1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/namei.h> 15 #include <linux/security.h> 16 #include <linux/syscalls.h> 17 #include <linux/module.h> 18 #include <linux/fsnotify.h> 19 #include <linux/audit.h> 20 #include <asm/uaccess.h> 21 22 23 /* 24 * Check permissions for extended attribute access. This is a bit complicated 25 * because different namespaces have very different rules. 26 */ 27 static int 28 xattr_permission(struct inode *inode, const char *name, int mask) 29 { 30 /* 31 * We can never set or remove an extended attribute on a read-only 32 * filesystem or on an immutable / append-only inode. 33 */ 34 if (mask & MAY_WRITE) { 35 if (IS_RDONLY(inode)) 36 return -EROFS; 37 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 38 return -EPERM; 39 } 40 41 /* 42 * No restriction for security.* and system.* from the VFS. Decision 43 * on these is left to the underlying filesystem / security module. 44 */ 45 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 46 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 47 return 0; 48 49 /* 50 * The trusted.* namespace can only be accessed by a privileged user. 51 */ 52 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) 53 return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); 54 55 /* In user.* namespace, only regular files and directories can have 56 * extended attributes. For sticky directories, only the owner and 57 * privileged user can write attributes. 58 */ 59 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 60 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 61 return -EPERM; 62 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 63 (mask & MAY_WRITE) && !is_owner_or_cap(inode)) 64 return -EPERM; 65 } 66 67 return permission(inode, mask, NULL); 68 } 69 70 int 71 vfs_setxattr(struct dentry *dentry, char *name, void *value, 72 size_t size, int flags) 73 { 74 struct inode *inode = dentry->d_inode; 75 int error; 76 77 error = xattr_permission(inode, name, MAY_WRITE); 78 if (error) 79 return error; 80 81 mutex_lock(&inode->i_mutex); 82 error = security_inode_setxattr(dentry, name, value, size, flags); 83 if (error) 84 goto out; 85 error = -EOPNOTSUPP; 86 if (inode->i_op->setxattr) { 87 error = inode->i_op->setxattr(dentry, name, value, size, flags); 88 if (!error) { 89 fsnotify_xattr(dentry); 90 security_inode_post_setxattr(dentry, name, value, 91 size, flags); 92 } 93 } else if (!strncmp(name, XATTR_SECURITY_PREFIX, 94 XATTR_SECURITY_PREFIX_LEN)) { 95 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 96 error = security_inode_setsecurity(inode, suffix, value, 97 size, flags); 98 if (!error) 99 fsnotify_xattr(dentry); 100 } 101 out: 102 mutex_unlock(&inode->i_mutex); 103 return error; 104 } 105 EXPORT_SYMBOL_GPL(vfs_setxattr); 106 107 ssize_t 108 vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size) 109 { 110 struct inode *inode = dentry->d_inode; 111 int error; 112 113 error = xattr_permission(inode, name, MAY_READ); 114 if (error) 115 return error; 116 117 error = security_inode_getxattr(dentry, name); 118 if (error) 119 return error; 120 121 if (inode->i_op->getxattr) 122 error = inode->i_op->getxattr(dentry, name, value, size); 123 else 124 error = -EOPNOTSUPP; 125 126 if (!strncmp(name, XATTR_SECURITY_PREFIX, 127 XATTR_SECURITY_PREFIX_LEN)) { 128 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 129 int ret = security_inode_getsecurity(inode, suffix, value, 130 size, error); 131 /* 132 * Only overwrite the return value if a security module 133 * is actually active. 134 */ 135 if (ret != -EOPNOTSUPP) 136 error = ret; 137 } 138 139 return error; 140 } 141 EXPORT_SYMBOL_GPL(vfs_getxattr); 142 143 ssize_t 144 vfs_listxattr(struct dentry *d, char *list, size_t size) 145 { 146 ssize_t error; 147 148 error = security_inode_listxattr(d); 149 if (error) 150 return error; 151 error = -EOPNOTSUPP; 152 if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { 153 error = d->d_inode->i_op->listxattr(d, list, size); 154 } else { 155 error = security_inode_listsecurity(d->d_inode, list, size); 156 if (size && error > size) 157 error = -ERANGE; 158 } 159 return error; 160 } 161 EXPORT_SYMBOL_GPL(vfs_listxattr); 162 163 int 164 vfs_removexattr(struct dentry *dentry, char *name) 165 { 166 struct inode *inode = dentry->d_inode; 167 int error; 168 169 if (!inode->i_op->removexattr) 170 return -EOPNOTSUPP; 171 172 error = xattr_permission(inode, name, MAY_WRITE); 173 if (error) 174 return error; 175 176 error = security_inode_removexattr(dentry, name); 177 if (error) 178 return error; 179 180 mutex_lock(&inode->i_mutex); 181 error = inode->i_op->removexattr(dentry, name); 182 mutex_unlock(&inode->i_mutex); 183 184 if (!error) 185 fsnotify_xattr(dentry); 186 return error; 187 } 188 EXPORT_SYMBOL_GPL(vfs_removexattr); 189 190 191 /* 192 * Extended attribute SET operations 193 */ 194 static long 195 setxattr(struct dentry *d, char __user *name, void __user *value, 196 size_t size, int flags) 197 { 198 int error; 199 void *kvalue = NULL; 200 char kname[XATTR_NAME_MAX + 1]; 201 202 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 203 return -EINVAL; 204 205 error = strncpy_from_user(kname, name, sizeof(kname)); 206 if (error == 0 || error == sizeof(kname)) 207 error = -ERANGE; 208 if (error < 0) 209 return error; 210 211 if (size) { 212 if (size > XATTR_SIZE_MAX) 213 return -E2BIG; 214 kvalue = kmalloc(size, GFP_KERNEL); 215 if (!kvalue) 216 return -ENOMEM; 217 if (copy_from_user(kvalue, value, size)) { 218 kfree(kvalue); 219 return -EFAULT; 220 } 221 } 222 223 error = vfs_setxattr(d, kname, kvalue, size, flags); 224 kfree(kvalue); 225 return error; 226 } 227 228 asmlinkage long 229 sys_setxattr(char __user *path, char __user *name, void __user *value, 230 size_t size, int flags) 231 { 232 struct nameidata nd; 233 int error; 234 235 error = user_path_walk(path, &nd); 236 if (error) 237 return error; 238 error = setxattr(nd.dentry, name, value, size, flags); 239 path_release(&nd); 240 return error; 241 } 242 243 asmlinkage long 244 sys_lsetxattr(char __user *path, char __user *name, void __user *value, 245 size_t size, int flags) 246 { 247 struct nameidata nd; 248 int error; 249 250 error = user_path_walk_link(path, &nd); 251 if (error) 252 return error; 253 error = setxattr(nd.dentry, name, value, size, flags); 254 path_release(&nd); 255 return error; 256 } 257 258 asmlinkage long 259 sys_fsetxattr(int fd, char __user *name, void __user *value, 260 size_t size, int flags) 261 { 262 struct file *f; 263 struct dentry *dentry; 264 int error = -EBADF; 265 266 f = fget(fd); 267 if (!f) 268 return error; 269 dentry = f->f_path.dentry; 270 audit_inode(NULL, dentry->d_inode); 271 error = setxattr(dentry, name, value, size, flags); 272 fput(f); 273 return error; 274 } 275 276 /* 277 * Extended attribute GET operations 278 */ 279 static ssize_t 280 getxattr(struct dentry *d, char __user *name, void __user *value, size_t size) 281 { 282 ssize_t error; 283 void *kvalue = NULL; 284 char kname[XATTR_NAME_MAX + 1]; 285 286 error = strncpy_from_user(kname, name, sizeof(kname)); 287 if (error == 0 || error == sizeof(kname)) 288 error = -ERANGE; 289 if (error < 0) 290 return error; 291 292 if (size) { 293 if (size > XATTR_SIZE_MAX) 294 size = XATTR_SIZE_MAX; 295 kvalue = kzalloc(size, GFP_KERNEL); 296 if (!kvalue) 297 return -ENOMEM; 298 } 299 300 error = vfs_getxattr(d, kname, kvalue, size); 301 if (error > 0) { 302 if (size && copy_to_user(value, kvalue, error)) 303 error = -EFAULT; 304 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 305 /* The file system tried to returned a value bigger 306 than XATTR_SIZE_MAX bytes. Not possible. */ 307 error = -E2BIG; 308 } 309 kfree(kvalue); 310 return error; 311 } 312 313 asmlinkage ssize_t 314 sys_getxattr(char __user *path, char __user *name, void __user *value, 315 size_t size) 316 { 317 struct nameidata nd; 318 ssize_t error; 319 320 error = user_path_walk(path, &nd); 321 if (error) 322 return error; 323 error = getxattr(nd.dentry, name, value, size); 324 path_release(&nd); 325 return error; 326 } 327 328 asmlinkage ssize_t 329 sys_lgetxattr(char __user *path, char __user *name, void __user *value, 330 size_t size) 331 { 332 struct nameidata nd; 333 ssize_t error; 334 335 error = user_path_walk_link(path, &nd); 336 if (error) 337 return error; 338 error = getxattr(nd.dentry, name, value, size); 339 path_release(&nd); 340 return error; 341 } 342 343 asmlinkage ssize_t 344 sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) 345 { 346 struct file *f; 347 ssize_t error = -EBADF; 348 349 f = fget(fd); 350 if (!f) 351 return error; 352 audit_inode(NULL, f->f_path.dentry->d_inode); 353 error = getxattr(f->f_path.dentry, name, value, size); 354 fput(f); 355 return error; 356 } 357 358 /* 359 * Extended attribute LIST operations 360 */ 361 static ssize_t 362 listxattr(struct dentry *d, char __user *list, size_t size) 363 { 364 ssize_t error; 365 char *klist = NULL; 366 367 if (size) { 368 if (size > XATTR_LIST_MAX) 369 size = XATTR_LIST_MAX; 370 klist = kmalloc(size, GFP_KERNEL); 371 if (!klist) 372 return -ENOMEM; 373 } 374 375 error = vfs_listxattr(d, klist, size); 376 if (error > 0) { 377 if (size && copy_to_user(list, klist, error)) 378 error = -EFAULT; 379 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 380 /* The file system tried to returned a list bigger 381 than XATTR_LIST_MAX bytes. Not possible. */ 382 error = -E2BIG; 383 } 384 kfree(klist); 385 return error; 386 } 387 388 asmlinkage ssize_t 389 sys_listxattr(char __user *path, char __user *list, size_t size) 390 { 391 struct nameidata nd; 392 ssize_t error; 393 394 error = user_path_walk(path, &nd); 395 if (error) 396 return error; 397 error = listxattr(nd.dentry, list, size); 398 path_release(&nd); 399 return error; 400 } 401 402 asmlinkage ssize_t 403 sys_llistxattr(char __user *path, char __user *list, size_t size) 404 { 405 struct nameidata nd; 406 ssize_t error; 407 408 error = user_path_walk_link(path, &nd); 409 if (error) 410 return error; 411 error = listxattr(nd.dentry, list, size); 412 path_release(&nd); 413 return error; 414 } 415 416 asmlinkage ssize_t 417 sys_flistxattr(int fd, char __user *list, size_t size) 418 { 419 struct file *f; 420 ssize_t error = -EBADF; 421 422 f = fget(fd); 423 if (!f) 424 return error; 425 audit_inode(NULL, f->f_path.dentry->d_inode); 426 error = listxattr(f->f_path.dentry, list, size); 427 fput(f); 428 return error; 429 } 430 431 /* 432 * Extended attribute REMOVE operations 433 */ 434 static long 435 removexattr(struct dentry *d, char __user *name) 436 { 437 int error; 438 char kname[XATTR_NAME_MAX + 1]; 439 440 error = strncpy_from_user(kname, name, sizeof(kname)); 441 if (error == 0 || error == sizeof(kname)) 442 error = -ERANGE; 443 if (error < 0) 444 return error; 445 446 return vfs_removexattr(d, kname); 447 } 448 449 asmlinkage long 450 sys_removexattr(char __user *path, char __user *name) 451 { 452 struct nameidata nd; 453 int error; 454 455 error = user_path_walk(path, &nd); 456 if (error) 457 return error; 458 error = removexattr(nd.dentry, name); 459 path_release(&nd); 460 return error; 461 } 462 463 asmlinkage long 464 sys_lremovexattr(char __user *path, char __user *name) 465 { 466 struct nameidata nd; 467 int error; 468 469 error = user_path_walk_link(path, &nd); 470 if (error) 471 return error; 472 error = removexattr(nd.dentry, name); 473 path_release(&nd); 474 return error; 475 } 476 477 asmlinkage long 478 sys_fremovexattr(int fd, char __user *name) 479 { 480 struct file *f; 481 struct dentry *dentry; 482 int error = -EBADF; 483 484 f = fget(fd); 485 if (!f) 486 return error; 487 dentry = f->f_path.dentry; 488 audit_inode(NULL, dentry->d_inode); 489 error = removexattr(dentry, name); 490 fput(f); 491 return error; 492 } 493 494 495 static const char * 496 strcmp_prefix(const char *a, const char *a_prefix) 497 { 498 while (*a_prefix && *a == *a_prefix) { 499 a++; 500 a_prefix++; 501 } 502 return *a_prefix ? NULL : a; 503 } 504 505 /* 506 * In order to implement different sets of xattr operations for each xattr 507 * prefix with the generic xattr API, a filesystem should create a 508 * null-terminated array of struct xattr_handler (one for each prefix) and 509 * hang a pointer to it off of the s_xattr field of the superblock. 510 * 511 * The generic_fooxattr() functions will use this list to dispatch xattr 512 * operations to the correct xattr_handler. 513 */ 514 #define for_each_xattr_handler(handlers, handler) \ 515 for ((handler) = *(handlers)++; \ 516 (handler) != NULL; \ 517 (handler) = *(handlers)++) 518 519 /* 520 * Find the xattr_handler with the matching prefix. 521 */ 522 static struct xattr_handler * 523 xattr_resolve_name(struct xattr_handler **handlers, const char **name) 524 { 525 struct xattr_handler *handler; 526 527 if (!*name) 528 return NULL; 529 530 for_each_xattr_handler(handlers, handler) { 531 const char *n = strcmp_prefix(*name, handler->prefix); 532 if (n) { 533 *name = n; 534 break; 535 } 536 } 537 return handler; 538 } 539 540 /* 541 * Find the handler for the prefix and dispatch its get() operation. 542 */ 543 ssize_t 544 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 545 { 546 struct xattr_handler *handler; 547 struct inode *inode = dentry->d_inode; 548 549 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 550 if (!handler) 551 return -EOPNOTSUPP; 552 return handler->get(inode, name, buffer, size); 553 } 554 555 /* 556 * Combine the results of the list() operation from every xattr_handler in the 557 * list. 558 */ 559 ssize_t 560 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 561 { 562 struct inode *inode = dentry->d_inode; 563 struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr; 564 unsigned int size = 0; 565 566 if (!buffer) { 567 for_each_xattr_handler(handlers, handler) 568 size += handler->list(inode, NULL, 0, NULL, 0); 569 } else { 570 char *buf = buffer; 571 572 for_each_xattr_handler(handlers, handler) { 573 size = handler->list(inode, buf, buffer_size, NULL, 0); 574 if (size > buffer_size) 575 return -ERANGE; 576 buf += size; 577 buffer_size -= size; 578 } 579 size = buf - buffer; 580 } 581 return size; 582 } 583 584 /* 585 * Find the handler for the prefix and dispatch its set() operation. 586 */ 587 int 588 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 589 { 590 struct xattr_handler *handler; 591 struct inode *inode = dentry->d_inode; 592 593 if (size == 0) 594 value = ""; /* empty EA, do not remove */ 595 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 596 if (!handler) 597 return -EOPNOTSUPP; 598 return handler->set(inode, name, value, size, flags); 599 } 600 601 /* 602 * Find the handler for the prefix and dispatch its set() operation to remove 603 * any associated extended attribute. 604 */ 605 int 606 generic_removexattr(struct dentry *dentry, const char *name) 607 { 608 struct xattr_handler *handler; 609 struct inode *inode = dentry->d_inode; 610 611 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 612 if (!handler) 613 return -EOPNOTSUPP; 614 return handler->set(inode, name, NULL, 0, XATTR_REPLACE); 615 } 616 617 EXPORT_SYMBOL(generic_getxattr); 618 EXPORT_SYMBOL(generic_listxattr); 619 EXPORT_SYMBOL(generic_setxattr); 620 EXPORT_SYMBOL(generic_removexattr); 621