1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/evm.h> 18 #include <linux/syscalls.h> 19 #include <linux/export.h> 20 #include <linux/fsnotify.h> 21 #include <linux/audit.h> 22 #include <linux/vmalloc.h> 23 24 #include <asm/uaccess.h> 25 26 /* 27 * Check permissions for extended attribute access. This is a bit complicated 28 * because different namespaces have very different rules. 29 */ 30 static int 31 xattr_permission(struct inode *inode, const char *name, int mask) 32 { 33 /* 34 * We can never set or remove an extended attribute on a read-only 35 * filesystem or on an immutable / append-only inode. 36 */ 37 if (mask & MAY_WRITE) { 38 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 39 return -EPERM; 40 } 41 42 /* 43 * No restriction for security.* and system.* from the VFS. Decision 44 * on these is left to the underlying filesystem / security module. 45 */ 46 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 47 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 48 return 0; 49 50 /* 51 * The trusted.* namespace can only be accessed by privileged users. 52 */ 53 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 54 if (!capable(CAP_SYS_ADMIN)) 55 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 56 return 0; 57 } 58 59 /* 60 * In the user.* namespace, only regular files and directories can have 61 * extended attributes. For sticky directories, only the owner and 62 * privileged users can write attributes. 63 */ 64 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 65 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 66 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 67 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 68 (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) 69 return -EPERM; 70 } 71 72 return inode_permission(inode, mask); 73 } 74 75 /** 76 * __vfs_setxattr_noperm - perform setxattr operation without performing 77 * permission checks. 78 * 79 * @dentry - object to perform setxattr on 80 * @name - xattr name to set 81 * @value - value to set @name to 82 * @size - size of @value 83 * @flags - flags to pass into filesystem operations 84 * 85 * returns the result of the internal setxattr or setsecurity operations. 86 * 87 * This function requires the caller to lock the inode's i_mutex before it 88 * is executed. It also assumes that the caller will make the appropriate 89 * permission checks. 90 */ 91 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, 92 const void *value, size_t size, int flags) 93 { 94 struct inode *inode = dentry->d_inode; 95 int error = -EOPNOTSUPP; 96 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 97 XATTR_SECURITY_PREFIX_LEN); 98 99 if (issec) 100 inode->i_flags &= ~S_NOSEC; 101 if (inode->i_op->setxattr) { 102 error = inode->i_op->setxattr(dentry, name, value, size, flags); 103 if (!error) { 104 fsnotify_xattr(dentry); 105 security_inode_post_setxattr(dentry, name, value, 106 size, flags); 107 } 108 } else if (issec) { 109 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 110 error = security_inode_setsecurity(inode, suffix, value, 111 size, flags); 112 if (!error) 113 fsnotify_xattr(dentry); 114 } 115 116 return error; 117 } 118 119 120 int 121 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 122 size_t size, int flags) 123 { 124 struct inode *inode = dentry->d_inode; 125 int error; 126 127 error = xattr_permission(inode, name, MAY_WRITE); 128 if (error) 129 return error; 130 131 mutex_lock(&inode->i_mutex); 132 error = security_inode_setxattr(dentry, name, value, size, flags); 133 if (error) 134 goto out; 135 136 error = __vfs_setxattr_noperm(dentry, name, value, size, flags); 137 138 out: 139 mutex_unlock(&inode->i_mutex); 140 return error; 141 } 142 EXPORT_SYMBOL_GPL(vfs_setxattr); 143 144 ssize_t 145 xattr_getsecurity(struct inode *inode, const char *name, void *value, 146 size_t size) 147 { 148 void *buffer = NULL; 149 ssize_t len; 150 151 if (!value || !size) { 152 len = security_inode_getsecurity(inode, name, &buffer, false); 153 goto out_noalloc; 154 } 155 156 len = security_inode_getsecurity(inode, name, &buffer, true); 157 if (len < 0) 158 return len; 159 if (size < len) { 160 len = -ERANGE; 161 goto out; 162 } 163 memcpy(value, buffer, len); 164 out: 165 security_release_secctx(buffer, len); 166 out_noalloc: 167 return len; 168 } 169 EXPORT_SYMBOL_GPL(xattr_getsecurity); 170 171 /* 172 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 173 * 174 * Allocate memory, if not already allocated, or re-allocate correct size, 175 * before retrieving the extended attribute. 176 * 177 * Returns the result of alloc, if failed, or the getxattr operation. 178 */ 179 ssize_t 180 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, 181 size_t xattr_size, gfp_t flags) 182 { 183 struct inode *inode = dentry->d_inode; 184 char *value = *xattr_value; 185 int error; 186 187 error = xattr_permission(inode, name, MAY_READ); 188 if (error) 189 return error; 190 191 if (!inode->i_op->getxattr) 192 return -EOPNOTSUPP; 193 194 error = inode->i_op->getxattr(dentry, name, NULL, 0); 195 if (error < 0) 196 return error; 197 198 if (!value || (error > xattr_size)) { 199 value = krealloc(*xattr_value, error + 1, flags); 200 if (!value) 201 return -ENOMEM; 202 memset(value, 0, error + 1); 203 } 204 205 error = inode->i_op->getxattr(dentry, name, value, error); 206 *xattr_value = value; 207 return error; 208 } 209 210 /* Compare an extended attribute value with the given value */ 211 int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name, 212 const char *value, size_t size, gfp_t flags) 213 { 214 char *xattr_value = NULL; 215 int rc; 216 217 rc = vfs_getxattr_alloc(dentry, xattr_name, &xattr_value, 0, flags); 218 if (rc < 0) 219 return rc; 220 221 if ((rc != size) || (memcmp(xattr_value, value, rc) != 0)) 222 rc = -EINVAL; 223 else 224 rc = 0; 225 kfree(xattr_value); 226 return rc; 227 } 228 229 ssize_t 230 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 231 { 232 struct inode *inode = dentry->d_inode; 233 int error; 234 235 error = xattr_permission(inode, name, MAY_READ); 236 if (error) 237 return error; 238 239 error = security_inode_getxattr(dentry, name); 240 if (error) 241 return error; 242 243 if (!strncmp(name, XATTR_SECURITY_PREFIX, 244 XATTR_SECURITY_PREFIX_LEN)) { 245 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 246 int ret = xattr_getsecurity(inode, suffix, value, size); 247 /* 248 * Only overwrite the return value if a security module 249 * is actually active. 250 */ 251 if (ret == -EOPNOTSUPP) 252 goto nolsm; 253 return ret; 254 } 255 nolsm: 256 if (inode->i_op->getxattr) 257 error = inode->i_op->getxattr(dentry, name, value, size); 258 else 259 error = -EOPNOTSUPP; 260 261 return error; 262 } 263 EXPORT_SYMBOL_GPL(vfs_getxattr); 264 265 ssize_t 266 vfs_listxattr(struct dentry *d, char *list, size_t size) 267 { 268 ssize_t error; 269 270 error = security_inode_listxattr(d); 271 if (error) 272 return error; 273 error = -EOPNOTSUPP; 274 if (d->d_inode->i_op->listxattr) { 275 error = d->d_inode->i_op->listxattr(d, list, size); 276 } else { 277 error = security_inode_listsecurity(d->d_inode, list, size); 278 if (size && error > size) 279 error = -ERANGE; 280 } 281 return error; 282 } 283 EXPORT_SYMBOL_GPL(vfs_listxattr); 284 285 int 286 vfs_removexattr(struct dentry *dentry, const char *name) 287 { 288 struct inode *inode = dentry->d_inode; 289 int error; 290 291 if (!inode->i_op->removexattr) 292 return -EOPNOTSUPP; 293 294 error = xattr_permission(inode, name, MAY_WRITE); 295 if (error) 296 return error; 297 298 error = security_inode_removexattr(dentry, name); 299 if (error) 300 return error; 301 302 mutex_lock(&inode->i_mutex); 303 error = inode->i_op->removexattr(dentry, name); 304 mutex_unlock(&inode->i_mutex); 305 306 if (!error) { 307 fsnotify_xattr(dentry); 308 evm_inode_post_removexattr(dentry, name); 309 } 310 return error; 311 } 312 EXPORT_SYMBOL_GPL(vfs_removexattr); 313 314 315 /* 316 * Extended attribute SET operations 317 */ 318 static long 319 setxattr(struct dentry *d, const char __user *name, const void __user *value, 320 size_t size, int flags) 321 { 322 int error; 323 void *kvalue = NULL; 324 void *vvalue = NULL; /* If non-NULL, we used vmalloc() */ 325 char kname[XATTR_NAME_MAX + 1]; 326 327 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 328 return -EINVAL; 329 330 error = strncpy_from_user(kname, name, sizeof(kname)); 331 if (error == 0 || error == sizeof(kname)) 332 error = -ERANGE; 333 if (error < 0) 334 return error; 335 336 if (size) { 337 if (size > XATTR_SIZE_MAX) 338 return -E2BIG; 339 kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); 340 if (!kvalue) { 341 vvalue = vmalloc(size); 342 if (!vvalue) 343 return -ENOMEM; 344 kvalue = vvalue; 345 } 346 if (copy_from_user(kvalue, value, size)) { 347 error = -EFAULT; 348 goto out; 349 } 350 } 351 352 error = vfs_setxattr(d, kname, kvalue, size, flags); 353 out: 354 if (vvalue) 355 vfree(vvalue); 356 else 357 kfree(kvalue); 358 return error; 359 } 360 361 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 362 const char __user *, name, const void __user *, value, 363 size_t, size, int, flags) 364 { 365 struct path path; 366 int error; 367 368 error = user_path(pathname, &path); 369 if (error) 370 return error; 371 error = mnt_want_write(path.mnt); 372 if (!error) { 373 error = setxattr(path.dentry, name, value, size, flags); 374 mnt_drop_write(path.mnt); 375 } 376 path_put(&path); 377 return error; 378 } 379 380 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 381 const char __user *, name, const void __user *, value, 382 size_t, size, int, flags) 383 { 384 struct path path; 385 int error; 386 387 error = user_lpath(pathname, &path); 388 if (error) 389 return error; 390 error = mnt_want_write(path.mnt); 391 if (!error) { 392 error = setxattr(path.dentry, name, value, size, flags); 393 mnt_drop_write(path.mnt); 394 } 395 path_put(&path); 396 return error; 397 } 398 399 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 400 const void __user *,value, size_t, size, int, flags) 401 { 402 int fput_needed; 403 struct file *f; 404 struct dentry *dentry; 405 int error = -EBADF; 406 407 f = fget_light(fd, &fput_needed); 408 if (!f) 409 return error; 410 dentry = f->f_path.dentry; 411 audit_inode(NULL, dentry); 412 error = mnt_want_write_file(f); 413 if (!error) { 414 error = setxattr(dentry, name, value, size, flags); 415 mnt_drop_write_file(f); 416 } 417 fput_light(f, fput_needed); 418 return error; 419 } 420 421 /* 422 * Extended attribute GET operations 423 */ 424 static ssize_t 425 getxattr(struct dentry *d, const char __user *name, void __user *value, 426 size_t size) 427 { 428 ssize_t error; 429 void *kvalue = NULL; 430 char kname[XATTR_NAME_MAX + 1]; 431 432 error = strncpy_from_user(kname, name, sizeof(kname)); 433 if (error == 0 || error == sizeof(kname)) 434 error = -ERANGE; 435 if (error < 0) 436 return error; 437 438 if (size) { 439 if (size > XATTR_SIZE_MAX) 440 size = XATTR_SIZE_MAX; 441 kvalue = kzalloc(size, GFP_KERNEL); 442 if (!kvalue) 443 return -ENOMEM; 444 } 445 446 error = vfs_getxattr(d, kname, kvalue, size); 447 if (error > 0) { 448 if (size && copy_to_user(value, kvalue, error)) 449 error = -EFAULT; 450 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 451 /* The file system tried to returned a value bigger 452 than XATTR_SIZE_MAX bytes. Not possible. */ 453 error = -E2BIG; 454 } 455 kfree(kvalue); 456 return error; 457 } 458 459 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 460 const char __user *, name, void __user *, value, size_t, size) 461 { 462 struct path path; 463 ssize_t error; 464 465 error = user_path(pathname, &path); 466 if (error) 467 return error; 468 error = getxattr(path.dentry, name, value, size); 469 path_put(&path); 470 return error; 471 } 472 473 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 474 const char __user *, name, void __user *, value, size_t, size) 475 { 476 struct path path; 477 ssize_t error; 478 479 error = user_lpath(pathname, &path); 480 if (error) 481 return error; 482 error = getxattr(path.dentry, name, value, size); 483 path_put(&path); 484 return error; 485 } 486 487 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 488 void __user *, value, size_t, size) 489 { 490 int fput_needed; 491 struct file *f; 492 ssize_t error = -EBADF; 493 494 f = fget_light(fd, &fput_needed); 495 if (!f) 496 return error; 497 audit_inode(NULL, f->f_path.dentry); 498 error = getxattr(f->f_path.dentry, name, value, size); 499 fput_light(f, fput_needed); 500 return error; 501 } 502 503 /* 504 * Extended attribute LIST operations 505 */ 506 static ssize_t 507 listxattr(struct dentry *d, char __user *list, size_t size) 508 { 509 ssize_t error; 510 char *klist = NULL; 511 char *vlist = NULL; /* If non-NULL, we used vmalloc() */ 512 513 if (size) { 514 if (size > XATTR_LIST_MAX) 515 size = XATTR_LIST_MAX; 516 klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); 517 if (!klist) { 518 vlist = vmalloc(size); 519 if (!vlist) 520 return -ENOMEM; 521 klist = vlist; 522 } 523 } 524 525 error = vfs_listxattr(d, klist, size); 526 if (error > 0) { 527 if (size && copy_to_user(list, klist, error)) 528 error = -EFAULT; 529 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 530 /* The file system tried to returned a list bigger 531 than XATTR_LIST_MAX bytes. Not possible. */ 532 error = -E2BIG; 533 } 534 if (vlist) 535 vfree(vlist); 536 else 537 kfree(klist); 538 return error; 539 } 540 541 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 542 size_t, size) 543 { 544 struct path path; 545 ssize_t error; 546 547 error = user_path(pathname, &path); 548 if (error) 549 return error; 550 error = listxattr(path.dentry, list, size); 551 path_put(&path); 552 return error; 553 } 554 555 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 556 size_t, size) 557 { 558 struct path path; 559 ssize_t error; 560 561 error = user_lpath(pathname, &path); 562 if (error) 563 return error; 564 error = listxattr(path.dentry, list, size); 565 path_put(&path); 566 return error; 567 } 568 569 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 570 { 571 int fput_needed; 572 struct file *f; 573 ssize_t error = -EBADF; 574 575 f = fget_light(fd, &fput_needed); 576 if (!f) 577 return error; 578 audit_inode(NULL, f->f_path.dentry); 579 error = listxattr(f->f_path.dentry, list, size); 580 fput_light(f, fput_needed); 581 return error; 582 } 583 584 /* 585 * Extended attribute REMOVE operations 586 */ 587 static long 588 removexattr(struct dentry *d, const char __user *name) 589 { 590 int error; 591 char kname[XATTR_NAME_MAX + 1]; 592 593 error = strncpy_from_user(kname, name, sizeof(kname)); 594 if (error == 0 || error == sizeof(kname)) 595 error = -ERANGE; 596 if (error < 0) 597 return error; 598 599 return vfs_removexattr(d, kname); 600 } 601 602 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 603 const char __user *, name) 604 { 605 struct path path; 606 int error; 607 608 error = user_path(pathname, &path); 609 if (error) 610 return error; 611 error = mnt_want_write(path.mnt); 612 if (!error) { 613 error = removexattr(path.dentry, name); 614 mnt_drop_write(path.mnt); 615 } 616 path_put(&path); 617 return error; 618 } 619 620 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 621 const char __user *, name) 622 { 623 struct path path; 624 int error; 625 626 error = user_lpath(pathname, &path); 627 if (error) 628 return error; 629 error = mnt_want_write(path.mnt); 630 if (!error) { 631 error = removexattr(path.dentry, name); 632 mnt_drop_write(path.mnt); 633 } 634 path_put(&path); 635 return error; 636 } 637 638 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 639 { 640 int fput_needed; 641 struct file *f; 642 struct dentry *dentry; 643 int error = -EBADF; 644 645 f = fget_light(fd, &fput_needed); 646 if (!f) 647 return error; 648 dentry = f->f_path.dentry; 649 audit_inode(NULL, dentry); 650 error = mnt_want_write_file(f); 651 if (!error) { 652 error = removexattr(dentry, name); 653 mnt_drop_write_file(f); 654 } 655 fput_light(f, fput_needed); 656 return error; 657 } 658 659 660 static const char * 661 strcmp_prefix(const char *a, const char *a_prefix) 662 { 663 while (*a_prefix && *a == *a_prefix) { 664 a++; 665 a_prefix++; 666 } 667 return *a_prefix ? NULL : a; 668 } 669 670 /* 671 * In order to implement different sets of xattr operations for each xattr 672 * prefix with the generic xattr API, a filesystem should create a 673 * null-terminated array of struct xattr_handler (one for each prefix) and 674 * hang a pointer to it off of the s_xattr field of the superblock. 675 * 676 * The generic_fooxattr() functions will use this list to dispatch xattr 677 * operations to the correct xattr_handler. 678 */ 679 #define for_each_xattr_handler(handlers, handler) \ 680 for ((handler) = *(handlers)++; \ 681 (handler) != NULL; \ 682 (handler) = *(handlers)++) 683 684 /* 685 * Find the xattr_handler with the matching prefix. 686 */ 687 static const struct xattr_handler * 688 xattr_resolve_name(const struct xattr_handler **handlers, const char **name) 689 { 690 const struct xattr_handler *handler; 691 692 if (!*name) 693 return NULL; 694 695 for_each_xattr_handler(handlers, handler) { 696 const char *n = strcmp_prefix(*name, handler->prefix); 697 if (n) { 698 *name = n; 699 break; 700 } 701 } 702 return handler; 703 } 704 705 /* 706 * Find the handler for the prefix and dispatch its get() operation. 707 */ 708 ssize_t 709 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 710 { 711 const struct xattr_handler *handler; 712 713 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 714 if (!handler) 715 return -EOPNOTSUPP; 716 return handler->get(dentry, name, buffer, size, handler->flags); 717 } 718 719 /* 720 * Combine the results of the list() operation from every xattr_handler in the 721 * list. 722 */ 723 ssize_t 724 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 725 { 726 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 727 unsigned int size = 0; 728 729 if (!buffer) { 730 for_each_xattr_handler(handlers, handler) { 731 size += handler->list(dentry, NULL, 0, NULL, 0, 732 handler->flags); 733 } 734 } else { 735 char *buf = buffer; 736 737 for_each_xattr_handler(handlers, handler) { 738 size = handler->list(dentry, buf, buffer_size, 739 NULL, 0, handler->flags); 740 if (size > buffer_size) 741 return -ERANGE; 742 buf += size; 743 buffer_size -= size; 744 } 745 size = buf - buffer; 746 } 747 return size; 748 } 749 750 /* 751 * Find the handler for the prefix and dispatch its set() operation. 752 */ 753 int 754 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 755 { 756 const struct xattr_handler *handler; 757 758 if (size == 0) 759 value = ""; /* empty EA, do not remove */ 760 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 761 if (!handler) 762 return -EOPNOTSUPP; 763 return handler->set(dentry, name, value, size, flags, handler->flags); 764 } 765 766 /* 767 * Find the handler for the prefix and dispatch its set() operation to remove 768 * any associated extended attribute. 769 */ 770 int 771 generic_removexattr(struct dentry *dentry, const char *name) 772 { 773 const struct xattr_handler *handler; 774 775 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 776 if (!handler) 777 return -EOPNOTSUPP; 778 return handler->set(dentry, name, NULL, 0, 779 XATTR_REPLACE, handler->flags); 780 } 781 782 EXPORT_SYMBOL(generic_getxattr); 783 EXPORT_SYMBOL(generic_listxattr); 784 EXPORT_SYMBOL(generic_setxattr); 785 EXPORT_SYMBOL(generic_removexattr); 786