]> git.proxmox.com Git - mirror_zfs-debian.git/blob - module/zfs/zpl_xattr.c
projects / mirror_zfs-debian.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Imported Upstream version 0.6.4.2
[mirror_zfs-debian.git] / module / zfs / zpl_xattr.c
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
23 *
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
35 *
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
40 * following namespace prefixes:
41 *
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
46 *
47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
52 *
53 * The Linux xattr implemenation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
60 *
61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
66 *
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
71 *
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
78 */
79
80 #include <sys/zfs_vfsops.h>
81 #include <sys/zfs_vnops.h>
82 #include <sys/zfs_znode.h>
83 #include <sys/zap.h>
84 #include <sys/vfs.h>
85 #include <sys/zpl.h>
86
87 typedef struct xattr_filldir {
88 size_t size;
89 size_t offset;
90 char *buf;
91 struct inode *inode;
92 } xattr_filldir_t;
93
94 static int
95 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
96 {
97 if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) == 0)
98 if (!(ITOZSB(xf->inode)->z_flags & ZSB_XATTR))
99 return (0);
100
101 if (strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) == 0)
102 if (!capable(CAP_SYS_ADMIN))
103 return (0);
104
105 /* When xf->buf is NULL only calculate the required size. */
106 if (xf->buf) {
107 if (xf->offset + name_len + 1 > xf->size)
108 return (-ERANGE);
109
110 memcpy(xf->buf + xf->offset, name, name_len);
111 xf->buf[xf->offset + name_len] = '\0';
112 }
113
114 xf->offset += (name_len + 1);
115
116 return (0);
117 }
118
119 /*
120 * Read as many directory entry names as will fit in to the provided buffer,
121 * or when no buffer is provided calculate the required buffer size.
122 */
123 int
124 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
125 {
126 zap_cursor_t zc;
127 zap_attribute_t zap;
128 int error;
129
130 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
131
132 while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) {
133
134 if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
135 error = -ENXIO;
136 break;
137 }
138
139 error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name));
140 if (error)
141 break;
142
143 zap_cursor_advance(&zc);
144 }
145
146 zap_cursor_fini(&zc);
147
148 if (error == -ENOENT)
149 error = 0;
150
151 return (error);
152 }
153
154 static ssize_t
155 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
156 {
157 struct inode *ip = xf->inode;
158 struct inode *dxip = NULL;
159 int error;
160
161 /* Lookup the xattr directory */
162 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
163 if (error) {
164 if (error == -ENOENT)
165 error = 0;
166
167 return (error);
168 }
169
170 error = zpl_xattr_readdir(dxip, xf);
171 iput(dxip);
172
173 return (error);
174 }
175
176 static ssize_t
177 zpl_xattr_list_sa(xattr_filldir_t *xf)
178 {
179 znode_t *zp = ITOZ(xf->inode);
180 nvpair_t *nvp = NULL;
181 int error = 0;
182
183 mutex_enter(&zp->z_lock);
184 if (zp->z_xattr_cached == NULL)
185 error = -zfs_sa_get_xattr(zp);
186 mutex_exit(&zp->z_lock);
187
188 if (error)
189 return (error);
190
191 ASSERT(zp->z_xattr_cached);
192
193 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
194 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
195
196 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
197 strlen(nvpair_name(nvp)));
198 if (error)
199 return (error);
200 }
201
202 return (0);
203 }
204
205 ssize_t
206 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
207 {
208 znode_t *zp = ITOZ(dentry->d_inode);
209 zfs_sb_t *zsb = ZTOZSB(zp);
210 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry->d_inode };
211 cred_t *cr = CRED();
212 fstrans_cookie_t cookie;
213 int error = 0;
214
215 crhold(cr);
216 cookie = spl_fstrans_mark();
217 rw_enter(&zp->z_xattr_lock, RW_READER);
218
219 if (zsb->z_use_sa && zp->z_is_sa) {
220 error = zpl_xattr_list_sa(&xf);
221 if (error)
222 goto out;
223 }
224
225 error = zpl_xattr_list_dir(&xf, cr);
226 if (error)
227 goto out;
228
229 error = xf.offset;
230 out:
231
232 rw_exit(&zp->z_xattr_lock);
233 spl_fstrans_unmark(cookie);
234 crfree(cr);
235
236 return (error);
237 }
238
239 static int
240 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
241 size_t size, cred_t *cr)
242 {
243 struct inode *dxip = NULL;
244 struct inode *xip = NULL;
245 loff_t pos = 0;
246 int error;
247
248 /* Lookup the xattr directory */
249 error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL);
250 if (error)
251 goto out;
252
253 /* Lookup a specific xattr name in the directory */
254 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
255 if (error)
256 goto out;
257
258 if (!size) {
259 error = i_size_read(xip);
260 goto out;
261 }
262
263 if (size < i_size_read(xip)) {
264 error = -ERANGE;
265 goto out;
266 }
267
268 error = zpl_read_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr);
269 out:
270 if (xip)
271 iput(xip);
272
273 if (dxip)
274 iput(dxip);
275
276 return (error);
277 }
278
279 static int
280 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
281 {
282 znode_t *zp = ITOZ(ip);
283 uchar_t *nv_value;
284 uint_t nv_size;
285 int error = 0;
286
287 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
288
289 mutex_enter(&zp->z_lock);
290 if (zp->z_xattr_cached == NULL)
291 error = -zfs_sa_get_xattr(zp);
292 mutex_exit(&zp->z_lock);
293
294 if (error)
295 return (error);
296
297 ASSERT(zp->z_xattr_cached);
298 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
299 &nv_value, &nv_size);
300 if (error)
301 return (error);
302
303 if (!size)
304 return (nv_size);
305
306 if (size < nv_size)
307 return (-ERANGE);
308
309 memcpy(value, nv_value, nv_size);
310
311 return (nv_size);
312 }
313
314 static int
315 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
316 cred_t *cr)
317 {
318 znode_t *zp = ITOZ(ip);
319 zfs_sb_t *zsb = ZTOZSB(zp);
320 int error;
321
322 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
323
324 if (zsb->z_use_sa && zp->z_is_sa) {
325 error = zpl_xattr_get_sa(ip, name, value, size);
326 if (error != -ENOENT)
327 goto out;
328 }
329
330 error = zpl_xattr_get_dir(ip, name, value, size, cr);
331 out:
332 if (error == -ENOENT)
333 error = -ENODATA;
334
335 return (error);
336 }
337
338 static int
339 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
340 {
341 znode_t *zp = ITOZ(ip);
342 cred_t *cr = CRED();
343 fstrans_cookie_t cookie;
344 int error;
345
346 crhold(cr);
347 cookie = spl_fstrans_mark();
348 rw_enter(&zp->z_xattr_lock, RW_READER);
349 error = __zpl_xattr_get(ip, name, value, size, cr);
350 rw_exit(&zp->z_xattr_lock);
351 spl_fstrans_unmark(cookie);
352 crfree(cr);
353
354 return (error);
355 }
356
357 static int
358 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
359 size_t size, int flags, cred_t *cr)
360 {
361 struct inode *dxip = NULL;
362 struct inode *xip = NULL;
363 vattr_t *vap = NULL;
364 ssize_t wrote;
365 int lookup_flags, error;
366 const int xattr_mode = S_IFREG | 0644;
367 loff_t pos = 0;
368
369 /*
370 * Lookup the xattr directory. When we're adding an entry pass
371 * CREATE_XATTR_DIR to ensure the xattr directory is created.
372 * When removing an entry this flag is not passed to avoid
373 * unnecessarily creating a new xattr directory.
374 */
375 lookup_flags = LOOKUP_XATTR;
376 if (value != NULL)
377 lookup_flags |= CREATE_XATTR_DIR;
378
379 error = -zfs_lookup(ip, NULL, &dxip, lookup_flags, cr, NULL, NULL);
380 if (error)
381 goto out;
382
383 /* Lookup a specific xattr name in the directory */
384 error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL);
385 if (error && (error != -ENOENT))
386 goto out;
387
388 error = 0;
389
390 /* Remove a specific name xattr when value is set to NULL. */
391 if (value == NULL) {
392 if (xip)
393 error = -zfs_remove(dxip, (char *)name, cr);
394
395 goto out;
396 }
397
398 /* Lookup failed create a new xattr. */
399 if (xip == NULL) {
400 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
401 vap->va_mode = xattr_mode;
402 vap->va_mask = ATTR_MODE;
403 vap->va_uid = crgetfsuid(cr);
404 vap->va_gid = crgetfsgid(cr);
405
406 error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip,
407 cr, 0, NULL);
408 if (error)
409 goto out;
410 }
411
412 ASSERT(xip != NULL);
413
414 error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE);
415 if (error)
416 goto out;
417
418 wrote = zpl_write_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr);
419 if (wrote < 0)
420 error = wrote;
421
422 out:
423 if (vap)
424 kmem_free(vap, sizeof (vattr_t));
425
426 if (xip)
427 iput(xip);
428
429 if (dxip)
430 iput(dxip);
431
432 if (error == -ENOENT)
433 error = -ENODATA;
434
435 ASSERT3S(error, <=, 0);
436
437 return (error);
438 }
439
440 static int
441 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
442 size_t size, int flags, cred_t *cr)
443 {
444 znode_t *zp = ITOZ(ip);
445 nvlist_t *nvl;
446 size_t sa_size;
447 int error;
448
449 ASSERT(zp->z_xattr_cached);
450 nvl = zp->z_xattr_cached;
451
452 if (value == NULL) {
453 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
454 if (error == -ENOENT)
455 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
456 } else {
457 /* Limited to 32k to keep nvpair memory allocations small */
458 if (size > DXATTR_MAX_ENTRY_SIZE)
459 return (-EFBIG);
460
461 /* Prevent the DXATTR SA from consuming the entire SA region */
462 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
463 if (error)
464 return (error);
465
466 if (sa_size > DXATTR_MAX_SA_SIZE)
467 return (-EFBIG);
468
469 error = -nvlist_add_byte_array(nvl, name,
470 (uchar_t *)value, size);
471 if (error)
472 return (error);
473 }
474
475 /* Update the SA for additions, modifications, and removals. */
476 if (!error)
477 error = -zfs_sa_set_xattr(zp);
478
479 ASSERT3S(error, <=, 0);
480
481 return (error);
482 }
483
484 static int
485 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
486 size_t size, int flags)
487 {
488 znode_t *zp = ITOZ(ip);
489 zfs_sb_t *zsb = ZTOZSB(zp);
490 cred_t *cr = CRED();
491 fstrans_cookie_t cookie;
492 int error;
493
494 crhold(cr);
495 cookie = spl_fstrans_mark();
496 rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER);
497
498 /*
499 * Before setting the xattr check to see if it already exists.
500 * This is done to ensure the following optional flags are honored.
501 *
502 * XATTR_CREATE: fail if xattr already exists
503 * XATTR_REPLACE: fail if xattr does not exist
504 */
505 error = __zpl_xattr_get(ip, name, NULL, 0, cr);
506 if (error < 0) {
507 if (error != -ENODATA)
508 goto out;
509
510 if (flags & XATTR_REPLACE)
511 goto out;
512
513 /* The xattr to be removed already doesn't exist */
514 error = 0;
515 if (value == NULL)
516 goto out;
517 } else {
518 error = -EEXIST;
519 if (flags & XATTR_CREATE)
520 goto out;
521 }
522
523 /* Preferentially store the xattr as a SA for better performance */
524 if (zsb->z_use_sa && zsb->z_xattr_sa && zp->z_is_sa) {
525 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
526 if (error == 0)
527 goto out;
528 }
529
530 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
531 out:
532 rw_exit(&ITOZ(ip)->z_xattr_lock);
533 spl_fstrans_unmark(cookie);
534 crfree(cr);
535 ASSERT3S(error, <=, 0);
536
537 return (error);
538 }
539
540 static int
541 __zpl_xattr_user_get(struct inode *ip, const char *name,
542 void *value, size_t size)
543 {
544 char *xattr_name;
545 int error;
546
547 if (strcmp(name, "") == 0)
548 return (-EINVAL);
549
550 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
551 return (-EOPNOTSUPP);
552
553 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
554 error = zpl_xattr_get(ip, xattr_name, value, size);
555 strfree(xattr_name);
556
557 return (error);
558 }
559 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
560
561 static int
562 __zpl_xattr_user_set(struct inode *ip, const char *name,
563 const void *value, size_t size, int flags)
564 {
565 char *xattr_name;
566 int error;
567
568 if (strcmp(name, "") == 0)
569 return (-EINVAL);
570
571 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
572 return (-EOPNOTSUPP);
573
574 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
575 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
576 strfree(xattr_name);
577
578 return (error);
579 }
580 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
581
582 xattr_handler_t zpl_xattr_user_handler = {
583 .prefix = XATTR_USER_PREFIX,
584 .get = zpl_xattr_user_get,
585 .set = zpl_xattr_user_set,
586 };
587
588 static int
589 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
590 void *value, size_t size)
591 {
592 char *xattr_name;
593 int error;
594
595 if (!capable(CAP_SYS_ADMIN))
596 return (-EACCES);
597
598 if (strcmp(name, "") == 0)
599 return (-EINVAL);
600
601 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
602 error = zpl_xattr_get(ip, xattr_name, value, size);
603 strfree(xattr_name);
604
605 return (error);
606 }
607 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
608
609 static int
610 __zpl_xattr_trusted_set(struct inode *ip, const char *name,
611 const void *value, size_t size, int flags)
612 {
613 char *xattr_name;
614 int error;
615
616 if (!capable(CAP_SYS_ADMIN))
617 return (-EACCES);
618
619 if (strcmp(name, "") == 0)
620 return (-EINVAL);
621
622 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
623 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
624 strfree(xattr_name);
625
626 return (error);
627 }
628 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
629
630 xattr_handler_t zpl_xattr_trusted_handler = {
631 .prefix = XATTR_TRUSTED_PREFIX,
632 .get = zpl_xattr_trusted_get,
633 .set = zpl_xattr_trusted_set,
634 };
635
636 static int
637 __zpl_xattr_security_get(struct inode *ip, const char *name,
638 void *value, size_t size)
639 {
640 char *xattr_name;
641 int error;
642
643 if (strcmp(name, "") == 0)
644 return (-EINVAL);
645
646 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
647 error = zpl_xattr_get(ip, xattr_name, value, size);
648 strfree(xattr_name);
649
650 return (error);
651 }
652 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
653
654 static int
655 __zpl_xattr_security_set(struct inode *ip, const char *name,
656 const void *value, size_t size, int flags)
657 {
658 char *xattr_name;
659 int error;
660
661 if (strcmp(name, "") == 0)
662 return (-EINVAL);
663
664 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
665 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
666 strfree(xattr_name);
667
668 return (error);
669 }
670 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
671
672 #ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY
673 static int
674 __zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs,
675 void *fs_info)
676 {
677 const struct xattr *xattr;
678 int error = 0;
679
680 for (xattr = xattrs; xattr->name != NULL; xattr++) {
681 error = __zpl_xattr_security_set(ip,
682 xattr->name, xattr->value, xattr->value_len, 0);
683
684 if (error < 0)
685 break;
686 }
687
688 return (error);
689 }
690
691 int
692 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
693 const struct qstr *qstr)
694 {
695 return security_inode_init_security(ip, dip, qstr,
696 &__zpl_xattr_security_init, NULL);
697 }
698
699 #else
700 int
701 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
702 const struct qstr *qstr)
703 {
704 int error;
705 size_t len;
706 void *value;
707 char *name;
708
709 error = zpl_security_inode_init_security(ip, dip, qstr,
710 &name, &value, &len);
711 if (error) {
712 if (error == -EOPNOTSUPP)
713 return (0);
714
715 return (error);
716 }
717
718 error = __zpl_xattr_security_set(ip, name, value, len, 0);
719
720 kfree(name);
721 kfree(value);
722
723 return (error);
724 }
725 #endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */
726
727 xattr_handler_t zpl_xattr_security_handler = {
728 .prefix = XATTR_SECURITY_PREFIX,
729 .get = zpl_xattr_security_get,
730 .set = zpl_xattr_security_set,
731 };
732
733 #ifdef CONFIG_FS_POSIX_ACL
734
735 int
736 zpl_set_acl(struct inode *ip, int type, struct posix_acl *acl)
737 {
738 struct super_block *sb = ITOZSB(ip)->z_sb;
739 char *name, *value = NULL;
740 int error = 0;
741 size_t size = 0;
742
743 if (S_ISLNK(ip->i_mode))
744 return (-EOPNOTSUPP);
745
746 switch (type) {
747 case ACL_TYPE_ACCESS:
748 name = POSIX_ACL_XATTR_ACCESS;
749 if (acl) {
750 zpl_equivmode_t mode = ip->i_mode;
751 error = posix_acl_equiv_mode(acl, &mode);
752 if (error < 0) {
753 return (error);
754 } else {
755 /*
756 * The mode bits will have been set by
757 * ->zfs_setattr()->zfs_acl_chmod_setattr()
758 * using the ZFS ACL conversion. If they
759 * differ from the Posix ACL conversion dirty
760 * the inode to write the Posix mode bits.
761 */
762 if (ip->i_mode != mode) {
763 ip->i_mode = mode;
764 ip->i_ctime = current_fs_time(sb);
765 zfs_mark_inode_dirty(ip);
766 }
767
768 if (error == 0)
769 acl = NULL;
770 }
771 }
772 break;
773
774 case ACL_TYPE_DEFAULT:
775 name = POSIX_ACL_XATTR_DEFAULT;
776 if (!S_ISDIR(ip->i_mode))
777 return (acl ? -EACCES : 0);
778 break;
779
780 default:
781 return (-EINVAL);
782 }
783
784 if (acl) {
785 size = posix_acl_xattr_size(acl->a_count);
786 value = kmem_alloc(size, KM_SLEEP);
787
788 error = zpl_acl_to_xattr(acl, value, size);
789 if (error < 0) {
790 kmem_free(value, size);
791 return (error);
792 }
793 }
794
795 error = zpl_xattr_set(ip, name, value, size, 0);
796 if (value)
797 kmem_free(value, size);
798
799 if (!error) {
800 if (acl)
801 zpl_set_cached_acl(ip, type, acl);
802 else
803 zpl_forget_cached_acl(ip, type);
804 }
805
806 return (error);
807 }
808
809 struct posix_acl *
810 zpl_get_acl(struct inode *ip, int type)
811 {
812 struct posix_acl *acl;
813 void *value = NULL;
814 char *name;
815 int size;
816
817 #ifdef HAVE_POSIX_ACL_CACHING
818 acl = get_cached_acl(ip, type);
819 if (acl != ACL_NOT_CACHED)
820 return (acl);
821 #endif /* HAVE_POSIX_ACL_CACHING */
822
823 switch (type) {
824 case ACL_TYPE_ACCESS:
825 name = POSIX_ACL_XATTR_ACCESS;
826 break;
827 case ACL_TYPE_DEFAULT:
828 name = POSIX_ACL_XATTR_DEFAULT;
829 break;
830 default:
831 return (ERR_PTR(-EINVAL));
832 }
833
834 size = zpl_xattr_get(ip, name, NULL, 0);
835 if (size > 0) {
836 value = kmem_alloc(size, KM_SLEEP);
837 size = zpl_xattr_get(ip, name, value, size);
838 }
839
840 if (size > 0) {
841 acl = zpl_acl_from_xattr(value, size);
842 } else if (size == -ENODATA || size == -ENOSYS) {
843 acl = NULL;
844 } else {
845 acl = ERR_PTR(-EIO);
846 }
847
848 if (size > 0)
849 kmem_free(value, size);
850
851 if (!IS_ERR(acl))
852 zpl_set_cached_acl(ip, type, acl);
853
854 return (acl);
855 }
856
857 #if !defined(HAVE_GET_ACL)
858 static int
859 __zpl_check_acl(struct inode *ip, int mask)
860 {
861 struct posix_acl *acl;
862 int error;
863
864 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
865 if (IS_ERR(acl))
866 return (PTR_ERR(acl));
867
868 if (acl) {
869 error = posix_acl_permission(ip, acl, mask);
870 zpl_posix_acl_release(acl);
871 return (error);
872 }
873
874 return (-EAGAIN);
875 }
876
877 #if defined(HAVE_CHECK_ACL_WITH_FLAGS)
878 int
879 zpl_check_acl(struct inode *ip, int mask, unsigned int flags)
880 {
881 return (__zpl_check_acl(ip, mask));
882 }
883 #elif defined(HAVE_CHECK_ACL)
884 int
885 zpl_check_acl(struct inode *ip, int mask)
886 {
887 return (__zpl_check_acl(ip, mask));
888 }
889 #elif defined(HAVE_PERMISSION_WITH_NAMEIDATA)
890 int
891 zpl_permission(struct inode *ip, int mask, struct nameidata *nd)
892 {
893 return (generic_permission(ip, mask, __zpl_check_acl));
894 }
895 #elif defined(HAVE_PERMISSION)
896 int
897 zpl_permission(struct inode *ip, int mask)
898 {
899 return (generic_permission(ip, mask, __zpl_check_acl));
900 }
901 #endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */
902 #endif /* !HAVE_GET_ACL */
903
904 int
905 zpl_init_acl(struct inode *ip, struct inode *dir)
906 {
907 struct posix_acl *acl = NULL;
908 int error = 0;
909
910 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
911 return (0);
912
913 if (!S_ISLNK(ip->i_mode)) {
914 if (ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) {
915 acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT);
916 if (IS_ERR(acl))
917 return (PTR_ERR(acl));
918 }
919
920 if (!acl) {
921 ip->i_mode &= ~current_umask();
922 ip->i_ctime = current_fs_time(ITOZSB(ip)->z_sb);
923 zfs_mark_inode_dirty(ip);
924 return (0);
925 }
926 }
927
928 if ((ITOZSB(ip)->z_acl_type == ZFS_ACLTYPE_POSIXACL) && acl) {
929 umode_t mode;
930
931 if (S_ISDIR(ip->i_mode)) {
932 error = zpl_set_acl(ip, ACL_TYPE_DEFAULT, acl);
933 if (error)
934 goto out;
935 }
936
937 mode = ip->i_mode;
938 error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
939 if (error >= 0) {
940 ip->i_mode = mode;
941 zfs_mark_inode_dirty(ip);
942 if (error > 0)
943 error = zpl_set_acl(ip, ACL_TYPE_ACCESS, acl);
944 }
945 }
946 out:
947 zpl_posix_acl_release(acl);
948
949 return (error);
950 }
951
952 int
953 zpl_chmod_acl(struct inode *ip)
954 {
955 struct posix_acl *acl;
956 int error;
957
958 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
959 return (0);
960
961 if (S_ISLNK(ip->i_mode))
962 return (-EOPNOTSUPP);
963
964 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
965 if (IS_ERR(acl) || !acl)
966 return (PTR_ERR(acl));
967
968 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
969 if (!error)
970 error = zpl_set_acl(ip, ACL_TYPE_ACCESS, acl);
971
972 zpl_posix_acl_release(acl);
973
974 return (error);
975 }
976
977 static size_t
978 zpl_xattr_acl_list(struct inode *ip, char *list, size_t list_size,
979 const char *name, size_t name_len, int type)
980 {
981 char *xattr_name;
982 size_t xattr_size;
983
984 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
985 return (0);
986
987 switch (type) {
988 case ACL_TYPE_ACCESS:
989 xattr_name = POSIX_ACL_XATTR_ACCESS;
990 xattr_size = sizeof (xattr_name);
991 break;
992 case ACL_TYPE_DEFAULT:
993 xattr_name = POSIX_ACL_XATTR_DEFAULT;
994 xattr_size = sizeof (xattr_name);
995 break;
996 default:
997 return (0);
998 }
999
1000 if (list && xattr_size <= list_size)
1001 memcpy(list, xattr_name, xattr_size);
1002
1003 return (xattr_size);
1004 }
1005
1006 #ifdef HAVE_DENTRY_XATTR_LIST
1007 static size_t
1008 zpl_xattr_acl_list_access(struct dentry *dentry, char *list,
1009 size_t list_size, const char *name, size_t name_len, int type)
1010 {
1011 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1012 return zpl_xattr_acl_list(dentry->d_inode,
1013 list, list_size, name, name_len, type);
1014 }
1015
1016 static size_t
1017 zpl_xattr_acl_list_default(struct dentry *dentry, char *list,
1018 size_t list_size, const char *name, size_t name_len, int type)
1019 {
1020 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1021 return zpl_xattr_acl_list(dentry->d_inode,
1022 list, list_size, name, name_len, type);
1023 }
1024
1025 #else
1026
1027 static size_t
1028 zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1029 const char *name, size_t name_len)
1030 {
1031 return zpl_xattr_acl_list(ip,
1032 list, list_size, name, name_len, ACL_TYPE_ACCESS);
1033 }
1034
1035 static size_t
1036 zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1037 const char *name, size_t name_len)
1038 {
1039 return zpl_xattr_acl_list(ip,
1040 list, list_size, name, name_len, ACL_TYPE_DEFAULT);
1041 }
1042 #endif /* HAVE_DENTRY_XATTR_LIST */
1043
1044 static int
1045 zpl_xattr_acl_get(struct inode *ip, const char *name,
1046 void *buffer, size_t size, int type)
1047 {
1048 struct posix_acl *acl;
1049 int error;
1050
1051 if (strcmp(name, "") != 0)
1052 return (-EINVAL);
1053
1054 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1055 return (-EOPNOTSUPP);
1056
1057 acl = zpl_get_acl(ip, type);
1058 if (IS_ERR(acl))
1059 return (PTR_ERR(acl));
1060 if (acl == NULL)
1061 return (-ENODATA);
1062
1063 error = zpl_acl_to_xattr(acl, buffer, size);
1064 zpl_posix_acl_release(acl);
1065
1066 return (error);
1067 }
1068
1069 #ifdef HAVE_DENTRY_XATTR_GET
1070 static int
1071 zpl_xattr_acl_get_access(struct dentry *dentry, const char *name,
1072 void *buffer, size_t size, int type)
1073 {
1074 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1075 return (zpl_xattr_acl_get(dentry->d_inode, name, buffer, size, type));
1076 }
1077
1078 static int
1079 zpl_xattr_acl_get_default(struct dentry *dentry, const char *name,
1080 void *buffer, size_t size, int type)
1081 {
1082 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1083 return (zpl_xattr_acl_get(dentry->d_inode, name, buffer, size, type));
1084 }
1085
1086 #else
1087
1088 static int
1089 zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1090 void *buffer, size_t size)
1091 {
1092 return (zpl_xattr_acl_get(ip, name, buffer, size, ACL_TYPE_ACCESS));
1093 }
1094
1095 static int
1096 zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1097 void *buffer, size_t size)
1098 {
1099 return (zpl_xattr_acl_get(ip, name, buffer, size, ACL_TYPE_DEFAULT));
1100 }
1101 #endif /* HAVE_DENTRY_XATTR_GET */
1102
1103 static int
1104 zpl_xattr_acl_set(struct inode *ip, const char *name,
1105 const void *value, size_t size, int flags, int type)
1106 {
1107 struct posix_acl *acl;
1108 int error = 0;
1109
1110 if (strcmp(name, "") != 0)
1111 return (-EINVAL);
1112
1113 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL)
1114 return (-EOPNOTSUPP);
1115
1116 if (!zpl_inode_owner_or_capable(ip))
1117 return (-EPERM);
1118
1119 if (value) {
1120 acl = zpl_acl_from_xattr(value, size);
1121 if (IS_ERR(acl))
1122 return (PTR_ERR(acl));
1123 else if (acl) {
1124 error = posix_acl_valid(acl);
1125 if (error) {
1126 zpl_posix_acl_release(acl);
1127 return (error);
1128 }
1129 }
1130 } else {
1131 acl = NULL;
1132 }
1133
1134 error = zpl_set_acl(ip, type, acl);
1135 zpl_posix_acl_release(acl);
1136
1137 return (error);
1138 }
1139
1140 #ifdef HAVE_DENTRY_XATTR_SET
1141 static int
1142 zpl_xattr_acl_set_access(struct dentry *dentry, const char *name,
1143 const void *value, size_t size, int flags, int type)
1144 {
1145 ASSERT3S(type, ==, ACL_TYPE_ACCESS);
1146 return (zpl_xattr_acl_set(dentry->d_inode,
1147 name, value, size, flags, type));
1148 }
1149
1150 static int
1151 zpl_xattr_acl_set_default(struct dentry *dentry, const char *name,
1152 const void *value, size_t size, int flags, int type)
1153 {
1154 ASSERT3S(type, ==, ACL_TYPE_DEFAULT);
1155 return zpl_xattr_acl_set(dentry->d_inode,
1156 name, value, size, flags, type);
1157 }
1158
1159 #else
1160
1161 static int
1162 zpl_xattr_acl_set_access(struct inode *ip, const char *name,
1163 const void *value, size_t size, int flags)
1164 {
1165 return zpl_xattr_acl_set(ip,
1166 name, value, size, flags, ACL_TYPE_ACCESS);
1167 }
1168
1169 static int
1170 zpl_xattr_acl_set_default(struct inode *ip, const char *name,
1171 const void *value, size_t size, int flags)
1172 {
1173 return zpl_xattr_acl_set(ip,
1174 name, value, size, flags, ACL_TYPE_DEFAULT);
1175 }
1176 #endif /* HAVE_DENTRY_XATTR_SET */
1177
1178 struct xattr_handler zpl_xattr_acl_access_handler =
1179 {
1180 .prefix = POSIX_ACL_XATTR_ACCESS,
1181 .list = zpl_xattr_acl_list_access,
1182 .get = zpl_xattr_acl_get_access,
1183 .set = zpl_xattr_acl_set_access,
1184 #ifdef HAVE_DENTRY_XATTR_LIST
1185 .flags = ACL_TYPE_ACCESS,
1186 #endif /* HAVE_DENTRY_XATTR_LIST */
1187 };
1188
1189 struct xattr_handler zpl_xattr_acl_default_handler =
1190 {
1191 .prefix = POSIX_ACL_XATTR_DEFAULT,
1192 .list = zpl_xattr_acl_list_default,
1193 .get = zpl_xattr_acl_get_default,
1194 .set = zpl_xattr_acl_set_default,
1195 #ifdef HAVE_DENTRY_XATTR_LIST
1196 .flags = ACL_TYPE_DEFAULT,
1197 #endif /* HAVE_DENTRY_XATTR_LIST */
1198 };
1199
1200 #endif /* CONFIG_FS_POSIX_ACL */
1201
1202 xattr_handler_t *zpl_xattr_handlers[] = {
1203 &zpl_xattr_security_handler,
1204 &zpl_xattr_trusted_handler,
1205 &zpl_xattr_user_handler,
1206 #ifdef CONFIG_FS_POSIX_ACL
1207 &zpl_xattr_acl_access_handler,
1208 &zpl_xattr_acl_default_handler,
1209 #endif /* CONFIG_FS_POSIX_ACL */
1210 NULL
1211 };
Mirror of ZFSOnLinux for Debian