1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or https://opensource.org/licenses/CDDL-1.0. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright (c) 2011, Lawrence Livermore National Security, LLC. 24 * 25 * Extended attributes (xattr) on Solaris are implemented as files 26 * which exist in a hidden xattr directory. These extended attributes 27 * can be accessed using the attropen() system call which opens 28 * the extended attribute. It can then be manipulated just like 29 * a standard file descriptor. This has a couple advantages such 30 * as practically no size limit on the file, and the extended 31 * attributes permissions may differ from those of the parent file. 32 * This interface is really quite clever, but it's also completely 33 * different than what is supported on Linux. It also comes with a 34 * steep performance penalty when accessing small xattrs because they 35 * are not stored with the parent file. 36 * 37 * Under Linux extended attributes are manipulated by the system 38 * calls getxattr(2), setxattr(2), and listxattr(2). They consider 39 * extended attributes to be name/value pairs where the name is a 40 * NULL terminated string. The name must also include one of the 41 * following namespace prefixes: 42 * 43 * user - No restrictions and is available to user applications. 44 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use. 45 * system - Used for access control lists (system.nfs4_acl, etc). 46 * security - Used by SELinux to store a files security context. 47 * 48 * The value under Linux to limited to 65536 bytes of binary data. 49 * In practice, individual xattrs tend to be much smaller than this 50 * and are typically less than 100 bytes. A good example of this 51 * are the security.selinux xattrs which are less than 100 bytes and 52 * exist for every file when xattr labeling is enabled. 53 * 54 * The Linux xattr implementation has been written to take advantage of 55 * this typical usage. When the dataset property 'xattr=sa' is set, 56 * then xattrs will be preferentially stored as System Attributes (SA). 57 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and 58 * up to 64k of xattrs to be stored in the spill block. If additional 59 * xattr space is required, which is unlikely under Linux, they will 60 * be stored using the traditional directory approach. 61 * 62 * This optimization results in roughly a 3x performance improvement 63 * when accessing xattrs because it avoids the need to perform a seek 64 * for every xattr value. When multiple xattrs are stored per-file 65 * the performance improvements are even greater because all of the 66 * xattrs stored in the spill block will be cached. 67 * 68 * However, by default SA based xattrs are disabled in the Linux port 69 * to maximize compatibility with other implementations. If you do 70 * enable SA based xattrs then they will not be visible on platforms 71 * which do not support this feature. 72 * 73 * NOTE: One additional consequence of the xattr directory implementation 74 * is that when an extended attribute is manipulated an inode is created. 75 * This inode will exist in the Linux inode cache but there will be no 76 * associated entry in the dentry cache which references it. This is 77 * safe but it may result in some confusion. Enabling SA based xattrs 78 * largely avoids the issue except in the overflow case. 79 */ 80 81 #include <sys/zfs_znode.h> 82 #include <sys/zfs_vfsops.h> 83 #include <sys/zfs_vnops.h> 84 #include <sys/zap.h> 85 #include <sys/vfs.h> 86 #include <sys/zpl.h> 87 #include <linux/vfs_compat.h> 88 89 enum xattr_permission { 90 XAPERM_DENY, 91 XAPERM_ALLOW, 92 XAPERM_COMPAT, 93 }; 94 95 typedef struct xattr_filldir { 96 size_t size; 97 size_t offset; 98 char *buf; 99 struct dentry *dentry; 100 } xattr_filldir_t; 101 102 static enum xattr_permission zpl_xattr_permission(xattr_filldir_t *, 103 const char *, int); 104 105 static int zfs_xattr_compat = 0; 106 107 /* 108 * Determine is a given xattr name should be visible and if so copy it 109 * in to the provided buffer (xf->buf). 110 */ 111 static int 112 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len) 113 { 114 enum xattr_permission perm; 115 116 /* Check permissions using the per-namespace list xattr handler. */ 117 perm = zpl_xattr_permission(xf, name, name_len); 118 if (perm == XAPERM_DENY) 119 return (0); 120 121 /* Prefix the name with "user." if it does not have a namespace. */ 122 if (perm == XAPERM_COMPAT) { 123 if (xf->buf) { 124 if (xf->offset + XATTR_USER_PREFIX_LEN + 1 > xf->size) 125 return (-ERANGE); 126 127 memcpy(xf->buf + xf->offset, XATTR_USER_PREFIX, 128 XATTR_USER_PREFIX_LEN); 129 xf->buf[xf->offset + XATTR_USER_PREFIX_LEN] = '\0'; 130 } 131 132 xf->offset += XATTR_USER_PREFIX_LEN; 133 } 134 135 /* When xf->buf is NULL only calculate the required size. */ 136 if (xf->buf) { 137 if (xf->offset + name_len + 1 > xf->size) 138 return (-ERANGE); 139 140 memcpy(xf->buf + xf->offset, name, name_len); 141 xf->buf[xf->offset + name_len] = '\0'; 142 } 143 144 xf->offset += (name_len + 1); 145 146 return (0); 147 } 148 149 /* 150 * Read as many directory entry names as will fit in to the provided buffer, 151 * or when no buffer is provided calculate the required buffer size. 152 */ 153 static int 154 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf) 155 { 156 zap_cursor_t zc; 157 zap_attribute_t *zap = zap_attribute_alloc(); 158 int error; 159 160 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id); 161 162 while ((error = -zap_cursor_retrieve(&zc, zap)) == 0) { 163 164 if (zap->za_integer_length != 8 || zap->za_num_integers != 1) { 165 error = -ENXIO; 166 break; 167 } 168 169 error = zpl_xattr_filldir(xf, zap->za_name, 170 strlen(zap->za_name)); 171 if (error) 172 break; 173 174 zap_cursor_advance(&zc); 175 } 176 177 zap_cursor_fini(&zc); 178 zap_attribute_free(zap); 179 180 if (error == -ENOENT) 181 error = 0; 182 183 return (error); 184 } 185 186 static ssize_t 187 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr) 188 { 189 struct inode *ip = xf->dentry->d_inode; 190 struct inode *dxip = NULL; 191 znode_t *dxzp; 192 int error; 193 194 /* Lookup the xattr directory */ 195 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR, 196 cr, NULL, NULL); 197 if (error) { 198 if (error == -ENOENT) 199 error = 0; 200 201 return (error); 202 } 203 204 dxip = ZTOI(dxzp); 205 error = zpl_xattr_readdir(dxip, xf); 206 iput(dxip); 207 208 return (error); 209 } 210 211 static ssize_t 212 zpl_xattr_list_sa(xattr_filldir_t *xf) 213 { 214 znode_t *zp = ITOZ(xf->dentry->d_inode); 215 nvpair_t *nvp = NULL; 216 int error = 0; 217 218 mutex_enter(&zp->z_lock); 219 if (zp->z_xattr_cached == NULL) 220 error = -zfs_sa_get_xattr(zp); 221 mutex_exit(&zp->z_lock); 222 223 if (error) 224 return (error); 225 226 ASSERT(zp->z_xattr_cached); 227 228 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) { 229 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY); 230 231 error = zpl_xattr_filldir(xf, nvpair_name(nvp), 232 strlen(nvpair_name(nvp))); 233 if (error) 234 return (error); 235 } 236 237 return (0); 238 } 239 240 ssize_t 241 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size) 242 { 243 znode_t *zp = ITOZ(dentry->d_inode); 244 zfsvfs_t *zfsvfs = ZTOZSB(zp); 245 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry }; 246 cred_t *cr = CRED(); 247 fstrans_cookie_t cookie; 248 int error = 0; 249 250 crhold(cr); 251 cookie = spl_fstrans_mark(); 252 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0) 253 goto out1; 254 rw_enter(&zp->z_xattr_lock, RW_READER); 255 256 if (zfsvfs->z_use_sa && zp->z_is_sa) { 257 error = zpl_xattr_list_sa(&xf); 258 if (error) 259 goto out; 260 } 261 262 error = zpl_xattr_list_dir(&xf, cr); 263 if (error) 264 goto out; 265 266 error = xf.offset; 267 out: 268 269 rw_exit(&zp->z_xattr_lock); 270 zpl_exit(zfsvfs, FTAG); 271 out1: 272 spl_fstrans_unmark(cookie); 273 crfree(cr); 274 275 return (error); 276 } 277 278 static int 279 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value, 280 size_t size, cred_t *cr) 281 { 282 fstrans_cookie_t cookie; 283 struct inode *xip = NULL; 284 znode_t *dxzp = NULL; 285 znode_t *xzp = NULL; 286 int error; 287 288 /* Lookup the xattr directory */ 289 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR, 290 cr, NULL, NULL); 291 if (error) 292 goto out; 293 294 /* Lookup a specific xattr name in the directory */ 295 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL); 296 if (error) 297 goto out; 298 299 xip = ZTOI(xzp); 300 if (!size) { 301 error = i_size_read(xip); 302 goto out; 303 } 304 305 if (size < i_size_read(xip)) { 306 error = -ERANGE; 307 goto out; 308 } 309 310 struct iovec iov; 311 iov.iov_base = (void *)value; 312 iov.iov_len = size; 313 314 zfs_uio_t uio; 315 zfs_uio_iovec_init(&uio, &iov, 1, 0, UIO_SYSSPACE, size, 0); 316 317 cookie = spl_fstrans_mark(); 318 error = -zfs_read(ITOZ(xip), &uio, 0, cr); 319 spl_fstrans_unmark(cookie); 320 321 if (error == 0) 322 error = size - zfs_uio_resid(&uio); 323 out: 324 if (xzp) 325 zrele(xzp); 326 327 if (dxzp) 328 zrele(dxzp); 329 330 return (error); 331 } 332 333 static int 334 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size) 335 { 336 znode_t *zp = ITOZ(ip); 337 uchar_t *nv_value; 338 uint_t nv_size; 339 int error = 0; 340 341 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); 342 343 mutex_enter(&zp->z_lock); 344 if (zp->z_xattr_cached == NULL) 345 error = -zfs_sa_get_xattr(zp); 346 mutex_exit(&zp->z_lock); 347 348 if (error) 349 return (error); 350 351 ASSERT(zp->z_xattr_cached); 352 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name, 353 &nv_value, &nv_size); 354 if (error) 355 return (error); 356 357 if (size == 0 || value == NULL) 358 return (nv_size); 359 360 if (size < nv_size) 361 return (-ERANGE); 362 363 memcpy(value, nv_value, nv_size); 364 365 return (nv_size); 366 } 367 368 static int 369 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size, 370 cred_t *cr) 371 { 372 znode_t *zp = ITOZ(ip); 373 zfsvfs_t *zfsvfs = ZTOZSB(zp); 374 int error; 375 376 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); 377 378 if (zfsvfs->z_use_sa && zp->z_is_sa) { 379 error = zpl_xattr_get_sa(ip, name, value, size); 380 if (error != -ENOENT) 381 goto out; 382 } 383 384 error = zpl_xattr_get_dir(ip, name, value, size, cr); 385 out: 386 if (error == -ENOENT) 387 error = -ENODATA; 388 389 return (error); 390 } 391 392 #define XATTR_NOENT 0x0 393 #define XATTR_IN_SA 0x1 394 #define XATTR_IN_DIR 0x2 395 /* check where the xattr resides */ 396 static int 397 __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr) 398 { 399 znode_t *zp = ITOZ(ip); 400 zfsvfs_t *zfsvfs = ZTOZSB(zp); 401 int error; 402 403 ASSERT(where); 404 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock)); 405 406 *where = XATTR_NOENT; 407 if (zfsvfs->z_use_sa && zp->z_is_sa) { 408 error = zpl_xattr_get_sa(ip, name, NULL, 0); 409 if (error >= 0) 410 *where |= XATTR_IN_SA; 411 else if (error != -ENOENT) 412 return (error); 413 } 414 415 error = zpl_xattr_get_dir(ip, name, NULL, 0, cr); 416 if (error >= 0) 417 *where |= XATTR_IN_DIR; 418 else if (error != -ENOENT) 419 return (error); 420 421 if (*where == (XATTR_IN_SA|XATTR_IN_DIR)) 422 cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\"" 423 " in both SA and dir", ip, name); 424 if (*where == XATTR_NOENT) 425 error = -ENODATA; 426 else 427 error = 0; 428 return (error); 429 } 430 431 static int 432 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size) 433 { 434 znode_t *zp = ITOZ(ip); 435 zfsvfs_t *zfsvfs = ZTOZSB(zp); 436 cred_t *cr = CRED(); 437 fstrans_cookie_t cookie; 438 int error; 439 440 crhold(cr); 441 cookie = spl_fstrans_mark(); 442 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0) 443 goto out; 444 rw_enter(&zp->z_xattr_lock, RW_READER); 445 error = __zpl_xattr_get(ip, name, value, size, cr); 446 rw_exit(&zp->z_xattr_lock); 447 zpl_exit(zfsvfs, FTAG); 448 out: 449 spl_fstrans_unmark(cookie); 450 crfree(cr); 451 452 return (error); 453 } 454 455 static int 456 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value, 457 size_t size, int flags, cred_t *cr) 458 { 459 znode_t *dxzp = NULL; 460 znode_t *xzp = NULL; 461 vattr_t *vap = NULL; 462 int lookup_flags, error; 463 const int xattr_mode = S_IFREG | 0644; 464 loff_t pos = 0; 465 466 /* 467 * Lookup the xattr directory. When we're adding an entry pass 468 * CREATE_XATTR_DIR to ensure the xattr directory is created. 469 * When removing an entry this flag is not passed to avoid 470 * unnecessarily creating a new xattr directory. 471 */ 472 lookup_flags = LOOKUP_XATTR; 473 if (value != NULL) 474 lookup_flags |= CREATE_XATTR_DIR; 475 476 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, lookup_flags, 477 cr, NULL, NULL); 478 if (error) 479 goto out; 480 481 /* Lookup a specific xattr name in the directory */ 482 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL); 483 if (error && (error != -ENOENT)) 484 goto out; 485 486 error = 0; 487 488 /* Remove a specific name xattr when value is set to NULL. */ 489 if (value == NULL) { 490 if (xzp) 491 error = -zfs_remove(dxzp, (char *)name, cr, 0); 492 493 goto out; 494 } 495 496 /* Lookup failed create a new xattr. */ 497 if (xzp == NULL) { 498 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP); 499 vap->va_mode = xattr_mode; 500 vap->va_mask = ATTR_MODE; 501 vap->va_uid = crgetuid(cr); 502 vap->va_gid = crgetgid(cr); 503 504 error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp, 505 cr, ATTR_NOACLCHECK, NULL, zfs_init_idmap); 506 if (error) 507 goto out; 508 } 509 510 ASSERT(xzp != NULL); 511 512 error = -zfs_freesp(xzp, 0, 0, xattr_mode, TRUE); 513 if (error) 514 goto out; 515 516 error = -zfs_write_simple(xzp, value, size, pos, NULL); 517 out: 518 if (error == 0) { 519 zpl_inode_set_ctime_to_ts(ip, current_time(ip)); 520 zfs_mark_inode_dirty(ip); 521 } 522 523 if (vap) 524 kmem_free(vap, sizeof (vattr_t)); 525 526 if (xzp) 527 zrele(xzp); 528 529 if (dxzp) 530 zrele(dxzp); 531 532 if (error == -ENOENT) 533 error = -ENODATA; 534 535 ASSERT3S(error, <=, 0); 536 537 return (error); 538 } 539 540 static int 541 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value, 542 size_t size, int flags, cred_t *cr) 543 { 544 znode_t *zp = ITOZ(ip); 545 nvlist_t *nvl; 546 size_t sa_size; 547 int error = 0; 548 549 mutex_enter(&zp->z_lock); 550 if (zp->z_xattr_cached == NULL) 551 error = -zfs_sa_get_xattr(zp); 552 mutex_exit(&zp->z_lock); 553 554 if (error) 555 return (error); 556 557 ASSERT(zp->z_xattr_cached); 558 nvl = zp->z_xattr_cached; 559 560 if (value == NULL) { 561 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY); 562 if (error == -ENOENT) 563 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr); 564 } else { 565 /* Limited to 32k to keep nvpair memory allocations small */ 566 if (size > DXATTR_MAX_ENTRY_SIZE) 567 return (-EFBIG); 568 569 /* Prevent the DXATTR SA from consuming the entire SA region */ 570 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR); 571 if (error) 572 return (error); 573 574 if (sa_size > DXATTR_MAX_SA_SIZE) 575 return (-EFBIG); 576 577 error = -nvlist_add_byte_array(nvl, name, 578 (uchar_t *)value, size); 579 } 580 581 /* 582 * Update the SA for additions, modifications, and removals. On 583 * error drop the inconsistent cached version of the nvlist, it 584 * will be reconstructed from the ARC when next accessed. 585 */ 586 if (error == 0) 587 error = -zfs_sa_set_xattr(zp, name, value, size); 588 589 if (error) { 590 nvlist_free(nvl); 591 zp->z_xattr_cached = NULL; 592 } 593 594 ASSERT3S(error, <=, 0); 595 596 return (error); 597 } 598 599 static int 600 zpl_xattr_set(struct inode *ip, const char *name, const void *value, 601 size_t size, int flags) 602 { 603 znode_t *zp = ITOZ(ip); 604 zfsvfs_t *zfsvfs = ZTOZSB(zp); 605 cred_t *cr = CRED(); 606 fstrans_cookie_t cookie; 607 int where; 608 int error; 609 610 crhold(cr); 611 cookie = spl_fstrans_mark(); 612 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0) 613 goto out1; 614 rw_enter(&zp->z_xattr_lock, RW_WRITER); 615 616 /* 617 * Before setting the xattr check to see if it already exists. 618 * This is done to ensure the following optional flags are honored. 619 * 620 * XATTR_CREATE: fail if xattr already exists 621 * XATTR_REPLACE: fail if xattr does not exist 622 * 623 * We also want to know if it resides in sa or dir, so we can make 624 * sure we don't end up with duplicate in both places. 625 */ 626 error = __zpl_xattr_where(ip, name, &where, cr); 627 if (error < 0) { 628 if (error != -ENODATA) 629 goto out; 630 if (flags & XATTR_REPLACE) 631 goto out; 632 633 /* The xattr to be removed already doesn't exist */ 634 error = 0; 635 if (value == NULL) 636 goto out; 637 } else { 638 error = -EEXIST; 639 if (flags & XATTR_CREATE) 640 goto out; 641 } 642 643 /* Preferentially store the xattr as a SA for better performance */ 644 if (zfsvfs->z_use_sa && zp->z_is_sa && 645 (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) { 646 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr); 647 if (error == 0) { 648 /* 649 * Successfully put into SA, we need to clear the one 650 * in dir. 651 */ 652 if (where & XATTR_IN_DIR) 653 zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr); 654 goto out; 655 } 656 } 657 658 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr); 659 /* 660 * Successfully put into dir, we need to clear the one in SA. 661 */ 662 if (error == 0 && (where & XATTR_IN_SA)) 663 zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr); 664 out: 665 rw_exit(&zp->z_xattr_lock); 666 zpl_exit(zfsvfs, FTAG); 667 out1: 668 spl_fstrans_unmark(cookie); 669 crfree(cr); 670 ASSERT3S(error, <=, 0); 671 672 return (error); 673 } 674 675 /* 676 * Extended user attributes 677 * 678 * "Extended user attributes may be assigned to files and directories for 679 * storing arbitrary additional information such as the mime type, 680 * character set or encoding of a file. The access permissions for user 681 * attributes are defined by the file permission bits: read permission 682 * is required to retrieve the attribute value, and writer permission is 683 * required to change it. 684 * 685 * The file permission bits of regular files and directories are 686 * interpreted differently from the file permission bits of special 687 * files and symbolic links. For regular files and directories the file 688 * permission bits define access to the file's contents, while for 689 * device special files they define access to the device described by 690 * the special file. The file permissions of symbolic links are not 691 * used in access checks. These differences would allow users to 692 * consume filesystem resources in a way not controllable by disk quotas 693 * for group or world writable special files and directories. 694 * 695 * For this reason, extended user attributes are allowed only for 696 * regular files and directories, and access to extended user attributes 697 * is restricted to the owner and to users with appropriate capabilities 698 * for directories with the sticky bit set (see the chmod(1) manual page 699 * for an explanation of the sticky bit)." - xattr(7) 700 * 701 * ZFS allows extended user attributes to be disabled administratively 702 * by setting the 'xattr=off' property on the dataset. 703 */ 704 static int 705 __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size, 706 const char *name, size_t name_len) 707 { 708 return (ITOZSB(ip)->z_flags & ZSB_XATTR); 709 } 710 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list); 711 712 static int 713 __zpl_xattr_user_get(struct inode *ip, const char *name, 714 void *value, size_t size) 715 { 716 int error; 717 /* xattr_resolve_name will do this for us if this is defined */ 718 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name)) 719 return (-EINVAL); 720 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) 721 return (-EOPNOTSUPP); 722 723 /* 724 * Try to look up the name with the namespace prefix first for 725 * compatibility with xattrs from this platform. If that fails, 726 * try again without the namespace prefix for compatibility with 727 * other platforms. 728 */ 729 char *xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); 730 error = zpl_xattr_get(ip, xattr_name, value, size); 731 kmem_strfree(xattr_name); 732 if (error == -ENODATA) 733 error = zpl_xattr_get(ip, name, value, size); 734 735 return (error); 736 } 737 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get); 738 739 static int 740 __zpl_xattr_user_set(zidmap_t *user_ns, 741 struct inode *ip, const char *name, 742 const void *value, size_t size, int flags) 743 { 744 (void) user_ns; 745 int error = 0; 746 /* xattr_resolve_name will do this for us if this is defined */ 747 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name)) 748 return (-EINVAL); 749 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR)) 750 return (-EOPNOTSUPP); 751 752 /* 753 * Remove alternate compat version of the xattr so we only set the 754 * version specified by the zfs_xattr_compat tunable. 755 * 756 * The following flags must be handled correctly: 757 * 758 * XATTR_CREATE: fail if xattr already exists 759 * XATTR_REPLACE: fail if xattr does not exist 760 */ 761 char *prefixed_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name); 762 const char *clear_name, *set_name; 763 if (zfs_xattr_compat) { 764 clear_name = prefixed_name; 765 set_name = name; 766 } else { 767 clear_name = name; 768 set_name = prefixed_name; 769 } 770 /* 771 * Clear the old value with the alternative name format, if it exists. 772 */ 773 error = zpl_xattr_set(ip, clear_name, NULL, 0, flags); 774 /* 775 * XATTR_CREATE was specified and we failed to clear the xattr 776 * because it already exists. Stop here. 777 */ 778 if (error == -EEXIST) 779 goto out; 780 /* 781 * If XATTR_REPLACE was specified and we succeeded to clear 782 * an xattr, we don't need to replace anything when setting 783 * the new value. If we failed with -ENODATA that's fine, 784 * there was nothing to be cleared and we can ignore the error. 785 */ 786 if (error == 0) 787 flags &= ~XATTR_REPLACE; 788 /* 789 * Set the new value with the configured name format. 790 */ 791 error = zpl_xattr_set(ip, set_name, value, size, flags); 792 out: 793 kmem_strfree(prefixed_name); 794 return (error); 795 } 796 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set); 797 798 static xattr_handler_t zpl_xattr_user_handler = 799 { 800 .prefix = XATTR_USER_PREFIX, 801 .list = zpl_xattr_user_list, 802 .get = zpl_xattr_user_get, 803 .set = zpl_xattr_user_set, 804 }; 805 806 /* 807 * Trusted extended attributes 808 * 809 * "Trusted extended attributes are visible and accessible only to 810 * processes that have the CAP_SYS_ADMIN capability. Attributes in this 811 * class are used to implement mechanisms in user space (i.e., outside 812 * the kernel) which keep information in extended attributes to which 813 * ordinary processes should not have access." - xattr(7) 814 */ 815 static int 816 __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size, 817 const char *name, size_t name_len) 818 { 819 return (capable(CAP_SYS_ADMIN)); 820 } 821 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list); 822 823 static int 824 __zpl_xattr_trusted_get(struct inode *ip, const char *name, 825 void *value, size_t size) 826 { 827 char *xattr_name; 828 int error; 829 830 if (!capable(CAP_SYS_ADMIN)) 831 return (-EACCES); 832 /* xattr_resolve_name will do this for us if this is defined */ 833 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); 834 error = zpl_xattr_get(ip, xattr_name, value, size); 835 kmem_strfree(xattr_name); 836 837 return (error); 838 } 839 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get); 840 841 static int 842 __zpl_xattr_trusted_set(zidmap_t *user_ns, 843 struct inode *ip, const char *name, 844 const void *value, size_t size, int flags) 845 { 846 (void) user_ns; 847 char *xattr_name; 848 int error; 849 850 if (!capable(CAP_SYS_ADMIN)) 851 return (-EACCES); 852 /* xattr_resolve_name will do this for us if this is defined */ 853 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name); 854 error = zpl_xattr_set(ip, xattr_name, value, size, flags); 855 kmem_strfree(xattr_name); 856 857 return (error); 858 } 859 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set); 860 861 static xattr_handler_t zpl_xattr_trusted_handler = { 862 .prefix = XATTR_TRUSTED_PREFIX, 863 .list = zpl_xattr_trusted_list, 864 .get = zpl_xattr_trusted_get, 865 .set = zpl_xattr_trusted_set, 866 }; 867 868 /* 869 * Extended security attributes 870 * 871 * "The security attribute namespace is used by kernel security modules, 872 * such as Security Enhanced Linux, and also to implement file 873 * capabilities (see capabilities(7)). Read and write access 874 * permissions to security attributes depend on the policy implemented 875 * for each security attribute by the security module. When no security 876 * module is loaded, all processes have read access to extended security 877 * attributes, and write access is limited to processes that have the 878 * CAP_SYS_ADMIN capability." - xattr(7) 879 */ 880 static int 881 __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size, 882 const char *name, size_t name_len) 883 { 884 return (1); 885 } 886 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list); 887 888 static int 889 __zpl_xattr_security_get(struct inode *ip, const char *name, 890 void *value, size_t size) 891 { 892 char *xattr_name; 893 int error; 894 /* xattr_resolve_name will do this for us if this is defined */ 895 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); 896 error = zpl_xattr_get(ip, xattr_name, value, size); 897 kmem_strfree(xattr_name); 898 899 return (error); 900 } 901 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get); 902 903 static int 904 __zpl_xattr_security_set(zidmap_t *user_ns, 905 struct inode *ip, const char *name, 906 const void *value, size_t size, int flags) 907 { 908 (void) user_ns; 909 char *xattr_name; 910 int error; 911 /* xattr_resolve_name will do this for us if this is defined */ 912 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name); 913 error = zpl_xattr_set(ip, xattr_name, value, size, flags); 914 kmem_strfree(xattr_name); 915 916 return (error); 917 } 918 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set); 919 920 static int 921 zpl_xattr_security_init_impl(struct inode *ip, const struct xattr *xattrs, 922 void *fs_info) 923 { 924 const struct xattr *xattr; 925 int error = 0; 926 927 for (xattr = xattrs; xattr->name != NULL; xattr++) { 928 error = __zpl_xattr_security_set(NULL, ip, 929 xattr->name, xattr->value, xattr->value_len, 0); 930 931 if (error < 0) 932 break; 933 } 934 935 return (error); 936 } 937 938 int 939 zpl_xattr_security_init(struct inode *ip, struct inode *dip, 940 const struct qstr *qstr) 941 { 942 return security_inode_init_security(ip, dip, qstr, 943 &zpl_xattr_security_init_impl, NULL); 944 } 945 946 /* 947 * Security xattr namespace handlers. 948 */ 949 static xattr_handler_t zpl_xattr_security_handler = { 950 .prefix = XATTR_SECURITY_PREFIX, 951 .list = zpl_xattr_security_list, 952 .get = zpl_xattr_security_get, 953 .set = zpl_xattr_security_set, 954 }; 955 956 /* 957 * Extended system attributes 958 * 959 * "Extended system attributes are used by the kernel to store system 960 * objects such as Access Control Lists. Read and write access permissions 961 * to system attributes depend on the policy implemented for each system 962 * attribute implemented by filesystems in the kernel." - xattr(7) 963 */ 964 #ifdef CONFIG_FS_POSIX_ACL 965 static int 966 zpl_set_acl_impl(struct inode *ip, struct posix_acl *acl, int type) 967 { 968 char *name, *value = NULL; 969 int error = 0; 970 size_t size = 0; 971 972 if (S_ISLNK(ip->i_mode)) 973 return (-EOPNOTSUPP); 974 975 switch (type) { 976 case ACL_TYPE_ACCESS: 977 name = XATTR_NAME_POSIX_ACL_ACCESS; 978 if (acl) { 979 umode_t mode = ip->i_mode; 980 error = posix_acl_equiv_mode(acl, &mode); 981 if (error < 0) { 982 return (error); 983 } else { 984 /* 985 * The mode bits will have been set by 986 * ->zfs_setattr()->zfs_acl_chmod_setattr() 987 * using the ZFS ACL conversion. If they 988 * differ from the Posix ACL conversion dirty 989 * the inode to write the Posix mode bits. 990 */ 991 if (ip->i_mode != mode) { 992 ip->i_mode = ITOZ(ip)->z_mode = mode; 993 zpl_inode_set_ctime_to_ts(ip, 994 current_time(ip)); 995 zfs_mark_inode_dirty(ip); 996 } 997 998 if (error == 0) 999 acl = NULL; 1000 } 1001 } 1002 break; 1003 1004 case ACL_TYPE_DEFAULT: 1005 name = XATTR_NAME_POSIX_ACL_DEFAULT; 1006 if (!S_ISDIR(ip->i_mode)) 1007 return (acl ? -EACCES : 0); 1008 break; 1009 1010 default: 1011 return (-EINVAL); 1012 } 1013 1014 if (acl) { 1015 size = posix_acl_xattr_size(acl->a_count); 1016 value = kmem_alloc(size, KM_SLEEP); 1017 1018 error = zpl_acl_to_xattr(acl, value, size); 1019 if (error < 0) { 1020 kmem_free(value, size); 1021 return (error); 1022 } 1023 } 1024 1025 error = zpl_xattr_set(ip, name, value, size, 0); 1026 if (value) 1027 kmem_free(value, size); 1028 1029 if (!error) { 1030 if (acl) 1031 set_cached_acl(ip, type, acl); 1032 else 1033 forget_cached_acl(ip, type); 1034 } 1035 1036 return (error); 1037 } 1038 1039 int 1040 #ifdef HAVE_SET_ACL_USERNS 1041 zpl_set_acl(struct user_namespace *userns, struct inode *ip, 1042 struct posix_acl *acl, int type) 1043 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY) 1044 zpl_set_acl(struct mnt_idmap *userns, struct dentry *dentry, 1045 struct posix_acl *acl, int type) 1046 #elif defined(HAVE_SET_ACL_USERNS_DENTRY_ARG2) 1047 zpl_set_acl(struct user_namespace *userns, struct dentry *dentry, 1048 struct posix_acl *acl, int type) 1049 #else 1050 zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type) 1051 #endif /* HAVE_SET_ACL_USERNS */ 1052 { 1053 #ifdef HAVE_SET_ACL_USERNS_DENTRY_ARG2 1054 return (zpl_set_acl_impl(d_inode(dentry), acl, type)); 1055 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY) 1056 return (zpl_set_acl_impl(d_inode(dentry), acl, type)); 1057 #else 1058 return (zpl_set_acl_impl(ip, acl, type)); 1059 #endif /* HAVE_SET_ACL_USERNS_DENTRY_ARG2 */ 1060 } 1061 1062 static struct posix_acl * 1063 zpl_get_acl_impl(struct inode *ip, int type) 1064 { 1065 struct posix_acl *acl; 1066 void *value = NULL; 1067 char *name; 1068 1069 switch (type) { 1070 case ACL_TYPE_ACCESS: 1071 name = XATTR_NAME_POSIX_ACL_ACCESS; 1072 break; 1073 case ACL_TYPE_DEFAULT: 1074 name = XATTR_NAME_POSIX_ACL_DEFAULT; 1075 break; 1076 default: 1077 return (ERR_PTR(-EINVAL)); 1078 } 1079 1080 int size = zpl_xattr_get(ip, name, NULL, 0); 1081 if (size > 0) { 1082 value = kmem_alloc(size, KM_SLEEP); 1083 size = zpl_xattr_get(ip, name, value, size); 1084 } 1085 1086 if (size > 0) { 1087 acl = zpl_acl_from_xattr(value, size); 1088 } else if (size == -ENODATA || size == -ENOSYS) { 1089 acl = NULL; 1090 } else { 1091 acl = ERR_PTR(-EIO); 1092 } 1093 1094 if (size > 0) 1095 kmem_free(value, size); 1096 1097 return (acl); 1098 } 1099 1100 #if defined(HAVE_GET_ACL_RCU) || defined(HAVE_GET_INODE_ACL) 1101 struct posix_acl * 1102 zpl_get_acl(struct inode *ip, int type, bool rcu) 1103 { 1104 if (rcu) 1105 return (ERR_PTR(-ECHILD)); 1106 1107 return (zpl_get_acl_impl(ip, type)); 1108 } 1109 #elif defined(HAVE_GET_ACL) 1110 struct posix_acl * 1111 zpl_get_acl(struct inode *ip, int type) 1112 { 1113 return (zpl_get_acl_impl(ip, type)); 1114 } 1115 #else 1116 #error "Unsupported iops->get_acl() implementation" 1117 #endif /* HAVE_GET_ACL_RCU */ 1118 1119 int 1120 zpl_init_acl(struct inode *ip, struct inode *dir) 1121 { 1122 struct posix_acl *acl = NULL; 1123 int error = 0; 1124 1125 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1126 return (0); 1127 1128 if (!S_ISLNK(ip->i_mode)) { 1129 acl = zpl_get_acl_impl(dir, ACL_TYPE_DEFAULT); 1130 if (IS_ERR(acl)) 1131 return (PTR_ERR(acl)); 1132 if (!acl) { 1133 ITOZ(ip)->z_mode = (ip->i_mode &= ~current_umask()); 1134 zpl_inode_set_ctime_to_ts(ip, current_time(ip)); 1135 zfs_mark_inode_dirty(ip); 1136 return (0); 1137 } 1138 } 1139 1140 if (acl) { 1141 umode_t mode; 1142 1143 if (S_ISDIR(ip->i_mode)) { 1144 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_DEFAULT); 1145 if (error) 1146 goto out; 1147 } 1148 1149 mode = ip->i_mode; 1150 error = __posix_acl_create(&acl, GFP_KERNEL, &mode); 1151 if (error >= 0) { 1152 ip->i_mode = ITOZ(ip)->z_mode = mode; 1153 zfs_mark_inode_dirty(ip); 1154 if (error > 0) { 1155 error = zpl_set_acl_impl(ip, acl, 1156 ACL_TYPE_ACCESS); 1157 } 1158 } 1159 } 1160 out: 1161 zpl_posix_acl_release(acl); 1162 1163 return (error); 1164 } 1165 1166 int 1167 zpl_chmod_acl(struct inode *ip) 1168 { 1169 struct posix_acl *acl; 1170 int error; 1171 1172 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1173 return (0); 1174 1175 if (S_ISLNK(ip->i_mode)) 1176 return (-EOPNOTSUPP); 1177 1178 acl = zpl_get_acl_impl(ip, ACL_TYPE_ACCESS); 1179 if (IS_ERR(acl) || !acl) 1180 return (PTR_ERR(acl)); 1181 1182 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode); 1183 if (!error) 1184 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_ACCESS); 1185 1186 zpl_posix_acl_release(acl); 1187 1188 return (error); 1189 } 1190 1191 static int 1192 __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size, 1193 const char *name, size_t name_len) 1194 { 1195 char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS; 1196 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS); 1197 1198 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1199 return (0); 1200 1201 if (list && xattr_size <= list_size) 1202 memcpy(list, xattr_name, xattr_size); 1203 1204 return (xattr_size); 1205 } 1206 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access); 1207 1208 static int 1209 __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size, 1210 const char *name, size_t name_len) 1211 { 1212 char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT; 1213 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT); 1214 1215 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1216 return (0); 1217 1218 if (list && xattr_size <= list_size) 1219 memcpy(list, xattr_name, xattr_size); 1220 1221 return (xattr_size); 1222 } 1223 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default); 1224 1225 static int 1226 __zpl_xattr_acl_get_access(struct inode *ip, const char *name, 1227 void *buffer, size_t size) 1228 { 1229 struct posix_acl *acl; 1230 int type = ACL_TYPE_ACCESS; 1231 int error; 1232 /* xattr_resolve_name will do this for us if this is defined */ 1233 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1234 return (-EOPNOTSUPP); 1235 1236 acl = zpl_get_acl_impl(ip, type); 1237 if (IS_ERR(acl)) 1238 return (PTR_ERR(acl)); 1239 if (acl == NULL) 1240 return (-ENODATA); 1241 1242 error = zpl_acl_to_xattr(acl, buffer, size); 1243 zpl_posix_acl_release(acl); 1244 1245 return (error); 1246 } 1247 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access); 1248 1249 static int 1250 __zpl_xattr_acl_get_default(struct inode *ip, const char *name, 1251 void *buffer, size_t size) 1252 { 1253 struct posix_acl *acl; 1254 int type = ACL_TYPE_DEFAULT; 1255 int error; 1256 /* xattr_resolve_name will do this for us if this is defined */ 1257 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1258 return (-EOPNOTSUPP); 1259 1260 acl = zpl_get_acl_impl(ip, type); 1261 if (IS_ERR(acl)) 1262 return (PTR_ERR(acl)); 1263 if (acl == NULL) 1264 return (-ENODATA); 1265 1266 error = zpl_acl_to_xattr(acl, buffer, size); 1267 zpl_posix_acl_release(acl); 1268 1269 return (error); 1270 } 1271 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default); 1272 1273 static int 1274 __zpl_xattr_acl_set_access(zidmap_t *mnt_ns, 1275 struct inode *ip, const char *name, 1276 const void *value, size_t size, int flags) 1277 { 1278 struct posix_acl *acl; 1279 int type = ACL_TYPE_ACCESS; 1280 int error = 0; 1281 /* xattr_resolve_name will do this for us if this is defined */ 1282 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1283 return (-EOPNOTSUPP); 1284 1285 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP) 1286 if (!zpl_inode_owner_or_capable(mnt_ns, ip)) 1287 return (-EPERM); 1288 #else 1289 (void) mnt_ns; 1290 if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip)) 1291 return (-EPERM); 1292 #endif 1293 1294 if (value) { 1295 acl = zpl_acl_from_xattr(value, size); 1296 if (IS_ERR(acl)) 1297 return (PTR_ERR(acl)); 1298 else if (acl) { 1299 error = posix_acl_valid(ip->i_sb->s_user_ns, acl); 1300 if (error) { 1301 zpl_posix_acl_release(acl); 1302 return (error); 1303 } 1304 } 1305 } else { 1306 acl = NULL; 1307 } 1308 error = zpl_set_acl_impl(ip, acl, type); 1309 zpl_posix_acl_release(acl); 1310 1311 return (error); 1312 } 1313 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access); 1314 1315 static int 1316 __zpl_xattr_acl_set_default(zidmap_t *mnt_ns, 1317 struct inode *ip, const char *name, 1318 const void *value, size_t size, int flags) 1319 { 1320 struct posix_acl *acl; 1321 int type = ACL_TYPE_DEFAULT; 1322 int error = 0; 1323 /* xattr_resolve_name will do this for us if this is defined */ 1324 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) 1325 return (-EOPNOTSUPP); 1326 1327 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP) 1328 if (!zpl_inode_owner_or_capable(mnt_ns, ip)) 1329 return (-EPERM); 1330 #else 1331 (void) mnt_ns; 1332 if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip)) 1333 return (-EPERM); 1334 #endif 1335 1336 if (value) { 1337 acl = zpl_acl_from_xattr(value, size); 1338 if (IS_ERR(acl)) 1339 return (PTR_ERR(acl)); 1340 else if (acl) { 1341 error = posix_acl_valid(ip->i_sb->s_user_ns, acl); 1342 if (error) { 1343 zpl_posix_acl_release(acl); 1344 return (error); 1345 } 1346 } 1347 } else { 1348 acl = NULL; 1349 } 1350 1351 error = zpl_set_acl_impl(ip, acl, type); 1352 zpl_posix_acl_release(acl); 1353 1354 return (error); 1355 } 1356 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default); 1357 1358 /* 1359 * ACL access xattr namespace handlers. 1360 * 1361 * Use .name instead of .prefix when available. xattr_resolve_name will match 1362 * whole name and reject anything that has .name only as prefix. 1363 */ 1364 static xattr_handler_t zpl_xattr_acl_access_handler = { 1365 .name = XATTR_NAME_POSIX_ACL_ACCESS, 1366 .list = zpl_xattr_acl_list_access, 1367 .get = zpl_xattr_acl_get_access, 1368 .set = zpl_xattr_acl_set_access, 1369 .flags = ACL_TYPE_ACCESS, 1370 }; 1371 1372 /* 1373 * ACL default xattr namespace handlers. 1374 * 1375 * Use .name instead of .prefix. xattr_resolve_name will match whole name and 1376 * reject anything that has .name only as prefix. 1377 */ 1378 static xattr_handler_t zpl_xattr_acl_default_handler = { 1379 .name = XATTR_NAME_POSIX_ACL_DEFAULT, 1380 .list = zpl_xattr_acl_list_default, 1381 .get = zpl_xattr_acl_get_default, 1382 .set = zpl_xattr_acl_set_default, 1383 .flags = ACL_TYPE_DEFAULT, 1384 }; 1385 1386 #endif /* CONFIG_FS_POSIX_ACL */ 1387 1388 xattr_handler_t *zpl_xattr_handlers[] = { 1389 &zpl_xattr_security_handler, 1390 &zpl_xattr_trusted_handler, 1391 &zpl_xattr_user_handler, 1392 #ifdef CONFIG_FS_POSIX_ACL 1393 &zpl_xattr_acl_access_handler, 1394 &zpl_xattr_acl_default_handler, 1395 #endif /* CONFIG_FS_POSIX_ACL */ 1396 NULL 1397 }; 1398 1399 static const struct xattr_handler * 1400 zpl_xattr_handler(const char *name) 1401 { 1402 if (strncmp(name, XATTR_USER_PREFIX, 1403 XATTR_USER_PREFIX_LEN) == 0) 1404 return (&zpl_xattr_user_handler); 1405 1406 if (strncmp(name, XATTR_TRUSTED_PREFIX, 1407 XATTR_TRUSTED_PREFIX_LEN) == 0) 1408 return (&zpl_xattr_trusted_handler); 1409 1410 if (strncmp(name, XATTR_SECURITY_PREFIX, 1411 XATTR_SECURITY_PREFIX_LEN) == 0) 1412 return (&zpl_xattr_security_handler); 1413 1414 #ifdef CONFIG_FS_POSIX_ACL 1415 if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, 1416 sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0) 1417 return (&zpl_xattr_acl_access_handler); 1418 1419 if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, 1420 sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0) 1421 return (&zpl_xattr_acl_default_handler); 1422 #endif /* CONFIG_FS_POSIX_ACL */ 1423 1424 return (NULL); 1425 } 1426 1427 static enum xattr_permission 1428 zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len) 1429 { 1430 const struct xattr_handler *handler; 1431 struct dentry *d __maybe_unused = xf->dentry; 1432 enum xattr_permission perm = XAPERM_ALLOW; 1433 1434 handler = zpl_xattr_handler(name); 1435 if (handler == NULL) { 1436 /* Do not expose FreeBSD system namespace xattrs. */ 1437 if (ZFS_XA_NS_PREFIX_MATCH(FREEBSD, name)) 1438 return (XAPERM_DENY); 1439 /* 1440 * Anything that doesn't match a known namespace gets put in the 1441 * user namespace for compatibility with other platforms. 1442 */ 1443 perm = XAPERM_COMPAT; 1444 handler = &zpl_xattr_user_handler; 1445 } 1446 1447 if (handler->list) { 1448 if (!handler->list(d)) 1449 return (XAPERM_DENY); 1450 } 1451 1452 return (perm); 1453 } 1454 1455 #ifdef CONFIG_FS_POSIX_ACL 1456 1457 struct acl_rel_struct { 1458 struct acl_rel_struct *next; 1459 struct posix_acl *acl; 1460 clock_t time; 1461 }; 1462 1463 #define ACL_REL_GRACE (60*HZ) 1464 #define ACL_REL_WINDOW (1*HZ) 1465 #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW) 1466 1467 /* 1468 * Lockless multi-producer single-consumer fifo list. 1469 * Nodes are added to tail and removed from head. Tail pointer is our 1470 * synchronization point. It always points to the next pointer of the last 1471 * node, or head if list is empty. 1472 */ 1473 static struct acl_rel_struct *acl_rel_head = NULL; 1474 static struct acl_rel_struct **acl_rel_tail = &acl_rel_head; 1475 1476 static void 1477 zpl_posix_acl_free(void *arg) 1478 { 1479 struct acl_rel_struct *freelist = NULL; 1480 struct acl_rel_struct *a; 1481 clock_t new_time; 1482 boolean_t refire = B_FALSE; 1483 1484 ASSERT3P(acl_rel_head, !=, NULL); 1485 while (acl_rel_head) { 1486 a = acl_rel_head; 1487 if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) { 1488 /* 1489 * If a is the last node we need to reset tail, but we 1490 * need to use cmpxchg to make sure it is still the 1491 * last node. 1492 */ 1493 if (acl_rel_tail == &a->next) { 1494 acl_rel_head = NULL; 1495 if (cmpxchg(&acl_rel_tail, &a->next, 1496 &acl_rel_head) == &a->next) { 1497 ASSERT3P(a->next, ==, NULL); 1498 a->next = freelist; 1499 freelist = a; 1500 break; 1501 } 1502 } 1503 /* 1504 * a is not last node, make sure next pointer is set 1505 * by the adder and advance the head. 1506 */ 1507 while (READ_ONCE(a->next) == NULL) 1508 cpu_relax(); 1509 acl_rel_head = a->next; 1510 a->next = freelist; 1511 freelist = a; 1512 } else { 1513 /* 1514 * a is still in grace period. We are responsible to 1515 * reschedule the free task, since adder will only do 1516 * so if list is empty. 1517 */ 1518 new_time = a->time + ACL_REL_SCHED; 1519 refire = B_TRUE; 1520 break; 1521 } 1522 } 1523 1524 if (refire) 1525 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free, 1526 NULL, TQ_SLEEP, new_time); 1527 1528 while (freelist) { 1529 a = freelist; 1530 freelist = a->next; 1531 kfree(a->acl); 1532 kmem_free(a, sizeof (struct acl_rel_struct)); 1533 } 1534 } 1535 1536 void 1537 zpl_posix_acl_release_impl(struct posix_acl *acl) 1538 { 1539 struct acl_rel_struct *a, **prev; 1540 1541 a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP); 1542 a->next = NULL; 1543 a->acl = acl; 1544 a->time = ddi_get_lbolt(); 1545 /* atomically points tail to us and get the previous tail */ 1546 prev = xchg(&acl_rel_tail, &a->next); 1547 ASSERT3P(*prev, ==, NULL); 1548 *prev = a; 1549 /* if it was empty before, schedule the free task */ 1550 if (prev == &acl_rel_head) 1551 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free, 1552 NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED); 1553 } 1554 #endif 1555 1556 ZFS_MODULE_PARAM(zfs, zfs_, xattr_compat, INT, ZMOD_RW, 1557 "Use legacy ZFS xattr naming for writing new user namespace xattrs"); 1558