1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/namei.h> 15 #include <linux/security.h> 16 #include <linux/syscalls.h> 17 #include <linux/module.h> 18 #include <linux/fsnotify.h> 19 #include <linux/audit.h> 20 #include <asm/uaccess.h> 21 22 23 /* 24 * Check permissions for extended attribute access. This is a bit complicated 25 * because different namespaces have very different rules. 26 */ 27 static int 28 xattr_permission(struct inode *inode, const char *name, int mask) 29 { 30 /* 31 * We can never set or remove an extended attribute on a read-only 32 * filesystem or on an immutable / append-only inode. 33 */ 34 if (mask & MAY_WRITE) { 35 if (IS_RDONLY(inode)) 36 return -EROFS; 37 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 38 return -EPERM; 39 } 40 41 /* 42 * No restriction for security.* and system.* from the VFS. Decision 43 * on these is left to the underlying filesystem / security module. 44 */ 45 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 46 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 47 return 0; 48 49 /* 50 * The trusted.* namespace can only be accessed by a privileged user. 51 */ 52 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) 53 return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); 54 55 /* In user.* namespace, only regular files and directories can have 56 * extended attributes. For sticky directories, only the owner and 57 * privileged user can write attributes. 58 */ 59 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 60 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 61 return -EPERM; 62 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 63 (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) && 64 !capable(CAP_FOWNER)) 65 return -EPERM; 66 } 67 68 return permission(inode, mask, NULL); 69 } 70 71 int 72 vfs_setxattr(struct dentry *dentry, char *name, void *value, 73 size_t size, int flags) 74 { 75 struct inode *inode = dentry->d_inode; 76 int error; 77 78 error = xattr_permission(inode, name, MAY_WRITE); 79 if (error) 80 return error; 81 82 mutex_lock(&inode->i_mutex); 83 error = security_inode_setxattr(dentry, name, value, size, flags); 84 if (error) 85 goto out; 86 error = -EOPNOTSUPP; 87 if (inode->i_op->setxattr) { 88 error = inode->i_op->setxattr(dentry, name, value, size, flags); 89 if (!error) { 90 fsnotify_xattr(dentry); 91 security_inode_post_setxattr(dentry, name, value, 92 size, flags); 93 } 94 } else if (!strncmp(name, XATTR_SECURITY_PREFIX, 95 XATTR_SECURITY_PREFIX_LEN)) { 96 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 97 error = security_inode_setsecurity(inode, suffix, value, 98 size, flags); 99 if (!error) 100 fsnotify_xattr(dentry); 101 } 102 out: 103 mutex_unlock(&inode->i_mutex); 104 return error; 105 } 106 EXPORT_SYMBOL_GPL(vfs_setxattr); 107 108 ssize_t 109 vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size) 110 { 111 struct inode *inode = dentry->d_inode; 112 int error; 113 114 error = xattr_permission(inode, name, MAY_READ); 115 if (error) 116 return error; 117 118 error = security_inode_getxattr(dentry, name); 119 if (error) 120 return error; 121 122 if (inode->i_op->getxattr) 123 error = inode->i_op->getxattr(dentry, name, value, size); 124 else 125 error = -EOPNOTSUPP; 126 127 if (!strncmp(name, XATTR_SECURITY_PREFIX, 128 XATTR_SECURITY_PREFIX_LEN)) { 129 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 130 int ret = security_inode_getsecurity(inode, suffix, value, 131 size, error); 132 /* 133 * Only overwrite the return value if a security module 134 * is actually active. 135 */ 136 if (ret != -EOPNOTSUPP) 137 error = ret; 138 } 139 140 return error; 141 } 142 EXPORT_SYMBOL_GPL(vfs_getxattr); 143 144 ssize_t 145 vfs_listxattr(struct dentry *d, char *list, size_t size) 146 { 147 ssize_t error; 148 149 error = security_inode_listxattr(d); 150 if (error) 151 return error; 152 error = -EOPNOTSUPP; 153 if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { 154 error = d->d_inode->i_op->listxattr(d, list, size); 155 } else { 156 error = security_inode_listsecurity(d->d_inode, list, size); 157 if (size && error > size) 158 error = -ERANGE; 159 } 160 return error; 161 } 162 EXPORT_SYMBOL_GPL(vfs_listxattr); 163 164 int 165 vfs_removexattr(struct dentry *dentry, char *name) 166 { 167 struct inode *inode = dentry->d_inode; 168 int error; 169 170 if (!inode->i_op->removexattr) 171 return -EOPNOTSUPP; 172 173 error = xattr_permission(inode, name, MAY_WRITE); 174 if (error) 175 return error; 176 177 error = security_inode_removexattr(dentry, name); 178 if (error) 179 return error; 180 181 mutex_lock(&inode->i_mutex); 182 error = inode->i_op->removexattr(dentry, name); 183 mutex_unlock(&inode->i_mutex); 184 185 if (!error) 186 fsnotify_xattr(dentry); 187 return error; 188 } 189 EXPORT_SYMBOL_GPL(vfs_removexattr); 190 191 192 /* 193 * Extended attribute SET operations 194 */ 195 static long 196 setxattr(struct dentry *d, char __user *name, void __user *value, 197 size_t size, int flags) 198 { 199 int error; 200 void *kvalue = NULL; 201 char kname[XATTR_NAME_MAX + 1]; 202 203 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 204 return -EINVAL; 205 206 error = strncpy_from_user(kname, name, sizeof(kname)); 207 if (error == 0 || error == sizeof(kname)) 208 error = -ERANGE; 209 if (error < 0) 210 return error; 211 212 if (size) { 213 if (size > XATTR_SIZE_MAX) 214 return -E2BIG; 215 kvalue = kmalloc(size, GFP_KERNEL); 216 if (!kvalue) 217 return -ENOMEM; 218 if (copy_from_user(kvalue, value, size)) { 219 kfree(kvalue); 220 return -EFAULT; 221 } 222 } 223 224 error = vfs_setxattr(d, kname, kvalue, size, flags); 225 kfree(kvalue); 226 return error; 227 } 228 229 asmlinkage long 230 sys_setxattr(char __user *path, char __user *name, void __user *value, 231 size_t size, int flags) 232 { 233 struct nameidata nd; 234 int error; 235 236 error = user_path_walk(path, &nd); 237 if (error) 238 return error; 239 error = setxattr(nd.dentry, name, value, size, flags); 240 path_release(&nd); 241 return error; 242 } 243 244 asmlinkage long 245 sys_lsetxattr(char __user *path, char __user *name, void __user *value, 246 size_t size, int flags) 247 { 248 struct nameidata nd; 249 int error; 250 251 error = user_path_walk_link(path, &nd); 252 if (error) 253 return error; 254 error = setxattr(nd.dentry, name, value, size, flags); 255 path_release(&nd); 256 return error; 257 } 258 259 asmlinkage long 260 sys_fsetxattr(int fd, char __user *name, void __user *value, 261 size_t size, int flags) 262 { 263 struct file *f; 264 struct dentry *dentry; 265 int error = -EBADF; 266 267 f = fget(fd); 268 if (!f) 269 return error; 270 dentry = f->f_path.dentry; 271 audit_inode(NULL, dentry->d_inode); 272 error = setxattr(dentry, name, value, size, flags); 273 fput(f); 274 return error; 275 } 276 277 /* 278 * Extended attribute GET operations 279 */ 280 static ssize_t 281 getxattr(struct dentry *d, char __user *name, void __user *value, size_t size) 282 { 283 ssize_t error; 284 void *kvalue = NULL; 285 char kname[XATTR_NAME_MAX + 1]; 286 287 error = strncpy_from_user(kname, name, sizeof(kname)); 288 if (error == 0 || error == sizeof(kname)) 289 error = -ERANGE; 290 if (error < 0) 291 return error; 292 293 if (size) { 294 if (size > XATTR_SIZE_MAX) 295 size = XATTR_SIZE_MAX; 296 kvalue = kzalloc(size, GFP_KERNEL); 297 if (!kvalue) 298 return -ENOMEM; 299 } 300 301 error = vfs_getxattr(d, kname, kvalue, size); 302 if (error > 0) { 303 if (size && copy_to_user(value, kvalue, error)) 304 error = -EFAULT; 305 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 306 /* The file system tried to returned a value bigger 307 than XATTR_SIZE_MAX bytes. Not possible. */ 308 error = -E2BIG; 309 } 310 kfree(kvalue); 311 return error; 312 } 313 314 asmlinkage ssize_t 315 sys_getxattr(char __user *path, char __user *name, void __user *value, 316 size_t size) 317 { 318 struct nameidata nd; 319 ssize_t error; 320 321 error = user_path_walk(path, &nd); 322 if (error) 323 return error; 324 error = getxattr(nd.dentry, name, value, size); 325 path_release(&nd); 326 return error; 327 } 328 329 asmlinkage ssize_t 330 sys_lgetxattr(char __user *path, char __user *name, void __user *value, 331 size_t size) 332 { 333 struct nameidata nd; 334 ssize_t error; 335 336 error = user_path_walk_link(path, &nd); 337 if (error) 338 return error; 339 error = getxattr(nd.dentry, name, value, size); 340 path_release(&nd); 341 return error; 342 } 343 344 asmlinkage ssize_t 345 sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) 346 { 347 struct file *f; 348 ssize_t error = -EBADF; 349 350 f = fget(fd); 351 if (!f) 352 return error; 353 error = getxattr(f->f_path.dentry, name, value, size); 354 fput(f); 355 return error; 356 } 357 358 /* 359 * Extended attribute LIST operations 360 */ 361 static ssize_t 362 listxattr(struct dentry *d, char __user *list, size_t size) 363 { 364 ssize_t error; 365 char *klist = NULL; 366 367 if (size) { 368 if (size > XATTR_LIST_MAX) 369 size = XATTR_LIST_MAX; 370 klist = kmalloc(size, GFP_KERNEL); 371 if (!klist) 372 return -ENOMEM; 373 } 374 375 error = vfs_listxattr(d, klist, size); 376 if (error > 0) { 377 if (size && copy_to_user(list, klist, error)) 378 error = -EFAULT; 379 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 380 /* The file system tried to returned a list bigger 381 than XATTR_LIST_MAX bytes. Not possible. */ 382 error = -E2BIG; 383 } 384 kfree(klist); 385 return error; 386 } 387 388 asmlinkage ssize_t 389 sys_listxattr(char __user *path, char __user *list, size_t size) 390 { 391 struct nameidata nd; 392 ssize_t error; 393 394 error = user_path_walk(path, &nd); 395 if (error) 396 return error; 397 error = listxattr(nd.dentry, list, size); 398 path_release(&nd); 399 return error; 400 } 401 402 asmlinkage ssize_t 403 sys_llistxattr(char __user *path, char __user *list, size_t size) 404 { 405 struct nameidata nd; 406 ssize_t error; 407 408 error = user_path_walk_link(path, &nd); 409 if (error) 410 return error; 411 error = listxattr(nd.dentry, list, size); 412 path_release(&nd); 413 return error; 414 } 415 416 asmlinkage ssize_t 417 sys_flistxattr(int fd, char __user *list, size_t size) 418 { 419 struct file *f; 420 ssize_t error = -EBADF; 421 422 f = fget(fd); 423 if (!f) 424 return error; 425 error = listxattr(f->f_path.dentry, list, size); 426 fput(f); 427 return error; 428 } 429 430 /* 431 * Extended attribute REMOVE operations 432 */ 433 static long 434 removexattr(struct dentry *d, char __user *name) 435 { 436 int error; 437 char kname[XATTR_NAME_MAX + 1]; 438 439 error = strncpy_from_user(kname, name, sizeof(kname)); 440 if (error == 0 || error == sizeof(kname)) 441 error = -ERANGE; 442 if (error < 0) 443 return error; 444 445 return vfs_removexattr(d, kname); 446 } 447 448 asmlinkage long 449 sys_removexattr(char __user *path, char __user *name) 450 { 451 struct nameidata nd; 452 int error; 453 454 error = user_path_walk(path, &nd); 455 if (error) 456 return error; 457 error = removexattr(nd.dentry, name); 458 path_release(&nd); 459 return error; 460 } 461 462 asmlinkage long 463 sys_lremovexattr(char __user *path, char __user *name) 464 { 465 struct nameidata nd; 466 int error; 467 468 error = user_path_walk_link(path, &nd); 469 if (error) 470 return error; 471 error = removexattr(nd.dentry, name); 472 path_release(&nd); 473 return error; 474 } 475 476 asmlinkage long 477 sys_fremovexattr(int fd, char __user *name) 478 { 479 struct file *f; 480 struct dentry *dentry; 481 int error = -EBADF; 482 483 f = fget(fd); 484 if (!f) 485 return error; 486 dentry = f->f_path.dentry; 487 audit_inode(NULL, dentry->d_inode); 488 error = removexattr(dentry, name); 489 fput(f); 490 return error; 491 } 492 493 494 static const char * 495 strcmp_prefix(const char *a, const char *a_prefix) 496 { 497 while (*a_prefix && *a == *a_prefix) { 498 a++; 499 a_prefix++; 500 } 501 return *a_prefix ? NULL : a; 502 } 503 504 /* 505 * In order to implement different sets of xattr operations for each xattr 506 * prefix with the generic xattr API, a filesystem should create a 507 * null-terminated array of struct xattr_handler (one for each prefix) and 508 * hang a pointer to it off of the s_xattr field of the superblock. 509 * 510 * The generic_fooxattr() functions will use this list to dispatch xattr 511 * operations to the correct xattr_handler. 512 */ 513 #define for_each_xattr_handler(handlers, handler) \ 514 for ((handler) = *(handlers)++; \ 515 (handler) != NULL; \ 516 (handler) = *(handlers)++) 517 518 /* 519 * Find the xattr_handler with the matching prefix. 520 */ 521 static struct xattr_handler * 522 xattr_resolve_name(struct xattr_handler **handlers, const char **name) 523 { 524 struct xattr_handler *handler; 525 526 if (!*name) 527 return NULL; 528 529 for_each_xattr_handler(handlers, handler) { 530 const char *n = strcmp_prefix(*name, handler->prefix); 531 if (n) { 532 *name = n; 533 break; 534 } 535 } 536 return handler; 537 } 538 539 /* 540 * Find the handler for the prefix and dispatch its get() operation. 541 */ 542 ssize_t 543 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 544 { 545 struct xattr_handler *handler; 546 struct inode *inode = dentry->d_inode; 547 548 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 549 if (!handler) 550 return -EOPNOTSUPP; 551 return handler->get(inode, name, buffer, size); 552 } 553 554 /* 555 * Combine the results of the list() operation from every xattr_handler in the 556 * list. 557 */ 558 ssize_t 559 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 560 { 561 struct inode *inode = dentry->d_inode; 562 struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr; 563 unsigned int size = 0; 564 565 if (!buffer) { 566 for_each_xattr_handler(handlers, handler) 567 size += handler->list(inode, NULL, 0, NULL, 0); 568 } else { 569 char *buf = buffer; 570 571 for_each_xattr_handler(handlers, handler) { 572 size = handler->list(inode, buf, buffer_size, NULL, 0); 573 if (size > buffer_size) 574 return -ERANGE; 575 buf += size; 576 buffer_size -= size; 577 } 578 size = buf - buffer; 579 } 580 return size; 581 } 582 583 /* 584 * Find the handler for the prefix and dispatch its set() operation. 585 */ 586 int 587 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 588 { 589 struct xattr_handler *handler; 590 struct inode *inode = dentry->d_inode; 591 592 if (size == 0) 593 value = ""; /* empty EA, do not remove */ 594 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 595 if (!handler) 596 return -EOPNOTSUPP; 597 return handler->set(inode, name, value, size, flags); 598 } 599 600 /* 601 * Find the handler for the prefix and dispatch its set() operation to remove 602 * any associated extended attribute. 603 */ 604 int 605 generic_removexattr(struct dentry *dentry, const char *name) 606 { 607 struct xattr_handler *handler; 608 struct inode *inode = dentry->d_inode; 609 610 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 611 if (!handler) 612 return -EOPNOTSUPP; 613 return handler->set(inode, name, NULL, 0, XATTR_REPLACE); 614 } 615 616 EXPORT_SYMBOL(generic_getxattr); 617 EXPORT_SYMBOL(generic_listxattr); 618 EXPORT_SYMBOL(generic_setxattr); 619 EXPORT_SYMBOL(generic_removexattr); 620