]>
Commit | Line | Data |
---|---|---|
cc5f931c BB |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://www.opensolaris.org/os/licensing. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
22 | * Copyright (c) 2011, Lawrence Livermore National Security, LLC. | |
23 | * | |
24 | * Extended attributes (xattr) on Solaris are implemented as files | |
25 | * which exist in a hidden xattr directory. These extended attributes | |
26 | * can be accessed using the attropen() system call which opens | |
27 | * the extended attribute. It can then be manipulated just like | |
28 | * a standard file descriptor. This has a couple advantages such | |
29 | * as practically no size limit on the file, and the extended | |
30 | * attributes permissions may differ from those of the parent file. | |
31 | * This interface is really quite clever, but it's also completely | |
82a37189 BB |
32 | * different than what is supported on Linux. It also comes with a |
33 | * steep performance penalty when accessing small xattrs because they | |
34 | * are not stored with the parent file. | |
cc5f931c BB |
35 | * |
36 | * Under Linux extended attributes are manipulated by the system | |
37 | * calls getxattr(2), setxattr(2), and listxattr(2). They consider | |
38 | * extended attributes to be name/value pairs where the name is a | |
39 | * NULL terminated string. The name must also include one of the | |
82a37189 | 40 | * following namespace prefixes: |
cc5f931c BB |
41 | * |
42 | * user - No restrictions and is available to user applications. | |
43 | * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use. | |
44 | * system - Used for access control lists (system.nfs4_acl, etc). | |
45 | * security - Used by SELinux to store a files security context. | |
46 | * | |
82a37189 BB |
47 | * The value under Linux to limited to 65536 bytes of binary data. |
48 | * In practice, individual xattrs tend to be much smaller than this | |
49 | * and are typically less than 100 bytes. A good example of this | |
50 | * are the security.selinux xattrs which are less than 100 bytes and | |
51 | * exist for every file when xattr labeling is enabled. | |
cc5f931c | 52 | * |
4e33ba4c | 53 | * The Linux xattr implementation has been written to take advantage of |
82a37189 BB |
54 | * this typical usage. When the dataset property 'xattr=sa' is set, |
55 | * then xattrs will be preferentially stored as System Attributes (SA). | |
56 | * This allows tiny xattrs (~100 bytes) to be stored with the dnode and | |
57 | * up to 64k of xattrs to be stored in the spill block. If additional | |
58 | * xattr space is required, which is unlikely under Linux, they will | |
59 | * be stored using the traditional directory approach. | |
cc5f931c | 60 | * |
82a37189 BB |
61 | * This optimization results in roughly a 3x performance improvement |
62 | * when accessing xattrs because it avoids the need to perform a seek | |
63 | * for every xattr value. When multiple xattrs are stored per-file | |
64 | * the performance improvements are even greater because all of the | |
65 | * xattrs stored in the spill block will be cached. | |
66 | * | |
67 | * However, by default SA based xattrs are disabled in the Linux port | |
68 | * to maximize compatibility with other implementations. If you do | |
69 | * enable SA based xattrs then they will not be visible on platforms | |
70 | * which do not support this feature. | |
71 | * | |
72 | * NOTE: One additional consequence of the xattr directory implementation | |
73 | * is that when an extended attribute is manipulated an inode is created. | |
74 | * This inode will exist in the Linux inode cache but there will be no | |
75 | * associated entry in the dentry cache which references it. This is | |
76 | * safe but it may result in some confusion. Enabling SA based xattrs | |
77 | * largely avoids the issue except in the overflow case. | |
cc5f931c BB |
78 | */ |
79 | ||
cc5f931c BB |
80 | #include <sys/zfs_vfsops.h> |
81 | #include <sys/zfs_vnops.h> | |
82 | #include <sys/zfs_znode.h> | |
0f37d0c8 | 83 | #include <sys/zap.h> |
cc5f931c BB |
84 | #include <sys/vfs.h> |
85 | #include <sys/zpl.h> | |
86 | ||
87 | typedef struct xattr_filldir { | |
88 | size_t size; | |
89 | size_t offset; | |
90 | char *buf; | |
4967a3eb | 91 | struct dentry *dentry; |
cc5f931c BB |
92 | } xattr_filldir_t; |
93 | ||
4967a3eb BB |
94 | static const struct xattr_handler *zpl_xattr_handler(const char *); |
95 | ||
cc5f931c | 96 | static int |
4967a3eb | 97 | zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len) |
cc5f931c | 98 | { |
4967a3eb BB |
99 | static const struct xattr_handler *handler; |
100 | struct dentry *d = xf->dentry; | |
cc5f931c | 101 | |
4967a3eb BB |
102 | handler = zpl_xattr_handler(name); |
103 | if (!handler) | |
104 | return (0); | |
105 | ||
106 | if (handler->list) { | |
107 | #if defined(HAVE_XATTR_LIST_SIMPLE) | |
108 | if (!handler->list(d)) | |
109 | return (0); | |
110 | #elif defined(HAVE_XATTR_LIST_DENTRY) | |
111 | if (!handler->list(d, NULL, 0, name, name_len, 0)) | |
cc5f931c | 112 | return (0); |
4967a3eb BB |
113 | #elif defined(HAVE_XATTR_LIST_HANDLER) |
114 | if (!handler->list(handler, d, NULL, 0, name, name_len)) | |
115 | return (0); | |
116 | #elif defined(HAVE_XATTR_LIST_INODE) | |
117 | if (!handler->list(d->d_inode, NULL, 0, name, name_len)) | |
118 | return (0); | |
119 | #endif | |
120 | } | |
121 | ||
122 | return (1); | |
123 | } | |
124 | ||
125 | /* | |
126 | * Determine is a given xattr name should be visible and if so copy it | |
127 | * in to the provided buffer (xf->buf). | |
128 | */ | |
129 | static int | |
130 | zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len) | |
131 | { | |
132 | /* Check permissions using the per-namespace list xattr handler. */ | |
133 | if (!zpl_xattr_permission(xf, name, name_len)) | |
134 | return (0); | |
cc5f931c BB |
135 | |
136 | /* When xf->buf is NULL only calculate the required size. */ | |
137 | if (xf->buf) { | |
138 | if (xf->offset + name_len + 1 > xf->size) | |
139 | return (-ERANGE); | |
140 | ||
141 | memcpy(xf->buf + xf->offset, name, name_len); | |
142 | xf->buf[xf->offset + name_len] = '\0'; | |
143 | } | |
144 | ||
145 | xf->offset += (name_len + 1); | |
146 | ||
147 | return (0); | |
148 | } | |
149 | ||
0f37d0c8 RY |
150 | /* |
151 | * Read as many directory entry names as will fit in to the provided buffer, | |
152 | * or when no buffer is provided calculate the required buffer size. | |
153 | */ | |
154 | int | |
155 | zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf) | |
156 | { | |
157 | zap_cursor_t zc; | |
158 | zap_attribute_t zap; | |
159 | int error; | |
160 | ||
161 | zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id); | |
162 | ||
163 | while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) { | |
164 | ||
165 | if (zap.za_integer_length != 8 || zap.za_num_integers != 1) { | |
166 | error = -ENXIO; | |
167 | break; | |
168 | } | |
169 | ||
170 | error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name)); | |
171 | if (error) | |
172 | break; | |
173 | ||
174 | zap_cursor_advance(&zc); | |
175 | } | |
176 | ||
177 | zap_cursor_fini(&zc); | |
178 | ||
179 | if (error == -ENOENT) | |
180 | error = 0; | |
181 | ||
182 | return (error); | |
183 | } | |
184 | ||
82a37189 BB |
185 | static ssize_t |
186 | zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr) | |
cc5f931c | 187 | { |
4967a3eb | 188 | struct inode *ip = xf->dentry->d_inode; |
cc5f931c | 189 | struct inode *dxip = NULL; |
cc5f931c | 190 | int error; |
cc5f931c BB |
191 | |
192 | /* Lookup the xattr directory */ | |
193 | error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); | |
194 | if (error) { | |
195 | if (error == -ENOENT) | |
196 | error = 0; | |
197 | ||
82a37189 | 198 | return (error); |
cc5f931c BB |
199 | } |
200 | ||
0f37d0c8 | 201 | error = zpl_xattr_readdir(dxip, xf); |
82a37189 BB |
202 | iput(dxip); |
203 | ||
204 | return (error); | |
205 | } | |
206 | ||
207 | static ssize_t | |
208 | zpl_xattr_list_sa(xattr_filldir_t *xf) | |
209 | { | |
4967a3eb | 210 | znode_t *zp = ITOZ(xf->dentry->d_inode); |
82a37189 BB |
211 | nvpair_t *nvp = NULL; |
212 | int error = 0; | |
213 | ||
214 | mutex_enter(&zp->z_lock); | |
215 | if (zp->z_xattr_cached == NULL) | |
216 | error = -zfs_sa_get_xattr(zp); | |
217 | mutex_exit(&zp->z_lock); | |
218 | ||
219 | if (error) | |
220 | return (error); | |
221 | ||
222 | ASSERT(zp->z_xattr_cached); | |
223 | ||
224 | while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) { | |
225 | ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY); | |
226 | ||
0f37d0c8 | 227 | error = zpl_xattr_filldir(xf, nvpair_name(nvp), |
d1d7e268 | 228 | strlen(nvpair_name(nvp))); |
82a37189 BB |
229 | if (error) |
230 | return (error); | |
231 | } | |
232 | ||
233 | return (0); | |
234 | } | |
235 | ||
236 | ssize_t | |
237 | zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size) | |
238 | { | |
239 | znode_t *zp = ITOZ(dentry->d_inode); | |
0037b49e | 240 | zfsvfs_t *zfsvfs = ZTOZSB(zp); |
4967a3eb | 241 | xattr_filldir_t xf = { buffer_size, 0, buffer, dentry }; |
82a37189 | 242 | cred_t *cr = CRED(); |
7fad6290 | 243 | fstrans_cookie_t cookie; |
82a37189 BB |
244 | int error = 0; |
245 | ||
246 | crhold(cr); | |
7fad6290 | 247 | cookie = spl_fstrans_mark(); |
0037b49e | 248 | rrm_enter_read(&(zfsvfs)->z_teardown_lock, FTAG); |
82a37189 BB |
249 | rw_enter(&zp->z_xattr_lock, RW_READER); |
250 | ||
0037b49e | 251 | if (zfsvfs->z_use_sa && zp->z_is_sa) { |
82a37189 BB |
252 | error = zpl_xattr_list_sa(&xf); |
253 | if (error) | |
254 | goto out; | |
255 | } | |
256 | ||
257 | error = zpl_xattr_list_dir(&xf, cr); | |
cc5f931c BB |
258 | if (error) |
259 | goto out; | |
260 | ||
261 | error = xf.offset; | |
262 | out: | |
cc5f931c | 263 | |
82a37189 | 264 | rw_exit(&zp->z_xattr_lock); |
0037b49e | 265 | rrm_exit(&(zfsvfs)->z_teardown_lock, FTAG); |
7fad6290 | 266 | spl_fstrans_unmark(cookie); |
81e97e21 | 267 | crfree(cr); |
cc5f931c BB |
268 | |
269 | return (error); | |
270 | } | |
271 | ||
272 | static int | |
82a37189 BB |
273 | zpl_xattr_get_dir(struct inode *ip, const char *name, void *value, |
274 | size_t size, cred_t *cr) | |
cc5f931c BB |
275 | { |
276 | struct inode *dxip = NULL; | |
277 | struct inode *xip = NULL; | |
cd3939c5 | 278 | loff_t pos = 0; |
cc5f931c BB |
279 | int error; |
280 | ||
cc5f931c BB |
281 | /* Lookup the xattr directory */ |
282 | error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); | |
283 | if (error) | |
284 | goto out; | |
285 | ||
286 | /* Lookup a specific xattr name in the directory */ | |
287 | error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); | |
288 | if (error) | |
289 | goto out; | |
290 | ||
291 | if (!size) { | |
292 | error = i_size_read(xip); | |
293 | goto out; | |
294 | } | |
295 | ||
f7064211 BB |
296 | if (size < i_size_read(xip)) { |
297 | error = -ERANGE; | |
298 | goto out; | |
299 | } | |
300 | ||
cd3939c5 | 301 | error = zpl_read_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr); |
cc5f931c BB |
302 | out: |
303 | if (xip) | |
304 | iput(xip); | |
305 | ||
306 | if (dxip) | |
307 | iput(dxip); | |
308 | ||
82a37189 BB |
309 | return (error); |
310 | } | |
311 | ||
312 | static int | |
313 | zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size) | |
314 | { | |
315 | znode_t *zp = ITOZ(ip); | |
316 | uchar_t *nv_value; | |
317 | uint_t nv_size; | |
318 | int error = 0; | |
cc5f931c | 319 | |
82a37189 BB |
320 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); |
321 | ||
322 | mutex_enter(&zp->z_lock); | |
323 | if (zp->z_xattr_cached == NULL) | |
324 | error = -zfs_sa_get_xattr(zp); | |
325 | mutex_exit(&zp->z_lock); | |
326 | ||
327 | if (error) | |
328 | return (error); | |
329 | ||
330 | ASSERT(zp->z_xattr_cached); | |
331 | error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name, | |
332 | &nv_value, &nv_size); | |
333 | if (error) | |
334 | return (error); | |
335 | ||
94183a9d | 336 | if (size == 0 || value == NULL) |
82a37189 BB |
337 | return (nv_size); |
338 | ||
f7064211 BB |
339 | if (size < nv_size) |
340 | return (-ERANGE); | |
341 | ||
342 | memcpy(value, nv_value, nv_size); | |
82a37189 | 343 | |
f7064211 | 344 | return (nv_size); |
82a37189 BB |
345 | } |
346 | ||
347 | static int | |
348 | __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size, | |
349 | cred_t *cr) | |
350 | { | |
351 | znode_t *zp = ITOZ(ip); | |
0037b49e | 352 | zfsvfs_t *zfsvfs = ZTOZSB(zp); |
82a37189 BB |
353 | int error; |
354 | ||
355 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); | |
356 | ||
0037b49e | 357 | if (zfsvfs->z_use_sa && zp->z_is_sa) { |
82a37189 | 358 | error = zpl_xattr_get_sa(ip, name, value, size); |
0377189b | 359 | if (error != -ENOENT) |
82a37189 BB |
360 | goto out; |
361 | } | |
362 | ||
363 | error = zpl_xattr_get_dir(ip, name, value, size, cr); | |
364 | out: | |
cc5f931c BB |
365 | if (error == -ENOENT) |
366 | error = -ENODATA; | |
367 | ||
368 | return (error); | |
369 | } | |
370 | ||
21f604d4 CC |
371 | #define XATTR_NOENT 0x0 |
372 | #define XATTR_IN_SA 0x1 | |
373 | #define XATTR_IN_DIR 0x2 | |
374 | /* check where the xattr resides */ | |
375 | static int | |
376 | __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr) | |
377 | { | |
378 | znode_t *zp = ITOZ(ip); | |
0037b49e | 379 | zfsvfs_t *zfsvfs = ZTOZSB(zp); |
21f604d4 CC |
380 | int error; |
381 | ||
382 | ASSERT(where); | |
383 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); | |
384 | ||
385 | *where = XATTR_NOENT; | |
0037b49e | 386 | if (zfsvfs->z_use_sa && zp->z_is_sa) { |
21f604d4 CC |
387 | error = zpl_xattr_get_sa(ip, name, NULL, 0); |
388 | if (error >= 0) | |
389 | *where |= XATTR_IN_SA; | |
390 | else if (error != -ENOENT) | |
391 | return (error); | |
392 | } | |
393 | ||
394 | error = zpl_xattr_get_dir(ip, name, NULL, 0, cr); | |
395 | if (error >= 0) | |
396 | *where |= XATTR_IN_DIR; | |
397 | else if (error != -ENOENT) | |
398 | return (error); | |
399 | ||
400 | if (*where == (XATTR_IN_SA|XATTR_IN_DIR)) | |
401 | cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\"" | |
402 | " in both SA and dir", ip, name); | |
403 | if (*where == XATTR_NOENT) | |
404 | error = -ENODATA; | |
405 | else | |
406 | error = 0; | |
407 | return (error); | |
408 | } | |
409 | ||
cc5f931c | 410 | static int |
82a37189 BB |
411 | zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size) |
412 | { | |
413 | znode_t *zp = ITOZ(ip); | |
0037b49e | 414 | zfsvfs_t *zfsvfs = ZTOZSB(zp); |
82a37189 | 415 | cred_t *cr = CRED(); |
7fad6290 | 416 | fstrans_cookie_t cookie; |
82a37189 BB |
417 | int error; |
418 | ||
419 | crhold(cr); | |
7fad6290 | 420 | cookie = spl_fstrans_mark(); |
0037b49e | 421 | rrm_enter_read(&(zfsvfs)->z_teardown_lock, FTAG); |
82a37189 BB |
422 | rw_enter(&zp->z_xattr_lock, RW_READER); |
423 | error = __zpl_xattr_get(ip, name, value, size, cr); | |
424 | rw_exit(&zp->z_xattr_lock); | |
0037b49e | 425 | rrm_exit(&(zfsvfs)->z_teardown_lock, FTAG); |
7fad6290 | 426 | spl_fstrans_unmark(cookie); |
82a37189 BB |
427 | crfree(cr); |
428 | ||
429 | return (error); | |
430 | } | |
431 | ||
432 | static int | |
433 | zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value, | |
434 | size_t size, int flags, cred_t *cr) | |
cc5f931c BB |
435 | { |
436 | struct inode *dxip = NULL; | |
437 | struct inode *xip = NULL; | |
438 | vattr_t *vap = NULL; | |
cc5f931c | 439 | ssize_t wrote; |
fc9e0530 | 440 | int lookup_flags, error; |
bec30953 | 441 | const int xattr_mode = S_IFREG | 0644; |
cd3939c5 | 442 | loff_t pos = 0; |
cc5f931c | 443 | |
fc9e0530 BB |
444 | /* |
445 | * Lookup the xattr directory. When we're adding an entry pass | |
446 | * CREATE_XATTR_DIR to ensure the xattr directory is created. | |
447 | * When removing an entry this flag is not passed to avoid | |
448 | * unnecessarily creating a new xattr directory. | |
449 | */ | |
450 | lookup_flags = LOOKUP_XATTR; | |
451 | if (value != NULL) | |
452 | lookup_flags |= CREATE_XATTR_DIR; | |
453 | ||
454 | error = -zfs_lookup(ip, NULL, &dxip, lookup_flags, cr, NULL, NULL); | |
cc5f931c BB |
455 | if (error) |
456 | goto out; | |
457 | ||
82a37189 | 458 | /* Lookup a specific xattr name in the directory */ |
cc5f931c | 459 | error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); |
82a37189 BB |
460 | if (error && (error != -ENOENT)) |
461 | goto out; | |
cc5f931c | 462 | |
cc5f931c BB |
463 | error = 0; |
464 | ||
465 | /* Remove a specific name xattr when value is set to NULL. */ | |
466 | if (value == NULL) { | |
467 | if (xip) | |
da5e151f | 468 | error = -zfs_remove(dxip, (char *)name, cr, 0); |
cc5f931c BB |
469 | |
470 | goto out; | |
471 | } | |
472 | ||
473 | /* Lookup failed create a new xattr. */ | |
474 | if (xip == NULL) { | |
d1d7e268 | 475 | vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP); |
bec30953 | 476 | vap->va_mode = xattr_mode; |
cc5f931c | 477 | vap->va_mask = ATTR_MODE; |
81e97e21 BB |
478 | vap->va_uid = crgetfsuid(cr); |
479 | vap->va_gid = crgetfsgid(cr); | |
cc5f931c BB |
480 | |
481 | error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip, | |
482 | cr, 0, NULL); | |
483 | if (error) | |
484 | goto out; | |
485 | } | |
486 | ||
487 | ASSERT(xip != NULL); | |
bec30953 GB |
488 | |
489 | error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE); | |
490 | if (error) | |
491 | goto out; | |
492 | ||
cd3939c5 | 493 | wrote = zpl_write_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr); |
cc5f931c BB |
494 | if (wrote < 0) |
495 | error = wrote; | |
496 | ||
497 | out: | |
0107f698 GK |
498 | |
499 | if (error == 0) { | |
500 | ip->i_ctime = current_time(ip); | |
501 | zfs_mark_inode_dirty(ip); | |
502 | } | |
503 | ||
cc5f931c | 504 | if (vap) |
d1d7e268 | 505 | kmem_free(vap, sizeof (vattr_t)); |
cc5f931c BB |
506 | |
507 | if (xip) | |
508 | iput(xip); | |
509 | ||
510 | if (dxip) | |
511 | iput(dxip); | |
512 | ||
cc5f931c BB |
513 | if (error == -ENOENT) |
514 | error = -ENODATA; | |
515 | ||
516 | ASSERT3S(error, <=, 0); | |
517 | ||
518 | return (error); | |
519 | } | |
520 | ||
82a37189 BB |
521 | static int |
522 | zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value, | |
523 | size_t size, int flags, cred_t *cr) | |
524 | { | |
525 | znode_t *zp = ITOZ(ip); | |
526 | nvlist_t *nvl; | |
527 | size_t sa_size; | |
21f604d4 CC |
528 | int error = 0; |
529 | ||
530 | mutex_enter(&zp->z_lock); | |
531 | if (zp->z_xattr_cached == NULL) | |
532 | error = -zfs_sa_get_xattr(zp); | |
533 | mutex_exit(&zp->z_lock); | |
534 | ||
535 | if (error) | |
536 | return (error); | |
82a37189 BB |
537 | |
538 | ASSERT(zp->z_xattr_cached); | |
539 | nvl = zp->z_xattr_cached; | |
540 | ||
541 | if (value == NULL) { | |
542 | error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY); | |
543 | if (error == -ENOENT) | |
544 | error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr); | |
545 | } else { | |
546 | /* Limited to 32k to keep nvpair memory allocations small */ | |
547 | if (size > DXATTR_MAX_ENTRY_SIZE) | |
548 | return (-EFBIG); | |
549 | ||
550 | /* Prevent the DXATTR SA from consuming the entire SA region */ | |
551 | error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR); | |
552 | if (error) | |
553 | return (error); | |
554 | ||
555 | if (sa_size > DXATTR_MAX_SA_SIZE) | |
556 | return (-EFBIG); | |
557 | ||
558 | error = -nvlist_add_byte_array(nvl, name, | |
559 | (uchar_t *)value, size); | |
82a37189 BB |
560 | } |
561 | ||
43b4935e NB |
562 | /* |
563 | * Update the SA for additions, modifications, and removals. On | |
564 | * error drop the inconsistent cached version of the nvlist, it | |
565 | * will be reconstructed from the ARC when next accessed. | |
566 | */ | |
567 | if (error == 0) | |
82a37189 BB |
568 | error = -zfs_sa_set_xattr(zp); |
569 | ||
43b4935e NB |
570 | if (error) { |
571 | nvlist_free(nvl); | |
572 | zp->z_xattr_cached = NULL; | |
573 | } | |
574 | ||
82a37189 BB |
575 | ASSERT3S(error, <=, 0); |
576 | ||
577 | return (error); | |
578 | } | |
579 | ||
580 | static int | |
581 | zpl_xattr_set(struct inode *ip, const char *name, const void *value, | |
582 | size_t size, int flags) | |
583 | { | |
584 | znode_t *zp = ITOZ(ip); | |
0037b49e | 585 | zfsvfs_t *zfsvfs = ZTOZSB(zp); |
82a37189 | 586 | cred_t *cr = CRED(); |
7fad6290 | 587 | fstrans_cookie_t cookie; |
21f604d4 | 588 | int where; |
82a37189 BB |
589 | int error; |
590 | ||
591 | crhold(cr); | |
7fad6290 | 592 | cookie = spl_fstrans_mark(); |
0037b49e | 593 | rrm_enter_read(&(zfsvfs)->z_teardown_lock, FTAG); |
82a37189 BB |
594 | rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER); |
595 | ||
596 | /* | |
597 | * Before setting the xattr check to see if it already exists. | |
598 | * This is done to ensure the following optional flags are honored. | |
599 | * | |
600 | * XATTR_CREATE: fail if xattr already exists | |
601 | * XATTR_REPLACE: fail if xattr does not exist | |
21f604d4 CC |
602 | * |
603 | * We also want to know if it resides in sa or dir, so we can make | |
604 | * sure we don't end up with duplicate in both places. | |
82a37189 | 605 | */ |
21f604d4 | 606 | error = __zpl_xattr_where(ip, name, &where, cr); |
82a37189 BB |
607 | if (error < 0) { |
608 | if (error != -ENODATA) | |
609 | goto out; | |
fc9e0530 BB |
610 | if (flags & XATTR_REPLACE) |
611 | goto out; | |
612 | ||
613 | /* The xattr to be removed already doesn't exist */ | |
614 | error = 0; | |
615 | if (value == NULL) | |
82a37189 BB |
616 | goto out; |
617 | } else { | |
618 | error = -EEXIST; | |
619 | if (flags & XATTR_CREATE) | |
620 | goto out; | |
621 | } | |
622 | ||
623 | /* Preferentially store the xattr as a SA for better performance */ | |
0037b49e BB |
624 | if (zfsvfs->z_use_sa && zp->z_is_sa && |
625 | (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) { | |
82a37189 | 626 | error = zpl_xattr_set_sa(ip, name, value, size, flags, cr); |
21f604d4 CC |
627 | if (error == 0) { |
628 | /* | |
629 | * Successfully put into SA, we need to clear the one | |
630 | * in dir. | |
631 | */ | |
632 | if (where & XATTR_IN_DIR) | |
633 | zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr); | |
82a37189 | 634 | goto out; |
21f604d4 | 635 | } |
82a37189 BB |
636 | } |
637 | ||
638 | error = zpl_xattr_set_dir(ip, name, value, size, flags, cr); | |
21f604d4 CC |
639 | /* |
640 | * Successfully put into dir, we need to clear the one in SA. | |
641 | */ | |
642 | if (error == 0 && (where & XATTR_IN_SA)) | |
643 | zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr); | |
82a37189 BB |
644 | out: |
645 | rw_exit(&ITOZ(ip)->z_xattr_lock); | |
0037b49e | 646 | rrm_exit(&(zfsvfs)->z_teardown_lock, FTAG); |
7fad6290 | 647 | spl_fstrans_unmark(cookie); |
82a37189 BB |
648 | crfree(cr); |
649 | ASSERT3S(error, <=, 0); | |
650 | ||
651 | return (error); | |
652 | } | |
653 | ||
4967a3eb BB |
654 | /* |
655 | * Extended user attributes | |
656 | * | |
657 | * "Extended user attributes may be assigned to files and directories for | |
658 | * storing arbitrary additional information such as the mime type, | |
659 | * character set or encoding of a file. The access permissions for user | |
660 | * attributes are defined by the file permission bits: read permission | |
661 | * is required to retrieve the attribute value, and writer permission is | |
662 | * required to change it. | |
663 | * | |
664 | * The file permission bits of regular files and directories are | |
665 | * interpreted differently from the file permission bits of special | |
666 | * files and symbolic links. For regular files and directories the file | |
667 | * permission bits define access to the file's contents, while for | |
668 | * device special files they define access to the device described by | |
669 | * the special file. The file permissions of symbolic links are not | |
670 | * used in access checks. These differences would allow users to | |
671 | * consume filesystem resources in a way not controllable by disk quotas | |
672 | * for group or world writable special files and directories. | |
673 | * | |
674 | * For this reason, extended user attributes are allowed only for | |
675 | * regular files and directories, and access to extended user attributes | |
676 | * is restricted to the owner and to users with appropriate capabilities | |
677 | * for directories with the sticky bit set (see the chmod(1) manual page | |
678 | * for an explanation of the sticky bit)." - xattr(7) | |
679 | * | |
680 | * ZFS allows extended user attributes to be disabled administratively | |
681 | * by setting the 'xattr=off' property on the dataset. | |
682 | */ | |
683 | static int | |
684 | __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size, | |
685 | const char *name, size_t name_len) | |
686 | { | |
687 | return (ITOZSB(ip)->z_flags & ZSB_XATTR); | |
688 | } | |
689 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list); | |
690 | ||
cc5f931c | 691 | static int |
f9637c6c | 692 | __zpl_xattr_user_get(struct inode *ip, const char *name, |
82a37189 | 693 | void *value, size_t size) |
cc5f931c BB |
694 | { |
695 | char *xattr_name; | |
696 | int error; | |
232604b5 CC |
697 | /* xattr_resolve_name will do this for us if this is defined */ |
698 | #ifndef HAVE_XATTR_HANDLER_NAME | |
cc5f931c | 699 | if (strcmp(name, "") == 0) |
d1d7e268 | 700 | return (-EINVAL); |
232604b5 | 701 | #endif |
2cf7f52b | 702 | if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) |
d1d7e268 | 703 | return (-EOPNOTSUPP); |
cc5f931c BB |
704 | |
705 | xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); | |
82a37189 | 706 | error = zpl_xattr_get(ip, xattr_name, value, size); |
cc5f931c BB |
707 | strfree(xattr_name); |
708 | ||
709 | return (error); | |
710 | } | |
f9637c6c | 711 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get); |
cc5f931c BB |
712 | |
713 | static int | |
f9637c6c | 714 | __zpl_xattr_user_set(struct inode *ip, const char *name, |
cc5f931c BB |
715 | const void *value, size_t size, int flags) |
716 | { | |
717 | char *xattr_name; | |
718 | int error; | |
232604b5 CC |
719 | /* xattr_resolve_name will do this for us if this is defined */ |
720 | #ifndef HAVE_XATTR_HANDLER_NAME | |
cc5f931c | 721 | if (strcmp(name, "") == 0) |
d1d7e268 | 722 | return (-EINVAL); |
232604b5 | 723 | #endif |
2cf7f52b | 724 | if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) |
d1d7e268 | 725 | return (-EOPNOTSUPP); |
cc5f931c BB |
726 | |
727 | xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); | |
728 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
729 | strfree(xattr_name); | |
730 | ||
731 | return (error); | |
732 | } | |
f9637c6c | 733 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set); |
cc5f931c | 734 | |
4967a3eb BB |
735 | xattr_handler_t zpl_xattr_user_handler = |
736 | { | |
cc5f931c | 737 | .prefix = XATTR_USER_PREFIX, |
4967a3eb | 738 | .list = zpl_xattr_user_list, |
cc5f931c BB |
739 | .get = zpl_xattr_user_get, |
740 | .set = zpl_xattr_user_set, | |
741 | }; | |
742 | ||
4967a3eb BB |
743 | /* |
744 | * Trusted extended attributes | |
745 | * | |
746 | * "Trusted extended attributes are visible and accessible only to | |
747 | * processes that have the CAP_SYS_ADMIN capability. Attributes in this | |
748 | * class are used to implement mechanisms in user space (i.e., outside | |
749 | * the kernel) which keep information in extended attributes to which | |
750 | * ordinary processes should not have access." - xattr(7) | |
751 | */ | |
752 | static int | |
753 | __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size, | |
754 | const char *name, size_t name_len) | |
755 | { | |
756 | return (capable(CAP_SYS_ADMIN)); | |
757 | } | |
758 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list); | |
759 | ||
cc5f931c | 760 | static int |
f9637c6c | 761 | __zpl_xattr_trusted_get(struct inode *ip, const char *name, |
82a37189 | 762 | void *value, size_t size) |
cc5f931c BB |
763 | { |
764 | char *xattr_name; | |
765 | int error; | |
766 | ||
767 | if (!capable(CAP_SYS_ADMIN)) | |
d1d7e268 | 768 | return (-EACCES); |
232604b5 CC |
769 | /* xattr_resolve_name will do this for us if this is defined */ |
770 | #ifndef HAVE_XATTR_HANDLER_NAME | |
cc5f931c | 771 | if (strcmp(name, "") == 0) |
d1d7e268 | 772 | return (-EINVAL); |
232604b5 | 773 | #endif |
cc5f931c | 774 | xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); |
82a37189 | 775 | error = zpl_xattr_get(ip, xattr_name, value, size); |
cc5f931c BB |
776 | strfree(xattr_name); |
777 | ||
778 | return (error); | |
779 | } | |
f9637c6c | 780 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get); |
cc5f931c BB |
781 | |
782 | static int | |
f9637c6c | 783 | __zpl_xattr_trusted_set(struct inode *ip, const char *name, |
cc5f931c BB |
784 | const void *value, size_t size, int flags) |
785 | { | |
786 | char *xattr_name; | |
787 | int error; | |
788 | ||
789 | if (!capable(CAP_SYS_ADMIN)) | |
d1d7e268 | 790 | return (-EACCES); |
232604b5 CC |
791 | /* xattr_resolve_name will do this for us if this is defined */ |
792 | #ifndef HAVE_XATTR_HANDLER_NAME | |
cc5f931c | 793 | if (strcmp(name, "") == 0) |
d1d7e268 | 794 | return (-EINVAL); |
232604b5 | 795 | #endif |
cc5f931c BB |
796 | xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); |
797 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
798 | strfree(xattr_name); | |
799 | ||
800 | return (error); | |
801 | } | |
f9637c6c | 802 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set); |
cc5f931c | 803 | |
4967a3eb BB |
804 | xattr_handler_t zpl_xattr_trusted_handler = |
805 | { | |
cc5f931c | 806 | .prefix = XATTR_TRUSTED_PREFIX, |
4967a3eb | 807 | .list = zpl_xattr_trusted_list, |
cc5f931c BB |
808 | .get = zpl_xattr_trusted_get, |
809 | .set = zpl_xattr_trusted_set, | |
810 | }; | |
811 | ||
4967a3eb BB |
812 | /* |
813 | * Extended security attributes | |
814 | * | |
815 | * "The security attribute namespace is used by kernel security modules, | |
816 | * such as Security Enhanced Linux, and also to implement file | |
817 | * capabilities (see capabilities(7)). Read and write access | |
818 | * permissions to security attributes depend on the policy implemented | |
819 | * for each security attribute by the security module. When no security | |
820 | * module is loaded, all processes have read access to extended security | |
821 | * attributes, and write access is limited to processes that have the | |
822 | * CAP_SYS_ADMIN capability." - xattr(7) | |
823 | */ | |
824 | static int | |
825 | __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size, | |
826 | const char *name, size_t name_len) | |
827 | { | |
828 | return (1); | |
829 | } | |
830 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list); | |
831 | ||
cc5f931c | 832 | static int |
f9637c6c | 833 | __zpl_xattr_security_get(struct inode *ip, const char *name, |
82a37189 | 834 | void *value, size_t size) |
cc5f931c BB |
835 | { |
836 | char *xattr_name; | |
837 | int error; | |
232604b5 CC |
838 | /* xattr_resolve_name will do this for us if this is defined */ |
839 | #ifndef HAVE_XATTR_HANDLER_NAME | |
cc5f931c | 840 | if (strcmp(name, "") == 0) |
d1d7e268 | 841 | return (-EINVAL); |
232604b5 | 842 | #endif |
cc5f931c | 843 | xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); |
82a37189 | 844 | error = zpl_xattr_get(ip, xattr_name, value, size); |
cc5f931c BB |
845 | strfree(xattr_name); |
846 | ||
847 | return (error); | |
848 | } | |
f9637c6c | 849 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get); |
cc5f931c BB |
850 | |
851 | static int | |
f9637c6c | 852 | __zpl_xattr_security_set(struct inode *ip, const char *name, |
cc5f931c BB |
853 | const void *value, size_t size, int flags) |
854 | { | |
855 | char *xattr_name; | |
856 | int error; | |
232604b5 CC |
857 | /* xattr_resolve_name will do this for us if this is defined */ |
858 | #ifndef HAVE_XATTR_HANDLER_NAME | |
cc5f931c | 859 | if (strcmp(name, "") == 0) |
d1d7e268 | 860 | return (-EINVAL); |
232604b5 | 861 | #endif |
cc5f931c BB |
862 | xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); |
863 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
864 | strfree(xattr_name); | |
865 | ||
866 | return (error); | |
867 | } | |
f9637c6c | 868 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set); |
cc5f931c | 869 | |
166dd49d BB |
870 | #ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY |
871 | static int | |
872 | __zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs, | |
873 | void *fs_info) | |
874 | { | |
875 | const struct xattr *xattr; | |
876 | int error = 0; | |
877 | ||
878 | for (xattr = xattrs; xattr->name != NULL; xattr++) { | |
879 | error = __zpl_xattr_security_set(ip, | |
880 | xattr->name, xattr->value, xattr->value_len, 0); | |
881 | ||
882 | if (error < 0) | |
883 | break; | |
884 | } | |
885 | ||
96b91ef0 | 886 | return (error); |
166dd49d BB |
887 | } |
888 | ||
889 | int | |
890 | zpl_xattr_security_init(struct inode *ip, struct inode *dip, | |
891 | const struct qstr *qstr) | |
892 | { | |
893 | return security_inode_init_security(ip, dip, qstr, | |
894 | &__zpl_xattr_security_init, NULL); | |
895 | } | |
896 | ||
897 | #else | |
cc5f931c | 898 | int |
5c03efc3 BB |
899 | zpl_xattr_security_init(struct inode *ip, struct inode *dip, |
900 | const struct qstr *qstr) | |
cc5f931c | 901 | { |
96b91ef0 DH |
902 | int error; |
903 | size_t len; | |
904 | void *value; | |
905 | char *name; | |
cc5f931c | 906 | |
96b91ef0 | 907 | error = zpl_security_inode_init_security(ip, dip, qstr, |
d1d7e268 | 908 | &name, &value, &len); |
96b91ef0 DH |
909 | if (error) { |
910 | if (error == -EOPNOTSUPP) | |
d1d7e268 MK |
911 | return (0); |
912 | ||
96b91ef0 DH |
913 | return (error); |
914 | } | |
cc5f931c | 915 | |
f9637c6c | 916 | error = __zpl_xattr_security_set(ip, name, value, len, 0); |
cc5f931c | 917 | |
96b91ef0 DH |
918 | kfree(name); |
919 | kfree(value); | |
cc5f931c | 920 | |
96b91ef0 | 921 | return (error); |
cc5f931c | 922 | } |
166dd49d | 923 | #endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */ |
cc5f931c | 924 | |
4967a3eb BB |
925 | /* |
926 | * Security xattr namespace handlers. | |
927 | */ | |
777d4af8 | 928 | xattr_handler_t zpl_xattr_security_handler = { |
cc5f931c | 929 | .prefix = XATTR_SECURITY_PREFIX, |
4967a3eb | 930 | .list = zpl_xattr_security_list, |
cc5f931c BB |
931 | .get = zpl_xattr_security_get, |
932 | .set = zpl_xattr_security_set, | |
933 | }; | |
934 | ||
4967a3eb BB |
935 | /* |
936 | * Extended system attributes | |
937 | * | |
938 | * "Extended system attributes are used by the kernel to store system | |
939 | * objects such as Access Control Lists. Read and write access permissions | |
940 | * to system attributes depend on the policy implemented for each system | |
941 | * attribute implemented by filesystems in the kernel." - xattr(7) | |
942 | */ | |
b695c34e | 943 | #ifdef CONFIG_FS_POSIX_ACL |
023699cd | 944 | int |
0420c126 | 945 | zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type) |
023699cd | 946 | { |
023699cd MM |
947 | char *name, *value = NULL; |
948 | int error = 0; | |
949 | size_t size = 0; | |
950 | ||
951 | if (S_ISLNK(ip->i_mode)) | |
952 | return (-EOPNOTSUPP); | |
953 | ||
d1d7e268 | 954 | switch (type) { |
023699cd | 955 | case ACL_TYPE_ACCESS: |
4967a3eb | 956 | name = XATTR_NAME_POSIX_ACL_ACCESS; |
023699cd MM |
957 | if (acl) { |
958 | zpl_equivmode_t mode = ip->i_mode; | |
959 | error = posix_acl_equiv_mode(acl, &mode); | |
960 | if (error < 0) { | |
961 | return (error); | |
962 | } else { | |
963 | /* | |
964 | * The mode bits will have been set by | |
965 | * ->zfs_setattr()->zfs_acl_chmod_setattr() | |
966 | * using the ZFS ACL conversion. If they | |
967 | * differ from the Posix ACL conversion dirty | |
968 | * the inode to write the Posix mode bits. | |
969 | */ | |
970 | if (ip->i_mode != mode) { | |
971 | ip->i_mode = mode; | |
2946a1a1 | 972 | ip->i_ctime = current_time(ip); |
1e8db771 | 973 | zfs_mark_inode_dirty(ip); |
023699cd MM |
974 | } |
975 | ||
976 | if (error == 0) | |
977 | acl = NULL; | |
978 | } | |
979 | } | |
980 | break; | |
981 | ||
982 | case ACL_TYPE_DEFAULT: | |
98f03691 | 983 | name = XATTR_NAME_POSIX_ACL_DEFAULT; |
023699cd MM |
984 | if (!S_ISDIR(ip->i_mode)) |
985 | return (acl ? -EACCES : 0); | |
986 | break; | |
987 | ||
988 | default: | |
989 | return (-EINVAL); | |
990 | } | |
991 | ||
992 | if (acl) { | |
993 | size = posix_acl_xattr_size(acl->a_count); | |
994 | value = kmem_alloc(size, KM_SLEEP); | |
995 | ||
996 | error = zpl_acl_to_xattr(acl, value, size); | |
997 | if (error < 0) { | |
998 | kmem_free(value, size); | |
999 | return (error); | |
1000 | } | |
1001 | } | |
1002 | ||
1003 | error = zpl_xattr_set(ip, name, value, size, 0); | |
1004 | if (value) | |
1005 | kmem_free(value, size); | |
1006 | ||
1007 | if (!error) { | |
1008 | if (acl) | |
1009 | zpl_set_cached_acl(ip, type, acl); | |
1010 | else | |
1011 | zpl_forget_cached_acl(ip, type); | |
1012 | } | |
1013 | ||
1014 | return (error); | |
1015 | } | |
1016 | ||
1017 | struct posix_acl * | |
1018 | zpl_get_acl(struct inode *ip, int type) | |
1019 | { | |
1020 | struct posix_acl *acl; | |
1021 | void *value = NULL; | |
1022 | char *name; | |
1023 | int size; | |
1024 | ||
afb6c031 CC |
1025 | /* |
1026 | * As of Linux 3.14, the kernel get_acl will check this for us. | |
1027 | * Also as of Linux 4.7, comparing against ACL_NOT_CACHED is wrong | |
1028 | * as the kernel get_acl will set it to temporary sentinel value. | |
1029 | */ | |
1030 | #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE | |
023699cd MM |
1031 | acl = get_cached_acl(ip, type); |
1032 | if (acl != ACL_NOT_CACHED) | |
1033 | return (acl); | |
afb6c031 | 1034 | #endif |
023699cd MM |
1035 | |
1036 | switch (type) { | |
1037 | case ACL_TYPE_ACCESS: | |
4967a3eb | 1038 | name = XATTR_NAME_POSIX_ACL_ACCESS; |
023699cd MM |
1039 | break; |
1040 | case ACL_TYPE_DEFAULT: | |
4967a3eb | 1041 | name = XATTR_NAME_POSIX_ACL_DEFAULT; |
023699cd MM |
1042 | break; |
1043 | default: | |
d1d7e268 | 1044 | return (ERR_PTR(-EINVAL)); |
023699cd MM |
1045 | } |
1046 | ||
1047 | size = zpl_xattr_get(ip, name, NULL, 0); | |
1048 | if (size > 0) { | |
79c76d5b | 1049 | value = kmem_alloc(size, KM_SLEEP); |
023699cd MM |
1050 | size = zpl_xattr_get(ip, name, value, size); |
1051 | } | |
1052 | ||
1053 | if (size > 0) { | |
1054 | acl = zpl_acl_from_xattr(value, size); | |
1055 | } else if (size == -ENODATA || size == -ENOSYS) { | |
1056 | acl = NULL; | |
1057 | } else { | |
1058 | acl = ERR_PTR(-EIO); | |
1059 | } | |
1060 | ||
1061 | if (size > 0) | |
1062 | kmem_free(value, size); | |
1063 | ||
afb6c031 CC |
1064 | /* As of Linux 4.7, the kernel get_acl will set this for us */ |
1065 | #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE | |
023699cd MM |
1066 | if (!IS_ERR(acl)) |
1067 | zpl_set_cached_acl(ip, type, acl); | |
afb6c031 | 1068 | #endif |
023699cd MM |
1069 | |
1070 | return (acl); | |
1071 | } | |
1072 | ||
1073 | #if !defined(HAVE_GET_ACL) | |
1074 | static int | |
1075 | __zpl_check_acl(struct inode *ip, int mask) | |
1076 | { | |
1077 | struct posix_acl *acl; | |
1078 | int error; | |
1079 | ||
1080 | acl = zpl_get_acl(ip, ACL_TYPE_ACCESS); | |
1081 | if (IS_ERR(acl)) | |
1082 | return (PTR_ERR(acl)); | |
1083 | ||
1084 | if (acl) { | |
1085 | error = posix_acl_permission(ip, acl, mask); | |
1086 | zpl_posix_acl_release(acl); | |
1087 | return (error); | |
1088 | } | |
1089 | ||
1090 | return (-EAGAIN); | |
1091 | } | |
1092 | ||
1093 | #if defined(HAVE_CHECK_ACL_WITH_FLAGS) | |
1094 | int | |
1095 | zpl_check_acl(struct inode *ip, int mask, unsigned int flags) | |
1096 | { | |
d1d7e268 | 1097 | return (__zpl_check_acl(ip, mask)); |
023699cd MM |
1098 | } |
1099 | #elif defined(HAVE_CHECK_ACL) | |
1100 | int | |
1101 | zpl_check_acl(struct inode *ip, int mask) | |
1102 | { | |
d1d7e268 | 1103 | return (__zpl_check_acl(ip, mask)); |
023699cd MM |
1104 | } |
1105 | #elif defined(HAVE_PERMISSION_WITH_NAMEIDATA) | |
1106 | int | |
1107 | zpl_permission(struct inode *ip, int mask, struct nameidata *nd) | |
1108 | { | |
d1d7e268 | 1109 | return (generic_permission(ip, mask, __zpl_check_acl)); |
023699cd MM |
1110 | } |
1111 | #elif defined(HAVE_PERMISSION) | |
1112 | int | |
1113 | zpl_permission(struct inode *ip, int mask) | |
1114 | { | |
d1d7e268 | 1115 | return (generic_permission(ip, mask, __zpl_check_acl)); |
023699cd MM |
1116 | } |
1117 | #endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */ | |
1118 | #endif /* !HAVE_GET_ACL */ | |
1119 | ||
1120 | int | |
1121 | zpl_init_acl(struct inode *ip, struct inode *dir) | |
1122 | { | |
1123 | struct posix_acl *acl = NULL; | |
1124 | int error = 0; | |
1125 | ||
1126 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1127 | return (0); | |
1128 | ||
1129 | if (!S_ISLNK(ip->i_mode)) { | |
1130 | if (ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) { | |
1131 | acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT); | |
1132 | if (IS_ERR(acl)) | |
1133 | return (PTR_ERR(acl)); | |
1134 | } | |
1135 | ||
1136 | if (!acl) { | |
1137 | ip->i_mode &= ~current_umask(); | |
2946a1a1 | 1138 | ip->i_ctime = current_time(ip); |
1e8db771 | 1139 | zfs_mark_inode_dirty(ip); |
023699cd MM |
1140 | return (0); |
1141 | } | |
1142 | } | |
1143 | ||
1144 | if ((ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) && acl) { | |
1145 | umode_t mode; | |
1146 | ||
1147 | if (S_ISDIR(ip->i_mode)) { | |
0420c126 | 1148 | error = zpl_set_acl(ip, acl, ACL_TYPE_DEFAULT); |
023699cd MM |
1149 | if (error) |
1150 | goto out; | |
1151 | } | |
1152 | ||
1153 | mode = ip->i_mode; | |
408ec0d2 | 1154 | error = __posix_acl_create(&acl, GFP_KERNEL, &mode); |
023699cd MM |
1155 | if (error >= 0) { |
1156 | ip->i_mode = mode; | |
1e8db771 | 1157 | zfs_mark_inode_dirty(ip); |
023699cd | 1158 | if (error > 0) |
0420c126 | 1159 | error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS); |
023699cd MM |
1160 | } |
1161 | } | |
1162 | out: | |
1163 | zpl_posix_acl_release(acl); | |
1164 | ||
1165 | return (error); | |
1166 | } | |
1167 | ||
1168 | int | |
1169 | zpl_chmod_acl(struct inode *ip) | |
1170 | { | |
1171 | struct posix_acl *acl; | |
1172 | int error; | |
1173 | ||
1174 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1175 | return (0); | |
1176 | ||
1177 | if (S_ISLNK(ip->i_mode)) | |
1178 | return (-EOPNOTSUPP); | |
1179 | ||
1180 | acl = zpl_get_acl(ip, ACL_TYPE_ACCESS); | |
1181 | if (IS_ERR(acl) || !acl) | |
1182 | return (PTR_ERR(acl)); | |
1183 | ||
408ec0d2 | 1184 | error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode); |
023699cd | 1185 | if (!error) |
0420c126 | 1186 | error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS); |
023699cd MM |
1187 | |
1188 | zpl_posix_acl_release(acl); | |
1189 | ||
1190 | return (error); | |
1191 | } | |
1192 | ||
4967a3eb BB |
1193 | static int |
1194 | __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size, | |
1195 | const char *name, size_t name_len) | |
023699cd | 1196 | { |
4967a3eb BB |
1197 | char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS; |
1198 | size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS); | |
023699cd MM |
1199 | |
1200 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1201 | return (0); | |
1202 | ||
023699cd MM |
1203 | if (list && xattr_size <= list_size) |
1204 | memcpy(list, xattr_name, xattr_size); | |
1205 | ||
1206 | return (xattr_size); | |
1207 | } | |
4967a3eb | 1208 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access); |
023699cd | 1209 | |
4967a3eb BB |
1210 | static int |
1211 | __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size, | |
1212 | const char *name, size_t name_len) | |
61d482f7 | 1213 | { |
4967a3eb BB |
1214 | char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT; |
1215 | size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT); | |
61d482f7 | 1216 | |
4967a3eb BB |
1217 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) |
1218 | return (0); | |
023699cd | 1219 | |
4967a3eb BB |
1220 | if (list && xattr_size <= list_size) |
1221 | memcpy(list, xattr_name, xattr_size); | |
023699cd | 1222 | |
4967a3eb | 1223 | return (xattr_size); |
023699cd | 1224 | } |
4967a3eb | 1225 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default); |
023699cd MM |
1226 | |
1227 | static int | |
4967a3eb BB |
1228 | __zpl_xattr_acl_get_access(struct inode *ip, const char *name, |
1229 | void *buffer, size_t size) | |
023699cd MM |
1230 | { |
1231 | struct posix_acl *acl; | |
4967a3eb | 1232 | int type = ACL_TYPE_ACCESS; |
023699cd | 1233 | int error; |
232604b5 CC |
1234 | /* xattr_resolve_name will do this for us if this is defined */ |
1235 | #ifndef HAVE_XATTR_HANDLER_NAME | |
023699cd MM |
1236 | if (strcmp(name, "") != 0) |
1237 | return (-EINVAL); | |
232604b5 | 1238 | #endif |
023699cd MM |
1239 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) |
1240 | return (-EOPNOTSUPP); | |
1241 | ||
1242 | acl = zpl_get_acl(ip, type); | |
1243 | if (IS_ERR(acl)) | |
1244 | return (PTR_ERR(acl)); | |
1245 | if (acl == NULL) | |
1246 | return (-ENODATA); | |
1247 | ||
1248 | error = zpl_acl_to_xattr(acl, buffer, size); | |
1249 | zpl_posix_acl_release(acl); | |
1250 | ||
1251 | return (error); | |
1252 | } | |
4967a3eb | 1253 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access); |
023699cd MM |
1254 | |
1255 | static int | |
4967a3eb BB |
1256 | __zpl_xattr_acl_get_default(struct inode *ip, const char *name, |
1257 | void *buffer, size_t size) | |
023699cd | 1258 | { |
4967a3eb BB |
1259 | struct posix_acl *acl; |
1260 | int type = ACL_TYPE_DEFAULT; | |
1261 | int error; | |
232604b5 CC |
1262 | /* xattr_resolve_name will do this for us if this is defined */ |
1263 | #ifndef HAVE_XATTR_HANDLER_NAME | |
4967a3eb BB |
1264 | if (strcmp(name, "") != 0) |
1265 | return (-EINVAL); | |
232604b5 | 1266 | #endif |
4967a3eb BB |
1267 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) |
1268 | return (-EOPNOTSUPP); | |
61d482f7 | 1269 | |
4967a3eb BB |
1270 | acl = zpl_get_acl(ip, type); |
1271 | if (IS_ERR(acl)) | |
1272 | return (PTR_ERR(acl)); | |
1273 | if (acl == NULL) | |
1274 | return (-ENODATA); | |
023699cd | 1275 | |
4967a3eb BB |
1276 | error = zpl_acl_to_xattr(acl, buffer, size); |
1277 | zpl_posix_acl_release(acl); | |
023699cd | 1278 | |
4967a3eb | 1279 | return (error); |
023699cd | 1280 | } |
4967a3eb | 1281 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default); |
023699cd MM |
1282 | |
1283 | static int | |
4967a3eb BB |
1284 | __zpl_xattr_acl_set_access(struct inode *ip, const char *name, |
1285 | const void *value, size_t size, int flags) | |
023699cd MM |
1286 | { |
1287 | struct posix_acl *acl; | |
4967a3eb | 1288 | int type = ACL_TYPE_ACCESS; |
023699cd | 1289 | int error = 0; |
232604b5 CC |
1290 | /* xattr_resolve_name will do this for us if this is defined */ |
1291 | #ifndef HAVE_XATTR_HANDLER_NAME | |
023699cd MM |
1292 | if (strcmp(name, "") != 0) |
1293 | return (-EINVAL); | |
232604b5 | 1294 | #endif |
023699cd MM |
1295 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) |
1296 | return (-EOPNOTSUPP); | |
1297 | ||
1298 | if (!zpl_inode_owner_or_capable(ip)) | |
1299 | return (-EPERM); | |
1300 | ||
1301 | if (value) { | |
1302 | acl = zpl_acl_from_xattr(value, size); | |
1303 | if (IS_ERR(acl)) | |
1304 | return (PTR_ERR(acl)); | |
1305 | else if (acl) { | |
4b908d32 | 1306 | error = zpl_posix_acl_valid(ip, acl); |
023699cd MM |
1307 | if (error) { |
1308 | zpl_posix_acl_release(acl); | |
1309 | return (error); | |
1310 | } | |
1311 | } | |
1312 | } else { | |
1313 | acl = NULL; | |
1314 | } | |
1315 | ||
0420c126 | 1316 | error = zpl_set_acl(ip, acl, type); |
023699cd MM |
1317 | zpl_posix_acl_release(acl); |
1318 | ||
1319 | return (error); | |
1320 | } | |
4967a3eb | 1321 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access); |
023699cd | 1322 | |
023699cd | 1323 | static int |
4967a3eb BB |
1324 | __zpl_xattr_acl_set_default(struct inode *ip, const char *name, |
1325 | const void *value, size_t size, int flags) | |
023699cd | 1326 | { |
4967a3eb BB |
1327 | struct posix_acl *acl; |
1328 | int type = ACL_TYPE_DEFAULT; | |
1329 | int error = 0; | |
232604b5 CC |
1330 | /* xattr_resolve_name will do this for us if this is defined */ |
1331 | #ifndef HAVE_XATTR_HANDLER_NAME | |
4967a3eb BB |
1332 | if (strcmp(name, "") != 0) |
1333 | return (-EINVAL); | |
232604b5 | 1334 | #endif |
4967a3eb BB |
1335 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) |
1336 | return (-EOPNOTSUPP); | |
61d482f7 | 1337 | |
4967a3eb BB |
1338 | if (!zpl_inode_owner_or_capable(ip)) |
1339 | return (-EPERM); | |
61d482f7 | 1340 | |
4967a3eb BB |
1341 | if (value) { |
1342 | acl = zpl_acl_from_xattr(value, size); | |
1343 | if (IS_ERR(acl)) | |
1344 | return (PTR_ERR(acl)); | |
1345 | else if (acl) { | |
4b908d32 | 1346 | error = zpl_posix_acl_valid(ip, acl); |
4967a3eb BB |
1347 | if (error) { |
1348 | zpl_posix_acl_release(acl); | |
1349 | return (error); | |
1350 | } | |
1351 | } | |
1352 | } else { | |
1353 | acl = NULL; | |
1354 | } | |
023699cd | 1355 | |
0420c126 | 1356 | error = zpl_set_acl(ip, acl, type); |
4967a3eb | 1357 | zpl_posix_acl_release(acl); |
023699cd | 1358 | |
4967a3eb | 1359 | return (error); |
023699cd | 1360 | } |
4967a3eb | 1361 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default); |
023699cd | 1362 | |
4967a3eb BB |
1363 | /* |
1364 | * ACL access xattr namespace handlers. | |
232604b5 CC |
1365 | * |
1366 | * Use .name instead of .prefix when available. xattr_resolve_name will match | |
1367 | * whole name and reject anything that has .name only as prefix. | |
4967a3eb BB |
1368 | */ |
1369 | xattr_handler_t zpl_xattr_acl_access_handler = | |
023699cd | 1370 | { |
232604b5 CC |
1371 | #ifdef HAVE_XATTR_HANDLER_NAME |
1372 | .name = XATTR_NAME_POSIX_ACL_ACCESS, | |
1373 | #else | |
4967a3eb | 1374 | .prefix = XATTR_NAME_POSIX_ACL_ACCESS, |
232604b5 | 1375 | #endif |
023699cd MM |
1376 | .list = zpl_xattr_acl_list_access, |
1377 | .get = zpl_xattr_acl_get_access, | |
1378 | .set = zpl_xattr_acl_set_access, | |
4967a3eb BB |
1379 | #if defined(HAVE_XATTR_LIST_SIMPLE) || \ |
1380 | defined(HAVE_XATTR_LIST_DENTRY) || \ | |
1381 | defined(HAVE_XATTR_LIST_HANDLER) | |
023699cd | 1382 | .flags = ACL_TYPE_ACCESS, |
4967a3eb | 1383 | #endif |
023699cd MM |
1384 | }; |
1385 | ||
4967a3eb BB |
1386 | /* |
1387 | * ACL default xattr namespace handlers. | |
232604b5 CC |
1388 | * |
1389 | * Use .name instead of .prefix when available. xattr_resolve_name will match | |
1390 | * whole name and reject anything that has .name only as prefix. | |
4967a3eb BB |
1391 | */ |
1392 | xattr_handler_t zpl_xattr_acl_default_handler = | |
023699cd | 1393 | { |
232604b5 CC |
1394 | #ifdef HAVE_XATTR_HANDLER_NAME |
1395 | .name = XATTR_NAME_POSIX_ACL_DEFAULT, | |
1396 | #else | |
4967a3eb | 1397 | .prefix = XATTR_NAME_POSIX_ACL_DEFAULT, |
232604b5 | 1398 | #endif |
023699cd MM |
1399 | .list = zpl_xattr_acl_list_default, |
1400 | .get = zpl_xattr_acl_get_default, | |
1401 | .set = zpl_xattr_acl_set_default, | |
4967a3eb BB |
1402 | #if defined(HAVE_XATTR_LIST_SIMPLE) || \ |
1403 | defined(HAVE_XATTR_LIST_DENTRY) || \ | |
1404 | defined(HAVE_XATTR_LIST_HANDLER) | |
023699cd | 1405 | .flags = ACL_TYPE_DEFAULT, |
4967a3eb | 1406 | #endif |
023699cd MM |
1407 | }; |
1408 | ||
b695c34e MM |
1409 | #endif /* CONFIG_FS_POSIX_ACL */ |
1410 | ||
777d4af8 | 1411 | xattr_handler_t *zpl_xattr_handlers[] = { |
cc5f931c BB |
1412 | &zpl_xattr_security_handler, |
1413 | &zpl_xattr_trusted_handler, | |
1414 | &zpl_xattr_user_handler, | |
b695c34e | 1415 | #ifdef CONFIG_FS_POSIX_ACL |
cc5f931c | 1416 | &zpl_xattr_acl_access_handler, |
96b91ef0 | 1417 | &zpl_xattr_acl_default_handler, |
b695c34e | 1418 | #endif /* CONFIG_FS_POSIX_ACL */ |
77a405ae | 1419 | NULL |
cc5f931c | 1420 | }; |
4967a3eb BB |
1421 | |
1422 | static const struct xattr_handler * | |
1423 | zpl_xattr_handler(const char *name) | |
1424 | { | |
1425 | if (strncmp(name, XATTR_USER_PREFIX, | |
1426 | XATTR_USER_PREFIX_LEN) == 0) | |
1427 | return (&zpl_xattr_user_handler); | |
1428 | ||
1429 | if (strncmp(name, XATTR_TRUSTED_PREFIX, | |
1430 | XATTR_TRUSTED_PREFIX_LEN) == 0) | |
1431 | return (&zpl_xattr_trusted_handler); | |
1432 | ||
1433 | if (strncmp(name, XATTR_SECURITY_PREFIX, | |
1434 | XATTR_SECURITY_PREFIX_LEN) == 0) | |
1435 | return (&zpl_xattr_security_handler); | |
1436 | ||
1437 | #ifdef CONFIG_FS_POSIX_ACL | |
1438 | if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, | |
1439 | sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0) | |
1440 | return (&zpl_xattr_acl_access_handler); | |
1441 | ||
1442 | if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, | |
1443 | sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0) | |
1444 | return (&zpl_xattr_acl_default_handler); | |
1445 | #endif /* CONFIG_FS_POSIX_ACL */ | |
1446 | ||
1447 | return (NULL); | |
1448 | } | |
8e71ab99 CC |
1449 | |
1450 | #if !defined(HAVE_POSIX_ACL_RELEASE) || defined(HAVE_POSIX_ACL_RELEASE_GPL_ONLY) | |
1451 | struct acl_rel_struct { | |
1452 | struct acl_rel_struct *next; | |
1453 | struct posix_acl *acl; | |
1454 | clock_t time; | |
1455 | }; | |
1456 | ||
1457 | #define ACL_REL_GRACE (60*HZ) | |
1458 | #define ACL_REL_WINDOW (1*HZ) | |
1459 | #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW) | |
1460 | ||
1461 | /* | |
1462 | * Lockless multi-producer single-consumer fifo list. | |
1463 | * Nodes are added to tail and removed from head. Tail pointer is our | |
1464 | * synchronization point. It always points to the next pointer of the last | |
1465 | * node, or head if list is empty. | |
1466 | */ | |
1467 | static struct acl_rel_struct *acl_rel_head = NULL; | |
1468 | static struct acl_rel_struct **acl_rel_tail = &acl_rel_head; | |
1469 | ||
1470 | static void | |
1471 | zpl_posix_acl_free(void *arg) | |
1472 | { | |
1473 | struct acl_rel_struct *freelist = NULL; | |
1474 | struct acl_rel_struct *a; | |
1475 | clock_t new_time; | |
1476 | boolean_t refire = B_FALSE; | |
1477 | ||
1478 | ASSERT3P(acl_rel_head, !=, NULL); | |
1479 | while (acl_rel_head) { | |
1480 | a = acl_rel_head; | |
1481 | if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) { | |
1482 | /* | |
1483 | * If a is the last node we need to reset tail, but we | |
1484 | * need to use cmpxchg to make sure it is still the | |
1485 | * last node. | |
1486 | */ | |
1487 | if (acl_rel_tail == &a->next) { | |
1488 | acl_rel_head = NULL; | |
1489 | if (cmpxchg(&acl_rel_tail, &a->next, | |
1490 | &acl_rel_head) == &a->next) { | |
1491 | ASSERT3P(a->next, ==, NULL); | |
1492 | a->next = freelist; | |
1493 | freelist = a; | |
1494 | break; | |
1495 | } | |
1496 | } | |
1497 | /* | |
1498 | * a is not last node, make sure next pointer is set | |
1499 | * by the adder and advance the head. | |
1500 | */ | |
93ce2b4c | 1501 | while (READ_ONCE(a->next) == NULL) |
8e71ab99 CC |
1502 | cpu_relax(); |
1503 | acl_rel_head = a->next; | |
1504 | a->next = freelist; | |
1505 | freelist = a; | |
1506 | } else { | |
1507 | /* | |
1508 | * a is still in grace period. We are responsible to | |
1509 | * reschedule the free task, since adder will only do | |
1510 | * so if list is empty. | |
1511 | */ | |
1512 | new_time = a->time + ACL_REL_SCHED; | |
1513 | refire = B_TRUE; | |
1514 | break; | |
1515 | } | |
1516 | } | |
1517 | ||
1518 | if (refire) | |
57ddcda1 CC |
1519 | taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free, |
1520 | NULL, TQ_SLEEP, new_time); | |
8e71ab99 CC |
1521 | |
1522 | while (freelist) { | |
1523 | a = freelist; | |
1524 | freelist = a->next; | |
1525 | kfree(a->acl); | |
1526 | kmem_free(a, sizeof (struct acl_rel_struct)); | |
1527 | } | |
1528 | } | |
1529 | ||
1530 | void | |
1531 | zpl_posix_acl_release_impl(struct posix_acl *acl) | |
1532 | { | |
1533 | struct acl_rel_struct *a, **prev; | |
1534 | ||
1535 | a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP); | |
1536 | a->next = NULL; | |
1537 | a->acl = acl; | |
1538 | a->time = ddi_get_lbolt(); | |
1539 | /* atomically points tail to us and get the previous tail */ | |
1540 | prev = xchg(&acl_rel_tail, &a->next); | |
1541 | ASSERT3P(*prev, ==, NULL); | |
1542 | *prev = a; | |
1543 | /* if it was empty before, schedule the free task */ | |
1544 | if (prev == &acl_rel_head) | |
57ddcda1 CC |
1545 | taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free, |
1546 | NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED); | |
8e71ab99 CC |
1547 | } |
1548 | #endif |