4 Extended attribute handling.
6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/namei.h>
16 #include <linux/security.h>
17 #include <linux/syscalls.h>
18 #include <linux/module.h>
19 #include <linux/fsnotify.h>
20 #include <linux/audit.h>
21 #include <asm/uaccess.h>
25 * Check permissions for extended attribute access. This is a bit complicated
26 * because different namespaces have very different rules.
29 xattr_permission(struct inode *inode, const char *name, int mask)
32 * We can never set or remove an extended attribute on a read-only
33 * filesystem or on an immutable / append-only inode.
35 if (mask & MAY_WRITE) {
36 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
41 * No restriction for security.* and system.* from the VFS. Decision
42 * on these is left to the underlying filesystem / security module.
44 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
45 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
49 * The trusted.* namespace can only be accessed by a privileged user.
51 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
52 return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
54 /* In user.* namespace, only regular files and directories can have
55 * extended attributes. For sticky directories, only the owner and
56 * privileged user can write attributes.
58 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
59 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
61 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
62 (mask & MAY_WRITE) && !is_owner_or_cap(inode))
66 return inode_permission(inode, mask);
70 * __vfs_setxattr_noperm - perform setxattr operation without performing
73 * @dentry - object to perform setxattr on
74 * @name - xattr name to set
75 * @value - value to set @name to
76 * @size - size of @value
77 * @flags - flags to pass into filesystem operations
79 * returns the result of the internal setxattr or setsecurity operations.
81 * This function requires the caller to lock the inode's i_mutex before it
82 * is executed. It also assumes that the caller will make the appropriate
85 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
86 const void *value, size_t size, int flags)
88 struct inode *inode = dentry->d_inode;
89 int error = -EOPNOTSUPP;
91 if (inode->i_op->setxattr) {
92 error = inode->i_op->setxattr(dentry, name, value, size, flags);
94 fsnotify_xattr(dentry);
95 security_inode_post_setxattr(dentry, name, value,
98 } else if (!strncmp(name, XATTR_SECURITY_PREFIX,
99 XATTR_SECURITY_PREFIX_LEN)) {
100 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
101 error = security_inode_setsecurity(inode, suffix, value,
104 fsnotify_xattr(dentry);
112 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
113 size_t size, int flags)
115 struct inode *inode = dentry->d_inode;
118 error = xattr_permission(inode, name, MAY_WRITE);
122 mutex_lock(&inode->i_mutex);
123 error = security_inode_setxattr(dentry, name, value, size, flags);
127 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
130 mutex_unlock(&inode->i_mutex);
133 EXPORT_SYMBOL_GPL(vfs_setxattr);
136 xattr_getsecurity(struct inode *inode, const char *name, void *value,
142 if (!value || !size) {
143 len = security_inode_getsecurity(inode, name, &buffer, false);
147 len = security_inode_getsecurity(inode, name, &buffer, true);
154 memcpy(value, buffer, len);
156 security_release_secctx(buffer, len);
160 EXPORT_SYMBOL_GPL(xattr_getsecurity);
163 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
165 struct inode *inode = dentry->d_inode;
168 error = xattr_permission(inode, name, MAY_READ);
172 error = security_inode_getxattr(dentry, name);
176 if (!strncmp(name, XATTR_SECURITY_PREFIX,
177 XATTR_SECURITY_PREFIX_LEN)) {
178 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
179 int ret = xattr_getsecurity(inode, suffix, value, size);
181 * Only overwrite the return value if a security module
182 * is actually active.
184 if (ret == -EOPNOTSUPP)
189 if (inode->i_op->getxattr)
190 error = inode->i_op->getxattr(dentry, name, value, size);
196 EXPORT_SYMBOL_GPL(vfs_getxattr);
199 vfs_listxattr(struct dentry *d, char *list, size_t size)
203 error = security_inode_listxattr(d);
207 if (d->d_inode->i_op->listxattr) {
208 error = d->d_inode->i_op->listxattr(d, list, size);
210 error = security_inode_listsecurity(d->d_inode, list, size);
211 if (size && error > size)
216 EXPORT_SYMBOL_GPL(vfs_listxattr);
219 vfs_removexattr(struct dentry *dentry, const char *name)
221 struct inode *inode = dentry->d_inode;
224 if (!inode->i_op->removexattr)
227 error = xattr_permission(inode, name, MAY_WRITE);
231 error = security_inode_removexattr(dentry, name);
235 mutex_lock(&inode->i_mutex);
236 error = inode->i_op->removexattr(dentry, name);
237 mutex_unlock(&inode->i_mutex);
240 fsnotify_xattr(dentry);
243 EXPORT_SYMBOL_GPL(vfs_removexattr);
247 * Extended attribute SET operations
250 setxattr(struct dentry *d, const char __user *name, const void __user *value,
251 size_t size, int flags)
255 char kname[XATTR_NAME_MAX + 1];
257 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
260 error = strncpy_from_user(kname, name, sizeof(kname));
261 if (error == 0 || error == sizeof(kname))
267 if (size > XATTR_SIZE_MAX)
269 kvalue = memdup_user(value, size);
271 return PTR_ERR(kvalue);
274 error = vfs_setxattr(d, kname, kvalue, size, flags);
279 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
280 const char __user *, name, const void __user *, value,
281 size_t, size, int, flags)
286 error = user_path(pathname, &path);
289 error = mnt_want_write(path.mnt);
291 error = setxattr(path.dentry, name, value, size, flags);
292 mnt_drop_write(path.mnt);
298 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
299 const char __user *, name, const void __user *, value,
300 size_t, size, int, flags)
305 error = user_lpath(pathname, &path);
308 error = mnt_want_write(path.mnt);
310 error = setxattr(path.dentry, name, value, size, flags);
311 mnt_drop_write(path.mnt);
317 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
318 const void __user *,value, size_t, size, int, flags)
321 struct dentry *dentry;
327 dentry = f->f_path.dentry;
328 audit_inode(NULL, dentry);
329 error = mnt_want_write_file(f);
331 error = setxattr(dentry, name, value, size, flags);
332 mnt_drop_write(f->f_path.mnt);
339 * Extended attribute GET operations
342 getxattr(struct dentry *d, const char __user *name, void __user *value,
347 char kname[XATTR_NAME_MAX + 1];
349 error = strncpy_from_user(kname, name, sizeof(kname));
350 if (error == 0 || error == sizeof(kname))
356 if (size > XATTR_SIZE_MAX)
357 size = XATTR_SIZE_MAX;
358 kvalue = kzalloc(size, GFP_KERNEL);
363 error = vfs_getxattr(d, kname, kvalue, size);
365 if (size && copy_to_user(value, kvalue, error))
367 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
368 /* The file system tried to returned a value bigger
369 than XATTR_SIZE_MAX bytes. Not possible. */
376 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
377 const char __user *, name, void __user *, value, size_t, size)
382 error = user_path(pathname, &path);
385 error = getxattr(path.dentry, name, value, size);
390 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
391 const char __user *, name, void __user *, value, size_t, size)
396 error = user_lpath(pathname, &path);
399 error = getxattr(path.dentry, name, value, size);
404 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
405 void __user *, value, size_t, size)
408 ssize_t error = -EBADF;
413 audit_inode(NULL, f->f_path.dentry);
414 error = getxattr(f->f_path.dentry, name, value, size);
420 * Extended attribute LIST operations
423 listxattr(struct dentry *d, char __user *list, size_t size)
429 if (size > XATTR_LIST_MAX)
430 size = XATTR_LIST_MAX;
431 klist = kmalloc(size, GFP_KERNEL);
436 error = vfs_listxattr(d, klist, size);
438 if (size && copy_to_user(list, klist, error))
440 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
441 /* The file system tried to returned a list bigger
442 than XATTR_LIST_MAX bytes. Not possible. */
449 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
455 error = user_path(pathname, &path);
458 error = listxattr(path.dentry, list, size);
463 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
469 error = user_lpath(pathname, &path);
472 error = listxattr(path.dentry, list, size);
477 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
480 ssize_t error = -EBADF;
485 audit_inode(NULL, f->f_path.dentry);
486 error = listxattr(f->f_path.dentry, list, size);
492 * Extended attribute REMOVE operations
495 removexattr(struct dentry *d, const char __user *name)
498 char kname[XATTR_NAME_MAX + 1];
500 error = strncpy_from_user(kname, name, sizeof(kname));
501 if (error == 0 || error == sizeof(kname))
506 return vfs_removexattr(d, kname);
509 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
510 const char __user *, name)
515 error = user_path(pathname, &path);
518 error = mnt_want_write(path.mnt);
520 error = removexattr(path.dentry, name);
521 mnt_drop_write(path.mnt);
527 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
528 const char __user *, name)
533 error = user_lpath(pathname, &path);
536 error = mnt_want_write(path.mnt);
538 error = removexattr(path.dentry, name);
539 mnt_drop_write(path.mnt);
545 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
548 struct dentry *dentry;
554 dentry = f->f_path.dentry;
555 audit_inode(NULL, dentry);
556 error = mnt_want_write_file(f);
558 error = removexattr(dentry, name);
559 mnt_drop_write(f->f_path.mnt);
567 strcmp_prefix(const char *a, const char *a_prefix)
569 while (*a_prefix && *a == *a_prefix) {
573 return *a_prefix ? NULL : a;
577 * In order to implement different sets of xattr operations for each xattr
578 * prefix with the generic xattr API, a filesystem should create a
579 * null-terminated array of struct xattr_handler (one for each prefix) and
580 * hang a pointer to it off of the s_xattr field of the superblock.
582 * The generic_fooxattr() functions will use this list to dispatch xattr
583 * operations to the correct xattr_handler.
585 #define for_each_xattr_handler(handlers, handler) \
586 for ((handler) = *(handlers)++; \
588 (handler) = *(handlers)++)
591 * Find the xattr_handler with the matching prefix.
593 static struct xattr_handler *
594 xattr_resolve_name(struct xattr_handler **handlers, const char **name)
596 struct xattr_handler *handler;
601 for_each_xattr_handler(handlers, handler) {
602 const char *n = strcmp_prefix(*name, handler->prefix);
612 * Find the handler for the prefix and dispatch its get() operation.
615 generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
617 struct xattr_handler *handler;
619 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
622 return handler->get(dentry, name, buffer, size, handler->flags);
626 * Combine the results of the list() operation from every xattr_handler in the
630 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
632 struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
633 unsigned int size = 0;
636 for_each_xattr_handler(handlers, handler) {
637 size += handler->list(dentry, NULL, 0, NULL, 0,
643 for_each_xattr_handler(handlers, handler) {
644 size = handler->list(dentry, buf, buffer_size,
645 NULL, 0, handler->flags);
646 if (size > buffer_size)
657 * Find the handler for the prefix and dispatch its set() operation.
660 generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
662 struct xattr_handler *handler;
665 value = ""; /* empty EA, do not remove */
666 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
669 return handler->set(dentry, name, value, size, 0, handler->flags);
673 * Find the handler for the prefix and dispatch its set() operation to remove
674 * any associated extended attribute.
677 generic_removexattr(struct dentry *dentry, const char *name)
679 struct xattr_handler *handler;
681 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
684 return handler->set(dentry, name, NULL, 0,
685 XATTR_REPLACE, handler->flags);
688 EXPORT_SYMBOL(generic_getxattr);
689 EXPORT_SYMBOL(generic_listxattr);
690 EXPORT_SYMBOL(generic_setxattr);
691 EXPORT_SYMBOL(generic_removexattr);