xref: /freebsd/sys/contrib/openzfs/module/os/linux/zfs/zpl_xattr.c (revision 61145dc2b94f12f6a47344fb9aac702321880e43)
1 // SPDX-License-Identifier: CDDL-1.0
2 /*
3  * CDDL HEADER START
4  *
5  * The contents of this file are subject to the terms of the
6  * Common Development and Distribution License (the "License").
7  * You may not use this file except in compliance with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or https://opensource.org/licenses/CDDL-1.0.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
24  *
25  * Extended attributes (xattr) on Solaris are implemented as files
26  * which exist in a hidden xattr directory.  These extended attributes
27  * can be accessed using the attropen() system call which opens
28  * the extended attribute.  It can then be manipulated just like
29  * a standard file descriptor.  This has a couple advantages such
30  * as practically no size limit on the file, and the extended
31  * attributes permissions may differ from those of the parent file.
32  * This interface is really quite clever, but it's also completely
33  * different than what is supported on Linux.  It also comes with a
34  * steep performance penalty when accessing small xattrs because they
35  * are not stored with the parent file.
36  *
37  * Under Linux extended attributes are manipulated by the system
38  * calls getxattr(2), setxattr(2), and listxattr(2).  They consider
39  * extended attributes to be name/value pairs where the name is a
40  * NULL terminated string.  The name must also include one of the
41  * following namespace prefixes:
42  *
43  *   user     - No restrictions and is available to user applications.
44  *   trusted  - Restricted to kernel and root (CAP_SYS_ADMIN) use.
45  *   system   - Used for access control lists (system.nfs4_acl, etc).
46  *   security - Used by SELinux to store a files security context.
47  *
48  * The value under Linux to limited to 65536 bytes of binary data.
49  * In practice, individual xattrs tend to be much smaller than this
50  * and are typically less than 100 bytes.  A good example of this
51  * are the security.selinux xattrs which are less than 100 bytes and
52  * exist for every file when xattr labeling is enabled.
53  *
54  * The Linux xattr implementation has been written to take advantage of
55  * this typical usage.  When the dataset property 'xattr=sa' is set,
56  * then xattrs will be preferentially stored as System Attributes (SA).
57  * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
58  * up to 64k of xattrs to be stored in the spill block.  If additional
59  * xattr space is required, which is unlikely under Linux, they will
60  * be stored using the traditional directory approach.
61  *
62  * This optimization results in roughly a 3x performance improvement
63  * when accessing xattrs because it avoids the need to perform a seek
64  * for every xattr value.  When multiple xattrs are stored per-file
65  * the performance improvements are even greater because all of the
66  * xattrs stored in the spill block will be cached.
67  *
68  * However, by default SA based xattrs are disabled in the Linux port
69  * to maximize compatibility with other implementations.  If you do
70  * enable SA based xattrs then they will not be visible on platforms
71  * which do not support this feature.
72  *
73  * NOTE: One additional consequence of the xattr directory implementation
74  * is that when an extended attribute is manipulated an inode is created.
75  * This inode will exist in the Linux inode cache but there will be no
76  * associated entry in the dentry cache which references it.  This is
77  * safe but it may result in some confusion.  Enabling SA based xattrs
78  * largely avoids the issue except in the overflow case.
79  */
80 
81 #include <sys/zfs_znode.h>
82 #include <sys/zfs_vfsops.h>
83 #include <sys/zfs_vnops.h>
84 #include <sys/zap.h>
85 #include <sys/vfs.h>
86 #include <sys/zpl.h>
87 #include <linux/vfs_compat.h>
88 
89 enum xattr_permission {
90 	XAPERM_DENY,
91 	XAPERM_ALLOW,
92 	XAPERM_COMPAT,
93 };
94 
95 typedef struct xattr_filldir {
96 	size_t size;
97 	size_t offset;
98 	char *buf;
99 	struct dentry *dentry;
100 } xattr_filldir_t;
101 
102 static enum xattr_permission zpl_xattr_permission(xattr_filldir_t *,
103     const char *, int);
104 
105 static int zfs_xattr_compat = 0;
106 
107 /*
108  * Determine is a given xattr name should be visible and if so copy it
109  * in to the provided buffer (xf->buf).
110  */
111 static int
zpl_xattr_filldir(xattr_filldir_t * xf,const char * name,int name_len)112 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
113 {
114 	enum xattr_permission perm;
115 
116 	/* Check permissions using the per-namespace list xattr handler. */
117 	perm = zpl_xattr_permission(xf, name, name_len);
118 	if (perm == XAPERM_DENY)
119 		return (0);
120 
121 	/* Prefix the name with "user." if it does not have a namespace. */
122 	if (perm == XAPERM_COMPAT) {
123 		if (xf->buf) {
124 			if (xf->offset + XATTR_USER_PREFIX_LEN + 1 > xf->size)
125 				return (-ERANGE);
126 
127 			memcpy(xf->buf + xf->offset, XATTR_USER_PREFIX,
128 			    XATTR_USER_PREFIX_LEN);
129 			xf->buf[xf->offset + XATTR_USER_PREFIX_LEN] = '\0';
130 		}
131 
132 		xf->offset += XATTR_USER_PREFIX_LEN;
133 	}
134 
135 	/* When xf->buf is NULL only calculate the required size. */
136 	if (xf->buf) {
137 		if (xf->offset + name_len + 1 > xf->size)
138 			return (-ERANGE);
139 
140 		memcpy(xf->buf + xf->offset, name, name_len);
141 		xf->buf[xf->offset + name_len] = '\0';
142 	}
143 
144 	xf->offset += (name_len + 1);
145 
146 	return (0);
147 }
148 
149 /*
150  * Read as many directory entry names as will fit in to the provided buffer,
151  * or when no buffer is provided calculate the required buffer size.
152  */
153 static int
zpl_xattr_readdir(struct inode * dxip,xattr_filldir_t * xf)154 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
155 {
156 	zap_cursor_t zc;
157 	zap_attribute_t	*zap = zap_attribute_alloc();
158 	int error;
159 
160 	zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
161 
162 	while ((error = -zap_cursor_retrieve(&zc, zap)) == 0) {
163 
164 		if (zap->za_integer_length != 8 || zap->za_num_integers != 1) {
165 			error = -ENXIO;
166 			break;
167 		}
168 
169 		error = zpl_xattr_filldir(xf, zap->za_name,
170 		    strlen(zap->za_name));
171 		if (error)
172 			break;
173 
174 		zap_cursor_advance(&zc);
175 	}
176 
177 	zap_cursor_fini(&zc);
178 	zap_attribute_free(zap);
179 
180 	if (error == -ENOENT)
181 		error = 0;
182 
183 	return (error);
184 }
185 
186 static ssize_t
zpl_xattr_list_dir(xattr_filldir_t * xf,cred_t * cr)187 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
188 {
189 	struct inode *ip = xf->dentry->d_inode;
190 	struct inode *dxip = NULL;
191 	znode_t *dxzp;
192 	int error;
193 
194 	/* Lookup the xattr directory */
195 	error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
196 	    cr, NULL, NULL);
197 	if (error) {
198 		if (error == -ENOENT)
199 			error = 0;
200 
201 		return (error);
202 	}
203 
204 	dxip = ZTOI(dxzp);
205 	error = zpl_xattr_readdir(dxip, xf);
206 	iput(dxip);
207 
208 	return (error);
209 }
210 
211 static ssize_t
zpl_xattr_list_sa(xattr_filldir_t * xf)212 zpl_xattr_list_sa(xattr_filldir_t *xf)
213 {
214 	znode_t *zp = ITOZ(xf->dentry->d_inode);
215 	nvpair_t *nvp = NULL;
216 	int error = 0;
217 
218 	mutex_enter(&zp->z_lock);
219 	if (zp->z_xattr_cached == NULL)
220 		error = -zfs_sa_get_xattr(zp);
221 	mutex_exit(&zp->z_lock);
222 
223 	if (error)
224 		return (error);
225 
226 	ASSERT(zp->z_xattr_cached);
227 
228 	while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
229 		ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
230 
231 		error = zpl_xattr_filldir(xf, nvpair_name(nvp),
232 		    strlen(nvpair_name(nvp)));
233 		if (error)
234 			return (error);
235 	}
236 
237 	return (0);
238 }
239 
240 ssize_t
zpl_xattr_list(struct dentry * dentry,char * buffer,size_t buffer_size)241 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
242 {
243 	znode_t *zp = ITOZ(dentry->d_inode);
244 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
245 	xattr_filldir_t xf = { buffer_size, 0, buffer, dentry };
246 	cred_t *cr = CRED();
247 	fstrans_cookie_t cookie;
248 	int error = 0;
249 
250 	crhold(cr);
251 	cookie = spl_fstrans_mark();
252 	if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
253 		goto out1;
254 	rw_enter(&zp->z_xattr_lock, RW_READER);
255 
256 	if (zfsvfs->z_use_sa && zp->z_is_sa) {
257 		error = zpl_xattr_list_sa(&xf);
258 		if (error)
259 			goto out;
260 	}
261 
262 	error = zpl_xattr_list_dir(&xf, cr);
263 	if (error)
264 		goto out;
265 
266 	error = xf.offset;
267 out:
268 
269 	rw_exit(&zp->z_xattr_lock);
270 	zpl_exit(zfsvfs, FTAG);
271 out1:
272 	spl_fstrans_unmark(cookie);
273 	crfree(cr);
274 
275 	return (error);
276 }
277 
278 static int
zpl_xattr_get_dir(struct inode * ip,const char * name,void * value,size_t size,cred_t * cr)279 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
280     size_t size, cred_t *cr)
281 {
282 	fstrans_cookie_t cookie;
283 	struct inode *xip = NULL;
284 	znode_t *dxzp = NULL;
285 	znode_t *xzp = NULL;
286 	int error;
287 
288 	/* Lookup the xattr directory */
289 	error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
290 	    cr, NULL, NULL);
291 	if (error)
292 		goto out;
293 
294 	/* Lookup a specific xattr name in the directory */
295 	error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
296 	if (error)
297 		goto out;
298 
299 	xip = ZTOI(xzp);
300 	if (!size) {
301 		error = i_size_read(xip);
302 		goto out;
303 	}
304 
305 	if (size < i_size_read(xip)) {
306 		error = -ERANGE;
307 		goto out;
308 	}
309 
310 	struct iovec iov;
311 	iov.iov_base = (void *)value;
312 	iov.iov_len = size;
313 
314 	zfs_uio_t uio;
315 	zfs_uio_iovec_init(&uio, &iov, 1, 0, UIO_SYSSPACE, size, 0);
316 
317 	cookie = spl_fstrans_mark();
318 	error = -zfs_read(ITOZ(xip), &uio, 0, cr);
319 	spl_fstrans_unmark(cookie);
320 
321 	if (error == 0)
322 		error = size - zfs_uio_resid(&uio);
323 out:
324 	if (xzp)
325 		zrele(xzp);
326 
327 	if (dxzp)
328 		zrele(dxzp);
329 
330 	return (error);
331 }
332 
333 static int
zpl_xattr_get_sa(struct inode * ip,const char * name,void * value,size_t size)334 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
335 {
336 	znode_t *zp = ITOZ(ip);
337 	uchar_t *nv_value;
338 	uint_t nv_size;
339 	int error = 0;
340 
341 	ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
342 
343 	mutex_enter(&zp->z_lock);
344 	if (zp->z_xattr_cached == NULL)
345 		error = -zfs_sa_get_xattr(zp);
346 	mutex_exit(&zp->z_lock);
347 
348 	if (error)
349 		return (error);
350 
351 	ASSERT(zp->z_xattr_cached);
352 	error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
353 	    &nv_value, &nv_size);
354 	if (error)
355 		return (error);
356 
357 	if (size == 0 || value == NULL)
358 		return (nv_size);
359 
360 	if (size < nv_size)
361 		return (-ERANGE);
362 
363 	memcpy(value, nv_value, nv_size);
364 
365 	return (nv_size);
366 }
367 
368 static int
__zpl_xattr_get(struct inode * ip,const char * name,void * value,size_t size,cred_t * cr)369 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
370     cred_t *cr)
371 {
372 	znode_t *zp = ITOZ(ip);
373 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
374 	int error;
375 
376 	ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
377 
378 	if (zfsvfs->z_use_sa && zp->z_is_sa) {
379 		error = zpl_xattr_get_sa(ip, name, value, size);
380 		if (error != -ENOENT)
381 			goto out;
382 	}
383 
384 	error = zpl_xattr_get_dir(ip, name, value, size, cr);
385 out:
386 	if (error == -ENOENT)
387 		error = -ENODATA;
388 
389 	return (error);
390 }
391 
392 #define	XATTR_NOENT	0x0
393 #define	XATTR_IN_SA	0x1
394 #define	XATTR_IN_DIR	0x2
395 /* check where the xattr resides */
396 static int
__zpl_xattr_where(struct inode * ip,const char * name,int * where,cred_t * cr)397 __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr)
398 {
399 	znode_t *zp = ITOZ(ip);
400 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
401 	int error;
402 
403 	ASSERT(where);
404 	ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
405 
406 	*where = XATTR_NOENT;
407 	if (zfsvfs->z_use_sa && zp->z_is_sa) {
408 		error = zpl_xattr_get_sa(ip, name, NULL, 0);
409 		if (error >= 0)
410 			*where |= XATTR_IN_SA;
411 		else if (error != -ENOENT)
412 			return (error);
413 	}
414 
415 	error = zpl_xattr_get_dir(ip, name, NULL, 0, cr);
416 	if (error >= 0)
417 		*where |= XATTR_IN_DIR;
418 	else if (error != -ENOENT)
419 		return (error);
420 
421 	if (*where == (XATTR_IN_SA|XATTR_IN_DIR))
422 		cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\""
423 		    " in both SA and dir", ip, name);
424 	if (*where == XATTR_NOENT)
425 		error = -ENODATA;
426 	else
427 		error = 0;
428 	return (error);
429 }
430 
431 static int
zpl_xattr_get(struct inode * ip,const char * name,void * value,size_t size)432 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
433 {
434 	znode_t *zp = ITOZ(ip);
435 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
436 	cred_t *cr = CRED();
437 	fstrans_cookie_t cookie;
438 	int error;
439 
440 	crhold(cr);
441 	cookie = spl_fstrans_mark();
442 	if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
443 		goto out;
444 	rw_enter(&zp->z_xattr_lock, RW_READER);
445 	error = __zpl_xattr_get(ip, name, value, size, cr);
446 	rw_exit(&zp->z_xattr_lock);
447 	zpl_exit(zfsvfs, FTAG);
448 out:
449 	spl_fstrans_unmark(cookie);
450 	crfree(cr);
451 
452 	return (error);
453 }
454 
455 static int
zpl_xattr_set_dir(struct inode * ip,const char * name,const void * value,size_t size,int flags,cred_t * cr)456 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
457     size_t size, int flags, cred_t *cr)
458 {
459 	znode_t *dxzp = NULL;
460 	znode_t *xzp = NULL;
461 	vattr_t *vap = NULL;
462 	int lookup_flags, error;
463 	const int xattr_mode = S_IFREG | 0644;
464 	loff_t pos = 0;
465 
466 	/*
467 	 * Lookup the xattr directory.  When we're adding an entry pass
468 	 * CREATE_XATTR_DIR to ensure the xattr directory is created.
469 	 * When removing an entry this flag is not passed to avoid
470 	 * unnecessarily creating a new xattr directory.
471 	 */
472 	lookup_flags = LOOKUP_XATTR;
473 	if (value != NULL)
474 		lookup_flags |= CREATE_XATTR_DIR;
475 
476 	error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, lookup_flags,
477 	    cr, NULL, NULL);
478 	if (error)
479 		goto out;
480 
481 	/* Lookup a specific xattr name in the directory */
482 	error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
483 	if (error && (error != -ENOENT))
484 		goto out;
485 
486 	error = 0;
487 
488 	/* Remove a specific name xattr when value is set to NULL. */
489 	if (value == NULL) {
490 		if (xzp)
491 			error = -zfs_remove(dxzp, (char *)name, cr, 0);
492 
493 		goto out;
494 	}
495 
496 	/* Lookup failed create a new xattr. */
497 	if (xzp == NULL) {
498 		vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
499 		vap->va_mode = xattr_mode;
500 		vap->va_mask = ATTR_MODE;
501 		vap->va_uid = crgetuid(cr);
502 		vap->va_gid = crgetgid(cr);
503 
504 		error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp,
505 		    cr, ATTR_NOACLCHECK, NULL, zfs_init_idmap);
506 		if (error)
507 			goto out;
508 	}
509 
510 	ASSERT(xzp != NULL);
511 
512 	error = -zfs_freesp(xzp, 0, 0, xattr_mode, TRUE);
513 	if (error)
514 		goto out;
515 
516 	error = -zfs_write_simple(xzp, value, size, pos, NULL);
517 out:
518 	if (error == 0) {
519 		zpl_inode_set_ctime_to_ts(ip, current_time(ip));
520 		zfs_mark_inode_dirty(ip);
521 	}
522 
523 	if (vap)
524 		kmem_free(vap, sizeof (vattr_t));
525 
526 	if (xzp)
527 		zrele(xzp);
528 
529 	if (dxzp)
530 		zrele(dxzp);
531 
532 	if (error == -ENOENT)
533 		error = -ENODATA;
534 
535 	ASSERT3S(error, <=, 0);
536 
537 	return (error);
538 }
539 
540 static int
zpl_xattr_set_sa(struct inode * ip,const char * name,const void * value,size_t size,int flags,cred_t * cr)541 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
542     size_t size, int flags, cred_t *cr)
543 {
544 	znode_t *zp = ITOZ(ip);
545 	nvlist_t *nvl;
546 	size_t sa_size;
547 	int error = 0;
548 
549 	mutex_enter(&zp->z_lock);
550 	if (zp->z_xattr_cached == NULL)
551 		error = -zfs_sa_get_xattr(zp);
552 	mutex_exit(&zp->z_lock);
553 
554 	if (error)
555 		return (error);
556 
557 	ASSERT(zp->z_xattr_cached);
558 	nvl = zp->z_xattr_cached;
559 
560 	if (value == NULL) {
561 		error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
562 		if (error == -ENOENT)
563 			error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
564 	} else {
565 		/* Limited to 32k to keep nvpair memory allocations small */
566 		if (size > DXATTR_MAX_ENTRY_SIZE)
567 			return (-EFBIG);
568 
569 		/* Prevent the DXATTR SA from consuming the entire SA region */
570 		error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
571 		if (error)
572 			return (error);
573 
574 		if (sa_size > DXATTR_MAX_SA_SIZE)
575 			return (-EFBIG);
576 
577 		error = -nvlist_add_byte_array(nvl, name,
578 		    (uchar_t *)value, size);
579 	}
580 
581 	/*
582 	 * Update the SA for additions, modifications, and removals. On
583 	 * error drop the inconsistent cached version of the nvlist, it
584 	 * will be reconstructed from the ARC when next accessed.
585 	 */
586 	if (error == 0)
587 		error = -zfs_sa_set_xattr(zp, name, value, size);
588 
589 	if (error) {
590 		nvlist_free(nvl);
591 		zp->z_xattr_cached = NULL;
592 	}
593 
594 	ASSERT3S(error, <=, 0);
595 
596 	return (error);
597 }
598 
599 static int
zpl_xattr_set(struct inode * ip,const char * name,const void * value,size_t size,int flags)600 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
601     size_t size, int flags)
602 {
603 	znode_t *zp = ITOZ(ip);
604 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
605 	cred_t *cr = CRED();
606 	fstrans_cookie_t cookie;
607 	int where;
608 	int error;
609 
610 	crhold(cr);
611 	cookie = spl_fstrans_mark();
612 	if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
613 		goto out1;
614 	rw_enter(&zp->z_xattr_lock, RW_WRITER);
615 
616 	/*
617 	 * Before setting the xattr check to see if it already exists.
618 	 * This is done to ensure the following optional flags are honored.
619 	 *
620 	 *   XATTR_CREATE: fail if xattr already exists
621 	 *   XATTR_REPLACE: fail if xattr does not exist
622 	 *
623 	 * We also want to know if it resides in sa or dir, so we can make
624 	 * sure we don't end up with duplicate in both places.
625 	 */
626 	error = __zpl_xattr_where(ip, name, &where, cr);
627 	if (error < 0) {
628 		if (error != -ENODATA)
629 			goto out;
630 		if (flags & XATTR_REPLACE)
631 			goto out;
632 
633 		/* The xattr to be removed already doesn't exist */
634 		error = 0;
635 		if (value == NULL)
636 			goto out;
637 	} else {
638 		error = -EEXIST;
639 		if (flags & XATTR_CREATE)
640 			goto out;
641 	}
642 
643 	/* Preferentially store the xattr as a SA for better performance */
644 	if (zfsvfs->z_use_sa && zp->z_is_sa &&
645 	    (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) {
646 		error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
647 		if (error == 0) {
648 			/*
649 			 * Successfully put into SA, we need to clear the one
650 			 * in dir.
651 			 */
652 			if (where & XATTR_IN_DIR)
653 				zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr);
654 			goto out;
655 		}
656 	}
657 
658 	error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
659 	/*
660 	 * Successfully put into dir, we need to clear the one in SA.
661 	 */
662 	if (error == 0 && (where & XATTR_IN_SA))
663 		zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr);
664 out:
665 	rw_exit(&zp->z_xattr_lock);
666 	zpl_exit(zfsvfs, FTAG);
667 out1:
668 	spl_fstrans_unmark(cookie);
669 	crfree(cr);
670 	ASSERT3S(error, <=, 0);
671 
672 	return (error);
673 }
674 
675 /*
676  * Extended user attributes
677  *
678  * "Extended user attributes may be assigned to files and directories for
679  * storing arbitrary additional information such as the mime type,
680  * character set or encoding of a file.  The access permissions for user
681  * attributes are defined by the file permission bits: read permission
682  * is required to retrieve the attribute value, and writer permission is
683  * required to change it.
684  *
685  * The file permission bits of regular files and directories are
686  * interpreted differently from the file permission bits of special
687  * files and symbolic links.  For regular files and directories the file
688  * permission bits define access to the file's contents, while for
689  * device special files they define access to the device described by
690  * the special file.  The file permissions of symbolic links are not
691  * used in access checks.  These differences would allow users to
692  * consume filesystem resources in a way not controllable by disk quotas
693  * for group or world writable special files and directories.
694  *
695  * For this reason, extended user attributes are allowed only for
696  * regular files and directories, and access to extended user attributes
697  * is restricted to the owner and to users with appropriate capabilities
698  * for directories with the sticky bit set (see the chmod(1) manual page
699  * for an explanation of the sticky bit)." - xattr(7)
700  *
701  * ZFS allows extended user attributes to be disabled administratively
702  * by setting the 'xattr=off' property on the dataset.
703  */
704 static int
__zpl_xattr_user_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)705 __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size,
706     const char *name, size_t name_len)
707 {
708 	return (ITOZSB(ip)->z_flags & ZSB_XATTR);
709 }
710 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list);
711 
712 static int
__zpl_xattr_user_get(struct inode * ip,const char * name,void * value,size_t size)713 __zpl_xattr_user_get(struct inode *ip, const char *name,
714     void *value, size_t size)
715 {
716 	int error;
717 	/* xattr_resolve_name will do this for us if this is defined */
718 	if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
719 		return (-EINVAL);
720 	if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
721 		return (-EOPNOTSUPP);
722 
723 	/*
724 	 * Try to look up the name with the namespace prefix first for
725 	 * compatibility with xattrs from this platform.  If that fails,
726 	 * try again without the namespace prefix for compatibility with
727 	 * other platforms.
728 	 */
729 	char *xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
730 	error = zpl_xattr_get(ip, xattr_name, value, size);
731 	kmem_strfree(xattr_name);
732 	if (error == -ENODATA)
733 		error = zpl_xattr_get(ip, name, value, size);
734 
735 	return (error);
736 }
737 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
738 
739 static int
__zpl_xattr_user_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)740 __zpl_xattr_user_set(zidmap_t *user_ns,
741     struct inode *ip, const char *name,
742     const void *value, size_t size, int flags)
743 {
744 	(void) user_ns;
745 	int error = 0;
746 	/* xattr_resolve_name will do this for us if this is defined */
747 	if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
748 		return (-EINVAL);
749 	if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
750 		return (-EOPNOTSUPP);
751 
752 	/*
753 	 * Remove alternate compat version of the xattr so we only set the
754 	 * version specified by the zfs_xattr_compat tunable.
755 	 *
756 	 * The following flags must be handled correctly:
757 	 *
758 	 *   XATTR_CREATE: fail if xattr already exists
759 	 *   XATTR_REPLACE: fail if xattr does not exist
760 	 */
761 	char *prefixed_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
762 	const char *clear_name, *set_name;
763 	if (zfs_xattr_compat) {
764 		clear_name = prefixed_name;
765 		set_name = name;
766 	} else {
767 		clear_name = name;
768 		set_name = prefixed_name;
769 	}
770 	/*
771 	 * Clear the old value with the alternative name format, if it exists.
772 	 */
773 	error = zpl_xattr_set(ip, clear_name, NULL, 0, flags);
774 	/*
775 	 * XATTR_CREATE was specified and we failed to clear the xattr
776 	 * because it already exists.  Stop here.
777 	 */
778 	if (error == -EEXIST)
779 		goto out;
780 	/*
781 	 * If XATTR_REPLACE was specified and we succeeded to clear
782 	 * an xattr, we don't need to replace anything when setting
783 	 * the new value.  If we failed with -ENODATA that's fine,
784 	 * there was nothing to be cleared and we can ignore the error.
785 	 */
786 	if (error == 0)
787 		flags &= ~XATTR_REPLACE;
788 	/*
789 	 * Set the new value with the configured name format.
790 	 */
791 	error = zpl_xattr_set(ip, set_name, value, size, flags);
792 out:
793 	kmem_strfree(prefixed_name);
794 	return (error);
795 }
796 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
797 
798 static xattr_handler_t zpl_xattr_user_handler =
799 {
800 	.prefix	= XATTR_USER_PREFIX,
801 	.list	= zpl_xattr_user_list,
802 	.get	= zpl_xattr_user_get,
803 	.set	= zpl_xattr_user_set,
804 };
805 
806 /*
807  * Trusted extended attributes
808  *
809  * "Trusted extended attributes are visible and accessible only to
810  * processes that have the CAP_SYS_ADMIN capability.  Attributes in this
811  * class are used to implement mechanisms in user space (i.e., outside
812  * the kernel) which keep information in extended attributes to which
813  * ordinary processes should not have access." - xattr(7)
814  */
815 static int
__zpl_xattr_trusted_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)816 __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size,
817     const char *name, size_t name_len)
818 {
819 	return (capable(CAP_SYS_ADMIN));
820 }
821 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list);
822 
823 static int
__zpl_xattr_trusted_get(struct inode * ip,const char * name,void * value,size_t size)824 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
825     void *value, size_t size)
826 {
827 	char *xattr_name;
828 	int error;
829 
830 	if (!capable(CAP_SYS_ADMIN))
831 		return (-EACCES);
832 	/* xattr_resolve_name will do this for us if this is defined */
833 	xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
834 	error = zpl_xattr_get(ip, xattr_name, value, size);
835 	kmem_strfree(xattr_name);
836 
837 	return (error);
838 }
839 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
840 
841 static int
__zpl_xattr_trusted_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)842 __zpl_xattr_trusted_set(zidmap_t *user_ns,
843     struct inode *ip, const char *name,
844     const void *value, size_t size, int flags)
845 {
846 	(void) user_ns;
847 	char *xattr_name;
848 	int error;
849 
850 	if (!capable(CAP_SYS_ADMIN))
851 		return (-EACCES);
852 	/* xattr_resolve_name will do this for us if this is defined */
853 	xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
854 	error = zpl_xattr_set(ip, xattr_name, value, size, flags);
855 	kmem_strfree(xattr_name);
856 
857 	return (error);
858 }
859 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
860 
861 static xattr_handler_t zpl_xattr_trusted_handler = {
862 	.prefix	= XATTR_TRUSTED_PREFIX,
863 	.list	= zpl_xattr_trusted_list,
864 	.get	= zpl_xattr_trusted_get,
865 	.set	= zpl_xattr_trusted_set,
866 };
867 
868 /*
869  * Extended security attributes
870  *
871  * "The security attribute namespace is used by kernel security modules,
872  * such as Security Enhanced Linux, and also to implement file
873  * capabilities (see capabilities(7)).  Read and write access
874  * permissions to security attributes depend on the policy implemented
875  * for each security attribute by the security module.  When no security
876  * module is loaded, all processes have read access to extended security
877  * attributes, and write access is limited to processes that have the
878  * CAP_SYS_ADMIN capability." - xattr(7)
879  */
880 static int
__zpl_xattr_security_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)881 __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size,
882     const char *name, size_t name_len)
883 {
884 	return (1);
885 }
886 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list);
887 
888 static int
__zpl_xattr_security_get(struct inode * ip,const char * name,void * value,size_t size)889 __zpl_xattr_security_get(struct inode *ip, const char *name,
890     void *value, size_t size)
891 {
892 	char *xattr_name;
893 	int error;
894 	/* xattr_resolve_name will do this for us if this is defined */
895 	xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
896 	error = zpl_xattr_get(ip, xattr_name, value, size);
897 	kmem_strfree(xattr_name);
898 
899 	return (error);
900 }
901 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
902 
903 static int
__zpl_xattr_security_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)904 __zpl_xattr_security_set(zidmap_t *user_ns,
905     struct inode *ip, const char *name,
906     const void *value, size_t size, int flags)
907 {
908 	(void) user_ns;
909 	char *xattr_name;
910 	int error;
911 	/* xattr_resolve_name will do this for us if this is defined */
912 	xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
913 	error = zpl_xattr_set(ip, xattr_name, value, size, flags);
914 	kmem_strfree(xattr_name);
915 
916 	return (error);
917 }
918 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
919 
920 static int
zpl_xattr_security_init_impl(struct inode * ip,const struct xattr * xattrs,void * fs_info)921 zpl_xattr_security_init_impl(struct inode *ip, const struct xattr *xattrs,
922     void *fs_info)
923 {
924 	const struct xattr *xattr;
925 	int error = 0;
926 
927 	for (xattr = xattrs; xattr->name != NULL; xattr++) {
928 		error = __zpl_xattr_security_set(NULL, ip,
929 		    xattr->name, xattr->value, xattr->value_len, 0);
930 
931 		if (error < 0)
932 			break;
933 	}
934 
935 	return (error);
936 }
937 
938 int
zpl_xattr_security_init(struct inode * ip,struct inode * dip,const struct qstr * qstr)939 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
940     const struct qstr *qstr)
941 {
942 	return security_inode_init_security(ip, dip, qstr,
943 	    &zpl_xattr_security_init_impl, NULL);
944 }
945 
946 /*
947  * Security xattr namespace handlers.
948  */
949 static xattr_handler_t zpl_xattr_security_handler = {
950 	.prefix	= XATTR_SECURITY_PREFIX,
951 	.list	= zpl_xattr_security_list,
952 	.get	= zpl_xattr_security_get,
953 	.set	= zpl_xattr_security_set,
954 };
955 
956 /*
957  * Extended system attributes
958  *
959  * "Extended system attributes are used by the kernel to store system
960  * objects such as Access Control Lists.  Read and write access permissions
961  * to system attributes depend on the policy implemented for each system
962  * attribute implemented by filesystems in the kernel." - xattr(7)
963  */
964 #ifdef CONFIG_FS_POSIX_ACL
965 static int
zpl_set_acl_impl(struct inode * ip,struct posix_acl * acl,int type)966 zpl_set_acl_impl(struct inode *ip, struct posix_acl *acl, int type)
967 {
968 	char *name, *value = NULL;
969 	int error = 0;
970 	size_t size = 0;
971 
972 	if (S_ISLNK(ip->i_mode))
973 		return (-EOPNOTSUPP);
974 
975 	switch (type) {
976 	case ACL_TYPE_ACCESS:
977 		name = XATTR_NAME_POSIX_ACL_ACCESS;
978 		if (acl) {
979 			umode_t mode = ip->i_mode;
980 			error = posix_acl_equiv_mode(acl, &mode);
981 			if (error < 0) {
982 				return (error);
983 			} else {
984 				/*
985 				 * The mode bits will have been set by
986 				 * ->zfs_setattr()->zfs_acl_chmod_setattr()
987 				 * using the ZFS ACL conversion.  If they
988 				 * differ from the Posix ACL conversion dirty
989 				 * the inode to write the Posix mode bits.
990 				 */
991 				if (ip->i_mode != mode) {
992 					ip->i_mode = ITOZ(ip)->z_mode = mode;
993 					zpl_inode_set_ctime_to_ts(ip,
994 					    current_time(ip));
995 					zfs_mark_inode_dirty(ip);
996 				}
997 
998 				if (error == 0)
999 					acl = NULL;
1000 			}
1001 		}
1002 		break;
1003 
1004 	case ACL_TYPE_DEFAULT:
1005 		name = XATTR_NAME_POSIX_ACL_DEFAULT;
1006 		if (!S_ISDIR(ip->i_mode))
1007 			return (acl ? -EACCES : 0);
1008 		break;
1009 
1010 	default:
1011 		return (-EINVAL);
1012 	}
1013 
1014 	if (acl) {
1015 		size = posix_acl_xattr_size(acl->a_count);
1016 		value = kmem_alloc(size, KM_SLEEP);
1017 
1018 		error = zpl_acl_to_xattr(acl, value, size);
1019 		if (error < 0) {
1020 			kmem_free(value, size);
1021 			return (error);
1022 		}
1023 	}
1024 
1025 	error = zpl_xattr_set(ip, name, value, size, 0);
1026 	if (value)
1027 		kmem_free(value, size);
1028 
1029 	if (!error) {
1030 		if (acl)
1031 			set_cached_acl(ip, type, acl);
1032 		else
1033 			forget_cached_acl(ip, type);
1034 	}
1035 
1036 	return (error);
1037 }
1038 
1039 int
1040 #ifdef HAVE_SET_ACL_USERNS
zpl_set_acl(struct user_namespace * userns,struct inode * ip,struct posix_acl * acl,int type)1041 zpl_set_acl(struct user_namespace *userns, struct inode *ip,
1042     struct posix_acl *acl, int type)
1043 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY)
1044 zpl_set_acl(struct mnt_idmap *userns, struct dentry *dentry,
1045     struct posix_acl *acl, int type)
1046 #elif defined(HAVE_SET_ACL_USERNS_DENTRY_ARG2)
1047 zpl_set_acl(struct user_namespace *userns, struct dentry *dentry,
1048     struct posix_acl *acl, int type)
1049 #else
1050 zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type)
1051 #endif /* HAVE_SET_ACL_USERNS */
1052 {
1053 #ifdef HAVE_SET_ACL_USERNS_DENTRY_ARG2
1054 	return (zpl_set_acl_impl(d_inode(dentry), acl, type));
1055 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY)
1056 	return (zpl_set_acl_impl(d_inode(dentry), acl, type));
1057 #else
1058 	return (zpl_set_acl_impl(ip, acl, type));
1059 #endif /* HAVE_SET_ACL_USERNS_DENTRY_ARG2 */
1060 }
1061 
1062 static struct posix_acl *
zpl_get_acl_impl(struct inode * ip,int type)1063 zpl_get_acl_impl(struct inode *ip, int type)
1064 {
1065 	struct posix_acl *acl;
1066 	void *value = NULL;
1067 	char *name;
1068 
1069 	switch (type) {
1070 	case ACL_TYPE_ACCESS:
1071 		name = XATTR_NAME_POSIX_ACL_ACCESS;
1072 		break;
1073 	case ACL_TYPE_DEFAULT:
1074 		name = XATTR_NAME_POSIX_ACL_DEFAULT;
1075 		break;
1076 	default:
1077 		return (ERR_PTR(-EINVAL));
1078 	}
1079 
1080 	int size = zpl_xattr_get(ip, name, NULL, 0);
1081 	if (size > 0) {
1082 		value = kmem_alloc(size, KM_SLEEP);
1083 		size = zpl_xattr_get(ip, name, value, size);
1084 	}
1085 
1086 	if (size > 0) {
1087 		acl = zpl_acl_from_xattr(value, size);
1088 	} else if (size == -ENODATA || size == -ENOSYS) {
1089 		acl = NULL;
1090 	} else {
1091 		acl = ERR_PTR(-EIO);
1092 	}
1093 
1094 	if (size > 0)
1095 		kmem_free(value, size);
1096 
1097 	return (acl);
1098 }
1099 
1100 #if defined(HAVE_GET_ACL_RCU) || defined(HAVE_GET_INODE_ACL)
1101 struct posix_acl *
zpl_get_acl(struct inode * ip,int type,bool rcu)1102 zpl_get_acl(struct inode *ip, int type, bool rcu)
1103 {
1104 	if (rcu)
1105 		return (ERR_PTR(-ECHILD));
1106 
1107 	return (zpl_get_acl_impl(ip, type));
1108 }
1109 #elif defined(HAVE_GET_ACL)
1110 struct posix_acl *
zpl_get_acl(struct inode * ip,int type)1111 zpl_get_acl(struct inode *ip, int type)
1112 {
1113 	return (zpl_get_acl_impl(ip, type));
1114 }
1115 #else
1116 #error "Unsupported iops->get_acl() implementation"
1117 #endif /* HAVE_GET_ACL_RCU */
1118 
1119 int
zpl_init_acl(struct inode * ip,struct inode * dir)1120 zpl_init_acl(struct inode *ip, struct inode *dir)
1121 {
1122 	struct posix_acl *acl = NULL;
1123 	int error = 0;
1124 
1125 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1126 		return (0);
1127 
1128 	if (!S_ISLNK(ip->i_mode)) {
1129 		acl = zpl_get_acl_impl(dir, ACL_TYPE_DEFAULT);
1130 		if (IS_ERR(acl))
1131 			return (PTR_ERR(acl));
1132 		if (!acl) {
1133 			ITOZ(ip)->z_mode = (ip->i_mode &= ~current_umask());
1134 			zpl_inode_set_ctime_to_ts(ip, current_time(ip));
1135 			zfs_mark_inode_dirty(ip);
1136 			return (0);
1137 		}
1138 	}
1139 
1140 	if (acl) {
1141 		umode_t mode;
1142 
1143 		if (S_ISDIR(ip->i_mode)) {
1144 			error = zpl_set_acl_impl(ip, acl, ACL_TYPE_DEFAULT);
1145 			if (error)
1146 				goto out;
1147 		}
1148 
1149 		mode = ip->i_mode;
1150 		error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
1151 		if (error >= 0) {
1152 			ip->i_mode = ITOZ(ip)->z_mode = mode;
1153 			zfs_mark_inode_dirty(ip);
1154 			if (error > 0) {
1155 				error = zpl_set_acl_impl(ip, acl,
1156 				    ACL_TYPE_ACCESS);
1157 			}
1158 		}
1159 	}
1160 out:
1161 	zpl_posix_acl_release(acl);
1162 
1163 	return (error);
1164 }
1165 
1166 int
zpl_chmod_acl(struct inode * ip)1167 zpl_chmod_acl(struct inode *ip)
1168 {
1169 	struct posix_acl *acl;
1170 	int error;
1171 
1172 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1173 		return (0);
1174 
1175 	if (S_ISLNK(ip->i_mode))
1176 		return (-EOPNOTSUPP);
1177 
1178 	acl = zpl_get_acl_impl(ip, ACL_TYPE_ACCESS);
1179 	if (IS_ERR(acl) || !acl)
1180 		return (PTR_ERR(acl));
1181 
1182 	error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
1183 	if (!error)
1184 		error = zpl_set_acl_impl(ip, acl, ACL_TYPE_ACCESS);
1185 
1186 	zpl_posix_acl_release(acl);
1187 
1188 	return (error);
1189 }
1190 
1191 static int
__zpl_xattr_acl_list_access(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)1192 __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1193     const char *name, size_t name_len)
1194 {
1195 	char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS;
1196 	size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS);
1197 
1198 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1199 		return (0);
1200 
1201 	if (list && xattr_size <= list_size)
1202 		memcpy(list, xattr_name, xattr_size);
1203 
1204 	return (xattr_size);
1205 }
1206 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access);
1207 
1208 static int
__zpl_xattr_acl_list_default(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)1209 __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1210     const char *name, size_t name_len)
1211 {
1212 	char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT;
1213 	size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT);
1214 
1215 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1216 		return (0);
1217 
1218 	if (list && xattr_size <= list_size)
1219 		memcpy(list, xattr_name, xattr_size);
1220 
1221 	return (xattr_size);
1222 }
1223 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default);
1224 
1225 static int
__zpl_xattr_acl_get_access(struct inode * ip,const char * name,void * buffer,size_t size)1226 __zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1227     void *buffer, size_t size)
1228 {
1229 	struct posix_acl *acl;
1230 	int type = ACL_TYPE_ACCESS;
1231 	int error;
1232 	/* xattr_resolve_name will do this for us if this is defined */
1233 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1234 		return (-EOPNOTSUPP);
1235 
1236 	acl = zpl_get_acl_impl(ip, type);
1237 	if (IS_ERR(acl))
1238 		return (PTR_ERR(acl));
1239 	if (acl == NULL)
1240 		return (-ENODATA);
1241 
1242 	error = zpl_acl_to_xattr(acl, buffer, size);
1243 	zpl_posix_acl_release(acl);
1244 
1245 	return (error);
1246 }
1247 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access);
1248 
1249 static int
__zpl_xattr_acl_get_default(struct inode * ip,const char * name,void * buffer,size_t size)1250 __zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1251     void *buffer, size_t size)
1252 {
1253 	struct posix_acl *acl;
1254 	int type = ACL_TYPE_DEFAULT;
1255 	int error;
1256 	/* xattr_resolve_name will do this for us if this is defined */
1257 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1258 		return (-EOPNOTSUPP);
1259 
1260 	acl = zpl_get_acl_impl(ip, type);
1261 	if (IS_ERR(acl))
1262 		return (PTR_ERR(acl));
1263 	if (acl == NULL)
1264 		return (-ENODATA);
1265 
1266 	error = zpl_acl_to_xattr(acl, buffer, size);
1267 	zpl_posix_acl_release(acl);
1268 
1269 	return (error);
1270 }
1271 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default);
1272 
1273 static int
__zpl_xattr_acl_set_access(zidmap_t * mnt_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)1274 __zpl_xattr_acl_set_access(zidmap_t *mnt_ns,
1275     struct inode *ip, const char *name,
1276     const void *value, size_t size, int flags)
1277 {
1278 	struct posix_acl *acl;
1279 	int type = ACL_TYPE_ACCESS;
1280 	int error = 0;
1281 	/* xattr_resolve_name will do this for us if this is defined */
1282 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1283 		return (-EOPNOTSUPP);
1284 
1285 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP)
1286 	if (!zpl_inode_owner_or_capable(mnt_ns, ip))
1287 		return (-EPERM);
1288 #else
1289 	(void) mnt_ns;
1290 	if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip))
1291 		return (-EPERM);
1292 #endif
1293 
1294 	if (value) {
1295 		acl = zpl_acl_from_xattr(value, size);
1296 		if (IS_ERR(acl))
1297 			return (PTR_ERR(acl));
1298 		else if (acl) {
1299 			error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
1300 			if (error) {
1301 				zpl_posix_acl_release(acl);
1302 				return (error);
1303 			}
1304 		}
1305 	} else {
1306 		acl = NULL;
1307 	}
1308 	error = zpl_set_acl_impl(ip, acl, type);
1309 	zpl_posix_acl_release(acl);
1310 
1311 	return (error);
1312 }
1313 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access);
1314 
1315 static int
__zpl_xattr_acl_set_default(zidmap_t * mnt_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)1316 __zpl_xattr_acl_set_default(zidmap_t *mnt_ns,
1317     struct inode *ip, const char *name,
1318     const void *value, size_t size, int flags)
1319 {
1320 	struct posix_acl *acl;
1321 	int type = ACL_TYPE_DEFAULT;
1322 	int error = 0;
1323 	/* xattr_resolve_name will do this for us if this is defined */
1324 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1325 		return (-EOPNOTSUPP);
1326 
1327 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP)
1328 	if (!zpl_inode_owner_or_capable(mnt_ns, ip))
1329 		return (-EPERM);
1330 #else
1331 	(void) mnt_ns;
1332 	if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip))
1333 		return (-EPERM);
1334 #endif
1335 
1336 	if (value) {
1337 		acl = zpl_acl_from_xattr(value, size);
1338 		if (IS_ERR(acl))
1339 			return (PTR_ERR(acl));
1340 		else if (acl) {
1341 			error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
1342 			if (error) {
1343 				zpl_posix_acl_release(acl);
1344 				return (error);
1345 			}
1346 		}
1347 	} else {
1348 		acl = NULL;
1349 	}
1350 
1351 	error = zpl_set_acl_impl(ip, acl, type);
1352 	zpl_posix_acl_release(acl);
1353 
1354 	return (error);
1355 }
1356 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default);
1357 
1358 /*
1359  * ACL access xattr namespace handlers.
1360  *
1361  * Use .name instead of .prefix when available. xattr_resolve_name will match
1362  * whole name and reject anything that has .name only as prefix.
1363  */
1364 static xattr_handler_t zpl_xattr_acl_access_handler = {
1365 	.name	= XATTR_NAME_POSIX_ACL_ACCESS,
1366 	.list	= zpl_xattr_acl_list_access,
1367 	.get	= zpl_xattr_acl_get_access,
1368 	.set	= zpl_xattr_acl_set_access,
1369 	.flags	= ACL_TYPE_ACCESS,
1370 };
1371 
1372 /*
1373  * ACL default xattr namespace handlers.
1374  *
1375  * Use .name instead of .prefix. xattr_resolve_name will match whole name and
1376  * reject anything that has .name only as prefix.
1377  */
1378 static xattr_handler_t zpl_xattr_acl_default_handler = {
1379 	.name	= XATTR_NAME_POSIX_ACL_DEFAULT,
1380 	.list	= zpl_xattr_acl_list_default,
1381 	.get	= zpl_xattr_acl_get_default,
1382 	.set	= zpl_xattr_acl_set_default,
1383 	.flags	= ACL_TYPE_DEFAULT,
1384 };
1385 
1386 #endif /* CONFIG_FS_POSIX_ACL */
1387 
1388 xattr_handler_t *zpl_xattr_handlers[] = {
1389 	&zpl_xattr_security_handler,
1390 	&zpl_xattr_trusted_handler,
1391 	&zpl_xattr_user_handler,
1392 #ifdef CONFIG_FS_POSIX_ACL
1393 	&zpl_xattr_acl_access_handler,
1394 	&zpl_xattr_acl_default_handler,
1395 #endif /* CONFIG_FS_POSIX_ACL */
1396 	NULL
1397 };
1398 
1399 static const struct xattr_handler *
zpl_xattr_handler(const char * name)1400 zpl_xattr_handler(const char *name)
1401 {
1402 	if (strncmp(name, XATTR_USER_PREFIX,
1403 	    XATTR_USER_PREFIX_LEN) == 0)
1404 		return (&zpl_xattr_user_handler);
1405 
1406 	if (strncmp(name, XATTR_TRUSTED_PREFIX,
1407 	    XATTR_TRUSTED_PREFIX_LEN) == 0)
1408 		return (&zpl_xattr_trusted_handler);
1409 
1410 	if (strncmp(name, XATTR_SECURITY_PREFIX,
1411 	    XATTR_SECURITY_PREFIX_LEN) == 0)
1412 		return (&zpl_xattr_security_handler);
1413 
1414 #ifdef CONFIG_FS_POSIX_ACL
1415 	if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
1416 	    sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0)
1417 		return (&zpl_xattr_acl_access_handler);
1418 
1419 	if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1420 	    sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0)
1421 		return (&zpl_xattr_acl_default_handler);
1422 #endif /* CONFIG_FS_POSIX_ACL */
1423 
1424 	return (NULL);
1425 }
1426 
1427 static enum xattr_permission
zpl_xattr_permission(xattr_filldir_t * xf,const char * name,int name_len)1428 zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len)
1429 {
1430 	const struct xattr_handler *handler;
1431 	struct dentry *d __maybe_unused = xf->dentry;
1432 	enum xattr_permission perm = XAPERM_ALLOW;
1433 
1434 	handler = zpl_xattr_handler(name);
1435 	if (handler == NULL) {
1436 		/* Do not expose FreeBSD system namespace xattrs. */
1437 		if (ZFS_XA_NS_PREFIX_MATCH(FREEBSD, name))
1438 			return (XAPERM_DENY);
1439 		/*
1440 		 * Anything that doesn't match a known namespace gets put in the
1441 		 * user namespace for compatibility with other platforms.
1442 		 */
1443 		perm = XAPERM_COMPAT;
1444 		handler = &zpl_xattr_user_handler;
1445 	}
1446 
1447 	if (handler->list) {
1448 		if (!handler->list(d))
1449 			return (XAPERM_DENY);
1450 	}
1451 
1452 	return (perm);
1453 }
1454 
1455 #ifdef CONFIG_FS_POSIX_ACL
1456 
1457 struct acl_rel_struct {
1458 	struct acl_rel_struct *next;
1459 	struct posix_acl *acl;
1460 	clock_t time;
1461 };
1462 
1463 #define	ACL_REL_GRACE	(60*HZ)
1464 #define	ACL_REL_WINDOW	(1*HZ)
1465 #define	ACL_REL_SCHED	(ACL_REL_GRACE+ACL_REL_WINDOW)
1466 
1467 /*
1468  * Lockless multi-producer single-consumer fifo list.
1469  * Nodes are added to tail and removed from head. Tail pointer is our
1470  * synchronization point. It always points to the next pointer of the last
1471  * node, or head if list is empty.
1472  */
1473 static struct acl_rel_struct *acl_rel_head = NULL;
1474 static struct acl_rel_struct **acl_rel_tail = &acl_rel_head;
1475 
1476 static void
zpl_posix_acl_free(void * arg)1477 zpl_posix_acl_free(void *arg)
1478 {
1479 	struct acl_rel_struct *freelist = NULL;
1480 	struct acl_rel_struct *a;
1481 	clock_t new_time;
1482 	boolean_t refire = B_FALSE;
1483 
1484 	ASSERT3P(acl_rel_head, !=, NULL);
1485 	while (acl_rel_head) {
1486 		a = acl_rel_head;
1487 		if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) {
1488 			/*
1489 			 * If a is the last node we need to reset tail, but we
1490 			 * need to use cmpxchg to make sure it is still the
1491 			 * last node.
1492 			 */
1493 			if (acl_rel_tail == &a->next) {
1494 				acl_rel_head = NULL;
1495 				if (cmpxchg(&acl_rel_tail, &a->next,
1496 				    &acl_rel_head) == &a->next) {
1497 					ASSERT3P(a->next, ==, NULL);
1498 					a->next = freelist;
1499 					freelist = a;
1500 					break;
1501 				}
1502 			}
1503 			/*
1504 			 * a is not last node, make sure next pointer is set
1505 			 * by the adder and advance the head.
1506 			 */
1507 			while (READ_ONCE(a->next) == NULL)
1508 				cpu_relax();
1509 			acl_rel_head = a->next;
1510 			a->next = freelist;
1511 			freelist = a;
1512 		} else {
1513 			/*
1514 			 * a is still in grace period. We are responsible to
1515 			 * reschedule the free task, since adder will only do
1516 			 * so if list is empty.
1517 			 */
1518 			new_time = a->time + ACL_REL_SCHED;
1519 			refire = B_TRUE;
1520 			break;
1521 		}
1522 	}
1523 
1524 	if (refire)
1525 		taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1526 		    NULL, TQ_SLEEP, new_time);
1527 
1528 	while (freelist) {
1529 		a = freelist;
1530 		freelist = a->next;
1531 		kfree(a->acl);
1532 		kmem_free(a, sizeof (struct acl_rel_struct));
1533 	}
1534 }
1535 
1536 void
zpl_posix_acl_release_impl(struct posix_acl * acl)1537 zpl_posix_acl_release_impl(struct posix_acl *acl)
1538 {
1539 	struct acl_rel_struct *a, **prev;
1540 
1541 	a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP);
1542 	a->next = NULL;
1543 	a->acl = acl;
1544 	a->time = ddi_get_lbolt();
1545 	/* atomically points tail to us and get the previous tail */
1546 	prev = xchg(&acl_rel_tail, &a->next);
1547 	ASSERT3P(*prev, ==, NULL);
1548 	*prev = a;
1549 	/* if it was empty before, schedule the free task */
1550 	if (prev == &acl_rel_head)
1551 		taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1552 		    NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED);
1553 }
1554 #endif
1555 
1556 ZFS_MODULE_PARAM(zfs, zfs_, xattr_compat, INT, ZMOD_RW,
1557 	"Use legacy ZFS xattr naming for writing new user namespace xattrs");
1558