]> git.proxmox.com Git - mirror_zfs-debian.git/blame - module/zfs/zpl_xattr.c
projects / mirror_zfs-debian.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Imported Upstream version 0.6.5.7
[mirror_zfs-debian.git] / module / zfs / zpl_xattr.c
CommitLineData
cc5f931c
BB		 1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
23 *
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
82a37189
BB		 32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
cc5f931c
BB		 35 *
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
82a37189 40 * following namespace prefixes:
cc5f931c
BB		 41 *
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
46 *
82a37189
BB		 47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
cc5f931c 52 *
82a37189
BB		 53 * The Linux xattr implemenation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
cc5f931c 60 *
82a37189
BB		 61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
66 *
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
71 *
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
cc5f931c
BB		 78 */
79
cc5f931c
BB		 80#include <sys/zfs_vfsops.h>
81#include <sys/zfs_vnops.h>
82#include <sys/zfs_znode.h>
c06d4368 83#include <sys/zap.h>
cc5f931c
BB		 84#include <sys/vfs.h>
85#include <sys/zpl.h>
86
87typedef struct xattr_filldir {
88 size_t size;
89 size_t offset;
90 char *buf;
4d815aed 91 struct dentry *dentry;
cc5f931c
BB		 92} xattr_filldir_t;
93
4d815aed
AX		 94static const struct xattr_handler *zpl_xattr_handler(const char *);
95
cc5f931c 96static int
4d815aed 97zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len)
cc5f931c 98{
4d815aed
AX		 99 static const struct xattr_handler *handler;
100 struct dentry *d = xf->dentry;
cc5f931c 101
4d815aed
AX		 102 handler = zpl_xattr_handler(name);
103 if (!handler)
104 return (0);
105
106 if (handler->list) {
107#if defined(HAVE_XATTR_LIST_SIMPLE)
108 if (!handler->list(d))
109 return (0);
110#elif defined(HAVE_XATTR_LIST_DENTRY)
111 if (!handler->list(d, NULL, 0, name, name_len, 0))
112 return (0);
113#elif defined(HAVE_XATTR_LIST_HANDLER)
114 if (!handler->list(handler, d, NULL, 0, name, name_len))
cc5f931c 115 return (0);
4d815aed
AX		 116#elif defined(HAVE_XATTR_LIST_INODE)
117 if (!handler->list(d->d_inode, NULL, 0, name, name_len))
118 return (0);
119#endif
120 }
121
122 return (1);
123}
124
125/*
126 * Determine is a given xattr name should be visible and if so copy it
127 * in to the provided buffer (xf->buf).
128 */
129static int
130zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
131{
132 /* Check permissions using the per-namespace list xattr handler. */
133 if (!zpl_xattr_permission(xf, name, name_len))
134 return (0);
cc5f931c
BB		 135
136 /* When xf->buf is NULL only calculate the required size. */
137 if (xf->buf) {
138 if (xf->offset + name_len + 1 > xf->size)
139 return (-ERANGE);
140
141 memcpy(xf->buf + xf->offset, name, name_len);
142 xf->buf[xf->offset + name_len] = '\0';
143 }
144
145 xf->offset += (name_len + 1);
146
147 return (0);
148}
149
c06d4368
AX		 150/*
151 * Read as many directory entry names as will fit in to the provided buffer,
152 * or when no buffer is provided calculate the required buffer size.
153 */
154int
155zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
156{
157 zap_cursor_t zc;
158 zap_attribute_t zap;
159 int error;
160
161 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
162
163 while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) {
164
165 if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
166 error = -ENXIO;
167 break;
168 }
169
170 error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name));
171 if (error)
172 break;
173
174 zap_cursor_advance(&zc);
175 }
176
177 zap_cursor_fini(&zc);
178
179 if (error == -ENOENT)
180 error = 0;
181
182 return (error);
183}
184
82a37189
BB		 185static ssize_t
186zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
cc5f931c 187{
4d815aed 188 struct inode *ip = xf->dentry->d_inode;
cc5f931c 189 struct inode *dxip = NULL;
cc5f931c 190 int error;
cc5f931c
BB		 191
192 /* Lookup the xattr directory */
193 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
194 if (error) {
195 if (error == -ENOENT)
196 error = 0;
197
82a37189 198 return (error);
cc5f931c
BB		 199 }
200
c06d4368 201 error = zpl_xattr_readdir(dxip, xf);
82a37189
BB		 202 iput(dxip);
203
204 return (error);
205}
206
207static ssize_t
208zpl_xattr_list_sa(xattr_filldir_t *xf)
209{
4d815aed 210 znode_t *zp = ITOZ(xf->dentry->d_inode);
82a37189
BB		 211 nvpair_t *nvp = NULL;
212 int error = 0;
213
214 mutex_enter(&zp->z_lock);
215 if (zp->z_xattr_cached == NULL)
216 error = -zfs_sa_get_xattr(zp);
217 mutex_exit(&zp->z_lock);
218
219 if (error)
220 return (error);
221
222 ASSERT(zp->z_xattr_cached);
223
224 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
225 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
226
c06d4368 227 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
a08ee875 228 strlen(nvpair_name(nvp)));
82a37189
BB		 229 if (error)
230 return (error);
231 }
232
233 return (0);
234}
235
236ssize_t
237zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
238{
239 znode_t *zp = ITOZ(dentry->d_inode);
240 zfs_sb_t *zsb = ZTOZSB(zp);
4d815aed 241 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry };
82a37189 242 cred_t *cr = CRED();
ea04106b 243 fstrans_cookie_t cookie;
82a37189
BB		 244 int error = 0;
245
246 crhold(cr);
ea04106b 247 cookie = spl_fstrans_mark();
94a40997 248 rrm_enter_read(&(zsb)->z_teardown_lock, FTAG);
82a37189
BB		 249 rw_enter(&zp->z_xattr_lock, RW_READER);
250
251 if (zsb->z_use_sa && zp->z_is_sa) {
252 error = zpl_xattr_list_sa(&xf);
253 if (error)
254 goto out;
255 }
256
257 error = zpl_xattr_list_dir(&xf, cr);
cc5f931c
BB		 258 if (error)
259 goto out;
260
261 error = xf.offset;
262out:
cc5f931c 263
82a37189 264 rw_exit(&zp->z_xattr_lock);
94a40997 265 rrm_exit(&(zsb)->z_teardown_lock, FTAG);
ea04106b 266 spl_fstrans_unmark(cookie);
81e97e21 267 crfree(cr);
cc5f931c
BB		 268
269 return (error);
270}
271
272static int
82a37189
BB		 273zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
274 size_t size, cred_t *cr)
cc5f931c
BB		 275{
276 struct inode *dxip = NULL;
277 struct inode *xip = NULL;
ea04106b 278 loff_t pos = 0;
cc5f931c
BB		 279 int error;
280
cc5f931c
BB		 281 /* Lookup the xattr directory */
282 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
283 if (error)
284 goto out;
285
286 /* Lookup a specific xattr name in the directory */
287 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
288 if (error)
289 goto out;
290
291 if (!size) {
292 error = i_size_read(xip);
293 goto out;
294 }
295
c06d4368
AX		 296 if (size < i_size_read(xip)) {
297 error = -ERANGE;
298 goto out;
299 }
300
ea04106b 301 error = zpl_read_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr);
cc5f931c
BB		 302out:
303 if (xip)
304 iput(xip);
305
306 if (dxip)
307 iput(dxip);
308
82a37189
BB		 309 return (error);
310}
311
312static int
313zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
314{
315 znode_t *zp = ITOZ(ip);
316 uchar_t *nv_value;
317 uint_t nv_size;
318 int error = 0;
cc5f931c 319
82a37189
BB		 320 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
321
322 mutex_enter(&zp->z_lock);
323 if (zp->z_xattr_cached == NULL)
324 error = -zfs_sa_get_xattr(zp);
325 mutex_exit(&zp->z_lock);
326
327 if (error)
328 return (error);
329
330 ASSERT(zp->z_xattr_cached);
331 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
332 &nv_value, &nv_size);
333 if (error)
334 return (error);
335
336 if (!size)
337 return (nv_size);
338
c06d4368
AX		 339 if (size < nv_size)
340 return (-ERANGE);
341
342 memcpy(value, nv_value, nv_size);
82a37189 343
c06d4368 344 return (nv_size);
82a37189
BB		 345}
346
347static int
348__zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
349 cred_t *cr)
350{
351 znode_t *zp = ITOZ(ip);
352 zfs_sb_t *zsb = ZTOZSB(zp);
353 int error;
354
355 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
356
357 if (zsb->z_use_sa && zp->z_is_sa) {
358 error = zpl_xattr_get_sa(ip, name, value, size);
c06d4368 359 if (error != -ENOENT)
82a37189
BB		 360 goto out;
361 }
362
363 error = zpl_xattr_get_dir(ip, name, value, size, cr);
364out:
cc5f931c
BB		 365 if (error == -ENOENT)
366 error = -ENODATA;
367
368 return (error);
369}
370
4d815aed
AX		 371#define XATTR_NOENT 0x0
372#define XATTR_IN_SA 0x1
373#define XATTR_IN_DIR 0x2
374/* check where the xattr resides */
375static int
376__zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr)
377{
378 znode_t *zp = ITOZ(ip);
379 zfs_sb_t *zsb = ZTOZSB(zp);
380 int error;
381
382 ASSERT(where);
383 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
384
385 *where = XATTR_NOENT;
386 if (zsb->z_use_sa && zp->z_is_sa) {
387 error = zpl_xattr_get_sa(ip, name, NULL, 0);
388 if (error >= 0)
389 *where |= XATTR_IN_SA;
390 else if (error != -ENOENT)
391 return (error);
392 }
393
394 error = zpl_xattr_get_dir(ip, name, NULL, 0, cr);
395 if (error >= 0)
396 *where |= XATTR_IN_DIR;
397 else if (error != -ENOENT)
398 return (error);
399
400 if (*where == (XATTR_IN_SA|XATTR_IN_DIR))
401 cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\""
402 " in both SA and dir", ip, name);
403 if (*where == XATTR_NOENT)
404 error = -ENODATA;
405 else
406 error = 0;
407 return (error);
408}
409
cc5f931c 410static int
82a37189
BB		 411zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
412{
413 znode_t *zp = ITOZ(ip);
94a40997 414 zfs_sb_t *zsb = ZTOZSB(zp);
82a37189 415 cred_t *cr = CRED();
ea04106b 416 fstrans_cookie_t cookie;
82a37189
BB		 417 int error;
418
419 crhold(cr);
ea04106b 420 cookie = spl_fstrans_mark();
94a40997 421 rrm_enter_read(&(zsb)->z_teardown_lock, FTAG);
82a37189
BB		 422 rw_enter(&zp->z_xattr_lock, RW_READER);
423 error = __zpl_xattr_get(ip, name, value, size, cr);
424 rw_exit(&zp->z_xattr_lock);
94a40997 425 rrm_exit(&(zsb)->z_teardown_lock, FTAG);
ea04106b 426 spl_fstrans_unmark(cookie);
82a37189
BB		 427 crfree(cr);
428
429 return (error);
430}
431
432static int
433zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
434 size_t size, int flags, cred_t *cr)
cc5f931c
BB		 435{
436 struct inode *dxip = NULL;
437 struct inode *xip = NULL;
438 vattr_t *vap = NULL;
cc5f931c 439 ssize_t wrote;
a08ee875 440 int lookup_flags, error;
bec30953 441 const int xattr_mode = S_IFREG | 0644;
ea04106b 442 loff_t pos = 0;
cc5f931c 443
a08ee875
LG		 444 /*
445 * Lookup the xattr directory. When we're adding an entry pass
446 * CREATE_XATTR_DIR to ensure the xattr directory is created.
447 * When removing an entry this flag is not passed to avoid
448 * unnecessarily creating a new xattr directory.
449 */
450 lookup_flags = LOOKUP_XATTR;
451 if (value != NULL)
452 lookup_flags |= CREATE_XATTR_DIR;
453
454 error = -zfs_lookup(ip, NULL, &dxip, lookup_flags, cr, NULL, NULL);
cc5f931c
BB		 455 if (error)
456 goto out;
457
82a37189 458 /* Lookup a specific xattr name in the directory */
cc5f931c 459 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
82a37189
BB		 460 if (error && (error != -ENOENT))
461 goto out;
cc5f931c 462
cc5f931c
BB		 463 error = 0;
464
465 /* Remove a specific name xattr when value is set to NULL. */
466 if (value == NULL) {
467 if (xip)
468 error = -zfs_remove(dxip, (char *)name, cr);
469
470 goto out;
471 }
472
473 /* Lookup failed create a new xattr. */
474 if (xip == NULL) {
a08ee875 475 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
bec30953 476 vap->va_mode = xattr_mode;
cc5f931c 477 vap->va_mask = ATTR_MODE;
81e97e21
BB		 478 vap->va_uid = crgetfsuid(cr);
479 vap->va_gid = crgetfsgid(cr);
cc5f931c
BB		 480
481 error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip,
482 cr, 0, NULL);
483 if (error)
484 goto out;
485 }
486
487 ASSERT(xip != NULL);
bec30953
GB		 488
489 error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE);
490 if (error)
491 goto out;
492
ea04106b 493 wrote = zpl_write_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr);
cc5f931c
BB		 494 if (wrote < 0)
495 error = wrote;
496
497out:
498 if (vap)
a08ee875 499 kmem_free(vap, sizeof (vattr_t));
cc5f931c
BB		 500
501 if (xip)
502 iput(xip);
503
504 if (dxip)
505 iput(dxip);
506
cc5f931c
BB		 507 if (error == -ENOENT)
508 error = -ENODATA;
509
510 ASSERT3S(error, <=, 0);
511
512 return (error);
513}
514
82a37189
BB		 515static int
516zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
517 size_t size, int flags, cred_t *cr)
518{
519 znode_t *zp = ITOZ(ip);
520 nvlist_t *nvl;
521 size_t sa_size;
4d815aed
AX		 522 int error = 0;
523
524 mutex_enter(&zp->z_lock);
525 if (zp->z_xattr_cached == NULL)
526 error = -zfs_sa_get_xattr(zp);
527 mutex_exit(&zp->z_lock);
528
529 if (error)
530 return (error);
82a37189
BB		 531
532 ASSERT(zp->z_xattr_cached);
533 nvl = zp->z_xattr_cached;
534
535 if (value == NULL) {
536 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
537 if (error == -ENOENT)
538 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
539 } else {
540 /* Limited to 32k to keep nvpair memory allocations small */
541 if (size > DXATTR_MAX_ENTRY_SIZE)
542 return (-EFBIG);
543
544 /* Prevent the DXATTR SA from consuming the entire SA region */
545 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
546 if (error)
547 return (error);
548
549 if (sa_size > DXATTR_MAX_SA_SIZE)
550 return (-EFBIG);
551
552 error = -nvlist_add_byte_array(nvl, name,
553 (uchar_t *)value, size);
82a37189
BB		 554 }
555
4d815aed
AX		 556 /*
557 * Update the SA for additions, modifications, and removals. On
558 * error drop the inconsistent cached version of the nvlist, it
559 * will be reconstructed from the ARC when next accessed.
560 */
561 if (error == 0)
82a37189
BB		 562 error = -zfs_sa_set_xattr(zp);
563
4d815aed
AX		 564 if (error) {
565 nvlist_free(nvl);
566 zp->z_xattr_cached = NULL;
567 }
568
82a37189
BB		 569 ASSERT3S(error, <=, 0);
570
571 return (error);
572}
573
574static int
575zpl_xattr_set(struct inode *ip, const char *name, const void *value,
576 size_t size, int flags)
577{
578 znode_t *zp = ITOZ(ip);
579 zfs_sb_t *zsb = ZTOZSB(zp);
580 cred_t *cr = CRED();
ea04106b 581 fstrans_cookie_t cookie;
4d815aed 582 int where;
82a37189
BB		 583 int error;
584
585 crhold(cr);
ea04106b 586 cookie = spl_fstrans_mark();
94a40997 587 rrm_enter_read(&(zsb)->z_teardown_lock, FTAG);
82a37189
BB		 588 rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER);
589
590 /*
591 * Before setting the xattr check to see if it already exists.
592 * This is done to ensure the following optional flags are honored.
593 *
594 * XATTR_CREATE: fail if xattr already exists
595 * XATTR_REPLACE: fail if xattr does not exist
4d815aed
AX		 596 *
597 * We also want to know if it resides in sa or dir, so we can make
598 * sure we don't end up with duplicate in both places.
82a37189 599 */
4d815aed 600 error = __zpl_xattr_where(ip, name, &where, cr);
82a37189
BB		 601 if (error < 0) {
602 if (error != -ENODATA)
603 goto out;
a08ee875
LG		 604 if (flags & XATTR_REPLACE)
605 goto out;
606
607 /* The xattr to be removed already doesn't exist */
608 error = 0;
609 if (value == NULL)
82a37189
BB		 610 goto out;
611 } else {
612 error = -EEXIST;
613 if (flags & XATTR_CREATE)
614 goto out;
615 }
616
617 /* Preferentially store the xattr as a SA for better performance */
4d815aed
AX		 618 if (zsb->z_use_sa && zp->z_is_sa &&
619 (zsb->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) {
82a37189 620 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
4d815aed
AX		 621 if (error == 0) {
622 /*
623 * Successfully put into SA, we need to clear the one
624 * in dir.
625 */
626 if (where & XATTR_IN_DIR)
627 zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr);
82a37189 628 goto out;
4d815aed 629 }
82a37189
BB		 630 }
631
632 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
4d815aed
AX		 633 /*
634 * Successfully put into dir, we need to clear the one in SA.
635 */
636 if (error == 0 && (where & XATTR_IN_SA))
637 zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr);
82a37189
BB		 638out:
639 rw_exit(&ITOZ(ip)->z_xattr_lock);
94a40997 640 rrm_exit(&(zsb)->z_teardown_lock, FTAG);
ea04106b 641 spl_fstrans_unmark(cookie);
82a37189
BB		 642 crfree(cr);
643 ASSERT3S(error, <=, 0);
644
645 return (error);
646}
647
4d815aed
AX		 648/*
649 * Extended user attributes
650 *
651 * "Extended user attributes may be assigned to files and directories for
652 * storing arbitrary additional information such as the mime type,
653 * character set or encoding of a file. The access permissions for user
654 * attributes are defined by the file permission bits: read permission
655 * is required to retrieve the attribute value, and writer permission is
656 * required to change it.
657 *
658 * The file permission bits of regular files and directories are
659 * interpreted differently from the file permission bits of special
660 * files and symbolic links. For regular files and directories the file
661 * permission bits define access to the file's contents, while for
662 * device special files they define access to the device described by
663 * the special file. The file permissions of symbolic links are not
664 * used in access checks. These differences would allow users to
665 * consume filesystem resources in a way not controllable by disk quotas
666 * for group or world writable special files and directories.
667 *
668 * For this reason, extended user attributes are allowed only for
669 * regular files and directories, and access to extended user attributes
670 * is restricted to the owner and to users with appropriate capabilities
671 * for directories with the sticky bit set (see the chmod(1) manual page
672 * for an explanation of the sticky bit)." - xattr(7)
673 *
674 * ZFS allows extended user attributes to be disabled administratively
675 * by setting the 'xattr=off' property on the dataset.
676 */
677static int
678__zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size,
679 const char *name, size_t name_len)
680{
681 return (ITOZSB(ip)->z_flags & ZSB_XATTR);
682}
683ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list);
684
cc5f931c 685static int
f9637c6c 686__zpl_xattr_user_get(struct inode *ip, const char *name,
82a37189 687 void *value, size_t size)
cc5f931c
BB		 688{
689 char *xattr_name;
690 int error;
5eacc075
AX		 691 /* xattr_resolve_name will do this for us if this is defined */
692#ifndef HAVE_XATTR_HANDLER_NAME
cc5f931c 693 if (strcmp(name, "") == 0)
a08ee875 694 return (-EINVAL);
5eacc075 695#endif
2cf7f52b 696 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
a08ee875 697 return (-EOPNOTSUPP);
cc5f931c
BB		 698
699 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
82a37189 700 error = zpl_xattr_get(ip, xattr_name, value, size);
cc5f931c
BB		 701 strfree(xattr_name);
702
703 return (error);
704}
f9637c6c 705ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
cc5f931c
BB		 706
707static int
f9637c6c 708__zpl_xattr_user_set(struct inode *ip, const char *name,
cc5f931c
BB		 709 const void *value, size_t size, int flags)
710{
711 char *xattr_name;
712 int error;
5eacc075
AX		 713 /* xattr_resolve_name will do this for us if this is defined */
714#ifndef HAVE_XATTR_HANDLER_NAME
cc5f931c 715 if (strcmp(name, "") == 0)
a08ee875 716 return (-EINVAL);
5eacc075 717#endif
2cf7f52b 718 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
a08ee875 719 return (-EOPNOTSUPP);
cc5f931c
BB		 720
721 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
722 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
723 strfree(xattr_name);
724
725 return (error);
726}
f9637c6c 727ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
cc5f931c 728
4d815aed
AX		 729xattr_handler_t zpl_xattr_user_handler =
730{
cc5f931c 731 .prefix = XATTR_USER_PREFIX,
4d815aed 732 .list = zpl_xattr_user_list,
cc5f931c
BB		 733 .get = zpl_xattr_user_get,
734 .set = zpl_xattr_user_set,
735};
736
4d815aed
AX		 737/*
738 * Trusted extended attributes
739 *
740 * "Trusted extended attributes are visible and accessible only to
741 * processes that have the CAP_SYS_ADMIN capability. Attributes in this
742 * class are used to implement mechanisms in user space (i.e., outside
743 * the kernel) which keep information in extended attributes to which
744 * ordinary processes should not have access." - xattr(7)
745 */
746static int
747__zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size,
748 const char *name, size_t name_len)
749{
750 return (capable(CAP_SYS_ADMIN));
751}
752ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list);
753
cc5f931c 754static int
f9637c6c 755__zpl_xattr_trusted_get(struct inode *ip, const char *name,
82a37189 756 void *value, size_t size)
cc5f931c
BB		 757{
758 char *xattr_name;
759 int error;
760
761 if (!capable(CAP_SYS_ADMIN))
a08ee875 762 return (-EACCES);
5eacc075
AX		 763 /* xattr_resolve_name will do this for us if this is defined */
764#ifndef HAVE_XATTR_HANDLER_NAME
cc5f931c 765 if (strcmp(name, "") == 0)
a08ee875 766 return (-EINVAL);
5eacc075 767#endif
cc5f931c 768 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
82a37189 769 error = zpl_xattr_get(ip, xattr_name, value, size);
cc5f931c
BB		 770 strfree(xattr_name);
771
772 return (error);
773}
f9637c6c 774ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
cc5f931c
BB		 775
776static int
f9637c6c 777__zpl_xattr_trusted_set(struct inode *ip, const char *name,
cc5f931c
BB		 778 const void *value, size_t size, int flags)
779{
780 char *xattr_name;
781 int error;
782
783 if (!capable(CAP_SYS_ADMIN))
a08ee875 784 return (-EACCES);
5eacc075
AX		 785 /* xattr_resolve_name will do this for us if this is defined */
786#ifndef HAVE_XATTR_HANDLER_NAME
cc5f931c 787 if (strcmp(name, "") == 0)
a08ee875 788 return (-EINVAL);
5eacc075 789#endif
cc5f931c
BB		 790 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
791 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
792 strfree(xattr_name);
793
794 return (error);
795}
f9637c6c 796ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
cc5f931c 797
4d815aed
AX		 798xattr_handler_t zpl_xattr_trusted_handler =
799{
cc5f931c 800 .prefix = XATTR_TRUSTED_PREFIX,
4d815aed 801 .list = zpl_xattr_trusted_list,
cc5f931c
BB		 802 .get = zpl_xattr_trusted_get,
803 .set = zpl_xattr_trusted_set,
804};
805
4d815aed
AX		 806/*
807 * Extended security attributes
808 *
809 * "The security attribute namespace is used by kernel security modules,
810 * such as Security Enhanced Linux, and also to implement file
811 * capabilities (see capabilities(7)). Read and write access
812 * permissions to security attributes depend on the policy implemented
813 * for each security attribute by the security module. When no security
814 * module is loaded, all processes have read access to extended security
815 * attributes, and write access is limited to processes that have the
816 * CAP_SYS_ADMIN capability." - xattr(7)
817 */
818static int
819__zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size,
820 const char *name, size_t name_len)
821{
822 return (1);
823}
824ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list);
825
cc5f931c 826static int
f9637c6c 827__zpl_xattr_security_get(struct inode *ip, const char *name,
82a37189 828 void *value, size_t size)
cc5f931c
BB		 829{
830 char *xattr_name;
831 int error;
5eacc075
AX		 832 /* xattr_resolve_name will do this for us if this is defined */
833#ifndef HAVE_XATTR_HANDLER_NAME
cc5f931c 834 if (strcmp(name, "") == 0)
a08ee875 835 return (-EINVAL);
5eacc075 836#endif
cc5f931c 837 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
82a37189 838 error = zpl_xattr_get(ip, xattr_name, value, size);
cc5f931c
BB		 839 strfree(xattr_name);
840
841 return (error);
842}
f9637c6c 843ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
cc5f931c
BB		 844
845static int
f9637c6c 846__zpl_xattr_security_set(struct inode *ip, const char *name,
cc5f931c
BB		 847 const void *value, size_t size, int flags)
848{
849 char *xattr_name;
850 int error;
5eacc075
AX		 851 /* xattr_resolve_name will do this for us if this is defined */
852#ifndef HAVE_XATTR_HANDLER_NAME
cc5f931c 853 if (strcmp(name, "") == 0)
a08ee875 854 return (-EINVAL);
5eacc075 855#endif
cc5f931c
BB		 856 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
857 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
858 strfree(xattr_name);
859
860 return (error);
861}
f9637c6c 862ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
cc5f931c 863
166dd49d
BB		 864#ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY
865static int
866__zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs,
867 void *fs_info)
868{
869 const struct xattr *xattr;
870 int error = 0;
871
872 for (xattr = xattrs; xattr->name != NULL; xattr++) {
873 error = __zpl_xattr_security_set(ip,
874 xattr->name, xattr->value, xattr->value_len, 0);
875
876 if (error < 0)
877 break;
878 }
879
96b91ef0 880 return (error);
166dd49d
BB		 881}
882
883int
884zpl_xattr_security_init(struct inode *ip, struct inode *dip,
885 const struct qstr *qstr)
886{
887 return security_inode_init_security(ip, dip, qstr,
888 &__zpl_xattr_security_init, NULL);
889}
890
891#else
cc5f931c 892int
5c03efc3
BB		 893zpl_xattr_security_init(struct inode *ip, struct inode *dip,
894 const struct qstr *qstr)
cc5f931c 895{
96b91ef0
DH		 896 int error;
897 size_t len;
898 void *value;
899 char *name;
cc5f931c 900
96b91ef0 901 error = zpl_security_inode_init_security(ip, dip, qstr,
a08ee875 902 &name, &value, &len);
96b91ef0
DH		 903 if (error) {
904 if (error == -EOPNOTSUPP)
a08ee875
LG		 905 return (0);
906
96b91ef0
DH		 907 return (error);
908 }
cc5f931c 909
f9637c6c 910 error = __zpl_xattr_security_set(ip, name, value, len, 0);
cc5f931c 911
96b91ef0
DH		 912 kfree(name);
913 kfree(value);
cc5f931c 914
96b91ef0 915 return (error);
cc5f931c 916}
166dd49d 917#endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */
cc5f931c 918
4d815aed
AX		 919/*
920 * Security xattr namespace handlers.
921 */
777d4af8 922xattr_handler_t zpl_xattr_security_handler = {
cc5f931c 923 .prefix = XATTR_SECURITY_PREFIX,
4d815aed 924 .list = zpl_xattr_security_list,
cc5f931c
BB		 925 .get = zpl_xattr_security_get,
926 .set = zpl_xattr_security_set,
927};
928
4d815aed
AX		 929/*
930 * Extended system attributes
931 *
932 * "Extended system attributes are used by the kernel to store system
933 * objects such as Access Control Lists. Read and write access permissions
934 * to system attributes depend on the policy implemented for each system
935 * attribute implemented by filesystems in the kernel." - xattr(7)
936 */
a08ee875 937#ifdef CONFIG_FS_POSIX_ACL
a08ee875
LG		 938int
939zpl_set_acl(struct inode *ip, int type, struct posix_acl *acl)
940{
941 struct super_block *sb = ITOZSB(ip)->z_sb;
942 char *name, *value = NULL;
943 int error = 0;
944 size_t size = 0;
945
946 if (S_ISLNK(ip->i_mode))
947 return (-EOPNOTSUPP);
948
949 switch (type) {
950 case ACL_TYPE_ACCESS:
4d815aed 951 name = XATTR_NAME_POSIX_ACL_ACCESS;
a08ee875
LG		 952 if (acl) {
953 zpl_equivmode_t mode = ip->i_mode;
954 error = posix_acl_equiv_mode(acl, &mode);
955 if (error < 0) {
956 return (error);
957 } else {
958 /*
959 * The mode bits will have been set by
960 * ->zfs_setattr()->zfs_acl_chmod_setattr()
961 * using the ZFS ACL conversion. If they
962 * differ from the Posix ACL conversion dirty
963 * the inode to write the Posix mode bits.
964 */
965 if (ip->i_mode != mode) {
966 ip->i_mode = mode;
967 ip->i_ctime = current_fs_time(sb);
ea04106b 968 zfs_mark_inode_dirty(ip);
a08ee875
LG		 969 }
970
971 if (error == 0)
972 acl = NULL;
973 }
974 }
975 break;
976
977 case ACL_TYPE_DEFAULT:
5eacc075 978 name = XATTR_NAME_POSIX_ACL_DEFAULT;
a08ee875
LG		 979 if (!S_ISDIR(ip->i_mode))
980 return (acl ? -EACCES : 0);
981 break;
982
983 default:
984 return (-EINVAL);
985 }
986
987 if (acl) {
988 size = posix_acl_xattr_size(acl->a_count);
989 value = kmem_alloc(size, KM_SLEEP);
990
991 error = zpl_acl_to_xattr(acl, value, size);
992 if (error < 0) {
993 kmem_free(value, size);
994 return (error);
995 }
996 }
997
998 error = zpl_xattr_set(ip, name, value, size, 0);
999 if (value)
1000 kmem_free(value, size);
1001
1002 if (!error) {
1003 if (acl)
1004 zpl_set_cached_acl(ip, type, acl);
1005 else
1006 zpl_forget_cached_acl(ip, type);
1007 }
1008
1009 return (error);
1010}
1011
1012struct posix_acl *
1013zpl_get_acl(struct inode *ip, int type)
1014{
1015 struct posix_acl *acl;
1016 void *value = NULL;
1017 char *name;
1018 int size;
1019
1020#ifdef HAVE_POSIX_ACL_CACHING
1021 acl = get_cached_acl(ip, type);
1022 if (acl != ACL_NOT_CACHED)
1023 return (acl);
1024#endif /* HAVE_POSIX_ACL_CACHING */
1025
1026 switch (type) {
1027 case ACL_TYPE_ACCESS:
4d815aed 1028 name = XATTR_NAME_POSIX_ACL_ACCESS;
a08ee875
LG		 1029 break;
1030 case ACL_TYPE_DEFAULT:
4d815aed 1031 name = XATTR_NAME_POSIX_ACL_DEFAULT;
a08ee875
LG		 1032 break;
1033 default:
1034 return (ERR_PTR(-EINVAL));
1035 }
1036
1037 size = zpl_xattr_get(ip, name, NULL, 0);
1038 if (size > 0) {
ea04106b 1039 value = kmem_alloc(size, KM_SLEEP);
a08ee875
LG		 1040 size = zpl_xattr_get(ip, name, value, size);
1041 }
1042
1043 if (size > 0) {
1044 acl = zpl_acl_from_xattr(value, size);
1045 } else if (size == -ENODATA || size == -ENOSYS) {
1046 acl = NULL;
1047 } else {
1048 acl = ERR_PTR(-EIO);
1049 }
1050
1051 if (size > 0)
1052 kmem_free(value, size);
1053
1054 if (!IS_ERR(acl))
1055 zpl_set_cached_acl(ip, type, acl);
1056
1057 return (acl);
1058}
1059
1060#if !defined(HAVE_GET_ACL)
1061static int
1062__zpl_check_acl(struct inode *ip, int mask)
1063{
1064 struct posix_acl *acl;
1065 int error;
1066
1067 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
1068 if (IS_ERR(acl))
1069 return (PTR_ERR(acl));
1070
1071 if (acl) {
1072 error = posix_acl_permission(ip, acl, mask);
1073 zpl_posix_acl_release(acl);
1074 return (error);
1075 }
1076
1077 return (-EAGAIN);
1078}
1079
1080#if defined(HAVE_CHECK_ACL_WITH_FLAGS)
1081int
1082zpl_check_acl(struct inode *ip, int mask, unsigned int flags)
1083{
1084 return (__zpl_check_acl(ip, mask));
1085}
1086#elif defined(HAVE_CHECK_ACL)
1087int
1088zpl_check_acl(struct inode *ip, int mask)
1089{
1090 return (__zpl_check_acl(ip, mask));
1091}
1092#elif defined(HAVE_PERMISSION_WITH_NAMEIDATA)
1093int
1094zpl_permission(struct inode *ip, int mask, struct nameidata *nd)
1095{
1096 return (generic_permission(ip, mask, __zpl_check_acl));
1097}
1098#elif defined(HAVE_PERMISSION)
1099int
1100zpl_permission(struct inode *ip, int mask)
1101{
1102 return (generic_permission(ip, mask, __zpl_check_acl));
1103}
1104#endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */
1105#endif /* !HAVE_GET_ACL */
1106
1107int
1108zpl_init_acl(struct inode *ip, struct inode *dir)
1109{
1110 struct posix_acl *acl = NULL;
1111 int error = 0;
1112
1113 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1114 return (0);
1115
1116 if (!S_ISLNK(ip->i_mode)) {
1117 if (ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) {
1118 acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT);
1119 if (IS_ERR(acl))
1120 return (PTR_ERR(acl));
1121 }
1122
1123 if (!acl) {
1124 ip->i_mode &= ~current_umask();
1125 ip->i_ctime = current_fs_time(ITOZSB(ip)->z_sb);
ea04106b 1126 zfs_mark_inode_dirty(ip);
a08ee875
LG		 1127 return (0);
1128 }
1129 }
1130
1131 if ((ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) && acl) {
1132 umode_t mode;
1133
1134 if (S_ISDIR(ip->i_mode)) {
1135 error = zpl_set_acl(ip, ACL_TYPE_DEFAULT, acl);
1136 if (error)
1137 goto out;
1138 }
1139
1140 mode = ip->i_mode;
ea04106b 1141 error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
a08ee875
LG		 1142 if (error >= 0) {
1143 ip->i_mode = mode;
ea04106b 1144 zfs_mark_inode_dirty(ip);
a08ee875
LG		 1145 if (error > 0)
1146 error = zpl_set_acl(ip, ACL_TYPE_ACCESS, acl);
1147 }
1148 }
1149out:
1150 zpl_posix_acl_release(acl);
1151
1152 return (error);
1153}
1154
1155int
1156zpl_chmod_acl(struct inode *ip)
1157{
1158 struct posix_acl *acl;
1159 int error;
1160
1161 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1162 return (0);
1163
1164 if (S_ISLNK(ip->i_mode))
1165 return (-EOPNOTSUPP);
1166
1167 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
1168 if (IS_ERR(acl) || !acl)
1169 return (PTR_ERR(acl));
1170
ea04106b 1171 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
a08ee875
LG		 1172 if (!error)
1173 error = zpl_set_acl(ip, ACL_TYPE_ACCESS, acl);
1174
1175 zpl_posix_acl_release(acl);
1176
1177 return (error);
1178}
1179
4d815aed
AX		 1180static int
1181__zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1182 const char *name, size_t name_len)
a08ee875 1183{
4d815aed
AX		 1184 char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS;
1185 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS);
a08ee875
LG		 1186
1187 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1188 return (0);
1189
a08ee875
LG		 1190 if (list && xattr_size <= list_size)
1191 memcpy(list, xattr_name, xattr_size);
1192
1193 return (xattr_size);
1194}
4d815aed 1195ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access);
a08ee875 1196
4d815aed
AX		 1197static int
1198__zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1199 const char *name, size_t name_len)
94a40997 1200{
4d815aed
AX		 1201 char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT;
1202 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT);
94a40997 1203
4d815aed
AX		 1204 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1205 return (0);
a08ee875 1206
4d815aed
AX		 1207 if (list && xattr_size <= list_size)
1208 memcpy(list, xattr_name, xattr_size);
a08ee875 1209
4d815aed 1210 return (xattr_size);
a08ee875 1211}
4d815aed 1212ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default);
a08ee875
LG		 1213
1214static int
4d815aed
AX		 1215__zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1216 void *buffer, size_t size)
a08ee875
LG		 1217{
1218 struct posix_acl *acl;
4d815aed 1219 int type = ACL_TYPE_ACCESS;
a08ee875 1220 int error;
5eacc075
AX		 1221 /* xattr_resolve_name will do this for us if this is defined */
1222#ifndef HAVE_XATTR_HANDLER_NAME
a08ee875
LG		 1223 if (strcmp(name, "") != 0)
1224 return (-EINVAL);
5eacc075 1225#endif
a08ee875
LG		 1226 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1227 return (-EOPNOTSUPP);
1228
1229 acl = zpl_get_acl(ip, type);
1230 if (IS_ERR(acl))
1231 return (PTR_ERR(acl));
1232 if (acl == NULL)
1233 return (-ENODATA);
1234
1235 error = zpl_acl_to_xattr(acl, buffer, size);
1236 zpl_posix_acl_release(acl);
1237
1238 return (error);
1239}
4d815aed 1240ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access);
a08ee875
LG		 1241
1242static int
4d815aed
AX		 1243__zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1244 void *buffer, size_t size)
a08ee875 1245{
4d815aed
AX		 1246 struct posix_acl *acl;
1247 int type = ACL_TYPE_DEFAULT;
1248 int error;
5eacc075
AX		 1249 /* xattr_resolve_name will do this for us if this is defined */
1250#ifndef HAVE_XATTR_HANDLER_NAME
4d815aed
AX		 1251 if (strcmp(name, "") != 0)
1252 return (-EINVAL);
5eacc075 1253#endif
4d815aed
AX		 1254 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1255 return (-EOPNOTSUPP);
94a40997 1256
4d815aed
AX		 1257 acl = zpl_get_acl(ip, type);
1258 if (IS_ERR(acl))
1259 return (PTR_ERR(acl));
1260 if (acl == NULL)
1261 return (-ENODATA);
a08ee875 1262
4d815aed
AX		 1263 error = zpl_acl_to_xattr(acl, buffer, size);
1264 zpl_posix_acl_release(acl);
a08ee875 1265
4d815aed 1266 return (error);
a08ee875 1267}
4d815aed 1268ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default);
a08ee875
LG		 1269
1270static int
4d815aed
AX		 1271__zpl_xattr_acl_set_access(struct inode *ip, const char *name,
1272 const void *value, size_t size, int flags)
a08ee875
LG		 1273{
1274 struct posix_acl *acl;
4d815aed 1275 int type = ACL_TYPE_ACCESS;
a08ee875 1276 int error = 0;
5eacc075
AX		 1277 /* xattr_resolve_name will do this for us if this is defined */
1278#ifndef HAVE_XATTR_HANDLER_NAME
a08ee875
LG		 1279 if (strcmp(name, "") != 0)
1280 return (-EINVAL);
5eacc075 1281#endif
a08ee875
LG		 1282 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1283 return (-EOPNOTSUPP);
1284
1285 if (!zpl_inode_owner_or_capable(ip))
1286 return (-EPERM);
1287
1288 if (value) {
1289 acl = zpl_acl_from_xattr(value, size);
1290 if (IS_ERR(acl))
1291 return (PTR_ERR(acl));
1292 else if (acl) {
1293 error = posix_acl_valid(acl);
1294 if (error) {
1295 zpl_posix_acl_release(acl);
1296 return (error);
1297 }
1298 }
1299 } else {
1300 acl = NULL;
1301 }
1302
1303 error = zpl_set_acl(ip, type, acl);
1304 zpl_posix_acl_release(acl);
1305
1306 return (error);
1307}
4d815aed 1308ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access);
a08ee875 1309
a08ee875 1310static int
4d815aed
AX		 1311__zpl_xattr_acl_set_default(struct inode *ip, const char *name,
1312 const void *value, size_t size, int flags)
a08ee875 1313{
4d815aed
AX		 1314 struct posix_acl *acl;
1315 int type = ACL_TYPE_DEFAULT;
1316 int error = 0;
5eacc075
AX		 1317 /* xattr_resolve_name will do this for us if this is defined */
1318#ifndef HAVE_XATTR_HANDLER_NAME
4d815aed
AX		 1319 if (strcmp(name, "") != 0)
1320 return (-EINVAL);
5eacc075 1321#endif
4d815aed
AX		 1322 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1323 return (-EOPNOTSUPP);
94a40997 1324
4d815aed
AX		 1325 if (!zpl_inode_owner_or_capable(ip))
1326 return (-EPERM);
94a40997 1327
4d815aed
AX		 1328 if (value) {
1329 acl = zpl_acl_from_xattr(value, size);
1330 if (IS_ERR(acl))
1331 return (PTR_ERR(acl));
1332 else if (acl) {
1333 error = posix_acl_valid(acl);
1334 if (error) {
1335 zpl_posix_acl_release(acl);
1336 return (error);
1337 }
1338 }
1339 } else {
1340 acl = NULL;
1341 }
a08ee875 1342
4d815aed
AX		 1343 error = zpl_set_acl(ip, type, acl);
1344 zpl_posix_acl_release(acl);
a08ee875 1345
4d815aed 1346 return (error);
a08ee875 1347}
4d815aed 1348ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default);
a08ee875 1349
4d815aed
AX		 1350/*
1351 * ACL access xattr namespace handlers.
5eacc075
AX		 1352 *
1353 * Use .name instead of .prefix when available. xattr_resolve_name will match
1354 * whole name and reject anything that has .name only as prefix.
4d815aed
AX		 1355 */
1356xattr_handler_t zpl_xattr_acl_access_handler =
a08ee875 1357{
5eacc075
AX		 1358#ifdef HAVE_XATTR_HANDLER_NAME
1359 .name = XATTR_NAME_POSIX_ACL_ACCESS,
1360#else
4d815aed 1361 .prefix = XATTR_NAME_POSIX_ACL_ACCESS,
5eacc075 1362#endif
a08ee875
LG		 1363 .list = zpl_xattr_acl_list_access,
1364 .get = zpl_xattr_acl_get_access,
1365 .set = zpl_xattr_acl_set_access,
4d815aed
AX		 1366#if defined(HAVE_XATTR_LIST_SIMPLE) || \
1367 defined(HAVE_XATTR_LIST_DENTRY) || \
1368 defined(HAVE_XATTR_LIST_HANDLER)
a08ee875 1369 .flags = ACL_TYPE_ACCESS,
4d815aed 1370#endif
a08ee875
LG		 1371};
1372
4d815aed
AX		 1373/*
1374 * ACL default xattr namespace handlers.
5eacc075
AX		 1375 *
1376 * Use .name instead of .prefix when available. xattr_resolve_name will match
1377 * whole name and reject anything that has .name only as prefix.
4d815aed
AX		 1378 */
1379xattr_handler_t zpl_xattr_acl_default_handler =
a08ee875 1380{
5eacc075
AX		 1381#ifdef HAVE_XATTR_HANDLER_NAME
1382 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
1383#else
4d815aed 1384 .prefix = XATTR_NAME_POSIX_ACL_DEFAULT,
5eacc075 1385#endif
a08ee875
LG		 1386 .list = zpl_xattr_acl_list_default,
1387 .get = zpl_xattr_acl_get_default,
1388 .set = zpl_xattr_acl_set_default,
4d815aed
AX		 1389#if defined(HAVE_XATTR_LIST_SIMPLE) || \
1390 defined(HAVE_XATTR_LIST_DENTRY) || \
1391 defined(HAVE_XATTR_LIST_HANDLER)
a08ee875 1392 .flags = ACL_TYPE_DEFAULT,
4d815aed 1393#endif
a08ee875
LG		 1394};
1395
1396#endif /* CONFIG_FS_POSIX_ACL */
1397
777d4af8 1398xattr_handler_t *zpl_xattr_handlers[] = {
cc5f931c
BB		 1399 &zpl_xattr_security_handler,
1400 &zpl_xattr_trusted_handler,
1401 &zpl_xattr_user_handler,
a08ee875 1402#ifdef CONFIG_FS_POSIX_ACL
cc5f931c 1403 &zpl_xattr_acl_access_handler,
96b91ef0 1404 &zpl_xattr_acl_default_handler,
a08ee875 1405#endif /* CONFIG_FS_POSIX_ACL */
77a405ae 1406 NULL
cc5f931c 1407};
4d815aed
AX		 1408
1409static const struct xattr_handler *
1410zpl_xattr_handler(const char *name)
1411{
1412 if (strncmp(name, XATTR_USER_PREFIX,
1413 XATTR_USER_PREFIX_LEN) == 0)
1414 return (&zpl_xattr_user_handler);
1415
1416 if (strncmp(name, XATTR_TRUSTED_PREFIX,
1417 XATTR_TRUSTED_PREFIX_LEN) == 0)
1418 return (&zpl_xattr_trusted_handler);
1419
1420 if (strncmp(name, XATTR_SECURITY_PREFIX,
1421 XATTR_SECURITY_PREFIX_LEN) == 0)
1422 return (&zpl_xattr_security_handler);
1423
1424#ifdef CONFIG_FS_POSIX_ACL
1425 if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
1426 sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0)
1427 return (&zpl_xattr_acl_access_handler);
1428
1429 if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1430 sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0)
1431 return (&zpl_xattr_acl_default_handler);
1432#endif /* CONFIG_FS_POSIX_ACL */
1433
1434 return (NULL);
1435}
Mirror of ZFSOnLinux for Debian