]>
Commit | Line | Data |
---|---|---|
87d546d8 TG |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://www.opensolaris.org/os/licensing. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
22 | * Copyright (c) 2011, Lawrence Livermore National Security, LLC. | |
23 | * | |
24 | * Extended attributes (xattr) on Solaris are implemented as files | |
25 | * which exist in a hidden xattr directory. These extended attributes | |
26 | * can be accessed using the attropen() system call which opens | |
27 | * the extended attribute. It can then be manipulated just like | |
28 | * a standard file descriptor. This has a couple advantages such | |
29 | * as practically no size limit on the file, and the extended | |
30 | * attributes permissions may differ from those of the parent file. | |
31 | * This interface is really quite clever, but it's also completely | |
32 | * different than what is supported on Linux. It also comes with a | |
33 | * steep performance penalty when accessing small xattrs because they | |
34 | * are not stored with the parent file. | |
35 | * | |
36 | * Under Linux extended attributes are manipulated by the system | |
37 | * calls getxattr(2), setxattr(2), and listxattr(2). They consider | |
38 | * extended attributes to be name/value pairs where the name is a | |
39 | * NULL terminated string. The name must also include one of the | |
40 | * following namespace prefixes: | |
41 | * | |
42 | * user - No restrictions and is available to user applications. | |
43 | * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use. | |
44 | * system - Used for access control lists (system.nfs4_acl, etc). | |
45 | * security - Used by SELinux to store a files security context. | |
46 | * | |
47 | * The value under Linux to limited to 65536 bytes of binary data. | |
48 | * In practice, individual xattrs tend to be much smaller than this | |
49 | * and are typically less than 100 bytes. A good example of this | |
50 | * are the security.selinux xattrs which are less than 100 bytes and | |
51 | * exist for every file when xattr labeling is enabled. | |
52 | * | |
53 | * The Linux xattr implemenation has been written to take advantage of | |
54 | * this typical usage. When the dataset property 'xattr=sa' is set, | |
55 | * then xattrs will be preferentially stored as System Attributes (SA). | |
56 | * This allows tiny xattrs (~100 bytes) to be stored with the dnode and | |
57 | * up to 64k of xattrs to be stored in the spill block. If additional | |
58 | * xattr space is required, which is unlikely under Linux, they will | |
59 | * be stored using the traditional directory approach. | |
60 | * | |
61 | * This optimization results in roughly a 3x performance improvement | |
62 | * when accessing xattrs because it avoids the need to perform a seek | |
63 | * for every xattr value. When multiple xattrs are stored per-file | |
64 | * the performance improvements are even greater because all of the | |
65 | * xattrs stored in the spill block will be cached. | |
66 | * | |
67 | * However, by default SA based xattrs are disabled in the Linux port | |
68 | * to maximize compatibility with other implementations. If you do | |
69 | * enable SA based xattrs then they will not be visible on platforms | |
70 | * which do not support this feature. | |
71 | * | |
72 | * NOTE: One additional consequence of the xattr directory implementation | |
73 | * is that when an extended attribute is manipulated an inode is created. | |
74 | * This inode will exist in the Linux inode cache but there will be no | |
75 | * associated entry in the dentry cache which references it. This is | |
76 | * safe but it may result in some confusion. Enabling SA based xattrs | |
77 | * largely avoids the issue except in the overflow case. | |
78 | */ | |
79 | ||
80 | #include <sys/zfs_vfsops.h> | |
81 | #include <sys/zfs_vnops.h> | |
82 | #include <sys/zfs_znode.h> | |
83 | #include <sys/zap.h> | |
84 | #include <sys/vfs.h> | |
85 | #include <sys/zpl.h> | |
86 | ||
87 | typedef struct xattr_filldir { | |
88 | size_t size; | |
89 | size_t offset; | |
90 | char *buf; | |
91 | struct dentry *dentry; | |
92 | } xattr_filldir_t; | |
93 | ||
94 | static const struct xattr_handler *zpl_xattr_handler(const char *); | |
95 | ||
96 | static int | |
97 | zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len) | |
98 | { | |
99 | static const struct xattr_handler *handler; | |
100 | struct dentry *d = xf->dentry; | |
101 | ||
102 | handler = zpl_xattr_handler(name); | |
103 | if (!handler) | |
104 | return (0); | |
105 | ||
106 | if (handler->list) { | |
107 | #if defined(HAVE_XATTR_LIST_SIMPLE) | |
108 | if (!handler->list(d)) | |
109 | return (0); | |
110 | #elif defined(HAVE_XATTR_LIST_DENTRY) | |
111 | if (!handler->list(d, NULL, 0, name, name_len, 0)) | |
112 | return (0); | |
113 | #elif defined(HAVE_XATTR_LIST_HANDLER) | |
114 | if (!handler->list(handler, d, NULL, 0, name, name_len)) | |
115 | return (0); | |
116 | #elif defined(HAVE_XATTR_LIST_INODE) | |
117 | if (!handler->list(d->d_inode, NULL, 0, name, name_len)) | |
118 | return (0); | |
119 | #endif | |
120 | } | |
121 | ||
122 | return (1); | |
123 | } | |
124 | ||
125 | /* | |
126 | * Determine is a given xattr name should be visible and if so copy it | |
127 | * in to the provided buffer (xf->buf). | |
128 | */ | |
129 | static int | |
130 | zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len) | |
131 | { | |
132 | /* Check permissions using the per-namespace list xattr handler. */ | |
133 | if (!zpl_xattr_permission(xf, name, name_len)) | |
134 | return (0); | |
135 | ||
136 | /* When xf->buf is NULL only calculate the required size. */ | |
137 | if (xf->buf) { | |
138 | if (xf->offset + name_len + 1 > xf->size) | |
139 | return (-ERANGE); | |
140 | ||
141 | memcpy(xf->buf + xf->offset, name, name_len); | |
142 | xf->buf[xf->offset + name_len] = '\0'; | |
143 | } | |
144 | ||
145 | xf->offset += (name_len + 1); | |
146 | ||
147 | return (0); | |
148 | } | |
149 | ||
150 | /* | |
151 | * Read as many directory entry names as will fit in to the provided buffer, | |
152 | * or when no buffer is provided calculate the required buffer size. | |
153 | */ | |
154 | int | |
155 | zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf) | |
156 | { | |
157 | zap_cursor_t zc; | |
158 | zap_attribute_t zap; | |
159 | int error; | |
160 | ||
161 | zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id); | |
162 | ||
163 | while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) { | |
164 | ||
165 | if (zap.za_integer_length != 8 || zap.za_num_integers != 1) { | |
166 | error = -ENXIO; | |
167 | break; | |
168 | } | |
169 | ||
170 | error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name)); | |
171 | if (error) | |
172 | break; | |
173 | ||
174 | zap_cursor_advance(&zc); | |
175 | } | |
176 | ||
177 | zap_cursor_fini(&zc); | |
178 | ||
179 | if (error == -ENOENT) | |
180 | error = 0; | |
181 | ||
182 | return (error); | |
183 | } | |
184 | ||
185 | static ssize_t | |
186 | zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr) | |
187 | { | |
188 | struct inode *ip = xf->dentry->d_inode; | |
189 | struct inode *dxip = NULL; | |
190 | int error; | |
191 | ||
192 | /* Lookup the xattr directory */ | |
193 | error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); | |
194 | if (error) { | |
195 | if (error == -ENOENT) | |
196 | error = 0; | |
197 | ||
198 | return (error); | |
199 | } | |
200 | ||
201 | error = zpl_xattr_readdir(dxip, xf); | |
202 | iput(dxip); | |
203 | ||
204 | return (error); | |
205 | } | |
206 | ||
207 | static ssize_t | |
208 | zpl_xattr_list_sa(xattr_filldir_t *xf) | |
209 | { | |
210 | znode_t *zp = ITOZ(xf->dentry->d_inode); | |
211 | nvpair_t *nvp = NULL; | |
212 | int error = 0; | |
213 | ||
214 | mutex_enter(&zp->z_lock); | |
215 | if (zp->z_xattr_cached == NULL) | |
216 | error = -zfs_sa_get_xattr(zp); | |
217 | mutex_exit(&zp->z_lock); | |
218 | ||
219 | if (error) | |
220 | return (error); | |
221 | ||
222 | ASSERT(zp->z_xattr_cached); | |
223 | ||
224 | while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) { | |
225 | ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY); | |
226 | ||
227 | error = zpl_xattr_filldir(xf, nvpair_name(nvp), | |
228 | strlen(nvpair_name(nvp))); | |
229 | if (error) | |
230 | return (error); | |
231 | } | |
232 | ||
233 | return (0); | |
234 | } | |
235 | ||
236 | ssize_t | |
237 | zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size) | |
238 | { | |
239 | znode_t *zp = ITOZ(dentry->d_inode); | |
240 | zfs_sb_t *zsb = ZTOZSB(zp); | |
241 | xattr_filldir_t xf = { buffer_size, 0, buffer, dentry }; | |
242 | cred_t *cr = CRED(); | |
243 | fstrans_cookie_t cookie; | |
244 | int error = 0; | |
245 | ||
246 | crhold(cr); | |
247 | cookie = spl_fstrans_mark(); | |
248 | rrm_enter_read(&(zsb)->z_teardown_lock, FTAG); | |
249 | rw_enter(&zp->z_xattr_lock, RW_READER); | |
250 | ||
251 | if (zsb->z_use_sa && zp->z_is_sa) { | |
252 | error = zpl_xattr_list_sa(&xf); | |
253 | if (error) | |
254 | goto out; | |
255 | } | |
256 | ||
257 | error = zpl_xattr_list_dir(&xf, cr); | |
258 | if (error) | |
259 | goto out; | |
260 | ||
261 | error = xf.offset; | |
262 | out: | |
263 | ||
264 | rw_exit(&zp->z_xattr_lock); | |
265 | rrm_exit(&(zsb)->z_teardown_lock, FTAG); | |
266 | spl_fstrans_unmark(cookie); | |
267 | crfree(cr); | |
268 | ||
269 | return (error); | |
270 | } | |
271 | ||
272 | static int | |
273 | zpl_xattr_get_dir(struct inode *ip, const char *name, void *value, | |
274 | size_t size, cred_t *cr) | |
275 | { | |
276 | struct inode *dxip = NULL; | |
277 | struct inode *xip = NULL; | |
278 | loff_t pos = 0; | |
279 | int error; | |
280 | ||
281 | /* Lookup the xattr directory */ | |
282 | error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); | |
283 | if (error) | |
284 | goto out; | |
285 | ||
286 | /* Lookup a specific xattr name in the directory */ | |
287 | error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); | |
288 | if (error) | |
289 | goto out; | |
290 | ||
291 | if (!size) { | |
292 | error = i_size_read(xip); | |
293 | goto out; | |
294 | } | |
295 | ||
296 | if (size < i_size_read(xip)) { | |
297 | error = -ERANGE; | |
298 | goto out; | |
299 | } | |
300 | ||
301 | error = zpl_read_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr); | |
302 | out: | |
303 | if (xip) | |
304 | iput(xip); | |
305 | ||
306 | if (dxip) | |
307 | iput(dxip); | |
308 | ||
309 | return (error); | |
310 | } | |
311 | ||
312 | static int | |
313 | zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size) | |
314 | { | |
315 | znode_t *zp = ITOZ(ip); | |
316 | uchar_t *nv_value; | |
317 | uint_t nv_size; | |
318 | int error = 0; | |
319 | ||
320 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); | |
321 | ||
322 | mutex_enter(&zp->z_lock); | |
323 | if (zp->z_xattr_cached == NULL) | |
324 | error = -zfs_sa_get_xattr(zp); | |
325 | mutex_exit(&zp->z_lock); | |
326 | ||
327 | if (error) | |
328 | return (error); | |
329 | ||
330 | ASSERT(zp->z_xattr_cached); | |
331 | error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name, | |
332 | &nv_value, &nv_size); | |
333 | if (error) | |
334 | return (error); | |
335 | ||
336 | if (!size) | |
337 | return (nv_size); | |
338 | ||
339 | if (size < nv_size) | |
340 | return (-ERANGE); | |
341 | ||
342 | memcpy(value, nv_value, nv_size); | |
343 | ||
344 | return (nv_size); | |
345 | } | |
346 | ||
347 | static int | |
348 | __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size, | |
349 | cred_t *cr) | |
350 | { | |
351 | znode_t *zp = ITOZ(ip); | |
352 | zfs_sb_t *zsb = ZTOZSB(zp); | |
353 | int error; | |
354 | ||
355 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); | |
356 | ||
357 | if (zsb->z_use_sa && zp->z_is_sa) { | |
358 | error = zpl_xattr_get_sa(ip, name, value, size); | |
359 | if (error != -ENOENT) | |
360 | goto out; | |
361 | } | |
362 | ||
363 | error = zpl_xattr_get_dir(ip, name, value, size, cr); | |
364 | out: | |
365 | if (error == -ENOENT) | |
366 | error = -ENODATA; | |
367 | ||
368 | return (error); | |
369 | } | |
370 | ||
371 | #define XATTR_NOENT 0x0 | |
372 | #define XATTR_IN_SA 0x1 | |
373 | #define XATTR_IN_DIR 0x2 | |
374 | /* check where the xattr resides */ | |
375 | static int | |
376 | __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr) | |
377 | { | |
378 | znode_t *zp = ITOZ(ip); | |
379 | zfs_sb_t *zsb = ZTOZSB(zp); | |
380 | int error; | |
381 | ||
382 | ASSERT(where); | |
383 | ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); | |
384 | ||
385 | *where = XATTR_NOENT; | |
386 | if (zsb->z_use_sa && zp->z_is_sa) { | |
387 | error = zpl_xattr_get_sa(ip, name, NULL, 0); | |
388 | if (error >= 0) | |
389 | *where |= XATTR_IN_SA; | |
390 | else if (error != -ENOENT) | |
391 | return (error); | |
392 | } | |
393 | ||
394 | error = zpl_xattr_get_dir(ip, name, NULL, 0, cr); | |
395 | if (error >= 0) | |
396 | *where |= XATTR_IN_DIR; | |
397 | else if (error != -ENOENT) | |
398 | return (error); | |
399 | ||
400 | if (*where == (XATTR_IN_SA|XATTR_IN_DIR)) | |
401 | cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\"" | |
402 | " in both SA and dir", ip, name); | |
403 | if (*where == XATTR_NOENT) | |
404 | error = -ENODATA; | |
405 | else | |
406 | error = 0; | |
407 | return (error); | |
408 | } | |
409 | ||
410 | static int | |
411 | zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size) | |
412 | { | |
413 | znode_t *zp = ITOZ(ip); | |
414 | zfs_sb_t *zsb = ZTOZSB(zp); | |
415 | cred_t *cr = CRED(); | |
416 | fstrans_cookie_t cookie; | |
417 | int error; | |
418 | ||
419 | crhold(cr); | |
420 | cookie = spl_fstrans_mark(); | |
421 | rrm_enter_read(&(zsb)->z_teardown_lock, FTAG); | |
422 | rw_enter(&zp->z_xattr_lock, RW_READER); | |
423 | error = __zpl_xattr_get(ip, name, value, size, cr); | |
424 | rw_exit(&zp->z_xattr_lock); | |
425 | rrm_exit(&(zsb)->z_teardown_lock, FTAG); | |
426 | spl_fstrans_unmark(cookie); | |
427 | crfree(cr); | |
428 | ||
429 | return (error); | |
430 | } | |
431 | ||
432 | static int | |
433 | zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value, | |
434 | size_t size, int flags, cred_t *cr) | |
435 | { | |
436 | struct inode *dxip = NULL; | |
437 | struct inode *xip = NULL; | |
438 | vattr_t *vap = NULL; | |
439 | ssize_t wrote; | |
440 | int lookup_flags, error; | |
441 | const int xattr_mode = S_IFREG | 0644; | |
442 | loff_t pos = 0; | |
443 | ||
444 | /* | |
445 | * Lookup the xattr directory. When we're adding an entry pass | |
446 | * CREATE_XATTR_DIR to ensure the xattr directory is created. | |
447 | * When removing an entry this flag is not passed to avoid | |
448 | * unnecessarily creating a new xattr directory. | |
449 | */ | |
450 | lookup_flags = LOOKUP_XATTR; | |
451 | if (value != NULL) | |
452 | lookup_flags |= CREATE_XATTR_DIR; | |
453 | ||
454 | error = -zfs_lookup(ip, NULL, &dxip, lookup_flags, cr, NULL, NULL); | |
455 | if (error) | |
456 | goto out; | |
457 | ||
458 | /* Lookup a specific xattr name in the directory */ | |
459 | error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); | |
460 | if (error && (error != -ENOENT)) | |
461 | goto out; | |
462 | ||
463 | error = 0; | |
464 | ||
465 | /* Remove a specific name xattr when value is set to NULL. */ | |
466 | if (value == NULL) { | |
467 | if (xip) | |
468 | error = -zfs_remove(dxip, (char *)name, cr); | |
469 | ||
470 | goto out; | |
471 | } | |
472 | ||
473 | /* Lookup failed create a new xattr. */ | |
474 | if (xip == NULL) { | |
475 | vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP); | |
476 | vap->va_mode = xattr_mode; | |
477 | vap->va_mask = ATTR_MODE; | |
478 | vap->va_uid = crgetfsuid(cr); | |
479 | vap->va_gid = crgetfsgid(cr); | |
480 | ||
481 | error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip, | |
482 | cr, 0, NULL); | |
483 | if (error) | |
484 | goto out; | |
485 | } | |
486 | ||
487 | ASSERT(xip != NULL); | |
488 | ||
489 | error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE); | |
490 | if (error) | |
491 | goto out; | |
492 | ||
493 | wrote = zpl_write_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr); | |
494 | if (wrote < 0) | |
495 | error = wrote; | |
496 | ||
497 | out: | |
498 | if (vap) | |
499 | kmem_free(vap, sizeof (vattr_t)); | |
500 | ||
501 | if (xip) | |
502 | iput(xip); | |
503 | ||
504 | if (dxip) | |
505 | iput(dxip); | |
506 | ||
507 | if (error == -ENOENT) | |
508 | error = -ENODATA; | |
509 | ||
510 | ASSERT3S(error, <=, 0); | |
511 | ||
512 | return (error); | |
513 | } | |
514 | ||
515 | static int | |
516 | zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value, | |
517 | size_t size, int flags, cred_t *cr) | |
518 | { | |
519 | znode_t *zp = ITOZ(ip); | |
520 | nvlist_t *nvl; | |
521 | size_t sa_size; | |
522 | int error = 0; | |
523 | ||
524 | mutex_enter(&zp->z_lock); | |
525 | if (zp->z_xattr_cached == NULL) | |
526 | error = -zfs_sa_get_xattr(zp); | |
527 | mutex_exit(&zp->z_lock); | |
528 | ||
529 | if (error) | |
530 | return (error); | |
531 | ||
532 | ASSERT(zp->z_xattr_cached); | |
533 | nvl = zp->z_xattr_cached; | |
534 | ||
535 | if (value == NULL) { | |
536 | error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY); | |
537 | if (error == -ENOENT) | |
538 | error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr); | |
539 | } else { | |
540 | /* Limited to 32k to keep nvpair memory allocations small */ | |
541 | if (size > DXATTR_MAX_ENTRY_SIZE) | |
542 | return (-EFBIG); | |
543 | ||
544 | /* Prevent the DXATTR SA from consuming the entire SA region */ | |
545 | error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR); | |
546 | if (error) | |
547 | return (error); | |
548 | ||
549 | if (sa_size > DXATTR_MAX_SA_SIZE) | |
550 | return (-EFBIG); | |
551 | ||
552 | error = -nvlist_add_byte_array(nvl, name, | |
553 | (uchar_t *)value, size); | |
554 | } | |
555 | ||
556 | /* | |
557 | * Update the SA for additions, modifications, and removals. On | |
558 | * error drop the inconsistent cached version of the nvlist, it | |
559 | * will be reconstructed from the ARC when next accessed. | |
560 | */ | |
561 | if (error == 0) | |
562 | error = -zfs_sa_set_xattr(zp); | |
563 | ||
564 | if (error) { | |
565 | nvlist_free(nvl); | |
566 | zp->z_xattr_cached = NULL; | |
567 | } | |
568 | ||
569 | ASSERT3S(error, <=, 0); | |
570 | ||
571 | return (error); | |
572 | } | |
573 | ||
574 | static int | |
575 | zpl_xattr_set(struct inode *ip, const char *name, const void *value, | |
576 | size_t size, int flags) | |
577 | { | |
578 | znode_t *zp = ITOZ(ip); | |
579 | zfs_sb_t *zsb = ZTOZSB(zp); | |
580 | cred_t *cr = CRED(); | |
581 | fstrans_cookie_t cookie; | |
582 | int where; | |
583 | int error; | |
584 | ||
585 | crhold(cr); | |
586 | cookie = spl_fstrans_mark(); | |
587 | rrm_enter_read(&(zsb)->z_teardown_lock, FTAG); | |
588 | rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER); | |
589 | ||
590 | /* | |
591 | * Before setting the xattr check to see if it already exists. | |
592 | * This is done to ensure the following optional flags are honored. | |
593 | * | |
594 | * XATTR_CREATE: fail if xattr already exists | |
595 | * XATTR_REPLACE: fail if xattr does not exist | |
596 | * | |
597 | * We also want to know if it resides in sa or dir, so we can make | |
598 | * sure we don't end up with duplicate in both places. | |
599 | */ | |
600 | error = __zpl_xattr_where(ip, name, &where, cr); | |
601 | if (error < 0) { | |
602 | if (error != -ENODATA) | |
603 | goto out; | |
604 | if (flags & XATTR_REPLACE) | |
605 | goto out; | |
606 | ||
607 | /* The xattr to be removed already doesn't exist */ | |
608 | error = 0; | |
609 | if (value == NULL) | |
610 | goto out; | |
611 | } else { | |
612 | error = -EEXIST; | |
613 | if (flags & XATTR_CREATE) | |
614 | goto out; | |
615 | } | |
616 | ||
617 | /* Preferentially store the xattr as a SA for better performance */ | |
618 | if (zsb->z_use_sa && zp->z_is_sa && | |
619 | (zsb->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) { | |
620 | error = zpl_xattr_set_sa(ip, name, value, size, flags, cr); | |
621 | if (error == 0) { | |
622 | /* | |
623 | * Successfully put into SA, we need to clear the one | |
624 | * in dir. | |
625 | */ | |
626 | if (where & XATTR_IN_DIR) | |
627 | zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr); | |
628 | goto out; | |
629 | } | |
630 | } | |
631 | ||
632 | error = zpl_xattr_set_dir(ip, name, value, size, flags, cr); | |
633 | /* | |
634 | * Successfully put into dir, we need to clear the one in SA. | |
635 | */ | |
636 | if (error == 0 && (where & XATTR_IN_SA)) | |
637 | zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr); | |
638 | out: | |
639 | rw_exit(&ITOZ(ip)->z_xattr_lock); | |
640 | rrm_exit(&(zsb)->z_teardown_lock, FTAG); | |
641 | spl_fstrans_unmark(cookie); | |
642 | crfree(cr); | |
643 | ASSERT3S(error, <=, 0); | |
644 | ||
645 | return (error); | |
646 | } | |
647 | ||
648 | /* | |
649 | * Extended user attributes | |
650 | * | |
651 | * "Extended user attributes may be assigned to files and directories for | |
652 | * storing arbitrary additional information such as the mime type, | |
653 | * character set or encoding of a file. The access permissions for user | |
654 | * attributes are defined by the file permission bits: read permission | |
655 | * is required to retrieve the attribute value, and writer permission is | |
656 | * required to change it. | |
657 | * | |
658 | * The file permission bits of regular files and directories are | |
659 | * interpreted differently from the file permission bits of special | |
660 | * files and symbolic links. For regular files and directories the file | |
661 | * permission bits define access to the file's contents, while for | |
662 | * device special files they define access to the device described by | |
663 | * the special file. The file permissions of symbolic links are not | |
664 | * used in access checks. These differences would allow users to | |
665 | * consume filesystem resources in a way not controllable by disk quotas | |
666 | * for group or world writable special files and directories. | |
667 | * | |
668 | * For this reason, extended user attributes are allowed only for | |
669 | * regular files and directories, and access to extended user attributes | |
670 | * is restricted to the owner and to users with appropriate capabilities | |
671 | * for directories with the sticky bit set (see the chmod(1) manual page | |
672 | * for an explanation of the sticky bit)." - xattr(7) | |
673 | * | |
674 | * ZFS allows extended user attributes to be disabled administratively | |
675 | * by setting the 'xattr=off' property on the dataset. | |
676 | */ | |
677 | static int | |
678 | __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size, | |
679 | const char *name, size_t name_len) | |
680 | { | |
681 | return (ITOZSB(ip)->z_flags & ZSB_XATTR); | |
682 | } | |
683 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list); | |
684 | ||
685 | static int | |
686 | __zpl_xattr_user_get(struct inode *ip, const char *name, | |
687 | void *value, size_t size) | |
688 | { | |
689 | char *xattr_name; | |
690 | int error; | |
691 | /* xattr_resolve_name will do this for us if this is defined */ | |
692 | #ifndef HAVE_XATTR_HANDLER_NAME | |
693 | if (strcmp(name, "") == 0) | |
694 | return (-EINVAL); | |
695 | #endif | |
696 | if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) | |
697 | return (-EOPNOTSUPP); | |
698 | ||
699 | xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); | |
700 | error = zpl_xattr_get(ip, xattr_name, value, size); | |
701 | strfree(xattr_name); | |
702 | ||
703 | return (error); | |
704 | } | |
705 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get); | |
706 | ||
707 | static int | |
708 | __zpl_xattr_user_set(struct inode *ip, const char *name, | |
709 | const void *value, size_t size, int flags) | |
710 | { | |
711 | char *xattr_name; | |
712 | int error; | |
713 | /* xattr_resolve_name will do this for us if this is defined */ | |
714 | #ifndef HAVE_XATTR_HANDLER_NAME | |
715 | if (strcmp(name, "") == 0) | |
716 | return (-EINVAL); | |
717 | #endif | |
718 | if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) | |
719 | return (-EOPNOTSUPP); | |
720 | ||
721 | xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); | |
722 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
723 | strfree(xattr_name); | |
724 | ||
725 | return (error); | |
726 | } | |
727 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set); | |
728 | ||
729 | xattr_handler_t zpl_xattr_user_handler = | |
730 | { | |
731 | .prefix = XATTR_USER_PREFIX, | |
732 | .list = zpl_xattr_user_list, | |
733 | .get = zpl_xattr_user_get, | |
734 | .set = zpl_xattr_user_set, | |
735 | }; | |
736 | ||
737 | /* | |
738 | * Trusted extended attributes | |
739 | * | |
740 | * "Trusted extended attributes are visible and accessible only to | |
741 | * processes that have the CAP_SYS_ADMIN capability. Attributes in this | |
742 | * class are used to implement mechanisms in user space (i.e., outside | |
743 | * the kernel) which keep information in extended attributes to which | |
744 | * ordinary processes should not have access." - xattr(7) | |
745 | */ | |
746 | static int | |
747 | __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size, | |
748 | const char *name, size_t name_len) | |
749 | { | |
750 | return (capable(CAP_SYS_ADMIN)); | |
751 | } | |
752 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list); | |
753 | ||
754 | static int | |
755 | __zpl_xattr_trusted_get(struct inode *ip, const char *name, | |
756 | void *value, size_t size) | |
757 | { | |
758 | char *xattr_name; | |
759 | int error; | |
760 | ||
761 | if (!capable(CAP_SYS_ADMIN)) | |
762 | return (-EACCES); | |
763 | /* xattr_resolve_name will do this for us if this is defined */ | |
764 | #ifndef HAVE_XATTR_HANDLER_NAME | |
765 | if (strcmp(name, "") == 0) | |
766 | return (-EINVAL); | |
767 | #endif | |
768 | xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); | |
769 | error = zpl_xattr_get(ip, xattr_name, value, size); | |
770 | strfree(xattr_name); | |
771 | ||
772 | return (error); | |
773 | } | |
774 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get); | |
775 | ||
776 | static int | |
777 | __zpl_xattr_trusted_set(struct inode *ip, const char *name, | |
778 | const void *value, size_t size, int flags) | |
779 | { | |
780 | char *xattr_name; | |
781 | int error; | |
782 | ||
783 | if (!capable(CAP_SYS_ADMIN)) | |
784 | return (-EACCES); | |
785 | /* xattr_resolve_name will do this for us if this is defined */ | |
786 | #ifndef HAVE_XATTR_HANDLER_NAME | |
787 | if (strcmp(name, "") == 0) | |
788 | return (-EINVAL); | |
789 | #endif | |
790 | xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); | |
791 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
792 | strfree(xattr_name); | |
793 | ||
794 | return (error); | |
795 | } | |
796 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set); | |
797 | ||
798 | xattr_handler_t zpl_xattr_trusted_handler = | |
799 | { | |
800 | .prefix = XATTR_TRUSTED_PREFIX, | |
801 | .list = zpl_xattr_trusted_list, | |
802 | .get = zpl_xattr_trusted_get, | |
803 | .set = zpl_xattr_trusted_set, | |
804 | }; | |
805 | ||
806 | /* | |
807 | * Extended security attributes | |
808 | * | |
809 | * "The security attribute namespace is used by kernel security modules, | |
810 | * such as Security Enhanced Linux, and also to implement file | |
811 | * capabilities (see capabilities(7)). Read and write access | |
812 | * permissions to security attributes depend on the policy implemented | |
813 | * for each security attribute by the security module. When no security | |
814 | * module is loaded, all processes have read access to extended security | |
815 | * attributes, and write access is limited to processes that have the | |
816 | * CAP_SYS_ADMIN capability." - xattr(7) | |
817 | */ | |
818 | static int | |
819 | __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size, | |
820 | const char *name, size_t name_len) | |
821 | { | |
822 | return (1); | |
823 | } | |
824 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list); | |
825 | ||
826 | static int | |
827 | __zpl_xattr_security_get(struct inode *ip, const char *name, | |
828 | void *value, size_t size) | |
829 | { | |
830 | char *xattr_name; | |
831 | int error; | |
832 | /* xattr_resolve_name will do this for us if this is defined */ | |
833 | #ifndef HAVE_XATTR_HANDLER_NAME | |
834 | if (strcmp(name, "") == 0) | |
835 | return (-EINVAL); | |
836 | #endif | |
837 | xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); | |
838 | error = zpl_xattr_get(ip, xattr_name, value, size); | |
839 | strfree(xattr_name); | |
840 | ||
841 | return (error); | |
842 | } | |
843 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get); | |
844 | ||
845 | static int | |
846 | __zpl_xattr_security_set(struct inode *ip, const char *name, | |
847 | const void *value, size_t size, int flags) | |
848 | { | |
849 | char *xattr_name; | |
850 | int error; | |
851 | /* xattr_resolve_name will do this for us if this is defined */ | |
852 | #ifndef HAVE_XATTR_HANDLER_NAME | |
853 | if (strcmp(name, "") == 0) | |
854 | return (-EINVAL); | |
855 | #endif | |
856 | xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); | |
857 | error = zpl_xattr_set(ip, xattr_name, value, size, flags); | |
858 | strfree(xattr_name); | |
859 | ||
860 | return (error); | |
861 | } | |
862 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set); | |
863 | ||
864 | #ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY | |
865 | static int | |
866 | __zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs, | |
867 | void *fs_info) | |
868 | { | |
869 | const struct xattr *xattr; | |
870 | int error = 0; | |
871 | ||
872 | for (xattr = xattrs; xattr->name != NULL; xattr++) { | |
873 | error = __zpl_xattr_security_set(ip, | |
874 | xattr->name, xattr->value, xattr->value_len, 0); | |
875 | ||
876 | if (error < 0) | |
877 | break; | |
878 | } | |
879 | ||
880 | return (error); | |
881 | } | |
882 | ||
883 | int | |
884 | zpl_xattr_security_init(struct inode *ip, struct inode *dip, | |
885 | const struct qstr *qstr) | |
886 | { | |
887 | return security_inode_init_security(ip, dip, qstr, | |
888 | &__zpl_xattr_security_init, NULL); | |
889 | } | |
890 | ||
891 | #else | |
892 | int | |
893 | zpl_xattr_security_init(struct inode *ip, struct inode *dip, | |
894 | const struct qstr *qstr) | |
895 | { | |
896 | int error; | |
897 | size_t len; | |
898 | void *value; | |
899 | char *name; | |
900 | ||
901 | error = zpl_security_inode_init_security(ip, dip, qstr, | |
902 | &name, &value, &len); | |
903 | if (error) { | |
904 | if (error == -EOPNOTSUPP) | |
905 | return (0); | |
906 | ||
907 | return (error); | |
908 | } | |
909 | ||
910 | error = __zpl_xattr_security_set(ip, name, value, len, 0); | |
911 | ||
912 | kfree(name); | |
913 | kfree(value); | |
914 | ||
915 | return (error); | |
916 | } | |
917 | #endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */ | |
918 | ||
919 | /* | |
920 | * Security xattr namespace handlers. | |
921 | */ | |
922 | xattr_handler_t zpl_xattr_security_handler = { | |
923 | .prefix = XATTR_SECURITY_PREFIX, | |
924 | .list = zpl_xattr_security_list, | |
925 | .get = zpl_xattr_security_get, | |
926 | .set = zpl_xattr_security_set, | |
927 | }; | |
928 | ||
929 | /* | |
930 | * Extended system attributes | |
931 | * | |
932 | * "Extended system attributes are used by the kernel to store system | |
933 | * objects such as Access Control Lists. Read and write access permissions | |
934 | * to system attributes depend on the policy implemented for each system | |
935 | * attribute implemented by filesystems in the kernel." - xattr(7) | |
936 | */ | |
937 | #ifdef CONFIG_FS_POSIX_ACL | |
938 | int | |
939 | zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type) | |
940 | { | |
87d546d8 TG |
941 | char *name, *value = NULL; |
942 | int error = 0; | |
943 | size_t size = 0; | |
944 | ||
945 | if (S_ISLNK(ip->i_mode)) | |
946 | return (-EOPNOTSUPP); | |
947 | ||
948 | switch (type) { | |
949 | case ACL_TYPE_ACCESS: | |
950 | name = XATTR_NAME_POSIX_ACL_ACCESS; | |
951 | if (acl) { | |
952 | zpl_equivmode_t mode = ip->i_mode; | |
953 | error = posix_acl_equiv_mode(acl, &mode); | |
954 | if (error < 0) { | |
955 | return (error); | |
956 | } else { | |
957 | /* | |
958 | * The mode bits will have been set by | |
959 | * ->zfs_setattr()->zfs_acl_chmod_setattr() | |
960 | * using the ZFS ACL conversion. If they | |
961 | * differ from the Posix ACL conversion dirty | |
962 | * the inode to write the Posix mode bits. | |
963 | */ | |
964 | if (ip->i_mode != mode) { | |
965 | ip->i_mode = mode; | |
df9d7621 | 966 | ip->i_ctime = current_time(ip); |
87d546d8 TG |
967 | zfs_mark_inode_dirty(ip); |
968 | } | |
969 | ||
970 | if (error == 0) | |
971 | acl = NULL; | |
972 | } | |
973 | } | |
974 | break; | |
975 | ||
976 | case ACL_TYPE_DEFAULT: | |
977 | name = XATTR_NAME_POSIX_ACL_DEFAULT; | |
978 | if (!S_ISDIR(ip->i_mode)) | |
979 | return (acl ? -EACCES : 0); | |
980 | break; | |
981 | ||
982 | default: | |
983 | return (-EINVAL); | |
984 | } | |
985 | ||
986 | if (acl) { | |
987 | size = posix_acl_xattr_size(acl->a_count); | |
988 | value = kmem_alloc(size, KM_SLEEP); | |
989 | ||
990 | error = zpl_acl_to_xattr(acl, value, size); | |
991 | if (error < 0) { | |
992 | kmem_free(value, size); | |
993 | return (error); | |
994 | } | |
995 | } | |
996 | ||
997 | error = zpl_xattr_set(ip, name, value, size, 0); | |
998 | if (value) | |
999 | kmem_free(value, size); | |
1000 | ||
1001 | if (!error) { | |
1002 | if (acl) | |
1003 | zpl_set_cached_acl(ip, type, acl); | |
1004 | else | |
1005 | zpl_forget_cached_acl(ip, type); | |
1006 | } | |
1007 | ||
1008 | return (error); | |
1009 | } | |
1010 | ||
1011 | struct posix_acl * | |
1012 | zpl_get_acl(struct inode *ip, int type) | |
1013 | { | |
1014 | struct posix_acl *acl; | |
1015 | void *value = NULL; | |
1016 | char *name; | |
1017 | int size; | |
1018 | ||
1019 | /* | |
1020 | * As of Linux 3.14, the kernel get_acl will check this for us. | |
1021 | * Also as of Linux 4.7, comparing against ACL_NOT_CACHED is wrong | |
1022 | * as the kernel get_acl will set it to temporary sentinel value. | |
1023 | */ | |
1024 | #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE | |
1025 | acl = get_cached_acl(ip, type); | |
1026 | if (acl != ACL_NOT_CACHED) | |
1027 | return (acl); | |
1028 | #endif | |
1029 | ||
1030 | switch (type) { | |
1031 | case ACL_TYPE_ACCESS: | |
1032 | name = XATTR_NAME_POSIX_ACL_ACCESS; | |
1033 | break; | |
1034 | case ACL_TYPE_DEFAULT: | |
1035 | name = XATTR_NAME_POSIX_ACL_DEFAULT; | |
1036 | break; | |
1037 | default: | |
1038 | return (ERR_PTR(-EINVAL)); | |
1039 | } | |
1040 | ||
1041 | size = zpl_xattr_get(ip, name, NULL, 0); | |
1042 | if (size > 0) { | |
1043 | value = kmem_alloc(size, KM_SLEEP); | |
1044 | size = zpl_xattr_get(ip, name, value, size); | |
1045 | } | |
1046 | ||
1047 | if (size > 0) { | |
1048 | acl = zpl_acl_from_xattr(value, size); | |
1049 | } else if (size == -ENODATA || size == -ENOSYS) { | |
1050 | acl = NULL; | |
1051 | } else { | |
1052 | acl = ERR_PTR(-EIO); | |
1053 | } | |
1054 | ||
1055 | if (size > 0) | |
1056 | kmem_free(value, size); | |
1057 | ||
1058 | /* As of Linux 4.7, the kernel get_acl will set this for us */ | |
1059 | #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE | |
1060 | if (!IS_ERR(acl)) | |
1061 | zpl_set_cached_acl(ip, type, acl); | |
1062 | #endif | |
1063 | ||
1064 | return (acl); | |
1065 | } | |
1066 | ||
1067 | #if !defined(HAVE_GET_ACL) | |
1068 | static int | |
1069 | __zpl_check_acl(struct inode *ip, int mask) | |
1070 | { | |
1071 | struct posix_acl *acl; | |
1072 | int error; | |
1073 | ||
1074 | acl = zpl_get_acl(ip, ACL_TYPE_ACCESS); | |
1075 | if (IS_ERR(acl)) | |
1076 | return (PTR_ERR(acl)); | |
1077 | ||
1078 | if (acl) { | |
1079 | error = posix_acl_permission(ip, acl, mask); | |
1080 | zpl_posix_acl_release(acl); | |
1081 | return (error); | |
1082 | } | |
1083 | ||
1084 | return (-EAGAIN); | |
1085 | } | |
1086 | ||
1087 | #if defined(HAVE_CHECK_ACL_WITH_FLAGS) | |
1088 | int | |
1089 | zpl_check_acl(struct inode *ip, int mask, unsigned int flags) | |
1090 | { | |
1091 | return (__zpl_check_acl(ip, mask)); | |
1092 | } | |
1093 | #elif defined(HAVE_CHECK_ACL) | |
1094 | int | |
1095 | zpl_check_acl(struct inode *ip, int mask) | |
1096 | { | |
1097 | return (__zpl_check_acl(ip, mask)); | |
1098 | } | |
1099 | #elif defined(HAVE_PERMISSION_WITH_NAMEIDATA) | |
1100 | int | |
1101 | zpl_permission(struct inode *ip, int mask, struct nameidata *nd) | |
1102 | { | |
1103 | return (generic_permission(ip, mask, __zpl_check_acl)); | |
1104 | } | |
1105 | #elif defined(HAVE_PERMISSION) | |
1106 | int | |
1107 | zpl_permission(struct inode *ip, int mask) | |
1108 | { | |
1109 | return (generic_permission(ip, mask, __zpl_check_acl)); | |
1110 | } | |
1111 | #endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */ | |
1112 | #endif /* !HAVE_GET_ACL */ | |
1113 | ||
1114 | int | |
1115 | zpl_init_acl(struct inode *ip, struct inode *dir) | |
1116 | { | |
1117 | struct posix_acl *acl = NULL; | |
1118 | int error = 0; | |
1119 | ||
1120 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1121 | return (0); | |
1122 | ||
1123 | if (!S_ISLNK(ip->i_mode)) { | |
1124 | if (ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) { | |
1125 | acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT); | |
1126 | if (IS_ERR(acl)) | |
1127 | return (PTR_ERR(acl)); | |
1128 | } | |
1129 | ||
1130 | if (!acl) { | |
1131 | ip->i_mode &= ~current_umask(); | |
df9d7621 | 1132 | ip->i_ctime = current_time(ip); |
87d546d8 TG |
1133 | zfs_mark_inode_dirty(ip); |
1134 | return (0); | |
1135 | } | |
1136 | } | |
1137 | ||
1138 | if ((ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) && acl) { | |
1139 | umode_t mode; | |
1140 | ||
1141 | if (S_ISDIR(ip->i_mode)) { | |
1142 | error = zpl_set_acl(ip, acl, ACL_TYPE_DEFAULT); | |
1143 | if (error) | |
1144 | goto out; | |
1145 | } | |
1146 | ||
1147 | mode = ip->i_mode; | |
1148 | error = __posix_acl_create(&acl, GFP_KERNEL, &mode); | |
1149 | if (error >= 0) { | |
1150 | ip->i_mode = mode; | |
1151 | zfs_mark_inode_dirty(ip); | |
1152 | if (error > 0) | |
1153 | error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS); | |
1154 | } | |
1155 | } | |
1156 | out: | |
1157 | zpl_posix_acl_release(acl); | |
1158 | ||
1159 | return (error); | |
1160 | } | |
1161 | ||
1162 | int | |
1163 | zpl_chmod_acl(struct inode *ip) | |
1164 | { | |
1165 | struct posix_acl *acl; | |
1166 | int error; | |
1167 | ||
1168 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1169 | return (0); | |
1170 | ||
1171 | if (S_ISLNK(ip->i_mode)) | |
1172 | return (-EOPNOTSUPP); | |
1173 | ||
1174 | acl = zpl_get_acl(ip, ACL_TYPE_ACCESS); | |
1175 | if (IS_ERR(acl) || !acl) | |
1176 | return (PTR_ERR(acl)); | |
1177 | ||
1178 | error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode); | |
1179 | if (!error) | |
1180 | error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS); | |
1181 | ||
1182 | zpl_posix_acl_release(acl); | |
1183 | ||
1184 | return (error); | |
1185 | } | |
1186 | ||
1187 | static int | |
1188 | __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size, | |
1189 | const char *name, size_t name_len) | |
1190 | { | |
1191 | char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS; | |
1192 | size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS); | |
1193 | ||
1194 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1195 | return (0); | |
1196 | ||
1197 | if (list && xattr_size <= list_size) | |
1198 | memcpy(list, xattr_name, xattr_size); | |
1199 | ||
1200 | return (xattr_size); | |
1201 | } | |
1202 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access); | |
1203 | ||
1204 | static int | |
1205 | __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size, | |
1206 | const char *name, size_t name_len) | |
1207 | { | |
1208 | char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT; | |
1209 | size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT); | |
1210 | ||
1211 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1212 | return (0); | |
1213 | ||
1214 | if (list && xattr_size <= list_size) | |
1215 | memcpy(list, xattr_name, xattr_size); | |
1216 | ||
1217 | return (xattr_size); | |
1218 | } | |
1219 | ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default); | |
1220 | ||
1221 | static int | |
1222 | __zpl_xattr_acl_get_access(struct inode *ip, const char *name, | |
1223 | void *buffer, size_t size) | |
1224 | { | |
1225 | struct posix_acl *acl; | |
1226 | int type = ACL_TYPE_ACCESS; | |
1227 | int error; | |
1228 | /* xattr_resolve_name will do this for us if this is defined */ | |
1229 | #ifndef HAVE_XATTR_HANDLER_NAME | |
1230 | if (strcmp(name, "") != 0) | |
1231 | return (-EINVAL); | |
1232 | #endif | |
1233 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1234 | return (-EOPNOTSUPP); | |
1235 | ||
1236 | acl = zpl_get_acl(ip, type); | |
1237 | if (IS_ERR(acl)) | |
1238 | return (PTR_ERR(acl)); | |
1239 | if (acl == NULL) | |
1240 | return (-ENODATA); | |
1241 | ||
1242 | error = zpl_acl_to_xattr(acl, buffer, size); | |
1243 | zpl_posix_acl_release(acl); | |
1244 | ||
1245 | return (error); | |
1246 | } | |
1247 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access); | |
1248 | ||
1249 | static int | |
1250 | __zpl_xattr_acl_get_default(struct inode *ip, const char *name, | |
1251 | void *buffer, size_t size) | |
1252 | { | |
1253 | struct posix_acl *acl; | |
1254 | int type = ACL_TYPE_DEFAULT; | |
1255 | int error; | |
1256 | /* xattr_resolve_name will do this for us if this is defined */ | |
1257 | #ifndef HAVE_XATTR_HANDLER_NAME | |
1258 | if (strcmp(name, "") != 0) | |
1259 | return (-EINVAL); | |
1260 | #endif | |
1261 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1262 | return (-EOPNOTSUPP); | |
1263 | ||
1264 | acl = zpl_get_acl(ip, type); | |
1265 | if (IS_ERR(acl)) | |
1266 | return (PTR_ERR(acl)); | |
1267 | if (acl == NULL) | |
1268 | return (-ENODATA); | |
1269 | ||
1270 | error = zpl_acl_to_xattr(acl, buffer, size); | |
1271 | zpl_posix_acl_release(acl); | |
1272 | ||
1273 | return (error); | |
1274 | } | |
1275 | ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default); | |
1276 | ||
1277 | static int | |
1278 | __zpl_xattr_acl_set_access(struct inode *ip, const char *name, | |
1279 | const void *value, size_t size, int flags) | |
1280 | { | |
1281 | struct posix_acl *acl; | |
1282 | int type = ACL_TYPE_ACCESS; | |
1283 | int error = 0; | |
1284 | /* xattr_resolve_name will do this for us if this is defined */ | |
1285 | #ifndef HAVE_XATTR_HANDLER_NAME | |
1286 | if (strcmp(name, "") != 0) | |
1287 | return (-EINVAL); | |
1288 | #endif | |
1289 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1290 | return (-EOPNOTSUPP); | |
1291 | ||
1292 | if (!zpl_inode_owner_or_capable(ip)) | |
1293 | return (-EPERM); | |
1294 | ||
1295 | if (value) { | |
1296 | acl = zpl_acl_from_xattr(value, size); | |
1297 | if (IS_ERR(acl)) | |
1298 | return (PTR_ERR(acl)); | |
1299 | else if (acl) { | |
1300 | error = zpl_posix_acl_valid(ip, acl); | |
1301 | if (error) { | |
1302 | zpl_posix_acl_release(acl); | |
1303 | return (error); | |
1304 | } | |
1305 | } | |
1306 | } else { | |
1307 | acl = NULL; | |
1308 | } | |
1309 | ||
1310 | error = zpl_set_acl(ip, acl, type); | |
1311 | zpl_posix_acl_release(acl); | |
1312 | ||
1313 | return (error); | |
1314 | } | |
1315 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access); | |
1316 | ||
1317 | static int | |
1318 | __zpl_xattr_acl_set_default(struct inode *ip, const char *name, | |
1319 | const void *value, size_t size, int flags) | |
1320 | { | |
1321 | struct posix_acl *acl; | |
1322 | int type = ACL_TYPE_DEFAULT; | |
1323 | int error = 0; | |
1324 | /* xattr_resolve_name will do this for us if this is defined */ | |
1325 | #ifndef HAVE_XATTR_HANDLER_NAME | |
1326 | if (strcmp(name, "") != 0) | |
1327 | return (-EINVAL); | |
1328 | #endif | |
1329 | if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) | |
1330 | return (-EOPNOTSUPP); | |
1331 | ||
1332 | if (!zpl_inode_owner_or_capable(ip)) | |
1333 | return (-EPERM); | |
1334 | ||
1335 | if (value) { | |
1336 | acl = zpl_acl_from_xattr(value, size); | |
1337 | if (IS_ERR(acl)) | |
1338 | return (PTR_ERR(acl)); | |
1339 | else if (acl) { | |
1340 | error = zpl_posix_acl_valid(ip, acl); | |
1341 | if (error) { | |
1342 | zpl_posix_acl_release(acl); | |
1343 | return (error); | |
1344 | } | |
1345 | } | |
1346 | } else { | |
1347 | acl = NULL; | |
1348 | } | |
1349 | ||
1350 | error = zpl_set_acl(ip, acl, type); | |
1351 | zpl_posix_acl_release(acl); | |
1352 | ||
1353 | return (error); | |
1354 | } | |
1355 | ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default); | |
1356 | ||
1357 | /* | |
1358 | * ACL access xattr namespace handlers. | |
1359 | * | |
1360 | * Use .name instead of .prefix when available. xattr_resolve_name will match | |
1361 | * whole name and reject anything that has .name only as prefix. | |
1362 | */ | |
1363 | xattr_handler_t zpl_xattr_acl_access_handler = | |
1364 | { | |
1365 | #ifdef HAVE_XATTR_HANDLER_NAME | |
1366 | .name = XATTR_NAME_POSIX_ACL_ACCESS, | |
1367 | #else | |
1368 | .prefix = XATTR_NAME_POSIX_ACL_ACCESS, | |
1369 | #endif | |
1370 | .list = zpl_xattr_acl_list_access, | |
1371 | .get = zpl_xattr_acl_get_access, | |
1372 | .set = zpl_xattr_acl_set_access, | |
1373 | #if defined(HAVE_XATTR_LIST_SIMPLE) || \ | |
1374 | defined(HAVE_XATTR_LIST_DENTRY) || \ | |
1375 | defined(HAVE_XATTR_LIST_HANDLER) | |
1376 | .flags = ACL_TYPE_ACCESS, | |
1377 | #endif | |
1378 | }; | |
1379 | ||
1380 | /* | |
1381 | * ACL default xattr namespace handlers. | |
1382 | * | |
1383 | * Use .name instead of .prefix when available. xattr_resolve_name will match | |
1384 | * whole name and reject anything that has .name only as prefix. | |
1385 | */ | |
1386 | xattr_handler_t zpl_xattr_acl_default_handler = | |
1387 | { | |
1388 | #ifdef HAVE_XATTR_HANDLER_NAME | |
1389 | .name = XATTR_NAME_POSIX_ACL_DEFAULT, | |
1390 | #else | |
1391 | .prefix = XATTR_NAME_POSIX_ACL_DEFAULT, | |
1392 | #endif | |
1393 | .list = zpl_xattr_acl_list_default, | |
1394 | .get = zpl_xattr_acl_get_default, | |
1395 | .set = zpl_xattr_acl_set_default, | |
1396 | #if defined(HAVE_XATTR_LIST_SIMPLE) || \ | |
1397 | defined(HAVE_XATTR_LIST_DENTRY) || \ | |
1398 | defined(HAVE_XATTR_LIST_HANDLER) | |
1399 | .flags = ACL_TYPE_DEFAULT, | |
1400 | #endif | |
1401 | }; | |
1402 | ||
1403 | #endif /* CONFIG_FS_POSIX_ACL */ | |
1404 | ||
1405 | xattr_handler_t *zpl_xattr_handlers[] = { | |
1406 | &zpl_xattr_security_handler, | |
1407 | &zpl_xattr_trusted_handler, | |
1408 | &zpl_xattr_user_handler, | |
1409 | #ifdef CONFIG_FS_POSIX_ACL | |
1410 | &zpl_xattr_acl_access_handler, | |
1411 | &zpl_xattr_acl_default_handler, | |
1412 | #endif /* CONFIG_FS_POSIX_ACL */ | |
1413 | NULL | |
1414 | }; | |
1415 | ||
1416 | static const struct xattr_handler * | |
1417 | zpl_xattr_handler(const char *name) | |
1418 | { | |
1419 | if (strncmp(name, XATTR_USER_PREFIX, | |
1420 | XATTR_USER_PREFIX_LEN) == 0) | |
1421 | return (&zpl_xattr_user_handler); | |
1422 | ||
1423 | if (strncmp(name, XATTR_TRUSTED_PREFIX, | |
1424 | XATTR_TRUSTED_PREFIX_LEN) == 0) | |
1425 | return (&zpl_xattr_trusted_handler); | |
1426 | ||
1427 | if (strncmp(name, XATTR_SECURITY_PREFIX, | |
1428 | XATTR_SECURITY_PREFIX_LEN) == 0) | |
1429 | return (&zpl_xattr_security_handler); | |
1430 | ||
1431 | #ifdef CONFIG_FS_POSIX_ACL | |
1432 | if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, | |
1433 | sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0) | |
1434 | return (&zpl_xattr_acl_access_handler); | |
1435 | ||
1436 | if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, | |
1437 | sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0) | |
1438 | return (&zpl_xattr_acl_default_handler); | |
1439 | #endif /* CONFIG_FS_POSIX_ACL */ | |
1440 | ||
1441 | return (NULL); | |
1442 | } | |
1443 | ||
1444 | #if !defined(HAVE_POSIX_ACL_RELEASE) || defined(HAVE_POSIX_ACL_RELEASE_GPL_ONLY) | |
1445 | struct acl_rel_struct { | |
1446 | struct acl_rel_struct *next; | |
1447 | struct posix_acl *acl; | |
1448 | clock_t time; | |
1449 | }; | |
1450 | ||
1451 | #define ACL_REL_GRACE (60*HZ) | |
1452 | #define ACL_REL_WINDOW (1*HZ) | |
1453 | #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW) | |
1454 | ||
1455 | /* | |
1456 | * Lockless multi-producer single-consumer fifo list. | |
1457 | * Nodes are added to tail and removed from head. Tail pointer is our | |
1458 | * synchronization point. It always points to the next pointer of the last | |
1459 | * node, or head if list is empty. | |
1460 | */ | |
1461 | static struct acl_rel_struct *acl_rel_head = NULL; | |
1462 | static struct acl_rel_struct **acl_rel_tail = &acl_rel_head; | |
1463 | ||
1464 | static void | |
1465 | zpl_posix_acl_free(void *arg) | |
1466 | { | |
1467 | struct acl_rel_struct *freelist = NULL; | |
1468 | struct acl_rel_struct *a; | |
1469 | clock_t new_time; | |
1470 | boolean_t refire = B_FALSE; | |
1471 | ||
1472 | ASSERT3P(acl_rel_head, !=, NULL); | |
1473 | while (acl_rel_head) { | |
1474 | a = acl_rel_head; | |
1475 | if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) { | |
1476 | /* | |
1477 | * If a is the last node we need to reset tail, but we | |
1478 | * need to use cmpxchg to make sure it is still the | |
1479 | * last node. | |
1480 | */ | |
1481 | if (acl_rel_tail == &a->next) { | |
1482 | acl_rel_head = NULL; | |
1483 | if (cmpxchg(&acl_rel_tail, &a->next, | |
1484 | &acl_rel_head) == &a->next) { | |
1485 | ASSERT3P(a->next, ==, NULL); | |
1486 | a->next = freelist; | |
1487 | freelist = a; | |
1488 | break; | |
1489 | } | |
1490 | } | |
1491 | /* | |
1492 | * a is not last node, make sure next pointer is set | |
1493 | * by the adder and advance the head. | |
1494 | */ | |
1495 | while (ACCESS_ONCE(a->next) == NULL) | |
1496 | cpu_relax(); | |
1497 | acl_rel_head = a->next; | |
1498 | a->next = freelist; | |
1499 | freelist = a; | |
1500 | } else { | |
1501 | /* | |
1502 | * a is still in grace period. We are responsible to | |
1503 | * reschedule the free task, since adder will only do | |
1504 | * so if list is empty. | |
1505 | */ | |
1506 | new_time = a->time + ACL_REL_SCHED; | |
1507 | refire = B_TRUE; | |
1508 | break; | |
1509 | } | |
1510 | } | |
1511 | ||
1512 | if (refire) | |
1513 | taskq_dispatch_delay(system_taskq, zpl_posix_acl_free, NULL, | |
1514 | TQ_SLEEP, new_time); | |
1515 | ||
1516 | while (freelist) { | |
1517 | a = freelist; | |
1518 | freelist = a->next; | |
1519 | kfree(a->acl); | |
1520 | kmem_free(a, sizeof (struct acl_rel_struct)); | |
1521 | } | |
1522 | } | |
1523 | ||
1524 | void | |
1525 | zpl_posix_acl_release_impl(struct posix_acl *acl) | |
1526 | { | |
1527 | struct acl_rel_struct *a, **prev; | |
1528 | ||
1529 | a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP); | |
1530 | a->next = NULL; | |
1531 | a->acl = acl; | |
1532 | a->time = ddi_get_lbolt(); | |
1533 | /* atomically points tail to us and get the previous tail */ | |
1534 | prev = xchg(&acl_rel_tail, &a->next); | |
1535 | ASSERT3P(*prev, ==, NULL); | |
1536 | *prev = a; | |
1537 | /* if it was empty before, schedule the free task */ | |
1538 | if (prev == &acl_rel_head) | |
1539 | taskq_dispatch_delay(system_taskq, zpl_posix_acl_free, NULL, | |
1540 | TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED); | |
1541 | } | |
1542 | #endif |