1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or https://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
23 *
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
35 *
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
40 * following namespace prefixes:
41 *
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
46 *
47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
52 *
53 * The Linux xattr implementation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
60 *
61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
66 *
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
71 *
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
78 */
79
80 #include <sys/zfs_znode.h>
81 #include <sys/zfs_vfsops.h>
82 #include <sys/zfs_vnops.h>
83 #include <sys/zap.h>
84 #include <sys/vfs.h>
85 #include <sys/zpl.h>
86 #include <linux/vfs_compat.h>
87
88 enum xattr_permission {
89 XAPERM_DENY,
90 XAPERM_ALLOW,
91 XAPERM_COMPAT,
92 };
93
94 typedef struct xattr_filldir {
95 size_t size;
96 size_t offset;
97 char *buf;
98 struct dentry *dentry;
99 } xattr_filldir_t;
100
101 static enum xattr_permission zpl_xattr_permission(xattr_filldir_t *,
102 const char *, int);
103
104 static int zfs_xattr_compat = 0;
105
106 /*
107 * Determine is a given xattr name should be visible and if so copy it
108 * in to the provided buffer (xf->buf).
109 */
110 static int
zpl_xattr_filldir(xattr_filldir_t * xf,const char * name,int name_len)111 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
112 {
113 enum xattr_permission perm;
114
115 /* Check permissions using the per-namespace list xattr handler. */
116 perm = zpl_xattr_permission(xf, name, name_len);
117 if (perm == XAPERM_DENY)
118 return (0);
119
120 /* Prefix the name with "user." if it does not have a namespace. */
121 if (perm == XAPERM_COMPAT) {
122 if (xf->buf) {
123 if (xf->offset + XATTR_USER_PREFIX_LEN + 1 > xf->size)
124 return (-ERANGE);
125
126 memcpy(xf->buf + xf->offset, XATTR_USER_PREFIX,
127 XATTR_USER_PREFIX_LEN);
128 xf->buf[xf->offset + XATTR_USER_PREFIX_LEN] = '\0';
129 }
130
131 xf->offset += XATTR_USER_PREFIX_LEN;
132 }
133
134 /* When xf->buf is NULL only calculate the required size. */
135 if (xf->buf) {
136 if (xf->offset + name_len + 1 > xf->size)
137 return (-ERANGE);
138
139 memcpy(xf->buf + xf->offset, name, name_len);
140 xf->buf[xf->offset + name_len] = '\0';
141 }
142
143 xf->offset += (name_len + 1);
144
145 return (0);
146 }
147
148 /*
149 * Read as many directory entry names as will fit in to the provided buffer,
150 * or when no buffer is provided calculate the required buffer size.
151 */
152 static int
zpl_xattr_readdir(struct inode * dxip,xattr_filldir_t * xf)153 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
154 {
155 zap_cursor_t zc;
156 zap_attribute_t *zap = zap_attribute_alloc();
157 int error;
158
159 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
160
161 while ((error = -zap_cursor_retrieve(&zc, zap)) == 0) {
162
163 if (zap->za_integer_length != 8 || zap->za_num_integers != 1) {
164 error = -ENXIO;
165 break;
166 }
167
168 error = zpl_xattr_filldir(xf, zap->za_name,
169 strlen(zap->za_name));
170 if (error)
171 break;
172
173 zap_cursor_advance(&zc);
174 }
175
176 zap_cursor_fini(&zc);
177 zap_attribute_free(zap);
178
179 if (error == -ENOENT)
180 error = 0;
181
182 return (error);
183 }
184
185 static ssize_t
zpl_xattr_list_dir(xattr_filldir_t * xf,cred_t * cr)186 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
187 {
188 struct inode *ip = xf->dentry->d_inode;
189 struct inode *dxip = NULL;
190 znode_t *dxzp;
191 int error;
192
193 /* Lookup the xattr directory */
194 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
195 cr, NULL, NULL);
196 if (error) {
197 if (error == -ENOENT)
198 error = 0;
199
200 return (error);
201 }
202
203 dxip = ZTOI(dxzp);
204 error = zpl_xattr_readdir(dxip, xf);
205 iput(dxip);
206
207 return (error);
208 }
209
210 static ssize_t
zpl_xattr_list_sa(xattr_filldir_t * xf)211 zpl_xattr_list_sa(xattr_filldir_t *xf)
212 {
213 znode_t *zp = ITOZ(xf->dentry->d_inode);
214 nvpair_t *nvp = NULL;
215 int error = 0;
216
217 mutex_enter(&zp->z_lock);
218 if (zp->z_xattr_cached == NULL)
219 error = -zfs_sa_get_xattr(zp);
220 mutex_exit(&zp->z_lock);
221
222 if (error)
223 return (error);
224
225 ASSERT(zp->z_xattr_cached);
226
227 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
228 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
229
230 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
231 strlen(nvpair_name(nvp)));
232 if (error)
233 return (error);
234 }
235
236 return (0);
237 }
238
239 ssize_t
zpl_xattr_list(struct dentry * dentry,char * buffer,size_t buffer_size)240 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
241 {
242 znode_t *zp = ITOZ(dentry->d_inode);
243 zfsvfs_t *zfsvfs = ZTOZSB(zp);
244 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry };
245 cred_t *cr = CRED();
246 fstrans_cookie_t cookie;
247 int error = 0;
248
249 crhold(cr);
250 cookie = spl_fstrans_mark();
251 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
252 goto out1;
253 rw_enter(&zp->z_xattr_lock, RW_READER);
254
255 if (zfsvfs->z_use_sa && zp->z_is_sa) {
256 error = zpl_xattr_list_sa(&xf);
257 if (error)
258 goto out;
259 }
260
261 error = zpl_xattr_list_dir(&xf, cr);
262 if (error)
263 goto out;
264
265 error = xf.offset;
266 out:
267
268 rw_exit(&zp->z_xattr_lock);
269 zpl_exit(zfsvfs, FTAG);
270 out1:
271 spl_fstrans_unmark(cookie);
272 crfree(cr);
273
274 return (error);
275 }
276
277 static int
zpl_xattr_get_dir(struct inode * ip,const char * name,void * value,size_t size,cred_t * cr)278 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
279 size_t size, cred_t *cr)
280 {
281 fstrans_cookie_t cookie;
282 struct inode *xip = NULL;
283 znode_t *dxzp = NULL;
284 znode_t *xzp = NULL;
285 int error;
286
287 /* Lookup the xattr directory */
288 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
289 cr, NULL, NULL);
290 if (error)
291 goto out;
292
293 /* Lookup a specific xattr name in the directory */
294 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
295 if (error)
296 goto out;
297
298 xip = ZTOI(xzp);
299 if (!size) {
300 error = i_size_read(xip);
301 goto out;
302 }
303
304 if (size < i_size_read(xip)) {
305 error = -ERANGE;
306 goto out;
307 }
308
309 struct iovec iov;
310 iov.iov_base = (void *)value;
311 iov.iov_len = size;
312
313 zfs_uio_t uio;
314 zfs_uio_iovec_init(&uio, &iov, 1, 0, UIO_SYSSPACE, size, 0);
315
316 cookie = spl_fstrans_mark();
317 error = -zfs_read(ITOZ(xip), &uio, 0, cr);
318 spl_fstrans_unmark(cookie);
319
320 if (error == 0)
321 error = size - zfs_uio_resid(&uio);
322 out:
323 if (xzp)
324 zrele(xzp);
325
326 if (dxzp)
327 zrele(dxzp);
328
329 return (error);
330 }
331
332 static int
zpl_xattr_get_sa(struct inode * ip,const char * name,void * value,size_t size)333 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
334 {
335 znode_t *zp = ITOZ(ip);
336 uchar_t *nv_value;
337 uint_t nv_size;
338 int error = 0;
339
340 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
341
342 mutex_enter(&zp->z_lock);
343 if (zp->z_xattr_cached == NULL)
344 error = -zfs_sa_get_xattr(zp);
345 mutex_exit(&zp->z_lock);
346
347 if (error)
348 return (error);
349
350 ASSERT(zp->z_xattr_cached);
351 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
352 &nv_value, &nv_size);
353 if (error)
354 return (error);
355
356 if (size == 0 || value == NULL)
357 return (nv_size);
358
359 if (size < nv_size)
360 return (-ERANGE);
361
362 memcpy(value, nv_value, nv_size);
363
364 return (nv_size);
365 }
366
367 static int
__zpl_xattr_get(struct inode * ip,const char * name,void * value,size_t size,cred_t * cr)368 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
369 cred_t *cr)
370 {
371 znode_t *zp = ITOZ(ip);
372 zfsvfs_t *zfsvfs = ZTOZSB(zp);
373 int error;
374
375 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
376
377 if (zfsvfs->z_use_sa && zp->z_is_sa) {
378 error = zpl_xattr_get_sa(ip, name, value, size);
379 if (error != -ENOENT)
380 goto out;
381 }
382
383 error = zpl_xattr_get_dir(ip, name, value, size, cr);
384 out:
385 if (error == -ENOENT)
386 error = -ENODATA;
387
388 return (error);
389 }
390
391 #define XATTR_NOENT 0x0
392 #define XATTR_IN_SA 0x1
393 #define XATTR_IN_DIR 0x2
394 /* check where the xattr resides */
395 static int
__zpl_xattr_where(struct inode * ip,const char * name,int * where,cred_t * cr)396 __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr)
397 {
398 znode_t *zp = ITOZ(ip);
399 zfsvfs_t *zfsvfs = ZTOZSB(zp);
400 int error;
401
402 ASSERT(where);
403 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
404
405 *where = XATTR_NOENT;
406 if (zfsvfs->z_use_sa && zp->z_is_sa) {
407 error = zpl_xattr_get_sa(ip, name, NULL, 0);
408 if (error >= 0)
409 *where |= XATTR_IN_SA;
410 else if (error != -ENOENT)
411 return (error);
412 }
413
414 error = zpl_xattr_get_dir(ip, name, NULL, 0, cr);
415 if (error >= 0)
416 *where |= XATTR_IN_DIR;
417 else if (error != -ENOENT)
418 return (error);
419
420 if (*where == (XATTR_IN_SA|XATTR_IN_DIR))
421 cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\""
422 " in both SA and dir", ip, name);
423 if (*where == XATTR_NOENT)
424 error = -ENODATA;
425 else
426 error = 0;
427 return (error);
428 }
429
430 static int
zpl_xattr_get(struct inode * ip,const char * name,void * value,size_t size)431 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
432 {
433 znode_t *zp = ITOZ(ip);
434 zfsvfs_t *zfsvfs = ZTOZSB(zp);
435 cred_t *cr = CRED();
436 fstrans_cookie_t cookie;
437 int error;
438
439 crhold(cr);
440 cookie = spl_fstrans_mark();
441 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
442 goto out;
443 rw_enter(&zp->z_xattr_lock, RW_READER);
444 error = __zpl_xattr_get(ip, name, value, size, cr);
445 rw_exit(&zp->z_xattr_lock);
446 zpl_exit(zfsvfs, FTAG);
447 out:
448 spl_fstrans_unmark(cookie);
449 crfree(cr);
450
451 return (error);
452 }
453
454 static int
zpl_xattr_set_dir(struct inode * ip,const char * name,const void * value,size_t size,int flags,cred_t * cr)455 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
456 size_t size, int flags, cred_t *cr)
457 {
458 znode_t *dxzp = NULL;
459 znode_t *xzp = NULL;
460 vattr_t *vap = NULL;
461 int lookup_flags, error;
462 const int xattr_mode = S_IFREG | 0644;
463 loff_t pos = 0;
464
465 /*
466 * Lookup the xattr directory. When we're adding an entry pass
467 * CREATE_XATTR_DIR to ensure the xattr directory is created.
468 * When removing an entry this flag is not passed to avoid
469 * unnecessarily creating a new xattr directory.
470 */
471 lookup_flags = LOOKUP_XATTR;
472 if (value != NULL)
473 lookup_flags |= CREATE_XATTR_DIR;
474
475 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, lookup_flags,
476 cr, NULL, NULL);
477 if (error)
478 goto out;
479
480 /* Lookup a specific xattr name in the directory */
481 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
482 if (error && (error != -ENOENT))
483 goto out;
484
485 error = 0;
486
487 /* Remove a specific name xattr when value is set to NULL. */
488 if (value == NULL) {
489 if (xzp)
490 error = -zfs_remove(dxzp, (char *)name, cr, 0);
491
492 goto out;
493 }
494
495 /* Lookup failed create a new xattr. */
496 if (xzp == NULL) {
497 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
498 vap->va_mode = xattr_mode;
499 vap->va_mask = ATTR_MODE;
500 vap->va_uid = crgetuid(cr);
501 vap->va_gid = crgetgid(cr);
502
503 error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp,
504 cr, ATTR_NOACLCHECK, NULL, zfs_init_idmap);
505 if (error)
506 goto out;
507 }
508
509 ASSERT(xzp != NULL);
510
511 error = -zfs_freesp(xzp, 0, 0, xattr_mode, TRUE);
512 if (error)
513 goto out;
514
515 error = -zfs_write_simple(xzp, value, size, pos, NULL);
516 out:
517 if (error == 0) {
518 zpl_inode_set_ctime_to_ts(ip, current_time(ip));
519 zfs_mark_inode_dirty(ip);
520 }
521
522 if (vap)
523 kmem_free(vap, sizeof (vattr_t));
524
525 if (xzp)
526 zrele(xzp);
527
528 if (dxzp)
529 zrele(dxzp);
530
531 if (error == -ENOENT)
532 error = -ENODATA;
533
534 ASSERT3S(error, <=, 0);
535
536 return (error);
537 }
538
539 static int
zpl_xattr_set_sa(struct inode * ip,const char * name,const void * value,size_t size,int flags,cred_t * cr)540 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
541 size_t size, int flags, cred_t *cr)
542 {
543 znode_t *zp = ITOZ(ip);
544 nvlist_t *nvl;
545 size_t sa_size;
546 int error = 0;
547
548 mutex_enter(&zp->z_lock);
549 if (zp->z_xattr_cached == NULL)
550 error = -zfs_sa_get_xattr(zp);
551 mutex_exit(&zp->z_lock);
552
553 if (error)
554 return (error);
555
556 ASSERT(zp->z_xattr_cached);
557 nvl = zp->z_xattr_cached;
558
559 if (value == NULL) {
560 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
561 if (error == -ENOENT)
562 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
563 } else {
564 /* Limited to 32k to keep nvpair memory allocations small */
565 if (size > DXATTR_MAX_ENTRY_SIZE)
566 return (-EFBIG);
567
568 /* Prevent the DXATTR SA from consuming the entire SA region */
569 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
570 if (error)
571 return (error);
572
573 if (sa_size > DXATTR_MAX_SA_SIZE)
574 return (-EFBIG);
575
576 error = -nvlist_add_byte_array(nvl, name,
577 (uchar_t *)value, size);
578 }
579
580 /*
581 * Update the SA for additions, modifications, and removals. On
582 * error drop the inconsistent cached version of the nvlist, it
583 * will be reconstructed from the ARC when next accessed.
584 */
585 if (error == 0)
586 error = -zfs_sa_set_xattr(zp, name, value, size);
587
588 if (error) {
589 nvlist_free(nvl);
590 zp->z_xattr_cached = NULL;
591 }
592
593 ASSERT3S(error, <=, 0);
594
595 return (error);
596 }
597
598 static int
zpl_xattr_set(struct inode * ip,const char * name,const void * value,size_t size,int flags)599 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
600 size_t size, int flags)
601 {
602 znode_t *zp = ITOZ(ip);
603 zfsvfs_t *zfsvfs = ZTOZSB(zp);
604 cred_t *cr = CRED();
605 fstrans_cookie_t cookie;
606 int where;
607 int error;
608
609 crhold(cr);
610 cookie = spl_fstrans_mark();
611 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
612 goto out1;
613 rw_enter(&zp->z_xattr_lock, RW_WRITER);
614
615 /*
616 * Before setting the xattr check to see if it already exists.
617 * This is done to ensure the following optional flags are honored.
618 *
619 * XATTR_CREATE: fail if xattr already exists
620 * XATTR_REPLACE: fail if xattr does not exist
621 *
622 * We also want to know if it resides in sa or dir, so we can make
623 * sure we don't end up with duplicate in both places.
624 */
625 error = __zpl_xattr_where(ip, name, &where, cr);
626 if (error < 0) {
627 if (error != -ENODATA)
628 goto out;
629 if (flags & XATTR_REPLACE)
630 goto out;
631
632 /* The xattr to be removed already doesn't exist */
633 error = 0;
634 if (value == NULL)
635 goto out;
636 } else {
637 error = -EEXIST;
638 if (flags & XATTR_CREATE)
639 goto out;
640 }
641
642 /* Preferentially store the xattr as a SA for better performance */
643 if (zfsvfs->z_use_sa && zp->z_is_sa &&
644 (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) {
645 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
646 if (error == 0) {
647 /*
648 * Successfully put into SA, we need to clear the one
649 * in dir.
650 */
651 if (where & XATTR_IN_DIR)
652 zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr);
653 goto out;
654 }
655 }
656
657 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
658 /*
659 * Successfully put into dir, we need to clear the one in SA.
660 */
661 if (error == 0 && (where & XATTR_IN_SA))
662 zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr);
663 out:
664 rw_exit(&zp->z_xattr_lock);
665 zpl_exit(zfsvfs, FTAG);
666 out1:
667 spl_fstrans_unmark(cookie);
668 crfree(cr);
669 ASSERT3S(error, <=, 0);
670
671 return (error);
672 }
673
674 /*
675 * Extended user attributes
676 *
677 * "Extended user attributes may be assigned to files and directories for
678 * storing arbitrary additional information such as the mime type,
679 * character set or encoding of a file. The access permissions for user
680 * attributes are defined by the file permission bits: read permission
681 * is required to retrieve the attribute value, and writer permission is
682 * required to change it.
683 *
684 * The file permission bits of regular files and directories are
685 * interpreted differently from the file permission bits of special
686 * files and symbolic links. For regular files and directories the file
687 * permission bits define access to the file's contents, while for
688 * device special files they define access to the device described by
689 * the special file. The file permissions of symbolic links are not
690 * used in access checks. These differences would allow users to
691 * consume filesystem resources in a way not controllable by disk quotas
692 * for group or world writable special files and directories.
693 *
694 * For this reason, extended user attributes are allowed only for
695 * regular files and directories, and access to extended user attributes
696 * is restricted to the owner and to users with appropriate capabilities
697 * for directories with the sticky bit set (see the chmod(1) manual page
698 * for an explanation of the sticky bit)." - xattr(7)
699 *
700 * ZFS allows extended user attributes to be disabled administratively
701 * by setting the 'xattr=off' property on the dataset.
702 */
703 static int
__zpl_xattr_user_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)704 __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size,
705 const char *name, size_t name_len)
706 {
707 return (ITOZSB(ip)->z_flags & ZSB_XATTR);
708 }
709 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list);
710
711 static int
__zpl_xattr_user_get(struct inode * ip,const char * name,void * value,size_t size)712 __zpl_xattr_user_get(struct inode *ip, const char *name,
713 void *value, size_t size)
714 {
715 int error;
716 /* xattr_resolve_name will do this for us if this is defined */
717 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
718 return (-EINVAL);
719 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
720 return (-EOPNOTSUPP);
721
722 /*
723 * Try to look up the name with the namespace prefix first for
724 * compatibility with xattrs from this platform. If that fails,
725 * try again without the namespace prefix for compatibility with
726 * other platforms.
727 */
728 char *xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
729 error = zpl_xattr_get(ip, xattr_name, value, size);
730 kmem_strfree(xattr_name);
731 if (error == -ENODATA)
732 error = zpl_xattr_get(ip, name, value, size);
733
734 return (error);
735 }
736 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
737
738 static int
__zpl_xattr_user_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)739 __zpl_xattr_user_set(zidmap_t *user_ns,
740 struct inode *ip, const char *name,
741 const void *value, size_t size, int flags)
742 {
743 (void) user_ns;
744 int error = 0;
745 /* xattr_resolve_name will do this for us if this is defined */
746 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
747 return (-EINVAL);
748 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
749 return (-EOPNOTSUPP);
750
751 /*
752 * Remove alternate compat version of the xattr so we only set the
753 * version specified by the zfs_xattr_compat tunable.
754 *
755 * The following flags must be handled correctly:
756 *
757 * XATTR_CREATE: fail if xattr already exists
758 * XATTR_REPLACE: fail if xattr does not exist
759 */
760 char *prefixed_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
761 const char *clear_name, *set_name;
762 if (zfs_xattr_compat) {
763 clear_name = prefixed_name;
764 set_name = name;
765 } else {
766 clear_name = name;
767 set_name = prefixed_name;
768 }
769 /*
770 * Clear the old value with the alternative name format, if it exists.
771 */
772 error = zpl_xattr_set(ip, clear_name, NULL, 0, flags);
773 /*
774 * XATTR_CREATE was specified and we failed to clear the xattr
775 * because it already exists. Stop here.
776 */
777 if (error == -EEXIST)
778 goto out;
779 /*
780 * If XATTR_REPLACE was specified and we succeeded to clear
781 * an xattr, we don't need to replace anything when setting
782 * the new value. If we failed with -ENODATA that's fine,
783 * there was nothing to be cleared and we can ignore the error.
784 */
785 if (error == 0)
786 flags &= ~XATTR_REPLACE;
787 /*
788 * Set the new value with the configured name format.
789 */
790 error = zpl_xattr_set(ip, set_name, value, size, flags);
791 out:
792 kmem_strfree(prefixed_name);
793 return (error);
794 }
795 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
796
797 static xattr_handler_t zpl_xattr_user_handler =
798 {
799 .prefix = XATTR_USER_PREFIX,
800 .list = zpl_xattr_user_list,
801 .get = zpl_xattr_user_get,
802 .set = zpl_xattr_user_set,
803 };
804
805 /*
806 * Trusted extended attributes
807 *
808 * "Trusted extended attributes are visible and accessible only to
809 * processes that have the CAP_SYS_ADMIN capability. Attributes in this
810 * class are used to implement mechanisms in user space (i.e., outside
811 * the kernel) which keep information in extended attributes to which
812 * ordinary processes should not have access." - xattr(7)
813 */
814 static int
__zpl_xattr_trusted_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)815 __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size,
816 const char *name, size_t name_len)
817 {
818 return (capable(CAP_SYS_ADMIN));
819 }
820 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list);
821
822 static int
__zpl_xattr_trusted_get(struct inode * ip,const char * name,void * value,size_t size)823 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
824 void *value, size_t size)
825 {
826 char *xattr_name;
827 int error;
828
829 if (!capable(CAP_SYS_ADMIN))
830 return (-EACCES);
831 /* xattr_resolve_name will do this for us if this is defined */
832 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
833 error = zpl_xattr_get(ip, xattr_name, value, size);
834 kmem_strfree(xattr_name);
835
836 return (error);
837 }
838 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
839
840 static int
__zpl_xattr_trusted_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)841 __zpl_xattr_trusted_set(zidmap_t *user_ns,
842 struct inode *ip, const char *name,
843 const void *value, size_t size, int flags)
844 {
845 (void) user_ns;
846 char *xattr_name;
847 int error;
848
849 if (!capable(CAP_SYS_ADMIN))
850 return (-EACCES);
851 /* xattr_resolve_name will do this for us if this is defined */
852 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
853 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
854 kmem_strfree(xattr_name);
855
856 return (error);
857 }
858 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
859
860 static xattr_handler_t zpl_xattr_trusted_handler = {
861 .prefix = XATTR_TRUSTED_PREFIX,
862 .list = zpl_xattr_trusted_list,
863 .get = zpl_xattr_trusted_get,
864 .set = zpl_xattr_trusted_set,
865 };
866
867 /*
868 * Extended security attributes
869 *
870 * "The security attribute namespace is used by kernel security modules,
871 * such as Security Enhanced Linux, and also to implement file
872 * capabilities (see capabilities(7)). Read and write access
873 * permissions to security attributes depend on the policy implemented
874 * for each security attribute by the security module. When no security
875 * module is loaded, all processes have read access to extended security
876 * attributes, and write access is limited to processes that have the
877 * CAP_SYS_ADMIN capability." - xattr(7)
878 */
879 static int
__zpl_xattr_security_list(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)880 __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size,
881 const char *name, size_t name_len)
882 {
883 return (1);
884 }
885 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list);
886
887 static int
__zpl_xattr_security_get(struct inode * ip,const char * name,void * value,size_t size)888 __zpl_xattr_security_get(struct inode *ip, const char *name,
889 void *value, size_t size)
890 {
891 char *xattr_name;
892 int error;
893 /* xattr_resolve_name will do this for us if this is defined */
894 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
895 error = zpl_xattr_get(ip, xattr_name, value, size);
896 kmem_strfree(xattr_name);
897
898 return (error);
899 }
900 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
901
902 static int
__zpl_xattr_security_set(zidmap_t * user_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)903 __zpl_xattr_security_set(zidmap_t *user_ns,
904 struct inode *ip, const char *name,
905 const void *value, size_t size, int flags)
906 {
907 (void) user_ns;
908 char *xattr_name;
909 int error;
910 /* xattr_resolve_name will do this for us if this is defined */
911 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
912 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
913 kmem_strfree(xattr_name);
914
915 return (error);
916 }
917 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
918
919 static int
zpl_xattr_security_init_impl(struct inode * ip,const struct xattr * xattrs,void * fs_info)920 zpl_xattr_security_init_impl(struct inode *ip, const struct xattr *xattrs,
921 void *fs_info)
922 {
923 const struct xattr *xattr;
924 int error = 0;
925
926 for (xattr = xattrs; xattr->name != NULL; xattr++) {
927 error = __zpl_xattr_security_set(NULL, ip,
928 xattr->name, xattr->value, xattr->value_len, 0);
929
930 if (error < 0)
931 break;
932 }
933
934 return (error);
935 }
936
937 int
zpl_xattr_security_init(struct inode * ip,struct inode * dip,const struct qstr * qstr)938 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
939 const struct qstr *qstr)
940 {
941 return security_inode_init_security(ip, dip, qstr,
942 &zpl_xattr_security_init_impl, NULL);
943 }
944
945 /*
946 * Security xattr namespace handlers.
947 */
948 static xattr_handler_t zpl_xattr_security_handler = {
949 .prefix = XATTR_SECURITY_PREFIX,
950 .list = zpl_xattr_security_list,
951 .get = zpl_xattr_security_get,
952 .set = zpl_xattr_security_set,
953 };
954
955 /*
956 * Extended system attributes
957 *
958 * "Extended system attributes are used by the kernel to store system
959 * objects such as Access Control Lists. Read and write access permissions
960 * to system attributes depend on the policy implemented for each system
961 * attribute implemented by filesystems in the kernel." - xattr(7)
962 */
963 #ifdef CONFIG_FS_POSIX_ACL
964 static int
zpl_set_acl_impl(struct inode * ip,struct posix_acl * acl,int type)965 zpl_set_acl_impl(struct inode *ip, struct posix_acl *acl, int type)
966 {
967 char *name, *value = NULL;
968 int error = 0;
969 size_t size = 0;
970
971 if (S_ISLNK(ip->i_mode))
972 return (-EOPNOTSUPP);
973
974 switch (type) {
975 case ACL_TYPE_ACCESS:
976 name = XATTR_NAME_POSIX_ACL_ACCESS;
977 if (acl) {
978 umode_t mode = ip->i_mode;
979 error = posix_acl_equiv_mode(acl, &mode);
980 if (error < 0) {
981 return (error);
982 } else {
983 /*
984 * The mode bits will have been set by
985 * ->zfs_setattr()->zfs_acl_chmod_setattr()
986 * using the ZFS ACL conversion. If they
987 * differ from the Posix ACL conversion dirty
988 * the inode to write the Posix mode bits.
989 */
990 if (ip->i_mode != mode) {
991 ip->i_mode = ITOZ(ip)->z_mode = mode;
992 zpl_inode_set_ctime_to_ts(ip,
993 current_time(ip));
994 zfs_mark_inode_dirty(ip);
995 }
996
997 if (error == 0)
998 acl = NULL;
999 }
1000 }
1001 break;
1002
1003 case ACL_TYPE_DEFAULT:
1004 name = XATTR_NAME_POSIX_ACL_DEFAULT;
1005 if (!S_ISDIR(ip->i_mode))
1006 return (acl ? -EACCES : 0);
1007 break;
1008
1009 default:
1010 return (-EINVAL);
1011 }
1012
1013 if (acl) {
1014 size = posix_acl_xattr_size(acl->a_count);
1015 value = kmem_alloc(size, KM_SLEEP);
1016
1017 error = zpl_acl_to_xattr(acl, value, size);
1018 if (error < 0) {
1019 kmem_free(value, size);
1020 return (error);
1021 }
1022 }
1023
1024 error = zpl_xattr_set(ip, name, value, size, 0);
1025 if (value)
1026 kmem_free(value, size);
1027
1028 if (!error) {
1029 if (acl)
1030 set_cached_acl(ip, type, acl);
1031 else
1032 forget_cached_acl(ip, type);
1033 }
1034
1035 return (error);
1036 }
1037
1038 int
1039 #ifdef HAVE_SET_ACL_USERNS
zpl_set_acl(struct user_namespace * userns,struct inode * ip,struct posix_acl * acl,int type)1040 zpl_set_acl(struct user_namespace *userns, struct inode *ip,
1041 struct posix_acl *acl, int type)
1042 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY)
1043 zpl_set_acl(struct mnt_idmap *userns, struct dentry *dentry,
1044 struct posix_acl *acl, int type)
1045 #elif defined(HAVE_SET_ACL_USERNS_DENTRY_ARG2)
1046 zpl_set_acl(struct user_namespace *userns, struct dentry *dentry,
1047 struct posix_acl *acl, int type)
1048 #else
1049 zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type)
1050 #endif /* HAVE_SET_ACL_USERNS */
1051 {
1052 #ifdef HAVE_SET_ACL_USERNS_DENTRY_ARG2
1053 return (zpl_set_acl_impl(d_inode(dentry), acl, type));
1054 #elif defined(HAVE_SET_ACL_IDMAP_DENTRY)
1055 return (zpl_set_acl_impl(d_inode(dentry), acl, type));
1056 #else
1057 return (zpl_set_acl_impl(ip, acl, type));
1058 #endif /* HAVE_SET_ACL_USERNS_DENTRY_ARG2 */
1059 }
1060
1061 static struct posix_acl *
zpl_get_acl_impl(struct inode * ip,int type)1062 zpl_get_acl_impl(struct inode *ip, int type)
1063 {
1064 struct posix_acl *acl;
1065 void *value = NULL;
1066 char *name;
1067
1068 switch (type) {
1069 case ACL_TYPE_ACCESS:
1070 name = XATTR_NAME_POSIX_ACL_ACCESS;
1071 break;
1072 case ACL_TYPE_DEFAULT:
1073 name = XATTR_NAME_POSIX_ACL_DEFAULT;
1074 break;
1075 default:
1076 return (ERR_PTR(-EINVAL));
1077 }
1078
1079 int size = zpl_xattr_get(ip, name, NULL, 0);
1080 if (size > 0) {
1081 value = kmem_alloc(size, KM_SLEEP);
1082 size = zpl_xattr_get(ip, name, value, size);
1083 }
1084
1085 if (size > 0) {
1086 acl = zpl_acl_from_xattr(value, size);
1087 } else if (size == -ENODATA || size == -ENOSYS) {
1088 acl = NULL;
1089 } else {
1090 acl = ERR_PTR(-EIO);
1091 }
1092
1093 if (size > 0)
1094 kmem_free(value, size);
1095
1096 return (acl);
1097 }
1098
1099 #if defined(HAVE_GET_ACL_RCU) || defined(HAVE_GET_INODE_ACL)
1100 struct posix_acl *
zpl_get_acl(struct inode * ip,int type,bool rcu)1101 zpl_get_acl(struct inode *ip, int type, bool rcu)
1102 {
1103 if (rcu)
1104 return (ERR_PTR(-ECHILD));
1105
1106 return (zpl_get_acl_impl(ip, type));
1107 }
1108 #elif defined(HAVE_GET_ACL)
1109 struct posix_acl *
zpl_get_acl(struct inode * ip,int type)1110 zpl_get_acl(struct inode *ip, int type)
1111 {
1112 return (zpl_get_acl_impl(ip, type));
1113 }
1114 #else
1115 #error "Unsupported iops->get_acl() implementation"
1116 #endif /* HAVE_GET_ACL_RCU */
1117
1118 int
zpl_init_acl(struct inode * ip,struct inode * dir)1119 zpl_init_acl(struct inode *ip, struct inode *dir)
1120 {
1121 struct posix_acl *acl = NULL;
1122 int error = 0;
1123
1124 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1125 return (0);
1126
1127 if (!S_ISLNK(ip->i_mode)) {
1128 acl = zpl_get_acl_impl(dir, ACL_TYPE_DEFAULT);
1129 if (IS_ERR(acl))
1130 return (PTR_ERR(acl));
1131 if (!acl) {
1132 ITOZ(ip)->z_mode = (ip->i_mode &= ~current_umask());
1133 zpl_inode_set_ctime_to_ts(ip, current_time(ip));
1134 zfs_mark_inode_dirty(ip);
1135 return (0);
1136 }
1137 }
1138
1139 if (acl) {
1140 umode_t mode;
1141
1142 if (S_ISDIR(ip->i_mode)) {
1143 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_DEFAULT);
1144 if (error)
1145 goto out;
1146 }
1147
1148 mode = ip->i_mode;
1149 error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
1150 if (error >= 0) {
1151 ip->i_mode = ITOZ(ip)->z_mode = mode;
1152 zfs_mark_inode_dirty(ip);
1153 if (error > 0) {
1154 error = zpl_set_acl_impl(ip, acl,
1155 ACL_TYPE_ACCESS);
1156 }
1157 }
1158 }
1159 out:
1160 zpl_posix_acl_release(acl);
1161
1162 return (error);
1163 }
1164
1165 int
zpl_chmod_acl(struct inode * ip)1166 zpl_chmod_acl(struct inode *ip)
1167 {
1168 struct posix_acl *acl;
1169 int error;
1170
1171 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1172 return (0);
1173
1174 if (S_ISLNK(ip->i_mode))
1175 return (-EOPNOTSUPP);
1176
1177 acl = zpl_get_acl_impl(ip, ACL_TYPE_ACCESS);
1178 if (IS_ERR(acl) || !acl)
1179 return (PTR_ERR(acl));
1180
1181 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
1182 if (!error)
1183 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_ACCESS);
1184
1185 zpl_posix_acl_release(acl);
1186
1187 return (error);
1188 }
1189
1190 static int
__zpl_xattr_acl_list_access(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)1191 __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1192 const char *name, size_t name_len)
1193 {
1194 char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS;
1195 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS);
1196
1197 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1198 return (0);
1199
1200 if (list && xattr_size <= list_size)
1201 memcpy(list, xattr_name, xattr_size);
1202
1203 return (xattr_size);
1204 }
1205 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access);
1206
1207 static int
__zpl_xattr_acl_list_default(struct inode * ip,char * list,size_t list_size,const char * name,size_t name_len)1208 __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1209 const char *name, size_t name_len)
1210 {
1211 char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT;
1212 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT);
1213
1214 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1215 return (0);
1216
1217 if (list && xattr_size <= list_size)
1218 memcpy(list, xattr_name, xattr_size);
1219
1220 return (xattr_size);
1221 }
1222 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default);
1223
1224 static int
__zpl_xattr_acl_get_access(struct inode * ip,const char * name,void * buffer,size_t size)1225 __zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1226 void *buffer, size_t size)
1227 {
1228 struct posix_acl *acl;
1229 int type = ACL_TYPE_ACCESS;
1230 int error;
1231 /* xattr_resolve_name will do this for us if this is defined */
1232 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1233 return (-EOPNOTSUPP);
1234
1235 acl = zpl_get_acl_impl(ip, type);
1236 if (IS_ERR(acl))
1237 return (PTR_ERR(acl));
1238 if (acl == NULL)
1239 return (-ENODATA);
1240
1241 error = zpl_acl_to_xattr(acl, buffer, size);
1242 zpl_posix_acl_release(acl);
1243
1244 return (error);
1245 }
1246 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access);
1247
1248 static int
__zpl_xattr_acl_get_default(struct inode * ip,const char * name,void * buffer,size_t size)1249 __zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1250 void *buffer, size_t size)
1251 {
1252 struct posix_acl *acl;
1253 int type = ACL_TYPE_DEFAULT;
1254 int error;
1255 /* xattr_resolve_name will do this for us if this is defined */
1256 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1257 return (-EOPNOTSUPP);
1258
1259 acl = zpl_get_acl_impl(ip, type);
1260 if (IS_ERR(acl))
1261 return (PTR_ERR(acl));
1262 if (acl == NULL)
1263 return (-ENODATA);
1264
1265 error = zpl_acl_to_xattr(acl, buffer, size);
1266 zpl_posix_acl_release(acl);
1267
1268 return (error);
1269 }
1270 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default);
1271
1272 static int
__zpl_xattr_acl_set_access(zidmap_t * mnt_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)1273 __zpl_xattr_acl_set_access(zidmap_t *mnt_ns,
1274 struct inode *ip, const char *name,
1275 const void *value, size_t size, int flags)
1276 {
1277 struct posix_acl *acl;
1278 int type = ACL_TYPE_ACCESS;
1279 int error = 0;
1280 /* xattr_resolve_name will do this for us if this is defined */
1281 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1282 return (-EOPNOTSUPP);
1283
1284 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP)
1285 if (!zpl_inode_owner_or_capable(mnt_ns, ip))
1286 return (-EPERM);
1287 #else
1288 (void) mnt_ns;
1289 if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip))
1290 return (-EPERM);
1291 #endif
1292
1293 if (value) {
1294 acl = zpl_acl_from_xattr(value, size);
1295 if (IS_ERR(acl))
1296 return (PTR_ERR(acl));
1297 else if (acl) {
1298 error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
1299 if (error) {
1300 zpl_posix_acl_release(acl);
1301 return (error);
1302 }
1303 }
1304 } else {
1305 acl = NULL;
1306 }
1307 error = zpl_set_acl_impl(ip, acl, type);
1308 zpl_posix_acl_release(acl);
1309
1310 return (error);
1311 }
1312 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access);
1313
1314 static int
__zpl_xattr_acl_set_default(zidmap_t * mnt_ns,struct inode * ip,const char * name,const void * value,size_t size,int flags)1315 __zpl_xattr_acl_set_default(zidmap_t *mnt_ns,
1316 struct inode *ip, const char *name,
1317 const void *value, size_t size, int flags)
1318 {
1319 struct posix_acl *acl;
1320 int type = ACL_TYPE_DEFAULT;
1321 int error = 0;
1322 /* xattr_resolve_name will do this for us if this is defined */
1323 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1324 return (-EOPNOTSUPP);
1325
1326 #if defined(HAVE_XATTR_SET_USERNS) || defined(HAVE_XATTR_SET_IDMAP)
1327 if (!zpl_inode_owner_or_capable(mnt_ns, ip))
1328 return (-EPERM);
1329 #else
1330 (void) mnt_ns;
1331 if (!zpl_inode_owner_or_capable(zfs_init_idmap, ip))
1332 return (-EPERM);
1333 #endif
1334
1335 if (value) {
1336 acl = zpl_acl_from_xattr(value, size);
1337 if (IS_ERR(acl))
1338 return (PTR_ERR(acl));
1339 else if (acl) {
1340 error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
1341 if (error) {
1342 zpl_posix_acl_release(acl);
1343 return (error);
1344 }
1345 }
1346 } else {
1347 acl = NULL;
1348 }
1349
1350 error = zpl_set_acl_impl(ip, acl, type);
1351 zpl_posix_acl_release(acl);
1352
1353 return (error);
1354 }
1355 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default);
1356
1357 /*
1358 * ACL access xattr namespace handlers.
1359 *
1360 * Use .name instead of .prefix when available. xattr_resolve_name will match
1361 * whole name and reject anything that has .name only as prefix.
1362 */
1363 static xattr_handler_t zpl_xattr_acl_access_handler = {
1364 .name = XATTR_NAME_POSIX_ACL_ACCESS,
1365 .list = zpl_xattr_acl_list_access,
1366 .get = zpl_xattr_acl_get_access,
1367 .set = zpl_xattr_acl_set_access,
1368 .flags = ACL_TYPE_ACCESS,
1369 };
1370
1371 /*
1372 * ACL default xattr namespace handlers.
1373 *
1374 * Use .name instead of .prefix. xattr_resolve_name will match whole name and
1375 * reject anything that has .name only as prefix.
1376 */
1377 static xattr_handler_t zpl_xattr_acl_default_handler = {
1378 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
1379 .list = zpl_xattr_acl_list_default,
1380 .get = zpl_xattr_acl_get_default,
1381 .set = zpl_xattr_acl_set_default,
1382 .flags = ACL_TYPE_DEFAULT,
1383 };
1384
1385 #endif /* CONFIG_FS_POSIX_ACL */
1386
1387 xattr_handler_t *zpl_xattr_handlers[] = {
1388 &zpl_xattr_security_handler,
1389 &zpl_xattr_trusted_handler,
1390 &zpl_xattr_user_handler,
1391 #ifdef CONFIG_FS_POSIX_ACL
1392 &zpl_xattr_acl_access_handler,
1393 &zpl_xattr_acl_default_handler,
1394 #endif /* CONFIG_FS_POSIX_ACL */
1395 NULL
1396 };
1397
1398 static const struct xattr_handler *
zpl_xattr_handler(const char * name)1399 zpl_xattr_handler(const char *name)
1400 {
1401 if (strncmp(name, XATTR_USER_PREFIX,
1402 XATTR_USER_PREFIX_LEN) == 0)
1403 return (&zpl_xattr_user_handler);
1404
1405 if (strncmp(name, XATTR_TRUSTED_PREFIX,
1406 XATTR_TRUSTED_PREFIX_LEN) == 0)
1407 return (&zpl_xattr_trusted_handler);
1408
1409 if (strncmp(name, XATTR_SECURITY_PREFIX,
1410 XATTR_SECURITY_PREFIX_LEN) == 0)
1411 return (&zpl_xattr_security_handler);
1412
1413 #ifdef CONFIG_FS_POSIX_ACL
1414 if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
1415 sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0)
1416 return (&zpl_xattr_acl_access_handler);
1417
1418 if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1419 sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0)
1420 return (&zpl_xattr_acl_default_handler);
1421 #endif /* CONFIG_FS_POSIX_ACL */
1422
1423 return (NULL);
1424 }
1425
1426 static enum xattr_permission
zpl_xattr_permission(xattr_filldir_t * xf,const char * name,int name_len)1427 zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len)
1428 {
1429 const struct xattr_handler *handler;
1430 struct dentry *d __maybe_unused = xf->dentry;
1431 enum xattr_permission perm = XAPERM_ALLOW;
1432
1433 handler = zpl_xattr_handler(name);
1434 if (handler == NULL) {
1435 /* Do not expose FreeBSD system namespace xattrs. */
1436 if (ZFS_XA_NS_PREFIX_MATCH(FREEBSD, name))
1437 return (XAPERM_DENY);
1438 /*
1439 * Anything that doesn't match a known namespace gets put in the
1440 * user namespace for compatibility with other platforms.
1441 */
1442 perm = XAPERM_COMPAT;
1443 handler = &zpl_xattr_user_handler;
1444 }
1445
1446 if (handler->list) {
1447 if (!handler->list(d))
1448 return (XAPERM_DENY);
1449 }
1450
1451 return (perm);
1452 }
1453
1454 #ifdef CONFIG_FS_POSIX_ACL
1455
1456 struct acl_rel_struct {
1457 struct acl_rel_struct *next;
1458 struct posix_acl *acl;
1459 clock_t time;
1460 };
1461
1462 #define ACL_REL_GRACE (60*HZ)
1463 #define ACL_REL_WINDOW (1*HZ)
1464 #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW)
1465
1466 /*
1467 * Lockless multi-producer single-consumer fifo list.
1468 * Nodes are added to tail and removed from head. Tail pointer is our
1469 * synchronization point. It always points to the next pointer of the last
1470 * node, or head if list is empty.
1471 */
1472 static struct acl_rel_struct *acl_rel_head = NULL;
1473 static struct acl_rel_struct **acl_rel_tail = &acl_rel_head;
1474
1475 static void
zpl_posix_acl_free(void * arg)1476 zpl_posix_acl_free(void *arg)
1477 {
1478 struct acl_rel_struct *freelist = NULL;
1479 struct acl_rel_struct *a;
1480 clock_t new_time;
1481 boolean_t refire = B_FALSE;
1482
1483 ASSERT3P(acl_rel_head, !=, NULL);
1484 while (acl_rel_head) {
1485 a = acl_rel_head;
1486 if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) {
1487 /*
1488 * If a is the last node we need to reset tail, but we
1489 * need to use cmpxchg to make sure it is still the
1490 * last node.
1491 */
1492 if (acl_rel_tail == &a->next) {
1493 acl_rel_head = NULL;
1494 if (cmpxchg(&acl_rel_tail, &a->next,
1495 &acl_rel_head) == &a->next) {
1496 ASSERT3P(a->next, ==, NULL);
1497 a->next = freelist;
1498 freelist = a;
1499 break;
1500 }
1501 }
1502 /*
1503 * a is not last node, make sure next pointer is set
1504 * by the adder and advance the head.
1505 */
1506 while (READ_ONCE(a->next) == NULL)
1507 cpu_relax();
1508 acl_rel_head = a->next;
1509 a->next = freelist;
1510 freelist = a;
1511 } else {
1512 /*
1513 * a is still in grace period. We are responsible to
1514 * reschedule the free task, since adder will only do
1515 * so if list is empty.
1516 */
1517 new_time = a->time + ACL_REL_SCHED;
1518 refire = B_TRUE;
1519 break;
1520 }
1521 }
1522
1523 if (refire)
1524 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1525 NULL, TQ_SLEEP, new_time);
1526
1527 while (freelist) {
1528 a = freelist;
1529 freelist = a->next;
1530 kfree(a->acl);
1531 kmem_free(a, sizeof (struct acl_rel_struct));
1532 }
1533 }
1534
1535 void
zpl_posix_acl_release_impl(struct posix_acl * acl)1536 zpl_posix_acl_release_impl(struct posix_acl *acl)
1537 {
1538 struct acl_rel_struct *a, **prev;
1539
1540 a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP);
1541 a->next = NULL;
1542 a->acl = acl;
1543 a->time = ddi_get_lbolt();
1544 /* atomically points tail to us and get the previous tail */
1545 prev = xchg(&acl_rel_tail, &a->next);
1546 ASSERT3P(*prev, ==, NULL);
1547 *prev = a;
1548 /* if it was empty before, schedule the free task */
1549 if (prev == &acl_rel_head)
1550 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1551 NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED);
1552 }
1553 #endif
1554
1555 ZFS_MODULE_PARAM(zfs, zfs_, xattr_compat, INT, ZMOD_RW,
1556 "Use legacy ZFS xattr naming for writing new user namespace xattrs");
1557