diff options
Diffstat (limited to 'module/zfs/zpl_xattr.c')
| -rw-r--r-- | module/zfs/zpl_xattr.c | 1548 |
1 files changed, 0 insertions, 1548 deletions
diff --git a/module/zfs/zpl_xattr.c b/module/zfs/zpl_xattr.c deleted file mode 100644 index 95523f28e..000000000 --- a/module/zfs/zpl_xattr.c +++ /dev/null @@ -1,1548 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2011, Lawrence Livermore National Security, LLC. - * - * Extended attributes (xattr) on Solaris are implemented as files - * which exist in a hidden xattr directory. These extended attributes - * can be accessed using the attropen() system call which opens - * the extended attribute. It can then be manipulated just like - * a standard file descriptor. This has a couple advantages such - * as practically no size limit on the file, and the extended - * attributes permissions may differ from those of the parent file. - * This interface is really quite clever, but it's also completely - * different than what is supported on Linux. It also comes with a - * steep performance penalty when accessing small xattrs because they - * are not stored with the parent file. - * - * Under Linux extended attributes are manipulated by the system - * calls getxattr(2), setxattr(2), and listxattr(2). They consider - * extended attributes to be name/value pairs where the name is a - * NULL terminated string. The name must also include one of the - * following namespace prefixes: - * - * user - No restrictions and is available to user applications. - * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use. - * system - Used for access control lists (system.nfs4_acl, etc). - * security - Used by SELinux to store a files security context. - * - * The value under Linux to limited to 65536 bytes of binary data. - * In practice, individual xattrs tend to be much smaller than this - * and are typically less than 100 bytes. A good example of this - * are the security.selinux xattrs which are less than 100 bytes and - * exist for every file when xattr labeling is enabled. - * - * The Linux xattr implementation has been written to take advantage of - * this typical usage. When the dataset property 'xattr=sa' is set, - * then xattrs will be preferentially stored as System Attributes (SA). - * This allows tiny xattrs (~100 bytes) to be stored with the dnode and - * up to 64k of xattrs to be stored in the spill block. If additional - * xattr space is required, which is unlikely under Linux, they will - * be stored using the traditional directory approach. - * - * This optimization results in roughly a 3x performance improvement - * when accessing xattrs because it avoids the need to perform a seek - * for every xattr value. When multiple xattrs are stored per-file - * the performance improvements are even greater because all of the - * xattrs stored in the spill block will be cached. - * - * However, by default SA based xattrs are disabled in the Linux port - * to maximize compatibility with other implementations. If you do - * enable SA based xattrs then they will not be visible on platforms - * which do not support this feature. - * - * NOTE: One additional consequence of the xattr directory implementation - * is that when an extended attribute is manipulated an inode is created. - * This inode will exist in the Linux inode cache but there will be no - * associated entry in the dentry cache which references it. This is - * safe but it may result in some confusion. Enabling SA based xattrs - * largely avoids the issue except in the overflow case. - */ - -#include <sys/zfs_vfsops.h> -#include <sys/zfs_vnops.h> -#include <sys/zfs_znode.h> -#include <sys/zap.h> -#include <sys/vfs.h> -#include <sys/zpl.h> - -typedef struct xattr_filldir { - size_t size; - size_t offset; - char *buf; - struct dentry *dentry; -} xattr_filldir_t; - -static const struct xattr_handler *zpl_xattr_handler(const char *); - -static int -zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len) -{ - static const struct xattr_handler *handler; - struct dentry *d = xf->dentry; - - handler = zpl_xattr_handler(name); - if (!handler) - return (0); - - if (handler->list) { -#if defined(HAVE_XATTR_LIST_SIMPLE) - if (!handler->list(d)) - return (0); -#elif defined(HAVE_XATTR_LIST_DENTRY) - if (!handler->list(d, NULL, 0, name, name_len, 0)) - return (0); -#elif defined(HAVE_XATTR_LIST_HANDLER) - if (!handler->list(handler, d, NULL, 0, name, name_len)) - return (0); -#elif defined(HAVE_XATTR_LIST_INODE) - if (!handler->list(d->d_inode, NULL, 0, name, name_len)) - return (0); -#endif - } - - return (1); -} - -/* - * Determine is a given xattr name should be visible and if so copy it - * in to the provided buffer (xf->buf). - */ -static int -zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len) -{ - /* Check permissions using the per-namespace list xattr handler. */ - if (!zpl_xattr_permission(xf, name, name_len)) - return (0); - - /* When xf->buf is NULL only calculate the required size. */ - if (xf->buf) { - if (xf->offset + name_len + 1 > xf->size) - return (-ERANGE); - - memcpy(xf->buf + xf->offset, name, name_len); - xf->buf[xf->offset + name_len] = '\0'; - } - - xf->offset += (name_len + 1); - - return (0); -} - -/* - * Read as many directory entry names as will fit in to the provided buffer, - * or when no buffer is provided calculate the required buffer size. - */ -int -zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf) -{ - zap_cursor_t zc; - zap_attribute_t zap; - int error; - - zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id); - - while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) { - - if (zap.za_integer_length != 8 || zap.za_num_integers != 1) { - error = -ENXIO; - break; - } - - error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name)); - if (error) - break; - - zap_cursor_advance(&zc); - } - - zap_cursor_fini(&zc); - - if (error == -ENOENT) - error = 0; - - return (error); -} - -static ssize_t -zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr) -{ - struct inode *ip = xf->dentry->d_inode; - struct inode *dxip = NULL; - int error; - - /* Lookup the xattr directory */ - error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); - if (error) { - if (error == -ENOENT) - error = 0; - - return (error); - } - - error = zpl_xattr_readdir(dxip, xf); - iput(dxip); - - return (error); -} - -static ssize_t -zpl_xattr_list_sa(xattr_filldir_t *xf) -{ - znode_t *zp = ITOZ(xf->dentry->d_inode); - nvpair_t *nvp = NULL; - int error = 0; - - mutex_enter(&zp->z_lock); - if (zp->z_xattr_cached == NULL) - error = -zfs_sa_get_xattr(zp); - mutex_exit(&zp->z_lock); - - if (error) - return (error); - - ASSERT(zp->z_xattr_cached); - - while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) { - ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY); - - error = zpl_xattr_filldir(xf, nvpair_name(nvp), - strlen(nvpair_name(nvp))); - if (error) - return (error); - } - - return (0); -} - -ssize_t -zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size) -{ - znode_t *zp = ITOZ(dentry->d_inode); - zfsvfs_t *zfsvfs = ZTOZSB(zp); - xattr_filldir_t xf = { buffer_size, 0, buffer, dentry }; - cred_t *cr = CRED(); - fstrans_cookie_t cookie; - int error = 0; - - crhold(cr); - cookie = spl_fstrans_mark(); - ZPL_ENTER(zfsvfs); - ZPL_VERIFY_ZP(zp); - rw_enter(&zp->z_xattr_lock, RW_READER); - - if (zfsvfs->z_use_sa && zp->z_is_sa) { - error = zpl_xattr_list_sa(&xf); - if (error) - goto out; - } - - error = zpl_xattr_list_dir(&xf, cr); - if (error) - goto out; - - error = xf.offset; -out: - - rw_exit(&zp->z_xattr_lock); - ZPL_EXIT(zfsvfs); - spl_fstrans_unmark(cookie); - crfree(cr); - - return (error); -} - -static int -zpl_xattr_get_dir(struct inode *ip, const char *name, void *value, - size_t size, cred_t *cr) -{ - struct inode *dxip = NULL; - struct inode *xip = NULL; - loff_t pos = 0; - int error; - - /* Lookup the xattr directory */ - error = -zfs_lookup(ip, NULL, &dxip, LOOKUP_XATTR, cr, NULL, NULL); - if (error) - goto out; - - /* Lookup a specific xattr name in the directory */ - error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); - if (error) - goto out; - - if (!size) { - error = i_size_read(xip); - goto out; - } - - if (size < i_size_read(xip)) { - error = -ERANGE; - goto out; - } - - error = zpl_read_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr); -out: - if (xip) - iput(xip); - - if (dxip) - iput(dxip); - - return (error); -} - -static int -zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size) -{ - znode_t *zp = ITOZ(ip); - uchar_t *nv_value; - uint_t nv_size; - int error = 0; - - ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); - - mutex_enter(&zp->z_lock); - if (zp->z_xattr_cached == NULL) - error = -zfs_sa_get_xattr(zp); - mutex_exit(&zp->z_lock); - - if (error) - return (error); - - ASSERT(zp->z_xattr_cached); - error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name, - &nv_value, &nv_size); - if (error) - return (error); - - if (size == 0 || value == NULL) - return (nv_size); - - if (size < nv_size) - return (-ERANGE); - - memcpy(value, nv_value, nv_size); - - return (nv_size); -} - -static int -__zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size, - cred_t *cr) -{ - znode_t *zp = ITOZ(ip); - zfsvfs_t *zfsvfs = ZTOZSB(zp); - int error; - - ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); - - if (zfsvfs->z_use_sa && zp->z_is_sa) { - error = zpl_xattr_get_sa(ip, name, value, size); - if (error != -ENOENT) - goto out; - } - - error = zpl_xattr_get_dir(ip, name, value, size, cr); -out: - if (error == -ENOENT) - error = -ENODATA; - - return (error); -} - -#define XATTR_NOENT 0x0 -#define XATTR_IN_SA 0x1 -#define XATTR_IN_DIR 0x2 -/* check where the xattr resides */ -static int -__zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr) -{ - znode_t *zp = ITOZ(ip); - zfsvfs_t *zfsvfs = ZTOZSB(zp); - int error; - - ASSERT(where); - ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); - - *where = XATTR_NOENT; - if (zfsvfs->z_use_sa && zp->z_is_sa) { - error = zpl_xattr_get_sa(ip, name, NULL, 0); - if (error >= 0) - *where |= XATTR_IN_SA; - else if (error != -ENOENT) - return (error); - } - - error = zpl_xattr_get_dir(ip, name, NULL, 0, cr); - if (error >= 0) - *where |= XATTR_IN_DIR; - else if (error != -ENOENT) - return (error); - - if (*where == (XATTR_IN_SA|XATTR_IN_DIR)) - cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\"" - " in both SA and dir", ip, name); - if (*where == XATTR_NOENT) - error = -ENODATA; - else - error = 0; - return (error); -} - -static int -zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size) -{ - znode_t *zp = ITOZ(ip); - zfsvfs_t *zfsvfs = ZTOZSB(zp); - cred_t *cr = CRED(); - fstrans_cookie_t cookie; - int error; - - crhold(cr); - cookie = spl_fstrans_mark(); - ZPL_ENTER(zfsvfs); - ZPL_VERIFY_ZP(zp); - rw_enter(&zp->z_xattr_lock, RW_READER); - error = __zpl_xattr_get(ip, name, value, size, cr); - rw_exit(&zp->z_xattr_lock); - ZPL_EXIT(zfsvfs); - spl_fstrans_unmark(cookie); - crfree(cr); - - return (error); -} - -static int -zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value, - size_t size, int flags, cred_t *cr) -{ - struct inode *dxip = NULL; - struct inode *xip = NULL; - vattr_t *vap = NULL; - ssize_t wrote; - int lookup_flags, error; - const int xattr_mode = S_IFREG | 0644; - loff_t pos = 0; - - /* - * Lookup the xattr directory. When we're adding an entry pass - * CREATE_XATTR_DIR to ensure the xattr directory is created. - * When removing an entry this flag is not passed to avoid - * unnecessarily creating a new xattr directory. - */ - lookup_flags = LOOKUP_XATTR; - if (value != NULL) - lookup_flags |= CREATE_XATTR_DIR; - - error = -zfs_lookup(ip, NULL, &dxip, lookup_flags, cr, NULL, NULL); - if (error) - goto out; - - /* Lookup a specific xattr name in the directory */ - error = -zfs_lookup(dxip, (char *)name, &xip, 0, cr, NULL, NULL); - if (error && (error != -ENOENT)) - goto out; - - error = 0; - - /* Remove a specific name xattr when value is set to NULL. */ - if (value == NULL) { - if (xip) - error = -zfs_remove(dxip, (char *)name, cr, 0); - - goto out; - } - - /* Lookup failed create a new xattr. */ - if (xip == NULL) { - vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP); - vap->va_mode = xattr_mode; - vap->va_mask = ATTR_MODE; - vap->va_uid = crgetfsuid(cr); - vap->va_gid = crgetfsgid(cr); - - error = -zfs_create(dxip, (char *)name, vap, 0, 0644, &xip, - cr, 0, NULL); - if (error) - goto out; - } - - ASSERT(xip != NULL); - - error = -zfs_freesp(ITOZ(xip), 0, 0, xattr_mode, TRUE); - if (error) - goto out; - - wrote = zpl_write_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr); - if (wrote < 0) - error = wrote; - -out: - - if (error == 0) { - ip->i_ctime = current_time(ip); - zfs_mark_inode_dirty(ip); - } - - if (vap) - kmem_free(vap, sizeof (vattr_t)); - - if (xip) - iput(xip); - - if (dxip) - iput(dxip); - - if (error == -ENOENT) - error = -ENODATA; - - ASSERT3S(error, <=, 0); - - return (error); -} - -static int -zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value, - size_t size, int flags, cred_t *cr) -{ - znode_t *zp = ITOZ(ip); - nvlist_t *nvl; - size_t sa_size; - int error = 0; - - mutex_enter(&zp->z_lock); - if (zp->z_xattr_cached == NULL) - error = -zfs_sa_get_xattr(zp); - mutex_exit(&zp->z_lock); - - if (error) - return (error); - - ASSERT(zp->z_xattr_cached); - nvl = zp->z_xattr_cached; - - if (value == NULL) { - error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY); - if (error == -ENOENT) - error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr); - } else { - /* Limited to 32k to keep nvpair memory allocations small */ - if (size > DXATTR_MAX_ENTRY_SIZE) - return (-EFBIG); - - /* Prevent the DXATTR SA from consuming the entire SA region */ - error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR); - if (error) - return (error); - - if (sa_size > DXATTR_MAX_SA_SIZE) - return (-EFBIG); - - error = -nvlist_add_byte_array(nvl, name, - (uchar_t *)value, size); - } - - /* - * Update the SA for additions, modifications, and removals. On - * error drop the inconsistent cached version of the nvlist, it - * will be reconstructed from the ARC when next accessed. - */ - if (error == 0) - error = -zfs_sa_set_xattr(zp); - - if (error) { - nvlist_free(nvl); - zp->z_xattr_cached = NULL; - } - - ASSERT3S(error, <=, 0); - - return (error); -} - -static int -zpl_xattr_set(struct inode *ip, const char *name, const void *value, - size_t size, int flags) -{ - znode_t *zp = ITOZ(ip); - zfsvfs_t *zfsvfs = ZTOZSB(zp); - cred_t *cr = CRED(); - fstrans_cookie_t cookie; - int where; - int error; - - crhold(cr); - cookie = spl_fstrans_mark(); - ZPL_ENTER(zfsvfs); - ZPL_VERIFY_ZP(zp); - rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER); - - /* - * Before setting the xattr check to see if it already exists. - * This is done to ensure the following optional flags are honored. - * - * XATTR_CREATE: fail if xattr already exists - * XATTR_REPLACE: fail if xattr does not exist - * - * We also want to know if it resides in sa or dir, so we can make - * sure we don't end up with duplicate in both places. - */ - error = __zpl_xattr_where(ip, name, &where, cr); - if (error < 0) { - if (error != -ENODATA) - goto out; - if (flags & XATTR_REPLACE) - goto out; - - /* The xattr to be removed already doesn't exist */ - error = 0; - if (value == NULL) - goto out; - } else { - error = -EEXIST; - if (flags & XATTR_CREATE) - goto out; - } - - /* Preferentially store the xattr as a SA for better performance */ - if (zfsvfs->z_use_sa && zp->z_is_sa && - (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) { - error = zpl_xattr_set_sa(ip, name, value, size, flags, cr); - if (error == 0) { - /* - * Successfully put into SA, we need to clear the one - * in dir. - */ - if (where & XATTR_IN_DIR) - zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr); - goto out; - } - } - - error = zpl_xattr_set_dir(ip, name, value, size, flags, cr); - /* - * Successfully put into dir, we need to clear the one in SA. - */ - if (error == 0 && (where & XATTR_IN_SA)) - zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr); -out: - rw_exit(&ITOZ(ip)->z_xattr_lock); - ZPL_EXIT(zfsvfs); - spl_fstrans_unmark(cookie); - crfree(cr); - ASSERT3S(error, <=, 0); - - return (error); -} - -/* - * Extended user attributes - * - * "Extended user attributes may be assigned to files and directories for - * storing arbitrary additional information such as the mime type, - * character set or encoding of a file. The access permissions for user - * attributes are defined by the file permission bits: read permission - * is required to retrieve the attribute value, and writer permission is - * required to change it. - * - * The file permission bits of regular files and directories are - * interpreted differently from the file permission bits of special - * files and symbolic links. For regular files and directories the file - * permission bits define access to the file's contents, while for - * device special files they define access to the device described by - * the special file. The file permissions of symbolic links are not - * used in access checks. These differences would allow users to - * consume filesystem resources in a way not controllable by disk quotas - * for group or world writable special files and directories. - * - * For this reason, extended user attributes are allowed only for - * regular files and directories, and access to extended user attributes - * is restricted to the owner and to users with appropriate capabilities - * for directories with the sticky bit set (see the chmod(1) manual page - * for an explanation of the sticky bit)." - xattr(7) - * - * ZFS allows extended user attributes to be disabled administratively - * by setting the 'xattr=off' property on the dataset. - */ -static int -__zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size, - const char *name, size_t name_len) -{ - return (ITOZSB(ip)->z_flags & ZSB_XATTR); -} -ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list); - -static int -__zpl_xattr_user_get(struct inode *ip, const char *name, - void *value, size_t size) -{ - char *xattr_name; - int error; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") == 0) - return (-EINVAL); -#endif - if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) - return (-EOPNOTSUPP); - - xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); - error = zpl_xattr_get(ip, xattr_name, value, size); - strfree(xattr_name); - - return (error); -} -ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get); - -static int -__zpl_xattr_user_set(struct inode *ip, const char *name, - const void *value, size_t size, int flags) -{ - char *xattr_name; - int error; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") == 0) - return (-EINVAL); -#endif - if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) - return (-EOPNOTSUPP); - - xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); - error = zpl_xattr_set(ip, xattr_name, value, size, flags); - strfree(xattr_name); - - return (error); -} -ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set); - -xattr_handler_t zpl_xattr_user_handler = -{ - .prefix = XATTR_USER_PREFIX, - .list = zpl_xattr_user_list, - .get = zpl_xattr_user_get, - .set = zpl_xattr_user_set, -}; - -/* - * Trusted extended attributes - * - * "Trusted extended attributes are visible and accessible only to - * processes that have the CAP_SYS_ADMIN capability. Attributes in this - * class are used to implement mechanisms in user space (i.e., outside - * the kernel) which keep information in extended attributes to which - * ordinary processes should not have access." - xattr(7) - */ -static int -__zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size, - const char *name, size_t name_len) -{ - return (capable(CAP_SYS_ADMIN)); -} -ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list); - -static int -__zpl_xattr_trusted_get(struct inode *ip, const char *name, - void *value, size_t size) -{ - char *xattr_name; - int error; - - if (!capable(CAP_SYS_ADMIN)) - return (-EACCES); - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") == 0) - return (-EINVAL); -#endif - xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); - error = zpl_xattr_get(ip, xattr_name, value, size); - strfree(xattr_name); - - return (error); -} -ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get); - -static int -__zpl_xattr_trusted_set(struct inode *ip, const char *name, - const void *value, size_t size, int flags) -{ - char *xattr_name; - int error; - - if (!capable(CAP_SYS_ADMIN)) - return (-EACCES); - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") == 0) - return (-EINVAL); -#endif - xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); - error = zpl_xattr_set(ip, xattr_name, value, size, flags); - strfree(xattr_name); - - return (error); -} -ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set); - -xattr_handler_t zpl_xattr_trusted_handler = -{ - .prefix = XATTR_TRUSTED_PREFIX, - .list = zpl_xattr_trusted_list, - .get = zpl_xattr_trusted_get, - .set = zpl_xattr_trusted_set, -}; - -/* - * Extended security attributes - * - * "The security attribute namespace is used by kernel security modules, - * such as Security Enhanced Linux, and also to implement file - * capabilities (see capabilities(7)). Read and write access - * permissions to security attributes depend on the policy implemented - * for each security attribute by the security module. When no security - * module is loaded, all processes have read access to extended security - * attributes, and write access is limited to processes that have the - * CAP_SYS_ADMIN capability." - xattr(7) - */ -static int -__zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size, - const char *name, size_t name_len) -{ - return (1); -} -ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list); - -static int -__zpl_xattr_security_get(struct inode *ip, const char *name, - void *value, size_t size) -{ - char *xattr_name; - int error; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") == 0) - return (-EINVAL); -#endif - xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); - error = zpl_xattr_get(ip, xattr_name, value, size); - strfree(xattr_name); - - return (error); -} -ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get); - -static int -__zpl_xattr_security_set(struct inode *ip, const char *name, - const void *value, size_t size, int flags) -{ - char *xattr_name; - int error; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") == 0) - return (-EINVAL); -#endif - xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); - error = zpl_xattr_set(ip, xattr_name, value, size, flags); - strfree(xattr_name); - - return (error); -} -ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set); - -#ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY -static int -__zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs, - void *fs_info) -{ - const struct xattr *xattr; - int error = 0; - - for (xattr = xattrs; xattr->name != NULL; xattr++) { - error = __zpl_xattr_security_set(ip, - xattr->name, xattr->value, xattr->value_len, 0); - - if (error < 0) - break; - } - - return (error); -} - -int -zpl_xattr_security_init(struct inode *ip, struct inode *dip, - const struct qstr *qstr) -{ - return security_inode_init_security(ip, dip, qstr, - &__zpl_xattr_security_init, NULL); -} - -#else -int -zpl_xattr_security_init(struct inode *ip, struct inode *dip, - const struct qstr *qstr) -{ - int error; - size_t len; - void *value; - char *name; - - error = zpl_security_inode_init_security(ip, dip, qstr, - &name, &value, &len); - if (error) { - if (error == -EOPNOTSUPP) - return (0); - - return (error); - } - - error = __zpl_xattr_security_set(ip, name, value, len, 0); - - kfree(name); - kfree(value); - - return (error); -} -#endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */ - -/* - * Security xattr namespace handlers. - */ -xattr_handler_t zpl_xattr_security_handler = { - .prefix = XATTR_SECURITY_PREFIX, - .list = zpl_xattr_security_list, - .get = zpl_xattr_security_get, - .set = zpl_xattr_security_set, -}; - -/* - * Extended system attributes - * - * "Extended system attributes are used by the kernel to store system - * objects such as Access Control Lists. Read and write access permissions - * to system attributes depend on the policy implemented for each system - * attribute implemented by filesystems in the kernel." - xattr(7) - */ -#ifdef CONFIG_FS_POSIX_ACL -int -zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type) -{ - char *name, *value = NULL; - int error = 0; - size_t size = 0; - - if (S_ISLNK(ip->i_mode)) - return (-EOPNOTSUPP); - - switch (type) { - case ACL_TYPE_ACCESS: - name = XATTR_NAME_POSIX_ACL_ACCESS; - if (acl) { - zpl_equivmode_t mode = ip->i_mode; - error = posix_acl_equiv_mode(acl, &mode); - if (error < 0) { - return (error); - } else { - /* - * The mode bits will have been set by - * ->zfs_setattr()->zfs_acl_chmod_setattr() - * using the ZFS ACL conversion. If they - * differ from the Posix ACL conversion dirty - * the inode to write the Posix mode bits. - */ - if (ip->i_mode != mode) { - ip->i_mode = mode; - ip->i_ctime = current_time(ip); - zfs_mark_inode_dirty(ip); - } - - if (error == 0) - acl = NULL; - } - } - break; - - case ACL_TYPE_DEFAULT: - name = XATTR_NAME_POSIX_ACL_DEFAULT; - if (!S_ISDIR(ip->i_mode)) - return (acl ? -EACCES : 0); - break; - - default: - return (-EINVAL); - } - - if (acl) { - size = posix_acl_xattr_size(acl->a_count); - value = kmem_alloc(size, KM_SLEEP); - - error = zpl_acl_to_xattr(acl, value, size); - if (error < 0) { - kmem_free(value, size); - return (error); - } - } - - error = zpl_xattr_set(ip, name, value, size, 0); - if (value) - kmem_free(value, size); - - if (!error) { - if (acl) - zpl_set_cached_acl(ip, type, acl); - else - zpl_forget_cached_acl(ip, type); - } - - return (error); -} - -struct posix_acl * -zpl_get_acl(struct inode *ip, int type) -{ - struct posix_acl *acl; - void *value = NULL; - char *name; - int size; - - /* - * As of Linux 3.14, the kernel get_acl will check this for us. - * Also as of Linux 4.7, comparing against ACL_NOT_CACHED is wrong - * as the kernel get_acl will set it to temporary sentinel value. - */ -#ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE - acl = get_cached_acl(ip, type); - if (acl != ACL_NOT_CACHED) - return (acl); -#endif - - switch (type) { - case ACL_TYPE_ACCESS: - name = XATTR_NAME_POSIX_ACL_ACCESS; - break; - case ACL_TYPE_DEFAULT: - name = XATTR_NAME_POSIX_ACL_DEFAULT; - break; - default: - return (ERR_PTR(-EINVAL)); - } - - size = zpl_xattr_get(ip, name, NULL, 0); - if (size > 0) { - value = kmem_alloc(size, KM_SLEEP); - size = zpl_xattr_get(ip, name, value, size); - } - - if (size > 0) { - acl = zpl_acl_from_xattr(value, size); - } else if (size == -ENODATA || size == -ENOSYS) { - acl = NULL; - } else { - acl = ERR_PTR(-EIO); - } - - if (size > 0) - kmem_free(value, size); - - /* As of Linux 4.7, the kernel get_acl will set this for us */ -#ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE - if (!IS_ERR(acl)) - zpl_set_cached_acl(ip, type, acl); -#endif - - return (acl); -} - -#if !defined(HAVE_GET_ACL) -static int -__zpl_check_acl(struct inode *ip, int mask) -{ - struct posix_acl *acl; - int error; - - acl = zpl_get_acl(ip, ACL_TYPE_ACCESS); - if (IS_ERR(acl)) - return (PTR_ERR(acl)); - - if (acl) { - error = posix_acl_permission(ip, acl, mask); - zpl_posix_acl_release(acl); - return (error); - } - - return (-EAGAIN); -} - -#if defined(HAVE_CHECK_ACL_WITH_FLAGS) -int -zpl_check_acl(struct inode *ip, int mask, unsigned int flags) -{ - return (__zpl_check_acl(ip, mask)); -} -#elif defined(HAVE_CHECK_ACL) -int -zpl_check_acl(struct inode *ip, int mask) -{ - return (__zpl_check_acl(ip, mask)); -} -#elif defined(HAVE_PERMISSION_WITH_NAMEIDATA) -int -zpl_permission(struct inode *ip, int mask, struct nameidata *nd) -{ - return (generic_permission(ip, mask, __zpl_check_acl)); -} -#elif defined(HAVE_PERMISSION) -int -zpl_permission(struct inode *ip, int mask) -{ - return (generic_permission(ip, mask, __zpl_check_acl)); -} -#endif /* HAVE_CHECK_ACL | HAVE_PERMISSION */ -#endif /* !HAVE_GET_ACL */ - -int -zpl_init_acl(struct inode *ip, struct inode *dir) -{ - struct posix_acl *acl = NULL; - int error = 0; - - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (0); - - if (!S_ISLNK(ip->i_mode)) { - acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT); - if (IS_ERR(acl)) - return (PTR_ERR(acl)); - if (!acl) { - ip->i_mode &= ~current_umask(); - ip->i_ctime = current_time(ip); - zfs_mark_inode_dirty(ip); - return (0); - } - } - - if (acl) { - umode_t mode; - - if (S_ISDIR(ip->i_mode)) { - error = zpl_set_acl(ip, acl, ACL_TYPE_DEFAULT); - if (error) - goto out; - } - - mode = ip->i_mode; - error = __posix_acl_create(&acl, GFP_KERNEL, &mode); - if (error >= 0) { - ip->i_mode = mode; - zfs_mark_inode_dirty(ip); - if (error > 0) - error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS); - } - } -out: - zpl_posix_acl_release(acl); - - return (error); -} - -int -zpl_chmod_acl(struct inode *ip) -{ - struct posix_acl *acl; - int error; - - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (0); - - if (S_ISLNK(ip->i_mode)) - return (-EOPNOTSUPP); - - acl = zpl_get_acl(ip, ACL_TYPE_ACCESS); - if (IS_ERR(acl) || !acl) - return (PTR_ERR(acl)); - - error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode); - if (!error) - error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS); - - zpl_posix_acl_release(acl); - - return (error); -} - -static int -__zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size, - const char *name, size_t name_len) -{ - char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS; - size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS); - - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (0); - - if (list && xattr_size <= list_size) - memcpy(list, xattr_name, xattr_size); - - return (xattr_size); -} -ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access); - -static int -__zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size, - const char *name, size_t name_len) -{ - char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT; - size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT); - - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (0); - - if (list && xattr_size <= list_size) - memcpy(list, xattr_name, xattr_size); - - return (xattr_size); -} -ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default); - -static int -__zpl_xattr_acl_get_access(struct inode *ip, const char *name, - void *buffer, size_t size) -{ - struct posix_acl *acl; - int type = ACL_TYPE_ACCESS; - int error; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") != 0) - return (-EINVAL); -#endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (-EOPNOTSUPP); - - acl = zpl_get_acl(ip, type); - if (IS_ERR(acl)) - return (PTR_ERR(acl)); - if (acl == NULL) - return (-ENODATA); - - error = zpl_acl_to_xattr(acl, buffer, size); - zpl_posix_acl_release(acl); - - return (error); -} -ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access); - -static int -__zpl_xattr_acl_get_default(struct inode *ip, const char *name, - void *buffer, size_t size) -{ - struct posix_acl *acl; - int type = ACL_TYPE_DEFAULT; - int error; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") != 0) - return (-EINVAL); -#endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (-EOPNOTSUPP); - - acl = zpl_get_acl(ip, type); - if (IS_ERR(acl)) - return (PTR_ERR(acl)); - if (acl == NULL) - return (-ENODATA); - - error = zpl_acl_to_xattr(acl, buffer, size); - zpl_posix_acl_release(acl); - - return (error); -} -ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default); - -static int -__zpl_xattr_acl_set_access(struct inode *ip, const char *name, - const void *value, size_t size, int flags) -{ - struct posix_acl *acl; - int type = ACL_TYPE_ACCESS; - int error = 0; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") != 0) - return (-EINVAL); -#endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (-EOPNOTSUPP); - - if (!zpl_inode_owner_or_capable(ip)) - return (-EPERM); - - if (value) { - acl = zpl_acl_from_xattr(value, size); - if (IS_ERR(acl)) - return (PTR_ERR(acl)); - else if (acl) { - error = zpl_posix_acl_valid(ip, acl); - if (error) { - zpl_posix_acl_release(acl); - return (error); - } - } - } else { - acl = NULL; - } - - error = zpl_set_acl(ip, acl, type); - zpl_posix_acl_release(acl); - - return (error); -} -ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access); - -static int -__zpl_xattr_acl_set_default(struct inode *ip, const char *name, - const void *value, size_t size, int flags) -{ - struct posix_acl *acl; - int type = ACL_TYPE_DEFAULT; - int error = 0; - /* xattr_resolve_name will do this for us if this is defined */ -#ifndef HAVE_XATTR_HANDLER_NAME - if (strcmp(name, "") != 0) - return (-EINVAL); -#endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) - return (-EOPNOTSUPP); - - if (!zpl_inode_owner_or_capable(ip)) - return (-EPERM); - - if (value) { - acl = zpl_acl_from_xattr(value, size); - if (IS_ERR(acl)) - return (PTR_ERR(acl)); - else if (acl) { - error = zpl_posix_acl_valid(ip, acl); - if (error) { - zpl_posix_acl_release(acl); - return (error); - } - } - } else { - acl = NULL; - } - - error = zpl_set_acl(ip, acl, type); - zpl_posix_acl_release(acl); - - return (error); -} -ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default); - -/* - * ACL access xattr namespace handlers. - * - * Use .name instead of .prefix when available. xattr_resolve_name will match - * whole name and reject anything that has .name only as prefix. - */ -xattr_handler_t zpl_xattr_acl_access_handler = -{ -#ifdef HAVE_XATTR_HANDLER_NAME - .name = XATTR_NAME_POSIX_ACL_ACCESS, -#else - .prefix = XATTR_NAME_POSIX_ACL_ACCESS, -#endif - .list = zpl_xattr_acl_list_access, - .get = zpl_xattr_acl_get_access, - .set = zpl_xattr_acl_set_access, -#if defined(HAVE_XATTR_LIST_SIMPLE) || \ - defined(HAVE_XATTR_LIST_DENTRY) || \ - defined(HAVE_XATTR_LIST_HANDLER) - .flags = ACL_TYPE_ACCESS, -#endif -}; - -/* - * ACL default xattr namespace handlers. - * - * Use .name instead of .prefix when available. xattr_resolve_name will match - * whole name and reject anything that has .name only as prefix. - */ -xattr_handler_t zpl_xattr_acl_default_handler = -{ -#ifdef HAVE_XATTR_HANDLER_NAME - .name = XATTR_NAME_POSIX_ACL_DEFAULT, -#else - .prefix = XATTR_NAME_POSIX_ACL_DEFAULT, -#endif - .list = zpl_xattr_acl_list_default, - .get = zpl_xattr_acl_get_default, - .set = zpl_xattr_acl_set_default, -#if defined(HAVE_XATTR_LIST_SIMPLE) || \ - defined(HAVE_XATTR_LIST_DENTRY) || \ - defined(HAVE_XATTR_LIST_HANDLER) - .flags = ACL_TYPE_DEFAULT, -#endif -}; - -#endif /* CONFIG_FS_POSIX_ACL */ - -xattr_handler_t *zpl_xattr_handlers[] = { - &zpl_xattr_security_handler, - &zpl_xattr_trusted_handler, - &zpl_xattr_user_handler, -#ifdef CONFIG_FS_POSIX_ACL - &zpl_xattr_acl_access_handler, - &zpl_xattr_acl_default_handler, -#endif /* CONFIG_FS_POSIX_ACL */ - NULL -}; - -static const struct xattr_handler * -zpl_xattr_handler(const char *name) -{ - if (strncmp(name, XATTR_USER_PREFIX, - XATTR_USER_PREFIX_LEN) == 0) - return (&zpl_xattr_user_handler); - - if (strncmp(name, XATTR_TRUSTED_PREFIX, - XATTR_TRUSTED_PREFIX_LEN) == 0) - return (&zpl_xattr_trusted_handler); - - if (strncmp(name, XATTR_SECURITY_PREFIX, - XATTR_SECURITY_PREFIX_LEN) == 0) - return (&zpl_xattr_security_handler); - -#ifdef CONFIG_FS_POSIX_ACL - if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, - sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0) - return (&zpl_xattr_acl_access_handler); - - if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, - sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0) - return (&zpl_xattr_acl_default_handler); -#endif /* CONFIG_FS_POSIX_ACL */ - - return (NULL); -} - -#if !defined(HAVE_POSIX_ACL_RELEASE) || defined(HAVE_POSIX_ACL_RELEASE_GPL_ONLY) -struct acl_rel_struct { - struct acl_rel_struct *next; - struct posix_acl *acl; - clock_t time; -}; - -#define ACL_REL_GRACE (60*HZ) -#define ACL_REL_WINDOW (1*HZ) -#define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW) - -/* - * Lockless multi-producer single-consumer fifo list. - * Nodes are added to tail and removed from head. Tail pointer is our - * synchronization point. It always points to the next pointer of the last - * node, or head if list is empty. - */ -static struct acl_rel_struct *acl_rel_head = NULL; -static struct acl_rel_struct **acl_rel_tail = &acl_rel_head; - -static void -zpl_posix_acl_free(void *arg) -{ - struct acl_rel_struct *freelist = NULL; - struct acl_rel_struct *a; - clock_t new_time; - boolean_t refire = B_FALSE; - - ASSERT3P(acl_rel_head, !=, NULL); - while (acl_rel_head) { - a = acl_rel_head; - if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) { - /* - * If a is the last node we need to reset tail, but we - * need to use cmpxchg to make sure it is still the - * last node. - */ - if (acl_rel_tail == &a->next) { - acl_rel_head = NULL; - if (cmpxchg(&acl_rel_tail, &a->next, - &acl_rel_head) == &a->next) { - ASSERT3P(a->next, ==, NULL); - a->next = freelist; - freelist = a; - break; - } - } - /* - * a is not last node, make sure next pointer is set - * by the adder and advance the head. - */ - while (READ_ONCE(a->next) == NULL) - cpu_relax(); - acl_rel_head = a->next; - a->next = freelist; - freelist = a; - } else { - /* - * a is still in grace period. We are responsible to - * reschedule the free task, since adder will only do - * so if list is empty. - */ - new_time = a->time + ACL_REL_SCHED; - refire = B_TRUE; - break; - } - } - - if (refire) - taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free, - NULL, TQ_SLEEP, new_time); - - while (freelist) { - a = freelist; - freelist = a->next; - kfree(a->acl); - kmem_free(a, sizeof (struct acl_rel_struct)); - } -} - -void -zpl_posix_acl_release_impl(struct posix_acl *acl) -{ - struct acl_rel_struct *a, **prev; - - a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP); - a->next = NULL; - a->acl = acl; - a->time = ddi_get_lbolt(); - /* atomically points tail to us and get the previous tail */ - prev = xchg(&acl_rel_tail, &a->next); - ASSERT3P(*prev, ==, NULL); - *prev = a; - /* if it was empty before, schedule the free task */ - if (prev == &acl_rel_head) - taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free, - NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED); -} -#endif |