1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/evm.h> 18 #include <linux/syscalls.h> 19 #include <linux/module.h> 20 #include <linux/fsnotify.h> 21 #include <linux/audit.h> 22 #include <asm/uaccess.h> 23 24 25 /* 26 * Check permissions for extended attribute access. This is a bit complicated 27 * because different namespaces have very different rules. 28 */ 29 static int 30 xattr_permission(struct inode *inode, const char *name, int mask) 31 { 32 /* 33 * We can never set or remove an extended attribute on a read-only 34 * filesystem or on an immutable / append-only inode. 35 */ 36 if (mask & MAY_WRITE) { 37 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 38 return -EPERM; 39 } 40 41 /* 42 * No restriction for security.* and system.* from the VFS. Decision 43 * on these is left to the underlying filesystem / security module. 44 */ 45 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 46 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 47 return 0; 48 49 /* 50 * The trusted.* namespace can only be accessed by privileged users. 51 */ 52 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 53 if (!capable(CAP_SYS_ADMIN)) 54 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 55 return 0; 56 } 57 58 /* 59 * In the user.* namespace, only regular files and directories can have 60 * extended attributes. For sticky directories, only the owner and 61 * privileged users can write attributes. 62 */ 63 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 64 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 65 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 66 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 67 (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) 68 return -EPERM; 69 } 70 71 return inode_permission(inode, mask); 72 } 73 74 /** 75 * __vfs_setxattr_noperm - perform setxattr operation without performing 76 * permission checks. 77 * 78 * @dentry - object to perform setxattr on 79 * @name - xattr name to set 80 * @value - value to set @name to 81 * @size - size of @value 82 * @flags - flags to pass into filesystem operations 83 * 84 * returns the result of the internal setxattr or setsecurity operations. 85 * 86 * This function requires the caller to lock the inode's i_mutex before it 87 * is executed. It also assumes that the caller will make the appropriate 88 * permission checks. 89 */ 90 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, 91 const void *value, size_t size, int flags) 92 { 93 struct inode *inode = dentry->d_inode; 94 int error = -EOPNOTSUPP; 95 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 96 XATTR_SECURITY_PREFIX_LEN); 97 98 if (issec) 99 inode->i_flags &= ~S_NOSEC; 100 if (inode->i_op->setxattr) { 101 error = inode->i_op->setxattr(dentry, name, value, size, flags); 102 if (!error) { 103 fsnotify_xattr(dentry); 104 security_inode_post_setxattr(dentry, name, value, 105 size, flags); 106 } 107 } else if (issec) { 108 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 109 error = security_inode_setsecurity(inode, suffix, value, 110 size, flags); 111 if (!error) 112 fsnotify_xattr(dentry); 113 } 114 115 return error; 116 } 117 118 119 int 120 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 121 size_t size, int flags) 122 { 123 struct inode *inode = dentry->d_inode; 124 int error; 125 126 error = xattr_permission(inode, name, MAY_WRITE); 127 if (error) 128 return error; 129 130 mutex_lock(&inode->i_mutex); 131 error = security_inode_setxattr(dentry, name, value, size, flags); 132 if (error) 133 goto out; 134 135 error = __vfs_setxattr_noperm(dentry, name, value, size, flags); 136 137 out: 138 mutex_unlock(&inode->i_mutex); 139 return error; 140 } 141 EXPORT_SYMBOL_GPL(vfs_setxattr); 142 143 ssize_t 144 xattr_getsecurity(struct inode *inode, const char *name, void *value, 145 size_t size) 146 { 147 void *buffer = NULL; 148 ssize_t len; 149 150 if (!value || !size) { 151 len = security_inode_getsecurity(inode, name, &buffer, false); 152 goto out_noalloc; 153 } 154 155 len = security_inode_getsecurity(inode, name, &buffer, true); 156 if (len < 0) 157 return len; 158 if (size < len) { 159 len = -ERANGE; 160 goto out; 161 } 162 memcpy(value, buffer, len); 163 out: 164 security_release_secctx(buffer, len); 165 out_noalloc: 166 return len; 167 } 168 EXPORT_SYMBOL_GPL(xattr_getsecurity); 169 170 /* 171 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 172 * 173 * Allocate memory, if not already allocated, or re-allocate correct size, 174 * before retrieving the extended attribute. 175 * 176 * Returns the result of alloc, if failed, or the getxattr operation. 177 */ 178 ssize_t 179 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, 180 size_t xattr_size, gfp_t flags) 181 { 182 struct inode *inode = dentry->d_inode; 183 char *value = *xattr_value; 184 int error; 185 186 error = xattr_permission(inode, name, MAY_READ); 187 if (error) 188 return error; 189 190 if (!inode->i_op->getxattr) 191 return -EOPNOTSUPP; 192 193 error = inode->i_op->getxattr(dentry, name, NULL, 0); 194 if (error < 0) 195 return error; 196 197 if (!value || (error > xattr_size)) { 198 value = krealloc(*xattr_value, error + 1, flags); 199 if (!value) 200 return -ENOMEM; 201 memset(value, 0, error + 1); 202 } 203 204 error = inode->i_op->getxattr(dentry, name, value, error); 205 *xattr_value = value; 206 return error; 207 } 208 209 /* Compare an extended attribute value with the given value */ 210 int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name, 211 const char *value, size_t size, gfp_t flags) 212 { 213 char *xattr_value = NULL; 214 int rc; 215 216 rc = vfs_getxattr_alloc(dentry, xattr_name, &xattr_value, 0, flags); 217 if (rc < 0) 218 return rc; 219 220 if ((rc != size) || (memcmp(xattr_value, value, rc) != 0)) 221 rc = -EINVAL; 222 else 223 rc = 0; 224 kfree(xattr_value); 225 return rc; 226 } 227 228 ssize_t 229 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 230 { 231 struct inode *inode = dentry->d_inode; 232 int error; 233 234 error = xattr_permission(inode, name, MAY_READ); 235 if (error) 236 return error; 237 238 error = security_inode_getxattr(dentry, name); 239 if (error) 240 return error; 241 242 if (!strncmp(name, XATTR_SECURITY_PREFIX, 243 XATTR_SECURITY_PREFIX_LEN)) { 244 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 245 int ret = xattr_getsecurity(inode, suffix, value, size); 246 /* 247 * Only overwrite the return value if a security module 248 * is actually active. 249 */ 250 if (ret == -EOPNOTSUPP) 251 goto nolsm; 252 return ret; 253 } 254 nolsm: 255 if (inode->i_op->getxattr) 256 error = inode->i_op->getxattr(dentry, name, value, size); 257 else 258 error = -EOPNOTSUPP; 259 260 return error; 261 } 262 EXPORT_SYMBOL_GPL(vfs_getxattr); 263 264 ssize_t 265 vfs_listxattr(struct dentry *d, char *list, size_t size) 266 { 267 ssize_t error; 268 269 error = security_inode_listxattr(d); 270 if (error) 271 return error; 272 error = -EOPNOTSUPP; 273 if (d->d_inode->i_op->listxattr) { 274 error = d->d_inode->i_op->listxattr(d, list, size); 275 } else { 276 error = security_inode_listsecurity(d->d_inode, list, size); 277 if (size && error > size) 278 error = -ERANGE; 279 } 280 return error; 281 } 282 EXPORT_SYMBOL_GPL(vfs_listxattr); 283 284 int 285 vfs_removexattr(struct dentry *dentry, const char *name) 286 { 287 struct inode *inode = dentry->d_inode; 288 int error; 289 290 if (!inode->i_op->removexattr) 291 return -EOPNOTSUPP; 292 293 error = xattr_permission(inode, name, MAY_WRITE); 294 if (error) 295 return error; 296 297 error = security_inode_removexattr(dentry, name); 298 if (error) 299 return error; 300 301 mutex_lock(&inode->i_mutex); 302 error = inode->i_op->removexattr(dentry, name); 303 mutex_unlock(&inode->i_mutex); 304 305 if (!error) { 306 fsnotify_xattr(dentry); 307 evm_inode_post_removexattr(dentry, name); 308 } 309 return error; 310 } 311 EXPORT_SYMBOL_GPL(vfs_removexattr); 312 313 314 /* 315 * Extended attribute SET operations 316 */ 317 static long 318 setxattr(struct dentry *d, const char __user *name, const void __user *value, 319 size_t size, int flags) 320 { 321 int error; 322 void *kvalue = NULL; 323 char kname[XATTR_NAME_MAX + 1]; 324 325 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 326 return -EINVAL; 327 328 error = strncpy_from_user(kname, name, sizeof(kname)); 329 if (error == 0 || error == sizeof(kname)) 330 error = -ERANGE; 331 if (error < 0) 332 return error; 333 334 if (size) { 335 if (size > XATTR_SIZE_MAX) 336 return -E2BIG; 337 kvalue = memdup_user(value, size); 338 if (IS_ERR(kvalue)) 339 return PTR_ERR(kvalue); 340 } 341 342 error = vfs_setxattr(d, kname, kvalue, size, flags); 343 kfree(kvalue); 344 return error; 345 } 346 347 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 348 const char __user *, name, const void __user *, value, 349 size_t, size, int, flags) 350 { 351 struct path path; 352 int error; 353 354 error = user_path(pathname, &path); 355 if (error) 356 return error; 357 error = mnt_want_write(path.mnt); 358 if (!error) { 359 error = setxattr(path.dentry, name, value, size, flags); 360 mnt_drop_write(path.mnt); 361 } 362 path_put(&path); 363 return error; 364 } 365 366 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 367 const char __user *, name, const void __user *, value, 368 size_t, size, int, flags) 369 { 370 struct path path; 371 int error; 372 373 error = user_lpath(pathname, &path); 374 if (error) 375 return error; 376 error = mnt_want_write(path.mnt); 377 if (!error) { 378 error = setxattr(path.dentry, name, value, size, flags); 379 mnt_drop_write(path.mnt); 380 } 381 path_put(&path); 382 return error; 383 } 384 385 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 386 const void __user *,value, size_t, size, int, flags) 387 { 388 struct file *f; 389 struct dentry *dentry; 390 int error = -EBADF; 391 392 f = fget(fd); 393 if (!f) 394 return error; 395 dentry = f->f_path.dentry; 396 audit_inode(NULL, dentry); 397 error = mnt_want_write_file(f); 398 if (!error) { 399 error = setxattr(dentry, name, value, size, flags); 400 mnt_drop_write(f->f_path.mnt); 401 } 402 fput(f); 403 return error; 404 } 405 406 /* 407 * Extended attribute GET operations 408 */ 409 static ssize_t 410 getxattr(struct dentry *d, const char __user *name, void __user *value, 411 size_t size) 412 { 413 ssize_t error; 414 void *kvalue = NULL; 415 char kname[XATTR_NAME_MAX + 1]; 416 417 error = strncpy_from_user(kname, name, sizeof(kname)); 418 if (error == 0 || error == sizeof(kname)) 419 error = -ERANGE; 420 if (error < 0) 421 return error; 422 423 if (size) { 424 if (size > XATTR_SIZE_MAX) 425 size = XATTR_SIZE_MAX; 426 kvalue = kzalloc(size, GFP_KERNEL); 427 if (!kvalue) 428 return -ENOMEM; 429 } 430 431 error = vfs_getxattr(d, kname, kvalue, size); 432 if (error > 0) { 433 if (size && copy_to_user(value, kvalue, error)) 434 error = -EFAULT; 435 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 436 /* The file system tried to returned a value bigger 437 than XATTR_SIZE_MAX bytes. Not possible. */ 438 error = -E2BIG; 439 } 440 kfree(kvalue); 441 return error; 442 } 443 444 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 445 const char __user *, name, void __user *, value, size_t, size) 446 { 447 struct path path; 448 ssize_t error; 449 450 error = user_path(pathname, &path); 451 if (error) 452 return error; 453 error = getxattr(path.dentry, name, value, size); 454 path_put(&path); 455 return error; 456 } 457 458 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 459 const char __user *, name, void __user *, value, size_t, size) 460 { 461 struct path path; 462 ssize_t error; 463 464 error = user_lpath(pathname, &path); 465 if (error) 466 return error; 467 error = getxattr(path.dentry, name, value, size); 468 path_put(&path); 469 return error; 470 } 471 472 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 473 void __user *, value, size_t, size) 474 { 475 struct file *f; 476 ssize_t error = -EBADF; 477 478 f = fget(fd); 479 if (!f) 480 return error; 481 audit_inode(NULL, f->f_path.dentry); 482 error = getxattr(f->f_path.dentry, name, value, size); 483 fput(f); 484 return error; 485 } 486 487 /* 488 * Extended attribute LIST operations 489 */ 490 static ssize_t 491 listxattr(struct dentry *d, char __user *list, size_t size) 492 { 493 ssize_t error; 494 char *klist = NULL; 495 496 if (size) { 497 if (size > XATTR_LIST_MAX) 498 size = XATTR_LIST_MAX; 499 klist = kmalloc(size, GFP_KERNEL); 500 if (!klist) 501 return -ENOMEM; 502 } 503 504 error = vfs_listxattr(d, klist, size); 505 if (error > 0) { 506 if (size && copy_to_user(list, klist, error)) 507 error = -EFAULT; 508 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 509 /* The file system tried to returned a list bigger 510 than XATTR_LIST_MAX bytes. Not possible. */ 511 error = -E2BIG; 512 } 513 kfree(klist); 514 return error; 515 } 516 517 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 518 size_t, size) 519 { 520 struct path path; 521 ssize_t error; 522 523 error = user_path(pathname, &path); 524 if (error) 525 return error; 526 error = listxattr(path.dentry, list, size); 527 path_put(&path); 528 return error; 529 } 530 531 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 532 size_t, size) 533 { 534 struct path path; 535 ssize_t error; 536 537 error = user_lpath(pathname, &path); 538 if (error) 539 return error; 540 error = listxattr(path.dentry, list, size); 541 path_put(&path); 542 return error; 543 } 544 545 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 546 { 547 struct file *f; 548 ssize_t error = -EBADF; 549 550 f = fget(fd); 551 if (!f) 552 return error; 553 audit_inode(NULL, f->f_path.dentry); 554 error = listxattr(f->f_path.dentry, list, size); 555 fput(f); 556 return error; 557 } 558 559 /* 560 * Extended attribute REMOVE operations 561 */ 562 static long 563 removexattr(struct dentry *d, const char __user *name) 564 { 565 int error; 566 char kname[XATTR_NAME_MAX + 1]; 567 568 error = strncpy_from_user(kname, name, sizeof(kname)); 569 if (error == 0 || error == sizeof(kname)) 570 error = -ERANGE; 571 if (error < 0) 572 return error; 573 574 return vfs_removexattr(d, kname); 575 } 576 577 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 578 const char __user *, name) 579 { 580 struct path path; 581 int error; 582 583 error = user_path(pathname, &path); 584 if (error) 585 return error; 586 error = mnt_want_write(path.mnt); 587 if (!error) { 588 error = removexattr(path.dentry, name); 589 mnt_drop_write(path.mnt); 590 } 591 path_put(&path); 592 return error; 593 } 594 595 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 596 const char __user *, name) 597 { 598 struct path path; 599 int error; 600 601 error = user_lpath(pathname, &path); 602 if (error) 603 return error; 604 error = mnt_want_write(path.mnt); 605 if (!error) { 606 error = removexattr(path.dentry, name); 607 mnt_drop_write(path.mnt); 608 } 609 path_put(&path); 610 return error; 611 } 612 613 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 614 { 615 struct file *f; 616 struct dentry *dentry; 617 int error = -EBADF; 618 619 f = fget(fd); 620 if (!f) 621 return error; 622 dentry = f->f_path.dentry; 623 audit_inode(NULL, dentry); 624 error = mnt_want_write_file(f); 625 if (!error) { 626 error = removexattr(dentry, name); 627 mnt_drop_write(f->f_path.mnt); 628 } 629 fput(f); 630 return error; 631 } 632 633 634 static const char * 635 strcmp_prefix(const char *a, const char *a_prefix) 636 { 637 while (*a_prefix && *a == *a_prefix) { 638 a++; 639 a_prefix++; 640 } 641 return *a_prefix ? NULL : a; 642 } 643 644 /* 645 * In order to implement different sets of xattr operations for each xattr 646 * prefix with the generic xattr API, a filesystem should create a 647 * null-terminated array of struct xattr_handler (one for each prefix) and 648 * hang a pointer to it off of the s_xattr field of the superblock. 649 * 650 * The generic_fooxattr() functions will use this list to dispatch xattr 651 * operations to the correct xattr_handler. 652 */ 653 #define for_each_xattr_handler(handlers, handler) \ 654 for ((handler) = *(handlers)++; \ 655 (handler) != NULL; \ 656 (handler) = *(handlers)++) 657 658 /* 659 * Find the xattr_handler with the matching prefix. 660 */ 661 static const struct xattr_handler * 662 xattr_resolve_name(const struct xattr_handler **handlers, const char **name) 663 { 664 const struct xattr_handler *handler; 665 666 if (!*name) 667 return NULL; 668 669 for_each_xattr_handler(handlers, handler) { 670 const char *n = strcmp_prefix(*name, handler->prefix); 671 if (n) { 672 *name = n; 673 break; 674 } 675 } 676 return handler; 677 } 678 679 /* 680 * Find the handler for the prefix and dispatch its get() operation. 681 */ 682 ssize_t 683 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 684 { 685 const struct xattr_handler *handler; 686 687 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 688 if (!handler) 689 return -EOPNOTSUPP; 690 return handler->get(dentry, name, buffer, size, handler->flags); 691 } 692 693 /* 694 * Combine the results of the list() operation from every xattr_handler in the 695 * list. 696 */ 697 ssize_t 698 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 699 { 700 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 701 unsigned int size = 0; 702 703 if (!buffer) { 704 for_each_xattr_handler(handlers, handler) { 705 size += handler->list(dentry, NULL, 0, NULL, 0, 706 handler->flags); 707 } 708 } else { 709 char *buf = buffer; 710 711 for_each_xattr_handler(handlers, handler) { 712 size = handler->list(dentry, buf, buffer_size, 713 NULL, 0, handler->flags); 714 if (size > buffer_size) 715 return -ERANGE; 716 buf += size; 717 buffer_size -= size; 718 } 719 size = buf - buffer; 720 } 721 return size; 722 } 723 724 /* 725 * Find the handler for the prefix and dispatch its set() operation. 726 */ 727 int 728 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 729 { 730 const struct xattr_handler *handler; 731 732 if (size == 0) 733 value = ""; /* empty EA, do not remove */ 734 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 735 if (!handler) 736 return -EOPNOTSUPP; 737 return handler->set(dentry, name, value, size, flags, handler->flags); 738 } 739 740 /* 741 * Find the handler for the prefix and dispatch its set() operation to remove 742 * any associated extended attribute. 743 */ 744 int 745 generic_removexattr(struct dentry *dentry, const char *name) 746 { 747 const struct xattr_handler *handler; 748 749 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 750 if (!handler) 751 return -EOPNOTSUPP; 752 return handler->set(dentry, name, NULL, 0, 753 XATTR_REPLACE, handler->flags); 754 } 755 756 EXPORT_SYMBOL(generic_getxattr); 757 EXPORT_SYMBOL(generic_listxattr); 758 EXPORT_SYMBOL(generic_setxattr); 759 EXPORT_SYMBOL(generic_removexattr); 760