, value, size_t, size)
|
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_getxattrat(AT_FDCWD, pathname, 0, name, value, size);
|
2014-10-12 16:59:58 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:14 +00:00
|
|
|
SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
|
|
|
|
const char __user *, name, void __user *, value, size_t, size)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_getxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name,
|
|
|
|
value, size);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:14 +00:00
|
|
|
SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
|
|
|
|
void __user *, value, size_t, size)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_getxattrat(fd, NULL, AT_EMPTY_PATH, name, value, size);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Extended attribute LIST operations
|
|
|
|
*/
|
|
|
|
static ssize_t
|
|
|
|
listxattr(struct dentry *d, char __user *list, size_t size)
|
|
|
|
{
|
|
|
|
ssize_t error;
|
|
|
|
char *klist = NULL;
|
|
|
|
|
|
|
|
if (size) {
|
|
|
|
if (size > XATTR_LIST_MAX)
|
|
|
|
size = XATTR_LIST_MAX;
|
2017-05-08 22:57:27 +00:00
|
|
|
klist = kvmalloc(size, GFP_KERNEL);
|
|
|
|
if (!klist)
|
|
|
|
return -ENOMEM;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2006-10-09 20:10:48 +00:00
|
|
|
error = vfs_listxattr(d, klist, size);
|
2005-09-03 22:55:18 +00:00
|
|
|
if (error > 0) {
|
|
|
|
if (size && copy_to_user(list, klist, error))
|
|
|
|
error = -EFAULT;
|
|
|
|
} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
|
|
|
|
/* The file system tried to returned a list bigger
|
|
|
|
than XATTR_LIST_MAX bytes. Not possible. */
|
|
|
|
error = -E2BIG;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2016-01-02 22:09:47 +00:00
|
|
|
|
|
|
|
kvfree(klist);
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2024-09-26 21:53:13 +00:00
|
|
|
static
|
|
|
|
ssize_t file_listxattr(struct file *f, char __user *list, size_t size)
|
|
|
|
{
|
|
|
|
audit_file(f);
|
|
|
|
return listxattr(f->f_path.dentry, list, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* unconditionally consumes filename */
|
|
|
|
static
|
|
|
|
ssize_t filename_listxattr(int dfd, struct filename *filename,
|
|
|
|
unsigned int lookup_flags,
|
|
|
|
char __user *list, size_t size)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2008-07-22 13:59:21 +00:00
|
|
|
struct path path;
|
2005-04-16 22:20:36 +00:00
|
|
|
ssize_t error;
|
2012-12-11 17:10:16 +00:00
|
|
|
retry:
|
2024-09-26 21:53:13 +00:00
|
|
|
error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (error)
|
2024-09-26 21:53:13 +00:00
|
|
|
goto out;
|
2008-07-22 13:59:21 +00:00
|
|
|
error = listxattr(path.dentry, list, size);
|
|
|
|
path_put(&path);
|
2012-12-11 17:10:16 +00:00
|
|
|
if (retry_estale(error, lookup_flags)) {
|
|
|
|
lookup_flags |= LOOKUP_REVAL;
|
|
|
|
goto retry;
|
|
|
|
}
|
2024-09-26 21:53:13 +00:00
|
|
|
out:
|
|
|
|
putname(filename);
|
2005-04-16 22:20:36 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
static ssize_t path_listxattrat(int dfd, const char __user *pathname,
|
|
|
|
unsigned int at_flags, char __user *list,
|
|
|
|
size_t size)
|
|
|
|
{
|
|
|
|
struct filename *filename;
|
|
|
|
int lookup_flags;
|
|
|
|
|
|
|
|
if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
filename = getname_maybe_null(pathname, at_flags);
|
|
|
|
if (!filename) {
|
|
|
|
CLASS(fd, f)(dfd);
|
|
|
|
if (fd_empty(f))
|
|
|
|
return -EBADF;
|
|
|
|
return file_listxattr(fd_file(f), list, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
|
|
|
|
return filename_listxattr(dfd, filename, lookup_flags, list, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
SYSCALL_DEFINE5(listxattrat, int, dfd, const char __user *, pathname,
|
|
|
|
unsigned int, at_flags,
|
|
|
|
char __user *, list, size_t, size)
|
2024-09-26 21:53:13 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_listxattrat(dfd, pathname, at_flags, list, size);
|
2024-09-26 21:53:13 +00:00
|
|
|
}
|
|
|
|
|
2014-10-12 16:59:58 +00:00
|
|
|
SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
|
|
|
|
size_t, size)
|
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_listxattrat(AT_FDCWD, pathname, 0, list, size);
|
2014-10-12 16:59:58 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:14 +00:00
|
|
|
SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
|
|
|
|
size_t, size)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_listxattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, list, size);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:14 +00:00
|
|
|
SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_listxattrat(fd, NULL, AT_EMPTY_PATH, list, size);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Extended attribute REMOVE operations
|
|
|
|
*/
|
|
|
|
static long
|
2024-07-23 08:59:54 +00:00
|
|
|
removexattr(struct mnt_idmap *idmap, struct dentry *d, const char *name)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2024-07-23 08:59:54 +00:00
|
|
|
if (is_posix_acl_xattr(name))
|
|
|
|
return vfs_remove_acl(idmap, d, name);
|
|
|
|
return vfs_removexattr(idmap, d, name);
|
|
|
|
}
|
|
|
|
|
2024-09-30 19:21:49 +00:00
|
|
|
static int file_removexattr(struct file *f, struct xattr_name *kname)
|
|
|
|
{
|
|
|
|
int error = mnt_want_write_file(f);
|
|
|
|
|
|
|
|
if (!error) {
|
|
|
|
audit_file(f);
|
|
|
|
error = removexattr(file_mnt_idmap(f),
|
|
|
|
f->f_path.dentry, kname->name);
|
|
|
|
mnt_drop_write_file(f);
|
|
|
|
}
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* unconditionally consumes filename */
|
|
|
|
static int filename_removexattr(int dfd, struct filename *filename,
|
|
|
|
unsigned int lookup_flags, struct xattr_name *kname)
|
2024-07-23 08:59:54 +00:00
|
|
|
{
|
|
|
|
struct path path;
|
2005-04-16 22:20:36 +00:00
|
|
|
int error;
|
|
|
|
|
2012-12-11 17:10:17 +00:00
|
|
|
retry:
|
2024-09-30 19:21:49 +00:00
|
|
|
error = filename_lookup(dfd, filename, lookup_flags, &path, NULL);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (error)
|
2024-09-30 19:21:49 +00:00
|
|
|
goto out;
|
2008-07-22 13:59:21 +00:00
|
|
|
error = mnt_want_write(path.mnt);
|
2008-02-15 22:37:38 +00:00
|
|
|
if (!error) {
|
2024-09-30 19:21:49 +00:00
|
|
|
error = removexattr(mnt_idmap(path.mnt), path.dentry, kname->name);
|
2008-07-22 13:59:21 +00:00
|
|
|
mnt_drop_write(path.mnt);
|
2008-02-15 22:37:38 +00:00
|
|
|
}
|
2008-07-22 13:59:21 +00:00
|
|
|
path_put(&path);
|
2012-12-11 17:10:17 +00:00
|
|
|
if (retry_estale(error, lookup_flags)) {
|
|
|
|
lookup_flags |= LOOKUP_REVAL;
|
|
|
|
goto retry;
|
|
|
|
}
|
2024-09-30 19:21:49 +00:00
|
|
|
out:
|
|
|
|
putname(filename);
|
2005-04-16 22:20:36 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
static int path_removexattrat(int dfd, const char __user *pathname,
|
|
|
|
unsigned int at_flags, const char __user *name)
|
2024-09-30 19:21:49 +00:00
|
|
|
{
|
|
|
|
struct xattr_name kname;
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
struct filename *filename;
|
|
|
|
unsigned int lookup_flags;
|
2024-09-30 19:21:49 +00:00
|
|
|
int error;
|
|
|
|
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
2024-09-30 19:21:49 +00:00
|
|
|
error = import_xattr_name(&kname, name);
|
|
|
|
if (error)
|
|
|
|
return error;
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
|
|
|
|
filename = getname_maybe_null(pathname, at_flags);
|
|
|
|
if (!filename) {
|
|
|
|
CLASS(fd, f)(dfd);
|
|
|
|
if (fd_empty(f))
|
|
|
|
return -EBADF;
|
|
|
|
return file_removexattr(fd_file(f), &kname);
|
|
|
|
}
|
|
|
|
lookup_flags = (at_flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
|
|
|
|
return filename_removexattr(dfd, filename, lookup_flags, &kname);
|
|
|
|
}
|
|
|
|
|
|
|
|
SYSCALL_DEFINE4(removexattrat, int, dfd, const char __user *, pathname,
|
|
|
|
unsigned int, at_flags, const char __user *, name)
|
|
|
|
{
|
|
|
|
return path_removexattrat(dfd, pathname, at_flags, name);
|
2024-09-30 19:21:49 +00:00
|
|
|
}
|
|
|
|
|
2014-10-12 16:59:58 +00:00
|
|
|
SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
|
|
|
|
const char __user *, name)
|
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_removexattrat(AT_FDCWD, pathname, 0, name);
|
2014-10-12 16:59:58 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:15 +00:00
|
|
|
SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
|
|
|
|
const char __user *, name)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_removexattrat(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW, name);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2009-01-14 13:14:15 +00:00
|
|
|
SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
fs/xattr: add *at family syscalls
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-04-26 16:20:14 +00:00
|
|
|
return path_removexattrat(fd, NULL, AT_EMPTY_PATH, name);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2023-02-01 13:14:52 +00:00
|
|
|
int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name)
|
|
|
|
{
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
len = strlen(name) + 1;
|
|
|
|
if (*buffer) {
|
|
|
|
if (*remaining_size < len)
|
|
|
|
return -ERANGE;
|
|
|
|
memcpy(*buffer, name, len);
|
|
|
|
*buffer += len;
|
|
|
|
}
|
|
|
|
*remaining_size -= len;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2023-05-16 12:46:54 +00:00
|
|
|
/**
|
|
|
|
* generic_listxattr - run through a dentry's xattr list() operations
|
|
|
|
* @dentry: dentry to list the xattrs
|
|
|
|
* @buffer: result buffer
|
|
|
|
* @buffer_size: size of @buffer
|
|
|
|
*
|
2005-04-16 22:20:36 +00:00
|
|
|
* Combine the results of the list() operation from every xattr_handler in the
|
2023-05-16 12:46:54 +00:00
|
|
|
* xattr_handler stack.
|
|
|
|
*
|
|
|
|
* Note that this will not include the entries for POSIX ACLs.
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
|
|
|
ssize_t
|
|
|
|
generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
|
|
|
|
{
|
2023-09-30 05:00:05 +00:00
|
|
|
const struct xattr_handler *handler, * const *handlers = dentry->d_sb->s_xattr;
|
2023-02-01 13:14:52 +00:00
|
|
|
ssize_t remaining_size = buffer_size;
|
|
|
|
|
|
|
|
for_each_xattr_handler(handlers, handler) {
|
2024-10-30 18:25:47 +00:00
|
|
|
int err;
|
|
|
|
|
2023-02-01 13:14:52 +00:00
|
|
|
if (!handler->name || (handler->list && !handler->list(dentry)))
|
|
|
|
continue;
|
|
|
|
err = xattr_list_one(&buffer, &remaining_size, handler->name);
|
|
|
|
if (err)
|
|
|
|
return err;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2023-02-01 13:14:52 +00:00
|
|
|
|
2024-10-30 18:25:47 +00:00
|
|
|
return buffer_size - remaining_size;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(generic_listxattr);
|
2012-08-23 20:53:28 +00:00
|
|
|
|
2015-10-04 17:18:52 +00:00
|
|
|
/**
|
|
|
|
* xattr_full_name - Compute full attribute name from suffix
|
|
|
|
*
|
|
|
|
* @handler: handler of the xattr_handler operation
|
|
|
|
* @name: name passed to the xattr_handler operation
|
|
|
|
*
|
|
|
|
* The get and set xattr handler operations are called with the remainder of
|
|
|
|
* the attribute name after skipping the handler's prefix: for example, "foo"
|
|
|
|
* is passed to the get operation of a handler with prefix "user." to get
|
|
|
|
* attribute "user.foo". The full name is still "there" in the name though.
|
|
|
|
*
|
|
|
|
* Note: the list xattr handler operation when called from the vfs is passed a
|
|
|
|
* NULL name; some file systems use this operation internally, with varying
|
|
|
|
* semantics.
|
|
|
|
*/
|
|
|
|
const char *xattr_full_name(const struct xattr_handler *handler,
|
|
|
|
const char *name)
|
|
|
|
{
|
2015-12-02 13:44:36 +00:00
|
|
|
size_t prefix_len = strlen(xattr_prefix(handler));
|
2015-10-04 17:18:52 +00:00
|
|
|
|
|
|
|
return name - prefix_len;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xattr_full_name);
|
|
|
|
|
2023-08-09 04:33:56 +00:00
|
|
|
/**
|
|
|
|
* simple_xattr_space - estimate the memory used by a simple xattr
|
|
|
|
* @name: the full name of the xattr
|
|
|
|
* @size: the size of its value
|
|
|
|
*
|
|
|
|
* This takes no account of how much larger the two slab objects actually are:
|
|
|
|
* that would depend on the slab implementation, when what is required is a
|
|
|
|
* deterministic number, which grows with name length and size and quantity.
|
|
|
|
*
|
|
|
|
* Return: The approximate number of bytes of memory used by such an xattr.
|
|
|
|
*/
|
|
|
|
size_t simple_xattr_space(const char *name, size_t size)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Use "40" instead of sizeof(struct simple_xattr), to return the
|
|
|
|
* same result on 32-bit and 64-bit, and even if simple_xattr grows.
|
|
|
|
*/
|
|
|
|
return 40 + size + strlen(name);
|
|
|
|
}
|
|
|
|
|
2022-11-04 12:52:42 +00:00
|
|
|
/**
|
2023-08-09 04:30:59 +00:00
|
|
|
* simple_xattr_free - free an xattr object
|
2022-11-04 12:52:42 +00:00
|
|
|
* @xattr: the xattr object
|
|
|
|
*
|
|
|
|
* Free the xattr object. Can handle @xattr being NULL.
|
|
|
|
*/
|
2023-08-09 04:30:59 +00:00
|
|
|
void simple_xattr_free(struct simple_xattr *xattr)
|
2022-11-04 12:52:42 +00:00
|
|
|
{
|
|
|
|
if (xattr)
|
|
|
|
kfree(xattr->name);
|
|
|
|
kvfree(xattr);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* simple_xattr_alloc - allocate new xattr object
|
|
|
|
* @value: value of the xattr object
|
|
|
|
* @size: size of @value
|
|
|
|
*
|
|
|
|
* Allocate a new xattr object and initialize respective members. The caller is
|
|
|
|
* responsible for handling the name of the xattr.
|
|
|
|
*
|
|
|
|
* Return: On success a new xattr object is returned. On failure NULL is
|
|
|
|
* returned.
|
2012-08-23 20:53:28 +00:00
|
|
|
*/
|
|
|
|
struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
|
|
|
|
{
|
|
|
|
struct simple_xattr *new_xattr;
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
/* wrap around? */
|
|
|
|
len = sizeof(*new_xattr) + size;
|
2014-07-23 21:00:17 +00:00
|
|
|
if (len < sizeof(*new_xattr))
|
2012-08-23 20:53:28 +00:00
|
|
|
return NULL;
|
|
|
|
|
2023-08-21 17:39:20 +00:00
|
|
|
new_xattr = kvmalloc(len, GFP_KERNEL_ACCOUNT);
|
2012-08-23 20:53:28 +00:00
|
|
|
if (!new_xattr)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
new_xattr->size = size;
|
|
|
|
memcpy(new_xattr->value, value, size);
|
|
|
|
return new_xattr;
|
|
|
|
}
|
|
|
|
|
2022-11-04 12:52:42 +00:00
|
|
|
/**
|
|
|
|
* rbtree_simple_xattr_cmp - compare xattr name with current rbtree xattr entry
|
|
|
|
* @key: xattr name
|
|
|
|
* @node: current node
|
|
|
|
*
|
|
|
|
* Compare the xattr name with the xattr name attached to @node in the rbtree.
|
|
|
|
*
|
|
|
|
* Return: Negative value if continuing left, positive if continuing right, 0
|
|
|
|
* if the xattr attached to @node matches @key.
|
|
|
|
*/
|
|
|
|
static int rbtree_simple_xattr_cmp(const void *key, const struct rb_node *node)
|
|
|
|
{
|
|
|
|
const char *xattr_name = key;
|
|
|
|
const struct simple_xattr *xattr;
|
|
|
|
|
|
|
|
xattr = rb_entry(node, struct simple_xattr, rb_node);
|
|
|
|
return strcmp(xattr->name, xattr_name);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* rbtree_simple_xattr_node_cmp - compare two xattr rbtree nodes
|
|
|
|
* @new_node: new node
|
|
|
|
* @node: current node
|
|
|
|
*
|
|
|
|
* Compare the xattr attached to @new_node with the xattr attached to @node.
|
|
|
|
*
|
|
|
|
* Return: Negative value if continuing left, positive if continuing right, 0
|
|
|
|
* if the xattr attached to @new_node matches the xattr attached to @node.
|
|
|
|
*/
|
|
|
|
static int rbtree_simple_xattr_node_cmp(struct rb_node *new_node,
|
|
|
|
const struct rb_node *node)
|
|
|
|
{
|
|
|
|
struct simple_xattr *xattr;
|
|
|
|
xattr = rb_entry(new_node, struct simple_xattr, rb_node);
|
|
|
|
return rbtree_simple_xattr_cmp(xattr->name, node);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* simple_xattr_get - get an xattr object
|
|
|
|
* @xattrs: the header of the xattr object
|
|
|
|
* @name: the name of the xattr to retrieve
|
|
|
|
* @buffer: the buffer to store the value into
|
|
|
|
* @size: the size of @buffer
|
|
|
|
*
|
|
|
|
* Try to find and retrieve the xattr object associated with @name.
|
|
|
|
* If @buffer is provided store the value of @xattr in @buffer
|
|
|
|
* otherwise just return the length. The size of @buffer is limited
|
|
|
|
* to XATTR_SIZE_MAX which currently is 65536.
|
|
|
|
*
|
|
|
|
* Return: On success the length of the xattr value is returned. On error a
|
|
|
|
* negative error code is returned.
|
2012-08-23 20:53:28 +00:00
|
|
|
*/
|
|
|
|
int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
|
|
|
|
void *buffer, size_t size)
|
|
|
|
{
|
2022-11-04 12:52:42 +00:00
|
|
|
struct simple_xattr *xattr = NULL;
|
|
|
|
struct rb_node *rbp;
|
2012-08-23 20:53:28 +00:00
|
|
|
int ret = -ENODATA;
|
|
|
|
|
2022-11-04 12:52:42 +00:00
|
|
|
read_lock(&xattrs->lock);
|
|
|
|
rbp = rb_find(name, &xattrs->rb_root, rbtree_simple_xattr_cmp);
|
|
|
|
if (rbp) {
|
|
|
|
xattr = rb_entry(rbp, struct simple_xattr, rb_node);
|
2012-08-23 20:53:28 +00:00
|
|
|
ret = xattr->size;
|
|
|
|
if (buffer) {
|
|
|
|
if (size < xattr->size)
|
|
|
|
ret = -ERANGE;
|
|
|
|
else
|
|
|
|
memcpy(buffer, xattr->value, xattr->size);
|
|
|
|
}
|
|
|
|
}
|
2022-11-04 12:52:42 +00:00
|
|
|
read_unlock(&xattrs->lock);
|
2012-08-23 20:53:28 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2015-12-02 13:44:38 +00:00
|
|
|
/**
|
2022-11-04 12:52:42 +00:00
|
|
|
* simple_xattr_set - set an xattr object
|
|
|
|
* @xattrs: the header of the xattr object
|
|
|
|
* @name: the name of the xattr to retrieve
|
|
|
|
* @value: the value to store along the xattr
|
|
|
|
* @size: the size of @value
|
|
|
|
* @flags: the flags determining how to set the xattr
|
|
|
|
*
|
|
|
|
* Set a new xattr object.
|
|
|
|
* If @value is passed a new xattr object will be allocated. If XATTR_REPLACE
|
|
|
|
* is specified in @flags a matching xattr object for @name must already exist.
|
|
|
|
* If it does it will be replaced with the new xattr object. If it doesn't we
|
|
|
|
* fail. If XATTR_CREATE is specified and a matching xattr does already exist
|
|
|
|
* we fail. If it doesn't we create a new xattr. If @flags is zero we simply
|
|
|
|
* insert the new xattr replacing any existing one.
|
|
|
|
*
|
|
|
|
* If @value is empty and a matching xattr object is found we delete it if
|
|
|
|
* XATTR_REPLACE is specified in @flags or @flags is zero.
|
2015-12-02 13:44:38 +00:00
|
|
|
*
|
2022-11-04 12:52:42 +00:00
|
|
|
* If @value is empty and no matching xattr object for @name is found we do
|
|
|
|
* nothing if XATTR_CREATE is specified in @flags or @flags is zero. For
|
|
|
|
* XATTR_REPLACE we fail as mentioned above.
|
2015-12-02 13:44:38 +00:00
|
|
|
*
|
2023-08-09 04:30:59 +00:00
|
|
|
* Return: On success, the removed or replaced xattr is returned, to be freed
|
|
|
|
* by the caller; or NULL if none. On failure a negative error code is returned.
|
2015-12-02 13:44:38 +00:00
|
|
|
*/
|
2023-08-09 04:30:59 +00:00
|
|
|
struct simple_xattr *simple_xattr_set(struct simple_xattrs *xattrs,
|
|
|
|
const char *name, const void *value,
|
|
|
|
size_t size, int flags)
|
2012-08-23 20:53:28 +00:00
|
|
|
{
|
2023-08-09 04:30:59 +00:00
|
|
|
struct simple_xattr *old_xattr = NULL, *new_xattr = NULL;
|
2022-11-04 12:52:42 +00:00
|
|
|
struct rb_node *parent = NULL, **rbp;
|
|
|
|
int err = 0, ret;
|
2012-08-23 20:53:28 +00:00
|
|
|
|
|
|
|
/* value == NULL means remove */
|
|
|
|
if (value) {
|
|
|
|
new_xattr = simple_xattr_alloc(value, size);
|
|
|
|
if (!new_xattr)
|
2023-08-09 04:30:59 +00:00
|
|
|
return ERR_PTR(-ENOMEM);
|
2012-08-23 20:53:28 +00:00
|
|
|
|
2023-08-21 17:39:20 +00:00
|
|
|
new_xattr->name = kstrdup(name, GFP_KERNEL_ACCOUNT);
|
2012-08-23 20:53:28 +00:00
|
|
|
if (!new_xattr->name) {
|
2023-08-09 04:30:59 +00:00
|
|
|
simple_xattr_free(new_xattr);
|
|
|
|
return ERR_PTR(-ENOMEM);
|
2012-08-23 20:53:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-04 12:52:42 +00:00
|
|
|
write_lock(&xattrs->lock);
|
|
|
|
rbp = &xattrs->rb_root.rb_node;
|
|
|
|
while (*rbp) {
|
|
|
|
parent = *rbp;
|
|
|
|
ret = rbtree_simple_xattr_cmp(name, *rbp);
|
|
|
|
if (ret < 0)
|
|
|
|
rbp = &(*rbp)->rb_left;
|
|
|
|
else if (ret > 0)
|
|
|
|
rbp = &(*rbp)->rb_right;
|
|
|
|
else
|
2023-08-09 04:30:59 +00:00
|
|
|
old_xattr = rb_entry(*rbp, struct simple_xattr, rb_node);
|
|
|
|
if (old_xattr)
|
2022-11-04 12:52:42 +00:00
|
|
|
break;
|
2012-08-23 20:53:28 +00:00
|
|
|
}
|
2022-11-04 12:52:42 +00:00
|
|
|
|
2023-08-09 04:30:59 +00:00
|
|
|
if (old_xattr) {
|
2022-11-04 12:52:42 +00:00
|
|
|
/* Fail if XATTR_CREATE is requested and the xattr exists. */
|
|
|
|
if (flags & XATTR_CREATE) {
|
|
|
|
err = -EEXIST;
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (new_xattr)
|
2023-08-09 04:30:59 +00:00
|
|
|
rb_replace_node(&old_xattr->rb_node,
|
|
|
|
&new_xattr->rb_node, &xattrs->rb_root);
|
2022-11-04 12:52:42 +00:00
|
|
|
else
|
2023-08-09 04:30:59 +00:00
|
|
|
rb_erase(&old_xattr->rb_node, &xattrs->rb_root);
|
2022-11-04 12:52:42 +00:00
|
|
|
} else {
|
|
|
|
/* Fail if XATTR_REPLACE is requested but no xattr is found. */
|
|
|
|
if (flags & XATTR_REPLACE) {
|
|
|
|
err = -ENODATA;
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If XATTR_CREATE or no flags are specified together with a
|
|
|
|
* new value simply insert it.
|
|
|
|
*/
|
|
|
|
if (new_xattr) {
|
|
|
|
rb_link_node(&new_xattr->rb_node, parent, rbp);
|
|
|
|
rb_insert_color(&new_xattr->rb_node, &xattrs->rb_root);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If XATTR_CREATE or no flags are specified and neither an
|
|
|
|
* old or new xattr exist then we don't need to do anything.
|
|
|
|
*/
|
2012-08-23 20:53:28 +00:00
|
|
|
}
|
2022-11-04 12:52:42 +00:00
|
|
|
|
|
|
|
out_unlock:
|
|
|
|
write_unlock(&xattrs->lock);
|
2023-08-09 04:30:59 +00:00
|
|
|
if (!err)
|
|
|
|
return old_xattr;
|
|
|
|
simple_xattr_free(new_xattr);
|
|
|
|
return ERR_PTR(err);
|
2012-08-23 20:53:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static bool xattr_is_trusted(const char *name)
|
|
|
|
{
|
|
|
|
return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
|
|
|
|
}
|
|
|
|
|
2022-11-04 12:52:42 +00:00
|
|
|
/**
|
|
|
|
* simple_xattr_list - list all xattr objects
|
|
|
|
* @inode: inode from which to get the xattrs
|
|
|
|
* @xattrs: the header of the xattr object
|
|
|
|
* @buffer: the buffer to store all xattrs into
|
|
|
|
* @size: the size of @buffer
|
|
|
|
*
|
|
|
|
* List all xattrs associated with @inode. If @buffer is NULL we returned
|
|
|
|
* the required size of the buffer. If @buffer is provided we store the
|
|
|
|
* xattrs value into it provided it is big enough.
|
|
|
|
*
|
|
|
|
* Note, the number of xattr names that can be listed with listxattr(2) is
|
|
|
|
* limited to XATTR_LIST_MAX aka 65536 bytes. If a larger buffer is passed
|
|
|
|
* then vfs_listxattr() caps it to XATTR_LIST_MAX and if more xattr names
|
|
|
|
* are found it will return -E2BIG.
|
|
|
|
*
|
|
|
|
* Return: On success the required size or the size of the copied xattrs is
|
|
|
|
* returned. On error a negative error code is returned.
|
2012-08-23 20:53:28 +00:00
|
|
|
*/
|
2015-12-02 13:44:39 +00:00
|
|
|
ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
|
|
|
|
char *buffer, size_t size)
|
2012-08-23 20:53:28 +00:00
|
|
|
{
|
2022-11-03 15:12:05 +00:00
|
|
|
bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
|
2012-08-23 20:53:28 +00:00
|
|
|
struct simple_xattr *xattr;
|
2022-11-04 12:52:42 +00:00
|
|
|
struct rb_node *rbp;
|
2015-12-02 13:44:39 +00:00
|
|
|
ssize_t remaining_size = size;
|
2016-02-04 01:56:30 +00:00
|
|
|
int err = 0;
|
2015-12-02 13:44:39 +00:00
|
|
|
|
2023-02-01 13:14:52 +00:00
|
|
|
err = posix_acl_listxattr(inode, &buffer, &remaining_size);
|
|
|
|
if (err)
|
|
|
|
return err;
|
2012-08-23 20:53:28 +00:00
|
|
|
|
2022-11-04 12:52:42 +00:00
|
|
|
read_lock(&xattrs->lock);
|
|
|
|
for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
|
|
|
|
xattr = rb_entry(rbp, struct simple_xattr, rb_node);
|
|
|
|
|
2012-08-23 20:53:28 +00:00
|
|
|
/* skip "trusted." attributes for unprivileged callers */
|
|
|
|
if (!trusted && xattr_is_trusted(xattr->name))
|
|
|
|
continue;
|
|
|
|
|
2015-12-02 13:44:39 +00:00
|
|
|
err = xattr_list_one(&buffer, &remaining_size, xattr->name);
|
|
|
|
if (err)
|
2016-02-04 01:56:30 +00:00
|
|
|
break;
|
2012-08-23 20:53:28 +00:00
|
|
|
}
|
2022-11-04 12:52:42 +00:00
|
|
|
read_unlock(&xattrs->lock);
|
2012-08-23 20:53:28 +00:00
|
|
|
|
2016-02-04 01:56:30 +00:00
|
|
|
return err ? err : size - remaining_size;
|
2012-08-23 20:53:28 +00:00
|
|
|
}
|
|
|
|
|
2022-11-04 12:52:42 +00:00
|
|
|
/**
|
|
|
|
* rbtree_simple_xattr_less - compare two xattr rbtree nodes
|
|
|
|
* @new_node: new node
|
|
|
|
* @node: current node
|
|
|
|
*
|
|
|
|
* Compare the xattr attached to @new_node with the xattr attached to @node.
|
|
|
|
* Note that this function technically tolerates duplicate entries.
|
|
|
|
*
|
|
|
|
* Return: True if insertion point in the rbtree is found.
|
2012-09-11 20:28:11 +00:00
|
|
|
*/
|
2022-11-04 12:52:42 +00:00
|
|
|
static bool rbtree_simple_xattr_less(struct rb_node *new_node,
|
|
|
|
const struct rb_node *node)
|
2012-08-23 20:53:28 +00:00
|
|
|
{
|
2022-11-04 12:52:42 +00:00
|
|
|
return rbtree_simple_xattr_node_cmp(new_node, node) < 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* simple_xattr_add - add xattr objects
|
|
|
|
* @xattrs: the header of the xattr object
|
|
|
|
* @new_xattr: the xattr object to add
|
|
|
|
*
|
|
|
|
* Add an xattr object to @xattrs. This assumes no replacement or removal
|
|
|
|
* of matching xattrs is wanted. Should only be called during inode
|
|
|
|
* initialization when a few distinct initial xattrs are supposed to be set.
|
|
|
|
*/
|
|
|
|
void simple_xattr_add(struct simple_xattrs *xattrs,
|
|
|
|
struct simple_xattr *new_xattr)
|
|
|
|
{
|
|
|
|
write_lock(&xattrs->lock);
|
|
|
|
rb_add(&new_xattr->rb_node, &xattrs->rb_root, rbtree_simple_xattr_less);
|
|
|
|
write_unlock(&xattrs->lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* simple_xattrs_init - initialize new xattr header
|
|
|
|
* @xattrs: header to initialize
|
|
|
|
*
|
|
|
|
* Initialize relevant fields of a an xattr header.
|
2012-09-11 20:28:11 +00:00
|
|
|
*/
|
2022-11-04 12:52:42 +00:00
|
|
|
void simple_xattrs_init(struct simple_xattrs *xattrs)
|
2012-08-23 20:53:28 +00:00
|
|
|
{
|
2022-11-04 12:52:42 +00:00
|
|
|
xattrs->rb_root = RB_ROOT;
|
|
|
|
rwlock_init(&xattrs->lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* simple_xattrs_free - free xattrs
|
|
|
|
* @xattrs: xattr header whose xattrs to destroy
|
2023-08-09 04:33:56 +00:00
|
|
|
* @freed_space: approximate number of bytes of memory freed from @xattrs
|
2022-11-04 12:52:42 +00:00
|
|
|
*
|
|
|
|
* Destroy all xattrs in @xattr. When this is called no one can hold a
|
|
|
|
* reference to any of the xattrs anymore.
|
|
|
|
*/
|
2023-08-09 04:33:56 +00:00
|
|
|
void simple_xattrs_free(struct simple_xattrs *xattrs, size_t *freed_space)
|
2022-11-04 12:52:42 +00:00
|
|
|
{
|
|
|
|
struct rb_node *rbp;
|
|
|
|
|
2023-08-09 04:33:56 +00:00
|
|
|
if (freed_space)
|
|
|
|
*freed_space = 0;
|
2022-11-04 12:52:42 +00:00
|
|
|
rbp = rb_first(&xattrs->rb_root);
|
|
|
|
while (rbp) {
|
|
|
|
struct simple_xattr *xattr;
|
|
|
|
struct rb_node *rbp_next;
|
|
|
|
|
|
|
|
rbp_next = rb_next(rbp);
|
|
|
|
xattr = rb_entry(rbp, struct simple_xattr, rb_node);
|
|
|
|
rb_erase(&xattr->rb_node, &xattrs->rb_root);
|
2023-08-09 04:33:56 +00:00
|
|
|
if (freed_space)
|
|
|
|
*freed_space += simple_xattr_space(xattr->name,
|
|
|
|
xattr->size);
|
2023-08-09 04:30:59 +00:00
|
|
|
simple_xattr_free(xattr);
|
2022-11-04 12:52:42 +00:00
|
|
|
rbp = rbp_next;
|
|
|
|
}
|
2012-08-23 20:53:28 +00:00
|
|
|
}
|