xref: /freebsd/sys/contrib/openzfs/module/os/linux/zfs/zpl_xattr.c (revision cfd6422a5217410fbd66f7a7a8a64d9d85e61229)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
23  *
24  * Extended attributes (xattr) on Solaris are implemented as files
25  * which exist in a hidden xattr directory.  These extended attributes
26  * can be accessed using the attropen() system call which opens
27  * the extended attribute.  It can then be manipulated just like
28  * a standard file descriptor.  This has a couple advantages such
29  * as practically no size limit on the file, and the extended
30  * attributes permissions may differ from those of the parent file.
31  * This interface is really quite clever, but it's also completely
32  * different than what is supported on Linux.  It also comes with a
33  * steep performance penalty when accessing small xattrs because they
34  * are not stored with the parent file.
35  *
36  * Under Linux extended attributes are manipulated by the system
37  * calls getxattr(2), setxattr(2), and listxattr(2).  They consider
38  * extended attributes to be name/value pairs where the name is a
39  * NULL terminated string.  The name must also include one of the
40  * following namespace prefixes:
41  *
42  *   user     - No restrictions and is available to user applications.
43  *   trusted  - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44  *   system   - Used for access control lists (system.nfs4_acl, etc).
45  *   security - Used by SELinux to store a files security context.
46  *
47  * The value under Linux to limited to 65536 bytes of binary data.
48  * In practice, individual xattrs tend to be much smaller than this
49  * and are typically less than 100 bytes.  A good example of this
50  * are the security.selinux xattrs which are less than 100 bytes and
51  * exist for every file when xattr labeling is enabled.
52  *
53  * The Linux xattr implementation has been written to take advantage of
54  * this typical usage.  When the dataset property 'xattr=sa' is set,
55  * then xattrs will be preferentially stored as System Attributes (SA).
56  * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57  * up to 64k of xattrs to be stored in the spill block.  If additional
58  * xattr space is required, which is unlikely under Linux, they will
59  * be stored using the traditional directory approach.
60  *
61  * This optimization results in roughly a 3x performance improvement
62  * when accessing xattrs because it avoids the need to perform a seek
63  * for every xattr value.  When multiple xattrs are stored per-file
64  * the performance improvements are even greater because all of the
65  * xattrs stored in the spill block will be cached.
66  *
67  * However, by default SA based xattrs are disabled in the Linux port
68  * to maximize compatibility with other implementations.  If you do
69  * enable SA based xattrs then they will not be visible on platforms
70  * which do not support this feature.
71  *
72  * NOTE: One additional consequence of the xattr directory implementation
73  * is that when an extended attribute is manipulated an inode is created.
74  * This inode will exist in the Linux inode cache but there will be no
75  * associated entry in the dentry cache which references it.  This is
76  * safe but it may result in some confusion.  Enabling SA based xattrs
77  * largely avoids the issue except in the overflow case.
78  */
79 
80 #include <sys/zfs_znode.h>
81 #include <sys/zfs_vfsops.h>
82 #include <sys/zfs_vnops.h>
83 #include <sys/zap.h>
84 #include <sys/vfs.h>
85 #include <sys/zpl.h>
86 
87 typedef struct xattr_filldir {
88 	size_t size;
89 	size_t offset;
90 	char *buf;
91 	struct dentry *dentry;
92 } xattr_filldir_t;
93 
94 static const struct xattr_handler *zpl_xattr_handler(const char *);
95 
96 static int
97 zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len)
98 {
99 	static const struct xattr_handler *handler;
100 	struct dentry *d = xf->dentry;
101 
102 	handler = zpl_xattr_handler(name);
103 	if (!handler)
104 		return (0);
105 
106 	if (handler->list) {
107 #if defined(HAVE_XATTR_LIST_SIMPLE)
108 		if (!handler->list(d))
109 			return (0);
110 #elif defined(HAVE_XATTR_LIST_DENTRY)
111 		if (!handler->list(d, NULL, 0, name, name_len, 0))
112 			return (0);
113 #elif defined(HAVE_XATTR_LIST_HANDLER)
114 		if (!handler->list(handler, d, NULL, 0, name, name_len))
115 			return (0);
116 #endif
117 	}
118 
119 	return (1);
120 }
121 
122 /*
123  * Determine is a given xattr name should be visible and if so copy it
124  * in to the provided buffer (xf->buf).
125  */
126 static int
127 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
128 {
129 	/* Check permissions using the per-namespace list xattr handler. */
130 	if (!zpl_xattr_permission(xf, name, name_len))
131 		return (0);
132 
133 	/* When xf->buf is NULL only calculate the required size. */
134 	if (xf->buf) {
135 		if (xf->offset + name_len + 1 > xf->size)
136 			return (-ERANGE);
137 
138 		memcpy(xf->buf + xf->offset, name, name_len);
139 		xf->buf[xf->offset + name_len] = '\0';
140 	}
141 
142 	xf->offset += (name_len + 1);
143 
144 	return (0);
145 }
146 
147 /*
148  * Read as many directory entry names as will fit in to the provided buffer,
149  * or when no buffer is provided calculate the required buffer size.
150  */
151 static int
152 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
153 {
154 	zap_cursor_t zc;
155 	zap_attribute_t	zap;
156 	int error;
157 
158 	zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
159 
160 	while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) {
161 
162 		if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
163 			error = -ENXIO;
164 			break;
165 		}
166 
167 		error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name));
168 		if (error)
169 			break;
170 
171 		zap_cursor_advance(&zc);
172 	}
173 
174 	zap_cursor_fini(&zc);
175 
176 	if (error == -ENOENT)
177 		error = 0;
178 
179 	return (error);
180 }
181 
182 static ssize_t
183 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
184 {
185 	struct inode *ip = xf->dentry->d_inode;
186 	struct inode *dxip = NULL;
187 	znode_t *dxzp;
188 	int error;
189 
190 	/* Lookup the xattr directory */
191 	error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
192 	    cr, NULL, NULL);
193 	if (error) {
194 		if (error == -ENOENT)
195 			error = 0;
196 
197 		return (error);
198 	}
199 
200 	dxip = ZTOI(dxzp);
201 	error = zpl_xattr_readdir(dxip, xf);
202 	iput(dxip);
203 
204 	return (error);
205 }
206 
207 static ssize_t
208 zpl_xattr_list_sa(xattr_filldir_t *xf)
209 {
210 	znode_t *zp = ITOZ(xf->dentry->d_inode);
211 	nvpair_t *nvp = NULL;
212 	int error = 0;
213 
214 	mutex_enter(&zp->z_lock);
215 	if (zp->z_xattr_cached == NULL)
216 		error = -zfs_sa_get_xattr(zp);
217 	mutex_exit(&zp->z_lock);
218 
219 	if (error)
220 		return (error);
221 
222 	ASSERT(zp->z_xattr_cached);
223 
224 	while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
225 		ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
226 
227 		error = zpl_xattr_filldir(xf, nvpair_name(nvp),
228 		    strlen(nvpair_name(nvp)));
229 		if (error)
230 			return (error);
231 	}
232 
233 	return (0);
234 }
235 
236 ssize_t
237 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
238 {
239 	znode_t *zp = ITOZ(dentry->d_inode);
240 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
241 	xattr_filldir_t xf = { buffer_size, 0, buffer, dentry };
242 	cred_t *cr = CRED();
243 	fstrans_cookie_t cookie;
244 	int error = 0;
245 
246 	crhold(cr);
247 	cookie = spl_fstrans_mark();
248 	ZPL_ENTER(zfsvfs);
249 	ZPL_VERIFY_ZP(zp);
250 	rw_enter(&zp->z_xattr_lock, RW_READER);
251 
252 	if (zfsvfs->z_use_sa && zp->z_is_sa) {
253 		error = zpl_xattr_list_sa(&xf);
254 		if (error)
255 			goto out;
256 	}
257 
258 	error = zpl_xattr_list_dir(&xf, cr);
259 	if (error)
260 		goto out;
261 
262 	error = xf.offset;
263 out:
264 
265 	rw_exit(&zp->z_xattr_lock);
266 	ZPL_EXIT(zfsvfs);
267 	spl_fstrans_unmark(cookie);
268 	crfree(cr);
269 
270 	return (error);
271 }
272 
273 static int
274 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
275     size_t size, cred_t *cr)
276 {
277 	fstrans_cookie_t cookie;
278 	struct inode *xip = NULL;
279 	znode_t *dxzp = NULL;
280 	znode_t *xzp = NULL;
281 	int error;
282 
283 	/* Lookup the xattr directory */
284 	error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
285 	    cr, NULL, NULL);
286 	if (error)
287 		goto out;
288 
289 	/* Lookup a specific xattr name in the directory */
290 	error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
291 	if (error)
292 		goto out;
293 
294 	xip = ZTOI(xzp);
295 	if (!size) {
296 		error = i_size_read(xip);
297 		goto out;
298 	}
299 
300 	if (size < i_size_read(xip)) {
301 		error = -ERANGE;
302 		goto out;
303 	}
304 
305 	struct iovec iov;
306 	iov.iov_base = (void *)value;
307 	iov.iov_len = size;
308 
309 	uio_t uio;
310 	uio_iovec_init(&uio, &iov, 1, 0, UIO_SYSSPACE, size, 0);
311 
312 	cookie = spl_fstrans_mark();
313 	error = -zfs_read(ITOZ(xip), &uio, 0, cr);
314 	spl_fstrans_unmark(cookie);
315 
316 	if (error == 0)
317 		error = size - uio_resid(&uio);
318 out:
319 	if (xzp)
320 		zrele(xzp);
321 
322 	if (dxzp)
323 		zrele(dxzp);
324 
325 	return (error);
326 }
327 
328 static int
329 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
330 {
331 	znode_t *zp = ITOZ(ip);
332 	uchar_t *nv_value;
333 	uint_t nv_size;
334 	int error = 0;
335 
336 	ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
337 
338 	mutex_enter(&zp->z_lock);
339 	if (zp->z_xattr_cached == NULL)
340 		error = -zfs_sa_get_xattr(zp);
341 	mutex_exit(&zp->z_lock);
342 
343 	if (error)
344 		return (error);
345 
346 	ASSERT(zp->z_xattr_cached);
347 	error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
348 	    &nv_value, &nv_size);
349 	if (error)
350 		return (error);
351 
352 	if (size == 0 || value == NULL)
353 		return (nv_size);
354 
355 	if (size < nv_size)
356 		return (-ERANGE);
357 
358 	memcpy(value, nv_value, nv_size);
359 
360 	return (nv_size);
361 }
362 
363 static int
364 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
365     cred_t *cr)
366 {
367 	znode_t *zp = ITOZ(ip);
368 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
369 	int error;
370 
371 	ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
372 
373 	if (zfsvfs->z_use_sa && zp->z_is_sa) {
374 		error = zpl_xattr_get_sa(ip, name, value, size);
375 		if (error != -ENOENT)
376 			goto out;
377 	}
378 
379 	error = zpl_xattr_get_dir(ip, name, value, size, cr);
380 out:
381 	if (error == -ENOENT)
382 		error = -ENODATA;
383 
384 	return (error);
385 }
386 
387 #define	XATTR_NOENT	0x0
388 #define	XATTR_IN_SA	0x1
389 #define	XATTR_IN_DIR	0x2
390 /* check where the xattr resides */
391 static int
392 __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr)
393 {
394 	znode_t *zp = ITOZ(ip);
395 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
396 	int error;
397 
398 	ASSERT(where);
399 	ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
400 
401 	*where = XATTR_NOENT;
402 	if (zfsvfs->z_use_sa && zp->z_is_sa) {
403 		error = zpl_xattr_get_sa(ip, name, NULL, 0);
404 		if (error >= 0)
405 			*where |= XATTR_IN_SA;
406 		else if (error != -ENOENT)
407 			return (error);
408 	}
409 
410 	error = zpl_xattr_get_dir(ip, name, NULL, 0, cr);
411 	if (error >= 0)
412 		*where |= XATTR_IN_DIR;
413 	else if (error != -ENOENT)
414 		return (error);
415 
416 	if (*where == (XATTR_IN_SA|XATTR_IN_DIR))
417 		cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\""
418 		    " in both SA and dir", ip, name);
419 	if (*where == XATTR_NOENT)
420 		error = -ENODATA;
421 	else
422 		error = 0;
423 	return (error);
424 }
425 
426 static int
427 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
428 {
429 	znode_t *zp = ITOZ(ip);
430 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
431 	cred_t *cr = CRED();
432 	fstrans_cookie_t cookie;
433 	int error;
434 
435 	crhold(cr);
436 	cookie = spl_fstrans_mark();
437 	ZPL_ENTER(zfsvfs);
438 	ZPL_VERIFY_ZP(zp);
439 	rw_enter(&zp->z_xattr_lock, RW_READER);
440 	error = __zpl_xattr_get(ip, name, value, size, cr);
441 	rw_exit(&zp->z_xattr_lock);
442 	ZPL_EXIT(zfsvfs);
443 	spl_fstrans_unmark(cookie);
444 	crfree(cr);
445 
446 	return (error);
447 }
448 
449 static int
450 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
451     size_t size, int flags, cred_t *cr)
452 {
453 	znode_t *dxzp = NULL;
454 	znode_t *xzp = NULL;
455 	vattr_t *vap = NULL;
456 	int lookup_flags, error;
457 	const int xattr_mode = S_IFREG | 0644;
458 	loff_t pos = 0;
459 
460 	/*
461 	 * Lookup the xattr directory.  When we're adding an entry pass
462 	 * CREATE_XATTR_DIR to ensure the xattr directory is created.
463 	 * When removing an entry this flag is not passed to avoid
464 	 * unnecessarily creating a new xattr directory.
465 	 */
466 	lookup_flags = LOOKUP_XATTR;
467 	if (value != NULL)
468 		lookup_flags |= CREATE_XATTR_DIR;
469 
470 	error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, lookup_flags,
471 	    cr, NULL, NULL);
472 	if (error)
473 		goto out;
474 
475 	/* Lookup a specific xattr name in the directory */
476 	error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
477 	if (error && (error != -ENOENT))
478 		goto out;
479 
480 	error = 0;
481 
482 	/* Remove a specific name xattr when value is set to NULL. */
483 	if (value == NULL) {
484 		if (xzp)
485 			error = -zfs_remove(dxzp, (char *)name, cr, 0);
486 
487 		goto out;
488 	}
489 
490 	/* Lookup failed create a new xattr. */
491 	if (xzp == NULL) {
492 		vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
493 		vap->va_mode = xattr_mode;
494 		vap->va_mask = ATTR_MODE;
495 		vap->va_uid = crgetfsuid(cr);
496 		vap->va_gid = crgetfsgid(cr);
497 
498 		error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp,
499 		    cr, 0, NULL);
500 		if (error)
501 			goto out;
502 	}
503 
504 	ASSERT(xzp != NULL);
505 
506 	error = -zfs_freesp(xzp, 0, 0, xattr_mode, TRUE);
507 	if (error)
508 		goto out;
509 
510 	error = -zfs_write_simple(xzp, value, size, pos, NULL);
511 out:
512 	if (error == 0) {
513 		ip->i_ctime = current_time(ip);
514 		zfs_mark_inode_dirty(ip);
515 	}
516 
517 	if (vap)
518 		kmem_free(vap, sizeof (vattr_t));
519 
520 	if (xzp)
521 		zrele(xzp);
522 
523 	if (dxzp)
524 		zrele(dxzp);
525 
526 	if (error == -ENOENT)
527 		error = -ENODATA;
528 
529 	ASSERT3S(error, <=, 0);
530 
531 	return (error);
532 }
533 
534 static int
535 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
536     size_t size, int flags, cred_t *cr)
537 {
538 	znode_t *zp = ITOZ(ip);
539 	nvlist_t *nvl;
540 	size_t sa_size;
541 	int error = 0;
542 
543 	mutex_enter(&zp->z_lock);
544 	if (zp->z_xattr_cached == NULL)
545 		error = -zfs_sa_get_xattr(zp);
546 	mutex_exit(&zp->z_lock);
547 
548 	if (error)
549 		return (error);
550 
551 	ASSERT(zp->z_xattr_cached);
552 	nvl = zp->z_xattr_cached;
553 
554 	if (value == NULL) {
555 		error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
556 		if (error == -ENOENT)
557 			error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
558 	} else {
559 		/* Limited to 32k to keep nvpair memory allocations small */
560 		if (size > DXATTR_MAX_ENTRY_SIZE)
561 			return (-EFBIG);
562 
563 		/* Prevent the DXATTR SA from consuming the entire SA region */
564 		error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
565 		if (error)
566 			return (error);
567 
568 		if (sa_size > DXATTR_MAX_SA_SIZE)
569 			return (-EFBIG);
570 
571 		error = -nvlist_add_byte_array(nvl, name,
572 		    (uchar_t *)value, size);
573 	}
574 
575 	/*
576 	 * Update the SA for additions, modifications, and removals. On
577 	 * error drop the inconsistent cached version of the nvlist, it
578 	 * will be reconstructed from the ARC when next accessed.
579 	 */
580 	if (error == 0)
581 		error = -zfs_sa_set_xattr(zp);
582 
583 	if (error) {
584 		nvlist_free(nvl);
585 		zp->z_xattr_cached = NULL;
586 	}
587 
588 	ASSERT3S(error, <=, 0);
589 
590 	return (error);
591 }
592 
593 static int
594 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
595     size_t size, int flags)
596 {
597 	znode_t *zp = ITOZ(ip);
598 	zfsvfs_t *zfsvfs = ZTOZSB(zp);
599 	cred_t *cr = CRED();
600 	fstrans_cookie_t cookie;
601 	int where;
602 	int error;
603 
604 	crhold(cr);
605 	cookie = spl_fstrans_mark();
606 	ZPL_ENTER(zfsvfs);
607 	ZPL_VERIFY_ZP(zp);
608 	rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER);
609 
610 	/*
611 	 * Before setting the xattr check to see if it already exists.
612 	 * This is done to ensure the following optional flags are honored.
613 	 *
614 	 *   XATTR_CREATE: fail if xattr already exists
615 	 *   XATTR_REPLACE: fail if xattr does not exist
616 	 *
617 	 * We also want to know if it resides in sa or dir, so we can make
618 	 * sure we don't end up with duplicate in both places.
619 	 */
620 	error = __zpl_xattr_where(ip, name, &where, cr);
621 	if (error < 0) {
622 		if (error != -ENODATA)
623 			goto out;
624 		if (flags & XATTR_REPLACE)
625 			goto out;
626 
627 		/* The xattr to be removed already doesn't exist */
628 		error = 0;
629 		if (value == NULL)
630 			goto out;
631 	} else {
632 		error = -EEXIST;
633 		if (flags & XATTR_CREATE)
634 			goto out;
635 	}
636 
637 	/* Preferentially store the xattr as a SA for better performance */
638 	if (zfsvfs->z_use_sa && zp->z_is_sa &&
639 	    (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) {
640 		error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
641 		if (error == 0) {
642 			/*
643 			 * Successfully put into SA, we need to clear the one
644 			 * in dir.
645 			 */
646 			if (where & XATTR_IN_DIR)
647 				zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr);
648 			goto out;
649 		}
650 	}
651 
652 	error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
653 	/*
654 	 * Successfully put into dir, we need to clear the one in SA.
655 	 */
656 	if (error == 0 && (where & XATTR_IN_SA))
657 		zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr);
658 out:
659 	rw_exit(&ITOZ(ip)->z_xattr_lock);
660 	ZPL_EXIT(zfsvfs);
661 	spl_fstrans_unmark(cookie);
662 	crfree(cr);
663 	ASSERT3S(error, <=, 0);
664 
665 	return (error);
666 }
667 
668 /*
669  * Extended user attributes
670  *
671  * "Extended user attributes may be assigned to files and directories for
672  * storing arbitrary additional information such as the mime type,
673  * character set or encoding of a file.  The access permissions for user
674  * attributes are defined by the file permission bits: read permission
675  * is required to retrieve the attribute value, and writer permission is
676  * required to change it.
677  *
678  * The file permission bits of regular files and directories are
679  * interpreted differently from the file permission bits of special
680  * files and symbolic links.  For regular files and directories the file
681  * permission bits define access to the file's contents, while for
682  * device special files they define access to the device described by
683  * the special file.  The file permissions of symbolic links are not
684  * used in access checks.  These differences would allow users to
685  * consume filesystem resources in a way not controllable by disk quotas
686  * for group or world writable special files and directories.
687  *
688  * For this reason, extended user attributes are allowed only for
689  * regular files and directories, and access to extended user attributes
690  * is restricted to the owner and to users with appropriate capabilities
691  * for directories with the sticky bit set (see the chmod(1) manual page
692  * for an explanation of the sticky bit)." - xattr(7)
693  *
694  * ZFS allows extended user attributes to be disabled administratively
695  * by setting the 'xattr=off' property on the dataset.
696  */
697 static int
698 __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size,
699     const char *name, size_t name_len)
700 {
701 	return (ITOZSB(ip)->z_flags & ZSB_XATTR);
702 }
703 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list);
704 
705 static int
706 __zpl_xattr_user_get(struct inode *ip, const char *name,
707     void *value, size_t size)
708 {
709 	char *xattr_name;
710 	int error;
711 	/* xattr_resolve_name will do this for us if this is defined */
712 #ifndef HAVE_XATTR_HANDLER_NAME
713 	if (strcmp(name, "") == 0)
714 		return (-EINVAL);
715 #endif
716 	if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
717 		return (-EOPNOTSUPP);
718 
719 	xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
720 	error = zpl_xattr_get(ip, xattr_name, value, size);
721 	kmem_strfree(xattr_name);
722 
723 	return (error);
724 }
725 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
726 
727 static int
728 __zpl_xattr_user_set(struct inode *ip, const char *name,
729     const void *value, size_t size, int flags)
730 {
731 	char *xattr_name;
732 	int error;
733 	/* xattr_resolve_name will do this for us if this is defined */
734 #ifndef HAVE_XATTR_HANDLER_NAME
735 	if (strcmp(name, "") == 0)
736 		return (-EINVAL);
737 #endif
738 	if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
739 		return (-EOPNOTSUPP);
740 
741 	xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
742 	error = zpl_xattr_set(ip, xattr_name, value, size, flags);
743 	kmem_strfree(xattr_name);
744 
745 	return (error);
746 }
747 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
748 
749 xattr_handler_t zpl_xattr_user_handler =
750 {
751 	.prefix	= XATTR_USER_PREFIX,
752 	.list	= zpl_xattr_user_list,
753 	.get	= zpl_xattr_user_get,
754 	.set	= zpl_xattr_user_set,
755 };
756 
757 /*
758  * Trusted extended attributes
759  *
760  * "Trusted extended attributes are visible and accessible only to
761  * processes that have the CAP_SYS_ADMIN capability.  Attributes in this
762  * class are used to implement mechanisms in user space (i.e., outside
763  * the kernel) which keep information in extended attributes to which
764  * ordinary processes should not have access." - xattr(7)
765  */
766 static int
767 __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size,
768     const char *name, size_t name_len)
769 {
770 	return (capable(CAP_SYS_ADMIN));
771 }
772 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list);
773 
774 static int
775 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
776     void *value, size_t size)
777 {
778 	char *xattr_name;
779 	int error;
780 
781 	if (!capable(CAP_SYS_ADMIN))
782 		return (-EACCES);
783 	/* xattr_resolve_name will do this for us if this is defined */
784 #ifndef HAVE_XATTR_HANDLER_NAME
785 	if (strcmp(name, "") == 0)
786 		return (-EINVAL);
787 #endif
788 	xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
789 	error = zpl_xattr_get(ip, xattr_name, value, size);
790 	kmem_strfree(xattr_name);
791 
792 	return (error);
793 }
794 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
795 
796 static int
797 __zpl_xattr_trusted_set(struct inode *ip, const char *name,
798     const void *value, size_t size, int flags)
799 {
800 	char *xattr_name;
801 	int error;
802 
803 	if (!capable(CAP_SYS_ADMIN))
804 		return (-EACCES);
805 	/* xattr_resolve_name will do this for us if this is defined */
806 #ifndef HAVE_XATTR_HANDLER_NAME
807 	if (strcmp(name, "") == 0)
808 		return (-EINVAL);
809 #endif
810 	xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
811 	error = zpl_xattr_set(ip, xattr_name, value, size, flags);
812 	kmem_strfree(xattr_name);
813 
814 	return (error);
815 }
816 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
817 
818 xattr_handler_t zpl_xattr_trusted_handler =
819 {
820 	.prefix	= XATTR_TRUSTED_PREFIX,
821 	.list	= zpl_xattr_trusted_list,
822 	.get	= zpl_xattr_trusted_get,
823 	.set	= zpl_xattr_trusted_set,
824 };
825 
826 /*
827  * Extended security attributes
828  *
829  * "The security attribute namespace is used by kernel security modules,
830  * such as Security Enhanced Linux, and also to implement file
831  * capabilities (see capabilities(7)).  Read and write access
832  * permissions to security attributes depend on the policy implemented
833  * for each security attribute by the security module.  When no security
834  * module is loaded, all processes have read access to extended security
835  * attributes, and write access is limited to processes that have the
836  * CAP_SYS_ADMIN capability." - xattr(7)
837  */
838 static int
839 __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size,
840     const char *name, size_t name_len)
841 {
842 	return (1);
843 }
844 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list);
845 
846 static int
847 __zpl_xattr_security_get(struct inode *ip, const char *name,
848     void *value, size_t size)
849 {
850 	char *xattr_name;
851 	int error;
852 	/* xattr_resolve_name will do this for us if this is defined */
853 #ifndef HAVE_XATTR_HANDLER_NAME
854 	if (strcmp(name, "") == 0)
855 		return (-EINVAL);
856 #endif
857 	xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
858 	error = zpl_xattr_get(ip, xattr_name, value, size);
859 	kmem_strfree(xattr_name);
860 
861 	return (error);
862 }
863 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
864 
865 static int
866 __zpl_xattr_security_set(struct inode *ip, const char *name,
867     const void *value, size_t size, int flags)
868 {
869 	char *xattr_name;
870 	int error;
871 	/* xattr_resolve_name will do this for us if this is defined */
872 #ifndef HAVE_XATTR_HANDLER_NAME
873 	if (strcmp(name, "") == 0)
874 		return (-EINVAL);
875 #endif
876 	xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
877 	error = zpl_xattr_set(ip, xattr_name, value, size, flags);
878 	kmem_strfree(xattr_name);
879 
880 	return (error);
881 }
882 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
883 
884 static int
885 zpl_xattr_security_init_impl(struct inode *ip, const struct xattr *xattrs,
886     void *fs_info)
887 {
888 	const struct xattr *xattr;
889 	int error = 0;
890 
891 	for (xattr = xattrs; xattr->name != NULL; xattr++) {
892 		error = __zpl_xattr_security_set(ip,
893 		    xattr->name, xattr->value, xattr->value_len, 0);
894 
895 		if (error < 0)
896 			break;
897 	}
898 
899 	return (error);
900 }
901 
902 int
903 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
904     const struct qstr *qstr)
905 {
906 	return security_inode_init_security(ip, dip, qstr,
907 	    &zpl_xattr_security_init_impl, NULL);
908 }
909 
910 /*
911  * Security xattr namespace handlers.
912  */
913 xattr_handler_t zpl_xattr_security_handler = {
914 	.prefix	= XATTR_SECURITY_PREFIX,
915 	.list	= zpl_xattr_security_list,
916 	.get	= zpl_xattr_security_get,
917 	.set	= zpl_xattr_security_set,
918 };
919 
920 /*
921  * Extended system attributes
922  *
923  * "Extended system attributes are used by the kernel to store system
924  * objects such as Access Control Lists.  Read and write access permissions
925  * to system attributes depend on the policy implemented for each system
926  * attribute implemented by filesystems in the kernel." - xattr(7)
927  */
928 #ifdef CONFIG_FS_POSIX_ACL
929 #ifndef HAVE_SET_ACL
930 static
931 #endif
932 int
933 zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type)
934 {
935 	char *name, *value = NULL;
936 	int error = 0;
937 	size_t size = 0;
938 
939 	if (S_ISLNK(ip->i_mode))
940 		return (-EOPNOTSUPP);
941 
942 	switch (type) {
943 	case ACL_TYPE_ACCESS:
944 		name = XATTR_NAME_POSIX_ACL_ACCESS;
945 		if (acl) {
946 			umode_t mode = ip->i_mode;
947 			error = posix_acl_equiv_mode(acl, &mode);
948 			if (error < 0) {
949 				return (error);
950 			} else {
951 				/*
952 				 * The mode bits will have been set by
953 				 * ->zfs_setattr()->zfs_acl_chmod_setattr()
954 				 * using the ZFS ACL conversion.  If they
955 				 * differ from the Posix ACL conversion dirty
956 				 * the inode to write the Posix mode bits.
957 				 */
958 				if (ip->i_mode != mode) {
959 					ip->i_mode = mode;
960 					ip->i_ctime = current_time(ip);
961 					zfs_mark_inode_dirty(ip);
962 				}
963 
964 				if (error == 0)
965 					acl = NULL;
966 			}
967 		}
968 		break;
969 
970 	case ACL_TYPE_DEFAULT:
971 		name = XATTR_NAME_POSIX_ACL_DEFAULT;
972 		if (!S_ISDIR(ip->i_mode))
973 			return (acl ? -EACCES : 0);
974 		break;
975 
976 	default:
977 		return (-EINVAL);
978 	}
979 
980 	if (acl) {
981 		size = posix_acl_xattr_size(acl->a_count);
982 		value = kmem_alloc(size, KM_SLEEP);
983 
984 		error = zpl_acl_to_xattr(acl, value, size);
985 		if (error < 0) {
986 			kmem_free(value, size);
987 			return (error);
988 		}
989 	}
990 
991 	error = zpl_xattr_set(ip, name, value, size, 0);
992 	if (value)
993 		kmem_free(value, size);
994 
995 	if (!error) {
996 		if (acl)
997 			zpl_set_cached_acl(ip, type, acl);
998 		else
999 			zpl_forget_cached_acl(ip, type);
1000 	}
1001 
1002 	return (error);
1003 }
1004 
1005 struct posix_acl *
1006 zpl_get_acl(struct inode *ip, int type)
1007 {
1008 	struct posix_acl *acl;
1009 	void *value = NULL;
1010 	char *name;
1011 	int size;
1012 
1013 	/*
1014 	 * As of Linux 3.14, the kernel get_acl will check this for us.
1015 	 * Also as of Linux 4.7, comparing against ACL_NOT_CACHED is wrong
1016 	 * as the kernel get_acl will set it to temporary sentinel value.
1017 	 */
1018 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1019 	acl = get_cached_acl(ip, type);
1020 	if (acl != ACL_NOT_CACHED)
1021 		return (acl);
1022 #endif
1023 
1024 	switch (type) {
1025 	case ACL_TYPE_ACCESS:
1026 		name = XATTR_NAME_POSIX_ACL_ACCESS;
1027 		break;
1028 	case ACL_TYPE_DEFAULT:
1029 		name = XATTR_NAME_POSIX_ACL_DEFAULT;
1030 		break;
1031 	default:
1032 		return (ERR_PTR(-EINVAL));
1033 	}
1034 
1035 	size = zpl_xattr_get(ip, name, NULL, 0);
1036 	if (size > 0) {
1037 		value = kmem_alloc(size, KM_SLEEP);
1038 		size = zpl_xattr_get(ip, name, value, size);
1039 	}
1040 
1041 	if (size > 0) {
1042 		acl = zpl_acl_from_xattr(value, size);
1043 	} else if (size == -ENODATA || size == -ENOSYS) {
1044 		acl = NULL;
1045 	} else {
1046 		acl = ERR_PTR(-EIO);
1047 	}
1048 
1049 	if (size > 0)
1050 		kmem_free(value, size);
1051 
1052 	/* As of Linux 4.7, the kernel get_acl will set this for us */
1053 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1054 	if (!IS_ERR(acl))
1055 		zpl_set_cached_acl(ip, type, acl);
1056 #endif
1057 
1058 	return (acl);
1059 }
1060 
1061 int
1062 zpl_init_acl(struct inode *ip, struct inode *dir)
1063 {
1064 	struct posix_acl *acl = NULL;
1065 	int error = 0;
1066 
1067 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1068 		return (0);
1069 
1070 	if (!S_ISLNK(ip->i_mode)) {
1071 		acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT);
1072 		if (IS_ERR(acl))
1073 			return (PTR_ERR(acl));
1074 		if (!acl) {
1075 			ip->i_mode &= ~current_umask();
1076 			ip->i_ctime = current_time(ip);
1077 			zfs_mark_inode_dirty(ip);
1078 			return (0);
1079 		}
1080 	}
1081 
1082 	if (acl) {
1083 		umode_t mode;
1084 
1085 		if (S_ISDIR(ip->i_mode)) {
1086 			error = zpl_set_acl(ip, acl, ACL_TYPE_DEFAULT);
1087 			if (error)
1088 				goto out;
1089 		}
1090 
1091 		mode = ip->i_mode;
1092 		error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
1093 		if (error >= 0) {
1094 			ip->i_mode = mode;
1095 			zfs_mark_inode_dirty(ip);
1096 			if (error > 0)
1097 				error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS);
1098 		}
1099 	}
1100 out:
1101 	zpl_posix_acl_release(acl);
1102 
1103 	return (error);
1104 }
1105 
1106 int
1107 zpl_chmod_acl(struct inode *ip)
1108 {
1109 	struct posix_acl *acl;
1110 	int error;
1111 
1112 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1113 		return (0);
1114 
1115 	if (S_ISLNK(ip->i_mode))
1116 		return (-EOPNOTSUPP);
1117 
1118 	acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
1119 	if (IS_ERR(acl) || !acl)
1120 		return (PTR_ERR(acl));
1121 
1122 	error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
1123 	if (!error)
1124 		error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS);
1125 
1126 	zpl_posix_acl_release(acl);
1127 
1128 	return (error);
1129 }
1130 
1131 static int
1132 __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1133     const char *name, size_t name_len)
1134 {
1135 	char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS;
1136 	size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS);
1137 
1138 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1139 		return (0);
1140 
1141 	if (list && xattr_size <= list_size)
1142 		memcpy(list, xattr_name, xattr_size);
1143 
1144 	return (xattr_size);
1145 }
1146 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access);
1147 
1148 static int
1149 __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1150     const char *name, size_t name_len)
1151 {
1152 	char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT;
1153 	size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT);
1154 
1155 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1156 		return (0);
1157 
1158 	if (list && xattr_size <= list_size)
1159 		memcpy(list, xattr_name, xattr_size);
1160 
1161 	return (xattr_size);
1162 }
1163 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default);
1164 
1165 static int
1166 __zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1167     void *buffer, size_t size)
1168 {
1169 	struct posix_acl *acl;
1170 	int type = ACL_TYPE_ACCESS;
1171 	int error;
1172 	/* xattr_resolve_name will do this for us if this is defined */
1173 #ifndef HAVE_XATTR_HANDLER_NAME
1174 	if (strcmp(name, "") != 0)
1175 		return (-EINVAL);
1176 #endif
1177 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1178 		return (-EOPNOTSUPP);
1179 
1180 	acl = zpl_get_acl(ip, type);
1181 	if (IS_ERR(acl))
1182 		return (PTR_ERR(acl));
1183 	if (acl == NULL)
1184 		return (-ENODATA);
1185 
1186 	error = zpl_acl_to_xattr(acl, buffer, size);
1187 	zpl_posix_acl_release(acl);
1188 
1189 	return (error);
1190 }
1191 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access);
1192 
1193 static int
1194 __zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1195     void *buffer, size_t size)
1196 {
1197 	struct posix_acl *acl;
1198 	int type = ACL_TYPE_DEFAULT;
1199 	int error;
1200 	/* xattr_resolve_name will do this for us if this is defined */
1201 #ifndef HAVE_XATTR_HANDLER_NAME
1202 	if (strcmp(name, "") != 0)
1203 		return (-EINVAL);
1204 #endif
1205 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1206 		return (-EOPNOTSUPP);
1207 
1208 	acl = zpl_get_acl(ip, type);
1209 	if (IS_ERR(acl))
1210 		return (PTR_ERR(acl));
1211 	if (acl == NULL)
1212 		return (-ENODATA);
1213 
1214 	error = zpl_acl_to_xattr(acl, buffer, size);
1215 	zpl_posix_acl_release(acl);
1216 
1217 	return (error);
1218 }
1219 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default);
1220 
1221 static int
1222 __zpl_xattr_acl_set_access(struct inode *ip, const char *name,
1223     const void *value, size_t size, int flags)
1224 {
1225 	struct posix_acl *acl;
1226 	int type = ACL_TYPE_ACCESS;
1227 	int error = 0;
1228 	/* xattr_resolve_name will do this for us if this is defined */
1229 #ifndef HAVE_XATTR_HANDLER_NAME
1230 	if (strcmp(name, "") != 0)
1231 		return (-EINVAL);
1232 #endif
1233 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1234 		return (-EOPNOTSUPP);
1235 
1236 	if (!inode_owner_or_capable(ip))
1237 		return (-EPERM);
1238 
1239 	if (value) {
1240 		acl = zpl_acl_from_xattr(value, size);
1241 		if (IS_ERR(acl))
1242 			return (PTR_ERR(acl));
1243 		else if (acl) {
1244 			error = zpl_posix_acl_valid(ip, acl);
1245 			if (error) {
1246 				zpl_posix_acl_release(acl);
1247 				return (error);
1248 			}
1249 		}
1250 	} else {
1251 		acl = NULL;
1252 	}
1253 
1254 	error = zpl_set_acl(ip, acl, type);
1255 	zpl_posix_acl_release(acl);
1256 
1257 	return (error);
1258 }
1259 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access);
1260 
1261 static int
1262 __zpl_xattr_acl_set_default(struct inode *ip, const char *name,
1263     const void *value, size_t size, int flags)
1264 {
1265 	struct posix_acl *acl;
1266 	int type = ACL_TYPE_DEFAULT;
1267 	int error = 0;
1268 	/* xattr_resolve_name will do this for us if this is defined */
1269 #ifndef HAVE_XATTR_HANDLER_NAME
1270 	if (strcmp(name, "") != 0)
1271 		return (-EINVAL);
1272 #endif
1273 	if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1274 		return (-EOPNOTSUPP);
1275 
1276 	if (!inode_owner_or_capable(ip))
1277 		return (-EPERM);
1278 
1279 	if (value) {
1280 		acl = zpl_acl_from_xattr(value, size);
1281 		if (IS_ERR(acl))
1282 			return (PTR_ERR(acl));
1283 		else if (acl) {
1284 			error = zpl_posix_acl_valid(ip, acl);
1285 			if (error) {
1286 				zpl_posix_acl_release(acl);
1287 				return (error);
1288 			}
1289 		}
1290 	} else {
1291 		acl = NULL;
1292 	}
1293 
1294 	error = zpl_set_acl(ip, acl, type);
1295 	zpl_posix_acl_release(acl);
1296 
1297 	return (error);
1298 }
1299 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default);
1300 
1301 /*
1302  * ACL access xattr namespace handlers.
1303  *
1304  * Use .name instead of .prefix when available. xattr_resolve_name will match
1305  * whole name and reject anything that has .name only as prefix.
1306  */
1307 xattr_handler_t zpl_xattr_acl_access_handler =
1308 {
1309 #ifdef HAVE_XATTR_HANDLER_NAME
1310 	.name	= XATTR_NAME_POSIX_ACL_ACCESS,
1311 #else
1312 	.prefix	= XATTR_NAME_POSIX_ACL_ACCESS,
1313 #endif
1314 	.list	= zpl_xattr_acl_list_access,
1315 	.get	= zpl_xattr_acl_get_access,
1316 	.set	= zpl_xattr_acl_set_access,
1317 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1318     defined(HAVE_XATTR_LIST_DENTRY) || \
1319     defined(HAVE_XATTR_LIST_HANDLER)
1320 	.flags	= ACL_TYPE_ACCESS,
1321 #endif
1322 };
1323 
1324 /*
1325  * ACL default xattr namespace handlers.
1326  *
1327  * Use .name instead of .prefix when available. xattr_resolve_name will match
1328  * whole name and reject anything that has .name only as prefix.
1329  */
1330 xattr_handler_t zpl_xattr_acl_default_handler =
1331 {
1332 #ifdef HAVE_XATTR_HANDLER_NAME
1333 	.name	= XATTR_NAME_POSIX_ACL_DEFAULT,
1334 #else
1335 	.prefix	= XATTR_NAME_POSIX_ACL_DEFAULT,
1336 #endif
1337 	.list	= zpl_xattr_acl_list_default,
1338 	.get	= zpl_xattr_acl_get_default,
1339 	.set	= zpl_xattr_acl_set_default,
1340 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1341     defined(HAVE_XATTR_LIST_DENTRY) || \
1342     defined(HAVE_XATTR_LIST_HANDLER)
1343 	.flags	= ACL_TYPE_DEFAULT,
1344 #endif
1345 };
1346 
1347 #endif /* CONFIG_FS_POSIX_ACL */
1348 
1349 xattr_handler_t *zpl_xattr_handlers[] = {
1350 	&zpl_xattr_security_handler,
1351 	&zpl_xattr_trusted_handler,
1352 	&zpl_xattr_user_handler,
1353 #ifdef CONFIG_FS_POSIX_ACL
1354 	&zpl_xattr_acl_access_handler,
1355 	&zpl_xattr_acl_default_handler,
1356 #endif /* CONFIG_FS_POSIX_ACL */
1357 	NULL
1358 };
1359 
1360 static const struct xattr_handler *
1361 zpl_xattr_handler(const char *name)
1362 {
1363 	if (strncmp(name, XATTR_USER_PREFIX,
1364 	    XATTR_USER_PREFIX_LEN) == 0)
1365 		return (&zpl_xattr_user_handler);
1366 
1367 	if (strncmp(name, XATTR_TRUSTED_PREFIX,
1368 	    XATTR_TRUSTED_PREFIX_LEN) == 0)
1369 		return (&zpl_xattr_trusted_handler);
1370 
1371 	if (strncmp(name, XATTR_SECURITY_PREFIX,
1372 	    XATTR_SECURITY_PREFIX_LEN) == 0)
1373 		return (&zpl_xattr_security_handler);
1374 
1375 #ifdef CONFIG_FS_POSIX_ACL
1376 	if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
1377 	    sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0)
1378 		return (&zpl_xattr_acl_access_handler);
1379 
1380 	if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1381 	    sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0)
1382 		return (&zpl_xattr_acl_default_handler);
1383 #endif /* CONFIG_FS_POSIX_ACL */
1384 
1385 	return (NULL);
1386 }
1387 
1388 #if !defined(HAVE_POSIX_ACL_RELEASE) || defined(HAVE_POSIX_ACL_RELEASE_GPL_ONLY)
1389 struct acl_rel_struct {
1390 	struct acl_rel_struct *next;
1391 	struct posix_acl *acl;
1392 	clock_t time;
1393 };
1394 
1395 #define	ACL_REL_GRACE	(60*HZ)
1396 #define	ACL_REL_WINDOW	(1*HZ)
1397 #define	ACL_REL_SCHED	(ACL_REL_GRACE+ACL_REL_WINDOW)
1398 
1399 /*
1400  * Lockless multi-producer single-consumer fifo list.
1401  * Nodes are added to tail and removed from head. Tail pointer is our
1402  * synchronization point. It always points to the next pointer of the last
1403  * node, or head if list is empty.
1404  */
1405 static struct acl_rel_struct *acl_rel_head = NULL;
1406 static struct acl_rel_struct **acl_rel_tail = &acl_rel_head;
1407 
1408 static void
1409 zpl_posix_acl_free(void *arg)
1410 {
1411 	struct acl_rel_struct *freelist = NULL;
1412 	struct acl_rel_struct *a;
1413 	clock_t new_time;
1414 	boolean_t refire = B_FALSE;
1415 
1416 	ASSERT3P(acl_rel_head, !=, NULL);
1417 	while (acl_rel_head) {
1418 		a = acl_rel_head;
1419 		if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) {
1420 			/*
1421 			 * If a is the last node we need to reset tail, but we
1422 			 * need to use cmpxchg to make sure it is still the
1423 			 * last node.
1424 			 */
1425 			if (acl_rel_tail == &a->next) {
1426 				acl_rel_head = NULL;
1427 				if (cmpxchg(&acl_rel_tail, &a->next,
1428 				    &acl_rel_head) == &a->next) {
1429 					ASSERT3P(a->next, ==, NULL);
1430 					a->next = freelist;
1431 					freelist = a;
1432 					break;
1433 				}
1434 			}
1435 			/*
1436 			 * a is not last node, make sure next pointer is set
1437 			 * by the adder and advance the head.
1438 			 */
1439 			while (READ_ONCE(a->next) == NULL)
1440 				cpu_relax();
1441 			acl_rel_head = a->next;
1442 			a->next = freelist;
1443 			freelist = a;
1444 		} else {
1445 			/*
1446 			 * a is still in grace period. We are responsible to
1447 			 * reschedule the free task, since adder will only do
1448 			 * so if list is empty.
1449 			 */
1450 			new_time = a->time + ACL_REL_SCHED;
1451 			refire = B_TRUE;
1452 			break;
1453 		}
1454 	}
1455 
1456 	if (refire)
1457 		taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1458 		    NULL, TQ_SLEEP, new_time);
1459 
1460 	while (freelist) {
1461 		a = freelist;
1462 		freelist = a->next;
1463 		kfree(a->acl);
1464 		kmem_free(a, sizeof (struct acl_rel_struct));
1465 	}
1466 }
1467 
1468 void
1469 zpl_posix_acl_release_impl(struct posix_acl *acl)
1470 {
1471 	struct acl_rel_struct *a, **prev;
1472 
1473 	a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP);
1474 	a->next = NULL;
1475 	a->acl = acl;
1476 	a->time = ddi_get_lbolt();
1477 	/* atomically points tail to us and get the previous tail */
1478 	prev = xchg(&acl_rel_tail, &a->next);
1479 	ASSERT3P(*prev, ==, NULL);
1480 	*prev = a;
1481 	/* if it was empty before, schedule the free task */
1482 	if (prev == &acl_rel_head)
1483 		taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1484 		    NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED);
1485 }
1486 #endif
1487