1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/syscalls.h> 18 #include <linux/module.h> 19 #include <linux/fsnotify.h> 20 #include <linux/audit.h> 21 #include <asm/uaccess.h> 22 23 24 /* 25 * Check permissions for extended attribute access. This is a bit complicated 26 * because different namespaces have very different rules. 27 */ 28 static int 29 xattr_permission(struct inode *inode, const char *name, int mask) 30 { 31 /* 32 * We can never set or remove an extended attribute on a read-only 33 * filesystem or on an immutable / append-only inode. 34 */ 35 if (mask & MAY_WRITE) { 36 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 37 return -EPERM; 38 } 39 40 /* 41 * No restriction for security.* and system.* from the VFS. Decision 42 * on these is left to the underlying filesystem / security module. 43 */ 44 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 45 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 46 return 0; 47 48 /* 49 * The trusted.* namespace can only be accessed by privileged users. 50 */ 51 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 52 if (!capable(CAP_SYS_ADMIN)) 53 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 54 return 0; 55 } 56 57 /* 58 * In the user.* namespace, only regular files and directories can have 59 * extended attributes. For sticky directories, only the owner and 60 * privileged users can write attributes. 61 */ 62 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 63 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 64 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 65 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 66 (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) 67 return -EPERM; 68 } 69 70 return inode_permission(inode, mask); 71 } 72 73 /** 74 * __vfs_setxattr_noperm - perform setxattr operation without performing 75 * permission checks. 76 * 77 * @dentry - object to perform setxattr on 78 * @name - xattr name to set 79 * @value - value to set @name to 80 * @size - size of @value 81 * @flags - flags to pass into filesystem operations 82 * 83 * returns the result of the internal setxattr or setsecurity operations. 84 * 85 * This function requires the caller to lock the inode's i_mutex before it 86 * is executed. It also assumes that the caller will make the appropriate 87 * permission checks. 88 */ 89 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, 90 const void *value, size_t size, int flags) 91 { 92 struct inode *inode = dentry->d_inode; 93 int error = -EOPNOTSUPP; 94 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 95 XATTR_SECURITY_PREFIX_LEN); 96 97 if (issec) 98 inode->i_flags &= ~S_NOSEC; 99 if (inode->i_op->setxattr) { 100 error = inode->i_op->setxattr(dentry, name, value, size, flags); 101 if (!error) { 102 fsnotify_xattr(dentry); 103 security_inode_post_setxattr(dentry, name, value, 104 size, flags); 105 } 106 } else if (issec) { 107 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 108 error = security_inode_setsecurity(inode, suffix, value, 109 size, flags); 110 if (!error) 111 fsnotify_xattr(dentry); 112 } 113 114 return error; 115 } 116 117 118 int 119 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 120 size_t size, int flags) 121 { 122 struct inode *inode = dentry->d_inode; 123 int error; 124 125 error = xattr_permission(inode, name, MAY_WRITE); 126 if (error) 127 return error; 128 129 mutex_lock(&inode->i_mutex); 130 error = security_inode_setxattr(dentry, name, value, size, flags); 131 if (error) 132 goto out; 133 134 error = __vfs_setxattr_noperm(dentry, name, value, size, flags); 135 136 out: 137 mutex_unlock(&inode->i_mutex); 138 return error; 139 } 140 EXPORT_SYMBOL_GPL(vfs_setxattr); 141 142 ssize_t 143 xattr_getsecurity(struct inode *inode, const char *name, void *value, 144 size_t size) 145 { 146 void *buffer = NULL; 147 ssize_t len; 148 149 if (!value || !size) { 150 len = security_inode_getsecurity(inode, name, &buffer, false); 151 goto out_noalloc; 152 } 153 154 len = security_inode_getsecurity(inode, name, &buffer, true); 155 if (len < 0) 156 return len; 157 if (size < len) { 158 len = -ERANGE; 159 goto out; 160 } 161 memcpy(value, buffer, len); 162 out: 163 security_release_secctx(buffer, len); 164 out_noalloc: 165 return len; 166 } 167 EXPORT_SYMBOL_GPL(xattr_getsecurity); 168 169 ssize_t 170 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 171 { 172 struct inode *inode = dentry->d_inode; 173 int error; 174 175 error = xattr_permission(inode, name, MAY_READ); 176 if (error) 177 return error; 178 179 error = security_inode_getxattr(dentry, name); 180 if (error) 181 return error; 182 183 if (!strncmp(name, XATTR_SECURITY_PREFIX, 184 XATTR_SECURITY_PREFIX_LEN)) { 185 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 186 int ret = xattr_getsecurity(inode, suffix, value, size); 187 /* 188 * Only overwrite the return value if a security module 189 * is actually active. 190 */ 191 if (ret == -EOPNOTSUPP) 192 goto nolsm; 193 return ret; 194 } 195 nolsm: 196 if (inode->i_op->getxattr) 197 error = inode->i_op->getxattr(dentry, name, value, size); 198 else 199 error = -EOPNOTSUPP; 200 201 return error; 202 } 203 EXPORT_SYMBOL_GPL(vfs_getxattr); 204 205 ssize_t 206 vfs_listxattr(struct dentry *d, char *list, size_t size) 207 { 208 ssize_t error; 209 210 error = security_inode_listxattr(d); 211 if (error) 212 return error; 213 error = -EOPNOTSUPP; 214 if (d->d_inode->i_op->listxattr) { 215 error = d->d_inode->i_op->listxattr(d, list, size); 216 } else { 217 error = security_inode_listsecurity(d->d_inode, list, size); 218 if (size && error > size) 219 error = -ERANGE; 220 } 221 return error; 222 } 223 EXPORT_SYMBOL_GPL(vfs_listxattr); 224 225 int 226 vfs_removexattr(struct dentry *dentry, const char *name) 227 { 228 struct inode *inode = dentry->d_inode; 229 int error; 230 231 if (!inode->i_op->removexattr) 232 return -EOPNOTSUPP; 233 234 error = xattr_permission(inode, name, MAY_WRITE); 235 if (error) 236 return error; 237 238 error = security_inode_removexattr(dentry, name); 239 if (error) 240 return error; 241 242 mutex_lock(&inode->i_mutex); 243 error = inode->i_op->removexattr(dentry, name); 244 mutex_unlock(&inode->i_mutex); 245 246 if (!error) 247 fsnotify_xattr(dentry); 248 return error; 249 } 250 EXPORT_SYMBOL_GPL(vfs_removexattr); 251 252 253 /* 254 * Extended attribute SET operations 255 */ 256 static long 257 setxattr(struct dentry *d, const char __user *name, const void __user *value, 258 size_t size, int flags) 259 { 260 int error; 261 void *kvalue = NULL; 262 char kname[XATTR_NAME_MAX + 1]; 263 264 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 265 return -EINVAL; 266 267 error = strncpy_from_user(kname, name, sizeof(kname)); 268 if (error == 0 || error == sizeof(kname)) 269 error = -ERANGE; 270 if (error < 0) 271 return error; 272 273 if (size) { 274 if (size > XATTR_SIZE_MAX) 275 return -E2BIG; 276 kvalue = memdup_user(value, size); 277 if (IS_ERR(kvalue)) 278 return PTR_ERR(kvalue); 279 } 280 281 error = vfs_setxattr(d, kname, kvalue, size, flags); 282 kfree(kvalue); 283 return error; 284 } 285 286 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 287 const char __user *, name, const void __user *, value, 288 size_t, size, int, flags) 289 { 290 struct path path; 291 int error; 292 293 error = user_path(pathname, &path); 294 if (error) 295 return error; 296 error = mnt_want_write(path.mnt); 297 if (!error) { 298 error = setxattr(path.dentry, name, value, size, flags); 299 mnt_drop_write(path.mnt); 300 } 301 path_put(&path); 302 return error; 303 } 304 305 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 306 const char __user *, name, const void __user *, value, 307 size_t, size, int, flags) 308 { 309 struct path path; 310 int error; 311 312 error = user_lpath(pathname, &path); 313 if (error) 314 return error; 315 error = mnt_want_write(path.mnt); 316 if (!error) { 317 error = setxattr(path.dentry, name, value, size, flags); 318 mnt_drop_write(path.mnt); 319 } 320 path_put(&path); 321 return error; 322 } 323 324 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 325 const void __user *,value, size_t, size, int, flags) 326 { 327 struct file *f; 328 struct dentry *dentry; 329 int error = -EBADF; 330 331 f = fget(fd); 332 if (!f) 333 return error; 334 dentry = f->f_path.dentry; 335 audit_inode(NULL, dentry); 336 error = mnt_want_write_file(f); 337 if (!error) { 338 error = setxattr(dentry, name, value, size, flags); 339 mnt_drop_write(f->f_path.mnt); 340 } 341 fput(f); 342 return error; 343 } 344 345 /* 346 * Extended attribute GET operations 347 */ 348 static ssize_t 349 getxattr(struct dentry *d, const char __user *name, void __user *value, 350 size_t size) 351 { 352 ssize_t error; 353 void *kvalue = NULL; 354 char kname[XATTR_NAME_MAX + 1]; 355 356 error = strncpy_from_user(kname, name, sizeof(kname)); 357 if (error == 0 || error == sizeof(kname)) 358 error = -ERANGE; 359 if (error < 0) 360 return error; 361 362 if (size) { 363 if (size > XATTR_SIZE_MAX) 364 size = XATTR_SIZE_MAX; 365 kvalue = kzalloc(size, GFP_KERNEL); 366 if (!kvalue) 367 return -ENOMEM; 368 } 369 370 error = vfs_getxattr(d, kname, kvalue, size); 371 if (error > 0) { 372 if (size && copy_to_user(value, kvalue, error)) 373 error = -EFAULT; 374 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 375 /* The file system tried to returned a value bigger 376 than XATTR_SIZE_MAX bytes. Not possible. */ 377 error = -E2BIG; 378 } 379 kfree(kvalue); 380 return error; 381 } 382 383 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 384 const char __user *, name, void __user *, value, size_t, size) 385 { 386 struct path path; 387 ssize_t error; 388 389 error = user_path(pathname, &path); 390 if (error) 391 return error; 392 error = getxattr(path.dentry, name, value, size); 393 path_put(&path); 394 return error; 395 } 396 397 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 398 const char __user *, name, void __user *, value, size_t, size) 399 { 400 struct path path; 401 ssize_t error; 402 403 error = user_lpath(pathname, &path); 404 if (error) 405 return error; 406 error = getxattr(path.dentry, name, value, size); 407 path_put(&path); 408 return error; 409 } 410 411 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 412 void __user *, value, size_t, size) 413 { 414 struct file *f; 415 ssize_t error = -EBADF; 416 417 f = fget(fd); 418 if (!f) 419 return error; 420 audit_inode(NULL, f->f_path.dentry); 421 error = getxattr(f->f_path.dentry, name, value, size); 422 fput(f); 423 return error; 424 } 425 426 /* 427 * Extended attribute LIST operations 428 */ 429 static ssize_t 430 listxattr(struct dentry *d, char __user *list, size_t size) 431 { 432 ssize_t error; 433 char *klist = NULL; 434 435 if (size) { 436 if (size > XATTR_LIST_MAX) 437 size = XATTR_LIST_MAX; 438 klist = kmalloc(size, GFP_KERNEL); 439 if (!klist) 440 return -ENOMEM; 441 } 442 443 error = vfs_listxattr(d, klist, size); 444 if (error > 0) { 445 if (size && copy_to_user(list, klist, error)) 446 error = -EFAULT; 447 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 448 /* The file system tried to returned a list bigger 449 than XATTR_LIST_MAX bytes. Not possible. */ 450 error = -E2BIG; 451 } 452 kfree(klist); 453 return error; 454 } 455 456 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 457 size_t, size) 458 { 459 struct path path; 460 ssize_t error; 461 462 error = user_path(pathname, &path); 463 if (error) 464 return error; 465 error = listxattr(path.dentry, list, size); 466 path_put(&path); 467 return error; 468 } 469 470 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 471 size_t, size) 472 { 473 struct path path; 474 ssize_t error; 475 476 error = user_lpath(pathname, &path); 477 if (error) 478 return error; 479 error = listxattr(path.dentry, list, size); 480 path_put(&path); 481 return error; 482 } 483 484 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 485 { 486 struct file *f; 487 ssize_t error = -EBADF; 488 489 f = fget(fd); 490 if (!f) 491 return error; 492 audit_inode(NULL, f->f_path.dentry); 493 error = listxattr(f->f_path.dentry, list, size); 494 fput(f); 495 return error; 496 } 497 498 /* 499 * Extended attribute REMOVE operations 500 */ 501 static long 502 removexattr(struct dentry *d, const char __user *name) 503 { 504 int error; 505 char kname[XATTR_NAME_MAX + 1]; 506 507 error = strncpy_from_user(kname, name, sizeof(kname)); 508 if (error == 0 || error == sizeof(kname)) 509 error = -ERANGE; 510 if (error < 0) 511 return error; 512 513 return vfs_removexattr(d, kname); 514 } 515 516 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 517 const char __user *, name) 518 { 519 struct path path; 520 int error; 521 522 error = user_path(pathname, &path); 523 if (error) 524 return error; 525 error = mnt_want_write(path.mnt); 526 if (!error) { 527 error = removexattr(path.dentry, name); 528 mnt_drop_write(path.mnt); 529 } 530 path_put(&path); 531 return error; 532 } 533 534 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 535 const char __user *, name) 536 { 537 struct path path; 538 int error; 539 540 error = user_lpath(pathname, &path); 541 if (error) 542 return error; 543 error = mnt_want_write(path.mnt); 544 if (!error) { 545 error = removexattr(path.dentry, name); 546 mnt_drop_write(path.mnt); 547 } 548 path_put(&path); 549 return error; 550 } 551 552 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 553 { 554 struct file *f; 555 struct dentry *dentry; 556 int error = -EBADF; 557 558 f = fget(fd); 559 if (!f) 560 return error; 561 dentry = f->f_path.dentry; 562 audit_inode(NULL, dentry); 563 error = mnt_want_write_file(f); 564 if (!error) { 565 error = removexattr(dentry, name); 566 mnt_drop_write(f->f_path.mnt); 567 } 568 fput(f); 569 return error; 570 } 571 572 573 static const char * 574 strcmp_prefix(const char *a, const char *a_prefix) 575 { 576 while (*a_prefix && *a == *a_prefix) { 577 a++; 578 a_prefix++; 579 } 580 return *a_prefix ? NULL : a; 581 } 582 583 /* 584 * In order to implement different sets of xattr operations for each xattr 585 * prefix with the generic xattr API, a filesystem should create a 586 * null-terminated array of struct xattr_handler (one for each prefix) and 587 * hang a pointer to it off of the s_xattr field of the superblock. 588 * 589 * The generic_fooxattr() functions will use this list to dispatch xattr 590 * operations to the correct xattr_handler. 591 */ 592 #define for_each_xattr_handler(handlers, handler) \ 593 for ((handler) = *(handlers)++; \ 594 (handler) != NULL; \ 595 (handler) = *(handlers)++) 596 597 /* 598 * Find the xattr_handler with the matching prefix. 599 */ 600 static const struct xattr_handler * 601 xattr_resolve_name(const struct xattr_handler **handlers, const char **name) 602 { 603 const struct xattr_handler *handler; 604 605 if (!*name) 606 return NULL; 607 608 for_each_xattr_handler(handlers, handler) { 609 const char *n = strcmp_prefix(*name, handler->prefix); 610 if (n) { 611 *name = n; 612 break; 613 } 614 } 615 return handler; 616 } 617 618 /* 619 * Find the handler for the prefix and dispatch its get() operation. 620 */ 621 ssize_t 622 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 623 { 624 const struct xattr_handler *handler; 625 626 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 627 if (!handler) 628 return -EOPNOTSUPP; 629 return handler->get(dentry, name, buffer, size, handler->flags); 630 } 631 632 /* 633 * Combine the results of the list() operation from every xattr_handler in the 634 * list. 635 */ 636 ssize_t 637 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 638 { 639 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 640 unsigned int size = 0; 641 642 if (!buffer) { 643 for_each_xattr_handler(handlers, handler) { 644 size += handler->list(dentry, NULL, 0, NULL, 0, 645 handler->flags); 646 } 647 } else { 648 char *buf = buffer; 649 650 for_each_xattr_handler(handlers, handler) { 651 size = handler->list(dentry, buf, buffer_size, 652 NULL, 0, handler->flags); 653 if (size > buffer_size) 654 return -ERANGE; 655 buf += size; 656 buffer_size -= size; 657 } 658 size = buf - buffer; 659 } 660 return size; 661 } 662 663 /* 664 * Find the handler for the prefix and dispatch its set() operation. 665 */ 666 int 667 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 668 { 669 const struct xattr_handler *handler; 670 671 if (size == 0) 672 value = ""; /* empty EA, do not remove */ 673 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 674 if (!handler) 675 return -EOPNOTSUPP; 676 return handler->set(dentry, name, value, size, flags, handler->flags); 677 } 678 679 /* 680 * Find the handler for the prefix and dispatch its set() operation to remove 681 * any associated extended attribute. 682 */ 683 int 684 generic_removexattr(struct dentry *dentry, const char *name) 685 { 686 const struct xattr_handler *handler; 687 688 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 689 if (!handler) 690 return -EOPNOTSUPP; 691 return handler->set(dentry, name, NULL, 0, 692 XATTR_REPLACE, handler->flags); 693 } 694 695 EXPORT_SYMBOL(generic_getxattr); 696 EXPORT_SYMBOL(generic_listxattr); 697 EXPORT_SYMBOL(generic_setxattr); 698 EXPORT_SYMBOL(generic_removexattr); 699