xref: /openbmc/linux/fs/xattr.c (revision 14b9f27886ce69c5f11445d107dd020f6fc5754b)
1 /*
2   File: fs/xattr.c
3 
4   Extended attribute handling.
5 
6   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9  */
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/namei.h>
16 #include <linux/security.h>
17 #include <linux/syscalls.h>
18 #include <linux/module.h>
19 #include <linux/fsnotify.h>
20 #include <linux/audit.h>
21 #include <asm/uaccess.h>
22 
23 
24 /*
25  * Check permissions for extended attribute access.  This is a bit complicated
26  * because different namespaces have very different rules.
27  */
28 static int
29 xattr_permission(struct inode *inode, const char *name, int mask)
30 {
31 	/*
32 	 * We can never set or remove an extended attribute on a read-only
33 	 * filesystem  or on an immutable / append-only inode.
34 	 */
35 	if (mask & MAY_WRITE) {
36 		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
37 			return -EPERM;
38 	}
39 
40 	/*
41 	 * No restriction for security.* and system.* from the VFS.  Decision
42 	 * on these is left to the underlying filesystem / security module.
43 	 */
44 	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
45 	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
46 		return 0;
47 
48 	/*
49 	 * The trusted.* namespace can only be accessed by privileged users.
50 	 */
51 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
52 		if (!capable(CAP_SYS_ADMIN))
53 			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
54 		return 0;
55 	}
56 
57 	/*
58 	 * In the user.* namespace, only regular files and directories can have
59 	 * extended attributes. For sticky directories, only the owner and
60 	 * privileged users can write attributes.
61 	 */
62 	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
63 		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
64 			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
65 		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
66 		    (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
67 			return -EPERM;
68 	}
69 
70 	return inode_permission(inode, mask);
71 }
72 
73 /**
74  *  __vfs_setxattr_noperm - perform setxattr operation without performing
75  *  permission checks.
76  *
77  *  @dentry - object to perform setxattr on
78  *  @name - xattr name to set
79  *  @value - value to set @name to
80  *  @size - size of @value
81  *  @flags - flags to pass into filesystem operations
82  *
83  *  returns the result of the internal setxattr or setsecurity operations.
84  *
85  *  This function requires the caller to lock the inode's i_mutex before it
86  *  is executed. It also assumes that the caller will make the appropriate
87  *  permission checks.
88  */
89 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
90 		const void *value, size_t size, int flags)
91 {
92 	struct inode *inode = dentry->d_inode;
93 	int error = -EOPNOTSUPP;
94 	int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
95 				   XATTR_SECURITY_PREFIX_LEN);
96 
97 	if (issec)
98 		inode->i_flags &= ~S_NOSEC;
99 	if (inode->i_op->setxattr) {
100 		error = inode->i_op->setxattr(dentry, name, value, size, flags);
101 		if (!error) {
102 			fsnotify_xattr(dentry);
103 			security_inode_post_setxattr(dentry, name, value,
104 						     size, flags);
105 		}
106 	} else if (issec) {
107 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
108 		error = security_inode_setsecurity(inode, suffix, value,
109 						   size, flags);
110 		if (!error)
111 			fsnotify_xattr(dentry);
112 	}
113 
114 	return error;
115 }
116 
117 
118 int
119 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
120 		size_t size, int flags)
121 {
122 	struct inode *inode = dentry->d_inode;
123 	int error;
124 
125 	error = xattr_permission(inode, name, MAY_WRITE);
126 	if (error)
127 		return error;
128 
129 	mutex_lock(&inode->i_mutex);
130 	error = security_inode_setxattr(dentry, name, value, size, flags);
131 	if (error)
132 		goto out;
133 
134 	error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
135 
136 out:
137 	mutex_unlock(&inode->i_mutex);
138 	return error;
139 }
140 EXPORT_SYMBOL_GPL(vfs_setxattr);
141 
142 ssize_t
143 xattr_getsecurity(struct inode *inode, const char *name, void *value,
144 			size_t size)
145 {
146 	void *buffer = NULL;
147 	ssize_t len;
148 
149 	if (!value || !size) {
150 		len = security_inode_getsecurity(inode, name, &buffer, false);
151 		goto out_noalloc;
152 	}
153 
154 	len = security_inode_getsecurity(inode, name, &buffer, true);
155 	if (len < 0)
156 		return len;
157 	if (size < len) {
158 		len = -ERANGE;
159 		goto out;
160 	}
161 	memcpy(value, buffer, len);
162 out:
163 	security_release_secctx(buffer, len);
164 out_noalloc:
165 	return len;
166 }
167 EXPORT_SYMBOL_GPL(xattr_getsecurity);
168 
169 ssize_t
170 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
171 {
172 	struct inode *inode = dentry->d_inode;
173 	int error;
174 
175 	error = xattr_permission(inode, name, MAY_READ);
176 	if (error)
177 		return error;
178 
179 	error = security_inode_getxattr(dentry, name);
180 	if (error)
181 		return error;
182 
183 	if (!strncmp(name, XATTR_SECURITY_PREFIX,
184 				XATTR_SECURITY_PREFIX_LEN)) {
185 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
186 		int ret = xattr_getsecurity(inode, suffix, value, size);
187 		/*
188 		 * Only overwrite the return value if a security module
189 		 * is actually active.
190 		 */
191 		if (ret == -EOPNOTSUPP)
192 			goto nolsm;
193 		return ret;
194 	}
195 nolsm:
196 	if (inode->i_op->getxattr)
197 		error = inode->i_op->getxattr(dentry, name, value, size);
198 	else
199 		error = -EOPNOTSUPP;
200 
201 	return error;
202 }
203 EXPORT_SYMBOL_GPL(vfs_getxattr);
204 
205 ssize_t
206 vfs_listxattr(struct dentry *d, char *list, size_t size)
207 {
208 	ssize_t error;
209 
210 	error = security_inode_listxattr(d);
211 	if (error)
212 		return error;
213 	error = -EOPNOTSUPP;
214 	if (d->d_inode->i_op->listxattr) {
215 		error = d->d_inode->i_op->listxattr(d, list, size);
216 	} else {
217 		error = security_inode_listsecurity(d->d_inode, list, size);
218 		if (size && error > size)
219 			error = -ERANGE;
220 	}
221 	return error;
222 }
223 EXPORT_SYMBOL_GPL(vfs_listxattr);
224 
225 int
226 vfs_removexattr(struct dentry *dentry, const char *name)
227 {
228 	struct inode *inode = dentry->d_inode;
229 	int error;
230 
231 	if (!inode->i_op->removexattr)
232 		return -EOPNOTSUPP;
233 
234 	error = xattr_permission(inode, name, MAY_WRITE);
235 	if (error)
236 		return error;
237 
238 	error = security_inode_removexattr(dentry, name);
239 	if (error)
240 		return error;
241 
242 	mutex_lock(&inode->i_mutex);
243 	error = inode->i_op->removexattr(dentry, name);
244 	mutex_unlock(&inode->i_mutex);
245 
246 	if (!error)
247 		fsnotify_xattr(dentry);
248 	return error;
249 }
250 EXPORT_SYMBOL_GPL(vfs_removexattr);
251 
252 
253 /*
254  * Extended attribute SET operations
255  */
256 static long
257 setxattr(struct dentry *d, const char __user *name, const void __user *value,
258 	 size_t size, int flags)
259 {
260 	int error;
261 	void *kvalue = NULL;
262 	char kname[XATTR_NAME_MAX + 1];
263 
264 	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
265 		return -EINVAL;
266 
267 	error = strncpy_from_user(kname, name, sizeof(kname));
268 	if (error == 0 || error == sizeof(kname))
269 		error = -ERANGE;
270 	if (error < 0)
271 		return error;
272 
273 	if (size) {
274 		if (size > XATTR_SIZE_MAX)
275 			return -E2BIG;
276 		kvalue = memdup_user(value, size);
277 		if (IS_ERR(kvalue))
278 			return PTR_ERR(kvalue);
279 	}
280 
281 	error = vfs_setxattr(d, kname, kvalue, size, flags);
282 	kfree(kvalue);
283 	return error;
284 }
285 
286 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
287 		const char __user *, name, const void __user *, value,
288 		size_t, size, int, flags)
289 {
290 	struct path path;
291 	int error;
292 
293 	error = user_path(pathname, &path);
294 	if (error)
295 		return error;
296 	error = mnt_want_write(path.mnt);
297 	if (!error) {
298 		error = setxattr(path.dentry, name, value, size, flags);
299 		mnt_drop_write(path.mnt);
300 	}
301 	path_put(&path);
302 	return error;
303 }
304 
305 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
306 		const char __user *, name, const void __user *, value,
307 		size_t, size, int, flags)
308 {
309 	struct path path;
310 	int error;
311 
312 	error = user_lpath(pathname, &path);
313 	if (error)
314 		return error;
315 	error = mnt_want_write(path.mnt);
316 	if (!error) {
317 		error = setxattr(path.dentry, name, value, size, flags);
318 		mnt_drop_write(path.mnt);
319 	}
320 	path_put(&path);
321 	return error;
322 }
323 
324 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
325 		const void __user *,value, size_t, size, int, flags)
326 {
327 	struct file *f;
328 	struct dentry *dentry;
329 	int error = -EBADF;
330 
331 	f = fget(fd);
332 	if (!f)
333 		return error;
334 	dentry = f->f_path.dentry;
335 	audit_inode(NULL, dentry);
336 	error = mnt_want_write_file(f);
337 	if (!error) {
338 		error = setxattr(dentry, name, value, size, flags);
339 		mnt_drop_write(f->f_path.mnt);
340 	}
341 	fput(f);
342 	return error;
343 }
344 
345 /*
346  * Extended attribute GET operations
347  */
348 static ssize_t
349 getxattr(struct dentry *d, const char __user *name, void __user *value,
350 	 size_t size)
351 {
352 	ssize_t error;
353 	void *kvalue = NULL;
354 	char kname[XATTR_NAME_MAX + 1];
355 
356 	error = strncpy_from_user(kname, name, sizeof(kname));
357 	if (error == 0 || error == sizeof(kname))
358 		error = -ERANGE;
359 	if (error < 0)
360 		return error;
361 
362 	if (size) {
363 		if (size > XATTR_SIZE_MAX)
364 			size = XATTR_SIZE_MAX;
365 		kvalue = kzalloc(size, GFP_KERNEL);
366 		if (!kvalue)
367 			return -ENOMEM;
368 	}
369 
370 	error = vfs_getxattr(d, kname, kvalue, size);
371 	if (error > 0) {
372 		if (size && copy_to_user(value, kvalue, error))
373 			error = -EFAULT;
374 	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
375 		/* The file system tried to returned a value bigger
376 		   than XATTR_SIZE_MAX bytes. Not possible. */
377 		error = -E2BIG;
378 	}
379 	kfree(kvalue);
380 	return error;
381 }
382 
383 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
384 		const char __user *, name, void __user *, value, size_t, size)
385 {
386 	struct path path;
387 	ssize_t error;
388 
389 	error = user_path(pathname, &path);
390 	if (error)
391 		return error;
392 	error = getxattr(path.dentry, name, value, size);
393 	path_put(&path);
394 	return error;
395 }
396 
397 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
398 		const char __user *, name, void __user *, value, size_t, size)
399 {
400 	struct path path;
401 	ssize_t error;
402 
403 	error = user_lpath(pathname, &path);
404 	if (error)
405 		return error;
406 	error = getxattr(path.dentry, name, value, size);
407 	path_put(&path);
408 	return error;
409 }
410 
411 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
412 		void __user *, value, size_t, size)
413 {
414 	struct file *f;
415 	ssize_t error = -EBADF;
416 
417 	f = fget(fd);
418 	if (!f)
419 		return error;
420 	audit_inode(NULL, f->f_path.dentry);
421 	error = getxattr(f->f_path.dentry, name, value, size);
422 	fput(f);
423 	return error;
424 }
425 
426 /*
427  * Extended attribute LIST operations
428  */
429 static ssize_t
430 listxattr(struct dentry *d, char __user *list, size_t size)
431 {
432 	ssize_t error;
433 	char *klist = NULL;
434 
435 	if (size) {
436 		if (size > XATTR_LIST_MAX)
437 			size = XATTR_LIST_MAX;
438 		klist = kmalloc(size, GFP_KERNEL);
439 		if (!klist)
440 			return -ENOMEM;
441 	}
442 
443 	error = vfs_listxattr(d, klist, size);
444 	if (error > 0) {
445 		if (size && copy_to_user(list, klist, error))
446 			error = -EFAULT;
447 	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
448 		/* The file system tried to returned a list bigger
449 		   than XATTR_LIST_MAX bytes. Not possible. */
450 		error = -E2BIG;
451 	}
452 	kfree(klist);
453 	return error;
454 }
455 
456 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
457 		size_t, size)
458 {
459 	struct path path;
460 	ssize_t error;
461 
462 	error = user_path(pathname, &path);
463 	if (error)
464 		return error;
465 	error = listxattr(path.dentry, list, size);
466 	path_put(&path);
467 	return error;
468 }
469 
470 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
471 		size_t, size)
472 {
473 	struct path path;
474 	ssize_t error;
475 
476 	error = user_lpath(pathname, &path);
477 	if (error)
478 		return error;
479 	error = listxattr(path.dentry, list, size);
480 	path_put(&path);
481 	return error;
482 }
483 
484 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
485 {
486 	struct file *f;
487 	ssize_t error = -EBADF;
488 
489 	f = fget(fd);
490 	if (!f)
491 		return error;
492 	audit_inode(NULL, f->f_path.dentry);
493 	error = listxattr(f->f_path.dentry, list, size);
494 	fput(f);
495 	return error;
496 }
497 
498 /*
499  * Extended attribute REMOVE operations
500  */
501 static long
502 removexattr(struct dentry *d, const char __user *name)
503 {
504 	int error;
505 	char kname[XATTR_NAME_MAX + 1];
506 
507 	error = strncpy_from_user(kname, name, sizeof(kname));
508 	if (error == 0 || error == sizeof(kname))
509 		error = -ERANGE;
510 	if (error < 0)
511 		return error;
512 
513 	return vfs_removexattr(d, kname);
514 }
515 
516 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
517 		const char __user *, name)
518 {
519 	struct path path;
520 	int error;
521 
522 	error = user_path(pathname, &path);
523 	if (error)
524 		return error;
525 	error = mnt_want_write(path.mnt);
526 	if (!error) {
527 		error = removexattr(path.dentry, name);
528 		mnt_drop_write(path.mnt);
529 	}
530 	path_put(&path);
531 	return error;
532 }
533 
534 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
535 		const char __user *, name)
536 {
537 	struct path path;
538 	int error;
539 
540 	error = user_lpath(pathname, &path);
541 	if (error)
542 		return error;
543 	error = mnt_want_write(path.mnt);
544 	if (!error) {
545 		error = removexattr(path.dentry, name);
546 		mnt_drop_write(path.mnt);
547 	}
548 	path_put(&path);
549 	return error;
550 }
551 
552 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
553 {
554 	struct file *f;
555 	struct dentry *dentry;
556 	int error = -EBADF;
557 
558 	f = fget(fd);
559 	if (!f)
560 		return error;
561 	dentry = f->f_path.dentry;
562 	audit_inode(NULL, dentry);
563 	error = mnt_want_write_file(f);
564 	if (!error) {
565 		error = removexattr(dentry, name);
566 		mnt_drop_write(f->f_path.mnt);
567 	}
568 	fput(f);
569 	return error;
570 }
571 
572 
573 static const char *
574 strcmp_prefix(const char *a, const char *a_prefix)
575 {
576 	while (*a_prefix && *a == *a_prefix) {
577 		a++;
578 		a_prefix++;
579 	}
580 	return *a_prefix ? NULL : a;
581 }
582 
583 /*
584  * In order to implement different sets of xattr operations for each xattr
585  * prefix with the generic xattr API, a filesystem should create a
586  * null-terminated array of struct xattr_handler (one for each prefix) and
587  * hang a pointer to it off of the s_xattr field of the superblock.
588  *
589  * The generic_fooxattr() functions will use this list to dispatch xattr
590  * operations to the correct xattr_handler.
591  */
592 #define for_each_xattr_handler(handlers, handler)		\
593 		for ((handler) = *(handlers)++;			\
594 			(handler) != NULL;			\
595 			(handler) = *(handlers)++)
596 
597 /*
598  * Find the xattr_handler with the matching prefix.
599  */
600 static const struct xattr_handler *
601 xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
602 {
603 	const struct xattr_handler *handler;
604 
605 	if (!*name)
606 		return NULL;
607 
608 	for_each_xattr_handler(handlers, handler) {
609 		const char *n = strcmp_prefix(*name, handler->prefix);
610 		if (n) {
611 			*name = n;
612 			break;
613 		}
614 	}
615 	return handler;
616 }
617 
618 /*
619  * Find the handler for the prefix and dispatch its get() operation.
620  */
621 ssize_t
622 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
623 {
624 	const struct xattr_handler *handler;
625 
626 	handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
627 	if (!handler)
628 		return -EOPNOTSUPP;
629 	return handler->get(dentry, name, buffer, size, handler->flags);
630 }
631 
632 /*
633  * Combine the results of the list() operation from every xattr_handler in the
634  * list.
635  */
636 ssize_t
637 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
638 {
639 	const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
640 	unsigned int size = 0;
641 
642 	if (!buffer) {
643 		for_each_xattr_handler(handlers, handler) {
644 			size += handler->list(dentry, NULL, 0, NULL, 0,
645 					      handler->flags);
646 		}
647 	} else {
648 		char *buf = buffer;
649 
650 		for_each_xattr_handler(handlers, handler) {
651 			size = handler->list(dentry, buf, buffer_size,
652 					     NULL, 0, handler->flags);
653 			if (size > buffer_size)
654 				return -ERANGE;
655 			buf += size;
656 			buffer_size -= size;
657 		}
658 		size = buf - buffer;
659 	}
660 	return size;
661 }
662 
663 /*
664  * Find the handler for the prefix and dispatch its set() operation.
665  */
666 int
667 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
668 {
669 	const struct xattr_handler *handler;
670 
671 	if (size == 0)
672 		value = "";  /* empty EA, do not remove */
673 	handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
674 	if (!handler)
675 		return -EOPNOTSUPP;
676 	return handler->set(dentry, name, value, size, flags, handler->flags);
677 }
678 
679 /*
680  * Find the handler for the prefix and dispatch its set() operation to remove
681  * any associated extended attribute.
682  */
683 int
684 generic_removexattr(struct dentry *dentry, const char *name)
685 {
686 	const struct xattr_handler *handler;
687 
688 	handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
689 	if (!handler)
690 		return -EOPNOTSUPP;
691 	return handler->set(dentry, name, NULL, 0,
692 			    XATTR_REPLACE, handler->flags);
693 }
694 
695 EXPORT_SYMBOL(generic_getxattr);
696 EXPORT_SYMBOL(generic_listxattr);
697 EXPORT_SYMBOL(generic_setxattr);
698 EXPORT_SYMBOL(generic_removexattr);
699