1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/syscalls.h> 18 #include <linux/module.h> 19 #include <linux/fsnotify.h> 20 #include <linux/audit.h> 21 #include <asm/uaccess.h> 22 23 24 /* 25 * Check permissions for extended attribute access. This is a bit complicated 26 * because different namespaces have very different rules. 27 */ 28 static int 29 xattr_permission(struct inode *inode, const char *name, int mask) 30 { 31 /* 32 * We can never set or remove an extended attribute on a read-only 33 * filesystem or on an immutable / append-only inode. 34 */ 35 if (mask & MAY_WRITE) { 36 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 37 return -EPERM; 38 } 39 40 /* 41 * No restriction for security.* and system.* from the VFS. Decision 42 * on these is left to the underlying filesystem / security module. 43 */ 44 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 45 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 46 return 0; 47 48 /* 49 * The trusted.* namespace can only be accessed by a privileged user. 50 */ 51 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) 52 return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); 53 54 /* In user.* namespace, only regular files and directories can have 55 * extended attributes. For sticky directories, only the owner and 56 * privileged user can write attributes. 57 */ 58 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 59 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 60 return -EPERM; 61 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 62 (mask & MAY_WRITE) && !is_owner_or_cap(inode)) 63 return -EPERM; 64 } 65 66 return permission(inode, mask, NULL); 67 } 68 69 int 70 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 71 size_t size, int flags) 72 { 73 struct inode *inode = dentry->d_inode; 74 int error; 75 76 error = xattr_permission(inode, name, MAY_WRITE); 77 if (error) 78 return error; 79 80 mutex_lock(&inode->i_mutex); 81 error = security_inode_setxattr(dentry, name, value, size, flags); 82 if (error) 83 goto out; 84 error = -EOPNOTSUPP; 85 if (inode->i_op->setxattr) { 86 error = inode->i_op->setxattr(dentry, name, value, size, flags); 87 if (!error) { 88 fsnotify_xattr(dentry); 89 security_inode_post_setxattr(dentry, name, value, 90 size, flags); 91 } 92 } else if (!strncmp(name, XATTR_SECURITY_PREFIX, 93 XATTR_SECURITY_PREFIX_LEN)) { 94 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 95 error = security_inode_setsecurity(inode, suffix, value, 96 size, flags); 97 if (!error) 98 fsnotify_xattr(dentry); 99 } 100 out: 101 mutex_unlock(&inode->i_mutex); 102 return error; 103 } 104 EXPORT_SYMBOL_GPL(vfs_setxattr); 105 106 ssize_t 107 xattr_getsecurity(struct inode *inode, const char *name, void *value, 108 size_t size) 109 { 110 void *buffer = NULL; 111 ssize_t len; 112 113 if (!value || !size) { 114 len = security_inode_getsecurity(inode, name, &buffer, false); 115 goto out_noalloc; 116 } 117 118 len = security_inode_getsecurity(inode, name, &buffer, true); 119 if (len < 0) 120 return len; 121 if (size < len) { 122 len = -ERANGE; 123 goto out; 124 } 125 memcpy(value, buffer, len); 126 out: 127 security_release_secctx(buffer, len); 128 out_noalloc: 129 return len; 130 } 131 EXPORT_SYMBOL_GPL(xattr_getsecurity); 132 133 ssize_t 134 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 135 { 136 struct inode *inode = dentry->d_inode; 137 int error; 138 139 error = xattr_permission(inode, name, MAY_READ); 140 if (error) 141 return error; 142 143 error = security_inode_getxattr(dentry, name); 144 if (error) 145 return error; 146 147 if (!strncmp(name, XATTR_SECURITY_PREFIX, 148 XATTR_SECURITY_PREFIX_LEN)) { 149 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 150 int ret = xattr_getsecurity(inode, suffix, value, size); 151 /* 152 * Only overwrite the return value if a security module 153 * is actually active. 154 */ 155 if (ret == -EOPNOTSUPP) 156 goto nolsm; 157 return ret; 158 } 159 nolsm: 160 if (inode->i_op->getxattr) 161 error = inode->i_op->getxattr(dentry, name, value, size); 162 else 163 error = -EOPNOTSUPP; 164 165 return error; 166 } 167 EXPORT_SYMBOL_GPL(vfs_getxattr); 168 169 ssize_t 170 vfs_listxattr(struct dentry *d, char *list, size_t size) 171 { 172 ssize_t error; 173 174 error = security_inode_listxattr(d); 175 if (error) 176 return error; 177 error = -EOPNOTSUPP; 178 if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { 179 error = d->d_inode->i_op->listxattr(d, list, size); 180 } else { 181 error = security_inode_listsecurity(d->d_inode, list, size); 182 if (size && error > size) 183 error = -ERANGE; 184 } 185 return error; 186 } 187 EXPORT_SYMBOL_GPL(vfs_listxattr); 188 189 int 190 vfs_removexattr(struct dentry *dentry, const char *name) 191 { 192 struct inode *inode = dentry->d_inode; 193 int error; 194 195 if (!inode->i_op->removexattr) 196 return -EOPNOTSUPP; 197 198 error = xattr_permission(inode, name, MAY_WRITE); 199 if (error) 200 return error; 201 202 error = security_inode_removexattr(dentry, name); 203 if (error) 204 return error; 205 206 mutex_lock(&inode->i_mutex); 207 error = inode->i_op->removexattr(dentry, name); 208 mutex_unlock(&inode->i_mutex); 209 210 if (!error) 211 fsnotify_xattr(dentry); 212 return error; 213 } 214 EXPORT_SYMBOL_GPL(vfs_removexattr); 215 216 217 /* 218 * Extended attribute SET operations 219 */ 220 static long 221 setxattr(struct dentry *d, const char __user *name, const void __user *value, 222 size_t size, int flags) 223 { 224 int error; 225 void *kvalue = NULL; 226 char kname[XATTR_NAME_MAX + 1]; 227 228 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 229 return -EINVAL; 230 231 error = strncpy_from_user(kname, name, sizeof(kname)); 232 if (error == 0 || error == sizeof(kname)) 233 error = -ERANGE; 234 if (error < 0) 235 return error; 236 237 if (size) { 238 if (size > XATTR_SIZE_MAX) 239 return -E2BIG; 240 kvalue = kmalloc(size, GFP_KERNEL); 241 if (!kvalue) 242 return -ENOMEM; 243 if (copy_from_user(kvalue, value, size)) { 244 kfree(kvalue); 245 return -EFAULT; 246 } 247 } 248 249 error = vfs_setxattr(d, kname, kvalue, size, flags); 250 kfree(kvalue); 251 return error; 252 } 253 254 asmlinkage long 255 sys_setxattr(const char __user *path, const char __user *name, 256 const void __user *value, size_t size, int flags) 257 { 258 struct nameidata nd; 259 int error; 260 261 error = user_path_walk(path, &nd); 262 if (error) 263 return error; 264 error = mnt_want_write(nd.path.mnt); 265 if (!error) { 266 error = setxattr(nd.path.dentry, name, value, size, flags); 267 mnt_drop_write(nd.path.mnt); 268 } 269 path_put(&nd.path); 270 return error; 271 } 272 273 asmlinkage long 274 sys_lsetxattr(const char __user *path, const char __user *name, 275 const void __user *value, size_t size, int flags) 276 { 277 struct nameidata nd; 278 int error; 279 280 error = user_path_walk_link(path, &nd); 281 if (error) 282 return error; 283 error = mnt_want_write(nd.path.mnt); 284 if (!error) { 285 error = setxattr(nd.path.dentry, name, value, size, flags); 286 mnt_drop_write(nd.path.mnt); 287 } 288 path_put(&nd.path); 289 return error; 290 } 291 292 asmlinkage long 293 sys_fsetxattr(int fd, const char __user *name, const void __user *value, 294 size_t size, int flags) 295 { 296 struct file *f; 297 struct dentry *dentry; 298 int error = -EBADF; 299 300 f = fget(fd); 301 if (!f) 302 return error; 303 dentry = f->f_path.dentry; 304 audit_inode(NULL, dentry); 305 error = mnt_want_write(f->f_path.mnt); 306 if (!error) { 307 error = setxattr(dentry, name, value, size, flags); 308 mnt_drop_write(f->f_path.mnt); 309 } 310 fput(f); 311 return error; 312 } 313 314 /* 315 * Extended attribute GET operations 316 */ 317 static ssize_t 318 getxattr(struct dentry *d, const char __user *name, void __user *value, 319 size_t size) 320 { 321 ssize_t error; 322 void *kvalue = NULL; 323 char kname[XATTR_NAME_MAX + 1]; 324 325 error = strncpy_from_user(kname, name, sizeof(kname)); 326 if (error == 0 || error == sizeof(kname)) 327 error = -ERANGE; 328 if (error < 0) 329 return error; 330 331 if (size) { 332 if (size > XATTR_SIZE_MAX) 333 size = XATTR_SIZE_MAX; 334 kvalue = kzalloc(size, GFP_KERNEL); 335 if (!kvalue) 336 return -ENOMEM; 337 } 338 339 error = vfs_getxattr(d, kname, kvalue, size); 340 if (error > 0) { 341 if (size && copy_to_user(value, kvalue, error)) 342 error = -EFAULT; 343 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 344 /* The file system tried to returned a value bigger 345 than XATTR_SIZE_MAX bytes. Not possible. */ 346 error = -E2BIG; 347 } 348 kfree(kvalue); 349 return error; 350 } 351 352 asmlinkage ssize_t 353 sys_getxattr(const char __user *path, const char __user *name, 354 void __user *value, size_t size) 355 { 356 struct nameidata nd; 357 ssize_t error; 358 359 error = user_path_walk(path, &nd); 360 if (error) 361 return error; 362 error = getxattr(nd.path.dentry, name, value, size); 363 path_put(&nd.path); 364 return error; 365 } 366 367 asmlinkage ssize_t 368 sys_lgetxattr(const char __user *path, const char __user *name, void __user *value, 369 size_t size) 370 { 371 struct nameidata nd; 372 ssize_t error; 373 374 error = user_path_walk_link(path, &nd); 375 if (error) 376 return error; 377 error = getxattr(nd.path.dentry, name, value, size); 378 path_put(&nd.path); 379 return error; 380 } 381 382 asmlinkage ssize_t 383 sys_fgetxattr(int fd, const char __user *name, void __user *value, size_t size) 384 { 385 struct file *f; 386 ssize_t error = -EBADF; 387 388 f = fget(fd); 389 if (!f) 390 return error; 391 audit_inode(NULL, f->f_path.dentry); 392 error = getxattr(f->f_path.dentry, name, value, size); 393 fput(f); 394 return error; 395 } 396 397 /* 398 * Extended attribute LIST operations 399 */ 400 static ssize_t 401 listxattr(struct dentry *d, char __user *list, size_t size) 402 { 403 ssize_t error; 404 char *klist = NULL; 405 406 if (size) { 407 if (size > XATTR_LIST_MAX) 408 size = XATTR_LIST_MAX; 409 klist = kmalloc(size, GFP_KERNEL); 410 if (!klist) 411 return -ENOMEM; 412 } 413 414 error = vfs_listxattr(d, klist, size); 415 if (error > 0) { 416 if (size && copy_to_user(list, klist, error)) 417 error = -EFAULT; 418 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 419 /* The file system tried to returned a list bigger 420 than XATTR_LIST_MAX bytes. Not possible. */ 421 error = -E2BIG; 422 } 423 kfree(klist); 424 return error; 425 } 426 427 asmlinkage ssize_t 428 sys_listxattr(const char __user *path, char __user *list, size_t size) 429 { 430 struct nameidata nd; 431 ssize_t error; 432 433 error = user_path_walk(path, &nd); 434 if (error) 435 return error; 436 error = listxattr(nd.path.dentry, list, size); 437 path_put(&nd.path); 438 return error; 439 } 440 441 asmlinkage ssize_t 442 sys_llistxattr(const char __user *path, char __user *list, size_t size) 443 { 444 struct nameidata nd; 445 ssize_t error; 446 447 error = user_path_walk_link(path, &nd); 448 if (error) 449 return error; 450 error = listxattr(nd.path.dentry, list, size); 451 path_put(&nd.path); 452 return error; 453 } 454 455 asmlinkage ssize_t 456 sys_flistxattr(int fd, char __user *list, size_t size) 457 { 458 struct file *f; 459 ssize_t error = -EBADF; 460 461 f = fget(fd); 462 if (!f) 463 return error; 464 audit_inode(NULL, f->f_path.dentry); 465 error = listxattr(f->f_path.dentry, list, size); 466 fput(f); 467 return error; 468 } 469 470 /* 471 * Extended attribute REMOVE operations 472 */ 473 static long 474 removexattr(struct dentry *d, const char __user *name) 475 { 476 int error; 477 char kname[XATTR_NAME_MAX + 1]; 478 479 error = strncpy_from_user(kname, name, sizeof(kname)); 480 if (error == 0 || error == sizeof(kname)) 481 error = -ERANGE; 482 if (error < 0) 483 return error; 484 485 return vfs_removexattr(d, kname); 486 } 487 488 asmlinkage long 489 sys_removexattr(const char __user *path, const char __user *name) 490 { 491 struct nameidata nd; 492 int error; 493 494 error = user_path_walk(path, &nd); 495 if (error) 496 return error; 497 error = mnt_want_write(nd.path.mnt); 498 if (!error) { 499 error = removexattr(nd.path.dentry, name); 500 mnt_drop_write(nd.path.mnt); 501 } 502 path_put(&nd.path); 503 return error; 504 } 505 506 asmlinkage long 507 sys_lremovexattr(const char __user *path, const char __user *name) 508 { 509 struct nameidata nd; 510 int error; 511 512 error = user_path_walk_link(path, &nd); 513 if (error) 514 return error; 515 error = mnt_want_write(nd.path.mnt); 516 if (!error) { 517 error = removexattr(nd.path.dentry, name); 518 mnt_drop_write(nd.path.mnt); 519 } 520 path_put(&nd.path); 521 return error; 522 } 523 524 asmlinkage long 525 sys_fremovexattr(int fd, const char __user *name) 526 { 527 struct file *f; 528 struct dentry *dentry; 529 int error = -EBADF; 530 531 f = fget(fd); 532 if (!f) 533 return error; 534 dentry = f->f_path.dentry; 535 audit_inode(NULL, dentry); 536 error = mnt_want_write(f->f_path.mnt); 537 if (!error) { 538 error = removexattr(dentry, name); 539 mnt_drop_write(f->f_path.mnt); 540 } 541 fput(f); 542 return error; 543 } 544 545 546 static const char * 547 strcmp_prefix(const char *a, const char *a_prefix) 548 { 549 while (*a_prefix && *a == *a_prefix) { 550 a++; 551 a_prefix++; 552 } 553 return *a_prefix ? NULL : a; 554 } 555 556 /* 557 * In order to implement different sets of xattr operations for each xattr 558 * prefix with the generic xattr API, a filesystem should create a 559 * null-terminated array of struct xattr_handler (one for each prefix) and 560 * hang a pointer to it off of the s_xattr field of the superblock. 561 * 562 * The generic_fooxattr() functions will use this list to dispatch xattr 563 * operations to the correct xattr_handler. 564 */ 565 #define for_each_xattr_handler(handlers, handler) \ 566 for ((handler) = *(handlers)++; \ 567 (handler) != NULL; \ 568 (handler) = *(handlers)++) 569 570 /* 571 * Find the xattr_handler with the matching prefix. 572 */ 573 static struct xattr_handler * 574 xattr_resolve_name(struct xattr_handler **handlers, const char **name) 575 { 576 struct xattr_handler *handler; 577 578 if (!*name) 579 return NULL; 580 581 for_each_xattr_handler(handlers, handler) { 582 const char *n = strcmp_prefix(*name, handler->prefix); 583 if (n) { 584 *name = n; 585 break; 586 } 587 } 588 return handler; 589 } 590 591 /* 592 * Find the handler for the prefix and dispatch its get() operation. 593 */ 594 ssize_t 595 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 596 { 597 struct xattr_handler *handler; 598 struct inode *inode = dentry->d_inode; 599 600 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 601 if (!handler) 602 return -EOPNOTSUPP; 603 return handler->get(inode, name, buffer, size); 604 } 605 606 /* 607 * Combine the results of the list() operation from every xattr_handler in the 608 * list. 609 */ 610 ssize_t 611 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 612 { 613 struct inode *inode = dentry->d_inode; 614 struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr; 615 unsigned int size = 0; 616 617 if (!buffer) { 618 for_each_xattr_handler(handlers, handler) 619 size += handler->list(inode, NULL, 0, NULL, 0); 620 } else { 621 char *buf = buffer; 622 623 for_each_xattr_handler(handlers, handler) { 624 size = handler->list(inode, buf, buffer_size, NULL, 0); 625 if (size > buffer_size) 626 return -ERANGE; 627 buf += size; 628 buffer_size -= size; 629 } 630 size = buf - buffer; 631 } 632 return size; 633 } 634 635 /* 636 * Find the handler for the prefix and dispatch its set() operation. 637 */ 638 int 639 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 640 { 641 struct xattr_handler *handler; 642 struct inode *inode = dentry->d_inode; 643 644 if (size == 0) 645 value = ""; /* empty EA, do not remove */ 646 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 647 if (!handler) 648 return -EOPNOTSUPP; 649 return handler->set(inode, name, value, size, flags); 650 } 651 652 /* 653 * Find the handler for the prefix and dispatch its set() operation to remove 654 * any associated extended attribute. 655 */ 656 int 657 generic_removexattr(struct dentry *dentry, const char *name) 658 { 659 struct xattr_handler *handler; 660 struct inode *inode = dentry->d_inode; 661 662 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 663 if (!handler) 664 return -EOPNOTSUPP; 665 return handler->set(inode, name, NULL, 0, XATTR_REPLACE); 666 } 667 668 EXPORT_SYMBOL(generic_getxattr); 669 EXPORT_SYMBOL(generic_listxattr); 670 EXPORT_SYMBOL(generic_setxattr); 671 EXPORT_SYMBOL(generic_removexattr); 672