xref: /openbmc/linux/fs/xattr.c (revision 22246614)
1 /*
2   File: fs/xattr.c
3 
4   Extended attribute handling.
5 
6   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9  */
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/namei.h>
16 #include <linux/security.h>
17 #include <linux/syscalls.h>
18 #include <linux/module.h>
19 #include <linux/fsnotify.h>
20 #include <linux/audit.h>
21 #include <asm/uaccess.h>
22 
23 
24 /*
25  * Check permissions for extended attribute access.  This is a bit complicated
26  * because different namespaces have very different rules.
27  */
28 static int
29 xattr_permission(struct inode *inode, const char *name, int mask)
30 {
31 	/*
32 	 * We can never set or remove an extended attribute on a read-only
33 	 * filesystem  or on an immutable / append-only inode.
34 	 */
35 	if (mask & MAY_WRITE) {
36 		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
37 			return -EPERM;
38 	}
39 
40 	/*
41 	 * No restriction for security.* and system.* from the VFS.  Decision
42 	 * on these is left to the underlying filesystem / security module.
43 	 */
44 	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
45 	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
46 		return 0;
47 
48 	/*
49 	 * The trusted.* namespace can only be accessed by a privileged user.
50 	 */
51 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
52 		return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
53 
54 	/* In user.* namespace, only regular files and directories can have
55 	 * extended attributes. For sticky directories, only the owner and
56 	 * privileged user can write attributes.
57 	 */
58 	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
59 		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
60 			return -EPERM;
61 		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
62 		    (mask & MAY_WRITE) && !is_owner_or_cap(inode))
63 			return -EPERM;
64 	}
65 
66 	return permission(inode, mask, NULL);
67 }
68 
69 int
70 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
71 		size_t size, int flags)
72 {
73 	struct inode *inode = dentry->d_inode;
74 	int error;
75 
76 	error = xattr_permission(inode, name, MAY_WRITE);
77 	if (error)
78 		return error;
79 
80 	mutex_lock(&inode->i_mutex);
81 	error = security_inode_setxattr(dentry, name, value, size, flags);
82 	if (error)
83 		goto out;
84 	error = -EOPNOTSUPP;
85 	if (inode->i_op->setxattr) {
86 		error = inode->i_op->setxattr(dentry, name, value, size, flags);
87 		if (!error) {
88 			fsnotify_xattr(dentry);
89 			security_inode_post_setxattr(dentry, name, value,
90 						     size, flags);
91 		}
92 	} else if (!strncmp(name, XATTR_SECURITY_PREFIX,
93 				XATTR_SECURITY_PREFIX_LEN)) {
94 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
95 		error = security_inode_setsecurity(inode, suffix, value,
96 						   size, flags);
97 		if (!error)
98 			fsnotify_xattr(dentry);
99 	}
100 out:
101 	mutex_unlock(&inode->i_mutex);
102 	return error;
103 }
104 EXPORT_SYMBOL_GPL(vfs_setxattr);
105 
106 ssize_t
107 xattr_getsecurity(struct inode *inode, const char *name, void *value,
108 			size_t size)
109 {
110 	void *buffer = NULL;
111 	ssize_t len;
112 
113 	if (!value || !size) {
114 		len = security_inode_getsecurity(inode, name, &buffer, false);
115 		goto out_noalloc;
116 	}
117 
118 	len = security_inode_getsecurity(inode, name, &buffer, true);
119 	if (len < 0)
120 		return len;
121 	if (size < len) {
122 		len = -ERANGE;
123 		goto out;
124 	}
125 	memcpy(value, buffer, len);
126 out:
127 	security_release_secctx(buffer, len);
128 out_noalloc:
129 	return len;
130 }
131 EXPORT_SYMBOL_GPL(xattr_getsecurity);
132 
133 ssize_t
134 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
135 {
136 	struct inode *inode = dentry->d_inode;
137 	int error;
138 
139 	error = xattr_permission(inode, name, MAY_READ);
140 	if (error)
141 		return error;
142 
143 	error = security_inode_getxattr(dentry, name);
144 	if (error)
145 		return error;
146 
147 	if (!strncmp(name, XATTR_SECURITY_PREFIX,
148 				XATTR_SECURITY_PREFIX_LEN)) {
149 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
150 		int ret = xattr_getsecurity(inode, suffix, value, size);
151 		/*
152 		 * Only overwrite the return value if a security module
153 		 * is actually active.
154 		 */
155 		if (ret == -EOPNOTSUPP)
156 			goto nolsm;
157 		return ret;
158 	}
159 nolsm:
160 	if (inode->i_op->getxattr)
161 		error = inode->i_op->getxattr(dentry, name, value, size);
162 	else
163 		error = -EOPNOTSUPP;
164 
165 	return error;
166 }
167 EXPORT_SYMBOL_GPL(vfs_getxattr);
168 
169 ssize_t
170 vfs_listxattr(struct dentry *d, char *list, size_t size)
171 {
172 	ssize_t error;
173 
174 	error = security_inode_listxattr(d);
175 	if (error)
176 		return error;
177 	error = -EOPNOTSUPP;
178 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
179 		error = d->d_inode->i_op->listxattr(d, list, size);
180 	} else {
181 		error = security_inode_listsecurity(d->d_inode, list, size);
182 		if (size && error > size)
183 			error = -ERANGE;
184 	}
185 	return error;
186 }
187 EXPORT_SYMBOL_GPL(vfs_listxattr);
188 
189 int
190 vfs_removexattr(struct dentry *dentry, const char *name)
191 {
192 	struct inode *inode = dentry->d_inode;
193 	int error;
194 
195 	if (!inode->i_op->removexattr)
196 		return -EOPNOTSUPP;
197 
198 	error = xattr_permission(inode, name, MAY_WRITE);
199 	if (error)
200 		return error;
201 
202 	error = security_inode_removexattr(dentry, name);
203 	if (error)
204 		return error;
205 
206 	mutex_lock(&inode->i_mutex);
207 	error = inode->i_op->removexattr(dentry, name);
208 	mutex_unlock(&inode->i_mutex);
209 
210 	if (!error)
211 		fsnotify_xattr(dentry);
212 	return error;
213 }
214 EXPORT_SYMBOL_GPL(vfs_removexattr);
215 
216 
217 /*
218  * Extended attribute SET operations
219  */
220 static long
221 setxattr(struct dentry *d, const char __user *name, const void __user *value,
222 	 size_t size, int flags)
223 {
224 	int error;
225 	void *kvalue = NULL;
226 	char kname[XATTR_NAME_MAX + 1];
227 
228 	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
229 		return -EINVAL;
230 
231 	error = strncpy_from_user(kname, name, sizeof(kname));
232 	if (error == 0 || error == sizeof(kname))
233 		error = -ERANGE;
234 	if (error < 0)
235 		return error;
236 
237 	if (size) {
238 		if (size > XATTR_SIZE_MAX)
239 			return -E2BIG;
240 		kvalue = kmalloc(size, GFP_KERNEL);
241 		if (!kvalue)
242 			return -ENOMEM;
243 		if (copy_from_user(kvalue, value, size)) {
244 			kfree(kvalue);
245 			return -EFAULT;
246 		}
247 	}
248 
249 	error = vfs_setxattr(d, kname, kvalue, size, flags);
250 	kfree(kvalue);
251 	return error;
252 }
253 
254 asmlinkage long
255 sys_setxattr(const char __user *path, const char __user *name,
256 	     const void __user *value, size_t size, int flags)
257 {
258 	struct nameidata nd;
259 	int error;
260 
261 	error = user_path_walk(path, &nd);
262 	if (error)
263 		return error;
264 	error = mnt_want_write(nd.path.mnt);
265 	if (!error) {
266 		error = setxattr(nd.path.dentry, name, value, size, flags);
267 		mnt_drop_write(nd.path.mnt);
268 	}
269 	path_put(&nd.path);
270 	return error;
271 }
272 
273 asmlinkage long
274 sys_lsetxattr(const char __user *path, const char __user *name,
275 	      const void __user *value, size_t size, int flags)
276 {
277 	struct nameidata nd;
278 	int error;
279 
280 	error = user_path_walk_link(path, &nd);
281 	if (error)
282 		return error;
283 	error = mnt_want_write(nd.path.mnt);
284 	if (!error) {
285 		error = setxattr(nd.path.dentry, name, value, size, flags);
286 		mnt_drop_write(nd.path.mnt);
287 	}
288 	path_put(&nd.path);
289 	return error;
290 }
291 
292 asmlinkage long
293 sys_fsetxattr(int fd, const char __user *name, const void __user *value,
294 	      size_t size, int flags)
295 {
296 	struct file *f;
297 	struct dentry *dentry;
298 	int error = -EBADF;
299 
300 	f = fget(fd);
301 	if (!f)
302 		return error;
303 	dentry = f->f_path.dentry;
304 	audit_inode(NULL, dentry);
305 	error = mnt_want_write(f->f_path.mnt);
306 	if (!error) {
307 		error = setxattr(dentry, name, value, size, flags);
308 		mnt_drop_write(f->f_path.mnt);
309 	}
310 	fput(f);
311 	return error;
312 }
313 
314 /*
315  * Extended attribute GET operations
316  */
317 static ssize_t
318 getxattr(struct dentry *d, const char __user *name, void __user *value,
319 	 size_t size)
320 {
321 	ssize_t error;
322 	void *kvalue = NULL;
323 	char kname[XATTR_NAME_MAX + 1];
324 
325 	error = strncpy_from_user(kname, name, sizeof(kname));
326 	if (error == 0 || error == sizeof(kname))
327 		error = -ERANGE;
328 	if (error < 0)
329 		return error;
330 
331 	if (size) {
332 		if (size > XATTR_SIZE_MAX)
333 			size = XATTR_SIZE_MAX;
334 		kvalue = kzalloc(size, GFP_KERNEL);
335 		if (!kvalue)
336 			return -ENOMEM;
337 	}
338 
339 	error = vfs_getxattr(d, kname, kvalue, size);
340 	if (error > 0) {
341 		if (size && copy_to_user(value, kvalue, error))
342 			error = -EFAULT;
343 	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
344 		/* The file system tried to returned a value bigger
345 		   than XATTR_SIZE_MAX bytes. Not possible. */
346 		error = -E2BIG;
347 	}
348 	kfree(kvalue);
349 	return error;
350 }
351 
352 asmlinkage ssize_t
353 sys_getxattr(const char __user *path, const char __user *name,
354 	     void __user *value, size_t size)
355 {
356 	struct nameidata nd;
357 	ssize_t error;
358 
359 	error = user_path_walk(path, &nd);
360 	if (error)
361 		return error;
362 	error = getxattr(nd.path.dentry, name, value, size);
363 	path_put(&nd.path);
364 	return error;
365 }
366 
367 asmlinkage ssize_t
368 sys_lgetxattr(const char __user *path, const char __user *name, void __user *value,
369 	      size_t size)
370 {
371 	struct nameidata nd;
372 	ssize_t error;
373 
374 	error = user_path_walk_link(path, &nd);
375 	if (error)
376 		return error;
377 	error = getxattr(nd.path.dentry, name, value, size);
378 	path_put(&nd.path);
379 	return error;
380 }
381 
382 asmlinkage ssize_t
383 sys_fgetxattr(int fd, const char __user *name, void __user *value, size_t size)
384 {
385 	struct file *f;
386 	ssize_t error = -EBADF;
387 
388 	f = fget(fd);
389 	if (!f)
390 		return error;
391 	audit_inode(NULL, f->f_path.dentry);
392 	error = getxattr(f->f_path.dentry, name, value, size);
393 	fput(f);
394 	return error;
395 }
396 
397 /*
398  * Extended attribute LIST operations
399  */
400 static ssize_t
401 listxattr(struct dentry *d, char __user *list, size_t size)
402 {
403 	ssize_t error;
404 	char *klist = NULL;
405 
406 	if (size) {
407 		if (size > XATTR_LIST_MAX)
408 			size = XATTR_LIST_MAX;
409 		klist = kmalloc(size, GFP_KERNEL);
410 		if (!klist)
411 			return -ENOMEM;
412 	}
413 
414 	error = vfs_listxattr(d, klist, size);
415 	if (error > 0) {
416 		if (size && copy_to_user(list, klist, error))
417 			error = -EFAULT;
418 	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
419 		/* The file system tried to returned a list bigger
420 		   than XATTR_LIST_MAX bytes. Not possible. */
421 		error = -E2BIG;
422 	}
423 	kfree(klist);
424 	return error;
425 }
426 
427 asmlinkage ssize_t
428 sys_listxattr(const char __user *path, char __user *list, size_t size)
429 {
430 	struct nameidata nd;
431 	ssize_t error;
432 
433 	error = user_path_walk(path, &nd);
434 	if (error)
435 		return error;
436 	error = listxattr(nd.path.dentry, list, size);
437 	path_put(&nd.path);
438 	return error;
439 }
440 
441 asmlinkage ssize_t
442 sys_llistxattr(const char __user *path, char __user *list, size_t size)
443 {
444 	struct nameidata nd;
445 	ssize_t error;
446 
447 	error = user_path_walk_link(path, &nd);
448 	if (error)
449 		return error;
450 	error = listxattr(nd.path.dentry, list, size);
451 	path_put(&nd.path);
452 	return error;
453 }
454 
455 asmlinkage ssize_t
456 sys_flistxattr(int fd, char __user *list, size_t size)
457 {
458 	struct file *f;
459 	ssize_t error = -EBADF;
460 
461 	f = fget(fd);
462 	if (!f)
463 		return error;
464 	audit_inode(NULL, f->f_path.dentry);
465 	error = listxattr(f->f_path.dentry, list, size);
466 	fput(f);
467 	return error;
468 }
469 
470 /*
471  * Extended attribute REMOVE operations
472  */
473 static long
474 removexattr(struct dentry *d, const char __user *name)
475 {
476 	int error;
477 	char kname[XATTR_NAME_MAX + 1];
478 
479 	error = strncpy_from_user(kname, name, sizeof(kname));
480 	if (error == 0 || error == sizeof(kname))
481 		error = -ERANGE;
482 	if (error < 0)
483 		return error;
484 
485 	return vfs_removexattr(d, kname);
486 }
487 
488 asmlinkage long
489 sys_removexattr(const char __user *path, const char __user *name)
490 {
491 	struct nameidata nd;
492 	int error;
493 
494 	error = user_path_walk(path, &nd);
495 	if (error)
496 		return error;
497 	error = mnt_want_write(nd.path.mnt);
498 	if (!error) {
499 		error = removexattr(nd.path.dentry, name);
500 		mnt_drop_write(nd.path.mnt);
501 	}
502 	path_put(&nd.path);
503 	return error;
504 }
505 
506 asmlinkage long
507 sys_lremovexattr(const char __user *path, const char __user *name)
508 {
509 	struct nameidata nd;
510 	int error;
511 
512 	error = user_path_walk_link(path, &nd);
513 	if (error)
514 		return error;
515 	error = mnt_want_write(nd.path.mnt);
516 	if (!error) {
517 		error = removexattr(nd.path.dentry, name);
518 		mnt_drop_write(nd.path.mnt);
519 	}
520 	path_put(&nd.path);
521 	return error;
522 }
523 
524 asmlinkage long
525 sys_fremovexattr(int fd, const char __user *name)
526 {
527 	struct file *f;
528 	struct dentry *dentry;
529 	int error = -EBADF;
530 
531 	f = fget(fd);
532 	if (!f)
533 		return error;
534 	dentry = f->f_path.dentry;
535 	audit_inode(NULL, dentry);
536 	error = mnt_want_write(f->f_path.mnt);
537 	if (!error) {
538 		error = removexattr(dentry, name);
539 		mnt_drop_write(f->f_path.mnt);
540 	}
541 	fput(f);
542 	return error;
543 }
544 
545 
546 static const char *
547 strcmp_prefix(const char *a, const char *a_prefix)
548 {
549 	while (*a_prefix && *a == *a_prefix) {
550 		a++;
551 		a_prefix++;
552 	}
553 	return *a_prefix ? NULL : a;
554 }
555 
556 /*
557  * In order to implement different sets of xattr operations for each xattr
558  * prefix with the generic xattr API, a filesystem should create a
559  * null-terminated array of struct xattr_handler (one for each prefix) and
560  * hang a pointer to it off of the s_xattr field of the superblock.
561  *
562  * The generic_fooxattr() functions will use this list to dispatch xattr
563  * operations to the correct xattr_handler.
564  */
565 #define for_each_xattr_handler(handlers, handler)		\
566 		for ((handler) = *(handlers)++;			\
567 			(handler) != NULL;			\
568 			(handler) = *(handlers)++)
569 
570 /*
571  * Find the xattr_handler with the matching prefix.
572  */
573 static struct xattr_handler *
574 xattr_resolve_name(struct xattr_handler **handlers, const char **name)
575 {
576 	struct xattr_handler *handler;
577 
578 	if (!*name)
579 		return NULL;
580 
581 	for_each_xattr_handler(handlers, handler) {
582 		const char *n = strcmp_prefix(*name, handler->prefix);
583 		if (n) {
584 			*name = n;
585 			break;
586 		}
587 	}
588 	return handler;
589 }
590 
591 /*
592  * Find the handler for the prefix and dispatch its get() operation.
593  */
594 ssize_t
595 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
596 {
597 	struct xattr_handler *handler;
598 	struct inode *inode = dentry->d_inode;
599 
600 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
601 	if (!handler)
602 		return -EOPNOTSUPP;
603 	return handler->get(inode, name, buffer, size);
604 }
605 
606 /*
607  * Combine the results of the list() operation from every xattr_handler in the
608  * list.
609  */
610 ssize_t
611 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
612 {
613 	struct inode *inode = dentry->d_inode;
614 	struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr;
615 	unsigned int size = 0;
616 
617 	if (!buffer) {
618 		for_each_xattr_handler(handlers, handler)
619 			size += handler->list(inode, NULL, 0, NULL, 0);
620 	} else {
621 		char *buf = buffer;
622 
623 		for_each_xattr_handler(handlers, handler) {
624 			size = handler->list(inode, buf, buffer_size, NULL, 0);
625 			if (size > buffer_size)
626 				return -ERANGE;
627 			buf += size;
628 			buffer_size -= size;
629 		}
630 		size = buf - buffer;
631 	}
632 	return size;
633 }
634 
635 /*
636  * Find the handler for the prefix and dispatch its set() operation.
637  */
638 int
639 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
640 {
641 	struct xattr_handler *handler;
642 	struct inode *inode = dentry->d_inode;
643 
644 	if (size == 0)
645 		value = "";  /* empty EA, do not remove */
646 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
647 	if (!handler)
648 		return -EOPNOTSUPP;
649 	return handler->set(inode, name, value, size, flags);
650 }
651 
652 /*
653  * Find the handler for the prefix and dispatch its set() operation to remove
654  * any associated extended attribute.
655  */
656 int
657 generic_removexattr(struct dentry *dentry, const char *name)
658 {
659 	struct xattr_handler *handler;
660 	struct inode *inode = dentry->d_inode;
661 
662 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
663 	if (!handler)
664 		return -EOPNOTSUPP;
665 	return handler->set(inode, name, NULL, 0, XATTR_REPLACE);
666 }
667 
668 EXPORT_SYMBOL(generic_getxattr);
669 EXPORT_SYMBOL(generic_listxattr);
670 EXPORT_SYMBOL(generic_setxattr);
671 EXPORT_SYMBOL(generic_removexattr);
672