]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - fs/xattr.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:


d14afbae3c135973c66b9c88d4c5315836b86137
[mirror_ubuntu-zesty-kernel.git] / fs / xattr.c
1 /*
2 File: fs/xattr.c
3
4 Extended attribute handling.
5
6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 */
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/namei.h>
16 #include <linux/security.h>
17 #include <linux/evm.h>
18 #include <linux/syscalls.h>
19 #include <linux/export.h>
20 #include <linux/fsnotify.h>
21 #include <linux/audit.h>
22 #include <linux/vmalloc.h>
23
24 #include <asm/uaccess.h>
25
26 /*
27 * Check permissions for extended attribute access. This is a bit complicated
28 * because different namespaces have very different rules.
29 */
30 static int
31 xattr_permission(struct inode *inode, const char *name, int mask)
32 {
33 /*
34 * We can never set or remove an extended attribute on a read-only
35 * filesystem or on an immutable / append-only inode.
36 */
37 if (mask & MAY_WRITE) {
38 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
39 return -EPERM;
40 }
41
42 /*
43 * No restriction for security.* and system.* from the VFS. Decision
44 * on these is left to the underlying filesystem / security module.
45 */
46 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
47 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
48 return 0;
49
50 /*
51 * The trusted.* namespace can only be accessed by privileged users.
52 */
53 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
54 if (!capable(CAP_SYS_ADMIN))
55 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
56 return 0;
57 }
58
59 /*
60 * In the user.* namespace, only regular files and directories can have
61 * extended attributes. For sticky directories, only the owner and
62 * privileged users can write attributes.
63 */
64 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
65 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
66 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
67 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
68 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
69 return -EPERM;
70 }
71
72 return inode_permission(inode, mask);
73 }
74
75 /**
76 * __vfs_setxattr_noperm - perform setxattr operation without performing
77 * permission checks.
78 *
79 * @dentry - object to perform setxattr on
80 * @name - xattr name to set
81 * @value - value to set @name to
82 * @size - size of @value
83 * @flags - flags to pass into filesystem operations
84 *
85 * returns the result of the internal setxattr or setsecurity operations.
86 *
87 * This function requires the caller to lock the inode's i_mutex before it
88 * is executed. It also assumes that the caller will make the appropriate
89 * permission checks.
90 */
91 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
92 const void *value, size_t size, int flags)
93 {
94 struct inode *inode = dentry->d_inode;
95 int error = -EOPNOTSUPP;
96 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
97 XATTR_SECURITY_PREFIX_LEN);
98
99 if (issec)
100 inode->i_flags &= ~S_NOSEC;
101 if (inode->i_op->setxattr) {
102 error = inode->i_op->setxattr(dentry, name, value, size, flags);
103 if (!error) {
104 fsnotify_xattr(dentry);
105 security_inode_post_setxattr(dentry, name, value,
106 size, flags);
107 }
108 } else if (issec) {
109 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
110 error = security_inode_setsecurity(inode, suffix, value,
111 size, flags);
112 if (!error)
113 fsnotify_xattr(dentry);
114 }
115
116 return error;
117 }
118
119
120 int
121 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
122 size_t size, int flags)
123 {
124 struct inode *inode = dentry->d_inode;
125 int error;
126
127 error = xattr_permission(inode, name, MAY_WRITE);
128 if (error)
129 return error;
130
131 mutex_lock(&inode->i_mutex);
132 error = security_inode_setxattr(dentry, name, value, size, flags);
133 if (error)
134 goto out;
135
136 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
137
138 out:
139 mutex_unlock(&inode->i_mutex);
140 return error;
141 }
142 EXPORT_SYMBOL_GPL(vfs_setxattr);
143
144 ssize_t
145 xattr_getsecurity(struct inode *inode, const char *name, void *value,
146 size_t size)
147 {
148 void *buffer = NULL;
149 ssize_t len;
150
151 if (!value || !size) {
152 len = security_inode_getsecurity(inode, name, &buffer, false);
153 goto out_noalloc;
154 }
155
156 len = security_inode_getsecurity(inode, name, &buffer, true);
157 if (len < 0)
158 return len;
159 if (size < len) {
160 len = -ERANGE;
161 goto out;
162 }
163 memcpy(value, buffer, len);
164 out:
165 security_release_secctx(buffer, len);
166 out_noalloc:
167 return len;
168 }
169 EXPORT_SYMBOL_GPL(xattr_getsecurity);
170
171 /*
172 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
173 *
174 * Allocate memory, if not already allocated, or re-allocate correct size,
175 * before retrieving the extended attribute.
176 *
177 * Returns the result of alloc, if failed, or the getxattr operation.
178 */
179 ssize_t
180 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
181 size_t xattr_size, gfp_t flags)
182 {
183 struct inode *inode = dentry->d_inode;
184 char *value = *xattr_value;
185 int error;
186
187 error = xattr_permission(inode, name, MAY_READ);
188 if (error)
189 return error;
190
191 if (!inode->i_op->getxattr)
192 return -EOPNOTSUPP;
193
194 error = inode->i_op->getxattr(dentry, name, NULL, 0);
195 if (error < 0)
196 return error;
197
198 if (!value || (error > xattr_size)) {
199 value = krealloc(*xattr_value, error + 1, flags);
200 if (!value)
201 return -ENOMEM;
202 memset(value, 0, error + 1);
203 }
204
205 error = inode->i_op->getxattr(dentry, name, value, error);
206 *xattr_value = value;
207 return error;
208 }
209
210 /* Compare an extended attribute value with the given value */
211 int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
212 const char *value, size_t size, gfp_t flags)
213 {
214 char *xattr_value = NULL;
215 int rc;
216
217 rc = vfs_getxattr_alloc(dentry, xattr_name, &xattr_value, 0, flags);
218 if (rc < 0)
219 return rc;
220
221 if ((rc != size) || (memcmp(xattr_value, value, rc) != 0))
222 rc = -EINVAL;
223 else
224 rc = 0;
225 kfree(xattr_value);
226 return rc;
227 }
228
229 ssize_t
230 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
231 {
232 struct inode *inode = dentry->d_inode;
233 int error;
234
235 error = xattr_permission(inode, name, MAY_READ);
236 if (error)
237 return error;
238
239 error = security_inode_getxattr(dentry, name);
240 if (error)
241 return error;
242
243 if (!strncmp(name, XATTR_SECURITY_PREFIX,
244 XATTR_SECURITY_PREFIX_LEN)) {
245 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
246 int ret = xattr_getsecurity(inode, suffix, value, size);
247 /*
248 * Only overwrite the return value if a security module
249 * is actually active.
250 */
251 if (ret == -EOPNOTSUPP)
252 goto nolsm;
253 return ret;
254 }
255 nolsm:
256 if (inode->i_op->getxattr)
257 error = inode->i_op->getxattr(dentry, name, value, size);
258 else
259 error = -EOPNOTSUPP;
260
261 return error;
262 }
263 EXPORT_SYMBOL_GPL(vfs_getxattr);
264
265 ssize_t
266 vfs_listxattr(struct dentry *d, char *list, size_t size)
267 {
268 ssize_t error;
269
270 error = security_inode_listxattr(d);
271 if (error)
272 return error;
273 error = -EOPNOTSUPP;
274 if (d->d_inode->i_op->listxattr) {
275 error = d->d_inode->i_op->listxattr(d, list, size);
276 } else {
277 error = security_inode_listsecurity(d->d_inode, list, size);
278 if (size && error > size)
279 error = -ERANGE;
280 }
281 return error;
282 }
283 EXPORT_SYMBOL_GPL(vfs_listxattr);
284
285 int
286 vfs_removexattr(struct dentry *dentry, const char *name)
287 {
288 struct inode *inode = dentry->d_inode;
289 int error;
290
291 if (!inode->i_op->removexattr)
292 return -EOPNOTSUPP;
293
294 error = xattr_permission(inode, name, MAY_WRITE);
295 if (error)
296 return error;
297
298 error = security_inode_removexattr(dentry, name);
299 if (error)
300 return error;
301
302 mutex_lock(&inode->i_mutex);
303 error = inode->i_op->removexattr(dentry, name);
304 mutex_unlock(&inode->i_mutex);
305
306 if (!error) {
307 fsnotify_xattr(dentry);
308 evm_inode_post_removexattr(dentry, name);
309 }
310 return error;
311 }
312 EXPORT_SYMBOL_GPL(vfs_removexattr);
313
314
315 /*
316 * Extended attribute SET operations
317 */
318 static long
319 setxattr(struct dentry *d, const char __user *name, const void __user *value,
320 size_t size, int flags)
321 {
322 int error;
323 void *kvalue = NULL;
324 char kname[XATTR_NAME_MAX + 1];
325
326 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
327 return -EINVAL;
328
329 error = strncpy_from_user(kname, name, sizeof(kname));
330 if (error == 0 || error == sizeof(kname))
331 error = -ERANGE;
332 if (error < 0)
333 return error;
334
335 if (size) {
336 if (size > XATTR_SIZE_MAX)
337 return -E2BIG;
338 kvalue = memdup_user(value, size);
339 if (IS_ERR(kvalue))
340 return PTR_ERR(kvalue);
341 }
342
343 error = vfs_setxattr(d, kname, kvalue, size, flags);
344 kfree(kvalue);
345 return error;
346 }
347
348 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
349 const char __user *, name, const void __user *, value,
350 size_t, size, int, flags)
351 {
352 struct path path;
353 int error;
354
355 error = user_path(pathname, &path);
356 if (error)
357 return error;
358 error = mnt_want_write(path.mnt);
359 if (!error) {
360 error = setxattr(path.dentry, name, value, size, flags);
361 mnt_drop_write(path.mnt);
362 }
363 path_put(&path);
364 return error;
365 }
366
367 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
368 const char __user *, name, const void __user *, value,
369 size_t, size, int, flags)
370 {
371 struct path path;
372 int error;
373
374 error = user_lpath(pathname, &path);
375 if (error)
376 return error;
377 error = mnt_want_write(path.mnt);
378 if (!error) {
379 error = setxattr(path.dentry, name, value, size, flags);
380 mnt_drop_write(path.mnt);
381 }
382 path_put(&path);
383 return error;
384 }
385
386 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
387 const void __user *,value, size_t, size, int, flags)
388 {
389 struct file *f;
390 struct dentry *dentry;
391 int error = -EBADF;
392
393 f = fget(fd);
394 if (!f)
395 return error;
396 dentry = f->f_path.dentry;
397 audit_inode(NULL, dentry);
398 error = mnt_want_write_file(f);
399 if (!error) {
400 error = setxattr(dentry, name, value, size, flags);
401 mnt_drop_write_file(f);
402 }
403 fput(f);
404 return error;
405 }
406
407 /*
408 * Extended attribute GET operations
409 */
410 static ssize_t
411 getxattr(struct dentry *d, const char __user *name, void __user *value,
412 size_t size)
413 {
414 ssize_t error;
415 void *kvalue = NULL;
416 char kname[XATTR_NAME_MAX + 1];
417
418 error = strncpy_from_user(kname, name, sizeof(kname));
419 if (error == 0 || error == sizeof(kname))
420 error = -ERANGE;
421 if (error < 0)
422 return error;
423
424 if (size) {
425 if (size > XATTR_SIZE_MAX)
426 size = XATTR_SIZE_MAX;
427 kvalue = kzalloc(size, GFP_KERNEL);
428 if (!kvalue)
429 return -ENOMEM;
430 }
431
432 error = vfs_getxattr(d, kname, kvalue, size);
433 if (error > 0) {
434 if (size && copy_to_user(value, kvalue, error))
435 error = -EFAULT;
436 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
437 /* The file system tried to returned a value bigger
438 than XATTR_SIZE_MAX bytes. Not possible. */
439 error = -E2BIG;
440 }
441 kfree(kvalue);
442 return error;
443 }
444
445 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
446 const char __user *, name, void __user *, value, size_t, size)
447 {
448 struct path path;
449 ssize_t error;
450
451 error = user_path(pathname, &path);
452 if (error)
453 return error;
454 error = getxattr(path.dentry, name, value, size);
455 path_put(&path);
456 return error;
457 }
458
459 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
460 const char __user *, name, void __user *, value, size_t, size)
461 {
462 struct path path;
463 ssize_t error;
464
465 error = user_lpath(pathname, &path);
466 if (error)
467 return error;
468 error = getxattr(path.dentry, name, value, size);
469 path_put(&path);
470 return error;
471 }
472
473 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
474 void __user *, value, size_t, size)
475 {
476 struct file *f;
477 ssize_t error = -EBADF;
478
479 f = fget(fd);
480 if (!f)
481 return error;
482 audit_inode(NULL, f->f_path.dentry);
483 error = getxattr(f->f_path.dentry, name, value, size);
484 fput(f);
485 return error;
486 }
487
488 /*
489 * Extended attribute LIST operations
490 */
491 static ssize_t
492 listxattr(struct dentry *d, char __user *list, size_t size)
493 {
494 ssize_t error;
495 char *klist = NULL;
496 char *vlist = NULL; /* If non-NULL, we used vmalloc() */
497
498 if (size) {
499 if (size > XATTR_LIST_MAX)
500 size = XATTR_LIST_MAX;
501 klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL);
502 if (!klist) {
503 vlist = vmalloc(size);
504 if (!vlist)
505 return -ENOMEM;
506 klist = vlist;
507 }
508 }
509
510 error = vfs_listxattr(d, klist, size);
511 if (error > 0) {
512 if (size && copy_to_user(list, klist, error))
513 error = -EFAULT;
514 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
515 /* The file system tried to returned a list bigger
516 than XATTR_LIST_MAX bytes. Not possible. */
517 error = -E2BIG;
518 }
519 if (vlist)
520 vfree(vlist);
521 else
522 kfree(klist);
523 return error;
524 }
525
526 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
527 size_t, size)
528 {
529 struct path path;
530 ssize_t error;
531
532 error = user_path(pathname, &path);
533 if (error)
534 return error;
535 error = listxattr(path.dentry, list, size);
536 path_put(&path);
537 return error;
538 }
539
540 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
541 size_t, size)
542 {
543 struct path path;
544 ssize_t error;
545
546 error = user_lpath(pathname, &path);
547 if (error)
548 return error;
549 error = listxattr(path.dentry, list, size);
550 path_put(&path);
551 return error;
552 }
553
554 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
555 {
556 struct file *f;
557 ssize_t error = -EBADF;
558
559 f = fget(fd);
560 if (!f)
561 return error;
562 audit_inode(NULL, f->f_path.dentry);
563 error = listxattr(f->f_path.dentry, list, size);
564 fput(f);
565 return error;
566 }
567
568 /*
569 * Extended attribute REMOVE operations
570 */
571 static long
572 removexattr(struct dentry *d, const char __user *name)
573 {
574 int error;
575 char kname[XATTR_NAME_MAX + 1];
576
577 error = strncpy_from_user(kname, name, sizeof(kname));
578 if (error == 0 || error == sizeof(kname))
579 error = -ERANGE;
580 if (error < 0)
581 return error;
582
583 return vfs_removexattr(d, kname);
584 }
585
586 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
587 const char __user *, name)
588 {
589 struct path path;
590 int error;
591
592 error = user_path(pathname, &path);
593 if (error)
594 return error;
595 error = mnt_want_write(path.mnt);
596 if (!error) {
597 error = removexattr(path.dentry, name);
598 mnt_drop_write(path.mnt);
599 }
600 path_put(&path);
601 return error;
602 }
603
604 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
605 const char __user *, name)
606 {
607 struct path path;
608 int error;
609
610 error = user_lpath(pathname, &path);
611 if (error)
612 return error;
613 error = mnt_want_write(path.mnt);
614 if (!error) {
615 error = removexattr(path.dentry, name);
616 mnt_drop_write(path.mnt);
617 }
618 path_put(&path);
619 return error;
620 }
621
622 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
623 {
624 struct file *f;
625 struct dentry *dentry;
626 int error = -EBADF;
627
628 f = fget(fd);
629 if (!f)
630 return error;
631 dentry = f->f_path.dentry;
632 audit_inode(NULL, dentry);
633 error = mnt_want_write_file(f);
634 if (!error) {
635 error = removexattr(dentry, name);
636 mnt_drop_write_file(f);
637 }
638 fput(f);
639 return error;
640 }
641
642
643 static const char *
644 strcmp_prefix(const char *a, const char *a_prefix)
645 {
646 while (*a_prefix && *a == *a_prefix) {
647 a++;
648 a_prefix++;
649 }
650 return *a_prefix ? NULL : a;
651 }
652
653 /*
654 * In order to implement different sets of xattr operations for each xattr
655 * prefix with the generic xattr API, a filesystem should create a
656 * null-terminated array of struct xattr_handler (one for each prefix) and
657 * hang a pointer to it off of the s_xattr field of the superblock.
658 *
659 * The generic_fooxattr() functions will use this list to dispatch xattr
660 * operations to the correct xattr_handler.
661 */
662 #define for_each_xattr_handler(handlers, handler) \
663 for ((handler) = *(handlers)++; \
664 (handler) != NULL; \
665 (handler) = *(handlers)++)
666
667 /*
668 * Find the xattr_handler with the matching prefix.
669 */
670 static const struct xattr_handler *
671 xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
672 {
673 const struct xattr_handler *handler;
674
675 if (!*name)
676 return NULL;
677
678 for_each_xattr_handler(handlers, handler) {
679 const char *n = strcmp_prefix(*name, handler->prefix);
680 if (n) {
681 *name = n;
682 break;
683 }
684 }
685 return handler;
686 }
687
688 /*
689 * Find the handler for the prefix and dispatch its get() operation.
690 */
691 ssize_t
692 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
693 {
694 const struct xattr_handler *handler;
695
696 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
697 if (!handler)
698 return -EOPNOTSUPP;
699 return handler->get(dentry, name, buffer, size, handler->flags);
700 }
701
702 /*
703 * Combine the results of the list() operation from every xattr_handler in the
704 * list.
705 */
706 ssize_t
707 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
708 {
709 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
710 unsigned int size = 0;
711
712 if (!buffer) {
713 for_each_xattr_handler(handlers, handler) {
714 size += handler->list(dentry, NULL, 0, NULL, 0,
715 handler->flags);
716 }
717 } else {
718 char *buf = buffer;
719
720 for_each_xattr_handler(handlers, handler) {
721 size = handler->list(dentry, buf, buffer_size,
722 NULL, 0, handler->flags);
723 if (size > buffer_size)
724 return -ERANGE;
725 buf += size;
726 buffer_size -= size;
727 }
728 size = buf - buffer;
729 }
730 return size;
731 }
732
733 /*
734 * Find the handler for the prefix and dispatch its set() operation.
735 */
736 int
737 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
738 {
739 const struct xattr_handler *handler;
740
741 if (size == 0)
742 value = ""; /* empty EA, do not remove */
743 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
744 if (!handler)
745 return -EOPNOTSUPP;
746 return handler->set(dentry, name, value, size, flags, handler->flags);
747 }
748
749 /*
750 * Find the handler for the prefix and dispatch its set() operation to remove
751 * any associated extended attribute.
752 */
753 int
754 generic_removexattr(struct dentry *dentry, const char *name)
755 {
756 const struct xattr_handler *handler;
757
758 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
759 if (!handler)
760 return -EOPNOTSUPP;
761 return handler->set(dentry, name, NULL, 0,
762 XATTR_REPLACE, handler->flags);
763 }
764
765 EXPORT_SYMBOL(generic_getxattr);
766 EXPORT_SYMBOL(generic_listxattr);
767 EXPORT_SYMBOL(generic_setxattr);
768 EXPORT_SYMBOL(generic_removexattr);
ubuntu-zesty-kernel mirror