]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - fs/xattr.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'x86-mce-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[mirror_ubuntu-artful-kernel.git] / fs / xattr.c
1 /*
2 File: fs/xattr.c
3
4 Extended attribute handling.
5
6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 */
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/namei.h>
16 #include <linux/security.h>
17 #include <linux/evm.h>
18 #include <linux/syscalls.h>
19 #include <linux/export.h>
20 #include <linux/fsnotify.h>
21 #include <linux/audit.h>
22 #include <linux/vmalloc.h>
23
24 #include <asm/uaccess.h>
25
26 /*
27 * Check permissions for extended attribute access. This is a bit complicated
28 * because different namespaces have very different rules.
29 */
30 static int
31 xattr_permission(struct inode *inode, const char *name, int mask)
32 {
33 /*
34 * We can never set or remove an extended attribute on a read-only
35 * filesystem or on an immutable / append-only inode.
36 */
37 if (mask & MAY_WRITE) {
38 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
39 return -EPERM;
40 }
41
42 /*
43 * No restriction for security.* and system.* from the VFS. Decision
44 * on these is left to the underlying filesystem / security module.
45 */
46 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
47 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
48 return 0;
49
50 /*
51 * The trusted.* namespace can only be accessed by privileged users.
52 */
53 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
54 if (!capable(CAP_SYS_ADMIN))
55 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
56 return 0;
57 }
58
59 /*
60 * In the user.* namespace, only regular files and directories can have
61 * extended attributes. For sticky directories, only the owner and
62 * privileged users can write attributes.
63 */
64 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
65 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
66 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
67 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
68 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
69 return -EPERM;
70 }
71
72 return inode_permission(inode, mask);
73 }
74
75 /**
76 * __vfs_setxattr_noperm - perform setxattr operation without performing
77 * permission checks.
78 *
79 * @dentry - object to perform setxattr on
80 * @name - xattr name to set
81 * @value - value to set @name to
82 * @size - size of @value
83 * @flags - flags to pass into filesystem operations
84 *
85 * returns the result of the internal setxattr or setsecurity operations.
86 *
87 * This function requires the caller to lock the inode's i_mutex before it
88 * is executed. It also assumes that the caller will make the appropriate
89 * permission checks.
90 */
91 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
92 const void *value, size_t size, int flags)
93 {
94 struct inode *inode = dentry->d_inode;
95 int error = -EOPNOTSUPP;
96 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
97 XATTR_SECURITY_PREFIX_LEN);
98
99 if (issec)
100 inode->i_flags &= ~S_NOSEC;
101 if (inode->i_op->setxattr) {
102 error = inode->i_op->setxattr(dentry, name, value, size, flags);
103 if (!error) {
104 fsnotify_xattr(dentry);
105 security_inode_post_setxattr(dentry, name, value,
106 size, flags);
107 }
108 } else if (issec) {
109 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
110 error = security_inode_setsecurity(inode, suffix, value,
111 size, flags);
112 if (!error)
113 fsnotify_xattr(dentry);
114 }
115
116 return error;
117 }
118
119
120 int
121 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
122 size_t size, int flags)
123 {
124 struct inode *inode = dentry->d_inode;
125 int error;
126
127 error = xattr_permission(inode, name, MAY_WRITE);
128 if (error)
129 return error;
130
131 mutex_lock(&inode->i_mutex);
132 error = security_inode_setxattr(dentry, name, value, size, flags);
133 if (error)
134 goto out;
135
136 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
137
138 out:
139 mutex_unlock(&inode->i_mutex);
140 return error;
141 }
142 EXPORT_SYMBOL_GPL(vfs_setxattr);
143
144 ssize_t
145 xattr_getsecurity(struct inode *inode, const char *name, void *value,
146 size_t size)
147 {
148 void *buffer = NULL;
149 ssize_t len;
150
151 if (!value || !size) {
152 len = security_inode_getsecurity(inode, name, &buffer, false);
153 goto out_noalloc;
154 }
155
156 len = security_inode_getsecurity(inode, name, &buffer, true);
157 if (len < 0)
158 return len;
159 if (size < len) {
160 len = -ERANGE;
161 goto out;
162 }
163 memcpy(value, buffer, len);
164 out:
165 security_release_secctx(buffer, len);
166 out_noalloc:
167 return len;
168 }
169 EXPORT_SYMBOL_GPL(xattr_getsecurity);
170
171 /*
172 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
173 *
174 * Allocate memory, if not already allocated, or re-allocate correct size,
175 * before retrieving the extended attribute.
176 *
177 * Returns the result of alloc, if failed, or the getxattr operation.
178 */
179 ssize_t
180 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
181 size_t xattr_size, gfp_t flags)
182 {
183 struct inode *inode = dentry->d_inode;
184 char *value = *xattr_value;
185 int error;
186
187 error = xattr_permission(inode, name, MAY_READ);
188 if (error)
189 return error;
190
191 if (!inode->i_op->getxattr)
192 return -EOPNOTSUPP;
193
194 error = inode->i_op->getxattr(dentry, name, NULL, 0);
195 if (error < 0)
196 return error;
197
198 if (!value || (error > xattr_size)) {
199 value = krealloc(*xattr_value, error + 1, flags);
200 if (!value)
201 return -ENOMEM;
202 memset(value, 0, error + 1);
203 }
204
205 error = inode->i_op->getxattr(dentry, name, value, error);
206 *xattr_value = value;
207 return error;
208 }
209
210 /* Compare an extended attribute value with the given value */
211 int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
212 const char *value, size_t size, gfp_t flags)
213 {
214 char *xattr_value = NULL;
215 int rc;
216
217 rc = vfs_getxattr_alloc(dentry, xattr_name, &xattr_value, 0, flags);
218 if (rc < 0)
219 return rc;
220
221 if ((rc != size) || (memcmp(xattr_value, value, rc) != 0))
222 rc = -EINVAL;
223 else
224 rc = 0;
225 kfree(xattr_value);
226 return rc;
227 }
228
229 ssize_t
230 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
231 {
232 struct inode *inode = dentry->d_inode;
233 int error;
234
235 error = xattr_permission(inode, name, MAY_READ);
236 if (error)
237 return error;
238
239 error = security_inode_getxattr(dentry, name);
240 if (error)
241 return error;
242
243 if (!strncmp(name, XATTR_SECURITY_PREFIX,
244 XATTR_SECURITY_PREFIX_LEN)) {
245 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
246 int ret = xattr_getsecurity(inode, suffix, value, size);
247 /*
248 * Only overwrite the return value if a security module
249 * is actually active.
250 */
251 if (ret == -EOPNOTSUPP)
252 goto nolsm;
253 return ret;
254 }
255 nolsm:
256 if (inode->i_op->getxattr)
257 error = inode->i_op->getxattr(dentry, name, value, size);
258 else
259 error = -EOPNOTSUPP;
260
261 return error;
262 }
263 EXPORT_SYMBOL_GPL(vfs_getxattr);
264
265 ssize_t
266 vfs_listxattr(struct dentry *d, char *list, size_t size)
267 {
268 ssize_t error;
269
270 error = security_inode_listxattr(d);
271 if (error)
272 return error;
273 error = -EOPNOTSUPP;
274 if (d->d_inode->i_op->listxattr) {
275 error = d->d_inode->i_op->listxattr(d, list, size);
276 } else {
277 error = security_inode_listsecurity(d->d_inode, list, size);
278 if (size && error > size)
279 error = -ERANGE;
280 }
281 return error;
282 }
283 EXPORT_SYMBOL_GPL(vfs_listxattr);
284
285 int
286 vfs_removexattr(struct dentry *dentry, const char *name)
287 {
288 struct inode *inode = dentry->d_inode;
289 int error;
290
291 if (!inode->i_op->removexattr)
292 return -EOPNOTSUPP;
293
294 error = xattr_permission(inode, name, MAY_WRITE);
295 if (error)
296 return error;
297
298 error = security_inode_removexattr(dentry, name);
299 if (error)
300 return error;
301
302 mutex_lock(&inode->i_mutex);
303 error = inode->i_op->removexattr(dentry, name);
304 mutex_unlock(&inode->i_mutex);
305
306 if (!error) {
307 fsnotify_xattr(dentry);
308 evm_inode_post_removexattr(dentry, name);
309 }
310 return error;
311 }
312 EXPORT_SYMBOL_GPL(vfs_removexattr);
313
314
315 /*
316 * Extended attribute SET operations
317 */
318 static long
319 setxattr(struct dentry *d, const char __user *name, const void __user *value,
320 size_t size, int flags)
321 {
322 int error;
323 void *kvalue = NULL;
324 void *vvalue = NULL; /* If non-NULL, we used vmalloc() */
325 char kname[XATTR_NAME_MAX + 1];
326
327 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
328 return -EINVAL;
329
330 error = strncpy_from_user(kname, name, sizeof(kname));
331 if (error == 0 || error == sizeof(kname))
332 error = -ERANGE;
333 if (error < 0)
334 return error;
335
336 if (size) {
337 if (size > XATTR_SIZE_MAX)
338 return -E2BIG;
339 kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN);
340 if (!kvalue) {
341 vvalue = vmalloc(size);
342 if (!vvalue)
343 return -ENOMEM;
344 kvalue = vvalue;
345 }
346 if (copy_from_user(kvalue, value, size)) {
347 error = -EFAULT;
348 goto out;
349 }
350 }
351
352 error = vfs_setxattr(d, kname, kvalue, size, flags);
353 out:
354 if (vvalue)
355 vfree(vvalue);
356 else
357 kfree(kvalue);
358 return error;
359 }
360
361 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
362 const char __user *, name, const void __user *, value,
363 size_t, size, int, flags)
364 {
365 struct path path;
366 int error;
367
368 error = user_path(pathname, &path);
369 if (error)
370 return error;
371 error = mnt_want_write(path.mnt);
372 if (!error) {
373 error = setxattr(path.dentry, name, value, size, flags);
374 mnt_drop_write(path.mnt);
375 }
376 path_put(&path);
377 return error;
378 }
379
380 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
381 const char __user *, name, const void __user *, value,
382 size_t, size, int, flags)
383 {
384 struct path path;
385 int error;
386
387 error = user_lpath(pathname, &path);
388 if (error)
389 return error;
390 error = mnt_want_write(path.mnt);
391 if (!error) {
392 error = setxattr(path.dentry, name, value, size, flags);
393 mnt_drop_write(path.mnt);
394 }
395 path_put(&path);
396 return error;
397 }
398
399 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
400 const void __user *,value, size_t, size, int, flags)
401 {
402 struct file *f;
403 struct dentry *dentry;
404 int error = -EBADF;
405
406 f = fget(fd);
407 if (!f)
408 return error;
409 dentry = f->f_path.dentry;
410 audit_inode(NULL, dentry);
411 error = mnt_want_write_file(f);
412 if (!error) {
413 error = setxattr(dentry, name, value, size, flags);
414 mnt_drop_write_file(f);
415 }
416 fput(f);
417 return error;
418 }
419
420 /*
421 * Extended attribute GET operations
422 */
423 static ssize_t
424 getxattr(struct dentry *d, const char __user *name, void __user *value,
425 size_t size)
426 {
427 ssize_t error;
428 void *kvalue = NULL;
429 char kname[XATTR_NAME_MAX + 1];
430
431 error = strncpy_from_user(kname, name, sizeof(kname));
432 if (error == 0 || error == sizeof(kname))
433 error = -ERANGE;
434 if (error < 0)
435 return error;
436
437 if (size) {
438 if (size > XATTR_SIZE_MAX)
439 size = XATTR_SIZE_MAX;
440 kvalue = kzalloc(size, GFP_KERNEL);
441 if (!kvalue)
442 return -ENOMEM;
443 }
444
445 error = vfs_getxattr(d, kname, kvalue, size);
446 if (error > 0) {
447 if (size && copy_to_user(value, kvalue, error))
448 error = -EFAULT;
449 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
450 /* The file system tried to returned a value bigger
451 than XATTR_SIZE_MAX bytes. Not possible. */
452 error = -E2BIG;
453 }
454 kfree(kvalue);
455 return error;
456 }
457
458 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
459 const char __user *, name, void __user *, value, size_t, size)
460 {
461 struct path path;
462 ssize_t error;
463
464 error = user_path(pathname, &path);
465 if (error)
466 return error;
467 error = getxattr(path.dentry, name, value, size);
468 path_put(&path);
469 return error;
470 }
471
472 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
473 const char __user *, name, void __user *, value, size_t, size)
474 {
475 struct path path;
476 ssize_t error;
477
478 error = user_lpath(pathname, &path);
479 if (error)
480 return error;
481 error = getxattr(path.dentry, name, value, size);
482 path_put(&path);
483 return error;
484 }
485
486 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
487 void __user *, value, size_t, size)
488 {
489 struct file *f;
490 ssize_t error = -EBADF;
491
492 f = fget(fd);
493 if (!f)
494 return error;
495 audit_inode(NULL, f->f_path.dentry);
496 error = getxattr(f->f_path.dentry, name, value, size);
497 fput(f);
498 return error;
499 }
500
501 /*
502 * Extended attribute LIST operations
503 */
504 static ssize_t
505 listxattr(struct dentry *d, char __user *list, size_t size)
506 {
507 ssize_t error;
508 char *klist = NULL;
509 char *vlist = NULL; /* If non-NULL, we used vmalloc() */
510
511 if (size) {
512 if (size > XATTR_LIST_MAX)
513 size = XATTR_LIST_MAX;
514 klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL);
515 if (!klist) {
516 vlist = vmalloc(size);
517 if (!vlist)
518 return -ENOMEM;
519 klist = vlist;
520 }
521 }
522
523 error = vfs_listxattr(d, klist, size);
524 if (error > 0) {
525 if (size && copy_to_user(list, klist, error))
526 error = -EFAULT;
527 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
528 /* The file system tried to returned a list bigger
529 than XATTR_LIST_MAX bytes. Not possible. */
530 error = -E2BIG;
531 }
532 if (vlist)
533 vfree(vlist);
534 else
535 kfree(klist);
536 return error;
537 }
538
539 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
540 size_t, size)
541 {
542 struct path path;
543 ssize_t error;
544
545 error = user_path(pathname, &path);
546 if (error)
547 return error;
548 error = listxattr(path.dentry, list, size);
549 path_put(&path);
550 return error;
551 }
552
553 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
554 size_t, size)
555 {
556 struct path path;
557 ssize_t error;
558
559 error = user_lpath(pathname, &path);
560 if (error)
561 return error;
562 error = listxattr(path.dentry, list, size);
563 path_put(&path);
564 return error;
565 }
566
567 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
568 {
569 struct file *f;
570 ssize_t error = -EBADF;
571
572 f = fget(fd);
573 if (!f)
574 return error;
575 audit_inode(NULL, f->f_path.dentry);
576 error = listxattr(f->f_path.dentry, list, size);
577 fput(f);
578 return error;
579 }
580
581 /*
582 * Extended attribute REMOVE operations
583 */
584 static long
585 removexattr(struct dentry *d, const char __user *name)
586 {
587 int error;
588 char kname[XATTR_NAME_MAX + 1];
589
590 error = strncpy_from_user(kname, name, sizeof(kname));
591 if (error == 0 || error == sizeof(kname))
592 error = -ERANGE;
593 if (error < 0)
594 return error;
595
596 return vfs_removexattr(d, kname);
597 }
598
599 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
600 const char __user *, name)
601 {
602 struct path path;
603 int error;
604
605 error = user_path(pathname, &path);
606 if (error)
607 return error;
608 error = mnt_want_write(path.mnt);
609 if (!error) {
610 error = removexattr(path.dentry, name);
611 mnt_drop_write(path.mnt);
612 }
613 path_put(&path);
614 return error;
615 }
616
617 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
618 const char __user *, name)
619 {
620 struct path path;
621 int error;
622
623 error = user_lpath(pathname, &path);
624 if (error)
625 return error;
626 error = mnt_want_write(path.mnt);
627 if (!error) {
628 error = removexattr(path.dentry, name);
629 mnt_drop_write(path.mnt);
630 }
631 path_put(&path);
632 return error;
633 }
634
635 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
636 {
637 struct file *f;
638 struct dentry *dentry;
639 int error = -EBADF;
640
641 f = fget(fd);
642 if (!f)
643 return error;
644 dentry = f->f_path.dentry;
645 audit_inode(NULL, dentry);
646 error = mnt_want_write_file(f);
647 if (!error) {
648 error = removexattr(dentry, name);
649 mnt_drop_write_file(f);
650 }
651 fput(f);
652 return error;
653 }
654
655
656 static const char *
657 strcmp_prefix(const char *a, const char *a_prefix)
658 {
659 while (*a_prefix && *a == *a_prefix) {
660 a++;
661 a_prefix++;
662 }
663 return *a_prefix ? NULL : a;
664 }
665
666 /*
667 * In order to implement different sets of xattr operations for each xattr
668 * prefix with the generic xattr API, a filesystem should create a
669 * null-terminated array of struct xattr_handler (one for each prefix) and
670 * hang a pointer to it off of the s_xattr field of the superblock.
671 *
672 * The generic_fooxattr() functions will use this list to dispatch xattr
673 * operations to the correct xattr_handler.
674 */
675 #define for_each_xattr_handler(handlers, handler) \
676 for ((handler) = *(handlers)++; \
677 (handler) != NULL; \
678 (handler) = *(handlers)++)
679
680 /*
681 * Find the xattr_handler with the matching prefix.
682 */
683 static const struct xattr_handler *
684 xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
685 {
686 const struct xattr_handler *handler;
687
688 if (!*name)
689 return NULL;
690
691 for_each_xattr_handler(handlers, handler) {
692 const char *n = strcmp_prefix(*name, handler->prefix);
693 if (n) {
694 *name = n;
695 break;
696 }
697 }
698 return handler;
699 }
700
701 /*
702 * Find the handler for the prefix and dispatch its get() operation.
703 */
704 ssize_t
705 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
706 {
707 const struct xattr_handler *handler;
708
709 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
710 if (!handler)
711 return -EOPNOTSUPP;
712 return handler->get(dentry, name, buffer, size, handler->flags);
713 }
714
715 /*
716 * Combine the results of the list() operation from every xattr_handler in the
717 * list.
718 */
719 ssize_t
720 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
721 {
722 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
723 unsigned int size = 0;
724
725 if (!buffer) {
726 for_each_xattr_handler(handlers, handler) {
727 size += handler->list(dentry, NULL, 0, NULL, 0,
728 handler->flags);
729 }
730 } else {
731 char *buf = buffer;
732
733 for_each_xattr_handler(handlers, handler) {
734 size = handler->list(dentry, buf, buffer_size,
735 NULL, 0, handler->flags);
736 if (size > buffer_size)
737 return -ERANGE;
738 buf += size;
739 buffer_size -= size;
740 }
741 size = buf - buffer;
742 }
743 return size;
744 }
745
746 /*
747 * Find the handler for the prefix and dispatch its set() operation.
748 */
749 int
750 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
751 {
752 const struct xattr_handler *handler;
753
754 if (size == 0)
755 value = ""; /* empty EA, do not remove */
756 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
757 if (!handler)
758 return -EOPNOTSUPP;
759 return handler->set(dentry, name, value, size, flags, handler->flags);
760 }
761
762 /*
763 * Find the handler for the prefix and dispatch its set() operation to remove
764 * any associated extended attribute.
765 */
766 int
767 generic_removexattr(struct dentry *dentry, const char *name)
768 {
769 const struct xattr_handler *handler;
770
771 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
772 if (!handler)
773 return -EOPNOTSUPP;
774 return handler->set(dentry, name, NULL, 0,
775 XATTR_REPLACE, handler->flags);
776 }
777
778 EXPORT_SYMBOL(generic_getxattr);
779 EXPORT_SYMBOL(generic_listxattr);
780 EXPORT_SYMBOL(generic_setxattr);
781 EXPORT_SYMBOL(generic_removexattr);
Ubuntu Artful kernel mirror