1 // SPDX-License-Identifier: CDDL-1.0
2 /*
3 * CDDL HEADER START
4 *
5 * The contents of this file are subject to the terms of the
6 * Common Development and Distribution License (the "License").
7 * You may not use this file except in compliance with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or https://opensource.org/licenses/CDDL-1.0.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
24 *
25 * Extended attributes (xattr) on Solaris are implemented as files
26 * which exist in a hidden xattr directory. These extended attributes
27 * can be accessed using the attropen() system call which opens
28 * the extended attribute. It can then be manipulated just like
29 * a standard file descriptor. This has a couple advantages such
30 * as practically no size limit on the file, and the extended
31 * attributes permissions may differ from those of the parent file.
32 * This interface is really quite clever, but it's also completely
33 * different than what is supported on Linux. It also comes with a
34 * steep performance penalty when accessing small xattrs because they
35 * are not stored with the parent file.
36 *
37 * Under Linux extended attributes are manipulated by the system
38 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
39 * extended attributes to be name/value pairs where the name is a
40 * NULL terminated string. The name must also include one of the
41 * following namespace prefixes:
42 *
43 * user - No restrictions and is available to user applications.
44 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
45 * system - Used for access control lists (system.nfs4_acl, etc).
46 * security - Used by SELinux to store a files security context.
47 *
48 * The value under Linux to limited to 65536 bytes of binary data.
49 * In practice, individual xattrs tend to be much smaller than this
50 * and are typically less than 100 bytes. A good example of this
51 * are the security.selinux xattrs which are less than 100 bytes and
52 * exist for every file when xattr labeling is enabled.
53 *
54 * The Linux xattr implementation has been written to take advantage of
55 * this typical usage. When the dataset property 'xattr=sa' is set,
56 * then xattrs will be preferentially stored as System Attributes (SA).
57 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
58 * up to 64k of xattrs to be stored in the spill block. If additional
59 * xattr space is required, which is unlikely under Linux, they will
60 * be stored using the traditional directory approach.
61 *
62 * This optimization results in roughly a 3x performance improvement
63 * when accessing xattrs because it avoids the need to perform a seek
64 * for every xattr value. When multiple xattrs are stored per-file
65 * the performance improvements are even greater because all of the
66 * xattrs stored in the spill block will be cached.
67 *
68 * However, by default SA based xattrs are disabled in the Linux port
69 * to maximize compatibility with other implementations. If you do
70 * enable SA based xattrs then they will not be visible on platforms
71 * which do not support this feature.
72 *
73 * NOTE: One additional consequence of the xattr directory implementation
74 * is that when an extended attribute is manipulated an inode is created.
75 * This inode will exist in the Linux inode cache but there will be no
76 * associated entry in the dentry cache which references it. This is
77 * safe but it may result in some confusion. Enabling SA based xattrs
78 * largely avoids the issue except in the overflow case.
79 */
80
81 #include <sys/zfs_znode.h>
82 #include <sys/zfs_vfsops.h>
83 #include <sys/zfs_vnops.h>
84 #include <sys/zap.h>
85 #include <sys/vfs.h>
86 #include <sys/zpl.h>
87 #include <linux/vfs_compat.h>
88
89 enum xattr_permission {
90 XAPERM_DENY,
91 XAPERM_ALLOW,
92 XAPERM_COMPAT,
93 };
94
95 typedef struct xattr_filldir {
96 size_t size;
97 size_t offset;
98 char *buf;
99 struct dentry *dentry;
100 } xattr_filldir_t;
101
102 static enum xattr_permission zpl_xattr_permission(xattr_filldir_t *,
103 const char *, int);
104
105 static int zfs_xattr_compat = 0;
106
107 /*
108 * Determine is a given xattr name should be visible and if so copy it
109 * in to the provided buffer (xf->buf).
110 */
111 static int
zpl_xattr_filldir(xattr_filldir_t * xf,const char * name,int name_len)112 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
113 {
114 enum xattr_permission perm;
115
116 /* Check permissions using the per-namespace list xattr handler. */
117 perm = zpl_xattr_permission(xf, name, name_len);
118 if (perm == XAPERM_DENY)
119 return (0);
120
121 /* Prefix the name with "user." if it does not have a namespace. */
122 if (perm == XAPERM_COMPAT) {
123 if (xf->buf) {
124 if (xf->offset + XATTR_USER_PREFIX_LEN + 1 > xf->size)
125 return (-ERANGE);
126
127 memcpy(xf->buf + xf->offset, XATTR_USER_PREFIX,
128 XATTR_USER_PREFIX_LEN);
129 xf->buf[xf->offset + XATTR_USER_PREFIX_LEN] = '\0';
130 }
131
132 xf->offset += XATTR_USER_PREFIX_LEN;
133 }
134
135 /* When xf->buf is NULL only calculate the required size. */
136 if (xf->buf) {
137 if (xf->offset + name_len + 1 > xf->size)
138 return (-ERANGE);
139
140 memcpy(xf->buf + xf->offset, name, name_len);
141 xf->buf[xf->offset + name_len] = '\0';
142 }
143
144 xf->offset += (name_len + 1);
145
146 return (0);
147 }
148
149 /*
150 * Read as many directory entry names as will fit in to the provided buffer,
151 * or when no buffer is provided calculate the required buffer size.
152 */
153 static int
zpl_xattr_readdir(struct inode * dxip,xattr_filldir_t * xf)154 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
155 {
156 zap_cursor_t zc;
157 zap_attribute_t *zap = zap_attribute_alloc();
158 int error;
159
160 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
161
162 while ((error = -zap_cursor_retrieve(&zc, zap)) == 0) {
163
164 if (zap->za_integer_length != 8 || zap->za_num_integers != 1) {
165 error = -ENXIO;
166 break;
167 }
168
169 error = zpl_xattr_filldir(xf, zap->za_name,
170 strlen(zap->za_name));
171 if (error)
172 break;
173
174 zap_cursor_advance(&zc);
175 }
176
177 zap_cursor_fini(&zc);
178 zap_attribute_free(zap);
179
180 if (error == -ENOENT)
181 error = 0;
182
183 return (error);
184 }
185
186 static ssize_t
zpl_xattr_list_dir(xattr_filldir_t * xf,cred_t * cr)187 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
188 {
189 struct inode *ip = xf->dentry->d_inode;
190 struct inode *dxip = NULL;
191 znode_t *dxzp;
192 int error;
193
194 /* Lookup the xattr directory */
195 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
196 cr, NULL, NULL);
197 if (error) {
198 if (error == -ENOENT)
199 error = 0;
200
201 return (error);
202 }
203
204 dxip = ZTOI(dxzp);
205 error = zpl_xattr_readdir(dxip, xf);
206 iput(dxip);
207
208 return (error);
209 }
210
211 static ssize_t
zpl_xattr_list_sa(xattr_filldir_t * xf)212 zpl_xattr_list_sa(xattr_filldir_t *xf)
213 {
214 znode_t *zp = ITOZ(xf->dentry->d_inode);
215 nvpair_t *nvp = NULL;
216 int error = 0;
217
218 mutex_enter(&zp->z_lock);
219 if (zp->z_xattr_cached == NULL)
220 error = -zfs_sa_get_xattr(zp);
221 mutex_exit(&zp->z_lock);
222
223 if (error)
224 return (error);
225
226 ASSERT(zp->z_xattr_cached);
227
228 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
229 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
230
231 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
232 strlen(nvpair_name(nvp)));
233 if (error)
234 return (error);
235 }
236
237 return (0);
238 }
239
240 ssize_t
zpl_xattr_list(struct dentry * dentry,char * buffer,size_t buffer_size)241 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
242 {
243 znode_t *zp = ITOZ(dentry->d_inode);
244 zfsvfs_t *zfsvfs = ZTOZSB(zp);
245 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry };
246 cred_t *cr = CRED();
247 fstrans_cookie_t cookie;
248 int error = 0;
249
250 crhold(cr);
251 cookie = spl_fstrans_mark();
252 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
253 goto out1;
254 rw_enter(&zp->z_xattr_lock, RW_READER);
255
256 if (zfsvfs->z_use_sa && zp->z_is_sa) {
257 error = zpl_xattr_list_sa(&xf);
258 if (error)
259 goto out;
260 }
261
262 error = zpl_xattr_list_dir(&xf, cr);
263 if (error)
264 goto out;
265
266 error = xf.offset;
267 out:
268
269 rw_exit(&zp->z_xattr_lock);
270 zpl_exit(zfsvfs, FTAG);
271 out1:
272 spl_fstrans_unmark(cookie);
273 crfree(cr);
274
275 return (error);
276 }
277
278 static int
zpl_xattr_get_dir(struct inode * ip,const char * name,void * value,size_t size,cred_t * cr)279 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
280 size_t size, cred_t *cr)
281 {
282 fstrans_cookie_t cookie;
283 struct inode *xip = NULL;
284 znode_t *dxzp = NULL;
285 znode_t *xzp = NULL;
286 int error;
287
288 /* Lookup the xattr directory */
289 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
290 cr, NULL, NULL);
291 if (error)
292 goto out;
293
294 /* Lookup a specific xattr name in the directory */
295 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
296 if (error)
297 goto out;
298
299 xip = ZTOI(xzp);
300 if (!size) {
301 error = i_size_read(xip);
302 goto out;
303 }
304
305 if (size < i_size_read(xip)) {
306 error = -ERANGE;
307 goto out;
308 }
309
310 struct iovec iov;
311 iov.iov_base = (void *)value;
312 iov.iov_len = size;
313
314 zfs_uio_t uio;
315 zfs_uio_iovec_init(&uio, &iov, 1, 0, UIO_SYSSPACE, size, 0);
316
317 cookie = spl_fstrans_mark();
318 error = -zfs_read(ITOZ(xip), &uio, 0, cr);
319 spl_fstrans_unmark(cookie);
320
321 if (error == 0)
322 error = size - zfs_uio_resid(&uio);
323 out:
324 if (xzp)
325 zrele(xzp);
326
327 if (dxzp)
328 zrele(dxzp);
329
330 return (error);
331 }
332
333 static int
zpl_xattr_get_sa(struct inode * ip,const char * name,void * value,size_t size)334 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
335 {
336 znode_t *zp = ITOZ(ip);
337 uchar_t *nv_value;
338 uint_t nv_size;
339 int error = 0;
340
341 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
342
343 mutex_enter(&zp->z_lock);
344 if (zp->z_xattr_cached == NULL)
345 error = -zfs_sa_get_xattr(zp);
346 mutex_exit(&zp->z_lock);
347
348 if (error)
349 return (error);
350
351 ASSERT(zp->z_xattr_cached);
352 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
353 &nv_value, &nv_size);
354 if (error)
355 return (error);
356
357 if (size == 0 || value == NULL)
358 return (nv_size);
359
360 if (size < nv_size)
361 return (-ERANGE);
362
363 memcpy(value, nv_value, nv_size);
364
365 return (nv_size);
366 }
367
368 static int
__zpl_xattr_get(struct inode * ip,const char * name,void * value,size_t size,cred_t * cr)369 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
370 cred_t *cr)
371 {
372 znode_t *zp = ITOZ(ip);
373 zfsvfs_t *zfsvfs = ZTOZSB(zp);
374 int error;
375
376 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
377
378 if (zfsvfs->z_use_sa && zp->z_is_sa) {
379 error = zpl_xattr_get_sa(ip, name, value, size);
380 if (error != -ENOENT)
381 goto out;
382 }
383
384 error = zpl_xattr_get_dir(ip, name, value, size, cr);
385 out:
386 if (error == -ENOENT)
387 error = -ENODATA;
388
389 return (error);
390 }
391
392 #define XATTR_NOENT 0x0
393 #define XATTR_IN_SA 0x1
394 #define XATTR_IN_DIR 0x2
395 /* check where the xattr resides */
396 static int
__zpl_xattr_where(struct inode * ip,const char * name,int * where,cred_t * cr)397 __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr)
398 {
399 znode_t *zp = ITOZ(ip);
400 zfsvfs_t *zfsvfs = ZTOZSB(zp);
401 int error;
402
403 ASSERT(where);
404 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
405
406 *where = XATTR_NOENT;
407 if (zfsvfs->z_use_sa && zp->z_is_sa) {
408 error = zpl_xattr_get_sa(ip, name, NULL, 0);
409 if (error >= 0)
410 *where |= XATTR_IN_SA;
411 else if (error != -ENOENT)
412 return (error);
413 }
414
415 error = zpl_xattr_get_dir(ip, name, NULL, 0, cr);
416 if (error >= 0)
417 *where |= XATTR_IN_DIR;
418 else if (error != -ENOENT)
419 return (error);
420
421 if (*where == (XATTR_IN_SA|XATTR_IN_DIR))
422 cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\""
423 " in both SA and dir", ip, name);
424 if (*where == XATTR_NOENT)
425 error = -ENODATA;
426 else
427 error = 0;
428 return (error);
429 }
430
431 static int
zpl_xattr_get(struct inode * ip,const char * name,void * value,size_t size)432 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
433 {
434 znode_t *zp = ITOZ(ip);
435 zfsvfs_t *zfsvfs = ZTOZSB(zp);
436 cred_t *cr = CRED();
437 fstrans_cookie_t cookie;
438 int error;
439
440 crhold(cr);
441 cookie = spl_fstrans_mark();
442 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
443 goto out;
444 rw_enter(&zp->z_xattr_lock, RW_READER);
445 error = __zpl_xattr_get(ip, name, value, size, cr);
446 rw_exit(&zp->z_xattr_lock);
447 zpl_exit(zfsvfs, FTAG);
448 out:
449 spl_fstrans_unmark(cookie);
450 crfree(cr);
451
452 return (error);
453 }
454
455 static int
zpl_xattr_set_dir(struct inode * ip,const char * name,const void * value,size_t size,int flags,cred_t * cr)456 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
457 size_t size, int flags, cred_t *cr)
458 {
459 znode_t *dxzp = NULL;
460 znode_t *xzp = NULL;
461 vattr_t *vap = NULL;
462 int lookup_flags, error;
463 const int xattr_mode = S_IFREG | 0644;
464 loff_t pos = 0;
465
466 /*
467 * Lookup the xattr directory. When we're adding an entry pass
468 * CREATE_XATTR_DIR to ensure the xattr directory is created.
469 * When removing an entry this flag is not passed to avoid
470 * unnecessarily creating a new xattr directory.
471 */
472 lookup_flags = LOOKUP_XATTR;
473 if (value != NULL)
474 lookup_flags |= CREATE_XATTR_DIR;
475
476 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, lookup_flags,
477 cr, NULL, NULL);
478 if (error)
479 goto out;
480
481 /* Lookup a specific xattr name in the directory */
482 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
483 if (error && (error != -ENOENT))
484 goto out;
485
486 error = 0;
487
488 /* Remove a specific name xattr when value is set to NULL. */
489 if (value == NULL) {
490 if (xzp)
491 error = -zfs_remove(dxzp, (char *)name, cr, 0);
492
493 goto out;
494 }
495
496 /* Lookup failed create a new xattr. */
497 if (xzp == NULL) {
498 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
499 vap->va_mode = xattr_mode;
500 vap->va_mask = ATTR_MODE;
501 vap->va_uid = crgetuid(cr);
502 vap->va_gid = crgetgid(cr);
503
504 error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp,
505 cr, ATTR_NOACLCHECK, NULL, zfs_init_idmap);
506 if (error)
507 goto out;
508 }
509
510 ASSERT(xzp != NULL);
511
512 error = -zfs_freesp(xzp, 0, 0, xattr_mode, TRUE);
513 if (error)
514 goto out;
515
516 error = -zfs_write_simple(xzp, value, size, pos, NULL);
517 out:
518 if (error == 0) {
519 zpl_inode_set_ctime_to_ts(ip, current_time(ip));
520 zfs_mark_inode_dirty(ip);
521 }
522
523 if (vap)
524 kmem_free(vap, sizeof (vattr_t));
525
526 if (xzp)
527 zrele(xzp);
528
529 if (dxzp)
530 zrele(dxzp);
531
532 if (error == -ENOENT)
533 error = -ENODATA;
534
535 ASSERT3S(error, <=, 0);
536
537 return (error);
538 }
539
540 static int
zpl_xattr_set_sa(struct inode * ip,const char * name,const void * value,size_t size,int flags,cred_t * cr)541 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
542 size_t size, int flags, cred_t *cr)
543 {
544 znode_t *zp = ITOZ(ip);
545 nvlist_t *nvl;
546 size_t sa_size;
547 int error = 0;
548
549 mutex_enter(&zp->z_lock);
550 if (zp->z_xattr_cached == NULL)
551 error = -zfs_sa_get_xattr(zp);
552 mutex_exit(&zp->z_lock);
553
554 if (error)
555 return (error);
556
557 ASSERT(zp->z_xattr_cached);
558 nvl = zp->z_xattr_cached;
559
560 if (value == NULL) {
561 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
562 if (error == -ENOENT)
563 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
564 } else {
565 /* Limited to 32k to keep nvpair memory allocations small */
566 if (size > DXATTR_MAX_ENTRY_SIZE)
567 return (-EFBIG);
568
569 /* Prevent the DXATTR SA from consuming the entire SA region */
570 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
571 if (error)
572 return (error);
573
574 if (sa_size > DXATTR_MAX_SA_SIZE)
575 return (-EFBIG);
576
577 error = -nvlist_add_byte_array(nvl, name,
578 (uchar_t *)value, size);
579 }
580
581 /*
582 * Update the SA for additions, modifications, and removals. On
583 * error drop the inconsistent cached version of the nvlist, it
584 * will be reconstructed from the ARC when next accessed.
585 */
586 if (error == 0)
587 error = -zfs_sa_set_xattr(zp, name, value, size);
588
589 if (error) {
590 nvlist_free(nvl);
591 zp->z_xattr_cached = NULL;
592 }
593
594 ASSERT3S(error, <=, 0);
595
596 return (error);
597 }
598
599 static int
zpl_xattr_set(struct inode * ip,const char * name,const void * value,size_t size,int flags)600 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
601 size_t size, int flags)
602 {
603 znode_t *zp = ITOZ(ip);
604 zfsvfs_t *zfsvfs = ZTOZSB(zp);
605 cred_t *cr = CRED();
606 fstrans_cookie_t cookie;
607 int where;
608 int error;
609
610 crhold(cr);
611 cookie = spl_fstrans_mark();
612 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
613 goto out1;
614 rw_enter(&zp->z_xattr_lock, RW_WRITER);
615
616 /*
617 * Before setting the xattr check to see if it already exists.
618 * This is done to ensure the following optional flags are honored.
619 *
620 * XATTR_CREATE: fail if xattr already exists
621 * XATTR_REPLACE: fail if xattr does not exist
622 *
623 * We also want to know if it resides in sa or dir, so we can make
624 * sure we don't end up with duplicate in both places.
625 */
626 error = __zpl_xattr_where(ip, name, &where, cr);
627 if (error < 0) {
628 if (error != -ENODATA)
629 goto out;
630 if (flags & XATTR_REPLACE)
631 goto out;
632
633 /* The xattr to be removed already doesn't exist */
634 error = 0;
635 if (value == NULL)
636 goto out;
637 } else {
638 error = -EEXIST;
639 if (flags & XATTR_CREATE)
640 goto out;
641 }
642
643 /* Preferentially store the xattr as a SA for better performance */
644 if (zfsvfs->z_use_sa && zp->z_is_sa &&
645 (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) {
646 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
647 if (error == 0) {
648 /*
649 * Successfully put into SA, we need to clear the one
650 * in dir.
651 */
652 if (where & XATTR_IN_DIR)
653 zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr);
654 goto out;
655 }
656 }
657
658 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
659 /*
660 * Successfully put into dir, we need to clear the one in SA.
661 */
662 if (error == 0 && (where & XATTR_IN_SA))
663 zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr);
664 out:
665 rw_exit(&zp->z_xattr_lock);
666 zpl_exit(zfsvfs, FTAG);
667 out1:
668 spl_fstrans_unmark(cookie);
669 crfree(cr);
670 ASSERT3S(error, <=, 0);
671
672 return (error);
673 }
674
675 /*
676 * Extended user attributes
677 *
678 * "Extended user attributes may be assigned to files and directories for
679 * storing arbitrary additional information such as the mime type,
680 * character set or encoding of a file. The access permissions for user
681 * attributes are defined by the file permission bits: read permission
682 * is required to retrieve the attribute value, and writer permission is
683 * required to change it.
684 *
685 * The file permission bits of regular files and directories are
686 * interpreted differently from the file permission bits of special
687 * files and symbolic links. For regular files and directories the file
688 * permission bits define access to the file's contents, while for
689 * device special files they define access to the device described by
690 * the special file. The file permissions of symbolic links are not
691 * used in access checks. These differences would allow users to
692 * consume filesystem resources in a way not controllable by disk quotas
693 * for group or world writable special files and directories.
694 *
695 * For this reason, extended user attributes are allowed only for
696 * regular files and directories, and access to extended user attributes
697 * is restricted to the owner and to users with appropriate capabilities
698 * for directories with the sticky bit set (see the chmod(1) manual page
699 * for an explanation of the sticky bit)." - xattr(7)
700 *
701 * ZFS allows extended user attributes to be disabled administratively
702 * by setting the 'xattr=off' property on the dataset.
703 */
704
705 /*
706 * Concatenate prefix + name into a NUL-terminated stack buffer.
707 * Linux fs/xattr.c (import_xattr_name) caps the full xattr name at
708 * XATTR_NAME_MAX before any handler runs, so XATTR_NAME_MAX + 1
709 * bytes always fit.
710 */
711 static inline void
zpl_xattr_join_name(char * buf,size_t buflen,const char * prefix,size_t prefix_len,const char * name,size_t name_len)712 zpl_xattr_join_name(char *buf, size_t buflen, const char *prefix,
713 size_t prefix_len, const char *name, size_t name_len)
714 {
715 ASSERT3U(prefix_len + name_len + 1, <=, buflen);
716
717 memcpy(buf, prefix, prefix_len);
718 memcpy(buf + prefix_len, name, name_len);
719 buf[prefix_len + name_len] = '\0';
720 }
721
722 static int
__zpl_xattr_user_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)723 __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size,
724 const char *name, size_t name_len)
725 {
726 return (ITOZSB(ip)->z_flags & ZSB_XATTR);
727 }
728 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list);
729
730 static int
__zpl_xattr_user_get(struct inode * ip,const char * name,void * value,size_t size)731 __zpl_xattr_user_get(struct inode *ip, const char *name,
732 void *value, size_t size)
733 {
734 int error;
735 /* xattr_resolve_name will do this for us if this is defined */
736 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
737 return (-EINVAL);
738 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
739 return (-EOPNOTSUPP);
740
741 /*
742 * Try to look up the name with the namespace prefix first for
743 * compatibility with xattrs from this platform. If that fails,
744 * try again without the namespace prefix for compatibility with
745 * other platforms.
746 */
747 char xattr_name[XATTR_NAME_MAX + 1];
748
749 zpl_xattr_join_name(xattr_name, sizeof (xattr_name),
750 XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN,
751 name, strlen(name));
752
753 error = zpl_xattr_get(ip, xattr_name, value, size);
754 if (error == -ENODATA)
755 error = zpl_xattr_get(ip, name, value, size);
756
757 return (error);
758 }
759 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
760
761 static int
__zpl_xattr_user_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)762 __zpl_xattr_user_set(zidmap_t *user_ns,
763 struct inode *ip, const char *name,
764 const void *value, size_t size, int flags)
765 {
766 (void) user_ns;
767 int error = 0;
768 /* xattr_resolve_name will do this for us if this is defined */
769 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
770 return (-EINVAL);
771 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
772 return (-EOPNOTSUPP);
773
774 /*
775 * Remove alternate compat version of the xattr so we only set the
776 * version specified by the zfs_xattr_compat tunable.
777 *
778 * The following flags must be handled correctly:
779 *
780 * XATTR_CREATE: fail if xattr already exists
781 * XATTR_REPLACE: fail if xattr does not exist
782 */
783 char prefixed_name[XATTR_NAME_MAX + 1];
784 const char *clear_name, *set_name;
785
786 zpl_xattr_join_name(prefixed_name, sizeof (prefixed_name),
787 XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN,
788 name, strlen(name));
789
790 if (zfs_xattr_compat) {
791 clear_name = prefixed_name;
792 set_name = name;
793 } else {
794 clear_name = name;
795 set_name = prefixed_name;
796 }
797 /*
798 * Clear the old value with the alternative name format, if it exists.
799 */
800 error = zpl_xattr_set(ip, clear_name, NULL, 0, flags);
801 /*
802 * XATTR_CREATE was specified and we failed to clear the xattr
803 * because it already exists. Stop here.
804 */
805 if (error == -EEXIST)
806 return (error);
807 /*
808 * If XATTR_REPLACE was specified and we succeeded to clear
809 * an xattr, we don't need to replace anything when setting
810 * the new value. If we failed with -ENODATA that's fine,
811 * there was nothing to be cleared and we can ignore the error.
812 */
813 if (error == 0)
814 flags &= ~XATTR_REPLACE;
815 /*
816 * Set the new value with the configured name format.
817 */
818 return (zpl_xattr_set(ip, set_name, value, size, flags));
819 }
820 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
821
822 static xattr_handler_t zpl_xattr_user_handler =
823 {
824 .prefix = XATTR_USER_PREFIX,
825 .list = zpl_xattr_user_list,
826 .get = zpl_xattr_user_get,
827 .set = zpl_xattr_user_set,
828 };
829
830 /*
831 * Trusted extended attributes
832 *
833 * "Trusted extended attributes are visible and accessible only to
834 * processes that have the CAP_SYS_ADMIN capability. Attributes in this
835 * class are used to implement mechanisms in user space (i.e., outside
836 * the kernel) which keep information in extended attributes to which
837 * ordinary processes should not have access." - xattr(7)
838 */
839 static int
__zpl_xattr_trusted_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)840 __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size,
841 const char *name, size_t name_len)
842 {
843 return (capable(CAP_SYS_ADMIN));
844 }
845 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list);
846
847 static int
__zpl_xattr_trusted_get(struct inode * ip,const char * name,void * value,size_t size)848 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
849 void *value, size_t size)
850 {
851 char xattr_name[XATTR_NAME_MAX + 1];
852
853 if (!capable(CAP_SYS_ADMIN))
854 return (-EACCES);
855
856 zpl_xattr_join_name(xattr_name, sizeof (xattr_name),
857 XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN,
858 name, strlen(name));
859
860 return (zpl_xattr_get(ip, xattr_name, value, size));
861 }
862 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
863
864 static int
__zpl_xattr_trusted_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)865 __zpl_xattr_trusted_set(zidmap_t *user_ns,
866 struct inode *ip, const char *name,
867 const void *value, size_t size, int flags)
868 {
869 (void) user_ns;
870 char xattr_name[XATTR_NAME_MAX + 1];
871
872 if (!capable(CAP_SYS_ADMIN))
873 return (-EACCES);
874
875 zpl_xattr_join_name(xattr_name, sizeof (xattr_name),
876 XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN,
877 name, strlen(name));
878
879 return (zpl_xattr_set(ip, xattr_name, value, size, flags));
880 }
881 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
882
883 static xattr_handler_t zpl_xattr_trusted_handler = {
884 .prefix = XATTR_TRUSTED_PREFIX,
885 .list = zpl_xattr_trusted_list,
886 .get = zpl_xattr_trusted_get,
887 .set = zpl_xattr_trusted_set,
888 };
889
890 /*
891 * Extended security attributes
892 *
893 * "The security attribute namespace is used by kernel security modules,
894 * such as Security Enhanced Linux, and also to implement file
895 * capabilities (see capabilities(7)). Read and write access
896 * permissions to security attributes depend on the policy implemented
897 * for each security attribute by the security module. When no security
898 * module is loaded, all processes have read access to extended security
899 * attributes, and write access is limited to processes that have the
900 * CAP_SYS_ADMIN capability." - xattr(7)
901 */
902 static int
__zpl_xattr_security_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)903 __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size,
904 const char *name, size_t name_len)
905 {
906 return (1);
907 }
908 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list);
909
910 static int
__zpl_xattr_security_get(struct inode * ip,const char * name,void * value,size_t size)911 __zpl_xattr_security_get(struct inode *ip, const char *name,
912 void *value, size_t size)
913 {
914 char xattr_name[XATTR_NAME_MAX + 1];
915
916 zpl_xattr_join_name(xattr_name, sizeof (xattr_name),
917 XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN,
918 name, strlen(name));
919
920 return (zpl_xattr_get(ip, xattr_name, value, size));
921 }
922 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
923
924 static int
__zpl_xattr_security_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)925 __zpl_xattr_security_set(zidmap_t *user_ns,
926 struct inode *ip, const char *name,
927 const void *value, size_t size, int flags)
928 {
929 (void) user_ns;
930 char xattr_name[XATTR_NAME_MAX + 1];
931
932 zpl_xattr_join_name(xattr_name, sizeof (xattr_name),
933 XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN,
934 name, strlen(name));
935
936 return (zpl_xattr_set(ip, xattr_name, value, size, flags));
937 }
938 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
939
940 static int
zpl_xattr_security_init_impl(struct inode * ip,const struct xattr * xattrs,void * fs_info)941 zpl_xattr_security_init_impl(struct inode *ip, const struct xattr *xattrs,
942 void *fs_info)
943 {
944 const struct xattr *xattr;
945 int error = 0;
946
947 for (xattr = xattrs; xattr->name != NULL; xattr++) {
948 error = __zpl_xattr_security_set(NULL, ip,
949 xattr->name, xattr->value, xattr->value_len, 0);
950
951 if (error < 0)
952 break;
953 }
954
955 return (error);
956 }
957
958 int
zpl_xattr_security_init(struct inode * ip,struct inode * dip,const struct qstr * qstr)959 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
960 const struct qstr *qstr)
961 {
962 return security_inode_init_security(ip, dip, qstr,
963 &zpl_xattr_security_init_impl, NULL);
964 }
965
966 /*
967 * Security xattr namespace handlers.
968 */
969 static xattr_handler_t zpl_xattr_security_handler = {
970 .prefix = XATTR_SECURITY_PREFIX,
971 .list = zpl_xattr_security_list,
972 .get = zpl_xattr_security_get,
973 .set = zpl_xattr_security_set,
974 };
975
976 /*
977 * Extended system attributes
978 *
979 * "Extended system attributes are used by the kernel to store system
980 * objects such as Access Control Lists. Read and write access permissions
981 * to system attributes depend on the policy implemented for each system
982 * attribute implemented by filesystems in the kernel." - xattr(7)
983 */
984 #ifdef CONFIG_FS_POSIX_ACL
985 static int
zpl_set_acl_impl(struct inode * ip,struct posix_acl * acl,int type)986 zpl_set_acl_impl(struct inode *ip, struct posix_acl *acl, int type)
987 {
988 char *name, *value = NULL;
989 int error = 0;
990 size_t size = 0;
991
992 if (S_ISLNK(ip->i_mode))
993 return (-EOPNOTSUPP);
994
995 switch (type) {
996 case ACL_TYPE_ACCESS:
997 name = XATTR_NAME_POSIX_ACL_ACCESS;
998 if (acl) {
999 umode_t mode = ip->i_mode;
1000 error = posix_acl_equiv_mode(acl, &mode);
1001 if (error < 0) {
1002 return (error);
1003 } else {
1004 /*
1005 * The mode bits will have been set by
1006 * ->zfs_setattr()->zfs_acl_chmod_setattr()
1007 * using the ZFS ACL conversion. If they
1008 * differ from the Posix ACL conversion dirty
1009 * the inode to write the Posix mode bits.
1010 */
1011 if (ip->i_mode != mode) {
1012 ip->i_mode = ITOZ(ip)->z_mode = mode;
1013 zpl_inode_set_ctime_to_ts(ip,
1014 current_time(ip));
1015 zfs_mark_inode_dirty(ip);
1016 }
1017
1018 if (error == 0)
1019 acl = NULL;
1020 }
1021 }
1022 break;
1023
1024 case ACL_TYPE_DEFAULT:
1025 name = XATTR_NAME_POSIX_ACL_DEFAULT;
1026 if (!S_ISDIR(ip->i_mode))
1027 return (acl ? -EACCES : 0);
1028 break;
1029
1030 default:
1031 return (-EINVAL);
1032 }
1033
1034 if (acl) {
1035 size = posix_acl_xattr_size(acl->a_count);
1036 value = kmem_alloc(size, KM_SLEEP);
1037
1038 error = zpl_acl_to_xattr(acl, value, size);
1039 if (error < 0) {
1040 kmem_free(value, size);
1041 return (error);
1042 }
1043 }
1044
1045 error = zpl_xattr_set(ip, name, value, size, 0);
1046 if (value)
1047 kmem_free(value, size);
1048
1049 if (!error) {
1050 if (acl)
1051 set_cached_acl(ip, type, acl);
1052 else
1053 forget_cached_acl(ip, type);
1054 }
1055
1056 return (error);
1057 }
1058
1059 int
1060 #ifdef HAVE_SET_ACL_USERNS
zpl_set_acl(struct user_namespace * userns,struct inode * ip,struct posix_acl * acl,int type)1061 zpl_set_acl(struct user_namespace *userns, struct inode *ip,
1062 struct posix_acl *acl, int type)
1063 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY)
1064 zpl_set_acl(struct mnt_idmap *userns, struct dentry *dentry,
1065 struct posix_acl *acl, int type)
1066 #elif defined(HAVE_SET_ACL_USERNS_DENTRY_ARG2)
1067 zpl_set_acl(struct user_namespace *userns, struct dentry *dentry,
1068 struct posix_acl *acl, int type)
1069 #else
1070 zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type)
1071 #endif /* HAVE_SET_ACL_USERNS */
1072 {
1073 #ifdef HAVE_SET_ACL_USERNS_DENTRY_ARG2
1074 return (zpl_set_acl_impl(d_inode(dentry), acl, type));
1075 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY)
1076 return (zpl_set_acl_impl(d_inode(dentry), acl, type));
1077 #else
1078 return (zpl_set_acl_impl(ip, acl, type));
1079 #endif /* HAVE_SET_ACL_USERNS_DENTRY_ARG2 */
1080 }
1081
1082 static struct posix_acl *
zpl_get_acl_impl(struct inode * ip,int type)1083 zpl_get_acl_impl(struct inode *ip, int type)
1084 {
1085 struct posix_acl *acl;
1086 void *value = NULL;
1087 char *name;
1088
1089 switch (type) {
1090 case ACL_TYPE_ACCESS:
1091 name = XATTR_NAME_POSIX_ACL_ACCESS;
1092 break;
1093 case ACL_TYPE_DEFAULT:
1094 name = XATTR_NAME_POSIX_ACL_DEFAULT;
1095 break;
1096 default:
1097 return (ERR_PTR(-EINVAL));
1098 }
1099
1100 int size = zpl_xattr_get(ip, name, NULL, 0);
1101 if (size > 0) {
1102 value = kmem_alloc(size, KM_SLEEP);
1103 size = zpl_xattr_get(ip, name, value, size);
1104 }
1105
1106 if (size > 0) {
1107 acl = zpl_acl_from_xattr(value, size);
1108 } else if (size == -ENODATA || size == -ENOSYS) {
1109 acl = NULL;
1110 } else {
1111 acl = ERR_PTR(-EIO);
1112 }
1113
1114 if (size > 0)
1115 kmem_free(value, size);
1116
1117 return (acl);
1118 }
1119
1120 #if defined(HAVE_GET_ACL_RCU) || defined(HAVE_GET_INODE_ACL)
1121 struct posix_acl *
zpl_get_acl(struct inode * ip,int type,bool rcu)1122 zpl_get_acl(struct inode *ip, int type, bool rcu)
1123 {
1124 if (rcu)
1125 return (ERR_PTR(-ECHILD));
1126
1127 return (zpl_get_acl_impl(ip, type));
1128 }
1129 #elif defined(HAVE_GET_ACL)
1130 struct posix_acl *
zpl_get_acl(struct inode * ip,int type)1131 zpl_get_acl(struct inode *ip, int type)
1132 {
1133 return (zpl_get_acl_impl(ip, type));
1134 }
1135 #else
1136 #error "Unsupported iops->get_acl() implementation"
1137 #endif /* HAVE_GET_ACL_RCU */
1138
1139 int
zpl_init_acl(struct inode * ip,struct inode * dir)1140 zpl_init_acl(struct inode *ip, struct inode *dir)
1141 {
1142 struct posix_acl *acl = NULL;
1143 int error = 0;
1144
1145 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1146 return (0);
1147
1148 if (!S_ISLNK(ip->i_mode)) {
1149 acl = zpl_get_acl_impl(dir, ACL_TYPE_DEFAULT);
1150 if (IS_ERR(acl))
1151 return (PTR_ERR(acl));
1152 if (!acl) {
1153 ITOZ(ip)->z_mode = (ip->i_mode &= ~current_umask());
1154 zpl_inode_set_ctime_to_ts(ip, current_time(ip));
1155 zfs_mark_inode_dirty(ip);
1156 return (0);
1157 }
1158 }
1159
1160 if (acl) {
1161 umode_t mode;
1162
1163 if (S_ISDIR(ip->i_mode)) {
1164 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_DEFAULT);
1165 if (error)
1166 goto out;
1167 }
1168
1169 mode = ip->i_mode;
1170 error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
1171 if (error >= 0) {
1172 ip->i_mode = ITOZ(ip)->z_mode = mode;
1173 zfs_mark_inode_dirty(ip);
1174 if (error > 0) {
1175 error = zpl_set_acl_impl(ip, acl,
1176 ACL_TYPE_ACCESS);
1177 }
1178 }
1179 }
1180 out:
1181 zpl_posix_acl_release(acl);
1182
1183 return (error);
1184 }
1185
1186 int
zpl_chmod_acl(struct inode * ip)1187 zpl_chmod_acl(struct inode *ip)
1188 {
1189 struct posix_acl *acl;
1190 int error;
1191
1192 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1193 return (0);
1194
1195 if (S_ISLNK(ip->i_mode))
1196 return (-EOPNOTSUPP);
1197
1198 acl = zpl_get_acl_impl(ip, ACL_TYPE_ACCESS);
1199 if (IS_ERR(acl) || !acl)
1200 return (PTR_ERR(acl));
1201
1202 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
1203 if (!error)
1204 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_ACCESS);
1205
1206 zpl_posix_acl_release(acl);
1207
1208 return (error);
1209 }
1210
1211 static int
__zpl_xattr_acl_list_access(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)1212 __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1213 const char *name, size_t name_len)
1214 {
1215 char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS;
1216 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS);
1217
1218 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1219 return (0);
1220
1221 if (list && xattr_size <= list_size)
1222 memcpy(list, xattr_name, xattr_size);
1223
1224 return (xattr_size);
1225 }
1226 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access);
1227
1228 static int
__zpl_xattr_acl_list_default(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)1229 __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1230 const char *name, size_t name_len)
1231 {
1232 char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT;
1233 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT);
1234
1235 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1236 return (0);
1237
1238 if (list && xattr_size <= list_size)
1239 memcpy(list, xattr_name, xattr_size);
1240
1241 return (xattr_size);
1242 }
1243 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default);
1244
1245 static int
__zpl_xattr_acl_get_access(struct inode * ip,const char * name,void * buffer,size_t size)1246 __zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1247 void *buffer, size_t size)
1248 {
1249 struct posix_acl *acl;
1250 int type = ACL_TYPE_ACCESS;
1251 int error;
1252 /* xattr_resolve_name will do this for us if this is defined */
1253 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1254 return (-EOPNOTSUPP);
1255
1256 acl = zpl_get_acl_impl(ip, type);
1257 if (IS_ERR(acl))
1258 return (PTR_ERR(acl));
1259 if (acl == NULL)
1260 return (-ENODATA);
1261
1262 error = zpl_acl_to_xattr(acl, buffer, size);
1263 zpl_posix_acl_release(acl);
1264
1265 return (error);
1266 }
1267 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access);
1268
1269 static int
__zpl_xattr_acl_get_default(struct inode * ip,const char * name,void * buffer,size_t size)1270 __zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1271 void *buffer, size_t size)
1272 {
1273 struct posix_acl *acl;
1274 int type = ACL_TYPE_DEFAULT;
1275 int error;
1276 /* xattr_resolve_name will do this for us if this is defined */
1277 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1278 return (-EOPNOTSUPP);
1279
1280 acl = zpl_get_acl_impl(ip, type);
1281 if (IS_ERR(acl))
1282 return (PTR_ERR(acl));
1283 if (acl == NULL)
1284 return (-ENODATA);
1285
1286 error = zpl_acl_to_xattr(acl, buffer, size);
1287 zpl_posix_acl_release(acl);
1288
1289 return (error);
1290 }
1291 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default);
1292
1293 static int
__zpl_xattr_acl_set_access(zidmap_t * mnt_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)1294 __zpl_xattr_acl_set_access(zidmap_t *mnt_ns,
1295 struct inode *ip, const char *name,
1296 const void *value, size_t size, int flags)
1297 {
1298 struct posix_acl *acl;
1299 int type = ACL_TYPE_ACCESS;
1300 int error = 0;
1301 /* xattr_resolve_name will do this for us if this is defined */
1302 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1303 return (-EOPNOTSUPP);
1304
1305 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP)
1306 if (!zpl_inode_owner_or_capable(mnt_ns, ip))
1307 return (-EPERM);
1308 #else
1309 (void) mnt_ns;
1310 if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip))
1311 return (-EPERM);
1312 #endif
1313
1314 if (value) {
1315 acl = zpl_acl_from_xattr(value, size);
1316 if (IS_ERR(acl))
1317 return (PTR_ERR(acl));
1318 else if (acl) {
1319 error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
1320 if (error) {
1321 zpl_posix_acl_release(acl);
1322 return (error);
1323 }
1324 }
1325 } else {
1326 acl = NULL;
1327 }
1328 error = zpl_set_acl_impl(ip, acl, type);
1329 zpl_posix_acl_release(acl);
1330
1331 return (error);
1332 }
1333 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access);
1334
1335 static int
__zpl_xattr_acl_set_default(zidmap_t * mnt_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)1336 __zpl_xattr_acl_set_default(zidmap_t *mnt_ns,
1337 struct inode *ip, const char *name,
1338 const void *value, size_t size, int flags)
1339 {
1340 struct posix_acl *acl;
1341 int type = ACL_TYPE_DEFAULT;
1342 int error = 0;
1343 /* xattr_resolve_name will do this for us if this is defined */
1344 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1345 return (-EOPNOTSUPP);
1346
1347 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP)
1348 if (!zpl_inode_owner_or_capable(mnt_ns, ip))
1349 return (-EPERM);
1350 #else
1351 (void) mnt_ns;
1352 if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip))
1353 return (-EPERM);
1354 #endif
1355
1356 if (value) {
1357 acl = zpl_acl_from_xattr(value, size);
1358 if (IS_ERR(acl))
1359 return (PTR_ERR(acl));
1360 else if (acl) {
1361 error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
1362 if (error) {
1363 zpl_posix_acl_release(acl);
1364 return (error);
1365 }
1366 }
1367 } else {
1368 acl = NULL;
1369 }
1370
1371 error = zpl_set_acl_impl(ip, acl, type);
1372 zpl_posix_acl_release(acl);
1373
1374 return (error);
1375 }
1376 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default);
1377
1378 /*
1379 * ACL access xattr namespace handlers.
1380 *
1381 * Use .name instead of .prefix when available. xattr_resolve_name will match
1382 * whole name and reject anything that has .name only as prefix.
1383 */
1384 static xattr_handler_t zpl_xattr_acl_access_handler = {
1385 .name = XATTR_NAME_POSIX_ACL_ACCESS,
1386 .list = zpl_xattr_acl_list_access,
1387 .get = zpl_xattr_acl_get_access,
1388 .set = zpl_xattr_acl_set_access,
1389 .flags = ACL_TYPE_ACCESS,
1390 };
1391
1392 /*
1393 * ACL default xattr namespace handlers.
1394 *
1395 * Use .name instead of .prefix. xattr_resolve_name will match whole name and
1396 * reject anything that has .name only as prefix.
1397 */
1398 static xattr_handler_t zpl_xattr_acl_default_handler = {
1399 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
1400 .list = zpl_xattr_acl_list_default,
1401 .get = zpl_xattr_acl_get_default,
1402 .set = zpl_xattr_acl_set_default,
1403 .flags = ACL_TYPE_DEFAULT,
1404 };
1405
1406 #endif /* CONFIG_FS_POSIX_ACL */
1407
1408 xattr_handler_t *zpl_xattr_handlers[] = {
1409 &zpl_xattr_security_handler,
1410 &zpl_xattr_trusted_handler,
1411 &zpl_xattr_user_handler,
1412 #ifdef CONFIG_FS_POSIX_ACL
1413 &zpl_xattr_acl_access_handler,
1414 &zpl_xattr_acl_default_handler,
1415 #endif /* CONFIG_FS_POSIX_ACL */
1416 NULL
1417 };
1418
1419 static const struct xattr_handler *
zpl_xattr_handler(const char * name)1420 zpl_xattr_handler(const char *name)
1421 {
1422 if (strncmp(name, XATTR_USER_PREFIX,
1423 XATTR_USER_PREFIX_LEN) == 0)
1424 return (&zpl_xattr_user_handler);
1425
1426 if (strncmp(name, XATTR_TRUSTED_PREFIX,
1427 XATTR_TRUSTED_PREFIX_LEN) == 0)
1428 return (&zpl_xattr_trusted_handler);
1429
1430 if (strncmp(name, XATTR_SECURITY_PREFIX,
1431 XATTR_SECURITY_PREFIX_LEN) == 0)
1432 return (&zpl_xattr_security_handler);
1433
1434 #ifdef CONFIG_FS_POSIX_ACL
1435 if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
1436 sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0)
1437 return (&zpl_xattr_acl_access_handler);
1438
1439 if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1440 sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0)
1441 return (&zpl_xattr_acl_default_handler);
1442 #endif /* CONFIG_FS_POSIX_ACL */
1443
1444 return (NULL);
1445 }
1446
1447 static enum xattr_permission
zpl_xattr_permission(xattr_filldir_t * xf,const char * name,int name_len)1448 zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len)
1449 {
1450 const struct xattr_handler *handler;
1451 struct dentry *d __maybe_unused = xf->dentry;
1452 enum xattr_permission perm = XAPERM_ALLOW;
1453
1454 handler = zpl_xattr_handler(name);
1455 if (handler == NULL) {
1456 /* Do not expose FreeBSD system namespace xattrs. */
1457 if (ZFS_XA_NS_PREFIX_MATCH(FREEBSD, name))
1458 return (XAPERM_DENY);
1459 /*
1460 * Anything that doesn't match a known namespace gets put in the
1461 * user namespace for compatibility with other platforms.
1462 */
1463 perm = XAPERM_COMPAT;
1464 handler = &zpl_xattr_user_handler;
1465 }
1466
1467 if (handler->list) {
1468 if (!handler->list(d))
1469 return (XAPERM_DENY);
1470 }
1471
1472 return (perm);
1473 }
1474
1475 #ifdef CONFIG_FS_POSIX_ACL
1476
1477 struct acl_rel_struct {
1478 struct acl_rel_struct *next;
1479 struct posix_acl *acl;
1480 clock_t time;
1481 };
1482
1483 #define ACL_REL_GRACE (60*HZ)
1484 #define ACL_REL_WINDOW (1*HZ)
1485 #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW)
1486
1487 /*
1488 * Lockless multi-producer single-consumer fifo list.
1489 * Nodes are added to tail and removed from head. Tail pointer is our
1490 * synchronization point. It always points to the next pointer of the last
1491 * node, or head if list is empty.
1492 */
1493 static struct acl_rel_struct *acl_rel_head = NULL;
1494 static struct acl_rel_struct **acl_rel_tail = &acl_rel_head;
1495
1496 static void
zpl_posix_acl_free(void * arg)1497 zpl_posix_acl_free(void *arg)
1498 {
1499 struct acl_rel_struct *freelist = NULL;
1500 struct acl_rel_struct *a;
1501 clock_t new_time;
1502 boolean_t refire = B_FALSE;
1503
1504 ASSERT3P(acl_rel_head, !=, NULL);
1505 while (acl_rel_head) {
1506 a = acl_rel_head;
1507 if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) {
1508 /*
1509 * If a is the last node we need to reset tail, but we
1510 * need to use cmpxchg to make sure it is still the
1511 * last node.
1512 */
1513 if (acl_rel_tail == &a->next) {
1514 acl_rel_head = NULL;
1515 if (cmpxchg(&acl_rel_tail, &a->next,
1516 &acl_rel_head) == &a->next) {
1517 ASSERT0P(a->next);
1518 a->next = freelist;
1519 freelist = a;
1520 break;
1521 }
1522 }
1523 /*
1524 * a is not last node, make sure next pointer is set
1525 * by the adder and advance the head.
1526 */
1527 while (READ_ONCE(a->next) == NULL)
1528 cpu_relax();
1529 acl_rel_head = a->next;
1530 a->next = freelist;
1531 freelist = a;
1532 } else {
1533 /*
1534 * a is still in grace period. We are responsible to
1535 * reschedule the free task, since adder will only do
1536 * so if list is empty.
1537 */
1538 new_time = a->time + ACL_REL_SCHED;
1539 refire = B_TRUE;
1540 break;
1541 }
1542 }
1543
1544 if (refire)
1545 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1546 NULL, TQ_SLEEP, new_time);
1547
1548 while (freelist) {
1549 a = freelist;
1550 freelist = a->next;
1551 kfree(a->acl);
1552 kmem_free(a, sizeof (struct acl_rel_struct));
1553 }
1554 }
1555
1556 void
zpl_posix_acl_release_impl(struct posix_acl * acl)1557 zpl_posix_acl_release_impl(struct posix_acl *acl)
1558 {
1559 struct acl_rel_struct *a, **prev;
1560
1561 a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP);
1562 a->next = NULL;
1563 a->acl = acl;
1564 a->time = ddi_get_lbolt();
1565 /* atomically points tail to us and get the previous tail */
1566 prev = xchg(&acl_rel_tail, &a->next);
1567 ASSERT0P(*prev);
1568 *prev = a;
1569 /* if it was empty before, schedule the free task */
1570 if (prev == &acl_rel_head)
1571 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1572 NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED);
1573 }
1574 #endif
1575
1576 ZFS_MODULE_PARAM(zfs, zfs_, xattr_compat, INT, ZMOD_RW,
1577 "Use legacy ZFS xattr naming for writing new user namespace xattrs");
1578