]> git.proxmox.com Git - mirror_zfs.git/blob - module/zfs/zpl_xattr.c
projects / mirror_zfs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Change KM_PUSHPAGE -> KM_SLEEP
[mirror_zfs.git] / module / zfs / zpl_xattr.c
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
23 *
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
35 *
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
40 * following namespace prefixes:
41 *
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
46 *
47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
52 *
53 * The Linux xattr implemenation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
60 *
61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
66 *
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
71 *
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
78 */
79
80 #include <sys/zfs_vfsops.h>
81 #include <sys/zfs_vnops.h>
82 #include <sys/zfs_znode.h>
83 #include <sys/zap.h>
84 #include <sys/vfs.h>
85 #include <sys/zpl.h>
86
87 typedef struct xattr_filldir {
88 size_t size;
89 size_t offset;
90 char *buf;
91 struct inode *inode;
92 } xattr_filldir_t;
93
94 static int
95 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
96 {
97 if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) == 0)
98 if (!(ITOZSB(xf->inode)->z_flags & ZSB_XATTR))
99 return (0);
100
101 if (strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) == 0)
102 if (!capable(CAP_SYS_ADMIN))
103 return (0);
104
105 /* When xf->buf is NULL only calculate the required size. */
106 if (xf->buf) {
107 if (xf->offset + name_len + 1 > xf->size)
108 return (-ERANGE);
109
110 memcpy(xf->buf + xf->offset, name, name_len);
111 xf->buf[xf->offset + name_len] = '\0';
112 }
113
114 xf->offset += (name_len + 1);
115
116 return (0);
117 }
118
119 /*
120 * Read as many directory entry names as will fit in to the provided buffer,
121 * or when no buffer is provided calculate the required buffer size.
122 */
123 int
124 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
125 {
126 zap_cursor_t zc;
127 zap_attribute_t zap;
128 int error;
129
130 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
131
132 while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) {
133
134 if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
135 error = -ENXIO;
136 break;
137 }
138
139 error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name));
140 if (error)
141 break;
142
143 zap_cursor_advance(&zc);
144 }
145
146 zap_cursor_fini(&zc);
147
148 if (error == -ENOENT)
149 error = 0;
150
151 return (error);
152 }
153
154 static ssize_t
155 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
156 {
157 struct inode *ip = xf->inode;
158 struct inode *dxip = NULL;
159 int error;
160
161 /* Lookup the xattr directory */
162 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
163 if (error) {
164 if (error == -ENOENT)
165 error = 0;
166
167 return (error);
168 }
169
170 error = zpl_xattr_readdir(dxip, xf);
171 iput(dxip);
172
173 return (error);
174 }
175
176 static ssize_t
177 zpl_xattr_list_sa(xattr_filldir_t *xf)
178 {
179 znode_t *zp = ITOZ(xf->inode);
180 nvpair_t *nvp = NULL;
181 int error = 0;
182
183 mutex_enter(&zp->z_lock);
184 if (zp->z_xattr_cached == NULL)
185 error = -zfs_sa_get_xattr(zp);
186 mutex_exit(&zp->z_lock);
187
188 if (error)
189 return (error);
190
191 ASSERT(zp->z_xattr_cached);
192
193 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
194 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
195
196 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
197 strlen(nvpair_name(nvp)));
198 if (error)
199 return (error);
200 }
201
202 return (0);
203 }
204
205 ssize_t
206 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
207 {
208 znode_t *zp = ITOZ(dentry->d_inode);
209 zfs_sb_t *zsb = ZTOZSB(zp);
210 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry->d_inode };
211 cred_t *cr = CRED();
212 int error = 0;
213
214 crhold(cr);
215 rw_enter(&zp->z_xattr_lock, RW_READER);
216
217 if (zsb->z_use_sa && zp->z_is_sa) {
218 error = zpl_xattr_list_sa(&xf);
219 if (error)
220 goto out;
221 }
222
223 error = zpl_xattr_list_dir(&xf, cr);
224 if (error)
225 goto out;
226
227 error = xf.offset;
228 out:
229
230 rw_exit(&zp->z_xattr_lock);
231 crfree(cr);
232
233 return (error);
234 }
235
236 static int
237 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
238 size_t size, cred_t *cr)
239 {
240 struct inode *dxip = NULL;
241 struct inode *xip = NULL;
242 loff_t pos = 0;
243 int error;
244
245 /* Lookup the xattr directory */
246 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
247 if (error)
248 goto out;
249
250 /* Lookup a specific xattr name in the directory */
251 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
252 if (error)
253 goto out;
254
255 if (!size) {
256 error = i_size_read(xip);
257 goto out;
258 }
259
260 if (size < i_size_read(xip)) {
261 error = -ERANGE;
262 goto out;
263 }
264
265 error = zpl_read_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr);
266 out:
267 if (xip)
268 iput(xip);
269
270 if (dxip)
271 iput(dxip);
272
273 return (error);
274 }
275
276 static int
277 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
278 {
279 znode_t *zp = ITOZ(ip);
280 uchar_t *nv_value;
281 uint_t nv_size;
282 int error = 0;
283
284 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
285
286 mutex_enter(&zp->z_lock);
287 if (zp->z_xattr_cached == NULL)
288 error = -zfs_sa_get_xattr(zp);
289 mutex_exit(&zp->z_lock);
290
291 if (error)
292 return (error);
293
294 ASSERT(zp->z_xattr_cached);
295 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
296 &nv_value, &nv_size);
297 if (error)
298 return (error);
299
300 if (!size)
301 return (nv_size);
302
303 if (size < nv_size)
304 return (-ERANGE);
305
306 memcpy(value, nv_value, nv_size);
307
308 return (nv_size);
309 }
310
311 static int
312 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
313 cred_t *cr)
314 {
315 znode_t *zp = ITOZ(ip);
316 zfs_sb_t *zsb = ZTOZSB(zp);
317 int error;
318
319 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
320
321 if (zsb->z_use_sa && zp->z_is_sa) {
322 error = zpl_xattr_get_sa(ip, name, value, size);
323 if (error != -ENOENT)
324 goto out;
325 }
326
327 error = zpl_xattr_get_dir(ip, name, value, size, cr);
328 out:
329 if (error == -ENOENT)
330 error = -ENODATA;
331
332 return (error);
333 }
334
335 static int
336 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
337 {
338 znode_t *zp = ITOZ(ip);
339 cred_t *cr = CRED();
340 int error;
341
342 crhold(cr);
343 rw_enter(&zp->z_xattr_lock, RW_READER);
344 error = __zpl_xattr_get(ip, name, value, size, cr);
345 rw_exit(&zp->z_xattr_lock);
346 crfree(cr);
347
348 return (error);
349 }
350
351 static int
352 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
353 size_t size, int flags, cred_t *cr)
354 {
355 struct inode *dxip = NULL;
356 struct inode *xip = NULL;
357 vattr_t *vap = NULL;
358 ssize_t wrote;
359 int lookup_flags, error;
360 const int xattr_mode = S_IFREG | 0644;
361 loff_t pos = 0;
362
363 /*
364 * Lookup the xattr directory. When we're adding an entry pass
365 * CREATE_XATTR_DIR to ensure the xattr directory is created.
366 * When removing an entry this flag is not passed to avoid
367 * unnecessarily creating a new xattr directory.
368 */
369 lookup_flags = LOOKUP_XATTR;
370 if (value != NULL)
371 lookup_flags |= CREATE_XATTR_DIR;
372
373 error = -zfs_lookup(ip, NULL, &dxip, lookup_flags, cr, NULL, NULL);
374 if (error)
375 goto out;
376
377 /* Lookup a specific xattr name in the directory */
378 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
379 if (error && (error != -ENOENT))
380 goto out;
381
382 error = 0;
383
384 /* Remove a specific name xattr when value is set to NULL. */
385 if (value == NULL) {
386 if (xip)
387 error = -zfs_remove(dxip, (char *)name, cr);
388
389 goto out;
390 }
391
392 /* Lookup failed create a new xattr. */
393 if (xip == NULL) {
394 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
395 vap->va_mode = xattr_mode;
396 vap->va_mask = ATTR_MODE;
397 vap->va_uid = crgetfsuid(cr);
398 vap->va_gid = crgetfsgid(cr);
399
400 error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip,
401 cr, 0, NULL);
402 if (error)
403 goto out;
404 }
405
406 ASSERT(xip != NULL);
407
408 error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE);
409 if (error)
410 goto out;
411
412 wrote = zpl_write_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr);
413 if (wrote < 0)
414 error = wrote;
415
416 out:
417 if (vap)
418 kmem_free(vap, sizeof (vattr_t));
419
420 if (xip)
421 iput(xip);
422
423 if (dxip)
424 iput(dxip);
425
426 if (error == -ENOENT)
427 error = -ENODATA;
428
429 ASSERT3S(error, <=, 0);
430
431 return (error);
432 }
433
434 static int
435 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
436 size_t size, int flags, cred_t *cr)
437 {
438 znode_t *zp = ITOZ(ip);
439 nvlist_t *nvl;
440 size_t sa_size;
441 int error;
442
443 ASSERT(zp->z_xattr_cached);
444 nvl = zp->z_xattr_cached;
445
446 if (value == NULL) {
447 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
448 if (error == -ENOENT)
449 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
450 } else {
451 /* Limited to 32k to keep nvpair memory allocations small */
452 if (size > DXATTR_MAX_ENTRY_SIZE)
453 return (-EFBIG);
454
455 /* Prevent the DXATTR SA from consuming the entire SA region */
456 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
457 if (error)
458 return (error);
459
460 if (sa_size > DXATTR_MAX_SA_SIZE)
461 return (-EFBIG);
462
463 error = -nvlist_add_byte_array(nvl, name,
464 (uchar_t *)value, size);
465 if (error)
466 return (error);
467 }
468
469 /* Update the SA for additions, modifications, and removals. */
470 if (!error)
471 error = -zfs_sa_set_xattr(zp);
472
473 ASSERT3S(error, <=, 0);
474
475 return (error);
476 }
477
478 static int
479 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
480 size_t size, int flags)
481 {
482 znode_t *zp = ITOZ(ip);
483 zfs_sb_t *zsb = ZTOZSB(zp);
484 cred_t *cr = CRED();
485 int error;
486
487 crhold(cr);
488 rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER);
489
490 /*
491 * Before setting the xattr check to see if it already exists.
492 * This is done to ensure the following optional flags are honored.
493 *
494 * XATTR_CREATE: fail if xattr already exists
495 * XATTR_REPLACE: fail if xattr does not exist
496 */
497 error = __zpl_xattr_get(ip, name, NULL, 0, cr);
498 if (error < 0) {
499 if (error != -ENODATA)
500 goto out;
501
502 if (flags & XATTR_REPLACE)
503 goto out;
504
505 /* The xattr to be removed already doesn't exist */
506 error = 0;
507 if (value == NULL)
508 goto out;
509 } else {
510 error = -EEXIST;
511 if (flags & XATTR_CREATE)
512 goto out;
513 }
514
515 /* Preferentially store the xattr as a SA for better performance */
516 if (zsb->z_use_sa && zsb->z_xattr_sa && zp->z_is_sa) {
517 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
518 if (error == 0)
519 goto out;
520 }
521
522 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
523 out:
524 rw_exit(&ITOZ(ip)->z_xattr_lock);
525 crfree(cr);
526 ASSERT3S(error, <=, 0);
527
528 return (error);
529 }
530
531 static int
532 __zpl_xattr_user_get(struct inode *ip, const char *name,
533 void *value, size_t size)
534 {
535 char *xattr_name;
536 int error;
537
538 if (strcmp(name, "") == 0)
539 return (-EINVAL);
540
541 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
542 return (-EOPNOTSUPP);
543
544 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
545 error = zpl_xattr_get(ip, xattr_name, value, size);
546 strfree(xattr_name);
547
548 return (error);
549 }
550 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
551
552 static int
553 __zpl_xattr_user_set(struct inode *ip, const char *name,
554 const void *value, size_t size, int flags)
555 {
556 char *xattr_name;
557 int error;
558
559 if (strcmp(name, "") == 0)
560 return (-EINVAL);
561
562 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
563 return (-EOPNOTSUPP);
564
565 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
566 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
567 strfree(xattr_name);
568
569 return (error);
570 }
571 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
572
573 xattr_handler_t zpl_xattr_user_handler = {
574 .prefix = XATTR_USER_PREFIX,
575 .get = zpl_xattr_user_get,
576 .set = zpl_xattr_user_set,
577 };
578
579 static int
580 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
581 void *value, size_t size)
582 {
583 char *xattr_name;
584 int error;
585
586 if (!capable(CAP_SYS_ADMIN))
587 return (-EACCES);
588
589 if (strcmp(name, "") == 0)
590 return (-EINVAL);
591
592 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
593 error = zpl_xattr_get(ip, xattr_name, value, size);
594 strfree(xattr_name);
595
596 return (error);
597 }
598 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
599
600 static int
601 __zpl_xattr_trusted_set(struct inode *ip, const char *name,
602 const void *value, size_t size, int flags)
603 {
604 char *xattr_name;
605 int error;
606
607 if (!capable(CAP_SYS_ADMIN))
608 return (-EACCES);
609
610 if (strcmp(name, "") == 0)
611 return (-EINVAL);
612
613 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
614 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
615 strfree(xattr_name);
616
617 return (error);
618 }
619 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
620
621 xattr_handler_t zpl_xattr_trusted_handler = {
622 .prefix = XATTR_TRUSTED_PREFIX,
623 .get = zpl_xattr_trusted_get,
624 .set = zpl_xattr_trusted_set,
625 };
626
627 static int
628 __zpl_xattr_security_get(struct inode *ip, const char *name,
629 void *value, size_t size)
630 {
631 char *xattr_name;
632 int error;
633
634 if (strcmp(name, "") == 0)
635 return (-EINVAL);
636
637 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
638 error = zpl_xattr_get(ip, xattr_name, value, size);
639 strfree(xattr_name);
640
641 return (error);
642 }
643 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
644
645 static int
646 __zpl_xattr_security_set(struct inode *ip, const char *name,
647 const void *value, size_t size, int flags)
648 {
649 char *xattr_name;
650 int error;
651
652 if (strcmp(name, "") == 0)
653 return (-EINVAL);
654
655 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
656 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
657 strfree(xattr_name);
658
659 return (error);
660 }
661 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
662
663 #ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY
664 static int
665 __zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs,
666 void *fs_info)
667 {
668 const struct xattr *xattr;
669 int error = 0;
670
671 for (xattr = xattrs; xattr->name != NULL; xattr++) {
672 error = __zpl_xattr_security_set(ip,
673 xattr->name, xattr->value, xattr->value_len, 0);
674
675 if (error < 0)
676 break;
677 }
678
679 return (error);
680 }
681
682 int
683 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
684 const struct qstr *qstr)
685 {
686 return security_inode_init_security(ip, dip, qstr,
687 &__zpl_xattr_security_init, NULL);
688 }
689
690 #else
691 int
692 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
693 const struct qstr *qstr)
694 {
695 int error;
696 size_t len;
697 void *value;
698 char *name;
699
700 error = zpl_security_inode_init_security(ip, dip, qstr,
701 &name, &value, &len);
702 if (error) {
703 if (error == -EOPNOTSUPP)
704 return (0);
705
706 return (error);
707 }
708
709 error = __zpl_xattr_security_set(ip, name, value, len, 0);
710
711 kfree(name);
712 kfree(value);
713
714 return (error);
715 }
716 #endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */
717
718 xattr_handler_t zpl_xattr_security_handler = {
719 .prefix = XATTR_SECURITY_PREFIX,
720 .get = zpl_xattr_security_get,
721 .set = zpl_xattr_security_set,
722 };
723
724 #ifdef CONFIG_FS_POSIX_ACL
725
726 int
727 zpl_set_acl(struct inode *ip, int type, struct posix_acl *acl)
728 {
729 struct super_block *sb = ITOZSB(ip)->z_sb;
730 char *name, *value = NULL;
731 int error = 0;
732 size_t size = 0;
733
734 if (S_ISLNK(ip->i_mode))
735 return (-EOPNOTSUPP);
736
737 switch (type) {
738 case ACL_TYPE_ACCESS:
739 name = POSIX_ACL_XATTR_ACCESS;
740 if (acl) {
741 zpl_equivmode_t mode = ip->i_mode;
742 error = posix_acl_equiv_mode(acl, &mode);
743 if (error < 0) {
744 return (error);
745 } else {
746 /*
747 * The mode bits will have been set by
748 * ->zfs_setattr()->zfs_acl_chmod_setattr()
749 * using the ZFS ACL conversion. If they
750 * differ from the Posix ACL conversion dirty
751 * the inode to write the Posix mode bits.
752 */
753 if (ip->i_mode != mode) {
754 ip->i_mode = mode;
755 ip->i_ctime = current_fs_time(sb);
756 zfs_mark_inode_dirty(ip);
757 }
758
759 if (error == 0)
760 acl = NULL;
761 }
762 }
763 break;
764
765 case ACL_TYPE_DEFAULT:
766 name = POSIX_ACL_XATTR_DEFAULT;
767 if (!S_ISDIR(ip->i_mode))
768 return (acl ? -EACCES : 0);
769 break;
770
771 default:
772 return (-EINVAL);
773 }
774
775 if (acl) {
776 size = posix_acl_xattr_size(acl->a_count);
777 value = kmem_alloc(size, KM_SLEEP);
778
779 error = zpl_acl_to_xattr(acl, value, size);
780 if (error < 0) {
781 kmem_free(value, size);
782 return (error);
783 }
784 }
785
786 error = zpl_xattr_set(ip, name, value, size, 0);
787 if (value)
788 kmem_free(value, size);
789
790 if (!error) {
791 if (acl)
792 zpl_set_cached_acl(ip, type, acl);
793 else
794 zpl_forget_cached_acl(ip, type);
795 }
796
797 return (error);
798 }
799
800 struct posix_acl *
801 zpl_get_acl(struct inode *ip, int type)
802 {
803 struct posix_acl *acl;
804 void *value = NULL;
805 char *name;
806 int size;
807
808 #ifdef HAVE_POSIX_ACL_CACHING
809 acl = get_cached_acl(ip, type);
810 if (acl != ACL_NOT_CACHED)
811 return (acl);
812 #endif /* HAVE_POSIX_ACL_CACHING */
813
814 switch (type) {
815 case ACL_TYPE_ACCESS:
816 name = POSIX_ACL_XATTR_ACCESS;
817 break;
818 case ACL_TYPE_DEFAULT:
819 name = POSIX_ACL_XATTR_DEFAULT;
820 break;
821 default:
822 return (ERR_PTR(-EINVAL));
823 }
824
825 size = zpl_xattr_get(ip, name, NULL, 0);
826 if (size > 0) {
827 value = kmem_alloc(size, KM_SLEEP);
828 size = zpl_xattr_get(ip, name, value, size);
829 }
830
831 if (size > 0) {
832 acl = zpl_acl_from_xattr(value, size);
833 } else if (size == -ENODATA || size == -ENOSYS) {
834 acl = NULL;
835 } else {
836 acl = ERR_PTR(-EIO);
837 }
838
839 if (size > 0)
840 kmem_free(value, size);
841
842 if (!IS_ERR(acl))
843 zpl_set_cached_acl(ip, type, acl);
844
845 return (acl);
846 }
847
848 #if !defined(HAVE_GET_ACL)
849 static int
850 __zpl_check_acl(struct inode *ip, int mask)
851 {
852 struct posix_acl *acl;
853 int error;
854
855 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
856 if (IS_ERR(acl))
857 return (PTR_ERR(acl));
858
859 if (acl) {
860 error = posix_acl_permission(ip, acl, mask);
861 zpl_posix_acl_release(acl);
862 return (error);
863 }
864
865 return (-EAGAIN);
866 }
867
868 #if defined(HAVE_CHECK_ACL_WITH_FLAGS)
869 int
870 zpl_check_acl(struct inode *ip, int mask, unsigned int flags)
871 {
872 return (__zpl_check_acl(ip, mask));
873 }
874 #elif defined(HAVE_CHECK_ACL)
875 int
876 zpl_check_acl(struct inode *ip, int mask)
877 {
878 return (__zpl_check_acl(ip, mask));
879 }
880 #elif defined(HAVE_PERMISSION_WITH_NAMEIDATA)
881 int
882 zpl_permission(struct inode *ip, int mask, struct nameidata *nd)
883 {
884 return (generic_permission(ip, mask, __zpl_check_acl));
885 }
886 #elif defined(HAVE_PERMISSION)
887 int
888 zpl_permission(struct inode *ip, int mask)
889 {
890 return (generic_permission(ip, mask, __zpl_check_acl));
891 }
892 #endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */
893 #endif /* !HAVE_GET_ACL */
894
895 int
896 zpl_init_acl(struct inode *ip, struct inode *dir)
897 {
898 struct posix_acl *acl = NULL;
899 int error = 0;
900
901 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
902 return (0);
903
904 if (!S_ISLNK(ip->i_mode)) {
905 if (ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) {
906 acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT);
907 if (IS_ERR(acl))
908 return (PTR_ERR(acl));
909 }
910
911 if (!acl) {
912 ip->i_mode &= ~current_umask();
913 ip->i_ctime = current_fs_time(ITOZSB(ip)->z_sb);
914 zfs_mark_inode_dirty(ip);
915 return (0);
916 }
917 }
918
919 if ((ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) && acl) {
920 umode_t mode;
921
922 if (S_ISDIR(ip->i_mode)) {
923 error = zpl_set_acl(ip, ACL_TYPE_DEFAULT, acl);
924 if (error)
925 goto out;
926 }
927
928 mode = ip->i_mode;
929 error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
930 if (error >= 0) {
931 ip->i_mode = mode;
932 zfs_mark_inode_dirty(ip);
933 if (error > 0)
934 error = zpl_set_acl(ip, ACL_TYPE_ACCESS, acl);
935 }
936 }
937 out:
938 zpl_posix_acl_release(acl);
939
940 return (error);
941 }
942
943 int
944 zpl_chmod_acl(struct inode *ip)
945 {
946 struct posix_acl *acl;
947 int error;
948
949 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
950 return (0);
951
952 if (S_ISLNK(ip->i_mode))
953 return (-EOPNOTSUPP);
954
955 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
956 if (IS_ERR(acl) || !acl)
957 return (PTR_ERR(acl));
958
959 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
960 if (!error)
961 error = zpl_set_acl(ip, ACL_TYPE_ACCESS, acl);
962
963 zpl_posix_acl_release(acl);
964
965 return (error);
966 }
967
968 static size_t
969 zpl_xattr_acl_list(struct inode *ip, char *list, size_t list_size,
970 const char *name, size_t name_len, int type)
971 {
972 char *xattr_name;
973 size_t xattr_size;
974
975 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
976 return (0);
977
978 switch (type) {
979 case ACL_TYPE_ACCESS:
980 xattr_name = POSIX_ACL_XATTR_ACCESS;
981 xattr_size = sizeof (xattr_name);
982 break;
983 case ACL_TYPE_DEFAULT:
984 xattr_name = POSIX_ACL_XATTR_DEFAULT;
985 xattr_size = sizeof (xattr_name);
986 break;
987 default:
988 return (0);
989 }
990
991 if (list && xattr_size <= list_size)
992 memcpy(list, xattr_name, xattr_size);
993
994 return (xattr_size);
995 }
996
997 #ifdef HAVE_DENTRY_XATTR_LIST
998 static size_t
999 zpl_xattr_acl_list_access(struct dentry *dentry, char *list,
1000 size_t list_size, const char *name, size_t name_len, int type)
1001 {
1002 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1003 return zpl_xattr_acl_list(dentry->d_inode,
1004 list, list_size, name, name_len, type);
1005 }
1006
1007 static size_t
1008 zpl_xattr_acl_list_default(struct dentry *dentry, char *list,
1009 size_t list_size, const char *name, size_t name_len, int type)
1010 {
1011 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1012 return zpl_xattr_acl_list(dentry->d_inode,
1013 list, list_size, name, name_len, type);
1014 }
1015
1016 #else
1017
1018 static size_t
1019 zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1020 const char *name, size_t name_len)
1021 {
1022 return zpl_xattr_acl_list(ip,
1023 list, list_size, name, name_len, ACL_TYPE_ACCESS);
1024 }
1025
1026 static size_t
1027 zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1028 const char *name, size_t name_len)
1029 {
1030 return zpl_xattr_acl_list(ip,
1031 list, list_size, name, name_len, ACL_TYPE_DEFAULT);
1032 }
1033 #endif /* HAVE_DENTRY_XATTR_LIST */
1034
1035 static int
1036 zpl_xattr_acl_get(struct inode *ip, const char *name,
1037 void *buffer, size_t size, int type)
1038 {
1039 struct posix_acl *acl;
1040 int error;
1041
1042 if (strcmp(name, "") != 0)
1043 return (-EINVAL);
1044
1045 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1046 return (-EOPNOTSUPP);
1047
1048 acl = zpl_get_acl(ip, type);
1049 if (IS_ERR(acl))
1050 return (PTR_ERR(acl));
1051 if (acl == NULL)
1052 return (-ENODATA);
1053
1054 error = zpl_acl_to_xattr(acl, buffer, size);
1055 zpl_posix_acl_release(acl);
1056
1057 return (error);
1058 }
1059
1060 #ifdef HAVE_DENTRY_XATTR_GET
1061 static int
1062 zpl_xattr_acl_get_access(struct dentry *dentry, const char *name,
1063 void *buffer, size_t size, int type)
1064 {
1065 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1066 return (zpl_xattr_acl_get(dentry->d_inode, name, buffer, size, type));
1067 }
1068
1069 static int
1070 zpl_xattr_acl_get_default(struct dentry *dentry, const char *name,
1071 void *buffer, size_t size, int type)
1072 {
1073 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1074 return (zpl_xattr_acl_get(dentry->d_inode, name, buffer, size, type));
1075 }
1076
1077 #else
1078
1079 static int
1080 zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1081 void *buffer, size_t size)
1082 {
1083 return (zpl_xattr_acl_get(ip, name, buffer, size, ACL_TYPE_ACCESS));
1084 }
1085
1086 static int
1087 zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1088 void *buffer, size_t size)
1089 {
1090 return (zpl_xattr_acl_get(ip, name, buffer, size, ACL_TYPE_DEFAULT));
1091 }
1092 #endif /* HAVE_DENTRY_XATTR_GET */
1093
1094 static int
1095 zpl_xattr_acl_set(struct inode *ip, const char *name,
1096 const void *value, size_t size, int flags, int type)
1097 {
1098 struct posix_acl *acl;
1099 int error = 0;
1100
1101 if (strcmp(name, "") != 0)
1102 return (-EINVAL);
1103
1104 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1105 return (-EOPNOTSUPP);
1106
1107 if (!zpl_inode_owner_or_capable(ip))
1108 return (-EPERM);
1109
1110 if (value) {
1111 acl = zpl_acl_from_xattr(value, size);
1112 if (IS_ERR(acl))
1113 return (PTR_ERR(acl));
1114 else if (acl) {
1115 error = posix_acl_valid(acl);
1116 if (error) {
1117 zpl_posix_acl_release(acl);
1118 return (error);
1119 }
1120 }
1121 } else {
1122 acl = NULL;
1123 }
1124
1125 error = zpl_set_acl(ip, type, acl);
1126 zpl_posix_acl_release(acl);
1127
1128 return (error);
1129 }
1130
1131 #ifdef HAVE_DENTRY_XATTR_SET
1132 static int
1133 zpl_xattr_acl_set_access(struct dentry *dentry, const char *name,
1134 const void *value, size_t size, int flags, int type)
1135 {
1136 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1137 return (zpl_xattr_acl_set(dentry->d_inode,
1138 name, value, size, flags, type));
1139 }
1140
1141 static int
1142 zpl_xattr_acl_set_default(struct dentry *dentry, const char *name,
1143 const void *value, size_t size, int flags, int type)
1144 {
1145 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1146 return zpl_xattr_acl_set(dentry->d_inode,
1147 name, value, size, flags, type);
1148 }
1149
1150 #else
1151
1152 static int
1153 zpl_xattr_acl_set_access(struct inode *ip, const char *name,
1154 const void *value, size_t size, int flags)
1155 {
1156 return zpl_xattr_acl_set(ip,
1157 name, value, size, flags, ACL_TYPE_ACCESS);
1158 }
1159
1160 static int
1161 zpl_xattr_acl_set_default(struct inode *ip, const char *name,
1162 const void *value, size_t size, int flags)
1163 {
1164 return zpl_xattr_acl_set(ip,
1165 name, value, size, flags, ACL_TYPE_DEFAULT);
1166 }
1167 #endif /* HAVE_DENTRY_XATTR_SET */
1168
1169 struct xattr_handler zpl_xattr_acl_access_handler =
1170 {
1171 .prefix = POSIX_ACL_XATTR_ACCESS,
1172 .list = zpl_xattr_acl_list_access,
1173 .get = zpl_xattr_acl_get_access,
1174 .set = zpl_xattr_acl_set_access,
1175 #ifdef HAVE_DENTRY_XATTR_LIST
1176 .flags = ACL_TYPE_ACCESS,
1177 #endif /* HAVE_DENTRY_XATTR_LIST */
1178 };
1179
1180 struct xattr_handler zpl_xattr_acl_default_handler =
1181 {
1182 .prefix = POSIX_ACL_XATTR_DEFAULT,
1183 .list = zpl_xattr_acl_list_default,
1184 .get = zpl_xattr_acl_get_default,
1185 .set = zpl_xattr_acl_set_default,
1186 #ifdef HAVE_DENTRY_XATTR_LIST
1187 .flags = ACL_TYPE_DEFAULT,
1188 #endif /* HAVE_DENTRY_XATTR_LIST */
1189 };
1190
1191 #endif /* CONFIG_FS_POSIX_ACL */
1192
1193 xattr_handler_t *zpl_xattr_handlers[] = {
1194 &zpl_xattr_security_handler,
1195 &zpl_xattr_trusted_handler,
1196 &zpl_xattr_user_handler,
1197 #ifdef CONFIG_FS_POSIX_ACL
1198 &zpl_xattr_acl_access_handler,
1199 &zpl_xattr_acl_default_handler,
1200 #endif /* CONFIG_FS_POSIX_ACL */
1201 NULL
1202 };
ZFS On Linux mirror for PVE