1 // SPDX-License-Identifier: GPL-2.0-only
5 Extended attribute handling.
7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
12 #include <linux/slab.h>
13 #include <linux/file.h>
14 #include <linux/xattr.h>
15 #include <linux/mount.h>
16 #include <linux/namei.h>
17 #include <linux/security.h>
18 #include <linux/evm.h>
19 #include <linux/syscalls.h>
20 #include <linux/export.h>
21 #include <linux/fsnotify.h>
22 #include <linux/audit.h>
23 #include <linux/vmalloc.h>
24 #include <linux/posix_acl_xattr.h>
26 #include <linux/uaccess.h>
31 strcmp_prefix(const char *a, const char *a_prefix)
33 while (*a_prefix && *a == *a_prefix) {
37 return *a_prefix ? NULL : a;
41 * In order to implement different sets of xattr operations for each xattr
42 * prefix, a filesystem should create a null-terminated array of struct
43 * xattr_handler (one for each prefix) and hang a pointer to it off of the
44 * s_xattr field of the superblock.
46 #define for_each_xattr_handler(handlers, handler) \
48 for ((handler) = *(handlers)++; \
50 (handler) = *(handlers)++)
53 * Find the xattr_handler with the matching prefix.
55 static const struct xattr_handler *
56 xattr_resolve_name(struct inode *inode, const char **name)
58 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
59 const struct xattr_handler *handler;
61 if (!(inode->i_opflags & IOP_XATTR)) {
62 if (unlikely(is_bad_inode(inode)))
64 return ERR_PTR(-EOPNOTSUPP);
66 for_each_xattr_handler(handlers, handler) {
69 n = strcmp_prefix(*name, xattr_prefix(handler));
71 if (!handler->prefix ^ !*n) {
74 return ERR_PTR(-EINVAL);
80 return ERR_PTR(-EOPNOTSUPP);
84 * may_write_xattr - check whether inode allows writing xattr
85 * @mnt_userns: User namespace of the mount the inode was found from
86 * @inode: the inode on which to set an xattr
88 * Check whether the inode allows writing xattrs. Specifically, we can never
89 * set or remove an extended attribute on a read-only filesystem or on an
90 * immutable / append-only inode.
92 * We also need to ensure that the inode has a mapping in the mount to
93 * not risk writing back invalid i_{g,u}id values.
95 * Return: On success zero is returned. On error a negative errno is returned.
97 int may_write_xattr(struct user_namespace *mnt_userns, struct inode *inode)
99 if (IS_IMMUTABLE(inode))
101 if (IS_APPEND(inode))
103 if (HAS_UNMAPPED_ID(mnt_userns, inode))
109 * Check permissions for extended attribute access. This is a bit complicated
110 * because different namespaces have very different rules.
113 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
114 const char *name, int mask)
116 if (mask & MAY_WRITE) {
119 ret = may_write_xattr(mnt_userns, inode);
125 * No restriction for security.* and system.* from the VFS. Decision
126 * on these is left to the underlying filesystem / security module.
128 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
129 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
133 * The trusted.* namespace can only be accessed by privileged users.
135 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
136 if (!capable(CAP_SYS_ADMIN))
137 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
142 * In the user.* namespace, only regular files and directories can have
143 * extended attributes. For sticky directories, only the owner and
144 * privileged users can write attributes.
146 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
147 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
148 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
149 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
150 (mask & MAY_WRITE) &&
151 !inode_owner_or_capable(mnt_userns, inode))
155 return inode_permission(mnt_userns, inode, mask);
159 * Look for any handler that deals with the specified namespace.
162 xattr_supported_namespace(struct inode *inode, const char *prefix)
164 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
165 const struct xattr_handler *handler;
168 if (!(inode->i_opflags & IOP_XATTR)) {
169 if (unlikely(is_bad_inode(inode)))
174 preflen = strlen(prefix);
176 for_each_xattr_handler(handlers, handler) {
177 if (!strncmp(xattr_prefix(handler), prefix, preflen))
183 EXPORT_SYMBOL(xattr_supported_namespace);
186 __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
187 struct inode *inode, const char *name, const void *value,
188 size_t size, int flags)
190 const struct xattr_handler *handler;
192 if (is_posix_acl_xattr(name))
195 handler = xattr_resolve_name(inode, &name);
197 return PTR_ERR(handler);
201 value = ""; /* empty EA, do not remove */
202 return handler->set(handler, mnt_userns, dentry, inode, name, value,
205 EXPORT_SYMBOL(__vfs_setxattr);
208 * __vfs_setxattr_noperm - perform setxattr operation without performing
211 * @mnt_userns: user namespace of the mount the inode was found from
212 * @dentry: object to perform setxattr on
213 * @name: xattr name to set
214 * @value: value to set @name to
215 * @size: size of @value
216 * @flags: flags to pass into filesystem operations
218 * returns the result of the internal setxattr or setsecurity operations.
220 * This function requires the caller to lock the inode's i_mutex before it
221 * is executed. It also assumes that the caller will make the appropriate
224 int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
225 struct dentry *dentry, const char *name,
226 const void *value, size_t size, int flags)
228 struct inode *inode = dentry->d_inode;
230 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
231 XATTR_SECURITY_PREFIX_LEN);
234 inode->i_flags &= ~S_NOSEC;
235 if (inode->i_opflags & IOP_XATTR) {
236 error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
239 fsnotify_xattr(dentry);
240 security_inode_post_setxattr(dentry, name, value,
244 if (unlikely(is_bad_inode(inode)))
247 if (error == -EAGAIN) {
251 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
253 error = security_inode_setsecurity(inode, suffix, value,
256 fsnotify_xattr(dentry);
264 * __vfs_setxattr_locked - set an extended attribute while holding the inode
267 * @mnt_userns: user namespace of the mount of the target inode
268 * @dentry: object to perform setxattr on
269 * @name: xattr name to set
270 * @value: value to set @name to
271 * @size: size of @value
272 * @flags: flags to pass into filesystem operations
273 * @delegated_inode: on return, will contain an inode pointer that
274 * a delegation was broken on, NULL if none.
277 __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
278 const char *name, const void *value, size_t size,
279 int flags, struct inode **delegated_inode)
281 struct inode *inode = dentry->d_inode;
284 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
288 error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
293 error = try_break_deleg(inode, delegated_inode);
297 error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
303 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
306 vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
307 const char *name, const void *value, size_t size, int flags)
309 struct inode *inode = dentry->d_inode;
310 struct inode *delegated_inode = NULL;
311 const void *orig_value = value;
314 if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
315 error = cap_convert_nscap(mnt_userns, dentry, &value, size);
323 error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
324 flags, &delegated_inode);
327 if (delegated_inode) {
328 error = break_deleg_wait(&delegated_inode);
332 if (value != orig_value)
337 EXPORT_SYMBOL_GPL(vfs_setxattr);
340 xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
341 const char *name, void *value, size_t size)
346 if (!value || !size) {
347 len = security_inode_getsecurity(mnt_userns, inode, name,
352 len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
360 memcpy(value, buffer, len);
368 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
370 * Allocate memory, if not already allocated, or re-allocate correct size,
371 * before retrieving the extended attribute.
373 * Returns the result of alloc, if failed, or the getxattr operation.
376 vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
377 const char *name, char **xattr_value, size_t xattr_size,
380 const struct xattr_handler *handler;
381 struct inode *inode = dentry->d_inode;
382 char *value = *xattr_value;
385 error = xattr_permission(mnt_userns, inode, name, MAY_READ);
389 handler = xattr_resolve_name(inode, &name);
391 return PTR_ERR(handler);
394 error = handler->get(handler, dentry, inode, name, NULL, 0);
398 if (!value || (error > xattr_size)) {
399 value = krealloc(*xattr_value, error + 1, flags);
402 memset(value, 0, error + 1);
405 error = handler->get(handler, dentry, inode, name, value, error);
406 *xattr_value = value;
411 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
412 void *value, size_t size)
414 const struct xattr_handler *handler;
416 if (is_posix_acl_xattr(name))
419 handler = xattr_resolve_name(inode, &name);
421 return PTR_ERR(handler);
424 return handler->get(handler, dentry, inode, name, value, size);
426 EXPORT_SYMBOL(__vfs_getxattr);
429 vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
430 const char *name, void *value, size_t size)
432 struct inode *inode = dentry->d_inode;
435 error = xattr_permission(mnt_userns, inode, name, MAY_READ);
439 error = security_inode_getxattr(dentry, name);
443 if (!strncmp(name, XATTR_SECURITY_PREFIX,
444 XATTR_SECURITY_PREFIX_LEN)) {
445 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
446 int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
449 * Only overwrite the return value if a security module
450 * is actually active.
452 if (ret == -EOPNOTSUPP)
457 return __vfs_getxattr(dentry, inode, name, value, size);
459 EXPORT_SYMBOL_GPL(vfs_getxattr);
462 vfs_listxattr(struct dentry *dentry, char *list, size_t size)
464 struct inode *inode = d_inode(dentry);
467 error = security_inode_listxattr(dentry);
470 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
471 error = inode->i_op->listxattr(dentry, list, size);
473 error = security_inode_listsecurity(inode, list, size);
474 if (size && error > size)
479 EXPORT_SYMBOL_GPL(vfs_listxattr);
482 __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
485 struct inode *inode = d_inode(dentry);
486 const struct xattr_handler *handler;
488 if (is_posix_acl_xattr(name))
491 handler = xattr_resolve_name(inode, &name);
493 return PTR_ERR(handler);
496 return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
499 EXPORT_SYMBOL(__vfs_removexattr);
502 * __vfs_removexattr_locked - set an extended attribute while holding the inode
505 * @mnt_userns: user namespace of the mount of the target inode
506 * @dentry: object to perform setxattr on
507 * @name: name of xattr to remove
508 * @delegated_inode: on return, will contain an inode pointer that
509 * a delegation was broken on, NULL if none.
512 __vfs_removexattr_locked(struct user_namespace *mnt_userns,
513 struct dentry *dentry, const char *name,
514 struct inode **delegated_inode)
516 struct inode *inode = dentry->d_inode;
519 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
523 error = security_inode_removexattr(mnt_userns, dentry, name);
527 error = try_break_deleg(inode, delegated_inode);
531 error = __vfs_removexattr(mnt_userns, dentry, name);
534 fsnotify_xattr(dentry);
535 evm_inode_post_removexattr(dentry, name);
541 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
544 vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
547 struct inode *inode = dentry->d_inode;
548 struct inode *delegated_inode = NULL;
553 error = __vfs_removexattr_locked(mnt_userns, dentry,
554 name, &delegated_inode);
557 if (delegated_inode) {
558 error = break_deleg_wait(&delegated_inode);
565 EXPORT_SYMBOL_GPL(vfs_removexattr);
568 * Extended attribute SET operations
571 int setxattr_copy(const char __user *name, struct xattr_ctx *ctx)
575 if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE))
578 error = strncpy_from_user(ctx->kname->name, name,
579 sizeof(ctx->kname->name));
580 if (error == 0 || error == sizeof(ctx->kname->name))
587 if (ctx->size > XATTR_SIZE_MAX)
590 ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size);
591 if (IS_ERR(ctx->kvalue)) {
592 error = PTR_ERR(ctx->kvalue);
600 int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
601 struct xattr_ctx *ctx)
603 if (is_posix_acl_xattr(ctx->kname->name))
604 return do_set_acl(idmap, dentry, ctx->kname->name,
605 ctx->kvalue, ctx->size);
607 return vfs_setxattr(mnt_idmap_owner(idmap), dentry, ctx->kname->name,
608 ctx->kvalue, ctx->size, ctx->flags);
612 setxattr(struct mnt_idmap *idmap, struct dentry *d,
613 const char __user *name, const void __user *value, size_t size,
616 struct xattr_name kname;
617 struct xattr_ctx ctx = {
626 error = setxattr_copy(name, &ctx);
630 error = do_setxattr(idmap, d, &ctx);
636 static int path_setxattr(const char __user *pathname,
637 const char __user *name, const void __user *value,
638 size_t size, int flags, unsigned int lookup_flags)
644 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
647 error = mnt_want_write(path.mnt);
649 error = setxattr(mnt_idmap(path.mnt), path.dentry, name,
651 mnt_drop_write(path.mnt);
654 if (retry_estale(error, lookup_flags)) {
655 lookup_flags |= LOOKUP_REVAL;
661 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
662 const char __user *, name, const void __user *, value,
663 size_t, size, int, flags)
665 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
668 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
669 const char __user *, name, const void __user *, value,
670 size_t, size, int, flags)
672 return path_setxattr(pathname, name, value, size, flags, 0);
675 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
676 const void __user *,value, size_t, size, int, flags)
678 struct fd f = fdget(fd);
684 error = mnt_want_write_file(f.file);
686 error = setxattr(file_mnt_idmap(f.file),
687 f.file->f_path.dentry, name,
689 mnt_drop_write_file(f.file);
696 * Extended attribute GET operations
699 do_getxattr(struct mnt_idmap *idmap, struct dentry *d,
700 struct xattr_ctx *ctx)
703 char *kname = ctx->kname->name;
706 if (ctx->size > XATTR_SIZE_MAX)
707 ctx->size = XATTR_SIZE_MAX;
708 ctx->kvalue = kvzalloc(ctx->size, GFP_KERNEL);
713 if (is_posix_acl_xattr(ctx->kname->name))
714 error = do_get_acl(idmap, d, kname, ctx->kvalue, ctx->size);
716 error = vfs_getxattr(mnt_idmap_owner(idmap), d, kname,
717 ctx->kvalue, ctx->size);
719 if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error))
721 } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) {
722 /* The file system tried to returned a value bigger
723 than XATTR_SIZE_MAX bytes. Not possible. */
731 getxattr(struct mnt_idmap *idmap, struct dentry *d,
732 const char __user *name, void __user *value, size_t size)
735 struct xattr_name kname;
736 struct xattr_ctx ctx = {
744 error = strncpy_from_user(kname.name, name, sizeof(kname.name));
745 if (error == 0 || error == sizeof(kname.name))
750 error = do_getxattr(idmap, d, &ctx);
756 static ssize_t path_getxattr(const char __user *pathname,
757 const char __user *name, void __user *value,
758 size_t size, unsigned int lookup_flags)
763 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
766 error = getxattr(mnt_idmap(path.mnt), path.dentry, name, value, size);
768 if (retry_estale(error, lookup_flags)) {
769 lookup_flags |= LOOKUP_REVAL;
775 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
776 const char __user *, name, void __user *, value, size_t, size)
778 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
781 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
782 const char __user *, name, void __user *, value, size_t, size)
784 return path_getxattr(pathname, name, value, size, 0);
787 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
788 void __user *, value, size_t, size)
790 struct fd f = fdget(fd);
791 ssize_t error = -EBADF;
796 error = getxattr(file_mnt_idmap(f.file), f.file->f_path.dentry,
803 * Extended attribute LIST operations
806 listxattr(struct dentry *d, char __user *list, size_t size)
812 if (size > XATTR_LIST_MAX)
813 size = XATTR_LIST_MAX;
814 klist = kvmalloc(size, GFP_KERNEL);
819 error = vfs_listxattr(d, klist, size);
821 if (size && copy_to_user(list, klist, error))
823 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
824 /* The file system tried to returned a list bigger
825 than XATTR_LIST_MAX bytes. Not possible. */
834 static ssize_t path_listxattr(const char __user *pathname, char __user *list,
835 size_t size, unsigned int lookup_flags)
840 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
843 error = listxattr(path.dentry, list, size);
845 if (retry_estale(error, lookup_flags)) {
846 lookup_flags |= LOOKUP_REVAL;
852 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
855 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
858 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
861 return path_listxattr(pathname, list, size, 0);
864 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
866 struct fd f = fdget(fd);
867 ssize_t error = -EBADF;
872 error = listxattr(f.file->f_path.dentry, list, size);
878 * Extended attribute REMOVE operations
881 removexattr(struct mnt_idmap *idmap, struct dentry *d,
882 const char __user *name)
885 char kname[XATTR_NAME_MAX + 1];
887 error = strncpy_from_user(kname, name, sizeof(kname));
888 if (error == 0 || error == sizeof(kname))
893 if (is_posix_acl_xattr(kname))
894 return vfs_remove_acl(mnt_idmap_owner(idmap), d, kname);
896 return vfs_removexattr(mnt_idmap_owner(idmap), d, kname);
899 static int path_removexattr(const char __user *pathname,
900 const char __user *name, unsigned int lookup_flags)
905 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
908 error = mnt_want_write(path.mnt);
910 error = removexattr(mnt_idmap(path.mnt), path.dentry, name);
911 mnt_drop_write(path.mnt);
914 if (retry_estale(error, lookup_flags)) {
915 lookup_flags |= LOOKUP_REVAL;
921 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
922 const char __user *, name)
924 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
927 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
928 const char __user *, name)
930 return path_removexattr(pathname, name, 0);
933 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
935 struct fd f = fdget(fd);
941 error = mnt_want_write_file(f.file);
943 error = removexattr(file_mnt_idmap(f.file),
944 f.file->f_path.dentry, name);
945 mnt_drop_write_file(f.file);
952 * Combine the results of the list() operation from every xattr_handler in the
956 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
958 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
959 unsigned int size = 0;
962 for_each_xattr_handler(handlers, handler) {
963 if (!handler->name ||
964 (handler->list && !handler->list(dentry)))
966 size += strlen(handler->name) + 1;
972 for_each_xattr_handler(handlers, handler) {
973 if (!handler->name ||
974 (handler->list && !handler->list(dentry)))
976 len = strlen(handler->name);
977 if (len + 1 > buffer_size)
979 memcpy(buf, handler->name, len + 1);
981 buffer_size -= len + 1;
987 EXPORT_SYMBOL(generic_listxattr);
990 * xattr_full_name - Compute full attribute name from suffix
992 * @handler: handler of the xattr_handler operation
993 * @name: name passed to the xattr_handler operation
995 * The get and set xattr handler operations are called with the remainder of
996 * the attribute name after skipping the handler's prefix: for example, "foo"
997 * is passed to the get operation of a handler with prefix "user." to get
998 * attribute "user.foo". The full name is still "there" in the name though.
1000 * Note: the list xattr handler operation when called from the vfs is passed a
1001 * NULL name; some file systems use this operation internally, with varying
1004 const char *xattr_full_name(const struct xattr_handler *handler,
1007 size_t prefix_len = strlen(xattr_prefix(handler));
1009 return name - prefix_len;
1011 EXPORT_SYMBOL(xattr_full_name);
1014 * Allocate new xattr and copy in the value; but leave the name to callers.
1016 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
1018 struct simple_xattr *new_xattr;
1022 len = sizeof(*new_xattr) + size;
1023 if (len < sizeof(*new_xattr))
1026 new_xattr = kvmalloc(len, GFP_KERNEL);
1030 new_xattr->size = size;
1031 memcpy(new_xattr->value, value, size);
1036 * xattr GET operation for in-memory/pseudo filesystems
1038 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
1039 void *buffer, size_t size)
1041 struct simple_xattr *xattr;
1044 spin_lock(&xattrs->lock);
1045 list_for_each_entry(xattr, &xattrs->head, list) {
1046 if (strcmp(name, xattr->name))
1051 if (size < xattr->size)
1054 memcpy(buffer, xattr->value, xattr->size);
1058 spin_unlock(&xattrs->lock);
1063 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
1064 * @xattrs: target simple_xattr list
1065 * @name: name of the extended attribute
1066 * @value: value of the xattr. If %NULL, will remove the attribute.
1067 * @size: size of the new xattr
1068 * @flags: %XATTR_{CREATE|REPLACE}
1069 * @removed_size: returns size of the removed xattr, -1 if none removed
1071 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
1072 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
1073 * otherwise, fails with -ENODATA.
1075 * Returns 0 on success, -errno on failure.
1077 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
1078 const void *value, size_t size, int flags,
1079 ssize_t *removed_size)
1081 struct simple_xattr *xattr;
1082 struct simple_xattr *new_xattr = NULL;
1088 /* value == NULL means remove */
1090 new_xattr = simple_xattr_alloc(value, size);
1094 new_xattr->name = kstrdup(name, GFP_KERNEL);
1095 if (!new_xattr->name) {
1101 spin_lock(&xattrs->lock);
1102 list_for_each_entry(xattr, &xattrs->head, list) {
1103 if (!strcmp(name, xattr->name)) {
1104 if (flags & XATTR_CREATE) {
1107 } else if (new_xattr) {
1108 list_replace(&xattr->list, &new_xattr->list);
1110 *removed_size = xattr->size;
1112 list_del(&xattr->list);
1114 *removed_size = xattr->size;
1119 if (flags & XATTR_REPLACE) {
1123 list_add(&new_xattr->list, &xattrs->head);
1127 spin_unlock(&xattrs->lock);
1136 static bool xattr_is_trusted(const char *name)
1138 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
1141 static int xattr_list_one(char **buffer, ssize_t *remaining_size,
1144 size_t len = strlen(name) + 1;
1146 if (*remaining_size < len)
1148 memcpy(*buffer, name, len);
1151 *remaining_size -= len;
1156 * xattr LIST operation for in-memory/pseudo filesystems
1158 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1159 char *buffer, size_t size)
1161 bool trusted = capable(CAP_SYS_ADMIN);
1162 struct simple_xattr *xattr;
1163 ssize_t remaining_size = size;
1166 #ifdef CONFIG_FS_POSIX_ACL
1167 if (IS_POSIXACL(inode)) {
1169 err = xattr_list_one(&buffer, &remaining_size,
1170 XATTR_NAME_POSIX_ACL_ACCESS);
1174 if (inode->i_default_acl) {
1175 err = xattr_list_one(&buffer, &remaining_size,
1176 XATTR_NAME_POSIX_ACL_DEFAULT);
1183 spin_lock(&xattrs->lock);
1184 list_for_each_entry(xattr, &xattrs->head, list) {
1185 /* skip "trusted." attributes for unprivileged callers */
1186 if (!trusted && xattr_is_trusted(xattr->name))
1189 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1193 spin_unlock(&xattrs->lock);
1195 return err ? err : size - remaining_size;
1199 * Adds an extended attribute to the list
1201 void simple_xattr_list_add(struct simple_xattrs *xattrs,
1202 struct simple_xattr *new_xattr)
1204 spin_lock(&xattrs->lock);
1205 list_add(&new_xattr->list, &xattrs->head);
1206 spin_unlock(&xattrs->lock);