4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
40 * following namespace prefixes:
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
53 * The Linux xattr implementation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
80 #include <sys/zfs_vfsops.h>
81 #include <sys/zfs_vnops.h>
82 #include <sys/zfs_znode.h>
87 typedef struct xattr_filldir
{
91 struct dentry
*dentry
;
94 static const struct xattr_handler
*zpl_xattr_handler(const char *);
97 zpl_xattr_permission(xattr_filldir_t
*xf
, const char *name
, int name_len
)
99 static const struct xattr_handler
*handler
;
100 struct dentry
*d
= xf
->dentry
;
102 handler
= zpl_xattr_handler(name
);
107 #if defined(HAVE_XATTR_LIST_SIMPLE)
108 if (!handler
->list(d
))
110 #elif defined(HAVE_XATTR_LIST_DENTRY)
111 if (!handler
->list(d
, NULL
, 0, name
, name_len
, 0))
113 #elif defined(HAVE_XATTR_LIST_HANDLER)
114 if (!handler
->list(handler
, d
, NULL
, 0, name
, name_len
))
116 #elif defined(HAVE_XATTR_LIST_INODE)
117 if (!handler
->list(d
->d_inode
, NULL
, 0, name
, name_len
))
126 * Determine is a given xattr name should be visible and if so copy it
127 * in to the provided buffer (xf->buf).
130 zpl_xattr_filldir(xattr_filldir_t
*xf
, const char *name
, int name_len
)
132 /* Check permissions using the per-namespace list xattr handler. */
133 if (!zpl_xattr_permission(xf
, name
, name_len
))
136 /* When xf->buf is NULL only calculate the required size. */
138 if (xf
->offset
+ name_len
+ 1 > xf
->size
)
141 memcpy(xf
->buf
+ xf
->offset
, name
, name_len
);
142 xf
->buf
[xf
->offset
+ name_len
] = '\0';
145 xf
->offset
+= (name_len
+ 1);
151 * Read as many directory entry names as will fit in to the provided buffer,
152 * or when no buffer is provided calculate the required buffer size.
155 zpl_xattr_readdir(struct inode
*dxip
, xattr_filldir_t
*xf
)
161 zap_cursor_init(&zc
, ITOZSB(dxip
)->z_os
, ITOZ(dxip
)->z_id
);
163 while ((error
= -zap_cursor_retrieve(&zc
, &zap
)) == 0) {
165 if (zap
.za_integer_length
!= 8 || zap
.za_num_integers
!= 1) {
170 error
= zpl_xattr_filldir(xf
, zap
.za_name
, strlen(zap
.za_name
));
174 zap_cursor_advance(&zc
);
177 zap_cursor_fini(&zc
);
179 if (error
== -ENOENT
)
186 zpl_xattr_list_dir(xattr_filldir_t
*xf
, cred_t
*cr
)
188 struct inode
*ip
= xf
->dentry
->d_inode
;
189 struct inode
*dxip
= NULL
;
192 /* Lookup the xattr directory */
193 error
= -zfs_lookup(ip
, NULL
, &dxip
, LOOKUP_XATTR
, cr
, NULL
, NULL
);
195 if (error
== -ENOENT
)
201 error
= zpl_xattr_readdir(dxip
, xf
);
208 zpl_xattr_list_sa(xattr_filldir_t
*xf
)
210 znode_t
*zp
= ITOZ(xf
->dentry
->d_inode
);
211 nvpair_t
*nvp
= NULL
;
214 mutex_enter(&zp
->z_lock
);
215 if (zp
->z_xattr_cached
== NULL
)
216 error
= -zfs_sa_get_xattr(zp
);
217 mutex_exit(&zp
->z_lock
);
222 ASSERT(zp
->z_xattr_cached
);
224 while ((nvp
= nvlist_next_nvpair(zp
->z_xattr_cached
, nvp
)) != NULL
) {
225 ASSERT3U(nvpair_type(nvp
), ==, DATA_TYPE_BYTE_ARRAY
);
227 error
= zpl_xattr_filldir(xf
, nvpair_name(nvp
),
228 strlen(nvpair_name(nvp
)));
237 zpl_xattr_list(struct dentry
*dentry
, char *buffer
, size_t buffer_size
)
239 znode_t
*zp
= ITOZ(dentry
->d_inode
);
240 zfsvfs_t
*zfsvfs
= ZTOZSB(zp
);
241 xattr_filldir_t xf
= { buffer_size
, 0, buffer
, dentry
};
243 fstrans_cookie_t cookie
;
247 cookie
= spl_fstrans_mark();
248 rrm_enter_read(&(zfsvfs
)->z_teardown_lock
, FTAG
);
249 rw_enter(&zp
->z_xattr_lock
, RW_READER
);
251 if (zfsvfs
->z_use_sa
&& zp
->z_is_sa
) {
252 error
= zpl_xattr_list_sa(&xf
);
257 error
= zpl_xattr_list_dir(&xf
, cr
);
264 rw_exit(&zp
->z_xattr_lock
);
265 rrm_exit(&(zfsvfs
)->z_teardown_lock
, FTAG
);
266 spl_fstrans_unmark(cookie
);
273 zpl_xattr_get_dir(struct inode
*ip
, const char *name
, void *value
,
274 size_t size
, cred_t
*cr
)
276 struct inode
*dxip
= NULL
;
277 struct inode
*xip
= NULL
;
281 /* Lookup the xattr directory */
282 error
= -zfs_lookup(ip
, NULL
, &dxip
, LOOKUP_XATTR
, cr
, NULL
, NULL
);
286 /* Lookup a specific xattr name in the directory */
287 error
= -zfs_lookup(dxip
, (char *)name
, &xip
, 0, cr
, NULL
, NULL
);
292 error
= i_size_read(xip
);
296 if (size
< i_size_read(xip
)) {
301 error
= zpl_read_common(xip
, value
, size
, &pos
, UIO_SYSSPACE
, 0, cr
);
313 zpl_xattr_get_sa(struct inode
*ip
, const char *name
, void *value
, size_t size
)
315 znode_t
*zp
= ITOZ(ip
);
320 ASSERT(RW_LOCK_HELD(&zp
->z_xattr_lock
));
322 mutex_enter(&zp
->z_lock
);
323 if (zp
->z_xattr_cached
== NULL
)
324 error
= -zfs_sa_get_xattr(zp
);
325 mutex_exit(&zp
->z_lock
);
330 ASSERT(zp
->z_xattr_cached
);
331 error
= -nvlist_lookup_byte_array(zp
->z_xattr_cached
, name
,
332 &nv_value
, &nv_size
);
336 if (size
== 0 || value
== NULL
)
342 memcpy(value
, nv_value
, nv_size
);
348 __zpl_xattr_get(struct inode
*ip
, const char *name
, void *value
, size_t size
,
351 znode_t
*zp
= ITOZ(ip
);
352 zfsvfs_t
*zfsvfs
= ZTOZSB(zp
);
355 ASSERT(RW_LOCK_HELD(&zp
->z_xattr_lock
));
357 if (zfsvfs
->z_use_sa
&& zp
->z_is_sa
) {
358 error
= zpl_xattr_get_sa(ip
, name
, value
, size
);
359 if (error
!= -ENOENT
)
363 error
= zpl_xattr_get_dir(ip
, name
, value
, size
, cr
);
365 if (error
== -ENOENT
)
371 #define XATTR_NOENT 0x0
372 #define XATTR_IN_SA 0x1
373 #define XATTR_IN_DIR 0x2
374 /* check where the xattr resides */
376 __zpl_xattr_where(struct inode
*ip
, const char *name
, int *where
, cred_t
*cr
)
378 znode_t
*zp
= ITOZ(ip
);
379 zfsvfs_t
*zfsvfs
= ZTOZSB(zp
);
383 ASSERT(RW_LOCK_HELD(&zp
->z_xattr_lock
));
385 *where
= XATTR_NOENT
;
386 if (zfsvfs
->z_use_sa
&& zp
->z_is_sa
) {
387 error
= zpl_xattr_get_sa(ip
, name
, NULL
, 0);
389 *where
|= XATTR_IN_SA
;
390 else if (error
!= -ENOENT
)
394 error
= zpl_xattr_get_dir(ip
, name
, NULL
, 0, cr
);
396 *where
|= XATTR_IN_DIR
;
397 else if (error
!= -ENOENT
)
400 if (*where
== (XATTR_IN_SA
|XATTR_IN_DIR
))
401 cmn_err(CE_WARN
, "ZFS: inode %p has xattr \"%s\""
402 " in both SA and dir", ip
, name
);
403 if (*where
== XATTR_NOENT
)
411 zpl_xattr_get(struct inode
*ip
, const char *name
, void *value
, size_t size
)
413 znode_t
*zp
= ITOZ(ip
);
414 zfsvfs_t
*zfsvfs
= ZTOZSB(zp
);
416 fstrans_cookie_t cookie
;
420 cookie
= spl_fstrans_mark();
421 rrm_enter_read(&(zfsvfs
)->z_teardown_lock
, FTAG
);
422 rw_enter(&zp
->z_xattr_lock
, RW_READER
);
423 error
= __zpl_xattr_get(ip
, name
, value
, size
, cr
);
424 rw_exit(&zp
->z_xattr_lock
);
425 rrm_exit(&(zfsvfs
)->z_teardown_lock
, FTAG
);
426 spl_fstrans_unmark(cookie
);
433 zpl_xattr_set_dir(struct inode
*ip
, const char *name
, const void *value
,
434 size_t size
, int flags
, cred_t
*cr
)
436 struct inode
*dxip
= NULL
;
437 struct inode
*xip
= NULL
;
440 int lookup_flags
, error
;
441 const int xattr_mode
= S_IFREG
| 0644;
445 * Lookup the xattr directory. When we're adding an entry pass
446 * CREATE_XATTR_DIR to ensure the xattr directory is created.
447 * When removing an entry this flag is not passed to avoid
448 * unnecessarily creating a new xattr directory.
450 lookup_flags
= LOOKUP_XATTR
;
452 lookup_flags
|= CREATE_XATTR_DIR
;
454 error
= -zfs_lookup(ip
, NULL
, &dxip
, lookup_flags
, cr
, NULL
, NULL
);
458 /* Lookup a specific xattr name in the directory */
459 error
= -zfs_lookup(dxip
, (char *)name
, &xip
, 0, cr
, NULL
, NULL
);
460 if (error
&& (error
!= -ENOENT
))
465 /* Remove a specific name xattr when value is set to NULL. */
468 error
= -zfs_remove(dxip
, (char *)name
, cr
, 0);
473 /* Lookup failed create a new xattr. */
475 vap
= kmem_zalloc(sizeof (vattr_t
), KM_SLEEP
);
476 vap
->va_mode
= xattr_mode
;
477 vap
->va_mask
= ATTR_MODE
;
478 vap
->va_uid
= crgetfsuid(cr
);
479 vap
->va_gid
= crgetfsgid(cr
);
481 error
= -zfs_create(dxip
, (char *)name
, vap
, 0, 0644, &xip
,
489 error
= -zfs_freesp(ITOZ(xip
), 0, 0, xattr_mode
, TRUE
);
493 wrote
= zpl_write_common(xip
, value
, size
, &pos
, UIO_SYSSPACE
, 0, cr
);
500 ip
->i_ctime
= current_time(ip
);
501 zfs_mark_inode_dirty(ip
);
505 kmem_free(vap
, sizeof (vattr_t
));
513 if (error
== -ENOENT
)
516 ASSERT3S(error
, <=, 0);
522 zpl_xattr_set_sa(struct inode
*ip
, const char *name
, const void *value
,
523 size_t size
, int flags
, cred_t
*cr
)
525 znode_t
*zp
= ITOZ(ip
);
530 mutex_enter(&zp
->z_lock
);
531 if (zp
->z_xattr_cached
== NULL
)
532 error
= -zfs_sa_get_xattr(zp
);
533 mutex_exit(&zp
->z_lock
);
538 ASSERT(zp
->z_xattr_cached
);
539 nvl
= zp
->z_xattr_cached
;
542 error
= -nvlist_remove(nvl
, name
, DATA_TYPE_BYTE_ARRAY
);
543 if (error
== -ENOENT
)
544 error
= zpl_xattr_set_dir(ip
, name
, NULL
, 0, flags
, cr
);
546 /* Limited to 32k to keep nvpair memory allocations small */
547 if (size
> DXATTR_MAX_ENTRY_SIZE
)
550 /* Prevent the DXATTR SA from consuming the entire SA region */
551 error
= -nvlist_size(nvl
, &sa_size
, NV_ENCODE_XDR
);
555 if (sa_size
> DXATTR_MAX_SA_SIZE
)
558 error
= -nvlist_add_byte_array(nvl
, name
,
559 (uchar_t
*)value
, size
);
563 * Update the SA for additions, modifications, and removals. On
564 * error drop the inconsistent cached version of the nvlist, it
565 * will be reconstructed from the ARC when next accessed.
568 error
= -zfs_sa_set_xattr(zp
);
572 zp
->z_xattr_cached
= NULL
;
575 ASSERT3S(error
, <=, 0);
581 zpl_xattr_set(struct inode
*ip
, const char *name
, const void *value
,
582 size_t size
, int flags
)
584 znode_t
*zp
= ITOZ(ip
);
585 zfsvfs_t
*zfsvfs
= ZTOZSB(zp
);
587 fstrans_cookie_t cookie
;
592 cookie
= spl_fstrans_mark();
593 rrm_enter_read(&(zfsvfs
)->z_teardown_lock
, FTAG
);
594 rw_enter(&ITOZ(ip
)->z_xattr_lock
, RW_WRITER
);
597 * Before setting the xattr check to see if it already exists.
598 * This is done to ensure the following optional flags are honored.
600 * XATTR_CREATE: fail if xattr already exists
601 * XATTR_REPLACE: fail if xattr does not exist
603 * We also want to know if it resides in sa or dir, so we can make
604 * sure we don't end up with duplicate in both places.
606 error
= __zpl_xattr_where(ip
, name
, &where
, cr
);
608 if (error
!= -ENODATA
)
610 if (flags
& XATTR_REPLACE
)
613 /* The xattr to be removed already doesn't exist */
619 if (flags
& XATTR_CREATE
)
623 /* Preferentially store the xattr as a SA for better performance */
624 if (zfsvfs
->z_use_sa
&& zp
->z_is_sa
&&
625 (zfsvfs
->z_xattr_sa
|| (value
== NULL
&& where
& XATTR_IN_SA
))) {
626 error
= zpl_xattr_set_sa(ip
, name
, value
, size
, flags
, cr
);
629 * Successfully put into SA, we need to clear the one
632 if (where
& XATTR_IN_DIR
)
633 zpl_xattr_set_dir(ip
, name
, NULL
, 0, 0, cr
);
638 error
= zpl_xattr_set_dir(ip
, name
, value
, size
, flags
, cr
);
640 * Successfully put into dir, we need to clear the one in SA.
642 if (error
== 0 && (where
& XATTR_IN_SA
))
643 zpl_xattr_set_sa(ip
, name
, NULL
, 0, 0, cr
);
645 rw_exit(&ITOZ(ip
)->z_xattr_lock
);
646 rrm_exit(&(zfsvfs
)->z_teardown_lock
, FTAG
);
647 spl_fstrans_unmark(cookie
);
649 ASSERT3S(error
, <=, 0);
655 * Extended user attributes
657 * "Extended user attributes may be assigned to files and directories for
658 * storing arbitrary additional information such as the mime type,
659 * character set or encoding of a file. The access permissions for user
660 * attributes are defined by the file permission bits: read permission
661 * is required to retrieve the attribute value, and writer permission is
662 * required to change it.
664 * The file permission bits of regular files and directories are
665 * interpreted differently from the file permission bits of special
666 * files and symbolic links. For regular files and directories the file
667 * permission bits define access to the file's contents, while for
668 * device special files they define access to the device described by
669 * the special file. The file permissions of symbolic links are not
670 * used in access checks. These differences would allow users to
671 * consume filesystem resources in a way not controllable by disk quotas
672 * for group or world writable special files and directories.
674 * For this reason, extended user attributes are allowed only for
675 * regular files and directories, and access to extended user attributes
676 * is restricted to the owner and to users with appropriate capabilities
677 * for directories with the sticky bit set (see the chmod(1) manual page
678 * for an explanation of the sticky bit)." - xattr(7)
680 * ZFS allows extended user attributes to be disabled administratively
681 * by setting the 'xattr=off' property on the dataset.
684 __zpl_xattr_user_list(struct inode
*ip
, char *list
, size_t list_size
,
685 const char *name
, size_t name_len
)
687 return (ITOZSB(ip
)->z_flags
& ZSB_XATTR
);
689 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list
);
692 __zpl_xattr_user_get(struct inode
*ip
, const char *name
,
693 void *value
, size_t size
)
697 /* xattr_resolve_name will do this for us if this is defined */
698 #ifndef HAVE_XATTR_HANDLER_NAME
699 if (strcmp(name
, "") == 0)
702 if (!(ITOZSB(ip
)->z_flags
& ZSB_XATTR
))
703 return (-EOPNOTSUPP
);
705 xattr_name
= kmem_asprintf("%s%s", XATTR_USER_PREFIX
, name
);
706 error
= zpl_xattr_get(ip
, xattr_name
, value
, size
);
711 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get
);
714 __zpl_xattr_user_set(struct inode
*ip
, const char *name
,
715 const void *value
, size_t size
, int flags
)
719 /* xattr_resolve_name will do this for us if this is defined */
720 #ifndef HAVE_XATTR_HANDLER_NAME
721 if (strcmp(name
, "") == 0)
724 if (!(ITOZSB(ip
)->z_flags
& ZSB_XATTR
))
725 return (-EOPNOTSUPP
);
727 xattr_name
= kmem_asprintf("%s%s", XATTR_USER_PREFIX
, name
);
728 error
= zpl_xattr_set(ip
, xattr_name
, value
, size
, flags
);
733 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set
);
735 xattr_handler_t zpl_xattr_user_handler
=
737 .prefix
= XATTR_USER_PREFIX
,
738 .list
= zpl_xattr_user_list
,
739 .get
= zpl_xattr_user_get
,
740 .set
= zpl_xattr_user_set
,
744 * Trusted extended attributes
746 * "Trusted extended attributes are visible and accessible only to
747 * processes that have the CAP_SYS_ADMIN capability. Attributes in this
748 * class are used to implement mechanisms in user space (i.e., outside
749 * the kernel) which keep information in extended attributes to which
750 * ordinary processes should not have access." - xattr(7)
753 __zpl_xattr_trusted_list(struct inode
*ip
, char *list
, size_t list_size
,
754 const char *name
, size_t name_len
)
756 return (capable(CAP_SYS_ADMIN
));
758 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list
);
761 __zpl_xattr_trusted_get(struct inode
*ip
, const char *name
,
762 void *value
, size_t size
)
767 if (!capable(CAP_SYS_ADMIN
))
769 /* xattr_resolve_name will do this for us if this is defined */
770 #ifndef HAVE_XATTR_HANDLER_NAME
771 if (strcmp(name
, "") == 0)
774 xattr_name
= kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX
, name
);
775 error
= zpl_xattr_get(ip
, xattr_name
, value
, size
);
780 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get
);
783 __zpl_xattr_trusted_set(struct inode
*ip
, const char *name
,
784 const void *value
, size_t size
, int flags
)
789 if (!capable(CAP_SYS_ADMIN
))
791 /* xattr_resolve_name will do this for us if this is defined */
792 #ifndef HAVE_XATTR_HANDLER_NAME
793 if (strcmp(name
, "") == 0)
796 xattr_name
= kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX
, name
);
797 error
= zpl_xattr_set(ip
, xattr_name
, value
, size
, flags
);
802 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set
);
804 xattr_handler_t zpl_xattr_trusted_handler
=
806 .prefix
= XATTR_TRUSTED_PREFIX
,
807 .list
= zpl_xattr_trusted_list
,
808 .get
= zpl_xattr_trusted_get
,
809 .set
= zpl_xattr_trusted_set
,
813 * Extended security attributes
815 * "The security attribute namespace is used by kernel security modules,
816 * such as Security Enhanced Linux, and also to implement file
817 * capabilities (see capabilities(7)). Read and write access
818 * permissions to security attributes depend on the policy implemented
819 * for each security attribute by the security module. When no security
820 * module is loaded, all processes have read access to extended security
821 * attributes, and write access is limited to processes that have the
822 * CAP_SYS_ADMIN capability." - xattr(7)
825 __zpl_xattr_security_list(struct inode
*ip
, char *list
, size_t list_size
,
826 const char *name
, size_t name_len
)
830 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list
);
833 __zpl_xattr_security_get(struct inode
*ip
, const char *name
,
834 void *value
, size_t size
)
838 /* xattr_resolve_name will do this for us if this is defined */
839 #ifndef HAVE_XATTR_HANDLER_NAME
840 if (strcmp(name
, "") == 0)
843 xattr_name
= kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX
, name
);
844 error
= zpl_xattr_get(ip
, xattr_name
, value
, size
);
849 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get
);
852 __zpl_xattr_security_set(struct inode
*ip
, const char *name
,
853 const void *value
, size_t size
, int flags
)
857 /* xattr_resolve_name will do this for us if this is defined */
858 #ifndef HAVE_XATTR_HANDLER_NAME
859 if (strcmp(name
, "") == 0)
862 xattr_name
= kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX
, name
);
863 error
= zpl_xattr_set(ip
, xattr_name
, value
, size
, flags
);
868 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set
);
870 #ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY
872 __zpl_xattr_security_init(struct inode
*ip
, const struct xattr
*xattrs
,
875 const struct xattr
*xattr
;
878 for (xattr
= xattrs
; xattr
->name
!= NULL
; xattr
++) {
879 error
= __zpl_xattr_security_set(ip
,
880 xattr
->name
, xattr
->value
, xattr
->value_len
, 0);
890 zpl_xattr_security_init(struct inode
*ip
, struct inode
*dip
,
891 const struct qstr
*qstr
)
893 return security_inode_init_security(ip
, dip
, qstr
,
894 &__zpl_xattr_security_init
, NULL
);
899 zpl_xattr_security_init(struct inode
*ip
, struct inode
*dip
,
900 const struct qstr
*qstr
)
907 error
= zpl_security_inode_init_security(ip
, dip
, qstr
,
908 &name
, &value
, &len
);
910 if (error
== -EOPNOTSUPP
)
916 error
= __zpl_xattr_security_set(ip
, name
, value
, len
, 0);
923 #endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */
926 * Security xattr namespace handlers.
928 xattr_handler_t zpl_xattr_security_handler
= {
929 .prefix
= XATTR_SECURITY_PREFIX
,
930 .list
= zpl_xattr_security_list
,
931 .get
= zpl_xattr_security_get
,
932 .set
= zpl_xattr_security_set
,
936 * Extended system attributes
938 * "Extended system attributes are used by the kernel to store system
939 * objects such as Access Control Lists. Read and write access permissions
940 * to system attributes depend on the policy implemented for each system
941 * attribute implemented by filesystems in the kernel." - xattr(7)
943 #ifdef CONFIG_FS_POSIX_ACL
945 zpl_set_acl(struct inode
*ip
, struct posix_acl
*acl
, int type
)
947 char *name
, *value
= NULL
;
951 if (S_ISLNK(ip
->i_mode
))
952 return (-EOPNOTSUPP
);
955 case ACL_TYPE_ACCESS
:
956 name
= XATTR_NAME_POSIX_ACL_ACCESS
;
958 zpl_equivmode_t mode
= ip
->i_mode
;
959 error
= posix_acl_equiv_mode(acl
, &mode
);
964 * The mode bits will have been set by
965 * ->zfs_setattr()->zfs_acl_chmod_setattr()
966 * using the ZFS ACL conversion. If they
967 * differ from the Posix ACL conversion dirty
968 * the inode to write the Posix mode bits.
970 if (ip
->i_mode
!= mode
) {
972 ip
->i_ctime
= current_time(ip
);
973 zfs_mark_inode_dirty(ip
);
982 case ACL_TYPE_DEFAULT
:
983 name
= XATTR_NAME_POSIX_ACL_DEFAULT
;
984 if (!S_ISDIR(ip
->i_mode
))
985 return (acl
? -EACCES
: 0);
993 size
= posix_acl_xattr_size(acl
->a_count
);
994 value
= kmem_alloc(size
, KM_SLEEP
);
996 error
= zpl_acl_to_xattr(acl
, value
, size
);
998 kmem_free(value
, size
);
1003 error
= zpl_xattr_set(ip
, name
, value
, size
, 0);
1005 kmem_free(value
, size
);
1009 zpl_set_cached_acl(ip
, type
, acl
);
1011 zpl_forget_cached_acl(ip
, type
);
1018 zpl_get_acl(struct inode
*ip
, int type
)
1020 struct posix_acl
*acl
;
1026 * As of Linux 3.14, the kernel get_acl will check this for us.
1027 * Also as of Linux 4.7, comparing against ACL_NOT_CACHED is wrong
1028 * as the kernel get_acl will set it to temporary sentinel value.
1030 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1031 acl
= get_cached_acl(ip
, type
);
1032 if (acl
!= ACL_NOT_CACHED
)
1037 case ACL_TYPE_ACCESS
:
1038 name
= XATTR_NAME_POSIX_ACL_ACCESS
;
1040 case ACL_TYPE_DEFAULT
:
1041 name
= XATTR_NAME_POSIX_ACL_DEFAULT
;
1044 return (ERR_PTR(-EINVAL
));
1047 size
= zpl_xattr_get(ip
, name
, NULL
, 0);
1049 value
= kmem_alloc(size
, KM_SLEEP
);
1050 size
= zpl_xattr_get(ip
, name
, value
, size
);
1054 acl
= zpl_acl_from_xattr(value
, size
);
1055 } else if (size
== -ENODATA
|| size
== -ENOSYS
) {
1058 acl
= ERR_PTR(-EIO
);
1062 kmem_free(value
, size
);
1064 /* As of Linux 4.7, the kernel get_acl will set this for us */
1065 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1067 zpl_set_cached_acl(ip
, type
, acl
);
1073 #if !defined(HAVE_GET_ACL)
1075 __zpl_check_acl(struct inode
*ip
, int mask
)
1077 struct posix_acl
*acl
;
1080 acl
= zpl_get_acl(ip
, ACL_TYPE_ACCESS
);
1082 return (PTR_ERR(acl
));
1085 error
= posix_acl_permission(ip
, acl
, mask
);
1086 zpl_posix_acl_release(acl
);
1093 #if defined(HAVE_CHECK_ACL_WITH_FLAGS)
1095 zpl_check_acl(struct inode
*ip
, int mask
, unsigned int flags
)
1097 return (__zpl_check_acl(ip
, mask
));
1099 #elif defined(HAVE_CHECK_ACL)
1101 zpl_check_acl(struct inode
*ip
, int mask
)
1103 return (__zpl_check_acl(ip
, mask
));
1105 #elif defined(HAVE_PERMISSION_WITH_NAMEIDATA)
1107 zpl_permission(struct inode
*ip
, int mask
, struct nameidata
*nd
)
1109 return (generic_permission(ip
, mask
, __zpl_check_acl
));
1111 #elif defined(HAVE_PERMISSION)
1113 zpl_permission(struct inode
*ip
, int mask
)
1115 return (generic_permission(ip
, mask
, __zpl_check_acl
));
1117 #endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */
1118 #endif /* !HAVE_GET_ACL */
1121 zpl_init_acl(struct inode
*ip
, struct inode
*dir
)
1123 struct posix_acl
*acl
= NULL
;
1126 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1129 if (!S_ISLNK(ip
->i_mode
)) {
1130 if (ITOZSB(ip
)->z_acl_type
== ZFS_ACLTYPE_POSIXACL
) {
1131 acl
= zpl_get_acl(dir
, ACL_TYPE_DEFAULT
);
1133 return (PTR_ERR(acl
));
1137 ip
->i_mode
&= ~current_umask();
1138 ip
->i_ctime
= current_time(ip
);
1139 zfs_mark_inode_dirty(ip
);
1144 if ((ITOZSB(ip
)->z_acl_type
== ZFS_ACLTYPE_POSIXACL
) && acl
) {
1147 if (S_ISDIR(ip
->i_mode
)) {
1148 error
= zpl_set_acl(ip
, acl
, ACL_TYPE_DEFAULT
);
1154 error
= __posix_acl_create(&acl
, GFP_KERNEL
, &mode
);
1157 zfs_mark_inode_dirty(ip
);
1159 error
= zpl_set_acl(ip
, acl
, ACL_TYPE_ACCESS
);
1163 zpl_posix_acl_release(acl
);
1169 zpl_chmod_acl(struct inode
*ip
)
1171 struct posix_acl
*acl
;
1174 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1177 if (S_ISLNK(ip
->i_mode
))
1178 return (-EOPNOTSUPP
);
1180 acl
= zpl_get_acl(ip
, ACL_TYPE_ACCESS
);
1181 if (IS_ERR(acl
) || !acl
)
1182 return (PTR_ERR(acl
));
1184 error
= __posix_acl_chmod(&acl
, GFP_KERNEL
, ip
->i_mode
);
1186 error
= zpl_set_acl(ip
, acl
, ACL_TYPE_ACCESS
);
1188 zpl_posix_acl_release(acl
);
1194 __zpl_xattr_acl_list_access(struct inode
*ip
, char *list
, size_t list_size
,
1195 const char *name
, size_t name_len
)
1197 char *xattr_name
= XATTR_NAME_POSIX_ACL_ACCESS
;
1198 size_t xattr_size
= sizeof (XATTR_NAME_POSIX_ACL_ACCESS
);
1200 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1203 if (list
&& xattr_size
<= list_size
)
1204 memcpy(list
, xattr_name
, xattr_size
);
1206 return (xattr_size
);
1208 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access
);
1211 __zpl_xattr_acl_list_default(struct inode
*ip
, char *list
, size_t list_size
,
1212 const char *name
, size_t name_len
)
1214 char *xattr_name
= XATTR_NAME_POSIX_ACL_DEFAULT
;
1215 size_t xattr_size
= sizeof (XATTR_NAME_POSIX_ACL_DEFAULT
);
1217 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1220 if (list
&& xattr_size
<= list_size
)
1221 memcpy(list
, xattr_name
, xattr_size
);
1223 return (xattr_size
);
1225 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default
);
1228 __zpl_xattr_acl_get_access(struct inode
*ip
, const char *name
,
1229 void *buffer
, size_t size
)
1231 struct posix_acl
*acl
;
1232 int type
= ACL_TYPE_ACCESS
;
1234 /* xattr_resolve_name will do this for us if this is defined */
1235 #ifndef HAVE_XATTR_HANDLER_NAME
1236 if (strcmp(name
, "") != 0)
1239 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1240 return (-EOPNOTSUPP
);
1242 acl
= zpl_get_acl(ip
, type
);
1244 return (PTR_ERR(acl
));
1248 error
= zpl_acl_to_xattr(acl
, buffer
, size
);
1249 zpl_posix_acl_release(acl
);
1253 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access
);
1256 __zpl_xattr_acl_get_default(struct inode
*ip
, const char *name
,
1257 void *buffer
, size_t size
)
1259 struct posix_acl
*acl
;
1260 int type
= ACL_TYPE_DEFAULT
;
1262 /* xattr_resolve_name will do this for us if this is defined */
1263 #ifndef HAVE_XATTR_HANDLER_NAME
1264 if (strcmp(name
, "") != 0)
1267 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1268 return (-EOPNOTSUPP
);
1270 acl
= zpl_get_acl(ip
, type
);
1272 return (PTR_ERR(acl
));
1276 error
= zpl_acl_to_xattr(acl
, buffer
, size
);
1277 zpl_posix_acl_release(acl
);
1281 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default
);
1284 __zpl_xattr_acl_set_access(struct inode
*ip
, const char *name
,
1285 const void *value
, size_t size
, int flags
)
1287 struct posix_acl
*acl
;
1288 int type
= ACL_TYPE_ACCESS
;
1290 /* xattr_resolve_name will do this for us if this is defined */
1291 #ifndef HAVE_XATTR_HANDLER_NAME
1292 if (strcmp(name
, "") != 0)
1295 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1296 return (-EOPNOTSUPP
);
1298 if (!zpl_inode_owner_or_capable(ip
))
1302 acl
= zpl_acl_from_xattr(value
, size
);
1304 return (PTR_ERR(acl
));
1306 error
= zpl_posix_acl_valid(ip
, acl
);
1308 zpl_posix_acl_release(acl
);
1316 error
= zpl_set_acl(ip
, acl
, type
);
1317 zpl_posix_acl_release(acl
);
1321 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access
);
1324 __zpl_xattr_acl_set_default(struct inode
*ip
, const char *name
,
1325 const void *value
, size_t size
, int flags
)
1327 struct posix_acl
*acl
;
1328 int type
= ACL_TYPE_DEFAULT
;
1330 /* xattr_resolve_name will do this for us if this is defined */
1331 #ifndef HAVE_XATTR_HANDLER_NAME
1332 if (strcmp(name
, "") != 0)
1335 if (ITOZSB(ip
)->z_acl_type
!= ZFS_ACLTYPE_POSIXACL
)
1336 return (-EOPNOTSUPP
);
1338 if (!zpl_inode_owner_or_capable(ip
))
1342 acl
= zpl_acl_from_xattr(value
, size
);
1344 return (PTR_ERR(acl
));
1346 error
= zpl_posix_acl_valid(ip
, acl
);
1348 zpl_posix_acl_release(acl
);
1356 error
= zpl_set_acl(ip
, acl
, type
);
1357 zpl_posix_acl_release(acl
);
1361 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default
);
1364 * ACL access xattr namespace handlers.
1366 * Use .name instead of .prefix when available. xattr_resolve_name will match
1367 * whole name and reject anything that has .name only as prefix.
1369 xattr_handler_t zpl_xattr_acl_access_handler
=
1371 #ifdef HAVE_XATTR_HANDLER_NAME
1372 .name
= XATTR_NAME_POSIX_ACL_ACCESS
,
1374 .prefix
= XATTR_NAME_POSIX_ACL_ACCESS
,
1376 .list
= zpl_xattr_acl_list_access
,
1377 .get
= zpl_xattr_acl_get_access
,
1378 .set
= zpl_xattr_acl_set_access
,
1379 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1380 defined(HAVE_XATTR_LIST_DENTRY) || \
1381 defined(HAVE_XATTR_LIST_HANDLER)
1382 .flags
= ACL_TYPE_ACCESS
,
1387 * ACL default xattr namespace handlers.
1389 * Use .name instead of .prefix when available. xattr_resolve_name will match
1390 * whole name and reject anything that has .name only as prefix.
1392 xattr_handler_t zpl_xattr_acl_default_handler
=
1394 #ifdef HAVE_XATTR_HANDLER_NAME
1395 .name
= XATTR_NAME_POSIX_ACL_DEFAULT
,
1397 .prefix
= XATTR_NAME_POSIX_ACL_DEFAULT
,
1399 .list
= zpl_xattr_acl_list_default
,
1400 .get
= zpl_xattr_acl_get_default
,
1401 .set
= zpl_xattr_acl_set_default
,
1402 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1403 defined(HAVE_XATTR_LIST_DENTRY) || \
1404 defined(HAVE_XATTR_LIST_HANDLER)
1405 .flags
= ACL_TYPE_DEFAULT
,
1409 #endif /* CONFIG_FS_POSIX_ACL */
1411 xattr_handler_t
*zpl_xattr_handlers
[] = {
1412 &zpl_xattr_security_handler
,
1413 &zpl_xattr_trusted_handler
,
1414 &zpl_xattr_user_handler
,
1415 #ifdef CONFIG_FS_POSIX_ACL
1416 &zpl_xattr_acl_access_handler
,
1417 &zpl_xattr_acl_default_handler
,
1418 #endif /* CONFIG_FS_POSIX_ACL */
1422 static const struct xattr_handler
*
1423 zpl_xattr_handler(const char *name
)
1425 if (strncmp(name
, XATTR_USER_PREFIX
,
1426 XATTR_USER_PREFIX_LEN
) == 0)
1427 return (&zpl_xattr_user_handler
);
1429 if (strncmp(name
, XATTR_TRUSTED_PREFIX
,
1430 XATTR_TRUSTED_PREFIX_LEN
) == 0)
1431 return (&zpl_xattr_trusted_handler
);
1433 if (strncmp(name
, XATTR_SECURITY_PREFIX
,
1434 XATTR_SECURITY_PREFIX_LEN
) == 0)
1435 return (&zpl_xattr_security_handler
);
1437 #ifdef CONFIG_FS_POSIX_ACL
1438 if (strncmp(name
, XATTR_NAME_POSIX_ACL_ACCESS
,
1439 sizeof (XATTR_NAME_POSIX_ACL_ACCESS
)) == 0)
1440 return (&zpl_xattr_acl_access_handler
);
1442 if (strncmp(name
, XATTR_NAME_POSIX_ACL_DEFAULT
,
1443 sizeof (XATTR_NAME_POSIX_ACL_DEFAULT
)) == 0)
1444 return (&zpl_xattr_acl_default_handler
);
1445 #endif /* CONFIG_FS_POSIX_ACL */
1450 #if !defined(HAVE_POSIX_ACL_RELEASE) || defined(HAVE_POSIX_ACL_RELEASE_GPL_ONLY)
1451 struct acl_rel_struct
{
1452 struct acl_rel_struct
*next
;
1453 struct posix_acl
*acl
;
1457 #define ACL_REL_GRACE (60*HZ)
1458 #define ACL_REL_WINDOW (1*HZ)
1459 #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW)
1462 * Lockless multi-producer single-consumer fifo list.
1463 * Nodes are added to tail and removed from head. Tail pointer is our
1464 * synchronization point. It always points to the next pointer of the last
1465 * node, or head if list is empty.
1467 static struct acl_rel_struct
*acl_rel_head
= NULL
;
1468 static struct acl_rel_struct
**acl_rel_tail
= &acl_rel_head
;
1471 zpl_posix_acl_free(void *arg
)
1473 struct acl_rel_struct
*freelist
= NULL
;
1474 struct acl_rel_struct
*a
;
1476 boolean_t refire
= B_FALSE
;
1478 ASSERT3P(acl_rel_head
, !=, NULL
);
1479 while (acl_rel_head
) {
1481 if (ddi_get_lbolt() - a
->time
>= ACL_REL_GRACE
) {
1483 * If a is the last node we need to reset tail, but we
1484 * need to use cmpxchg to make sure it is still the
1487 if (acl_rel_tail
== &a
->next
) {
1488 acl_rel_head
= NULL
;
1489 if (cmpxchg(&acl_rel_tail
, &a
->next
,
1490 &acl_rel_head
) == &a
->next
) {
1491 ASSERT3P(a
->next
, ==, NULL
);
1498 * a is not last node, make sure next pointer is set
1499 * by the adder and advance the head.
1501 while (ACCESS_ONCE(a
->next
) == NULL
)
1503 acl_rel_head
= a
->next
;
1508 * a is still in grace period. We are responsible to
1509 * reschedule the free task, since adder will only do
1510 * so if list is empty.
1512 new_time
= a
->time
+ ACL_REL_SCHED
;
1519 taskq_dispatch_delay(system_delay_taskq
, zpl_posix_acl_free
,
1520 NULL
, TQ_SLEEP
, new_time
);
1526 kmem_free(a
, sizeof (struct acl_rel_struct
));
1531 zpl_posix_acl_release_impl(struct posix_acl
*acl
)
1533 struct acl_rel_struct
*a
, **prev
;
1535 a
= kmem_alloc(sizeof (struct acl_rel_struct
), KM_SLEEP
);
1538 a
->time
= ddi_get_lbolt();
1539 /* atomically points tail to us and get the previous tail */
1540 prev
= xchg(&acl_rel_tail
, &a
->next
);
1541 ASSERT3P(*prev
, ==, NULL
);
1543 /* if it was empty before, schedule the free task */
1544 if (prev
== &acl_rel_head
)
1545 taskq_dispatch_delay(system_delay_taskq
, zpl_posix_acl_free
,
1546 NULL
, TQ_SLEEP
, ddi_get_lbolt() + ACL_REL_SCHED
);