Root/fs/xattr.c

1/*
2  File: fs/xattr.c
3
4  Extended attribute handling.
5
6  Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7  Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8  Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 */
10#include <linux/fs.h>
11#include <linux/slab.h>
12#include <linux/file.h>
13#include <linux/xattr.h>
14#include <linux/mount.h>
15#include <linux/namei.h>
16#include <linux/security.h>
17#include <linux/syscalls.h>
18#include <linux/module.h>
19#include <linux/fsnotify.h>
20#include <linux/audit.h>
21#include <asm/uaccess.h>
22
23
24/*
25 * Check permissions for extended attribute access. This is a bit complicated
26 * because different namespaces have very different rules.
27 */
28static int
29xattr_permission(struct inode *inode, const char *name, int mask)
30{
31    /*
32     * We can never set or remove an extended attribute on a read-only
33     * filesystem or on an immutable / append-only inode.
34     */
35    if (mask & MAY_WRITE) {
36        if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
37            return -EPERM;
38    }
39
40    /*
41     * No restriction for security.* and system.* from the VFS. Decision
42     * on these is left to the underlying filesystem / security module.
43     */
44    if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
45        !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
46        return 0;
47
48    /*
49     * The trusted.* namespace can only be accessed by privileged users.
50     */
51    if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
52        if (!capable(CAP_SYS_ADMIN))
53            return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
54        return 0;
55    }
56
57    /*
58     * In the user.* namespace, only regular files and directories can have
59     * extended attributes. For sticky directories, only the owner and
60     * privileged users can write attributes.
61     */
62    if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
63        if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
64            return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
65        if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
66            (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
67            return -EPERM;
68    }
69
70    return inode_permission(inode, mask);
71}
72
73/**
74 * __vfs_setxattr_noperm - perform setxattr operation without performing
75 * permission checks.
76 *
77 * @dentry - object to perform setxattr on
78 * @name - xattr name to set
79 * @value - value to set @name to
80 * @size - size of @value
81 * @flags - flags to pass into filesystem operations
82 *
83 * returns the result of the internal setxattr or setsecurity operations.
84 *
85 * This function requires the caller to lock the inode's i_mutex before it
86 * is executed. It also assumes that the caller will make the appropriate
87 * permission checks.
88 */
89int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
90        const void *value, size_t size, int flags)
91{
92    struct inode *inode = dentry->d_inode;
93    int error = -EOPNOTSUPP;
94    int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
95                   XATTR_SECURITY_PREFIX_LEN);
96
97    if (issec)
98        inode->i_flags &= ~S_NOSEC;
99    if (inode->i_op->setxattr) {
100        error = inode->i_op->setxattr(dentry, name, value, size, flags);
101        if (!error) {
102            fsnotify_xattr(dentry);
103            security_inode_post_setxattr(dentry, name, value,
104                             size, flags);
105        }
106    } else if (issec) {
107        const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
108        error = security_inode_setsecurity(inode, suffix, value,
109                           size, flags);
110        if (!error)
111            fsnotify_xattr(dentry);
112    }
113
114    return error;
115}
116
117
118int
119vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
120        size_t size, int flags)
121{
122    struct inode *inode = dentry->d_inode;
123    int error;
124
125    error = xattr_permission(inode, name, MAY_WRITE);
126    if (error)
127        return error;
128
129    mutex_lock(&inode->i_mutex);
130    error = security_inode_setxattr(dentry, name, value, size, flags);
131    if (error)
132        goto out;
133
134    error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
135
136out:
137    mutex_unlock(&inode->i_mutex);
138    return error;
139}
140EXPORT_SYMBOL_GPL(vfs_setxattr);
141
142ssize_t
143xattr_getsecurity(struct inode *inode, const char *name, void *value,
144            size_t size)
145{
146    void *buffer = NULL;
147    ssize_t len;
148
149    if (!value || !size) {
150        len = security_inode_getsecurity(inode, name, &buffer, false);
151        goto out_noalloc;
152    }
153
154    len = security_inode_getsecurity(inode, name, &buffer, true);
155    if (len < 0)
156        return len;
157    if (size < len) {
158        len = -ERANGE;
159        goto out;
160    }
161    memcpy(value, buffer, len);
162out:
163    security_release_secctx(buffer, len);
164out_noalloc:
165    return len;
166}
167EXPORT_SYMBOL_GPL(xattr_getsecurity);
168
169ssize_t
170vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
171{
172    struct inode *inode = dentry->d_inode;
173    int error;
174
175    error = xattr_permission(inode, name, MAY_READ);
176    if (error)
177        return error;
178
179    error = security_inode_getxattr(dentry, name);
180    if (error)
181        return error;
182
183    if (!strncmp(name, XATTR_SECURITY_PREFIX,
184                XATTR_SECURITY_PREFIX_LEN)) {
185        const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
186        int ret = xattr_getsecurity(inode, suffix, value, size);
187        /*
188         * Only overwrite the return value if a security module
189         * is actually active.
190         */
191        if (ret == -EOPNOTSUPP)
192            goto nolsm;
193        return ret;
194    }
195nolsm:
196    if (inode->i_op->getxattr)
197        error = inode->i_op->getxattr(dentry, name, value, size);
198    else
199        error = -EOPNOTSUPP;
200
201    return error;
202}
203EXPORT_SYMBOL_GPL(vfs_getxattr);
204
205ssize_t
206vfs_listxattr(struct dentry *d, char *list, size_t size)
207{
208    ssize_t error;
209
210    error = security_inode_listxattr(d);
211    if (error)
212        return error;
213    error = -EOPNOTSUPP;
214    if (d->d_inode->i_op->listxattr) {
215        error = d->d_inode->i_op->listxattr(d, list, size);
216    } else {
217        error = security_inode_listsecurity(d->d_inode, list, size);
218        if (size && error > size)
219            error = -ERANGE;
220    }
221    return error;
222}
223EXPORT_SYMBOL_GPL(vfs_listxattr);
224
225int
226vfs_removexattr(struct dentry *dentry, const char *name)
227{
228    struct inode *inode = dentry->d_inode;
229    int error;
230
231    if (!inode->i_op->removexattr)
232        return -EOPNOTSUPP;
233
234    error = xattr_permission(inode, name, MAY_WRITE);
235    if (error)
236        return error;
237
238    error = security_inode_removexattr(dentry, name);
239    if (error)
240        return error;
241
242    mutex_lock(&inode->i_mutex);
243    error = inode->i_op->removexattr(dentry, name);
244    mutex_unlock(&inode->i_mutex);
245
246    if (!error)
247        fsnotify_xattr(dentry);
248    return error;
249}
250EXPORT_SYMBOL_GPL(vfs_removexattr);
251
252
253/*
254 * Extended attribute SET operations
255 */
256static long
257setxattr(struct dentry *d, const char __user *name, const void __user *value,
258     size_t size, int flags)
259{
260    int error;
261    void *kvalue = NULL;
262    char kname[XATTR_NAME_MAX + 1];
263
264    if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
265        return -EINVAL;
266
267    error = strncpy_from_user(kname, name, sizeof(kname));
268    if (error == 0 || error == sizeof(kname))
269        error = -ERANGE;
270    if (error < 0)
271        return error;
272
273    if (size) {
274        if (size > XATTR_SIZE_MAX)
275            return -E2BIG;
276        kvalue = memdup_user(value, size);
277        if (IS_ERR(kvalue))
278            return PTR_ERR(kvalue);
279    }
280
281    error = vfs_setxattr(d, kname, kvalue, size, flags);
282    kfree(kvalue);
283    return error;
284}
285
286SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
287        const char __user *, name, const void __user *, value,
288        size_t, size, int, flags)
289{
290    struct path path;
291    int error;
292
293    error = user_path(pathname, &path);
294    if (error)
295        return error;
296    error = mnt_want_write(path.mnt);
297    if (!error) {
298        error = setxattr(path.dentry, name, value, size, flags);
299        mnt_drop_write(path.mnt);
300    }
301    path_put(&path);
302    return error;
303}
304
305SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
306        const char __user *, name, const void __user *, value,
307        size_t, size, int, flags)
308{
309    struct path path;
310    int error;
311
312    error = user_lpath(pathname, &path);
313    if (error)
314        return error;
315    error = mnt_want_write(path.mnt);
316    if (!error) {
317        error = setxattr(path.dentry, name, value, size, flags);
318        mnt_drop_write(path.mnt);
319    }
320    path_put(&path);
321    return error;
322}
323
324SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
325        const void __user *,value, size_t, size, int, flags)
326{
327    struct file *f;
328    struct dentry *dentry;
329    int error = -EBADF;
330
331    f = fget(fd);
332    if (!f)
333        return error;
334    dentry = f->f_path.dentry;
335    audit_inode(NULL, dentry);
336    error = mnt_want_write_file(f);
337    if (!error) {
338        error = setxattr(dentry, name, value, size, flags);
339        mnt_drop_write(f->f_path.mnt);
340    }
341    fput(f);
342    return error;
343}
344
345/*
346 * Extended attribute GET operations
347 */
348static ssize_t
349getxattr(struct dentry *d, const char __user *name, void __user *value,
350     size_t size)
351{
352    ssize_t error;
353    void *kvalue = NULL;
354    char kname[XATTR_NAME_MAX + 1];
355
356    error = strncpy_from_user(kname, name, sizeof(kname));
357    if (error == 0 || error == sizeof(kname))
358        error = -ERANGE;
359    if (error < 0)
360        return error;
361
362    if (size) {
363        if (size > XATTR_SIZE_MAX)
364            size = XATTR_SIZE_MAX;
365        kvalue = kzalloc(size, GFP_KERNEL);
366        if (!kvalue)
367            return -ENOMEM;
368    }
369
370    error = vfs_getxattr(d, kname, kvalue, size);
371    if (error > 0) {
372        if (size && copy_to_user(value, kvalue, error))
373            error = -EFAULT;
374    } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
375        /* The file system tried to returned a value bigger
376           than XATTR_SIZE_MAX bytes. Not possible. */
377        error = -E2BIG;
378    }
379    kfree(kvalue);
380    return error;
381}
382
383SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
384        const char __user *, name, void __user *, value, size_t, size)
385{
386    struct path path;
387    ssize_t error;
388
389    error = user_path(pathname, &path);
390    if (error)
391        return error;
392    error = getxattr(path.dentry, name, value, size);
393    path_put(&path);
394    return error;
395}
396
397SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
398        const char __user *, name, void __user *, value, size_t, size)
399{
400    struct path path;
401    ssize_t error;
402
403    error = user_lpath(pathname, &path);
404    if (error)
405        return error;
406    error = getxattr(path.dentry, name, value, size);
407    path_put(&path);
408    return error;
409}
410
411SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
412        void __user *, value, size_t, size)
413{
414    struct file *f;
415    ssize_t error = -EBADF;
416
417    f = fget(fd);
418    if (!f)
419        return error;
420    audit_inode(NULL, f->f_path.dentry);
421    error = getxattr(f->f_path.dentry, name, value, size);
422    fput(f);
423    return error;
424}
425
426/*
427 * Extended attribute LIST operations
428 */
429static ssize_t
430listxattr(struct dentry *d, char __user *list, size_t size)
431{
432    ssize_t error;
433    char *klist = NULL;
434
435    if (size) {
436        if (size > XATTR_LIST_MAX)
437            size = XATTR_LIST_MAX;
438        klist = kmalloc(size, GFP_KERNEL);
439        if (!klist)
440            return -ENOMEM;
441    }
442
443    error = vfs_listxattr(d, klist, size);
444    if (error > 0) {
445        if (size && copy_to_user(list, klist, error))
446            error = -EFAULT;
447    } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
448        /* The file system tried to returned a list bigger
449           than XATTR_LIST_MAX bytes. Not possible. */
450        error = -E2BIG;
451    }
452    kfree(klist);
453    return error;
454}
455
456SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
457        size_t, size)
458{
459    struct path path;
460    ssize_t error;
461
462    error = user_path(pathname, &path);
463    if (error)
464        return error;
465    error = listxattr(path.dentry, list, size);
466    path_put(&path);
467    return error;
468}
469
470SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
471        size_t, size)
472{
473    struct path path;
474    ssize_t error;
475
476    error = user_lpath(pathname, &path);
477    if (error)
478        return error;
479    error = listxattr(path.dentry, list, size);
480    path_put(&path);
481    return error;
482}
483
484SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
485{
486    struct file *f;
487    ssize_t error = -EBADF;
488
489    f = fget(fd);
490    if (!f)
491        return error;
492    audit_inode(NULL, f->f_path.dentry);
493    error = listxattr(f->f_path.dentry, list, size);
494    fput(f);
495    return error;
496}
497
498/*
499 * Extended attribute REMOVE operations
500 */
501static long
502removexattr(struct dentry *d, const char __user *name)
503{
504    int error;
505    char kname[XATTR_NAME_MAX + 1];
506
507    error = strncpy_from_user(kname, name, sizeof(kname));
508    if (error == 0 || error == sizeof(kname))
509        error = -ERANGE;
510    if (error < 0)
511        return error;
512
513    return vfs_removexattr(d, kname);
514}
515
516SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
517        const char __user *, name)
518{
519    struct path path;
520    int error;
521
522    error = user_path(pathname, &path);
523    if (error)
524        return error;
525    error = mnt_want_write(path.mnt);
526    if (!error) {
527        error = removexattr(path.dentry, name);
528        mnt_drop_write(path.mnt);
529    }
530    path_put(&path);
531    return error;
532}
533
534SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
535        const char __user *, name)
536{
537    struct path path;
538    int error;
539
540    error = user_lpath(pathname, &path);
541    if (error)
542        return error;
543    error = mnt_want_write(path.mnt);
544    if (!error) {
545        error = removexattr(path.dentry, name);
546        mnt_drop_write(path.mnt);
547    }
548    path_put(&path);
549    return error;
550}
551
552SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
553{
554    struct file *f;
555    struct dentry *dentry;
556    int error = -EBADF;
557
558    f = fget(fd);
559    if (!f)
560        return error;
561    dentry = f->f_path.dentry;
562    audit_inode(NULL, dentry);
563    error = mnt_want_write_file(f);
564    if (!error) {
565        error = removexattr(dentry, name);
566        mnt_drop_write(f->f_path.mnt);
567    }
568    fput(f);
569    return error;
570}
571
572
573static const char *
574strcmp_prefix(const char *a, const char *a_prefix)
575{
576    while (*a_prefix && *a == *a_prefix) {
577        a++;
578        a_prefix++;
579    }
580    return *a_prefix ? NULL : a;
581}
582
583/*
584 * In order to implement different sets of xattr operations for each xattr
585 * prefix with the generic xattr API, a filesystem should create a
586 * null-terminated array of struct xattr_handler (one for each prefix) and
587 * hang a pointer to it off of the s_xattr field of the superblock.
588 *
589 * The generic_fooxattr() functions will use this list to dispatch xattr
590 * operations to the correct xattr_handler.
591 */
592#define for_each_xattr_handler(handlers, handler) \
593        for ((handler) = *(handlers)++; \
594            (handler) != NULL; \
595            (handler) = *(handlers)++)
596
597/*
598 * Find the xattr_handler with the matching prefix.
599 */
600static const struct xattr_handler *
601xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
602{
603    const struct xattr_handler *handler;
604
605    if (!*name)
606        return NULL;
607
608    for_each_xattr_handler(handlers, handler) {
609        const char *n = strcmp_prefix(*name, handler->prefix);
610        if (n) {
611            *name = n;
612            break;
613        }
614    }
615    return handler;
616}
617
618/*
619 * Find the handler for the prefix and dispatch its get() operation.
620 */
621ssize_t
622generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
623{
624    const struct xattr_handler *handler;
625
626    handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
627    if (!handler)
628        return -EOPNOTSUPP;
629    return handler->get(dentry, name, buffer, size, handler->flags);
630}
631
632/*
633 * Combine the results of the list() operation from every xattr_handler in the
634 * list.
635 */
636ssize_t
637generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
638{
639    const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
640    unsigned int size = 0;
641
642    if (!buffer) {
643        for_each_xattr_handler(handlers, handler) {
644            size += handler->list(dentry, NULL, 0, NULL, 0,
645                          handler->flags);
646        }
647    } else {
648        char *buf = buffer;
649
650        for_each_xattr_handler(handlers, handler) {
651            size = handler->list(dentry, buf, buffer_size,
652                         NULL, 0, handler->flags);
653            if (size > buffer_size)
654                return -ERANGE;
655            buf += size;
656            buffer_size -= size;
657        }
658        size = buf - buffer;
659    }
660    return size;
661}
662
663/*
664 * Find the handler for the prefix and dispatch its set() operation.
665 */
666int
667generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
668{
669    const struct xattr_handler *handler;
670
671    if (size == 0)
672        value = ""; /* empty EA, do not remove */
673    handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
674    if (!handler)
675        return -EOPNOTSUPP;
676    return handler->set(dentry, name, value, size, flags, handler->flags);
677}
678
679/*
680 * Find the handler for the prefix and dispatch its set() operation to remove
681 * any associated extended attribute.
682 */
683int
684generic_removexattr(struct dentry *dentry, const char *name)
685{
686    const struct xattr_handler *handler;
687
688    handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
689    if (!handler)
690        return -EOPNOTSUPP;
691    return handler->set(dentry, name, NULL, 0,
692                XATTR_REPLACE, handler->flags);
693}
694
695EXPORT_SYMBOL(generic_getxattr);
696EXPORT_SYMBOL(generic_listxattr);
697EXPORT_SYMBOL(generic_setxattr);
698EXPORT_SYMBOL(generic_removexattr);
699

Archive Download this file



interactive