4 Extended attribute handling.
6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/namei.h>
16 #include <linux/security.h>
17 #include <linux/evm.h>
18 #include <linux/syscalls.h>
19 #include <linux/export.h>
20 #include <linux/fsnotify.h>
21 #include <linux/audit.h>
22 #include <linux/vmalloc.h>
23 #include <linux/posix_acl_xattr.h>
25 #include <linux/uaccess.h>
28 strcmp_prefix(const char *a, const char *a_prefix)
30 while (*a_prefix && *a == *a_prefix) {
34 return *a_prefix ? NULL : a;
38 * In order to implement different sets of xattr operations for each xattr
39 * prefix, a filesystem should create a null-terminated array of struct
40 * xattr_handler (one for each prefix) and hang a pointer to it off of the
41 * s_xattr field of the superblock.
43 #define for_each_xattr_handler(handlers, handler) \
45 for ((handler) = *(handlers)++; \
47 (handler) = *(handlers)++)
50 * Find the xattr_handler with the matching prefix.
52 static const struct xattr_handler *
53 xattr_resolve_name(struct inode *inode, const char **name)
55 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
56 const struct xattr_handler *handler;
58 if (!(inode->i_opflags & IOP_XATTR)) {
59 if (unlikely(is_bad_inode(inode)))
61 return ERR_PTR(-EOPNOTSUPP);
63 for_each_xattr_handler(handlers, handler) {
66 n = strcmp_prefix(*name, xattr_prefix(handler));
68 if (!handler->prefix ^ !*n) {
71 return ERR_PTR(-EINVAL);
77 return ERR_PTR(-EOPNOTSUPP);
81 * Check permissions for extended attribute access. This is a bit complicated
82 * because different namespaces have very different rules.
85 xattr_permission(struct inode *inode, const char *name, int mask)
88 * We can never set or remove an extended attribute on a read-only
89 * filesystem or on an immutable / append-only inode.
91 if (mask & MAY_WRITE) {
92 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
95 * Updating an xattr will likely cause i_uid and i_gid
96 * to be writen back improperly if their true value is
99 if (HAS_UNMAPPED_ID(inode))
104 * No restriction for security.* and system.* from the VFS. Decision
105 * on these is left to the underlying filesystem / security module.
107 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
108 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
112 * The trusted.* namespace can only be accessed by privileged users.
114 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
115 if (!capable(CAP_SYS_ADMIN))
116 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
121 * In the user.* namespace, only regular files and directories can have
122 * extended attributes. For sticky directories, only the owner and
123 * privileged users can write attributes.
125 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
126 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
127 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
128 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
129 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
133 return inode_permission(inode, mask);
137 __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
138 const void *value, size_t size, int flags)
140 const struct xattr_handler *handler;
142 handler = xattr_resolve_name(inode, &name);
144 return PTR_ERR(handler);
148 value = ""; /* empty EA, do not remove */
149 return handler->set(handler, dentry, inode, name, value, size, flags);
151 EXPORT_SYMBOL(__vfs_setxattr);
154 * __vfs_setxattr_noperm - perform setxattr operation without performing
157 * @dentry - object to perform setxattr on
158 * @name - xattr name to set
159 * @value - value to set @name to
160 * @size - size of @value
161 * @flags - flags to pass into filesystem operations
163 * returns the result of the internal setxattr or setsecurity operations.
165 * This function requires the caller to lock the inode's i_mutex before it
166 * is executed. It also assumes that the caller will make the appropriate
169 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
170 const void *value, size_t size, int flags)
172 struct inode *inode = dentry->d_inode;
174 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
175 XATTR_SECURITY_PREFIX_LEN);
178 inode->i_flags &= ~S_NOSEC;
179 if (inode->i_opflags & IOP_XATTR) {
180 error = __vfs_setxattr(dentry, inode, name, value, size, flags);
182 fsnotify_xattr(dentry);
183 security_inode_post_setxattr(dentry, name, value,
187 if (unlikely(is_bad_inode(inode)))
190 if (error == -EAGAIN) {
194 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
196 error = security_inode_setsecurity(inode, suffix, value,
199 fsnotify_xattr(dentry);
208 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
209 size_t size, int flags)
211 struct inode *inode = dentry->d_inode;
214 error = xattr_permission(inode, name, MAY_WRITE);
219 error = security_inode_setxattr(dentry, name, value, size, flags);
223 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
229 EXPORT_SYMBOL_GPL(vfs_setxattr);
232 xattr_getsecurity(struct inode *inode, const char *name, void *value,
238 if (!value || !size) {
239 len = security_inode_getsecurity(inode, name, &buffer, false);
243 len = security_inode_getsecurity(inode, name, &buffer, true);
250 memcpy(value, buffer, len);
258 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
260 * Allocate memory, if not already allocated, or re-allocate correct size,
261 * before retrieving the extended attribute.
263 * Returns the result of alloc, if failed, or the getxattr operation.
266 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
267 size_t xattr_size, gfp_t flags)
269 const struct xattr_handler *handler;
270 struct inode *inode = dentry->d_inode;
271 char *value = *xattr_value;
274 error = xattr_permission(inode, name, MAY_READ);
278 handler = xattr_resolve_name(inode, &name);
280 return PTR_ERR(handler);
283 error = handler->get(handler, dentry, inode, name, NULL, 0);
287 if (!value || (error > xattr_size)) {
288 value = krealloc(*xattr_value, error + 1, flags);
291 memset(value, 0, error + 1);
294 error = handler->get(handler, dentry, inode, name, value, error);
295 *xattr_value = value;
300 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
301 void *value, size_t size)
303 const struct xattr_handler *handler;
305 handler = xattr_resolve_name(inode, &name);
307 return PTR_ERR(handler);
310 return handler->get(handler, dentry, inode, name, value, size);
312 EXPORT_SYMBOL(__vfs_getxattr);
315 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
317 struct inode *inode = dentry->d_inode;
320 error = xattr_permission(inode, name, MAY_READ);
324 error = security_inode_getxattr(dentry, name);
328 if (!strncmp(name, XATTR_SECURITY_PREFIX,
329 XATTR_SECURITY_PREFIX_LEN)) {
330 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
331 int ret = xattr_getsecurity(inode, suffix, value, size);
333 * Only overwrite the return value if a security module
334 * is actually active.
336 if (ret == -EOPNOTSUPP)
341 return __vfs_getxattr(dentry, inode, name, value, size);
343 EXPORT_SYMBOL_GPL(vfs_getxattr);
346 vfs_listxattr(struct dentry *dentry, char *list, size_t size)
348 struct inode *inode = d_inode(dentry);
351 error = security_inode_listxattr(dentry);
354 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
355 error = inode->i_op->listxattr(dentry, list, size);
357 error = security_inode_listsecurity(inode, list, size);
358 if (size && error > size)
363 EXPORT_SYMBOL_GPL(vfs_listxattr);
366 __vfs_removexattr(struct dentry *dentry, const char *name)
368 struct inode *inode = d_inode(dentry);
369 const struct xattr_handler *handler;
371 handler = xattr_resolve_name(inode, &name);
373 return PTR_ERR(handler);
376 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
378 EXPORT_SYMBOL(__vfs_removexattr);
381 vfs_removexattr(struct dentry *dentry, const char *name)
383 struct inode *inode = dentry->d_inode;
386 error = xattr_permission(inode, name, MAY_WRITE);
391 error = security_inode_removexattr(dentry, name);
395 error = __vfs_removexattr(dentry, name);
398 fsnotify_xattr(dentry);
399 evm_inode_post_removexattr(dentry, name);
406 EXPORT_SYMBOL_GPL(vfs_removexattr);
410 * Extended attribute SET operations
413 setxattr(struct dentry *d, const char __user *name, const void __user *value,
414 size_t size, int flags)
418 char kname[XATTR_NAME_MAX + 1];
420 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
423 error = strncpy_from_user(kname, name, sizeof(kname));
424 if (error == 0 || error == sizeof(kname))
430 if (size > XATTR_SIZE_MAX)
432 kvalue = kvmalloc(size, GFP_KERNEL);
435 if (copy_from_user(kvalue, value, size)) {
439 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
440 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
441 posix_acl_fix_xattr_from_user(kvalue, size);
442 else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
443 error = cap_convert_nscap(d, &kvalue, size);
450 error = vfs_setxattr(d, kname, kvalue, size, flags);
457 static int path_setxattr(const char __user *pathname,
458 const char __user *name, const void __user *value,
459 size_t size, int flags, unsigned int lookup_flags)
464 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
467 error = mnt_want_write(path.mnt);
469 error = setxattr(path.dentry, name, value, size, flags);
470 mnt_drop_write(path.mnt);
473 if (retry_estale(error, lookup_flags)) {
474 lookup_flags |= LOOKUP_REVAL;
480 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
481 const char __user *, name, const void __user *, value,
482 size_t, size, int, flags)
484 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
487 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
488 const char __user *, name, const void __user *, value,
489 size_t, size, int, flags)
491 return path_setxattr(pathname, name, value, size, flags, 0);
494 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
495 const void __user *,value, size_t, size, int, flags)
497 struct fd f = fdget(fd);
503 error = mnt_want_write_file(f.file);
505 error = setxattr(f.file->f_path.dentry, name, value, size, flags);
506 mnt_drop_write_file(f.file);
513 * Extended attribute GET operations
516 getxattr(struct dentry *d, const char __user *name, void __user *value,
521 char kname[XATTR_NAME_MAX + 1];
523 error = strncpy_from_user(kname, name, sizeof(kname));
524 if (error == 0 || error == sizeof(kname))
530 if (size > XATTR_SIZE_MAX)
531 size = XATTR_SIZE_MAX;
532 kvalue = kvzalloc(size, GFP_KERNEL);
537 error = vfs_getxattr(d, kname, kvalue, size);
539 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
540 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
541 posix_acl_fix_xattr_to_user(kvalue, error);
542 if (size && copy_to_user(value, kvalue, error))
544 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
545 /* The file system tried to returned a value bigger
546 than XATTR_SIZE_MAX bytes. Not possible. */
555 static ssize_t path_getxattr(const char __user *pathname,
556 const char __user *name, void __user *value,
557 size_t size, unsigned int lookup_flags)
562 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
565 error = getxattr(path.dentry, name, value, size);
567 if (retry_estale(error, lookup_flags)) {
568 lookup_flags |= LOOKUP_REVAL;
574 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
575 const char __user *, name, void __user *, value, size_t, size)
577 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
580 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
581 const char __user *, name, void __user *, value, size_t, size)
583 return path_getxattr(pathname, name, value, size, 0);
586 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
587 void __user *, value, size_t, size)
589 struct fd f = fdget(fd);
590 ssize_t error = -EBADF;
595 error = getxattr(f.file->f_path.dentry, name, value, size);
601 * Extended attribute LIST operations
604 listxattr(struct dentry *d, char __user *list, size_t size)
610 if (size > XATTR_LIST_MAX)
611 size = XATTR_LIST_MAX;
612 klist = kvmalloc(size, GFP_KERNEL);
617 error = vfs_listxattr(d, klist, size);
619 if (size && copy_to_user(list, klist, error))
621 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
622 /* The file system tried to returned a list bigger
623 than XATTR_LIST_MAX bytes. Not possible. */
632 static ssize_t path_listxattr(const char __user *pathname, char __user *list,
633 size_t size, unsigned int lookup_flags)
638 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
641 error = listxattr(path.dentry, list, size);
643 if (retry_estale(error, lookup_flags)) {
644 lookup_flags |= LOOKUP_REVAL;
650 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
653 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
656 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
659 return path_listxattr(pathname, list, size, 0);
662 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
664 struct fd f = fdget(fd);
665 ssize_t error = -EBADF;
670 error = listxattr(f.file->f_path.dentry, list, size);
676 * Extended attribute REMOVE operations
679 removexattr(struct dentry *d, const char __user *name)
682 char kname[XATTR_NAME_MAX + 1];
684 error = strncpy_from_user(kname, name, sizeof(kname));
685 if (error == 0 || error == sizeof(kname))
690 return vfs_removexattr(d, kname);
693 static int path_removexattr(const char __user *pathname,
694 const char __user *name, unsigned int lookup_flags)
699 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
702 error = mnt_want_write(path.mnt);
704 error = removexattr(path.dentry, name);
705 mnt_drop_write(path.mnt);
708 if (retry_estale(error, lookup_flags)) {
709 lookup_flags |= LOOKUP_REVAL;
715 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
716 const char __user *, name)
718 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
721 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
722 const char __user *, name)
724 return path_removexattr(pathname, name, 0);
727 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
729 struct fd f = fdget(fd);
735 error = mnt_want_write_file(f.file);
737 error = removexattr(f.file->f_path.dentry, name);
738 mnt_drop_write_file(f.file);
745 * Combine the results of the list() operation from every xattr_handler in the
749 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
751 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
752 unsigned int size = 0;
755 for_each_xattr_handler(handlers, handler) {
756 if (!handler->name ||
757 (handler->list && !handler->list(dentry)))
759 size += strlen(handler->name) + 1;
765 for_each_xattr_handler(handlers, handler) {
766 if (!handler->name ||
767 (handler->list && !handler->list(dentry)))
769 len = strlen(handler->name);
770 if (len + 1 > buffer_size)
772 memcpy(buf, handler->name, len + 1);
774 buffer_size -= len + 1;
780 EXPORT_SYMBOL(generic_listxattr);
783 * xattr_full_name - Compute full attribute name from suffix
785 * @handler: handler of the xattr_handler operation
786 * @name: name passed to the xattr_handler operation
788 * The get and set xattr handler operations are called with the remainder of
789 * the attribute name after skipping the handler's prefix: for example, "foo"
790 * is passed to the get operation of a handler with prefix "user." to get
791 * attribute "user.foo". The full name is still "there" in the name though.
793 * Note: the list xattr handler operation when called from the vfs is passed a
794 * NULL name; some file systems use this operation internally, with varying
797 const char *xattr_full_name(const struct xattr_handler *handler,
800 size_t prefix_len = strlen(xattr_prefix(handler));
802 return name - prefix_len;
804 EXPORT_SYMBOL(xattr_full_name);
807 * Allocate new xattr and copy in the value; but leave the name to callers.
809 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
811 struct simple_xattr *new_xattr;
815 len = sizeof(*new_xattr) + size;
816 if (len < sizeof(*new_xattr))
819 new_xattr = kmalloc(len, GFP_KERNEL);
823 new_xattr->size = size;
824 memcpy(new_xattr->value, value, size);
829 * xattr GET operation for in-memory/pseudo filesystems
831 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
832 void *buffer, size_t size)
834 struct simple_xattr *xattr;
837 spin_lock(&xattrs->lock);
838 list_for_each_entry(xattr, &xattrs->head, list) {
839 if (strcmp(name, xattr->name))
844 if (size < xattr->size)
847 memcpy(buffer, xattr->value, xattr->size);
851 spin_unlock(&xattrs->lock);
856 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
857 * @xattrs: target simple_xattr list
858 * @name: name of the extended attribute
859 * @value: value of the xattr. If %NULL, will remove the attribute.
860 * @size: size of the new xattr
861 * @flags: %XATTR_{CREATE|REPLACE}
863 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
864 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
865 * otherwise, fails with -ENODATA.
867 * Returns 0 on success, -errno on failure.
869 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
870 const void *value, size_t size, int flags)
872 struct simple_xattr *xattr;
873 struct simple_xattr *new_xattr = NULL;
876 /* value == NULL means remove */
878 new_xattr = simple_xattr_alloc(value, size);
882 new_xattr->name = kstrdup(name, GFP_KERNEL);
883 if (!new_xattr->name) {
889 spin_lock(&xattrs->lock);
890 list_for_each_entry(xattr, &xattrs->head, list) {
891 if (!strcmp(name, xattr->name)) {
892 if (flags & XATTR_CREATE) {
895 } else if (new_xattr) {
896 list_replace(&xattr->list, &new_xattr->list);
898 list_del(&xattr->list);
903 if (flags & XATTR_REPLACE) {
907 list_add(&new_xattr->list, &xattrs->head);
911 spin_unlock(&xattrs->lock);
920 static bool xattr_is_trusted(const char *name)
922 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
925 static int xattr_list_one(char **buffer, ssize_t *remaining_size,
928 size_t len = strlen(name) + 1;
930 if (*remaining_size < len)
932 memcpy(*buffer, name, len);
935 *remaining_size -= len;
940 * xattr LIST operation for in-memory/pseudo filesystems
942 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
943 char *buffer, size_t size)
945 bool trusted = capable(CAP_SYS_ADMIN);
946 struct simple_xattr *xattr;
947 ssize_t remaining_size = size;
950 #ifdef CONFIG_FS_POSIX_ACL
951 if (IS_POSIXACL(inode)) {
953 err = xattr_list_one(&buffer, &remaining_size,
954 XATTR_NAME_POSIX_ACL_ACCESS);
958 if (inode->i_default_acl) {
959 err = xattr_list_one(&buffer, &remaining_size,
960 XATTR_NAME_POSIX_ACL_DEFAULT);
967 spin_lock(&xattrs->lock);
968 list_for_each_entry(xattr, &xattrs->head, list) {
969 /* skip "trusted." attributes for unprivileged callers */
970 if (!trusted && xattr_is_trusted(xattr->name))
973 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
977 spin_unlock(&xattrs->lock);
979 return err ? err : size - remaining_size;
983 * Adds an extended attribute to the list
985 void simple_xattr_list_add(struct simple_xattrs *xattrs,
986 struct simple_xattr *new_xattr)
988 spin_lock(&xattrs->lock);
989 list_add(&new_xattr->list, &xattrs->head);
990 spin_unlock(&xattrs->lock);
projects / platform / kernel / linux-rpi.git / blob