xref: /openbmc/linux/fs/xattr.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2   File: fs/xattr.c
3 
4   Extended attribute handling.
5 
6   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9  */
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/namei.h>
15 #include <linux/security.h>
16 #include <linux/syscalls.h>
17 #include <linux/module.h>
18 #include <linux/fsnotify.h>
19 #include <linux/audit.h>
20 #include <asm/uaccess.h>
21 
22 
23 /*
24  * Check permissions for extended attribute access.  This is a bit complicated
25  * because different namespaces have very different rules.
26  */
27 static int
28 xattr_permission(struct inode *inode, const char *name, int mask)
29 {
30 	/*
31 	 * We can never set or remove an extended attribute on a read-only
32 	 * filesystem  or on an immutable / append-only inode.
33 	 */
34 	if (mask & MAY_WRITE) {
35 		if (IS_RDONLY(inode))
36 			return -EROFS;
37 		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
38 			return -EPERM;
39 	}
40 
41 	/*
42 	 * No restriction for security.* and system.* from the VFS.  Decision
43 	 * on these is left to the underlying filesystem / security module.
44 	 */
45 	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
46 	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
47 		return 0;
48 
49 	/*
50 	 * The trusted.* namespace can only be accessed by a privileged user.
51 	 */
52 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
53 		return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
54 
55 	/* In user.* namespace, only regular files and directories can have
56 	 * extended attributes. For sticky directories, only the owner and
57 	 * privileged user can write attributes.
58 	 */
59 	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
60 		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
61 			return -EPERM;
62 		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
63 		    (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) &&
64 		    !capable(CAP_FOWNER))
65 			return -EPERM;
66 	}
67 
68 	return permission(inode, mask, NULL);
69 }
70 
71 int
72 vfs_setxattr(struct dentry *dentry, char *name, void *value,
73 		size_t size, int flags)
74 {
75 	struct inode *inode = dentry->d_inode;
76 	int error;
77 
78 	error = xattr_permission(inode, name, MAY_WRITE);
79 	if (error)
80 		return error;
81 
82 	mutex_lock(&inode->i_mutex);
83 	error = security_inode_setxattr(dentry, name, value, size, flags);
84 	if (error)
85 		goto out;
86 	error = -EOPNOTSUPP;
87 	if (inode->i_op->setxattr) {
88 		error = inode->i_op->setxattr(dentry, name, value, size, flags);
89 		if (!error) {
90 			fsnotify_xattr(dentry);
91 			security_inode_post_setxattr(dentry, name, value,
92 						     size, flags);
93 		}
94 	} else if (!strncmp(name, XATTR_SECURITY_PREFIX,
95 				XATTR_SECURITY_PREFIX_LEN)) {
96 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
97 		error = security_inode_setsecurity(inode, suffix, value,
98 						   size, flags);
99 		if (!error)
100 			fsnotify_xattr(dentry);
101 	}
102 out:
103 	mutex_unlock(&inode->i_mutex);
104 	return error;
105 }
106 EXPORT_SYMBOL_GPL(vfs_setxattr);
107 
108 ssize_t
109 vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size)
110 {
111 	struct inode *inode = dentry->d_inode;
112 	int error;
113 
114 	error = xattr_permission(inode, name, MAY_READ);
115 	if (error)
116 		return error;
117 
118 	error = security_inode_getxattr(dentry, name);
119 	if (error)
120 		return error;
121 
122 	if (inode->i_op->getxattr)
123 		error = inode->i_op->getxattr(dentry, name, value, size);
124 	else
125 		error = -EOPNOTSUPP;
126 
127 	if (!strncmp(name, XATTR_SECURITY_PREFIX,
128 				XATTR_SECURITY_PREFIX_LEN)) {
129 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
130 		int ret = security_inode_getsecurity(inode, suffix, value,
131 						     size, error);
132 		/*
133 		 * Only overwrite the return value if a security module
134 		 * is actually active.
135 		 */
136 		if (ret != -EOPNOTSUPP)
137 			error = ret;
138 	}
139 
140 	return error;
141 }
142 EXPORT_SYMBOL_GPL(vfs_getxattr);
143 
144 ssize_t
145 vfs_listxattr(struct dentry *d, char *list, size_t size)
146 {
147 	ssize_t error;
148 
149 	error = security_inode_listxattr(d);
150 	if (error)
151 		return error;
152 	error = -EOPNOTSUPP;
153 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
154 		error = d->d_inode->i_op->listxattr(d, list, size);
155 	} else {
156 		error = security_inode_listsecurity(d->d_inode, list, size);
157 		if (size && error > size)
158 			error = -ERANGE;
159 	}
160 	return error;
161 }
162 EXPORT_SYMBOL_GPL(vfs_listxattr);
163 
164 int
165 vfs_removexattr(struct dentry *dentry, char *name)
166 {
167 	struct inode *inode = dentry->d_inode;
168 	int error;
169 
170 	if (!inode->i_op->removexattr)
171 		return -EOPNOTSUPP;
172 
173 	error = xattr_permission(inode, name, MAY_WRITE);
174 	if (error)
175 		return error;
176 
177 	error = security_inode_removexattr(dentry, name);
178 	if (error)
179 		return error;
180 
181 	mutex_lock(&inode->i_mutex);
182 	error = inode->i_op->removexattr(dentry, name);
183 	mutex_unlock(&inode->i_mutex);
184 
185 	if (!error)
186 		fsnotify_xattr(dentry);
187 	return error;
188 }
189 EXPORT_SYMBOL_GPL(vfs_removexattr);
190 
191 
192 /*
193  * Extended attribute SET operations
194  */
195 static long
196 setxattr(struct dentry *d, char __user *name, void __user *value,
197 	 size_t size, int flags)
198 {
199 	int error;
200 	void *kvalue = NULL;
201 	char kname[XATTR_NAME_MAX + 1];
202 
203 	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
204 		return -EINVAL;
205 
206 	error = strncpy_from_user(kname, name, sizeof(kname));
207 	if (error == 0 || error == sizeof(kname))
208 		error = -ERANGE;
209 	if (error < 0)
210 		return error;
211 
212 	if (size) {
213 		if (size > XATTR_SIZE_MAX)
214 			return -E2BIG;
215 		kvalue = kmalloc(size, GFP_KERNEL);
216 		if (!kvalue)
217 			return -ENOMEM;
218 		if (copy_from_user(kvalue, value, size)) {
219 			kfree(kvalue);
220 			return -EFAULT;
221 		}
222 	}
223 
224 	error = vfs_setxattr(d, kname, kvalue, size, flags);
225 	kfree(kvalue);
226 	return error;
227 }
228 
229 asmlinkage long
230 sys_setxattr(char __user *path, char __user *name, void __user *value,
231 	     size_t size, int flags)
232 {
233 	struct nameidata nd;
234 	int error;
235 
236 	error = user_path_walk(path, &nd);
237 	if (error)
238 		return error;
239 	error = setxattr(nd.dentry, name, value, size, flags);
240 	path_release(&nd);
241 	return error;
242 }
243 
244 asmlinkage long
245 sys_lsetxattr(char __user *path, char __user *name, void __user *value,
246 	      size_t size, int flags)
247 {
248 	struct nameidata nd;
249 	int error;
250 
251 	error = user_path_walk_link(path, &nd);
252 	if (error)
253 		return error;
254 	error = setxattr(nd.dentry, name, value, size, flags);
255 	path_release(&nd);
256 	return error;
257 }
258 
259 asmlinkage long
260 sys_fsetxattr(int fd, char __user *name, void __user *value,
261 	      size_t size, int flags)
262 {
263 	struct file *f;
264 	struct dentry *dentry;
265 	int error = -EBADF;
266 
267 	f = fget(fd);
268 	if (!f)
269 		return error;
270 	dentry = f->f_path.dentry;
271 	audit_inode(NULL, dentry->d_inode);
272 	error = setxattr(dentry, name, value, size, flags);
273 	fput(f);
274 	return error;
275 }
276 
277 /*
278  * Extended attribute GET operations
279  */
280 static ssize_t
281 getxattr(struct dentry *d, char __user *name, void __user *value, size_t size)
282 {
283 	ssize_t error;
284 	void *kvalue = NULL;
285 	char kname[XATTR_NAME_MAX + 1];
286 
287 	error = strncpy_from_user(kname, name, sizeof(kname));
288 	if (error == 0 || error == sizeof(kname))
289 		error = -ERANGE;
290 	if (error < 0)
291 		return error;
292 
293 	if (size) {
294 		if (size > XATTR_SIZE_MAX)
295 			size = XATTR_SIZE_MAX;
296 		kvalue = kzalloc(size, GFP_KERNEL);
297 		if (!kvalue)
298 			return -ENOMEM;
299 	}
300 
301 	error = vfs_getxattr(d, kname, kvalue, size);
302 	if (error > 0) {
303 		if (size && copy_to_user(value, kvalue, error))
304 			error = -EFAULT;
305 	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
306 		/* The file system tried to returned a value bigger
307 		   than XATTR_SIZE_MAX bytes. Not possible. */
308 		error = -E2BIG;
309 	}
310 	kfree(kvalue);
311 	return error;
312 }
313 
314 asmlinkage ssize_t
315 sys_getxattr(char __user *path, char __user *name, void __user *value,
316 	     size_t size)
317 {
318 	struct nameidata nd;
319 	ssize_t error;
320 
321 	error = user_path_walk(path, &nd);
322 	if (error)
323 		return error;
324 	error = getxattr(nd.dentry, name, value, size);
325 	path_release(&nd);
326 	return error;
327 }
328 
329 asmlinkage ssize_t
330 sys_lgetxattr(char __user *path, char __user *name, void __user *value,
331 	      size_t size)
332 {
333 	struct nameidata nd;
334 	ssize_t error;
335 
336 	error = user_path_walk_link(path, &nd);
337 	if (error)
338 		return error;
339 	error = getxattr(nd.dentry, name, value, size);
340 	path_release(&nd);
341 	return error;
342 }
343 
344 asmlinkage ssize_t
345 sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size)
346 {
347 	struct file *f;
348 	ssize_t error = -EBADF;
349 
350 	f = fget(fd);
351 	if (!f)
352 		return error;
353 	audit_inode(NULL, f->f_path.dentry->d_inode);
354 	error = getxattr(f->f_path.dentry, name, value, size);
355 	fput(f);
356 	return error;
357 }
358 
359 /*
360  * Extended attribute LIST operations
361  */
362 static ssize_t
363 listxattr(struct dentry *d, char __user *list, size_t size)
364 {
365 	ssize_t error;
366 	char *klist = NULL;
367 
368 	if (size) {
369 		if (size > XATTR_LIST_MAX)
370 			size = XATTR_LIST_MAX;
371 		klist = kmalloc(size, GFP_KERNEL);
372 		if (!klist)
373 			return -ENOMEM;
374 	}
375 
376 	error = vfs_listxattr(d, klist, size);
377 	if (error > 0) {
378 		if (size && copy_to_user(list, klist, error))
379 			error = -EFAULT;
380 	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
381 		/* The file system tried to returned a list bigger
382 		   than XATTR_LIST_MAX bytes. Not possible. */
383 		error = -E2BIG;
384 	}
385 	kfree(klist);
386 	return error;
387 }
388 
389 asmlinkage ssize_t
390 sys_listxattr(char __user *path, char __user *list, size_t size)
391 {
392 	struct nameidata nd;
393 	ssize_t error;
394 
395 	error = user_path_walk(path, &nd);
396 	if (error)
397 		return error;
398 	error = listxattr(nd.dentry, list, size);
399 	path_release(&nd);
400 	return error;
401 }
402 
403 asmlinkage ssize_t
404 sys_llistxattr(char __user *path, char __user *list, size_t size)
405 {
406 	struct nameidata nd;
407 	ssize_t error;
408 
409 	error = user_path_walk_link(path, &nd);
410 	if (error)
411 		return error;
412 	error = listxattr(nd.dentry, list, size);
413 	path_release(&nd);
414 	return error;
415 }
416 
417 asmlinkage ssize_t
418 sys_flistxattr(int fd, char __user *list, size_t size)
419 {
420 	struct file *f;
421 	ssize_t error = -EBADF;
422 
423 	f = fget(fd);
424 	if (!f)
425 		return error;
426 	audit_inode(NULL, f->f_path.dentry->d_inode);
427 	error = listxattr(f->f_path.dentry, list, size);
428 	fput(f);
429 	return error;
430 }
431 
432 /*
433  * Extended attribute REMOVE operations
434  */
435 static long
436 removexattr(struct dentry *d, char __user *name)
437 {
438 	int error;
439 	char kname[XATTR_NAME_MAX + 1];
440 
441 	error = strncpy_from_user(kname, name, sizeof(kname));
442 	if (error == 0 || error == sizeof(kname))
443 		error = -ERANGE;
444 	if (error < 0)
445 		return error;
446 
447 	return vfs_removexattr(d, kname);
448 }
449 
450 asmlinkage long
451 sys_removexattr(char __user *path, char __user *name)
452 {
453 	struct nameidata nd;
454 	int error;
455 
456 	error = user_path_walk(path, &nd);
457 	if (error)
458 		return error;
459 	error = removexattr(nd.dentry, name);
460 	path_release(&nd);
461 	return error;
462 }
463 
464 asmlinkage long
465 sys_lremovexattr(char __user *path, char __user *name)
466 {
467 	struct nameidata nd;
468 	int error;
469 
470 	error = user_path_walk_link(path, &nd);
471 	if (error)
472 		return error;
473 	error = removexattr(nd.dentry, name);
474 	path_release(&nd);
475 	return error;
476 }
477 
478 asmlinkage long
479 sys_fremovexattr(int fd, char __user *name)
480 {
481 	struct file *f;
482 	struct dentry *dentry;
483 	int error = -EBADF;
484 
485 	f = fget(fd);
486 	if (!f)
487 		return error;
488 	dentry = f->f_path.dentry;
489 	audit_inode(NULL, dentry->d_inode);
490 	error = removexattr(dentry, name);
491 	fput(f);
492 	return error;
493 }
494 
495 
496 static const char *
497 strcmp_prefix(const char *a, const char *a_prefix)
498 {
499 	while (*a_prefix && *a == *a_prefix) {
500 		a++;
501 		a_prefix++;
502 	}
503 	return *a_prefix ? NULL : a;
504 }
505 
506 /*
507  * In order to implement different sets of xattr operations for each xattr
508  * prefix with the generic xattr API, a filesystem should create a
509  * null-terminated array of struct xattr_handler (one for each prefix) and
510  * hang a pointer to it off of the s_xattr field of the superblock.
511  *
512  * The generic_fooxattr() functions will use this list to dispatch xattr
513  * operations to the correct xattr_handler.
514  */
515 #define for_each_xattr_handler(handlers, handler)		\
516 		for ((handler) = *(handlers)++;			\
517 			(handler) != NULL;			\
518 			(handler) = *(handlers)++)
519 
520 /*
521  * Find the xattr_handler with the matching prefix.
522  */
523 static struct xattr_handler *
524 xattr_resolve_name(struct xattr_handler **handlers, const char **name)
525 {
526 	struct xattr_handler *handler;
527 
528 	if (!*name)
529 		return NULL;
530 
531 	for_each_xattr_handler(handlers, handler) {
532 		const char *n = strcmp_prefix(*name, handler->prefix);
533 		if (n) {
534 			*name = n;
535 			break;
536 		}
537 	}
538 	return handler;
539 }
540 
541 /*
542  * Find the handler for the prefix and dispatch its get() operation.
543  */
544 ssize_t
545 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
546 {
547 	struct xattr_handler *handler;
548 	struct inode *inode = dentry->d_inode;
549 
550 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
551 	if (!handler)
552 		return -EOPNOTSUPP;
553 	return handler->get(inode, name, buffer, size);
554 }
555 
556 /*
557  * Combine the results of the list() operation from every xattr_handler in the
558  * list.
559  */
560 ssize_t
561 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
562 {
563 	struct inode *inode = dentry->d_inode;
564 	struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr;
565 	unsigned int size = 0;
566 
567 	if (!buffer) {
568 		for_each_xattr_handler(handlers, handler)
569 			size += handler->list(inode, NULL, 0, NULL, 0);
570 	} else {
571 		char *buf = buffer;
572 
573 		for_each_xattr_handler(handlers, handler) {
574 			size = handler->list(inode, buf, buffer_size, NULL, 0);
575 			if (size > buffer_size)
576 				return -ERANGE;
577 			buf += size;
578 			buffer_size -= size;
579 		}
580 		size = buf - buffer;
581 	}
582 	return size;
583 }
584 
585 /*
586  * Find the handler for the prefix and dispatch its set() operation.
587  */
588 int
589 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
590 {
591 	struct xattr_handler *handler;
592 	struct inode *inode = dentry->d_inode;
593 
594 	if (size == 0)
595 		value = "";  /* empty EA, do not remove */
596 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
597 	if (!handler)
598 		return -EOPNOTSUPP;
599 	return handler->set(inode, name, value, size, flags);
600 }
601 
602 /*
603  * Find the handler for the prefix and dispatch its set() operation to remove
604  * any associated extended attribute.
605  */
606 int
607 generic_removexattr(struct dentry *dentry, const char *name)
608 {
609 	struct xattr_handler *handler;
610 	struct inode *inode = dentry->d_inode;
611 
612 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
613 	if (!handler)
614 		return -EOPNOTSUPP;
615 	return handler->set(inode, name, NULL, 0, XATTR_REPLACE);
616 }
617 
618 EXPORT_SYMBOL(generic_getxattr);
619 EXPORT_SYMBOL(generic_listxattr);
620 EXPORT_SYMBOL(generic_setxattr);
621 EXPORT_SYMBOL(generic_removexattr);
622