1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/smp_lock.h> 13 #include <linux/file.h> 14 #include <linux/xattr.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/syscalls.h> 18 #include <linux/module.h> 19 #include <linux/fsnotify.h> 20 #include <linux/audit.h> 21 #include <asm/uaccess.h> 22 23 24 /* 25 * Check permissions for extended attribute access. This is a bit complicated 26 * because different namespaces have very different rules. 27 */ 28 static int 29 xattr_permission(struct inode *inode, const char *name, int mask) 30 { 31 /* 32 * We can never set or remove an extended attribute on a read-only 33 * filesystem or on an immutable / append-only inode. 34 */ 35 if (mask & MAY_WRITE) { 36 if (IS_RDONLY(inode)) 37 return -EROFS; 38 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 39 return -EPERM; 40 } 41 42 /* 43 * No restriction for security.* and system.* from the VFS. Decision 44 * on these is left to the underlying filesystem / security module. 45 */ 46 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 47 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 48 return 0; 49 50 /* 51 * The trusted.* namespace can only be accessed by a privileged user. 52 */ 53 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) 54 return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); 55 56 /* In user.* namespace, only regular files and directories can have 57 * extended attributes. For sticky directories, only the owner and 58 * privileged user can write attributes. 59 */ 60 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 61 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 62 return -EPERM; 63 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 64 (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) && 65 !capable(CAP_FOWNER)) 66 return -EPERM; 67 } 68 69 return permission(inode, mask, NULL); 70 } 71 72 int 73 vfs_setxattr(struct dentry *dentry, char *name, void *value, 74 size_t size, int flags) 75 { 76 struct inode *inode = dentry->d_inode; 77 int error; 78 79 error = xattr_permission(inode, name, MAY_WRITE); 80 if (error) 81 return error; 82 83 mutex_lock(&inode->i_mutex); 84 error = security_inode_setxattr(dentry, name, value, size, flags); 85 if (error) 86 goto out; 87 error = -EOPNOTSUPP; 88 if (inode->i_op->setxattr) { 89 error = inode->i_op->setxattr(dentry, name, value, size, flags); 90 if (!error) { 91 fsnotify_xattr(dentry); 92 security_inode_post_setxattr(dentry, name, value, 93 size, flags); 94 } 95 } else if (!strncmp(name, XATTR_SECURITY_PREFIX, 96 XATTR_SECURITY_PREFIX_LEN)) { 97 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 98 error = security_inode_setsecurity(inode, suffix, value, 99 size, flags); 100 if (!error) 101 fsnotify_xattr(dentry); 102 } 103 out: 104 mutex_unlock(&inode->i_mutex); 105 return error; 106 } 107 EXPORT_SYMBOL_GPL(vfs_setxattr); 108 109 ssize_t 110 vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size) 111 { 112 struct inode *inode = dentry->d_inode; 113 int error; 114 115 error = xattr_permission(inode, name, MAY_READ); 116 if (error) 117 return error; 118 119 error = security_inode_getxattr(dentry, name); 120 if (error) 121 return error; 122 123 if (inode->i_op->getxattr) 124 error = inode->i_op->getxattr(dentry, name, value, size); 125 else 126 error = -EOPNOTSUPP; 127 128 if (!strncmp(name, XATTR_SECURITY_PREFIX, 129 XATTR_SECURITY_PREFIX_LEN)) { 130 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 131 int ret = security_inode_getsecurity(inode, suffix, value, 132 size, error); 133 /* 134 * Only overwrite the return value if a security module 135 * is actually active. 136 */ 137 if (ret != -EOPNOTSUPP) 138 error = ret; 139 } 140 141 return error; 142 } 143 EXPORT_SYMBOL_GPL(vfs_getxattr); 144 145 ssize_t 146 vfs_listxattr(struct dentry *d, char *list, size_t size) 147 { 148 ssize_t error; 149 150 error = security_inode_listxattr(d); 151 if (error) 152 return error; 153 error = -EOPNOTSUPP; 154 if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { 155 error = d->d_inode->i_op->listxattr(d, list, size); 156 } else { 157 error = security_inode_listsecurity(d->d_inode, list, size); 158 if (size && error > size) 159 error = -ERANGE; 160 } 161 return error; 162 } 163 EXPORT_SYMBOL_GPL(vfs_listxattr); 164 165 int 166 vfs_removexattr(struct dentry *dentry, char *name) 167 { 168 struct inode *inode = dentry->d_inode; 169 int error; 170 171 if (!inode->i_op->removexattr) 172 return -EOPNOTSUPP; 173 174 error = xattr_permission(inode, name, MAY_WRITE); 175 if (error) 176 return error; 177 178 error = security_inode_removexattr(dentry, name); 179 if (error) 180 return error; 181 182 mutex_lock(&inode->i_mutex); 183 error = inode->i_op->removexattr(dentry, name); 184 mutex_unlock(&inode->i_mutex); 185 186 if (!error) 187 fsnotify_xattr(dentry); 188 return error; 189 } 190 EXPORT_SYMBOL_GPL(vfs_removexattr); 191 192 193 /* 194 * Extended attribute SET operations 195 */ 196 static long 197 setxattr(struct dentry *d, char __user *name, void __user *value, 198 size_t size, int flags) 199 { 200 int error; 201 void *kvalue = NULL; 202 char kname[XATTR_NAME_MAX + 1]; 203 204 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 205 return -EINVAL; 206 207 error = strncpy_from_user(kname, name, sizeof(kname)); 208 if (error == 0 || error == sizeof(kname)) 209 error = -ERANGE; 210 if (error < 0) 211 return error; 212 213 if (size) { 214 if (size > XATTR_SIZE_MAX) 215 return -E2BIG; 216 kvalue = kmalloc(size, GFP_KERNEL); 217 if (!kvalue) 218 return -ENOMEM; 219 if (copy_from_user(kvalue, value, size)) { 220 kfree(kvalue); 221 return -EFAULT; 222 } 223 } 224 225 error = vfs_setxattr(d, kname, kvalue, size, flags); 226 kfree(kvalue); 227 return error; 228 } 229 230 asmlinkage long 231 sys_setxattr(char __user *path, char __user *name, void __user *value, 232 size_t size, int flags) 233 { 234 struct nameidata nd; 235 int error; 236 237 error = user_path_walk(path, &nd); 238 if (error) 239 return error; 240 error = setxattr(nd.dentry, name, value, size, flags); 241 path_release(&nd); 242 return error; 243 } 244 245 asmlinkage long 246 sys_lsetxattr(char __user *path, char __user *name, void __user *value, 247 size_t size, int flags) 248 { 249 struct nameidata nd; 250 int error; 251 252 error = user_path_walk_link(path, &nd); 253 if (error) 254 return error; 255 error = setxattr(nd.dentry, name, value, size, flags); 256 path_release(&nd); 257 return error; 258 } 259 260 asmlinkage long 261 sys_fsetxattr(int fd, char __user *name, void __user *value, 262 size_t size, int flags) 263 { 264 struct file *f; 265 struct dentry *dentry; 266 int error = -EBADF; 267 268 f = fget(fd); 269 if (!f) 270 return error; 271 dentry = f->f_dentry; 272 audit_inode(NULL, dentry->d_inode); 273 error = setxattr(dentry, name, value, size, flags); 274 fput(f); 275 return error; 276 } 277 278 /* 279 * Extended attribute GET operations 280 */ 281 static ssize_t 282 getxattr(struct dentry *d, char __user *name, void __user *value, size_t size) 283 { 284 ssize_t error; 285 void *kvalue = NULL; 286 char kname[XATTR_NAME_MAX + 1]; 287 288 error = strncpy_from_user(kname, name, sizeof(kname)); 289 if (error == 0 || error == sizeof(kname)) 290 error = -ERANGE; 291 if (error < 0) 292 return error; 293 294 if (size) { 295 if (size > XATTR_SIZE_MAX) 296 size = XATTR_SIZE_MAX; 297 kvalue = kzalloc(size, GFP_KERNEL); 298 if (!kvalue) 299 return -ENOMEM; 300 } 301 302 error = vfs_getxattr(d, kname, kvalue, size); 303 if (error > 0) { 304 if (size && copy_to_user(value, kvalue, error)) 305 error = -EFAULT; 306 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 307 /* The file system tried to returned a value bigger 308 than XATTR_SIZE_MAX bytes. Not possible. */ 309 error = -E2BIG; 310 } 311 kfree(kvalue); 312 return error; 313 } 314 315 asmlinkage ssize_t 316 sys_getxattr(char __user *path, char __user *name, void __user *value, 317 size_t size) 318 { 319 struct nameidata nd; 320 ssize_t error; 321 322 error = user_path_walk(path, &nd); 323 if (error) 324 return error; 325 error = getxattr(nd.dentry, name, value, size); 326 path_release(&nd); 327 return error; 328 } 329 330 asmlinkage ssize_t 331 sys_lgetxattr(char __user *path, char __user *name, void __user *value, 332 size_t size) 333 { 334 struct nameidata nd; 335 ssize_t error; 336 337 error = user_path_walk_link(path, &nd); 338 if (error) 339 return error; 340 error = getxattr(nd.dentry, name, value, size); 341 path_release(&nd); 342 return error; 343 } 344 345 asmlinkage ssize_t 346 sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) 347 { 348 struct file *f; 349 ssize_t error = -EBADF; 350 351 f = fget(fd); 352 if (!f) 353 return error; 354 error = getxattr(f->f_dentry, name, value, size); 355 fput(f); 356 return error; 357 } 358 359 /* 360 * Extended attribute LIST operations 361 */ 362 static ssize_t 363 listxattr(struct dentry *d, char __user *list, size_t size) 364 { 365 ssize_t error; 366 char *klist = NULL; 367 368 if (size) { 369 if (size > XATTR_LIST_MAX) 370 size = XATTR_LIST_MAX; 371 klist = kmalloc(size, GFP_KERNEL); 372 if (!klist) 373 return -ENOMEM; 374 } 375 376 error = vfs_listxattr(d, klist, size); 377 if (error > 0) { 378 if (size && copy_to_user(list, klist, error)) 379 error = -EFAULT; 380 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 381 /* The file system tried to returned a list bigger 382 than XATTR_LIST_MAX bytes. Not possible. */ 383 error = -E2BIG; 384 } 385 kfree(klist); 386 return error; 387 } 388 389 asmlinkage ssize_t 390 sys_listxattr(char __user *path, char __user *list, size_t size) 391 { 392 struct nameidata nd; 393 ssize_t error; 394 395 error = user_path_walk(path, &nd); 396 if (error) 397 return error; 398 error = listxattr(nd.dentry, list, size); 399 path_release(&nd); 400 return error; 401 } 402 403 asmlinkage ssize_t 404 sys_llistxattr(char __user *path, char __user *list, size_t size) 405 { 406 struct nameidata nd; 407 ssize_t error; 408 409 error = user_path_walk_link(path, &nd); 410 if (error) 411 return error; 412 error = listxattr(nd.dentry, list, size); 413 path_release(&nd); 414 return error; 415 } 416 417 asmlinkage ssize_t 418 sys_flistxattr(int fd, char __user *list, size_t size) 419 { 420 struct file *f; 421 ssize_t error = -EBADF; 422 423 f = fget(fd); 424 if (!f) 425 return error; 426 error = listxattr(f->f_dentry, list, size); 427 fput(f); 428 return error; 429 } 430 431 /* 432 * Extended attribute REMOVE operations 433 */ 434 static long 435 removexattr(struct dentry *d, char __user *name) 436 { 437 int error; 438 char kname[XATTR_NAME_MAX + 1]; 439 440 error = strncpy_from_user(kname, name, sizeof(kname)); 441 if (error == 0 || error == sizeof(kname)) 442 error = -ERANGE; 443 if (error < 0) 444 return error; 445 446 return vfs_removexattr(d, kname); 447 } 448 449 asmlinkage long 450 sys_removexattr(char __user *path, char __user *name) 451 { 452 struct nameidata nd; 453 int error; 454 455 error = user_path_walk(path, &nd); 456 if (error) 457 return error; 458 error = removexattr(nd.dentry, name); 459 path_release(&nd); 460 return error; 461 } 462 463 asmlinkage long 464 sys_lremovexattr(char __user *path, char __user *name) 465 { 466 struct nameidata nd; 467 int error; 468 469 error = user_path_walk_link(path, &nd); 470 if (error) 471 return error; 472 error = removexattr(nd.dentry, name); 473 path_release(&nd); 474 return error; 475 } 476 477 asmlinkage long 478 sys_fremovexattr(int fd, char __user *name) 479 { 480 struct file *f; 481 struct dentry *dentry; 482 int error = -EBADF; 483 484 f = fget(fd); 485 if (!f) 486 return error; 487 dentry = f->f_dentry; 488 audit_inode(NULL, dentry->d_inode); 489 error = removexattr(dentry, name); 490 fput(f); 491 return error; 492 } 493 494 495 static const char * 496 strcmp_prefix(const char *a, const char *a_prefix) 497 { 498 while (*a_prefix && *a == *a_prefix) { 499 a++; 500 a_prefix++; 501 } 502 return *a_prefix ? NULL : a; 503 } 504 505 /* 506 * In order to implement different sets of xattr operations for each xattr 507 * prefix with the generic xattr API, a filesystem should create a 508 * null-terminated array of struct xattr_handler (one for each prefix) and 509 * hang a pointer to it off of the s_xattr field of the superblock. 510 * 511 * The generic_fooxattr() functions will use this list to dispatch xattr 512 * operations to the correct xattr_handler. 513 */ 514 #define for_each_xattr_handler(handlers, handler) \ 515 for ((handler) = *(handlers)++; \ 516 (handler) != NULL; \ 517 (handler) = *(handlers)++) 518 519 /* 520 * Find the xattr_handler with the matching prefix. 521 */ 522 static struct xattr_handler * 523 xattr_resolve_name(struct xattr_handler **handlers, const char **name) 524 { 525 struct xattr_handler *handler; 526 527 if (!*name) 528 return NULL; 529 530 for_each_xattr_handler(handlers, handler) { 531 const char *n = strcmp_prefix(*name, handler->prefix); 532 if (n) { 533 *name = n; 534 break; 535 } 536 } 537 return handler; 538 } 539 540 /* 541 * Find the handler for the prefix and dispatch its get() operation. 542 */ 543 ssize_t 544 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) 545 { 546 struct xattr_handler *handler; 547 struct inode *inode = dentry->d_inode; 548 549 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 550 if (!handler) 551 return -EOPNOTSUPP; 552 return handler->get(inode, name, buffer, size); 553 } 554 555 /* 556 * Combine the results of the list() operation from every xattr_handler in the 557 * list. 558 */ 559 ssize_t 560 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 561 { 562 struct inode *inode = dentry->d_inode; 563 struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr; 564 unsigned int size = 0; 565 566 if (!buffer) { 567 for_each_xattr_handler(handlers, handler) 568 size += handler->list(inode, NULL, 0, NULL, 0); 569 } else { 570 char *buf = buffer; 571 572 for_each_xattr_handler(handlers, handler) { 573 size = handler->list(inode, buf, buffer_size, NULL, 0); 574 if (size > buffer_size) 575 return -ERANGE; 576 buf += size; 577 buffer_size -= size; 578 } 579 size = buf - buffer; 580 } 581 return size; 582 } 583 584 /* 585 * Find the handler for the prefix and dispatch its set() operation. 586 */ 587 int 588 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) 589 { 590 struct xattr_handler *handler; 591 struct inode *inode = dentry->d_inode; 592 593 if (size == 0) 594 value = ""; /* empty EA, do not remove */ 595 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 596 if (!handler) 597 return -EOPNOTSUPP; 598 return handler->set(inode, name, value, size, flags); 599 } 600 601 /* 602 * Find the handler for the prefix and dispatch its set() operation to remove 603 * any associated extended attribute. 604 */ 605 int 606 generic_removexattr(struct dentry *dentry, const char *name) 607 { 608 struct xattr_handler *handler; 609 struct inode *inode = dentry->d_inode; 610 611 handler = xattr_resolve_name(inode->i_sb->s_xattr, &name); 612 if (!handler) 613 return -EOPNOTSUPP; 614 return handler->set(inode, name, NULL, 0, XATTR_REPLACE); 615 } 616 617 EXPORT_SYMBOL(generic_getxattr); 618 EXPORT_SYMBOL(generic_listxattr); 619 EXPORT_SYMBOL(generic_setxattr); 620 EXPORT_SYMBOL(generic_removexattr); 621