LXR linux/fs/xattr.c

   1/*
   2  File: fs/xattr.c
   3
   4  Extended attribute handling.
   5
   6  Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
   7  Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
   8  Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
   9 */
  10#include <linux/fs.h>
  11#include <linux/slab.h>
  12#include <linux/file.h>
  13#include <linux/xattr.h>
  14#include <linux/mount.h>
  15#include <linux/namei.h>
  16#include <linux/security.h>
  17#include <linux/syscalls.h>
  18#include <linux/module.h>
  19#include <linux/fsnotify.h>
  20#include <linux/audit.h>
  21#include <asm/uaccess.h>
  22
  23
  24/*
  25 * Check permissions for extended attribute access.  This is a bit complicated
  26 * because different namespaces have very different rules.
  27 */
  28static int
  29xattr_permission(struct inode *inode, const char *name, int mask)
  30{
  31        /*
  32         * We can never set or remove an extended attribute on a read-only
  33         * filesystem  or on an immutable / append-only inode.
  34         */
  35        if (mask & MAY_WRITE) {
  36                if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
  37                        return -EPERM;
  38        }
  39
  40        /*
  41         * No restriction for security.* and system.* from the VFS.  Decision
  42         * on these is left to the underlying filesystem / security module.
  43         */
  44        if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
  45            !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
  46                return 0;
  47
  48        /*
  49         * The trusted.* namespace can only be accessed by a privileged user.
  50         */
  51        if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
  52                return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
  53
  54        /* In user.* namespace, only regular files and directories can have
  55         * extended attributes. For sticky directories, only the owner and
  56         * privileged user can write attributes.
  57         */
  58        if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
  59                if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
  60                        return -EPERM;
  61                if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
  62                    (mask & MAY_WRITE) && !is_owner_or_cap(inode))
  63                        return -EPERM;
  64        }
  65
  66        return inode_permission(inode, mask);
  67}
  68
  69/**
  70 *  __vfs_setxattr_noperm - perform setxattr operation without performing
  71 *  permission checks.
  72 *
  73 *  @dentry - object to perform setxattr on
  74 *  @name - xattr name to set
  75 *  @value - value to set @name to
  76 *  @size - size of @value
  77 *  @flags - flags to pass into filesystem operations
  78 *
  79 *  returns the result of the internal setxattr or setsecurity operations.
  80 *
  81 *  This function requires the caller to lock the inode's i_mutex before it
  82 *  is executed. It also assumes that the caller will make the appropriate
  83 *  permission checks.
  84 */
  85int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
  86                const void *value, size_t size, int flags)
  87{
  88        struct inode *inode = dentry->d_inode;
  89        int error = -EOPNOTSUPP;
  90
  91        if (inode->i_op->setxattr) {
  92                error = inode->i_op->setxattr(dentry, name, value, size, flags);
  93                if (!error) {
  94                        fsnotify_xattr(dentry);
  95                        security_inode_post_setxattr(dentry, name, value,
  96                                                     size, flags);
  97                }
  98        } else if (!strncmp(name, XATTR_SECURITY_PREFIX,
  99                                XATTR_SECURITY_PREFIX_LEN)) {
 100                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
 101                error = security_inode_setsecurity(inode, suffix, value,
 102                                                   size, flags);
 103                if (!error)
 104                        fsnotify_xattr(dentry);
 105        }
 106
 107        return error;
 108}
 109
 110
 111int
 112vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
 113                size_t size, int flags)
 114{
 115        struct inode *inode = dentry->d_inode;
 116        int error;
 117
 118        error = xattr_permission(inode, name, MAY_WRITE);
 119        if (error)
 120                return error;
 121
 122        mutex_lock(&inode->i_mutex);
 123        error = security_inode_setxattr(dentry, name, value, size, flags);
 124        if (error)
 125                goto out;
 126
 127        error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
 128
 129out:
 130        mutex_unlock(&inode->i_mutex);
 131        return error;
 132}
 133EXPORT_SYMBOL_GPL(vfs_setxattr);
 134
 135ssize_t
 136xattr_getsecurity(struct inode *inode, const char *name, void *value,
 137                        size_t size)
 138{
 139        void *buffer = NULL;
 140        ssize_t len;
 141
 142        if (!value || !size) {
 143                len = security_inode_getsecurity(inode, name, &buffer, false);
 144                goto out_noalloc;
 145        }
 146
 147        len = security_inode_getsecurity(inode, name, &buffer, true);
 148        if (len < 0)
 149                return len;
 150        if (size < len) {
 151                len = -ERANGE;
 152                goto out;
 153        }
 154        memcpy(value, buffer, len);
 155out:
 156        security_release_secctx(buffer, len);
 157out_noalloc:
 158        return len;
 159}
 160EXPORT_SYMBOL_GPL(xattr_getsecurity);
 161
 162ssize_t
 163vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
 164{
 165        struct inode *inode = dentry->d_inode;
 166        int error;
 167
 168        error = xattr_permission(inode, name, MAY_READ);
 169        if (error)
 170                return error;
 171
 172        error = security_inode_getxattr(dentry, name);
 173        if (error)
 174                return error;
 175
 176        if (!strncmp(name, XATTR_SECURITY_PREFIX,
 177                                XATTR_SECURITY_PREFIX_LEN)) {
 178                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
 179                int ret = xattr_getsecurity(inode, suffix, value, size);
 180                /*
 181                 * Only overwrite the return value if a security module
 182                 * is actually active.
 183                 */
 184                if (ret == -EOPNOTSUPP)
 185                        goto nolsm;
 186                return ret;
 187        }
 188nolsm:
 189        if (inode->i_op->getxattr)
 190                error = inode->i_op->getxattr(dentry, name, value, size);
 191        else
 192                error = -EOPNOTSUPP;
 193
 194        return error;
 195}
 196EXPORT_SYMBOL_GPL(vfs_getxattr);
 197
 198ssize_t
 199vfs_listxattr(struct dentry *d, char *list, size_t size)
 200{
 201        ssize_t error;
 202
 203        error = security_inode_listxattr(d);
 204        if (error)
 205                return error;
 206        error = -EOPNOTSUPP;
 207        if (d->d_inode->i_op->listxattr) {
 208                error = d->d_inode->i_op->listxattr(d, list, size);
 209        } else {
 210                error = security_inode_listsecurity(d->d_inode, list, size);
 211                if (size && error > size)
 212                        error = -ERANGE;
 213        }
 214        return error;
 215}
 216EXPORT_SYMBOL_GPL(vfs_listxattr);
 217
 218int
 219vfs_removexattr(struct dentry *dentry, const char *name)
 220{
 221        struct inode *inode = dentry->d_inode;
 222        int error;
 223
 224        if (!inode->i_op->removexattr)
 225                return -EOPNOTSUPP;
 226
 227        error = xattr_permission(inode, name, MAY_WRITE);
 228        if (error)
 229                return error;
 230
 231        error = security_inode_removexattr(dentry, name);
 232        if (error)
 233                return error;
 234
 235        mutex_lock(&inode->i_mutex);
 236        error = inode->i_op->removexattr(dentry, name);
 237        mutex_unlock(&inode->i_mutex);
 238
 239        if (!error)
 240                fsnotify_xattr(dentry);
 241        return error;
 242}
 243EXPORT_SYMBOL_GPL(vfs_removexattr);
 244
 245
 246/*
 247 * Extended attribute SET operations
 248 */
 249static long
 250setxattr(struct dentry *d, const char __user *name, const void __user *value,
 251         size_t size, int flags)
 252{
 253        int error;
 254        void *kvalue = NULL;
 255        char kname[XATTR_NAME_MAX + 1];
 256
 257        if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
 258                return -EINVAL;
 259
 260        error = strncpy_from_user(kname, name, sizeof(kname));
 261        if (error == 0 || error == sizeof(kname))
 262                error = -ERANGE;
 263        if (error < 0)
 264                return error;
 265
 266        if (size) {
 267                if (size > XATTR_SIZE_MAX)
 268                        return -E2BIG;
 269                kvalue = memdup_user(value, size);
 270                if (IS_ERR(kvalue))
 271                        return PTR_ERR(kvalue);
 272        }
 273
 274        error = vfs_setxattr(d, kname, kvalue, size, flags);
 275        kfree(kvalue);
 276        return error;
 277}
 278
 279SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
 280                const char __user *, name, const void __user *, value,
 281                size_t, size, int, flags)
 282{
 283        struct path path;
 284        int error;
 285
 286        error = user_path(pathname, &path);
 287        if (error)
 288                return error;
 289        error = mnt_want_write(path.mnt);
 290        if (!error) {
 291                error = setxattr(path.dentry, name, value, size, flags);
 292                mnt_drop_write(path.mnt);
 293        }
 294        path_put(&path);
 295        return error;
 296}
 297
 298SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
 299                const char __user *, name, const void __user *, value,
 300                size_t, size, int, flags)
 301{
 302        struct path path;
 303        int error;
 304
 305        error = user_lpath(pathname, &path);
 306        if (error)
 307                return error;
 308        error = mnt_want_write(path.mnt);
 309        if (!error) {
 310                error = setxattr(path.dentry, name, value, size, flags);
 311                mnt_drop_write(path.mnt);
 312        }
 313        path_put(&path);
 314        return error;
 315}
 316
 317SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
 318                const void __user *,value, size_t, size, int, flags)
 319{
 320        struct file *f;
 321        struct dentry *dentry;
 322        int error = -EBADF;
 323
 324        f = fget(fd);
 325        if (!f)
 326                return error;
 327        dentry = f->f_path.dentry;
 328        audit_inode(NULL, dentry);
 329        error = mnt_want_write_file(f);
 330        if (!error) {
 331                error = setxattr(dentry, name, value, size, flags);
 332                mnt_drop_write(f->f_path.mnt);
 333        }
 334        fput(f);
 335        return error;
 336}
 337
 338/*
 339 * Extended attribute GET operations
 340 */
 341static ssize_t
 342getxattr(struct dentry *d, const char __user *name, void __user *value,
 343         size_t size)
 344{
 345        ssize_t error;
 346        void *kvalue = NULL;
 347        char kname[XATTR_NAME_MAX + 1];
 348
 349        error = strncpy_from_user(kname, name, sizeof(kname));
 350        if (error == 0 || error == sizeof(kname))
 351                error = -ERANGE;
 352        if (error < 0)
 353                return error;
 354
 355        if (size) {
 356                if (size > XATTR_SIZE_MAX)
 357                        size = XATTR_SIZE_MAX;
 358                kvalue = kzalloc(size, GFP_KERNEL);
 359                if (!kvalue)
 360                        return -ENOMEM;
 361        }
 362
 363        error = vfs_getxattr(d, kname, kvalue, size);
 364        if (error > 0) {
 365                if (size && copy_to_user(value, kvalue, error))
 366                        error = -EFAULT;
 367        } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
 368                /* The file system tried to returned a value bigger
 369                   than XATTR_SIZE_MAX bytes. Not possible. */
 370                error = -E2BIG;
 371        }
 372        kfree(kvalue);
 373        return error;
 374}
 375
 376SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
 377                const char __user *, name, void __user *, value, size_t, size)
 378{
 379        struct path path;
 380        ssize_t error;
 381
 382        error = user_path(pathname, &path);
 383        if (error)
 384                return error;
 385        error = getxattr(path.dentry, name, value, size);
 386        path_put(&path);
 387        return error;
 388}
 389
 390SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
 391                const char __user *, name, void __user *, value, size_t, size)
 392{
 393        struct path path;
 394        ssize_t error;
 395
 396        error = user_lpath(pathname, &path);
 397        if (error)
 398                return error;
 399        error = getxattr(path.dentry, name, value, size);
 400        path_put(&path);
 401        return error;
 402}
 403
 404SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
 405                void __user *, value, size_t, size)
 406{
 407        struct file *f;
 408        ssize_t error = -EBADF;
 409
 410        f = fget(fd);
 411        if (!f)
 412                return error;
 413        audit_inode(NULL, f->f_path.dentry);
 414        error = getxattr(f->f_path.dentry, name, value, size);
 415        fput(f);
 416        return error;
 417}
 418
 419/*
 420 * Extended attribute LIST operations
 421 */
 422static ssize_t
 423listxattr(struct dentry *d, char __user *list, size_t size)
 424{
 425        ssize_t error;
 426        char *klist = NULL;
 427
 428        if (size) {
 429                if (size > XATTR_LIST_MAX)
 430                        size = XATTR_LIST_MAX;
 431                klist = kmalloc(size, GFP_KERNEL);
 432                if (!klist)
 433                        return -ENOMEM;
 434        }
 435
 436        error = vfs_listxattr(d, klist, size);
 437        if (error > 0) {
 438                if (size && copy_to_user(list, klist, error))
 439                        error = -EFAULT;
 440        } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
 441                /* The file system tried to returned a list bigger
 442                   than XATTR_LIST_MAX bytes. Not possible. */
 443                error = -E2BIG;
 444        }
 445        kfree(klist);
 446        return error;
 447}
 448
 449SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
 450                size_t, size)
 451{
 452        struct path path;
 453        ssize_t error;
 454
 455        error = user_path(pathname, &path);
 456        if (error)
 457                return error;
 458        error = listxattr(path.dentry, list, size);
 459        path_put(&path);
 460        return error;
 461}
 462
 463SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
 464                size_t, size)
 465{
 466        struct path path;
 467        ssize_t error;
 468
 469        error = user_lpath(pathname, &path);
 470        if (error)
 471                return error;
 472        error = listxattr(path.dentry, list, size);
 473        path_put(&path);
 474        return error;
 475}
 476
 477SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
 478{
 479        struct file *f;
 480        ssize_t error = -EBADF;
 481
 482        f = fget(fd);
 483        if (!f)
 484                return error;
 485        audit_inode(NULL, f->f_path.dentry);
 486        error = listxattr(f->f_path.dentry, list, size);
 487        fput(f);
 488        return error;
 489}
 490
 491/*
 492 * Extended attribute REMOVE operations
 493 */
 494static long
 495removexattr(struct dentry *d, const char __user *name)
 496{
 497        int error;
 498        char kname[XATTR_NAME_MAX + 1];
 499
 500        error = strncpy_from_user(kname, name, sizeof(kname));
 501        if (error == 0 || error == sizeof(kname))
 502                error = -ERANGE;
 503        if (error < 0)
 504                return error;
 505
 506        return vfs_removexattr(d, kname);
 507}
 508
 509SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
 510                const char __user *, name)
 511{
 512        struct path path;
 513        int error;
 514
 515        error = user_path(pathname, &path);
 516        if (error)
 517                return error;
 518        error = mnt_want_write(path.mnt);
 519        if (!error) {
 520                error = removexattr(path.dentry, name);
 521                mnt_drop_write(path.mnt);
 522        }
 523        path_put(&path);
 524        return error;
 525}
 526
 527SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
 528                const char __user *, name)
 529{
 530        struct path path;
 531        int error;
 532
 533        error = user_lpath(pathname, &path);
 534        if (error)
 535                return error;
 536        error = mnt_want_write(path.mnt);
 537        if (!error) {
 538                error = removexattr(path.dentry, name);
 539                mnt_drop_write(path.mnt);
 540        }
 541        path_put(&path);
 542        return error;
 543}
 544
 545SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
 546{
 547        struct file *f;
 548        struct dentry *dentry;
 549        int error = -EBADF;
 550
 551        f = fget(fd);
 552        if (!f)
 553                return error;
 554        dentry = f->f_path.dentry;
 555        audit_inode(NULL, dentry);
 556        error = mnt_want_write_file(f);
 557        if (!error) {
 558                error = removexattr(dentry, name);
 559                mnt_drop_write(f->f_path.mnt);
 560        }
 561        fput(f);
 562        return error;
 563}
 564
 565
 566static const char *
 567strcmp_prefix(const char *a, const char *a_prefix)
 568{
 569        while (*a_prefix && *a == *a_prefix) {
 570                a++;
 571                a_prefix++;
 572        }
 573        return *a_prefix ? NULL : a;
 574}
 575
 576/*
 577 * In order to implement different sets of xattr operations for each xattr
 578 * prefix with the generic xattr API, a filesystem should create a
 579 * null-terminated array of struct xattr_handler (one for each prefix) and
 580 * hang a pointer to it off of the s_xattr field of the superblock.
 581 *
 582 * The generic_fooxattr() functions will use this list to dispatch xattr
 583 * operations to the correct xattr_handler.
 584 */
 585#define for_each_xattr_handler(handlers, handler)               \
 586                for ((handler) = *(handlers)++;                 \
 587                        (handler) != NULL;                      \
 588                        (handler) = *(handlers)++)
 589
 590/*
 591 * Find the xattr_handler with the matching prefix.
 592 */
 593static const struct xattr_handler *
 594xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
 595{
 596        const struct xattr_handler *handler;
 597
 598        if (!*name)
 599                return NULL;
 600
 601        for_each_xattr_handler(handlers, handler) {
 602                const char *n = strcmp_prefix(*name, handler->prefix);
 603                if (n) {
 604                        *name = n;
 605                        break;
 606                }
 607        }
 608        return handler;
 609}
 610
 611/*
 612 * Find the handler for the prefix and dispatch its get() operation.
 613 */
 614ssize_t
 615generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
 616{
 617        const struct xattr_handler *handler;
 618
 619        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 620        if (!handler)
 621                return -EOPNOTSUPP;
 622        return handler->get(dentry, name, buffer, size, handler->flags);
 623}
 624
 625/*
 626 * Combine the results of the list() operation from every xattr_handler in the
 627 * list.
 628 */
 629ssize_t
 630generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
 631{
 632        const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
 633        unsigned int size = 0;
 634
 635        if (!buffer) {
 636                for_each_xattr_handler(handlers, handler) {
 637                        size += handler->list(dentry, NULL, 0, NULL, 0,
 638                                              handler->flags);
 639                }
 640        } else {
 641                char *buf = buffer;
 642
 643                for_each_xattr_handler(handlers, handler) {
 644                        size = handler->list(dentry, buf, buffer_size,
 645                                             NULL, 0, handler->flags);
 646                        if (size > buffer_size)
 647                                return -ERANGE;
 648                        buf += size;
 649                        buffer_size -= size;
 650                }
 651                size = buf - buffer;
 652        }
 653        return size;
 654}
 655
 656/*
 657 * Find the handler for the prefix and dispatch its set() operation.
 658 */
 659int
 660generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
 661{
 662        const struct xattr_handler *handler;
 663
 664        if (size == 0)
 665                value = "";  /* empty EA, do not remove */
 666        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 667        if (!handler)
 668                return -EOPNOTSUPP;
 669        return handler->set(dentry, name, value, size, 0, handler->flags);
 670}
 671
 672/*
 673 * Find the handler for the prefix and dispatch its set() operation to remove
 674 * any associated extended attribute.
 675 */
 676int
 677generic_removexattr(struct dentry *dentry, const char *name)
 678{
 679        const struct xattr_handler *handler;
 680
 681        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 682        if (!handler)
 683                return -EOPNOTSUPP;
 684        return handler->set(dentry, name, NULL, 0,
 685                            XATTR_REPLACE, handler->flags);
 686}
 687
 688EXPORT_SYMBOL(generic_getxattr);
 689EXPORT_SYMBOL(generic_listxattr);
 690EXPORT_SYMBOL(generic_setxattr);
 691EXPORT_SYMBOL(generic_removexattr);
 692