linux/fs/xattr.c
<<
>>
Prefs
   1/*
   2  File: fs/xattr.c
   3
   4  Extended attribute handling.
   5
   6  Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
   7  Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
   8  Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
   9 */
  10#include <linux/fs.h>
  11#include <linux/slab.h>
  12#include <linux/file.h>
  13#include <linux/xattr.h>
  14#include <linux/mount.h>
  15#include <linux/namei.h>
  16#include <linux/security.h>
  17#include <linux/syscalls.h>
  18#include <linux/module.h>
  19#include <linux/fsnotify.h>
  20#include <linux/audit.h>
  21#include <asm/uaccess.h>
  22
  23
  24/*
  25 * Check permissions for extended attribute access.  This is a bit complicated
  26 * because different namespaces have very different rules.
  27 */
  28static int
  29xattr_permission(struct inode *inode, const char *name, int mask)
  30{
  31        /*
  32         * We can never set or remove an extended attribute on a read-only
  33         * filesystem  or on an immutable / append-only inode.
  34         */
  35        if (mask & MAY_WRITE) {
  36                if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
  37                        return -EPERM;
  38        }
  39
  40        /*
  41         * No restriction for security.* and system.* from the VFS.  Decision
  42         * on these is left to the underlying filesystem / security module.
  43         */
  44        if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
  45            !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
  46                return 0;
  47
  48        /*
  49         * The trusted.* namespace can only be accessed by privileged users.
  50         */
  51        if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
  52                if (!capable(CAP_SYS_ADMIN))
  53                        return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
  54                return 0;
  55        }
  56
  57        /*
  58         * In the user.* namespace, only regular files and directories can have
  59         * extended attributes. For sticky directories, only the owner and
  60         * privileged users can write attributes.
  61         */
  62        if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
  63                if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
  64                        return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
  65                if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
  66                    (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
  67                        return -EPERM;
  68        }
  69
  70        return inode_permission(inode, mask);
  71}
  72
  73/**
  74 *  __vfs_setxattr_noperm - perform setxattr operation without performing
  75 *  permission checks.
  76 *
  77 *  @dentry - object to perform setxattr on
  78 *  @name - xattr name to set
  79 *  @value - value to set @name to
  80 *  @size - size of @value
  81 *  @flags - flags to pass into filesystem operations
  82 *
  83 *  returns the result of the internal setxattr or setsecurity operations.
  84 *
  85 *  This function requires the caller to lock the inode's i_mutex before it
  86 *  is executed. It also assumes that the caller will make the appropriate
  87 *  permission checks.
  88 */
  89int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
  90                const void *value, size_t size, int flags)
  91{
  92        struct inode *inode = dentry->d_inode;
  93        int error = -EOPNOTSUPP;
  94        int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
  95                                   XATTR_SECURITY_PREFIX_LEN);
  96
  97        if (issec)
  98                inode->i_flags &= ~S_NOSEC;
  99        if (inode->i_op->setxattr) {
 100                error = inode->i_op->setxattr(dentry, name, value, size, flags);
 101                if (!error) {
 102                        fsnotify_xattr(dentry);
 103                        security_inode_post_setxattr(dentry, name, value,
 104                                                     size, flags);
 105                }
 106        } else if (issec) {
 107                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
 108                error = security_inode_setsecurity(inode, suffix, value,
 109                                                   size, flags);
 110                if (!error)
 111                        fsnotify_xattr(dentry);
 112        }
 113
 114        return error;
 115}
 116
 117
 118int
 119vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
 120                size_t size, int flags)
 121{
 122        struct inode *inode = dentry->d_inode;
 123        int error;
 124
 125        error = xattr_permission(inode, name, MAY_WRITE);
 126        if (error)
 127                return error;
 128
 129        mutex_lock(&inode->i_mutex);
 130        error = security_inode_setxattr(dentry, name, value, size, flags);
 131        if (error)
 132                goto out;
 133
 134        error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
 135
 136out:
 137        mutex_unlock(&inode->i_mutex);
 138        return error;
 139}
 140EXPORT_SYMBOL_GPL(vfs_setxattr);
 141
 142ssize_t
 143xattr_getsecurity(struct inode *inode, const char *name, void *value,
 144                        size_t size)
 145{
 146        void *buffer = NULL;
 147        ssize_t len;
 148
 149        if (!value || !size) {
 150                len = security_inode_getsecurity(inode, name, &buffer, false);
 151                goto out_noalloc;
 152        }
 153
 154        len = security_inode_getsecurity(inode, name, &buffer, true);
 155        if (len < 0)
 156                return len;
 157        if (size < len) {
 158                len = -ERANGE;
 159                goto out;
 160        }
 161        memcpy(value, buffer, len);
 162out:
 163        security_release_secctx(buffer, len);
 164out_noalloc:
 165        return len;
 166}
 167EXPORT_SYMBOL_GPL(xattr_getsecurity);
 168
 169ssize_t
 170vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
 171{
 172        struct inode *inode = dentry->d_inode;
 173        int error;
 174
 175        error = xattr_permission(inode, name, MAY_READ);
 176        if (error)
 177                return error;
 178
 179        error = security_inode_getxattr(dentry, name);
 180        if (error)
 181                return error;
 182
 183        if (!strncmp(name, XATTR_SECURITY_PREFIX,
 184                                XATTR_SECURITY_PREFIX_LEN)) {
 185                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
 186                int ret = xattr_getsecurity(inode, suffix, value, size);
 187                /*
 188                 * Only overwrite the return value if a security module
 189                 * is actually active.
 190                 */
 191                if (ret == -EOPNOTSUPP)
 192                        goto nolsm;
 193                return ret;
 194        }
 195nolsm:
 196        if (inode->i_op->getxattr)
 197                error = inode->i_op->getxattr(dentry, name, value, size);
 198        else
 199                error = -EOPNOTSUPP;
 200
 201        return error;
 202}
 203EXPORT_SYMBOL_GPL(vfs_getxattr);
 204
 205ssize_t
 206vfs_listxattr(struct dentry *d, char *list, size_t size)
 207{
 208        ssize_t error;
 209
 210        error = security_inode_listxattr(d);
 211        if (error)
 212                return error;
 213        error = -EOPNOTSUPP;
 214        if (d->d_inode->i_op->listxattr) {
 215                error = d->d_inode->i_op->listxattr(d, list, size);
 216        } else {
 217                error = security_inode_listsecurity(d->d_inode, list, size);
 218                if (size && error > size)
 219                        error = -ERANGE;
 220        }
 221        return error;
 222}
 223EXPORT_SYMBOL_GPL(vfs_listxattr);
 224
 225int
 226vfs_removexattr(struct dentry *dentry, const char *name)
 227{
 228        struct inode *inode = dentry->d_inode;
 229        int error;
 230
 231        if (!inode->i_op->removexattr)
 232                return -EOPNOTSUPP;
 233
 234        error = xattr_permission(inode, name, MAY_WRITE);
 235        if (error)
 236                return error;
 237
 238        error = security_inode_removexattr(dentry, name);
 239        if (error)
 240                return error;
 241
 242        mutex_lock(&inode->i_mutex);
 243        error = inode->i_op->removexattr(dentry, name);
 244        mutex_unlock(&inode->i_mutex);
 245
 246        if (!error)
 247                fsnotify_xattr(dentry);
 248        return error;
 249}
 250EXPORT_SYMBOL_GPL(vfs_removexattr);
 251
 252
 253/*
 254 * Extended attribute SET operations
 255 */
 256static long
 257setxattr(struct dentry *d, const char __user *name, const void __user *value,
 258         size_t size, int flags)
 259{
 260        int error;
 261        void *kvalue = NULL;
 262        char kname[XATTR_NAME_MAX + 1];
 263
 264        if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
 265                return -EINVAL;
 266
 267        error = strncpy_from_user(kname, name, sizeof(kname));
 268        if (error == 0 || error == sizeof(kname))
 269                error = -ERANGE;
 270        if (error < 0)
 271                return error;
 272
 273        if (size) {
 274                if (size > XATTR_SIZE_MAX)
 275                        return -E2BIG;
 276                kvalue = memdup_user(value, size);
 277                if (IS_ERR(kvalue))
 278                        return PTR_ERR(kvalue);
 279        }
 280
 281        error = vfs_setxattr(d, kname, kvalue, size, flags);
 282        kfree(kvalue);
 283        return error;
 284}
 285
 286SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
 287                const char __user *, name, const void __user *, value,
 288                size_t, size, int, flags)
 289{
 290        struct path path;
 291        int error;
 292
 293        error = user_path(pathname, &path);
 294        if (error)
 295                return error;
 296        error = mnt_want_write(path.mnt);
 297        if (!error) {
 298                error = setxattr(path.dentry, name, value, size, flags);
 299                mnt_drop_write(path.mnt);
 300        }
 301        path_put(&path);
 302        return error;
 303}
 304
 305SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
 306                const char __user *, name, const void __user *, value,
 307                size_t, size, int, flags)
 308{
 309        struct path path;
 310        int error;
 311
 312        error = user_lpath(pathname, &path);
 313        if (error)
 314                return error;
 315        error = mnt_want_write(path.mnt);
 316        if (!error) {
 317                error = setxattr(path.dentry, name, value, size, flags);
 318                mnt_drop_write(path.mnt);
 319        }
 320        path_put(&path);
 321        return error;
 322}
 323
 324SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
 325                const void __user *,value, size_t, size, int, flags)
 326{
 327        struct file *f;
 328        struct dentry *dentry;
 329        int error = -EBADF;
 330
 331        f = fget(fd);
 332        if (!f)
 333                return error;
 334        dentry = f->f_path.dentry;
 335        audit_inode(NULL, dentry);
 336        error = mnt_want_write_file(f);
 337        if (!error) {
 338                error = setxattr(dentry, name, value, size, flags);
 339                mnt_drop_write(f->f_path.mnt);
 340        }
 341        fput(f);
 342        return error;
 343}
 344
 345/*
 346 * Extended attribute GET operations
 347 */
 348static ssize_t
 349getxattr(struct dentry *d, const char __user *name, void __user *value,
 350         size_t size)
 351{
 352        ssize_t error;
 353        void *kvalue = NULL;
 354        char kname[XATTR_NAME_MAX + 1];
 355
 356        error = strncpy_from_user(kname, name, sizeof(kname));
 357        if (error == 0 || error == sizeof(kname))
 358                error = -ERANGE;
 359        if (error < 0)
 360                return error;
 361
 362        if (size) {
 363                if (size > XATTR_SIZE_MAX)
 364                        size = XATTR_SIZE_MAX;
 365                kvalue = kzalloc(size, GFP_KERNEL);
 366                if (!kvalue)
 367                        return -ENOMEM;
 368        }
 369
 370        error = vfs_getxattr(d, kname, kvalue, size);
 371        if (error > 0) {
 372                if (size && copy_to_user(value, kvalue, error))
 373                        error = -EFAULT;
 374        } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
 375                /* The file system tried to returned a value bigger
 376                   than XATTR_SIZE_MAX bytes. Not possible. */
 377                error = -E2BIG;
 378        }
 379        kfree(kvalue);
 380        return error;
 381}
 382
 383SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
 384                const char __user *, name, void __user *, value, size_t, size)
 385{
 386        struct path path;
 387        ssize_t error;
 388
 389        error = user_path(pathname, &path);
 390        if (error)
 391                return error;
 392        error = getxattr(path.dentry, name, value, size);
 393        path_put(&path);
 394        return error;
 395}
 396
 397SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
 398                const char __user *, name, void __user *, value, size_t, size)
 399{
 400        struct path path;
 401        ssize_t error;
 402
 403        error = user_lpath(pathname, &path);
 404        if (error)
 405                return error;
 406        error = getxattr(path.dentry, name, value, size);
 407        path_put(&path);
 408        return error;
 409}
 410
 411SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
 412                void __user *, value, size_t, size)
 413{
 414        struct file *f;
 415        ssize_t error = -EBADF;
 416
 417        f = fget(fd);
 418        if (!f)
 419                return error;
 420        audit_inode(NULL, f->f_path.dentry);
 421        error = getxattr(f->f_path.dentry, name, value, size);
 422        fput(f);
 423        return error;
 424}
 425
 426/*
 427 * Extended attribute LIST operations
 428 */
 429static ssize_t
 430listxattr(struct dentry *d, char __user *list, size_t size)
 431{
 432        ssize_t error;
 433        char *klist = NULL;
 434
 435        if (size) {
 436                if (size > XATTR_LIST_MAX)
 437                        size = XATTR_LIST_MAX;
 438                klist = kmalloc(size, GFP_KERNEL);
 439                if (!klist)
 440                        return -ENOMEM;
 441        }
 442
 443        error = vfs_listxattr(d, klist, size);
 444        if (error > 0) {
 445                if (size && copy_to_user(list, klist, error))
 446                        error = -EFAULT;
 447        } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
 448                /* The file system tried to returned a list bigger
 449                   than XATTR_LIST_MAX bytes. Not possible. */
 450                error = -E2BIG;
 451        }
 452        kfree(klist);
 453        return error;
 454}
 455
 456SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
 457                size_t, size)
 458{
 459        struct path path;
 460        ssize_t error;
 461
 462        error = user_path(pathname, &path);
 463        if (error)
 464                return error;
 465        error = listxattr(path.dentry, list, size);
 466        path_put(&path);
 467        return error;
 468}
 469
 470SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
 471                size_t, size)
 472{
 473        struct path path;
 474        ssize_t error;
 475
 476        error = user_lpath(pathname, &path);
 477        if (error)
 478                return error;
 479        error = listxattr(path.dentry, list, size);
 480        path_put(&path);
 481        return error;
 482}
 483
 484SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
 485{
 486        struct file *f;
 487        ssize_t error = -EBADF;
 488
 489        f = fget(fd);
 490        if (!f)
 491                return error;
 492        audit_inode(NULL, f->f_path.dentry);
 493        error = listxattr(f->f_path.dentry, list, size);
 494        fput(f);
 495        return error;
 496}
 497
 498/*
 499 * Extended attribute REMOVE operations
 500 */
 501static long
 502removexattr(struct dentry *d, const char __user *name)
 503{
 504        int error;
 505        char kname[XATTR_NAME_MAX + 1];
 506
 507        error = strncpy_from_user(kname, name, sizeof(kname));
 508        if (error == 0 || error == sizeof(kname))
 509                error = -ERANGE;
 510        if (error < 0)
 511                return error;
 512
 513        return vfs_removexattr(d, kname);
 514}
 515
 516SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
 517                const char __user *, name)
 518{
 519        struct path path;
 520        int error;
 521
 522        error = user_path(pathname, &path);
 523        if (error)
 524                return error;
 525        error = mnt_want_write(path.mnt);
 526        if (!error) {
 527                error = removexattr(path.dentry, name);
 528                mnt_drop_write(path.mnt);
 529        }
 530        path_put(&path);
 531        return error;
 532}
 533
 534SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
 535                const char __user *, name)
 536{
 537        struct path path;
 538        int error;
 539
 540        error = user_lpath(pathname, &path);
 541        if (error)
 542                return error;
 543        error = mnt_want_write(path.mnt);
 544        if (!error) {
 545                error = removexattr(path.dentry, name);
 546                mnt_drop_write(path.mnt);
 547        }
 548        path_put(&path);
 549        return error;
 550}
 551
 552SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
 553{
 554        struct file *f;
 555        struct dentry *dentry;
 556        int error = -EBADF;
 557
 558        f = fget(fd);
 559        if (!f)
 560                return error;
 561        dentry = f->f_path.dentry;
 562        audit_inode(NULL, dentry);
 563        error = mnt_want_write_file(f);
 564        if (!error) {
 565                error = removexattr(dentry, name);
 566                mnt_drop_write(f->f_path.mnt);
 567        }
 568        fput(f);
 569        return error;
 570}
 571
 572
 573static const char *
 574strcmp_prefix(const char *a, const char *a_prefix)
 575{
 576        while (*a_prefix && *a == *a_prefix) {
 577                a++;
 578                a_prefix++;
 579        }
 580        return *a_prefix ? NULL : a;
 581}
 582
 583/*
 584 * In order to implement different sets of xattr operations for each xattr
 585 * prefix with the generic xattr API, a filesystem should create a
 586 * null-terminated array of struct xattr_handler (one for each prefix) and
 587 * hang a pointer to it off of the s_xattr field of the superblock.
 588 *
 589 * The generic_fooxattr() functions will use this list to dispatch xattr
 590 * operations to the correct xattr_handler.
 591 */
 592#define for_each_xattr_handler(handlers, handler)               \
 593                for ((handler) = *(handlers)++;                 \
 594                        (handler) != NULL;                      \
 595                        (handler) = *(handlers)++)
 596
 597/*
 598 * Find the xattr_handler with the matching prefix.
 599 */
 600static const struct xattr_handler *
 601xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
 602{
 603        const struct xattr_handler *handler;
 604
 605        if (!*name)
 606                return NULL;
 607
 608        for_each_xattr_handler(handlers, handler) {
 609                const char *n = strcmp_prefix(*name, handler->prefix);
 610                if (n) {
 611                        *name = n;
 612                        break;
 613                }
 614        }
 615        return handler;
 616}
 617
 618/*
 619 * Find the handler for the prefix and dispatch its get() operation.
 620 */
 621ssize_t
 622generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
 623{
 624        const struct xattr_handler *handler;
 625
 626        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 627        if (!handler)
 628                return -EOPNOTSUPP;
 629        return handler->get(dentry, name, buffer, size, handler->flags);
 630}
 631
 632/*
 633 * Combine the results of the list() operation from every xattr_handler in the
 634 * list.
 635 */
 636ssize_t
 637generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
 638{
 639        const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
 640        unsigned int size = 0;
 641
 642        if (!buffer) {
 643                for_each_xattr_handler(handlers, handler) {
 644                        size += handler->list(dentry, NULL, 0, NULL, 0,
 645                                              handler->flags);
 646                }
 647        } else {
 648                char *buf = buffer;
 649
 650                for_each_xattr_handler(handlers, handler) {
 651                        size = handler->list(dentry, buf, buffer_size,
 652                                             NULL, 0, handler->flags);
 653                        if (size > buffer_size)
 654                                return -ERANGE;
 655                        buf += size;
 656                        buffer_size -= size;
 657                }
 658                size = buf - buffer;
 659        }
 660        return size;
 661}
 662
 663/*
 664 * Find the handler for the prefix and dispatch its set() operation.
 665 */
 666int
 667generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
 668{
 669        const struct xattr_handler *handler;
 670
 671        if (size == 0)
 672                value = "";  /* empty EA, do not remove */
 673        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 674        if (!handler)
 675                return -EOPNOTSUPP;
 676        return handler->set(dentry, name, value, size, flags, handler->flags);
 677}
 678
 679/*
 680 * Find the handler for the prefix and dispatch its set() operation to remove
 681 * any associated extended attribute.
 682 */
 683int
 684generic_removexattr(struct dentry *dentry, const char *name)
 685{
 686        const struct xattr_handler *handler;
 687
 688        handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
 689        if (!handler)
 690                return -EOPNOTSUPP;
 691        return handler->set(dentry, name, NULL, 0,
 692                            XATTR_REPLACE, handler->flags);
 693}
 694
 695EXPORT_SYMBOL(generic_getxattr);
 696EXPORT_SYMBOL(generic_listxattr);
 697EXPORT_SYMBOL(generic_setxattr);
 698EXPORT_SYMBOL(generic_removexattr);
 699
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.