xref: /openbmc/linux/fs/xattr.c (revision f42b3800)
1 /*
2   File: fs/xattr.c
3 
4   Extended attribute handling.
5 
6   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9  */
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/namei.h>
15 #include <linux/security.h>
16 #include <linux/syscalls.h>
17 #include <linux/module.h>
18 #include <linux/fsnotify.h>
19 #include <linux/audit.h>
20 #include <asm/uaccess.h>
21 
22 
23 /*
24  * Check permissions for extended attribute access.  This is a bit complicated
25  * because different namespaces have very different rules.
26  */
27 static int
28 xattr_permission(struct inode *inode, const char *name, int mask)
29 {
30 	/*
31 	 * We can never set or remove an extended attribute on a read-only
32 	 * filesystem  or on an immutable / append-only inode.
33 	 */
34 	if (mask & MAY_WRITE) {
35 		if (IS_RDONLY(inode))
36 			return -EROFS;
37 		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
38 			return -EPERM;
39 	}
40 
41 	/*
42 	 * No restriction for security.* and system.* from the VFS.  Decision
43 	 * on these is left to the underlying filesystem / security module.
44 	 */
45 	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
46 	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
47 		return 0;
48 
49 	/*
50 	 * The trusted.* namespace can only be accessed by a privileged user.
51 	 */
52 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
53 		return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
54 
55 	/* In user.* namespace, only regular files and directories can have
56 	 * extended attributes. For sticky directories, only the owner and
57 	 * privileged user can write attributes.
58 	 */
59 	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
60 		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
61 			return -EPERM;
62 		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
63 		    (mask & MAY_WRITE) && !is_owner_or_cap(inode))
64 			return -EPERM;
65 	}
66 
67 	return permission(inode, mask, NULL);
68 }
69 
70 int
71 vfs_setxattr(struct dentry *dentry, char *name, void *value,
72 		size_t size, int flags)
73 {
74 	struct inode *inode = dentry->d_inode;
75 	int error;
76 
77 	error = xattr_permission(inode, name, MAY_WRITE);
78 	if (error)
79 		return error;
80 
81 	mutex_lock(&inode->i_mutex);
82 	error = security_inode_setxattr(dentry, name, value, size, flags);
83 	if (error)
84 		goto out;
85 	error = -EOPNOTSUPP;
86 	if (inode->i_op->setxattr) {
87 		error = inode->i_op->setxattr(dentry, name, value, size, flags);
88 		if (!error) {
89 			fsnotify_xattr(dentry);
90 			security_inode_post_setxattr(dentry, name, value,
91 						     size, flags);
92 		}
93 	} else if (!strncmp(name, XATTR_SECURITY_PREFIX,
94 				XATTR_SECURITY_PREFIX_LEN)) {
95 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
96 		error = security_inode_setsecurity(inode, suffix, value,
97 						   size, flags);
98 		if (!error)
99 			fsnotify_xattr(dentry);
100 	}
101 out:
102 	mutex_unlock(&inode->i_mutex);
103 	return error;
104 }
105 EXPORT_SYMBOL_GPL(vfs_setxattr);
106 
107 ssize_t
108 xattr_getsecurity(struct inode *inode, const char *name, void *value,
109 			size_t size)
110 {
111 	void *buffer = NULL;
112 	ssize_t len;
113 
114 	if (!value || !size) {
115 		len = security_inode_getsecurity(inode, name, &buffer, false);
116 		goto out_noalloc;
117 	}
118 
119 	len = security_inode_getsecurity(inode, name, &buffer, true);
120 	if (len < 0)
121 		return len;
122 	if (size < len) {
123 		len = -ERANGE;
124 		goto out;
125 	}
126 	memcpy(value, buffer, len);
127 out:
128 	security_release_secctx(buffer, len);
129 out_noalloc:
130 	return len;
131 }
132 EXPORT_SYMBOL_GPL(xattr_getsecurity);
133 
134 ssize_t
135 vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size)
136 {
137 	struct inode *inode = dentry->d_inode;
138 	int error;
139 
140 	error = xattr_permission(inode, name, MAY_READ);
141 	if (error)
142 		return error;
143 
144 	error = security_inode_getxattr(dentry, name);
145 	if (error)
146 		return error;
147 
148 	if (!strncmp(name, XATTR_SECURITY_PREFIX,
149 				XATTR_SECURITY_PREFIX_LEN)) {
150 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
151 		int ret = xattr_getsecurity(inode, suffix, value, size);
152 		/*
153 		 * Only overwrite the return value if a security module
154 		 * is actually active.
155 		 */
156 		if (ret == -EOPNOTSUPP)
157 			goto nolsm;
158 		return ret;
159 	}
160 nolsm:
161 	if (inode->i_op->getxattr)
162 		error = inode->i_op->getxattr(dentry, name, value, size);
163 	else
164 		error = -EOPNOTSUPP;
165 
166 	return error;
167 }
168 EXPORT_SYMBOL_GPL(vfs_getxattr);
169 
170 ssize_t
171 vfs_listxattr(struct dentry *d, char *list, size_t size)
172 {
173 	ssize_t error;
174 
175 	error = security_inode_listxattr(d);
176 	if (error)
177 		return error;
178 	error = -EOPNOTSUPP;
179 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
180 		error = d->d_inode->i_op->listxattr(d, list, size);
181 	} else {
182 		error = security_inode_listsecurity(d->d_inode, list, size);
183 		if (size && error > size)
184 			error = -ERANGE;
185 	}
186 	return error;
187 }
188 EXPORT_SYMBOL_GPL(vfs_listxattr);
189 
190 int
191 vfs_removexattr(struct dentry *dentry, char *name)
192 {
193 	struct inode *inode = dentry->d_inode;
194 	int error;
195 
196 	if (!inode->i_op->removexattr)
197 		return -EOPNOTSUPP;
198 
199 	error = xattr_permission(inode, name, MAY_WRITE);
200 	if (error)
201 		return error;
202 
203 	error = security_inode_removexattr(dentry, name);
204 	if (error)
205 		return error;
206 
207 	mutex_lock(&inode->i_mutex);
208 	error = inode->i_op->removexattr(dentry, name);
209 	mutex_unlock(&inode->i_mutex);
210 
211 	if (!error)
212 		fsnotify_xattr(dentry);
213 	return error;
214 }
215 EXPORT_SYMBOL_GPL(vfs_removexattr);
216 
217 
218 /*
219  * Extended attribute SET operations
220  */
221 static long
222 setxattr(struct dentry *d, char __user *name, void __user *value,
223 	 size_t size, int flags)
224 {
225 	int error;
226 	void *kvalue = NULL;
227 	char kname[XATTR_NAME_MAX + 1];
228 
229 	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
230 		return -EINVAL;
231 
232 	error = strncpy_from_user(kname, name, sizeof(kname));
233 	if (error == 0 || error == sizeof(kname))
234 		error = -ERANGE;
235 	if (error < 0)
236 		return error;
237 
238 	if (size) {
239 		if (size > XATTR_SIZE_MAX)
240 			return -E2BIG;
241 		kvalue = kmalloc(size, GFP_KERNEL);
242 		if (!kvalue)
243 			return -ENOMEM;
244 		if (copy_from_user(kvalue, value, size)) {
245 			kfree(kvalue);
246 			return -EFAULT;
247 		}
248 	}
249 
250 	error = vfs_setxattr(d, kname, kvalue, size, flags);
251 	kfree(kvalue);
252 	return error;
253 }
254 
255 asmlinkage long
256 sys_setxattr(char __user *path, char __user *name, void __user *value,
257 	     size_t size, int flags)
258 {
259 	struct nameidata nd;
260 	int error;
261 
262 	error = user_path_walk(path, &nd);
263 	if (error)
264 		return error;
265 	error = setxattr(nd.path.dentry, name, value, size, flags);
266 	path_put(&nd.path);
267 	return error;
268 }
269 
270 asmlinkage long
271 sys_lsetxattr(char __user *path, char __user *name, void __user *value,
272 	      size_t size, int flags)
273 {
274 	struct nameidata nd;
275 	int error;
276 
277 	error = user_path_walk_link(path, &nd);
278 	if (error)
279 		return error;
280 	error = setxattr(nd.path.dentry, name, value, size, flags);
281 	path_put(&nd.path);
282 	return error;
283 }
284 
285 asmlinkage long
286 sys_fsetxattr(int fd, char __user *name, void __user *value,
287 	      size_t size, int flags)
288 {
289 	struct file *f;
290 	struct dentry *dentry;
291 	int error = -EBADF;
292 
293 	f = fget(fd);
294 	if (!f)
295 		return error;
296 	dentry = f->f_path.dentry;
297 	audit_inode(NULL, dentry);
298 	error = setxattr(dentry, name, value, size, flags);
299 	fput(f);
300 	return error;
301 }
302 
303 /*
304  * Extended attribute GET operations
305  */
306 static ssize_t
307 getxattr(struct dentry *d, char __user *name, void __user *value, size_t size)
308 {
309 	ssize_t error;
310 	void *kvalue = NULL;
311 	char kname[XATTR_NAME_MAX + 1];
312 
313 	error = strncpy_from_user(kname, name, sizeof(kname));
314 	if (error == 0 || error == sizeof(kname))
315 		error = -ERANGE;
316 	if (error < 0)
317 		return error;
318 
319 	if (size) {
320 		if (size > XATTR_SIZE_MAX)
321 			size = XATTR_SIZE_MAX;
322 		kvalue = kzalloc(size, GFP_KERNEL);
323 		if (!kvalue)
324 			return -ENOMEM;
325 	}
326 
327 	error = vfs_getxattr(d, kname, kvalue, size);
328 	if (error > 0) {
329 		if (size && copy_to_user(value, kvalue, error))
330 			error = -EFAULT;
331 	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
332 		/* The file system tried to returned a value bigger
333 		   than XATTR_SIZE_MAX bytes. Not possible. */
334 		error = -E2BIG;
335 	}
336 	kfree(kvalue);
337 	return error;
338 }
339 
340 asmlinkage ssize_t
341 sys_getxattr(char __user *path, char __user *name, void __user *value,
342 	     size_t size)
343 {
344 	struct nameidata nd;
345 	ssize_t error;
346 
347 	error = user_path_walk(path, &nd);
348 	if (error)
349 		return error;
350 	error = getxattr(nd.path.dentry, name, value, size);
351 	path_put(&nd.path);
352 	return error;
353 }
354 
355 asmlinkage ssize_t
356 sys_lgetxattr(char __user *path, char __user *name, void __user *value,
357 	      size_t size)
358 {
359 	struct nameidata nd;
360 	ssize_t error;
361 
362 	error = user_path_walk_link(path, &nd);
363 	if (error)
364 		return error;
365 	error = getxattr(nd.path.dentry, name, value, size);
366 	path_put(&nd.path);
367 	return error;
368 }
369 
370 asmlinkage ssize_t
371 sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size)
372 {
373 	struct file *f;
374 	ssize_t error = -EBADF;
375 
376 	f = fget(fd);
377 	if (!f)
378 		return error;
379 	audit_inode(NULL, f->f_path.dentry);
380 	error = getxattr(f->f_path.dentry, name, value, size);
381 	fput(f);
382 	return error;
383 }
384 
385 /*
386  * Extended attribute LIST operations
387  */
388 static ssize_t
389 listxattr(struct dentry *d, char __user *list, size_t size)
390 {
391 	ssize_t error;
392 	char *klist = NULL;
393 
394 	if (size) {
395 		if (size > XATTR_LIST_MAX)
396 			size = XATTR_LIST_MAX;
397 		klist = kmalloc(size, GFP_KERNEL);
398 		if (!klist)
399 			return -ENOMEM;
400 	}
401 
402 	error = vfs_listxattr(d, klist, size);
403 	if (error > 0) {
404 		if (size && copy_to_user(list, klist, error))
405 			error = -EFAULT;
406 	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
407 		/* The file system tried to returned a list bigger
408 		   than XATTR_LIST_MAX bytes. Not possible. */
409 		error = -E2BIG;
410 	}
411 	kfree(klist);
412 	return error;
413 }
414 
415 asmlinkage ssize_t
416 sys_listxattr(char __user *path, char __user *list, size_t size)
417 {
418 	struct nameidata nd;
419 	ssize_t error;
420 
421 	error = user_path_walk(path, &nd);
422 	if (error)
423 		return error;
424 	error = listxattr(nd.path.dentry, list, size);
425 	path_put(&nd.path);
426 	return error;
427 }
428 
429 asmlinkage ssize_t
430 sys_llistxattr(char __user *path, char __user *list, size_t size)
431 {
432 	struct nameidata nd;
433 	ssize_t error;
434 
435 	error = user_path_walk_link(path, &nd);
436 	if (error)
437 		return error;
438 	error = listxattr(nd.path.dentry, list, size);
439 	path_put(&nd.path);
440 	return error;
441 }
442 
443 asmlinkage ssize_t
444 sys_flistxattr(int fd, char __user *list, size_t size)
445 {
446 	struct file *f;
447 	ssize_t error = -EBADF;
448 
449 	f = fget(fd);
450 	if (!f)
451 		return error;
452 	audit_inode(NULL, f->f_path.dentry);
453 	error = listxattr(f->f_path.dentry, list, size);
454 	fput(f);
455 	return error;
456 }
457 
458 /*
459  * Extended attribute REMOVE operations
460  */
461 static long
462 removexattr(struct dentry *d, char __user *name)
463 {
464 	int error;
465 	char kname[XATTR_NAME_MAX + 1];
466 
467 	error = strncpy_from_user(kname, name, sizeof(kname));
468 	if (error == 0 || error == sizeof(kname))
469 		error = -ERANGE;
470 	if (error < 0)
471 		return error;
472 
473 	return vfs_removexattr(d, kname);
474 }
475 
476 asmlinkage long
477 sys_removexattr(char __user *path, char __user *name)
478 {
479 	struct nameidata nd;
480 	int error;
481 
482 	error = user_path_walk(path, &nd);
483 	if (error)
484 		return error;
485 	error = removexattr(nd.path.dentry, name);
486 	path_put(&nd.path);
487 	return error;
488 }
489 
490 asmlinkage long
491 sys_lremovexattr(char __user *path, char __user *name)
492 {
493 	struct nameidata nd;
494 	int error;
495 
496 	error = user_path_walk_link(path, &nd);
497 	if (error)
498 		return error;
499 	error = removexattr(nd.path.dentry, name);
500 	path_put(&nd.path);
501 	return error;
502 }
503 
504 asmlinkage long
505 sys_fremovexattr(int fd, char __user *name)
506 {
507 	struct file *f;
508 	struct dentry *dentry;
509 	int error = -EBADF;
510 
511 	f = fget(fd);
512 	if (!f)
513 		return error;
514 	dentry = f->f_path.dentry;
515 	audit_inode(NULL, dentry);
516 	error = removexattr(dentry, name);
517 	fput(f);
518 	return error;
519 }
520 
521 
522 static const char *
523 strcmp_prefix(const char *a, const char *a_prefix)
524 {
525 	while (*a_prefix && *a == *a_prefix) {
526 		a++;
527 		a_prefix++;
528 	}
529 	return *a_prefix ? NULL : a;
530 }
531 
532 /*
533  * In order to implement different sets of xattr operations for each xattr
534  * prefix with the generic xattr API, a filesystem should create a
535  * null-terminated array of struct xattr_handler (one for each prefix) and
536  * hang a pointer to it off of the s_xattr field of the superblock.
537  *
538  * The generic_fooxattr() functions will use this list to dispatch xattr
539  * operations to the correct xattr_handler.
540  */
541 #define for_each_xattr_handler(handlers, handler)		\
542 		for ((handler) = *(handlers)++;			\
543 			(handler) != NULL;			\
544 			(handler) = *(handlers)++)
545 
546 /*
547  * Find the xattr_handler with the matching prefix.
548  */
549 static struct xattr_handler *
550 xattr_resolve_name(struct xattr_handler **handlers, const char **name)
551 {
552 	struct xattr_handler *handler;
553 
554 	if (!*name)
555 		return NULL;
556 
557 	for_each_xattr_handler(handlers, handler) {
558 		const char *n = strcmp_prefix(*name, handler->prefix);
559 		if (n) {
560 			*name = n;
561 			break;
562 		}
563 	}
564 	return handler;
565 }
566 
567 /*
568  * Find the handler for the prefix and dispatch its get() operation.
569  */
570 ssize_t
571 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
572 {
573 	struct xattr_handler *handler;
574 	struct inode *inode = dentry->d_inode;
575 
576 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
577 	if (!handler)
578 		return -EOPNOTSUPP;
579 	return handler->get(inode, name, buffer, size);
580 }
581 
582 /*
583  * Combine the results of the list() operation from every xattr_handler in the
584  * list.
585  */
586 ssize_t
587 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
588 {
589 	struct inode *inode = dentry->d_inode;
590 	struct xattr_handler *handler, **handlers = inode->i_sb->s_xattr;
591 	unsigned int size = 0;
592 
593 	if (!buffer) {
594 		for_each_xattr_handler(handlers, handler)
595 			size += handler->list(inode, NULL, 0, NULL, 0);
596 	} else {
597 		char *buf = buffer;
598 
599 		for_each_xattr_handler(handlers, handler) {
600 			size = handler->list(inode, buf, buffer_size, NULL, 0);
601 			if (size > buffer_size)
602 				return -ERANGE;
603 			buf += size;
604 			buffer_size -= size;
605 		}
606 		size = buf - buffer;
607 	}
608 	return size;
609 }
610 
611 /*
612  * Find the handler for the prefix and dispatch its set() operation.
613  */
614 int
615 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
616 {
617 	struct xattr_handler *handler;
618 	struct inode *inode = dentry->d_inode;
619 
620 	if (size == 0)
621 		value = "";  /* empty EA, do not remove */
622 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
623 	if (!handler)
624 		return -EOPNOTSUPP;
625 	return handler->set(inode, name, value, size, flags);
626 }
627 
628 /*
629  * Find the handler for the prefix and dispatch its set() operation to remove
630  * any associated extended attribute.
631  */
632 int
633 generic_removexattr(struct dentry *dentry, const char *name)
634 {
635 	struct xattr_handler *handler;
636 	struct inode *inode = dentry->d_inode;
637 
638 	handler = xattr_resolve_name(inode->i_sb->s_xattr, &name);
639 	if (!handler)
640 		return -EOPNOTSUPP;
641 	return handler->set(inode, name, NULL, 0, XATTR_REPLACE);
642 }
643 
644 EXPORT_SYMBOL(generic_getxattr);
645 EXPORT_SYMBOL(generic_listxattr);
646 EXPORT_SYMBOL(generic_setxattr);
647 EXPORT_SYMBOL(generic_removexattr);
648