2 * Copyright (c) 1999-2001 Robert N. M. Watson
5 * This software was developed by Robert Watson for the TrustedBSD Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/systm.h>
37 #include <sys/mount.h>
38 #include <sys/mutex.h>
39 #include <sys/sysproto.h>
40 #include <sys/namei.h>
41 #include <sys/filedesc.h>
42 #include <sys/limits.h>
43 #include <sys/vnode.h>
45 #include <sys/extattr.h>
47 #include <security/audit/audit.h>
48 #include <security/mac/mac_framework.h>
51 * Syscall to push extended attribute configuration information into the VFS.
52 * Accepts a path, which it converts to a mountpoint, as well as a command
53 * (int cmd), and attribute name and misc data.
55 * Currently this is used only by UFS1 extended attributes.
60 struct extattrctl_args /* {
68 struct vnode *filename_vp;
70 struct mount *mp, *mp_writable;
71 char attrname[EXTATTR_MAXNAMELEN];
72 int vfslocked, fnvfslocked, error;
74 AUDIT_ARG(cmd, uap->cmd);
75 AUDIT_ARG(value, uap->attrnamespace);
77 * uap->attrname is not always defined. We check again later when we
78 * invoke the VFS call so as to pass in NULL there if needed.
80 if (uap->attrname != NULL) {
81 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
86 AUDIT_ARG(text, attrname);
88 vfslocked = fnvfslocked = 0;
91 if (uap->filename != NULL) {
92 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE2,
93 UIO_USERSPACE, uap->filename, td);
97 fnvfslocked = NDHASGIANT(&nd);
98 filename_vp = nd.ni_vp;
99 NDFREE(&nd, NDF_NO_VP_RELE);
102 /* uap->path is always defined. */
103 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF | AUDITVNODE1,
104 UIO_USERSPACE, uap->path, td);
108 vfslocked = NDHASGIANT(&nd);
109 mp = nd.ni_vp->v_mount;
110 error = vfs_busy(mp, 0, NULL, td);
116 VOP_UNLOCK(nd.ni_vp, 0, td);
117 error = vn_start_write(nd.ni_vp, &mp_writable, V_WAIT | PCATCH);
118 NDFREE(&nd, NDF_NO_VP_UNLOCK);
121 if (filename_vp != NULL) {
123 * uap->filename is not always defined. If it is,
124 * grab a vnode lock, which VFS_EXTATTRCTL() will
127 error = vn_lock(filename_vp, LK_EXCLUSIVE, td);
129 vn_finished_write(mp_writable);
134 error = VFS_EXTATTRCTL(mp, uap->cmd, filename_vp, uap->attrnamespace,
135 uap->attrname != NULL ? attrname : NULL, td);
137 vn_finished_write(mp_writable);
143 * VFS_EXTATTRCTL will have unlocked, but not de-ref'd, filename_vp,
144 * so vrele it if it is defined.
146 if (filename_vp != NULL)
148 VFS_UNLOCK_GIANT(fnvfslocked);
149 VFS_UNLOCK_GIANT(vfslocked);
154 * Set a named extended attribute on a file or directory
156 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
157 * kernelspace string pointer "attrname", userspace buffer
158 * pointer "data", buffer length "nbytes", thread "td".
159 * Returns: 0 on success, an error number otherwise
161 * References: vp must be a valid reference for the duration of the call
164 extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
165 void *data, size_t nbytes, struct thread *td)
173 VFS_ASSERT_GIANT(vp->v_mount);
174 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
177 VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
178 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
180 aiov.iov_base = data;
181 aiov.iov_len = nbytes;
182 auio.uio_iov = &aiov;
185 if (nbytes > INT_MAX) {
189 auio.uio_resid = nbytes;
190 auio.uio_rw = UIO_WRITE;
191 auio.uio_segflg = UIO_USERSPACE;
196 error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace,
202 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,
204 cnt -= auio.uio_resid;
205 td->td_retval[0] = cnt;
208 VOP_UNLOCK(vp, 0, td);
209 vn_finished_write(mp);
214 extattr_set_fd(td, uap)
216 struct extattr_set_fd_args /* {
219 const char *attrname;
225 char attrname[EXTATTR_MAXNAMELEN];
226 int vfslocked, error;
228 AUDIT_ARG(fd, uap->fd);
229 AUDIT_ARG(value, uap->attrnamespace);
230 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
233 AUDIT_ARG(text, attrname);
235 error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
239 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
240 error = extattr_set_vp(fp->f_vnode, uap->attrnamespace,
241 attrname, uap->data, uap->nbytes, td);
243 VFS_UNLOCK_GIANT(vfslocked);
249 extattr_set_file(td, uap)
251 struct extattr_set_file_args /* {
254 const char *attrname;
260 char attrname[EXTATTR_MAXNAMELEN];
261 int vfslocked, error;
263 AUDIT_ARG(value, uap->attrnamespace);
264 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
267 AUDIT_ARG(text, attrname);
269 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
274 NDFREE(&nd, NDF_ONLY_PNBUF);
276 vfslocked = NDHASGIANT(&nd);
277 error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
278 uap->data, uap->nbytes, td);
281 VFS_UNLOCK_GIANT(vfslocked);
286 extattr_set_link(td, uap)
288 struct extattr_set_link_args /* {
291 const char *attrname;
297 char attrname[EXTATTR_MAXNAMELEN];
298 int vfslocked, error;
300 AUDIT_ARG(value, uap->attrnamespace);
301 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
304 AUDIT_ARG(text, attrname);
306 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
311 NDFREE(&nd, NDF_ONLY_PNBUF);
313 vfslocked = NDHASGIANT(&nd);
314 error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
315 uap->data, uap->nbytes, td);
318 VFS_UNLOCK_GIANT(vfslocked);
323 * Get a named extended attribute on a file or directory
325 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
326 * kernelspace string pointer "attrname", userspace buffer
327 * pointer "data", buffer length "nbytes", thread "td".
328 * Returns: 0 on success, an error number otherwise
330 * References: vp must be a valid reference for the duration of the call
333 extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
334 void *data, size_t nbytes, struct thread *td)
336 struct uio auio, *auiop;
342 VFS_ASSERT_GIANT(vp->v_mount);
343 VOP_LEASE(vp, td, td->td_ucred, LEASE_READ);
344 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
347 * Slightly unusual semantics: if the user provides a NULL data
348 * pointer, they don't want to receive the data, just the maximum
355 aiov.iov_base = data;
356 aiov.iov_len = nbytes;
357 auio.uio_iov = &aiov;
360 if (nbytes > INT_MAX) {
364 auio.uio_resid = nbytes;
365 auio.uio_rw = UIO_READ;
366 auio.uio_segflg = UIO_USERSPACE;
374 error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace,
380 error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep,
384 cnt -= auio.uio_resid;
385 td->td_retval[0] = cnt;
387 td->td_retval[0] = size;
390 VOP_UNLOCK(vp, 0, td);
395 extattr_get_fd(td, uap)
397 struct extattr_get_fd_args /* {
400 const char *attrname;
406 char attrname[EXTATTR_MAXNAMELEN];
407 int vfslocked, error;
409 AUDIT_ARG(fd, uap->fd);
410 AUDIT_ARG(value, uap->attrnamespace);
411 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
414 AUDIT_ARG(text, attrname);
416 error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
420 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
421 error = extattr_get_vp(fp->f_vnode, uap->attrnamespace,
422 attrname, uap->data, uap->nbytes, td);
425 VFS_UNLOCK_GIANT(vfslocked);
430 extattr_get_file(td, uap)
432 struct extattr_get_file_args /* {
435 const char *attrname;
441 char attrname[EXTATTR_MAXNAMELEN];
442 int vfslocked, error;
444 AUDIT_ARG(value, uap->attrnamespace);
445 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
448 AUDIT_ARG(text, attrname);
450 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
455 NDFREE(&nd, NDF_ONLY_PNBUF);
457 vfslocked = NDHASGIANT(&nd);
458 error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
459 uap->data, uap->nbytes, td);
462 VFS_UNLOCK_GIANT(vfslocked);
467 extattr_get_link(td, uap)
469 struct extattr_get_link_args /* {
472 const char *attrname;
478 char attrname[EXTATTR_MAXNAMELEN];
479 int vfslocked, error;
481 AUDIT_ARG(value, uap->attrnamespace);
482 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
485 AUDIT_ARG(text, attrname);
487 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
492 NDFREE(&nd, NDF_ONLY_PNBUF);
494 vfslocked = NDHASGIANT(&nd);
495 error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
496 uap->data, uap->nbytes, td);
499 VFS_UNLOCK_GIANT(vfslocked);
504 * extattr_delete_vp(): Delete a named extended attribute on a file or
507 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
508 * kernelspace string pointer "attrname", proc "p"
509 * Returns: 0 on success, an error number otherwise
511 * References: vp must be a valid reference for the duration of the call
514 extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname,
520 VFS_ASSERT_GIANT(vp->v_mount);
521 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
524 VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
525 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
528 error = mac_check_vnode_deleteextattr(td->td_ucred, vp, attrnamespace,
534 error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, td->td_ucred,
536 if (error == EOPNOTSUPP)
537 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL,
542 VOP_UNLOCK(vp, 0, td);
543 vn_finished_write(mp);
548 extattr_delete_fd(td, uap)
550 struct extattr_delete_fd_args /* {
553 const char *attrname;
557 char attrname[EXTATTR_MAXNAMELEN];
558 int vfslocked, error;
560 AUDIT_ARG(fd, uap->fd);
561 AUDIT_ARG(value, uap->attrnamespace);
562 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
565 AUDIT_ARG(text, attrname);
567 error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
571 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
572 error = extattr_delete_vp(fp->f_vnode, uap->attrnamespace,
575 VFS_UNLOCK_GIANT(vfslocked);
580 extattr_delete_file(td, uap)
582 struct extattr_delete_file_args /* {
585 const char *attrname;
589 char attrname[EXTATTR_MAXNAMELEN];
590 int vfslocked, error;
592 AUDIT_ARG(value, uap->attrnamespace);
593 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
596 AUDIT_ARG(text, attrname);
598 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
603 NDFREE(&nd, NDF_ONLY_PNBUF);
605 vfslocked = NDHASGIANT(&nd);
606 error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
608 VFS_UNLOCK_GIANT(vfslocked);
613 extattr_delete_link(td, uap)
615 struct extattr_delete_link_args /* {
618 const char *attrname;
622 char attrname[EXTATTR_MAXNAMELEN];
623 int vfslocked, error;
625 AUDIT_ARG(value, uap->attrnamespace);
626 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
629 AUDIT_ARG(text, attrname);
631 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
636 NDFREE(&nd, NDF_ONLY_PNBUF);
638 vfslocked = NDHASGIANT(&nd);
639 error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
641 VFS_UNLOCK_GIANT(vfslocked);
646 * Retrieve a list of extended attributes on a file or directory.
648 * Arguments: unlocked vnode "vp", attribute namespace 'attrnamespace",
649 * userspace buffer pointer "data", buffer length "nbytes",
651 * Returns: 0 on success, an error number otherwise
653 * References: vp must be a valid reference for the duration of the call
656 extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
657 size_t nbytes, struct thread *td)
659 struct uio auio, *auiop;
665 VFS_ASSERT_GIANT(vp->v_mount);
666 VOP_LEASE(vp, td, td->td_ucred, LEASE_READ);
667 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
673 aiov.iov_base = data;
674 aiov.iov_len = nbytes;
675 auio.uio_iov = &aiov;
678 if (nbytes > INT_MAX) {
682 auio.uio_resid = nbytes;
683 auio.uio_rw = UIO_READ;
684 auio.uio_segflg = UIO_USERSPACE;
692 error = mac_check_vnode_listextattr(td->td_ucred, vp, attrnamespace);
697 error = VOP_LISTEXTATTR(vp, attrnamespace, auiop, sizep,
701 cnt -= auio.uio_resid;
702 td->td_retval[0] = cnt;
704 td->td_retval[0] = size;
707 VOP_UNLOCK(vp, 0, td);
713 extattr_list_fd(td, uap)
715 struct extattr_list_fd_args /* {
723 int vfslocked, error;
725 AUDIT_ARG(fd, uap->fd);
726 AUDIT_ARG(value, uap->attrnamespace);
727 error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
731 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
732 error = extattr_list_vp(fp->f_vnode, uap->attrnamespace, uap->data,
736 VFS_UNLOCK_GIANT(vfslocked);
741 extattr_list_file(td, uap)
743 struct extattr_list_file_args /* {
751 int vfslocked, error;
753 AUDIT_ARG(value, uap->attrnamespace);
754 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
759 NDFREE(&nd, NDF_ONLY_PNBUF);
761 vfslocked = NDHASGIANT(&nd);
762 error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,
766 VFS_UNLOCK_GIANT(vfslocked);
771 extattr_list_link(td, uap)
773 struct extattr_list_link_args /* {
781 int vfslocked, error;
783 AUDIT_ARG(value, uap->attrnamespace);
784 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
789 NDFREE(&nd, NDF_ONLY_PNBUF);
791 vfslocked = NDHASGIANT(&nd);
792 error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,
796 VFS_UNLOCK_GIANT(vfslocked);