]>
Commit | Line | Data |
---|---|---|
cc5f931c BB |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://www.opensolaris.org/os/licensing. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
22 | * Copyright (c) 2011, Lawrence Livermore National Security, LLC. | |
23 | * | |
24 | * Extended attributes (xattr) on Solaris are implemented as files | |
25 | * which exist in a hidden xattr directory. These extended attributes | |
26 | * can be accessed using the attropen() system call which opens | |
27 | * the extended attribute. It can then be manipulated just like | |
28 | * a standard file descriptor. This has a couple advantages such | |
29 | * as practically no size limit on the file, and the extended | |
30 | * attributes permissions may differ from those of the parent file. | |
31 | * This interface is really quite clever, but it's also completely | |
82a37189 BB |
32 | * different than what is supported on Linux. It also comes with a |
33 | * steep performance penalty when accessing small xattrs because they | |
34 | * are not stored with the parent file. | |
cc5f931c BB |
35 | * |
36 | * Under Linux extended attributes are manipulated by the system | |
37 | * calls getxattr(2), setxattr(2), and listxattr(2). They consider | |
38 | * extended attributes to be name/value pairs where the name is a | |
39 | * NULL terminated string. The name must also include one of the | |
82a37189 | 40 | * following namespace prefixes: |
cc5f931c BB |
41 | * |
42 | * user - No restrictions and is available to user applications. | |
43 | * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use. | |
44 | * system - Used for access control lists (system.nfs4_acl, etc). | |
45 | * security - Used by SELinux to store a files security context. | |
46 | * | |
82a37189 BB |
47 | * The value under Linux to limited to 65536 bytes of binary data. |
48 | * In practice, individual xattrs tend to be much smaller than this | |
49 | * and are typically less than 100 bytes. A good example of this | |
50 | * are the security.selinux xattrs which are less than 100 bytes and | |
51 | * exist for every file when xattr labeling is enabled. | |
cc5f931c | 52 | * |
82a37189 BB |
53 | * The Linux xattr implemenation has been written to take advantage of |
54 | * this typical usage. When the dataset property 'xattr=sa' is set, | |
55 | * then xattrs will be preferentially stored as System Attributes (SA). | |
56 | * This allows tiny xattrs (~100 bytes) to be stored with the dnode and | |
57 | * up to 64k of xattrs to be stored in the spill block. If additional | |
58 | * xattr space is required, which is unlikely under Linux, they will | |
59 | * be stored using the traditional directory approach. | |
cc5f931c | 60 | * |
82a37189 BB |
61 | * This optimization results in roughly a 3x performance improvement |
62 | * when accessing xattrs because it avoids the need to perform a seek | |
63 | * for every xattr value. When multiple xattrs are stored per-file | |
64 | * the performance improvements are even greater because all of the | |
65 | * xattrs stored in the spill block will be cached. | |
66 | * | |
67 | * However, by default SA based xattrs are disabled in the Linux port | |
68 | * to maximize compatibility with other implementations. If you do | |
69 | * enable SA based xattrs then they will not be visible on platforms | |
70 | * which do not support this feature. | |
71 | * | |
72 | * NOTE: One additional consequence of the xattr directory implementation | |
73 | * is that when an extended attribute is manipulated an inode is created. | |
74 | * This inode will exist in the Linux inode cache but there will be no | |
75 | * associated entry in the dentry cache which references it. This is | |
76 | * safe but it may result in some confusion. Enabling SA based xattrs | |
77 | * largely avoids the issue except in the overflow case. | |
cc5f931c BB |
78 | */ |
79 | ||
cc5f931c BB |
80 | #include <sys/zfs_vfsops.h> |
81 | #include <sys/zfs_vnops.h> | |
82 | #include <sys/zfs_znode.h> | |
83 | #include <sys/vfs.h> | |
84 | #include <sys/zpl.h> | |
85 | ||
86 | typedef struct xattr_filldir { | |
87 | size_t size; | |
88 | size_t offset; | |
89 | char *buf; | |
90 | struct inode *inode; | |
91 | } xattr_filldir_t; | |
92 | ||
93 | static int | |
94 | zpl_xattr_filldir(void *arg, const char *name, int name_len, | |
95 | loff_t offset, uint64_t objnum, unsigned int d_type) | |
96 | { | |
97 | xattr_filldir_t *xf = arg; | |
98 | ||
99 | if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) | |
2cf7f52b | 100 | if (!(ITOZSB(xf->inode)->z_flags & ZSB_XATTR)) |
cc5f931c BB |
101 | return (0); |
102 | ||
103 | if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) | |
104 | if (!capable(CAP_SYS_ADMIN)) | |
105 | return (0); | |
106 | ||
107 | /* When xf->buf is NULL only calculate the required size. */ | |
108 | if (xf->buf) { | |
109 | if (xf->offset + name_len + 1 > xf->size) | |
110 | return (-ERANGE); | |
111 | ||
112 | memcpy(xf->buf + xf->offset, name, name_len); | |
113 | xf->buf[xf->offset + name_len] = '\0'; | |
114 | } | |
115 | ||
116 | xf->offset += (name_len + 1); | |
117 | ||
118 | return (0); | |
119 | } | |
120 | ||
82a37189 BB |
121 | static ssize_t |
122 | zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr) | |
cc5f931c | 123 | { |
82a37189 | 124 | struct inode *ip = xf->inode; |
cc5f931c BB |
125 | struct inode *dxip = NULL; |
126 | loff_t pos = 3; /* skip '.', '..', and '.zfs' entries. */ | |
cc5f931c | 127 | int error; |
cc5f931c BB |
128 | |
129 | /* Lookup the xattr directory */ | |
130 | error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); | |
131 | if (error) { | |
132 | if (error == -ENOENT) | |
133 | error = 0; | |
134 | ||
82a37189 | 135 | return (error); |
cc5f931c BB |
136 | } |
137 | ||
138 | /* Fill provided buffer via zpl_zattr_filldir helper */ | |
82a37189 BB |
139 | error = -zfs_readdir(dxip, (void *)xf, zpl_xattr_filldir, &pos, cr); |
140 | iput(dxip); | |
141 | ||
142 | return (error); | |
143 | } | |
144 | ||
145 | static ssize_t | |
146 | zpl_xattr_list_sa(xattr_filldir_t *xf) | |
147 | { | |
148 | znode_t *zp = ITOZ(xf->inode); | |
149 | nvpair_t *nvp = NULL; | |
150 | int error = 0; | |
151 | ||
152 | mutex_enter(&zp->z_lock); | |
153 | if (zp->z_xattr_cached == NULL) | |
154 | error = -zfs_sa_get_xattr(zp); | |
155 | mutex_exit(&zp->z_lock); | |
156 | ||
157 | if (error) | |
158 | return (error); | |
159 | ||
160 | ASSERT(zp->z_xattr_cached); | |
161 | ||
162 | while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) { | |
163 | ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY); | |
164 | ||
165 | error = zpl_xattr_filldir((void *)xf, nvpair_name(nvp), | |
166 | strlen(nvpair_name(nvp)), 0, 0, 0); | |
167 | if (error) | |
168 | return (error); | |
169 | } | |
170 | ||
171 | return (0); | |
172 | } | |
173 | ||
174 | ssize_t | |
175 | zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size) | |
176 | { | |
177 | znode_t *zp = ITOZ(dentry->d_inode); | |
178 | zfs_sb_t *zsb = ZTOZSB(zp); | |
179 | xattr_filldir_t xf = { buffer_size, 0, buffer, dentry->d_inode }; | |
180 | cred_t *cr = CRED(); | |
181 | int error = 0; | |
182 | ||
183 | crhold(cr); | |
184 | rw_enter(&zp->z_xattr_lock, RW_READER); | |
185 | ||
186 | if (zsb->z_use_sa && zp->z_is_sa) { | |
187 | error = zpl_xattr_list_sa(&xf); | |
188 | if (error) | |
189 | goto out; | |
190 | } | |
191 | ||
192 | error = zpl_xattr_list_dir(&xf, cr); | |
cc5f931c BB |
193 | if (error) |
194 | goto out; | |
195 | ||
196 | error = xf.offset; | |
197 | out: | |
cc5f931c | 198 | |
82a37189 | 199 | rw_exit(&zp->z_xattr_lock); |
81e97e21 | 200 | crfree(cr); |
cc5f931c BB |
201 | |
202 | return (error); | |
203 | } | |
204 | ||
205 | static int | |
82a37189 BB |
206 | zpl_xattr_get_dir(struct inode *ip, const char *name, void *value, |
207 | size_t size, cred_t *cr) | |
cc5f931c BB |
208 | { |
209 | struct inode *dxip = NULL; | |
210 | struct inode *xip = NULL; | |
cc5f931c BB |
211 | int error; |
212 | ||
cc5f931c BB |
213 | /* Lookup the xattr directory */ |
214 | error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); | |
215 | if (error) | |
216 | goto out; | |
217 | ||
218 | /* Lookup a specific xattr name in the directory */ | |
219 | error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); | |
220 | if (error) | |
221 | goto out; | |
222 | ||
223 | if (!size) { | |
224 | error = i_size_read(xip); | |
225 | goto out; | |
226 | } | |
227 | ||
82a37189 | 228 | error = zpl_read_common(xip, value, size, 0, UIO_SYSSPACE, 0, cr); |
cc5f931c BB |
229 | out: |
230 | if (xip) | |
231 | iput(xip); | |
232 | ||
233 | if (dxip) | |
234 | iput(dxip); | |
235 | ||
82a37189 BB |
236 | return (error); |
237 | } | |
238 | ||
239 | static int | |
240 | zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size) | |
241 | { | |
242 | znode_t *zp = ITOZ(ip); | |
243 | uchar_t *nv_value; | |
244 | uint_t nv_size; | |
245 | int error = 0; | |
cc5f931c | 246 | |
82a37189 BB |
247 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); |
248 | ||
249 | mutex_enter(&zp->z_lock); | |
250 | if (zp->z_xattr_cached == NULL) | |
251 | error = -zfs_sa_get_xattr(zp); | |
252 | mutex_exit(&zp->z_lock); | |
253 | ||
254 | if (error) | |
255 | return (error); | |
256 | ||
257 | ASSERT(zp->z_xattr_cached); | |
258 | error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name, | |
259 | &nv_value, &nv_size); | |
260 | if (error) | |
261 | return (error); | |
262 | ||
263 | if (!size) | |
264 | return (nv_size); | |
265 | ||
266 | memcpy(value, nv_value, MIN(size, nv_size)); | |
267 | ||
268 | return (MIN(size, nv_size)); | |
269 | } | |
270 | ||
271 | static int | |
272 | __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size, | |
273 | cred_t *cr) | |
274 | { | |
275 | znode_t *zp = ITOZ(ip); | |
276 | zfs_sb_t *zsb = ZTOZSB(zp); | |
277 | int error; | |
278 | ||
279 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); | |
280 | ||
281 | if (zsb->z_use_sa && zp->z_is_sa) { | |
282 | error = zpl_xattr_get_sa(ip, name, value, size); | |
283 | if (error >= 0) | |
284 | goto out; | |
285 | } | |
286 | ||
287 | error = zpl_xattr_get_dir(ip, name, value, size, cr); | |
288 | out: | |
cc5f931c BB |
289 | if (error == -ENOENT) |
290 | error = -ENODATA; | |
291 | ||
292 | return (error); | |
293 | } | |
294 | ||
295 | static int | |
82a37189 BB |
296 | zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size) |
297 | { | |
298 | znode_t *zp = ITOZ(ip); | |
299 | cred_t *cr = CRED(); | |
300 | int error; | |
301 | ||
302 | crhold(cr); | |
303 | rw_enter(&zp->z_xattr_lock, RW_READER); | |
304 | error = __zpl_xattr_get(ip, name, value, size, cr); | |
305 | rw_exit(&zp->z_xattr_lock); | |
306 | crfree(cr); | |
307 | ||
308 | return (error); | |
309 | } | |
310 | ||
311 | static int | |
312 | zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value, | |
313 | size_t size, int flags, cred_t *cr) | |
cc5f931c BB |
314 | { |
315 | struct inode *dxip = NULL; | |
316 | struct inode *xip = NULL; | |
317 | vattr_t *vap = NULL; | |
cc5f931c BB |
318 | ssize_t wrote; |
319 | int error; | |
bec30953 | 320 | const int xattr_mode = S_IFREG | 0644; |
cc5f931c | 321 | |
cc5f931c BB |
322 | /* Lookup the xattr directory and create it if required. */ |
323 | error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR | CREATE_XATTR_DIR, | |
324 | cr, NULL, NULL); | |
325 | if (error) | |
326 | goto out; | |
327 | ||
82a37189 | 328 | /* Lookup a specific xattr name in the directory */ |
cc5f931c | 329 | error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); |
82a37189 BB |
330 | if (error && (error != -ENOENT)) |
331 | goto out; | |
cc5f931c | 332 | |
cc5f931c BB |
333 | error = 0; |
334 | ||
335 | /* Remove a specific name xattr when value is set to NULL. */ | |
336 | if (value == NULL) { | |
337 | if (xip) | |
338 | error = -zfs_remove(dxip, (char *)name, cr); | |
339 | ||
340 | goto out; | |
341 | } | |
342 | ||
343 | /* Lookup failed create a new xattr. */ | |
344 | if (xip == NULL) { | |
345 | vap = kmem_zalloc(sizeof(vattr_t), KM_SLEEP); | |
bec30953 | 346 | vap->va_mode = xattr_mode; |
cc5f931c | 347 | vap->va_mask = ATTR_MODE; |
81e97e21 BB |
348 | vap->va_uid = crgetfsuid(cr); |
349 | vap->va_gid = crgetfsgid(cr); | |
cc5f931c BB |
350 | |
351 | error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip, | |
352 | cr, 0, NULL); | |
353 | if (error) | |
354 | goto out; | |
355 | } | |
356 | ||
357 | ASSERT(xip != NULL); | |
bec30953 GB |
358 | |
359 | error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE); | |
360 | if (error) | |
361 | goto out; | |
362 | ||
cc5f931c BB |
363 | wrote = zpl_write_common(xip, value, size, 0, UIO_SYSSPACE, 0, cr); |
364 | if (wrote < 0) | |
365 | error = wrote; | |
366 | ||
367 | out: | |
368 | if (vap) | |
369 | kmem_free(vap, sizeof(vattr_t)); | |
370 | ||
371 | if (xip) | |
372 | iput(xip); | |
373 | ||
374 | if (dxip) | |
375 | iput(dxip); | |
376 | ||
cc5f931c BB |
377 | if (error == -ENOENT) |
378 | error = -ENODATA; | |
379 | ||
380 | ASSERT3S(error, <=, 0); | |
381 | ||
382 | return (error); | |
383 | } | |
384 | ||
82a37189 BB |
385 | static int |
386 | zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value, | |
387 | size_t size, int flags, cred_t *cr) | |
388 | { | |
389 | znode_t *zp = ITOZ(ip); | |
390 | nvlist_t *nvl; | |
391 | size_t sa_size; | |
392 | int error; | |
393 | ||
394 | ASSERT(zp->z_xattr_cached); | |
395 | nvl = zp->z_xattr_cached; | |
396 | ||
397 | if (value == NULL) { | |
398 | error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY); | |
399 | if (error == -ENOENT) | |
400 | error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr); | |
401 | } else { | |
402 | /* Limited to 32k to keep nvpair memory allocations small */ | |
403 | if (size > DXATTR_MAX_ENTRY_SIZE) | |
404 | return (-EFBIG); | |
405 | ||
406 | /* Prevent the DXATTR SA from consuming the entire SA region */ | |
407 | error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR); | |
408 | if (error) | |
409 | return (error); | |
410 | ||
411 | if (sa_size > DXATTR_MAX_SA_SIZE) | |
412 | return (-EFBIG); | |
413 | ||
414 | error = -nvlist_add_byte_array(nvl, name, | |
415 | (uchar_t *)value, size); | |
416 | if (error) | |
417 | return (error); | |
418 | } | |
419 | ||
420 | /* Update the SA for additions, modifications, and removals. */ | |
421 | if (!error) | |
422 | error = -zfs_sa_set_xattr(zp); | |
423 | ||
424 | ASSERT3S(error, <=, 0); | |
425 | ||
426 | return (error); | |
427 | } | |
428 | ||
429 | static int | |
430 | zpl_xattr_set(struct inode *ip, const char *name, const void *value, | |
431 | size_t size, int flags) | |
432 | { | |
433 | znode_t *zp = ITOZ(ip); | |
434 | zfs_sb_t *zsb = ZTOZSB(zp); | |
435 | cred_t *cr = CRED(); | |
436 | int error; | |
437 | ||
438 | crhold(cr); | |
439 | rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER); | |
440 | ||
441 | /* | |
442 | * Before setting the xattr check to see if it already exists. | |
443 | * This is done to ensure the following optional flags are honored. | |
444 | * | |
445 | * XATTR_CREATE: fail if xattr already exists | |
446 | * XATTR_REPLACE: fail if xattr does not exist | |
447 | */ | |
448 | error = __zpl_xattr_get(ip, name, NULL, 0, cr); | |
449 | if (error < 0) { | |
450 | if (error != -ENODATA) | |
451 | goto out; | |
452 | ||
453 | if ((error == -ENODATA) && (flags & XATTR_REPLACE)) | |
454 | goto out; | |
455 | } else { | |
456 | error = -EEXIST; | |
457 | if (flags & XATTR_CREATE) | |
458 | goto out; | |
459 | } | |
460 | ||
461 | /* Preferentially store the xattr as a SA for better performance */ | |
462 | if (zsb->z_use_sa && zsb->z_xattr_sa && zp->z_is_sa) { | |
463 | error = zpl_xattr_set_sa(ip, name, value, size, flags, cr); | |
464 | if (error == 0) | |
465 | goto out; | |
466 | } | |
467 | ||
468 | error = zpl_xattr_set_dir(ip, name, value, size, flags, cr); | |
469 | out: | |
470 | rw_exit(&ITOZ(ip)->z_xattr_lock); | |
471 | crfree(cr); | |
472 | ASSERT3S(error, <=, 0); | |
473 | ||
474 | return (error); | |
475 | } | |
476 | ||
cc5f931c | 477 | static int |
f9637c6c | 478 | __zpl_xattr_user_get(struct inode *ip, const char *name, |
82a37189 | 479 | void *value, size_t size) |
cc5f931c BB |
480 | { |
481 | char *xattr_name; | |
482 | int error; | |
483 | ||
484 | if (strcmp(name, "") == 0) | |
485 | return -EINVAL; | |
486 | ||
2cf7f52b | 487 | if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) |
cc5f931c BB |
488 | return -EOPNOTSUPP; |
489 | ||
490 | xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); | |
82a37189 | 491 | error = zpl_xattr_get(ip, xattr_name, value, size); |
cc5f931c BB |
492 | strfree(xattr_name); |
493 | ||
494 | return (error); | |
495 | } | |
f9637c6c | 496 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get); |
cc5f931c BB |
497 | |
498 | static int | |
f9637c6c | 499 | __zpl_xattr_user_set(struct inode *ip, const char *name, |
cc5f931c BB |
500 | const void *value, size_t size, int flags) |
501 | { | |
502 | char *xattr_name; | |
503 | int error; | |
504 | ||
505 | if (strcmp(name, "") == 0) | |
506 | return -EINVAL; | |
507 | ||
2cf7f52b | 508 | if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) |
cc5f931c BB |
509 | return -EOPNOTSUPP; |
510 | ||
511 | xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); | |
512 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
513 | strfree(xattr_name); | |
514 | ||
515 | return (error); | |
516 | } | |
f9637c6c | 517 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set); |
cc5f931c | 518 | |
777d4af8 | 519 | xattr_handler_t zpl_xattr_user_handler = { |
cc5f931c BB |
520 | .prefix = XATTR_USER_PREFIX, |
521 | .get = zpl_xattr_user_get, | |
522 | .set = zpl_xattr_user_set, | |
523 | }; | |
524 | ||
525 | static int | |
f9637c6c | 526 | __zpl_xattr_trusted_get(struct inode *ip, const char *name, |
82a37189 | 527 | void *value, size_t size) |
cc5f931c BB |
528 | { |
529 | char *xattr_name; | |
530 | int error; | |
531 | ||
532 | if (!capable(CAP_SYS_ADMIN)) | |
533 | return -EACCES; | |
534 | ||
535 | if (strcmp(name, "") == 0) | |
536 | return -EINVAL; | |
537 | ||
538 | xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); | |
82a37189 | 539 | error = zpl_xattr_get(ip, xattr_name, value, size); |
cc5f931c BB |
540 | strfree(xattr_name); |
541 | ||
542 | return (error); | |
543 | } | |
f9637c6c | 544 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get); |
cc5f931c BB |
545 | |
546 | static int | |
f9637c6c | 547 | __zpl_xattr_trusted_set(struct inode *ip, const char *name, |
cc5f931c BB |
548 | const void *value, size_t size, int flags) |
549 | { | |
550 | char *xattr_name; | |
551 | int error; | |
552 | ||
553 | if (!capable(CAP_SYS_ADMIN)) | |
554 | return -EACCES; | |
555 | ||
556 | if (strcmp(name, "") == 0) | |
557 | return -EINVAL; | |
558 | ||
559 | xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); | |
560 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
561 | strfree(xattr_name); | |
562 | ||
563 | return (error); | |
564 | } | |
f9637c6c | 565 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set); |
cc5f931c | 566 | |
777d4af8 | 567 | xattr_handler_t zpl_xattr_trusted_handler = { |
cc5f931c BB |
568 | .prefix = XATTR_TRUSTED_PREFIX, |
569 | .get = zpl_xattr_trusted_get, | |
570 | .set = zpl_xattr_trusted_set, | |
571 | }; | |
572 | ||
573 | static int | |
f9637c6c | 574 | __zpl_xattr_security_get(struct inode *ip, const char *name, |
82a37189 | 575 | void *value, size_t size) |
cc5f931c BB |
576 | { |
577 | char *xattr_name; | |
578 | int error; | |
579 | ||
580 | if (strcmp(name, "") == 0) | |
581 | return -EINVAL; | |
582 | ||
583 | xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); | |
82a37189 | 584 | error = zpl_xattr_get(ip, xattr_name, value, size); |
cc5f931c BB |
585 | strfree(xattr_name); |
586 | ||
587 | return (error); | |
588 | } | |
f9637c6c | 589 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get); |
cc5f931c BB |
590 | |
591 | static int | |
f9637c6c | 592 | __zpl_xattr_security_set(struct inode *ip, const char *name, |
cc5f931c BB |
593 | const void *value, size_t size, int flags) |
594 | { | |
595 | char *xattr_name; | |
596 | int error; | |
597 | ||
598 | if (strcmp(name, "") == 0) | |
599 | return -EINVAL; | |
600 | ||
601 | xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); | |
602 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
603 | strfree(xattr_name); | |
604 | ||
605 | return (error); | |
606 | } | |
f9637c6c | 607 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set); |
cc5f931c | 608 | |
166dd49d BB |
609 | #ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY |
610 | static int | |
611 | __zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs, | |
612 | void *fs_info) | |
613 | { | |
614 | const struct xattr *xattr; | |
615 | int error = 0; | |
616 | ||
617 | for (xattr = xattrs; xattr->name != NULL; xattr++) { | |
618 | error = __zpl_xattr_security_set(ip, | |
619 | xattr->name, xattr->value, xattr->value_len, 0); | |
620 | ||
621 | if (error < 0) | |
622 | break; | |
623 | } | |
624 | ||
96b91ef0 | 625 | return (error); |
166dd49d BB |
626 | } |
627 | ||
628 | int | |
629 | zpl_xattr_security_init(struct inode *ip, struct inode *dip, | |
630 | const struct qstr *qstr) | |
631 | { | |
632 | return security_inode_init_security(ip, dip, qstr, | |
633 | &__zpl_xattr_security_init, NULL); | |
634 | } | |
635 | ||
636 | #else | |
cc5f931c | 637 | int |
5c03efc3 BB |
638 | zpl_xattr_security_init(struct inode *ip, struct inode *dip, |
639 | const struct qstr *qstr) | |
cc5f931c | 640 | { |
96b91ef0 DH |
641 | int error; |
642 | size_t len; | |
643 | void *value; | |
644 | char *name; | |
cc5f931c | 645 | |
96b91ef0 DH |
646 | error = zpl_security_inode_init_security(ip, dip, qstr, |
647 | &name, &value, &len); | |
648 | if (error) { | |
649 | if (error == -EOPNOTSUPP) | |
650 | return 0; | |
651 | return (error); | |
652 | } | |
cc5f931c | 653 | |
f9637c6c | 654 | error = __zpl_xattr_security_set(ip, name, value, len, 0); |
cc5f931c | 655 | |
96b91ef0 DH |
656 | kfree(name); |
657 | kfree(value); | |
cc5f931c | 658 | |
96b91ef0 | 659 | return (error); |
cc5f931c | 660 | } |
166dd49d | 661 | #endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */ |
cc5f931c | 662 | |
777d4af8 | 663 | xattr_handler_t zpl_xattr_security_handler = { |
cc5f931c BB |
664 | .prefix = XATTR_SECURITY_PREFIX, |
665 | .get = zpl_xattr_security_get, | |
666 | .set = zpl_xattr_security_set, | |
667 | }; | |
668 | ||
777d4af8 | 669 | xattr_handler_t *zpl_xattr_handlers[] = { |
cc5f931c BB |
670 | &zpl_xattr_security_handler, |
671 | &zpl_xattr_trusted_handler, | |
672 | &zpl_xattr_user_handler, | |
673 | #ifdef HAVE_POSIX_ACLS | |
674 | &zpl_xattr_acl_access_handler, | |
96b91ef0 | 675 | &zpl_xattr_acl_default_handler, |
cc5f931c | 676 | #endif /* HAVE_POSIX_ACLS */ |
77a405ae | 677 | NULL |
cc5f931c | 678 | }; |