]> git.proxmox.com Git - mirror_zfs.git/blame - module/zfs/zpl_xattr.c
projects / mirror_zfs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cstyle: Allow spaces in all comments
[mirror_zfs.git] / module / zfs / zpl_xattr.c
CommitLineData
cc5f931c
BB		 1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
23 *
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
82a37189
BB		 32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
cc5f931c
BB		 35 *
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
82a37189 40 * following namespace prefixes:
cc5f931c
BB		 41 *
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
46 *
82a37189
BB		 47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
cc5f931c 52 *
82a37189
BB		 53 * The Linux xattr implemenation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
cc5f931c 60 *
82a37189
BB		 61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
66 *
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
71 *
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
cc5f931c
BB		 78 */
79
cc5f931c
BB		 80#include <sys/zfs_vfsops.h>
81#include <sys/zfs_vnops.h>
82#include <sys/zfs_znode.h>
0f37d0c8 83#include <sys/zap.h>
cc5f931c
BB		 84#include <sys/vfs.h>
85#include <sys/zpl.h>
86
87typedef struct xattr_filldir {
88 size_t size;
89 size_t offset;
90 char *buf;
91 struct inode *inode;
92} xattr_filldir_t;
93
94static int
0f37d0c8 95zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
cc5f931c 96{
cc5f931c 97 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
2cf7f52b 98 if (!(ITOZSB(xf->inode)->z_flags & ZSB_XATTR))
cc5f931c
BB		 99 return (0);
100
101 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
102 if (!capable(CAP_SYS_ADMIN))
103 return (0);
104
105 /* When xf->buf is NULL only calculate the required size. */
106 if (xf->buf) {
107 if (xf->offset + name_len + 1 > xf->size)
108 return (-ERANGE);
109
110 memcpy(xf->buf + xf->offset, name, name_len);
111 xf->buf[xf->offset + name_len] = '\0';
112 }
113
114 xf->offset += (name_len + 1);
115
116 return (0);
117}
118
0f37d0c8
RY		 119/*
120 * Read as many directory entry names as will fit in to the provided buffer,
121 * or when no buffer is provided calculate the required buffer size.
122 */
123int
124zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
125{
126 zap_cursor_t zc;
127 zap_attribute_t zap;
128 int error;
129
130 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
131
132 while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) {
133
134 if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
135 error = -ENXIO;
136 break;
137 }
138
139 error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name));
140 if (error)
141 break;
142
143 zap_cursor_advance(&zc);
144 }
145
146 zap_cursor_fini(&zc);
147
148 if (error == -ENOENT)
149 error = 0;
150
151 return (error);
152}
153
82a37189
BB		 154static ssize_t
155zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
cc5f931c 156{
82a37189 157 struct inode *ip = xf->inode;
cc5f931c 158 struct inode *dxip = NULL;
cc5f931c 159 int error;
cc5f931c
BB		 160
161 /* Lookup the xattr directory */
162 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
163 if (error) {
164 if (error == -ENOENT)
165 error = 0;
166
82a37189 167 return (error);
cc5f931c
BB		 168 }
169
0f37d0c8 170 error = zpl_xattr_readdir(dxip, xf);
82a37189
BB		 171 iput(dxip);
172
173 return (error);
174}
175
176static ssize_t
177zpl_xattr_list_sa(xattr_filldir_t *xf)
178{
179 znode_t *zp = ITOZ(xf->inode);
180 nvpair_t *nvp = NULL;
181 int error = 0;
182
183 mutex_enter(&zp->z_lock);
184 if (zp->z_xattr_cached == NULL)
185 error = -zfs_sa_get_xattr(zp);
186 mutex_exit(&zp->z_lock);
187
188 if (error)
189 return (error);
190
191 ASSERT(zp->z_xattr_cached);
192
193 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
194 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
195
0f37d0c8
RY		 196 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
197 strlen(nvpair_name(nvp)));
82a37189
BB		 198 if (error)
199 return (error);
200 }
201
202 return (0);
203}
204
205ssize_t
206zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
207{
208 znode_t *zp = ITOZ(dentry->d_inode);
209 zfs_sb_t *zsb = ZTOZSB(zp);
210 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry->d_inode };
211 cred_t *cr = CRED();
212 int error = 0;
213
214 crhold(cr);
215 rw_enter(&zp->z_xattr_lock, RW_READER);
216
217 if (zsb->z_use_sa && zp->z_is_sa) {
218 error = zpl_xattr_list_sa(&xf);
219 if (error)
220 goto out;
221 }
222
223 error = zpl_xattr_list_dir(&xf, cr);
cc5f931c
BB		 224 if (error)
225 goto out;
226
227 error = xf.offset;
228out:
cc5f931c 229
82a37189 230 rw_exit(&zp->z_xattr_lock);
81e97e21 231 crfree(cr);
cc5f931c
BB		 232
233 return (error);
234}
235
236static int
82a37189
BB		 237zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
238 size_t size, cred_t *cr)
cc5f931c
BB		 239{
240 struct inode *dxip = NULL;
241 struct inode *xip = NULL;
cc5f931c
BB		 242 int error;
243
cc5f931c
BB		 244 /* Lookup the xattr directory */
245 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
246 if (error)
247 goto out;
248
249 /* Lookup a specific xattr name in the directory */
250 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
251 if (error)
252 goto out;
253
254 if (!size) {
255 error = i_size_read(xip);
256 goto out;
257 }
258
f7064211
BB		 259 if (size < i_size_read(xip)) {
260 error = -ERANGE;
261 goto out;
262 }
263
82a37189 264 error = zpl_read_common(xip, value, size, 0, UIO_SYSSPACE, 0, cr);
cc5f931c
BB		 265out:
266 if (xip)
267 iput(xip);
268
269 if (dxip)
270 iput(dxip);
271
82a37189
BB		 272 return (error);
273}
274
275static int
276zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
277{
278 znode_t *zp = ITOZ(ip);
279 uchar_t *nv_value;
280 uint_t nv_size;
281 int error = 0;
cc5f931c 282
82a37189
BB		 283 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
284
285 mutex_enter(&zp->z_lock);
286 if (zp->z_xattr_cached == NULL)
287 error = -zfs_sa_get_xattr(zp);
288 mutex_exit(&zp->z_lock);
289
290 if (error)
291 return (error);
292
293 ASSERT(zp->z_xattr_cached);
294 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
295 &nv_value, &nv_size);
296 if (error)
297 return (error);
298
299 if (!size)
300 return (nv_size);
301
f7064211
BB		 302 if (size < nv_size)
303 return (-ERANGE);
304
305 memcpy(value, nv_value, nv_size);
82a37189 306
f7064211 307 return (nv_size);
82a37189
BB		 308}
309
310static int
311__zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
312 cred_t *cr)
313{
314 znode_t *zp = ITOZ(ip);
315 zfs_sb_t *zsb = ZTOZSB(zp);
316 int error;
317
318 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
319
320 if (zsb->z_use_sa && zp->z_is_sa) {
321 error = zpl_xattr_get_sa(ip, name, value, size);
0377189b 322 if (error != -ENOENT)
82a37189
BB		 323 goto out;
324 }
325
326 error = zpl_xattr_get_dir(ip, name, value, size, cr);
327out:
cc5f931c
BB		 328 if (error == -ENOENT)
329 error = -ENODATA;
330
331 return (error);
332}
333
334static int
82a37189
BB		 335zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
336{
337 znode_t *zp = ITOZ(ip);
338 cred_t *cr = CRED();
339 int error;
340
341 crhold(cr);
342 rw_enter(&zp->z_xattr_lock, RW_READER);
343 error = __zpl_xattr_get(ip, name, value, size, cr);
344 rw_exit(&zp->z_xattr_lock);
345 crfree(cr);
346
347 return (error);
348}
349
350static int
351zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
352 size_t size, int flags, cred_t *cr)
cc5f931c
BB		 353{
354 struct inode *dxip = NULL;
355 struct inode *xip = NULL;
356 vattr_t *vap = NULL;
cc5f931c 357 ssize_t wrote;
fc9e0530 358 int lookup_flags, error;
bec30953 359 const int xattr_mode = S_IFREG | 0644;
cc5f931c 360
fc9e0530
BB		 361 /*
362 * Lookup the xattr directory. When we're adding an entry pass
363 * CREATE_XATTR_DIR to ensure the xattr directory is created.
364 * When removing an entry this flag is not passed to avoid
365 * unnecessarily creating a new xattr directory.
366 */
367 lookup_flags = LOOKUP_XATTR;
368 if (value != NULL)
369 lookup_flags |= CREATE_XATTR_DIR;
370
371 error = -zfs_lookup(ip, NULL, &dxip, lookup_flags, cr, NULL, NULL);
cc5f931c
BB		 372 if (error)
373 goto out;
374
82a37189 375 /* Lookup a specific xattr name in the directory */
cc5f931c 376 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
82a37189
BB		 377 if (error && (error != -ENOENT))
378 goto out;
cc5f931c 379
cc5f931c
BB		 380 error = 0;
381
382 /* Remove a specific name xattr when value is set to NULL. */
383 if (value == NULL) {
384 if (xip)
385 error = -zfs_remove(dxip, (char *)name, cr);
386
387 goto out;
388 }
389
390 /* Lookup failed create a new xattr. */
391 if (xip == NULL) {
392 vap = kmem_zalloc(sizeof(vattr_t), KM_SLEEP);
bec30953 393 vap->va_mode = xattr_mode;
cc5f931c 394 vap->va_mask = ATTR_MODE;
81e97e21
BB		 395 vap->va_uid = crgetfsuid(cr);
396 vap->va_gid = crgetfsgid(cr);
cc5f931c
BB		 397
398 error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip,
399 cr, 0, NULL);
400 if (error)
401 goto out;
402 }
403
404 ASSERT(xip != NULL);
bec30953
GB		 405
406 error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE);
407 if (error)
408 goto out;
409
cc5f931c
BB		 410 wrote = zpl_write_common(xip, value, size, 0, UIO_SYSSPACE, 0, cr);
411 if (wrote < 0)
412 error = wrote;
413
414out:
415 if (vap)
416 kmem_free(vap, sizeof(vattr_t));
417
418 if (xip)
419 iput(xip);
420
421 if (dxip)
422 iput(dxip);
423
cc5f931c
BB		 424 if (error == -ENOENT)
425 error = -ENODATA;
426
427 ASSERT3S(error, <=, 0);
428
429 return (error);
430}
431
82a37189
BB		 432static int
433zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
434 size_t size, int flags, cred_t *cr)
435{
436 znode_t *zp = ITOZ(ip);
437 nvlist_t *nvl;
438 size_t sa_size;
439 int error;
440
441 ASSERT(zp->z_xattr_cached);
442 nvl = zp->z_xattr_cached;
443
444 if (value == NULL) {
445 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
446 if (error == -ENOENT)
447 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
448 } else {
449 /* Limited to 32k to keep nvpair memory allocations small */
450 if (size > DXATTR_MAX_ENTRY_SIZE)
451 return (-EFBIG);
452
453 /* Prevent the DXATTR SA from consuming the entire SA region */
454 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
455 if (error)
456 return (error);
457
458 if (sa_size > DXATTR_MAX_SA_SIZE)
459 return (-EFBIG);
460
461 error = -nvlist_add_byte_array(nvl, name,
462 (uchar_t *)value, size);
463 if (error)
464 return (error);
465 }
466
467 /* Update the SA for additions, modifications, and removals. */
468 if (!error)
469 error = -zfs_sa_set_xattr(zp);
470
471 ASSERT3S(error, <=, 0);
472
473 return (error);
474}
475
476static int
477zpl_xattr_set(struct inode *ip, const char *name, const void *value,
478 size_t size, int flags)
479{
480 znode_t *zp = ITOZ(ip);
481 zfs_sb_t *zsb = ZTOZSB(zp);
482 cred_t *cr = CRED();
483 int error;
484
485 crhold(cr);
486 rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER);
487
488 /*
489 * Before setting the xattr check to see if it already exists.
490 * This is done to ensure the following optional flags are honored.
491 *
492 * XATTR_CREATE: fail if xattr already exists
493 * XATTR_REPLACE: fail if xattr does not exist
494 */
495 error = __zpl_xattr_get(ip, name, NULL, 0, cr);
496 if (error < 0) {
497 if (error != -ENODATA)
498 goto out;
499
fc9e0530
BB		 500 if (flags & XATTR_REPLACE)
501 goto out;
502
503 /* The xattr to be removed already doesn't exist */
504 error = 0;
505 if (value == NULL)
82a37189
BB		 506 goto out;
507 } else {
508 error = -EEXIST;
509 if (flags & XATTR_CREATE)
510 goto out;
511 }
512
513 /* Preferentially store the xattr as a SA for better performance */
514 if (zsb->z_use_sa && zsb->z_xattr_sa && zp->z_is_sa) {
515 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
516 if (error == 0)
517 goto out;
518 }
519
520 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
521out:
522 rw_exit(&ITOZ(ip)->z_xattr_lock);
523 crfree(cr);
524 ASSERT3S(error, <=, 0);
525
526 return (error);
527}
528
cc5f931c 529static int
f9637c6c 530__zpl_xattr_user_get(struct inode *ip, const char *name,
82a37189 531 void *value, size_t size)
cc5f931c
BB		 532{
533 char *xattr_name;
534 int error;
535
536 if (strcmp(name, "") == 0)
537 return -EINVAL;
538
2cf7f52b 539 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
cc5f931c
BB		 540 return -EOPNOTSUPP;
541
542 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
82a37189 543 error = zpl_xattr_get(ip, xattr_name, value, size);
cc5f931c
BB		 544 strfree(xattr_name);
545
546 return (error);
547}
f9637c6c 548ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
cc5f931c
BB		 549
550static int
f9637c6c 551__zpl_xattr_user_set(struct inode *ip, const char *name,
cc5f931c
BB		 552 const void *value, size_t size, int flags)
553{
554 char *xattr_name;
555 int error;
556
557 if (strcmp(name, "") == 0)
558 return -EINVAL;
559
2cf7f52b 560 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
cc5f931c
BB		 561 return -EOPNOTSUPP;
562
563 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
564 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
565 strfree(xattr_name);
566
567 return (error);
568}
f9637c6c 569ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
cc5f931c 570
777d4af8 571xattr_handler_t zpl_xattr_user_handler = {
cc5f931c
BB		 572 .prefix = XATTR_USER_PREFIX,
573 .get = zpl_xattr_user_get,
574 .set = zpl_xattr_user_set,
575};
576
577static int
f9637c6c 578__zpl_xattr_trusted_get(struct inode *ip, const char *name,
82a37189 579 void *value, size_t size)
cc5f931c
BB		 580{
581 char *xattr_name;
582 int error;
583
584 if (!capable(CAP_SYS_ADMIN))
585 return -EACCES;
586
587 if (strcmp(name, "") == 0)
588 return -EINVAL;
589
590 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
82a37189 591 error = zpl_xattr_get(ip, xattr_name, value, size);
cc5f931c
BB		 592 strfree(xattr_name);
593
594 return (error);
595}
f9637c6c 596ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
cc5f931c
BB		 597
598static int
f9637c6c 599__zpl_xattr_trusted_set(struct inode *ip, const char *name,
cc5f931c
BB		 600 const void *value, size_t size, int flags)
601{
602 char *xattr_name;
603 int error;
604
605 if (!capable(CAP_SYS_ADMIN))
606 return -EACCES;
607
608 if (strcmp(name, "") == 0)
609 return -EINVAL;
610
611 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
612 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
613 strfree(xattr_name);
614
615 return (error);
616}
f9637c6c 617ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
cc5f931c 618
777d4af8 619xattr_handler_t zpl_xattr_trusted_handler = {
cc5f931c
BB		 620 .prefix = XATTR_TRUSTED_PREFIX,
621 .get = zpl_xattr_trusted_get,
622 .set = zpl_xattr_trusted_set,
623};
624
625static int
f9637c6c 626__zpl_xattr_security_get(struct inode *ip, const char *name,
82a37189 627 void *value, size_t size)
cc5f931c
BB		 628{
629 char *xattr_name;
630 int error;
631
632 if (strcmp(name, "") == 0)
633 return -EINVAL;
634
635 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
82a37189 636 error = zpl_xattr_get(ip, xattr_name, value, size);
cc5f931c
BB		 637 strfree(xattr_name);
638
639 return (error);
640}
f9637c6c 641ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
cc5f931c
BB		 642
643static int
f9637c6c 644__zpl_xattr_security_set(struct inode *ip, const char *name,
cc5f931c
BB		 645 const void *value, size_t size, int flags)
646{
647 char *xattr_name;
648 int error;
649
650 if (strcmp(name, "") == 0)
651 return -EINVAL;
652
653 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
654 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
655 strfree(xattr_name);
656
657 return (error);
658}
f9637c6c 659ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
cc5f931c 660
166dd49d
BB		 661#ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY
662static int
663__zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs,
664 void *fs_info)
665{
666 const struct xattr *xattr;
667 int error = 0;
668
669 for (xattr = xattrs; xattr->name != NULL; xattr++) {
670 error = __zpl_xattr_security_set(ip,
671 xattr->name, xattr->value, xattr->value_len, 0);
672
673 if (error < 0)
674 break;
675 }
676
96b91ef0 677 return (error);
166dd49d
BB		 678}
679
680int
681zpl_xattr_security_init(struct inode *ip, struct inode *dip,
682 const struct qstr *qstr)
683{
684 return security_inode_init_security(ip, dip, qstr,
685 &__zpl_xattr_security_init, NULL);
686}
687
688#else
cc5f931c 689int
5c03efc3
BB		 690zpl_xattr_security_init(struct inode *ip, struct inode *dip,
691 const struct qstr *qstr)
cc5f931c 692{
96b91ef0
DH		 693 int error;
694 size_t len;
695 void *value;
696 char *name;
cc5f931c 697
96b91ef0
DH		 698 error = zpl_security_inode_init_security(ip, dip, qstr,
699 &name, &value, &len);
700 if (error) {
701 if (error == -EOPNOTSUPP)
702 return 0;
703 return (error);
704 }
cc5f931c 705
f9637c6c 706 error = __zpl_xattr_security_set(ip, name, value, len, 0);
cc5f931c 707
96b91ef0
DH		 708 kfree(name);
709 kfree(value);
cc5f931c 710
96b91ef0 711 return (error);
cc5f931c 712}
166dd49d 713#endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */
cc5f931c 714
777d4af8 715xattr_handler_t zpl_xattr_security_handler = {
cc5f931c
BB		 716 .prefix = XATTR_SECURITY_PREFIX,
717 .get = zpl_xattr_security_get,
718 .set = zpl_xattr_security_set,
719};
720
b695c34e
MM		 721#ifdef CONFIG_FS_POSIX_ACL
722
023699cd
MM		 723int
724zpl_set_acl(struct inode *ip, int type, struct posix_acl *acl)
725{
726 struct super_block *sb = ITOZSB(ip)->z_sb;
727 char *name, *value = NULL;
728 int error = 0;
729 size_t size = 0;
730
731 if (S_ISLNK(ip->i_mode))
732 return (-EOPNOTSUPP);
733
734 switch(type) {
735 case ACL_TYPE_ACCESS:
736 name = POSIX_ACL_XATTR_ACCESS;
737 if (acl) {
738 zpl_equivmode_t mode = ip->i_mode;
739 error = posix_acl_equiv_mode(acl, &mode);
740 if (error < 0) {
741 return (error);
742 } else {
743 /*
744 * The mode bits will have been set by
745 * ->zfs_setattr()->zfs_acl_chmod_setattr()
746 * using the ZFS ACL conversion. If they
747 * differ from the Posix ACL conversion dirty
748 * the inode to write the Posix mode bits.
749 */
750 if (ip->i_mode != mode) {
751 ip->i_mode = mode;
752 ip->i_ctime = current_fs_time(sb);
753 mark_inode_dirty(ip);
754 }
755
756 if (error == 0)
757 acl = NULL;
758 }
759 }
760 break;
761
762 case ACL_TYPE_DEFAULT:
763 name = POSIX_ACL_XATTR_DEFAULT;
764 if (!S_ISDIR(ip->i_mode))
765 return (acl ? -EACCES : 0);
766 break;
767
768 default:
769 return (-EINVAL);
770 }
771
772 if (acl) {
773 size = posix_acl_xattr_size(acl->a_count);
774 value = kmem_alloc(size, KM_SLEEP);
775
776 error = zpl_acl_to_xattr(acl, value, size);
777 if (error < 0) {
778 kmem_free(value, size);
779 return (error);
780 }
781 }
782
783 error = zpl_xattr_set(ip, name, value, size, 0);
784 if (value)
785 kmem_free(value, size);
786
787 if (!error) {
788 if (acl)
789 zpl_set_cached_acl(ip, type, acl);
790 else
791 zpl_forget_cached_acl(ip, type);
792 }
793
794 return (error);
795}
796
797struct posix_acl *
798zpl_get_acl(struct inode *ip, int type)
799{
800 struct posix_acl *acl;
801 void *value = NULL;
802 char *name;
803 int size;
804
805#ifdef HAVE_POSIX_ACL_CACHING
806 acl = get_cached_acl(ip, type);
807 if (acl != ACL_NOT_CACHED)
808 return (acl);
809#endif /* HAVE_POSIX_ACL_CACHING */
810
811 switch (type) {
812 case ACL_TYPE_ACCESS:
813 name = POSIX_ACL_XATTR_ACCESS;
814 break;
815 case ACL_TYPE_DEFAULT:
816 name = POSIX_ACL_XATTR_DEFAULT;
817 break;
818 default:
819 return ERR_PTR(-EINVAL);
820 }
821
822 size = zpl_xattr_get(ip, name, NULL, 0);
823 if (size > 0) {
824 value = kmem_alloc(size, KM_PUSHPAGE);
825 size = zpl_xattr_get(ip, name, value, size);
826 }
827
828 if (size > 0) {
829 acl = zpl_acl_from_xattr(value, size);
830 } else if (size == -ENODATA || size == -ENOSYS) {
831 acl = NULL;
832 } else {
833 acl = ERR_PTR(-EIO);
834 }
835
836 if (size > 0)
837 kmem_free(value, size);
838
839 if (!IS_ERR(acl))
840 zpl_set_cached_acl(ip, type, acl);
841
842 return (acl);
843}
844
845#if !defined(HAVE_GET_ACL)
846static int
847__zpl_check_acl(struct inode *ip, int mask)
848{
849 struct posix_acl *acl;
850 int error;
851
852 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
853 if (IS_ERR(acl))
854 return (PTR_ERR(acl));
855
856 if (acl) {
857 error = posix_acl_permission(ip, acl, mask);
858 zpl_posix_acl_release(acl);
859 return (error);
860 }
861
862 return (-EAGAIN);
863}
864
865#if defined(HAVE_CHECK_ACL_WITH_FLAGS)
866int
867zpl_check_acl(struct inode *ip, int mask, unsigned int flags)
868{
869 return __zpl_check_acl(ip, mask);
870}
871#elif defined(HAVE_CHECK_ACL)
872int
873zpl_check_acl(struct inode *ip, int mask)
874{
875 return __zpl_check_acl(ip , mask);
876}
877#elif defined(HAVE_PERMISSION_WITH_NAMEIDATA)
878int
879zpl_permission(struct inode *ip, int mask, struct nameidata *nd)
880{
881 return generic_permission(ip, mask, __zpl_check_acl);
882}
883#elif defined(HAVE_PERMISSION)
884int
885zpl_permission(struct inode *ip, int mask)
886{
887 return generic_permission(ip, mask, __zpl_check_acl);
888}
889#endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */
890#endif /* !HAVE_GET_ACL */
891
892int
893zpl_init_acl(struct inode *ip, struct inode *dir)
894{
895 struct posix_acl *acl = NULL;
896 int error = 0;
897
898 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
899 return (0);
900
901 if (!S_ISLNK(ip->i_mode)) {
902 if (ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) {
903 acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT);
904 if (IS_ERR(acl))
905 return (PTR_ERR(acl));
906 }
907
908 if (!acl) {
909 ip->i_mode &= ~current_umask();
910 ip->i_ctime = current_fs_time(ITOZSB(ip)->z_sb);
911 mark_inode_dirty(ip);
912 return (0);
913 }
914 }
915
916 if ((ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) && acl) {
917 umode_t mode;
918
919 if (S_ISDIR(ip->i_mode)) {
920 error = zpl_set_acl(ip, ACL_TYPE_DEFAULT, acl);
921 if (error)
922 goto out;
923 }
924
925 mode = ip->i_mode;
926 error = posix_acl_create(&acl,GFP_KERNEL, &mode);
927 if (error >= 0) {
928 ip->i_mode = mode;
929 mark_inode_dirty(ip);
930 if (error > 0)
931 error = zpl_set_acl(ip, ACL_TYPE_ACCESS, acl);
932 }
933 }
934out:
935 zpl_posix_acl_release(acl);
936
937 return (error);
938}
939
940int
941zpl_chmod_acl(struct inode *ip)
942{
943 struct posix_acl *acl;
944 int error;
945
946 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
947 return (0);
948
949 if (S_ISLNK(ip->i_mode))
950 return (-EOPNOTSUPP);
951
952 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
953 if (IS_ERR(acl) || !acl)
954 return (PTR_ERR(acl));
955
956 error = posix_acl_chmod(&acl,GFP_KERNEL, ip->i_mode);
957 if (!error)
958 error = zpl_set_acl(ip,ACL_TYPE_ACCESS, acl);
959
960 zpl_posix_acl_release(acl);
961
962 return (error);
963}
964
965static size_t
966zpl_xattr_acl_list(struct inode *ip, char *list, size_t list_size,
967 const char *name, size_t name_len, int type)
968{
969 char *xattr_name;
970 size_t xattr_size;
971
972 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
973 return (0);
974
975 switch (type) {
976 case ACL_TYPE_ACCESS:
977 xattr_name = POSIX_ACL_XATTR_ACCESS;
978 xattr_size = sizeof(xattr_name);
979 break;
980 case ACL_TYPE_DEFAULT:
981 xattr_name = POSIX_ACL_XATTR_DEFAULT;
982 xattr_size = sizeof(xattr_name);
983 break;
984 default:
985 return (0);
986 }
987
988 if (list && xattr_size <= list_size)
989 memcpy(list, xattr_name, xattr_size);
990
991 return (xattr_size);
992}
993
994#ifdef HAVE_DENTRY_XATTR_LIST
995static size_t
996zpl_xattr_acl_list_access(struct dentry *dentry, char *list,
997 size_t list_size, const char *name, size_t name_len, int type)
998{
999 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1000 return zpl_xattr_acl_list(dentry->d_inode,
1001 list, list_size, name, name_len, type);
1002}
1003
1004static size_t
1005zpl_xattr_acl_list_default(struct dentry *dentry, char *list,
1006 size_t list_size, const char *name, size_t name_len, int type)
1007{
1008 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1009 return zpl_xattr_acl_list(dentry->d_inode,
1010 list, list_size, name, name_len, type);
1011}
1012
1013#else
1014
1015static size_t
1016zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1017 const char *name, size_t name_len)
1018{
1019 return zpl_xattr_acl_list(ip,
1020 list, list_size, name, name_len, ACL_TYPE_ACCESS);
1021}
1022
1023static size_t
1024zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1025 const char *name, size_t name_len)
1026{
1027 return zpl_xattr_acl_list(ip,
1028 list, list_size, name, name_len, ACL_TYPE_DEFAULT);
1029}
1030#endif /* HAVE_DENTRY_XATTR_LIST */
1031
1032static int
1033zpl_xattr_acl_get(struct inode *ip, const char *name,
1034 void *buffer, size_t size, int type)
1035{
1036 struct posix_acl *acl;
1037 int error;
1038
1039 if (strcmp(name, "") != 0)
1040 return (-EINVAL);
1041
1042 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1043 return (-EOPNOTSUPP);
1044
1045 acl = zpl_get_acl(ip, type);
1046 if (IS_ERR(acl))
1047 return (PTR_ERR(acl));
1048 if (acl == NULL)
1049 return (-ENODATA);
1050
1051 error = zpl_acl_to_xattr(acl, buffer, size);
1052 zpl_posix_acl_release(acl);
1053
1054 return (error);
1055}
1056
1057#ifdef HAVE_DENTRY_XATTR_GET
1058static int
1059zpl_xattr_acl_get_access(struct dentry *dentry, const char *name,
1060 void *buffer, size_t size, int type)
1061{
1062 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1063 return zpl_xattr_acl_get(dentry->d_inode, name, buffer, size, type);
1064}
1065
1066static int
1067zpl_xattr_acl_get_default(struct dentry *dentry, const char *name,
1068 void *buffer, size_t size, int type)
1069{
1070 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1071 return zpl_xattr_acl_get(dentry->d_inode, name, buffer, size, type);
1072}
1073
1074#else
1075
1076static int
1077zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1078 void *buffer, size_t size)
1079{
1080 return zpl_xattr_acl_get(ip, name, buffer, size, ACL_TYPE_ACCESS);
1081}
1082
1083static int
1084zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1085 void *buffer, size_t size)
1086{
1087 return zpl_xattr_acl_get(ip, name, buffer, size, ACL_TYPE_DEFAULT);
1088}
1089#endif /* HAVE_DENTRY_XATTR_GET */
1090
1091static int
1092zpl_xattr_acl_set(struct inode *ip, const char *name,
1093 const void *value, size_t size, int flags, int type)
1094{
1095 struct posix_acl *acl;
1096 int error = 0;
1097
1098 if (strcmp(name, "") != 0)
1099 return (-EINVAL);
1100
1101 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1102 return (-EOPNOTSUPP);
1103
1104 if (!zpl_inode_owner_or_capable(ip))
1105 return (-EPERM);
1106
1107 if (value) {
1108 acl = zpl_acl_from_xattr(value, size);
1109 if (IS_ERR(acl))
1110 return (PTR_ERR(acl));
1111 else if (acl) {
1112 error = posix_acl_valid(acl);
1113 if (error) {
1114 zpl_posix_acl_release(acl);
1115 return (error);
1116 }
1117 }
1118 } else {
1119 acl = NULL;
1120 }
1121
1122 error = zpl_set_acl(ip, type, acl);
1123 zpl_posix_acl_release(acl);
1124
1125 return (error);
1126}
1127
1128#ifdef HAVE_DENTRY_XATTR_SET
1129static int
1130zpl_xattr_acl_set_access(struct dentry *dentry, const char *name,
1131 const void *value, size_t size, int flags, int type)
1132{
1133 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1134 return zpl_xattr_acl_set(dentry->d_inode,
1135 name, value, size, flags, type);
1136}
1137
1138static int
1139zpl_xattr_acl_set_default(struct dentry *dentry, const char *name,
1140 const void *value, size_t size,int flags, int type)
1141{
1142 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1143 return zpl_xattr_acl_set(dentry->d_inode,
1144 name, value, size, flags, type);
1145}
1146
1147#else
1148
1149static int
1150zpl_xattr_acl_set_access(struct inode *ip, const char *name,
1151 const void *value, size_t size, int flags)
1152{
1153 return zpl_xattr_acl_set(ip,
1154 name, value, size, flags, ACL_TYPE_ACCESS);
1155}
1156
1157static int
1158zpl_xattr_acl_set_default(struct inode *ip, const char *name,
1159 const void *value, size_t size, int flags)
1160{
1161 return zpl_xattr_acl_set(ip,
1162 name, value, size, flags, ACL_TYPE_DEFAULT);
1163}
1164#endif /* HAVE_DENTRY_XATTR_SET */
1165
1166struct xattr_handler zpl_xattr_acl_access_handler =
1167{
1168 .prefix = POSIX_ACL_XATTR_ACCESS,
1169 .list = zpl_xattr_acl_list_access,
1170 .get = zpl_xattr_acl_get_access,
1171 .set = zpl_xattr_acl_set_access,
1172#ifdef HAVE_DENTRY_XATTR_LIST
1173 .flags = ACL_TYPE_ACCESS,
1174#endif /* HAVE_DENTRY_XATTR_LIST */
1175};
1176
1177struct xattr_handler zpl_xattr_acl_default_handler =
1178{
1179 .prefix = POSIX_ACL_XATTR_DEFAULT,
1180 .list = zpl_xattr_acl_list_default,
1181 .get = zpl_xattr_acl_get_default,
1182 .set = zpl_xattr_acl_set_default,
1183#ifdef HAVE_DENTRY_XATTR_LIST
1184 .flags = ACL_TYPE_DEFAULT,
1185#endif /* HAVE_DENTRY_XATTR_LIST */
1186};
1187
b695c34e
MM		 1188#endif /* CONFIG_FS_POSIX_ACL */
1189
777d4af8 1190xattr_handler_t *zpl_xattr_handlers[] = {
cc5f931c
BB		 1191 &zpl_xattr_security_handler,
1192 &zpl_xattr_trusted_handler,
1193 &zpl_xattr_user_handler,
b695c34e 1194#ifdef CONFIG_FS_POSIX_ACL
cc5f931c 1195 &zpl_xattr_acl_access_handler,
96b91ef0 1196 &zpl_xattr_acl_default_handler,
b695c34e 1197#endif /* CONFIG_FS_POSIX_ACL */
77a405ae 1198 NULL
cc5f931c 1199};
ZFS On Linux mirror for PVE