1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/namei.h> 15 #include <linux/security.h> 16 #include <linux/syscalls.h> 17 #include <linux/module.h> 18 #include <linux/fsnotify.h> 19 #include <linux/audit.h> 20 #include <asm/uaccess.h> 21 22 23 /* 24 * Check permissions for extended attribute access. This is a bit complicated 25 * because different namespaces have very different rules. 26 */ 27 static int 28 xattr_permission(struct inode *inode, const char *name, int mask) 29 { 30 /* 31 * We can never set or remove an extended attribute on a read-only 32 * filesystem or on an immutable / append-only inode. 33 */ 34 if (mask & MAY_WRITE) { 35 if (IS_RDONLY(inode)) 36 return -EROFS; 37 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 38 return -EPERM; 39 } 40 41 /* 42 * No restriction for security.* and system.* from the VFS. Decision 43 * on these is left to the underlying filesystem / security module. 44 */ 45 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 46 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 47 return 0; 48 49 /* 50 * The trusted.* namespace can only be accessed by a privileged user. 51 */ 52 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) 53 return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); 54 55 /* In user.* namespace, only regular files and directories can have 56 * extended attributes. For sticky directories, only the owner and 57 * privileged user can write attributes. 58 */ 59 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 60 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 61 return -EPERM; 62 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 63 (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) && 64 !capable(CAP_FOWNER)) 65 return -EPERM; 66 } 67 68 return permission(inode, mask, NULL); 69 } 70 71 int 72 vfs_setxattr(struct dentry *dentry, char *name, void *value, 73 size_t size, int flags) 74 { 75 struct inode *inode = dentry->d_inode; 76 int error; 77 78 error = xattr_permission(inode, name, MAY_WRITE); 79 if (error) 80 return error; 81 82 mutex_lock(&inode->i_mutex); 83 error = security_inode_setxattr(dentry, name, value, size, flags); 84 if (error) 85 goto out; 86 error = -EOPNOTSUPP; 87 if (inode->i_op->setxattr) { 88 error = inode->i_op->setxattr(dentry, name, value, size, flags); 89 if (!error) { 90 fsnotify_xattr(dentry); 91 security_inode_post_setxattr(dentry, name, value, 92 size, flags); 93 } 94 } else if (!strncmp(name, XATTR_SECURITY_PREFIX, 95 XATTR_SECURITY_PREFIX_LEN)) { 96 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 97 error = security_inode_setsecurity(inode, suffix, value, 98 size, flags); 99 if (!error) 100 fsnotify_xattr(dentry); 101 } 102 out: 103 mutex_unlock(&inode->i_mutex); 104 return error; 105 } 106 EXPORT_SYMBOL_GPL(vfs_setxattr); 107 108 ssize_t 109 vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size) 110 { 111 struct inode *inode = dentry->d_inode; 112 int error; 113 114 error = xattr_permission(inode, name, MAY_READ); 115 if (error) 116 return error; 117 118 error = security_inode_getxattr(dentry, name); 119 if (error) 120 return error; 121 122 if (inode->i_op->getxattr) 123 error = inode->i_op->getxattr(dentry, name, value, size); 124 else 125 error = -EOPNOTSUPP; 126 127 if (!strncmp(name, XATTR_SECURITY_PREFIX, 128 XATTR_SECURITY_PREFIX_LEN)) { 129 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 130 int ret = security_inode_getsecurity(inode, suffix, value, 131 size, error); 132 /* 133 * Only overwrite the return value if a security module 134 * is actually active. 135 */ 136 if (ret != -EOPNOTSUPP) 137 error = ret; 138 } 139 140 return error; 141 } 142 EXPORT_SYMBOL_GPL(vfs_getxattr); 143 144 ssize_t 145 vfs_listxattr(struct dentry *d, char *list, size_t size) 146 { 147 ssize_t error; 148 149 error = security_inode_listxattr(d); 150 if (error) 151 return error; 152 error = -EOPNOTSUPP; 153 if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { 154 error = d->d_inode->i_op->listxattr(d, list, size); 155 } else { 156 error = security_inode_listsecurity(d->d_inode, list, size); 157 if (size && error > size) 158 error = -ERANGE; 159 } 160 return error; 161 } 162 EXPORT_SYMBOL_GPL(vfs_listxattr); 163 164 int 165 vfs_removexattr(struct dentry *dentry, char *name) 166 { 167 struct inode *inode = dentry->d_inode; 168 int error; 169 170 if (!inode->i_op->removexattr) 171 return -EOPNOTSUPP; 172 173 error = xattr_permission(inode, name, MAY_WRITE); 174 if (error) 175 return error; 176 177 error = security_inode_removexattr(dentry, name); 178 if (error) 179 return error; 180 181 mutex_lock(&inode->i_mutex); 182 error = inode->i_op->removexattr(dentry, name); 183 mutex_unlock(&inode->i_mutex); 184 185 if (!error) 186 fsnotify_xattr(dentry); 187 return error; 188 } 189 EXPORT_SYMBOL_GPL(vfs_removexattr); 190 191 192 /* 193 * Extended attribute SET operations 194 */ 195 static long 196 setxattr(struct dentry *d, char __user *name, void __user *value, 197 size_t size, int flags) 198 { 199 int error; 200 void *kvalue = NULL; 201 char kname[XATTR_NAME_MAX + 1]; 202 203 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 204 return -EINVAL; 205 206 error = strncpy_from_user(kname, name, sizeof(kname)); 207 if (error == 0 || error == sizeof(kname)) 208 error = -ERANGE; 209 if (error < 0) 210 return error; 211 212 if (size) { 213 if (size > XATTR_SIZE_MAX) 214 return -E2BIG; 215 kvalue = kmalloc(size, GFP_KERNEL); 216 if (!kvalue) 217 return -ENOMEM; 218 if (copy_from_user(kvalue, value, size)) { 219 kfree(kvalue); 220 return -EFAULT; 221 } 222 } 223 224 error = vfs_setxattr(d, kname, kvalue, size, flags); 225 kfree(kvalue); 226 return error; 227 } 228 229 asmlinkage long 230 sys_setxattr(char __user *path, char __user *name, void __user *value, 231 size_t size, int flags) 232 { 233 struct nameidata nd; 234 int error; 235 236 error = user_path_walk(path, &nd); 237 if (error) 238 return error; 239 error = setxattr(nd.dentry, name, value, size, flags); 240 path_release(&nd); 241 return error; 242 } 243 244 asmlinkage long 245 sys_lsetxattr(char __user *path, char __user *name, void __user *value, 246 size_t size, int flags) 247 { 248 struct nameidata nd; 249 int error; 250 251 error = user_path_walk_link(path, &nd); 252 if (error) 253 return error; 254 error = setxattr(nd.dentry, name, value, size, flags); 255 path_release(&nd); 256 return error; 257 } 258 259 asmlinkage long 260 sys_fsetxattr(int fd, char __user *name, void __user *value, 261 size_t size, int flags) 262 { 263 struct file *f; 264 struct dentry *dentry; 265 int error = -EBADF; 266 267 f = fget(fd); 268 if (!f) 269 return error; 270 dentry = f->f_path.dentry; 271 audit_inode(NULL, dentry->d_inode); 272 error = setxattr(dentry, name, value, size, flags); 273 fput(f); 274 return error; 275 } 276 277 /* 278 * Extended attribute GET operations 279 */ 280 static ssize_t 281 getxattr(struct dentry *d, char __user *name, void __user *value, size_t size) 282 { 283 ssize_t error; 284 void *kvalue = NULL; 285 char kname[XATTR_NAME_MAX + 1]; 286 287 error = strncpy_from_user(kname, name, sizeof(kname)); 288 if (error == 0 || error == sizeof(kname)) 289 error = -ERANGE; 290 if (error < 0) 291 return error; 292 293 if (size) { 294 if (size > XATTR_SIZE_MAX) 295 size = XATTR_SIZE_MAX; 296 kvalue = kzalloc(size, GFP_KERNEL); 297 if (!kvalue) 298 return -ENOMEM; 299 } 300 301 error = vfs_getxattr(d, kname, kvalue, size); 302 if (error > 0) { 303 if (size && copy_to_user(value, kvalue, error)) 304 error = -EFAULT; 305 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 306 /* The file system tried to returned a value bigger 307 than XATTR_SIZE_MAX bytes. Not possible. */ 308 error = -E2BIG; 309 } 310 kfree(kvalue); 311 return error; 312 } 313 314 asmlinkage ssize_t 315 sys_getxattr(char __user *path, char __user *name, void __user *value, 316 size_t size) 317 { 318 struct nameidata nd; 319 ssize_t error; 320 321 error = user_path_walk(path, &nd); 322 if (error) 323 return error; 324 error = getxattr(nd.dentry, name, value, size); 325 path_release(&nd); 326 return error; 327 } 328 329 asmlinkage ssize_t 330 sys_lgetxattr(char __user *path, char __user *name, void __user *value, 331 size_t size) 332 { 333 struct nameidata nd; 334 ssize_t error; 335 336 error = user_path_walk_link(path, &nd); 337 if (error) 338 return error; 339 error = getxattr(nd.dentry, name, value, size); 340 path_release(&nd); 341 return error; 342 } 343 344 asmlinkage ssize_t 345 sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) 346 { 347 struct file *f; 348 ssize_t error = -EBADF; 349 350 f = fget(fd); 351 if (!f) 352 return error; 353 audit_inode(NULL, f->f_path.dentry->d_inode); 354 error = getxattr(f->f_path.dentry, name, value, size); 355 fput(f); 356 return error; 357 } 358 359 /* 360 * Extended attribute LIST operations 361 */ 362 static ssize_t 363 listxattr(struct dentry *d, char __user *list, size_t size) 364 { 365 ssize_t error; 366 char *klist = NULL; 367 368 if (size) { 369 if (size > XATTR_LIST_MAX) 370 size = XATTR_LIST_MAX; 371 klist = kmalloc(size, GFP_KERNEL); 372 if (!klist) 373 return -ENOMEM; 374 } 375 376 error = vfs_listxattr(d, klist, size); 377 if (error > 0) { 378 if (size && copy_to_user(list, klist, error)) 379 error = -EFAULT; 380 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 381 /* The file system tried to returned a list bigger 382 than XATTR_LIST_MAX bytes. Not possible. */ 383 error = -E2BIG; 384 } 385 kfree(klist); 386 return error; 387 } 388 389 asmlinkage ssize_t 390 sys_listxattr(char __user *path, char __user *list, size_t size) 391 { 392 struct nameidata nd; 393 ssize_t error; 394 395 error = user_path_walk(path, &nd); 396 if (error) 397 return error; 398 error = listxattr(nd.dentry, list, size); 399 path_release(&nd); 400 return error; 401 } 402 403 asmlinkage ssize_t 404 sys_llistxattr(char __user *path, char __user *list, size_t size) 405 { 406 struct nameidata nd; 407 ssize_t error; 408 409 error = user_path_walk_link(path, &nd); 410 if (error) 411 return error; 412 error = listxattr(nd.dentry, list, size); 413 path_release(&nd); 414 return error; 415 } 416 417 asmlinkage ssize_t 418 sys_flistxattr(int fd, char __user *list, size_t size) 419 { 420 struct file *f; 421 ssize_t error = -EBADF; 422 423 f = fget(fd); 424 if (!f) 425 return error; 426 audit_inode(NULL, f->f_path.dentry->d_inode); 427 error = listxattr(f->f_path.dentry, list, size); 428 fput(f); 429 return error; 430 } 431 432 /* 433 * Extended attribute REMOVE operations 434 */ 435 static long 436 removexattr(struct dentry *d, char __user *name) 437 { 438 int error; 439 char kname[XATTR_NAME_MAX + 1]; 440 441 error = strncpy_from_user(kname, name, sizeof(kname)); 442 if (error == 0 || error == sizeof(kname)) 443 error = -ERANGE; 444 if (error < 0) 445 return error; 446 447 return vfs_removexattr(d, kname); 448 } 449 450 asmlinkage long 451 sys_removexattr(char __user *path, char __user *name) 452 { 453 struct nameidata nd; 454 int error; 455 456 error = user_path_walk(path, &nd); 457 if (error) 458 return error; 459 error = removexattr(nd.dentry, name); 460 path_release(&nd); 461 return error; 462 } 463 464 asmlinkage long 465 sys_lremovexattr(char __user *path, char __user *name) 466 { 467 struct nameidata nd; 468 int error; 469 470 error = user_path_walk_link(path, &nd); 471 if (error) 472 return error; 473 error = removexattr(nd.dentry, name); 474 path_release(&nd); 475 return error; 476 } 477 478 asmlinkage long 479 sys_fremovexattr(int fd, char __user *name) 480 { 481 struct file *f; 482 struct dentry *dentry; 483 int error = -EBADF; 484 485 f = fget(fd); 486 if (!f) 487 return error; 488 dentry = f->f_path.dentry; 489 audit_inode(NULL, dentry->d_inode); 490 error = removexattr(dentry, name); 491 fput(f); 492 return error; 493 } 494 495 496 static const char * 497 strcmp_prefix(const char *a, const char *a_prefix) 498 { 499 while (*a_prefix && *a == *a_prefix) { 500 a++; 501 a_prefix++; 502 } 503 return *a_prefix ? NULL : a; 504 } 505 506 /* 507 * In order to implement different sets of xattr operations for each xattr 508 * prefix with the generic xattr API, a filesystem should create a 509 * null-terminated array of struct xattr_handler (one for each prefix) and 510 * hang a pointer to it off of the s_xattr field of the superblock. 511 * 512 * The generic_fooxattr() functions will use this list to dispatch xattr 513 * operations to the correct xattr_handler. 514 */ 515 #define for_each_xattr_handler(handlers, handler) \ 516 for ((handler) = *(handlers)++; \ 517 (handler) != NULL; \ 518 (handler) = *(handlers)++) 519 520 /* 521 * Find the xattr_handler with the matching prefix. 522 */ 523 static struct xattr_handler * 524 xattr_resolve_name(struct xattr_handler **handlers, const char **name) 525 { 526 struct xattr_handler *handler; 527 528 if (!*name) 529 return NULL; 530 531 for_each_xattr_handler(handlers, handler) { 532 const char *n = strcmp_prefix(*name, handler->prefix); 533 if (n) { 534 *name = n; 535 break; 536 } 537 } 538 return handler; 539 } 540 541 /* 542 * Find the handler for the prefix and dispatch its get() operation. 543 */ 544 ssize_t 545 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 546 { 547 struct xattr_handler *handler; 548 struct inode *inode = dentry->d_inode; 549 550 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 551 if (!handler) 552 return -EOPNOTSUPP; 553 return handler->get(inode, name, buffer, size); 554 } 555 556 /* 557 * Combine the results of the list() operation from every xattr_handler in the 558 * list. 559 */ 560 ssize_t 561 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 562 { 563 struct inode *inode = dentry->d_inode; 564 struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr; 565 unsigned int size = 0; 566 567 if (!buffer) { 568 for_each_xattr_handler(handlers, handler) 569 size += handler->list(inode, NULL, 0, NULL, 0); 570 } else { 571 char *buf = buffer; 572 573 for_each_xattr_handler(handlers, handler) { 574 size = handler->list(inode, buf, buffer_size, NULL, 0); 575 if (size > buffer_size) 576 return -ERANGE; 577 buf += size; 578 buffer_size -= size; 579 } 580 size = buf - buffer; 581 } 582 return size; 583 } 584 585 /* 586 * Find the handler for the prefix and dispatch its set() operation. 587 */ 588 int 589 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 590 { 591 struct xattr_handler *handler; 592 struct inode *inode = dentry->d_inode; 593 594 if (size == 0) 595 value = ""; /* empty EA, do not remove */ 596 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 597 if (!handler) 598 return -EOPNOTSUPP; 599 return handler->set(inode, name, value, size, flags); 600 } 601 602 /* 603 * Find the handler for the prefix and dispatch its set() operation to remove 604 * any associated extended attribute. 605 */ 606 int 607 generic_removexattr(struct dentry *dentry, const char *name) 608 { 609 struct xattr_handler *handler; 610 struct inode *inode = dentry->d_inode; 611 612 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 613 if (!handler) 614 return -EOPNOTSUPP; 615 return handler->set(inode, name, NULL, 0, XATTR_REPLACE); 616 } 617 618 EXPORT_SYMBOL(generic_getxattr); 619 EXPORT_SYMBOL(generic_listxattr); 620 EXPORT_SYMBOL(generic_setxattr); 621 EXPORT_SYMBOL(generic_removexattr); 622