search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Handle possible null pointers from malloc/strdup/strndup()
[zfs.git] / module / os / linux / zfs / zpl_xattr.c
bloba010667adfa8bd542f3381a82467adb3f140fb8e
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or https://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
23 *
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
35 *
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
40 * following namespace prefixes:
41 *
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
46 *
47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
52 *
53 * The Linux xattr implementation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
60 *
61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
66 *
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
71 *
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
78 */
79
80 #include <sys/zfs_znode.h>
81 #include <sys/zfs_vfsops.h>
82 #include <sys/zfs_vnops.h>
83 #include <sys/zap.h>
84 #include <sys/vfs.h>
85 #include <sys/zpl.h>
86 #include <linux/vfs_compat.h>
87
88 enum xattr_permission {
89 XAPERM_DENY,
90 XAPERM_ALLOW,
91 XAPERM_COMPAT,
92 };
93
94 typedef struct xattr_filldir {
95 size_t size;
96 size_t offset;
97 char *buf;
98 struct dentry *dentry;
99 } xattr_filldir_t;
100
101 static enum xattr_permission zpl_xattr_permission(xattr_filldir_t *,
102 const char *, int);
103
104 static int zfs_xattr_compat = 0;
105
106 /*
107 * Determine is a given xattr name should be visible and if so copy it
108 * in to the provided buffer (xf->buf).
109 */
110 static int
111 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
112 {
113 enum xattr_permission perm;
114
115 /* Check permissions using the per-namespace list xattr handler. */
116 perm = zpl_xattr_permission(xf, name, name_len);
117 if (perm == XAPERM_DENY)
118 return (0);
119
120 /* Prefix the name with "user." if it does not have a namespace. */
121 if (perm == XAPERM_COMPAT) {
122 if (xf->buf) {
123 if (xf->offset + XATTR_USER_PREFIX_LEN + 1 > xf->size)
124 return (-ERANGE);
125
126 memcpy(xf->buf + xf->offset, XATTR_USER_PREFIX,
127 XATTR_USER_PREFIX_LEN);
128 xf->buf[xf->offset + XATTR_USER_PREFIX_LEN] = '\0';
129 }
130
131 xf->offset += XATTR_USER_PREFIX_LEN;
132 }
133
134 /* When xf->buf is NULL only calculate the required size. */
135 if (xf->buf) {
136 if (xf->offset + name_len + 1 > xf->size)
137 return (-ERANGE);
138
139 memcpy(xf->buf + xf->offset, name, name_len);
140 xf->buf[xf->offset + name_len] = '\0';
141 }
142
143 xf->offset += (name_len + 1);
144
145 return (0);
146 }
147
148 /*
149 * Read as many directory entry names as will fit in to the provided buffer,
150 * or when no buffer is provided calculate the required buffer size.
151 */
152 static int
153 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
154 {
155 zap_cursor_t zc;
156 zap_attribute_t zap;
157 int error;
158
159 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
160
161 while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) {
162
163 if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
164 error = -ENXIO;
165 break;
166 }
167
168 error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name));
169 if (error)
170 break;
171
172 zap_cursor_advance(&zc);
173 }
174
175 zap_cursor_fini(&zc);
176
177 if (error == -ENOENT)
178 error = 0;
179
180 return (error);
181 }
182
183 static ssize_t
184 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
185 {
186 struct inode *ip = xf->dentry->d_inode;
187 struct inode *dxip = NULL;
188 znode_t *dxzp;
189 int error;
190
191 /* Lookup the xattr directory */
192 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
193 cr, NULL, NULL);
194 if (error) {
195 if (error == -ENOENT)
196 error = 0;
197
198 return (error);
199 }
200
201 dxip = ZTOI(dxzp);
202 error = zpl_xattr_readdir(dxip, xf);
203 iput(dxip);
204
205 return (error);
206 }
207
208 static ssize_t
209 zpl_xattr_list_sa(xattr_filldir_t *xf)
210 {
211 znode_t *zp = ITOZ(xf->dentry->d_inode);
212 nvpair_t *nvp = NULL;
213 int error = 0;
214
215 mutex_enter(&zp->z_lock);
216 if (zp->z_xattr_cached == NULL)
217 error = -zfs_sa_get_xattr(zp);
218 mutex_exit(&zp->z_lock);
219
220 if (error)
221 return (error);
222
223 ASSERT(zp->z_xattr_cached);
224
225 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
226 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
227
228 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
229 strlen(nvpair_name(nvp)));
230 if (error)
231 return (error);
232 }
233
234 return (0);
235 }
236
237 ssize_t
238 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
239 {
240 znode_t *zp = ITOZ(dentry->d_inode);
241 zfsvfs_t *zfsvfs = ZTOZSB(zp);
242 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry };
243 cred_t *cr = CRED();
244 fstrans_cookie_t cookie;
245 int error = 0;
246
247 crhold(cr);
248 cookie = spl_fstrans_mark();
249 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
250 goto out1;
251 rw_enter(&zp->z_xattr_lock, RW_READER);
252
253 if (zfsvfs->z_use_sa && zp->z_is_sa) {
254 error = zpl_xattr_list_sa(&xf);
255 if (error)
256 goto out;
257 }
258
259 error = zpl_xattr_list_dir(&xf, cr);
260 if (error)
261 goto out;
262
263 error = xf.offset;
264 out:
265
266 rw_exit(&zp->z_xattr_lock);
267 zpl_exit(zfsvfs, FTAG);
268 out1:
269 spl_fstrans_unmark(cookie);
270 crfree(cr);
271
272 return (error);
273 }
274
275 static int
276 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
277 size_t size, cred_t *cr)
278 {
279 fstrans_cookie_t cookie;
280 struct inode *xip = NULL;
281 znode_t *dxzp = NULL;
282 znode_t *xzp = NULL;
283 int error;
284
285 /* Lookup the xattr directory */
286 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
287 cr, NULL, NULL);
288 if (error)
289 goto out;
290
291 /* Lookup a specific xattr name in the directory */
292 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
293 if (error)
294 goto out;
295
296 xip = ZTOI(xzp);
297 if (!size) {
298 error = i_size_read(xip);
299 goto out;
300 }
301
302 if (size < i_size_read(xip)) {
303 error = -ERANGE;
304 goto out;
305 }
306
307 struct iovec iov;
308 iov.iov_base = (void *)value;
309 iov.iov_len = size;
310
311 zfs_uio_t uio;
312 zfs_uio_iovec_init(&uio, &iov, 1, 0, UIO_SYSSPACE, size, 0);
313
314 cookie = spl_fstrans_mark();
315 error = -zfs_read(ITOZ(xip), &uio, 0, cr);
316 spl_fstrans_unmark(cookie);
317
318 if (error == 0)
319 error = size - zfs_uio_resid(&uio);
320 out:
321 if (xzp)
322 zrele(xzp);
323
324 if (dxzp)
325 zrele(dxzp);
326
327 return (error);
328 }
329
330 static int
331 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
332 {
333 znode_t *zp = ITOZ(ip);
334 uchar_t *nv_value;
335 uint_t nv_size;
336 int error = 0;
337
338 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
339
340 mutex_enter(&zp->z_lock);
341 if (zp->z_xattr_cached == NULL)
342 error = -zfs_sa_get_xattr(zp);
343 mutex_exit(&zp->z_lock);
344
345 if (error)
346 return (error);
347
348 ASSERT(zp->z_xattr_cached);
349 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
350 &nv_value, &nv_size);
351 if (error)
352 return (error);
353
354 if (size == 0 || value == NULL)
355 return (nv_size);
356
357 if (size < nv_size)
358 return (-ERANGE);
359
360 memcpy(value, nv_value, nv_size);
361
362 return (nv_size);
363 }
364
365 static int
366 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
367 cred_t *cr)
368 {
369 znode_t *zp = ITOZ(ip);
370 zfsvfs_t *zfsvfs = ZTOZSB(zp);
371 int error;
372
373 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
374
375 if (zfsvfs->z_use_sa && zp->z_is_sa) {
376 error = zpl_xattr_get_sa(ip, name, value, size);
377 if (error != -ENOENT)
378 goto out;
379 }
380
381 error = zpl_xattr_get_dir(ip, name, value, size, cr);
382 out:
383 if (error == -ENOENT)
384 error = -ENODATA;
385
386 return (error);
387 }
388
389 #define XATTR_NOENT 0x0
390 #define XATTR_IN_SA 0x1
391 #define XATTR_IN_DIR 0x2
392 /* check where the xattr resides */
393 static int
394 __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr)
395 {
396 znode_t *zp = ITOZ(ip);
397 zfsvfs_t *zfsvfs = ZTOZSB(zp);
398 int error;
399
400 ASSERT(where);
401 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
402
403 *where = XATTR_NOENT;
404 if (zfsvfs->z_use_sa && zp->z_is_sa) {
405 error = zpl_xattr_get_sa(ip, name, NULL, 0);
406 if (error >= 0)
407 *where |= XATTR_IN_SA;
408 else if (error != -ENOENT)
409 return (error);
410 }
411
412 error = zpl_xattr_get_dir(ip, name, NULL, 0, cr);
413 if (error >= 0)
414 *where |= XATTR_IN_DIR;
415 else if (error != -ENOENT)
416 return (error);
417
418 if (*where == (XATTR_IN_SA|XATTR_IN_DIR))
419 cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\""
420 " in both SA and dir", ip, name);
421 if (*where == XATTR_NOENT)
422 error = -ENODATA;
423 else
424 error = 0;
425 return (error);
426 }
427
428 static int
429 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
430 {
431 znode_t *zp = ITOZ(ip);
432 zfsvfs_t *zfsvfs = ZTOZSB(zp);
433 cred_t *cr = CRED();
434 fstrans_cookie_t cookie;
435 int error;
436
437 crhold(cr);
438 cookie = spl_fstrans_mark();
439 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
440 goto out;
441 rw_enter(&zp->z_xattr_lock, RW_READER);
442 error = __zpl_xattr_get(ip, name, value, size, cr);
443 rw_exit(&zp->z_xattr_lock);
444 zpl_exit(zfsvfs, FTAG);
445 out:
446 spl_fstrans_unmark(cookie);
447 crfree(cr);
448
449 return (error);
450 }
451
452 static int
453 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
454 size_t size, int flags, cred_t *cr)
455 {
456 znode_t *dxzp = NULL;
457 znode_t *xzp = NULL;
458 vattr_t *vap = NULL;
459 int lookup_flags, error;
460 const int xattr_mode = S_IFREG | 0644;
461 loff_t pos = 0;
462
463 /*
464 * Lookup the xattr directory. When we're adding an entry pass
465 * CREATE_XATTR_DIR to ensure the xattr directory is created.
466 * When removing an entry this flag is not passed to avoid
467 * unnecessarily creating a new xattr directory.
468 */
469 lookup_flags = LOOKUP_XATTR;
470 if (value != NULL)
471 lookup_flags |= CREATE_XATTR_DIR;
472
473 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, lookup_flags,
474 cr, NULL, NULL);
475 if (error)
476 goto out;
477
478 /* Lookup a specific xattr name in the directory */
479 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
480 if (error && (error != -ENOENT))
481 goto out;
482
483 error = 0;
484
485 /* Remove a specific name xattr when value is set to NULL. */
486 if (value == NULL) {
487 if (xzp)
488 error = -zfs_remove(dxzp, (char *)name, cr, 0);
489
490 goto out;
491 }
492
493 /* Lookup failed create a new xattr. */
494 if (xzp == NULL) {
495 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
496 vap->va_mode = xattr_mode;
497 vap->va_mask = ATTR_MODE;
498 vap->va_uid = crgetuid(cr);
499 vap->va_gid = crgetgid(cr);
500
501 error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp,
502 cr, 0, NULL);
503 if (error)
504 goto out;
505 }
506
507 ASSERT(xzp != NULL);
508
509 error = -zfs_freesp(xzp, 0, 0, xattr_mode, TRUE);
510 if (error)
511 goto out;
512
513 error = -zfs_write_simple(xzp, value, size, pos, NULL);
514 out:
515 if (error == 0) {
516 ip->i_ctime = current_time(ip);
517 zfs_mark_inode_dirty(ip);
518 }
519
520 if (vap)
521 kmem_free(vap, sizeof (vattr_t));
522
523 if (xzp)
524 zrele(xzp);
525
526 if (dxzp)
527 zrele(dxzp);
528
529 if (error == -ENOENT)
530 error = -ENODATA;
531
532 ASSERT3S(error, <=, 0);
533
534 return (error);
535 }
536
537 static int
538 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
539 size_t size, int flags, cred_t *cr)
540 {
541 znode_t *zp = ITOZ(ip);
542 nvlist_t *nvl;
543 size_t sa_size;
544 int error = 0;
545
546 mutex_enter(&zp->z_lock);
547 if (zp->z_xattr_cached == NULL)
548 error = -zfs_sa_get_xattr(zp);
549 mutex_exit(&zp->z_lock);
550
551 if (error)
552 return (error);
553
554 ASSERT(zp->z_xattr_cached);
555 nvl = zp->z_xattr_cached;
556
557 if (value == NULL) {
558 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
559 if (error == -ENOENT)
560 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
561 } else {
562 /* Limited to 32k to keep nvpair memory allocations small */
563 if (size > DXATTR_MAX_ENTRY_SIZE)
564 return (-EFBIG);
565
566 /* Prevent the DXATTR SA from consuming the entire SA region */
567 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
568 if (error)
569 return (error);
570
571 if (sa_size > DXATTR_MAX_SA_SIZE)
572 return (-EFBIG);
573
574 error = -nvlist_add_byte_array(nvl, name,
575 (uchar_t *)value, size);
576 }
577
578 /*
579 * Update the SA for additions, modifications, and removals. On
580 * error drop the inconsistent cached version of the nvlist, it
581 * will be reconstructed from the ARC when next accessed.
582 */
583 if (error == 0)
584 error = -zfs_sa_set_xattr(zp, name, value, size);
585
586 if (error) {
587 nvlist_free(nvl);
588 zp->z_xattr_cached = NULL;
589 }
590
591 ASSERT3S(error, <=, 0);
592
593 return (error);
594 }
595
596 static int
597 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
598 size_t size, int flags)
599 {
600 znode_t *zp = ITOZ(ip);
601 zfsvfs_t *zfsvfs = ZTOZSB(zp);
602 cred_t *cr = CRED();
603 fstrans_cookie_t cookie;
604 int where;
605 int error;
606
607 crhold(cr);
608 cookie = spl_fstrans_mark();
609 if ((error = zpl_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
610 goto out1;
611 rw_enter(&zp->z_xattr_lock, RW_WRITER);
612
613 /*
614 * Before setting the xattr check to see if it already exists.
615 * This is done to ensure the following optional flags are honored.
616 *
617 * XATTR_CREATE: fail if xattr already exists
618 * XATTR_REPLACE: fail if xattr does not exist
619 *
620 * We also want to know if it resides in sa or dir, so we can make
621 * sure we don't end up with duplicate in both places.
622 */
623 error = __zpl_xattr_where(ip, name, &where, cr);
624 if (error < 0) {
625 if (error != -ENODATA)
626 goto out;
627 if (flags & XATTR_REPLACE)
628 goto out;
629
630 /* The xattr to be removed already doesn't exist */
631 error = 0;
632 if (value == NULL)
633 goto out;
634 } else {
635 error = -EEXIST;
636 if (flags & XATTR_CREATE)
637 goto out;
638 }
639
640 /* Preferentially store the xattr as a SA for better performance */
641 if (zfsvfs->z_use_sa && zp->z_is_sa &&
642 (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) {
643 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
644 if (error == 0) {
645 /*
646 * Successfully put into SA, we need to clear the one
647 * in dir.
648 */
649 if (where & XATTR_IN_DIR)
650 zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr);
651 goto out;
652 }
653 }
654
655 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
656 /*
657 * Successfully put into dir, we need to clear the one in SA.
658 */
659 if (error == 0 && (where & XATTR_IN_SA))
660 zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr);
661 out:
662 rw_exit(&zp->z_xattr_lock);
663 zpl_exit(zfsvfs, FTAG);
664 out1:
665 spl_fstrans_unmark(cookie);
666 crfree(cr);
667 ASSERT3S(error, <=, 0);
668
669 return (error);
670 }
671
672 /*
673 * Extended user attributes
674 *
675 * "Extended user attributes may be assigned to files and directories for
676 * storing arbitrary additional information such as the mime type,
677 * character set or encoding of a file. The access permissions for user
678 * attributes are defined by the file permission bits: read permission
679 * is required to retrieve the attribute value, and writer permission is
680 * required to change it.
681 *
682 * The file permission bits of regular files and directories are
683 * interpreted differently from the file permission bits of special
684 * files and symbolic links. For regular files and directories the file
685 * permission bits define access to the file's contents, while for
686 * device special files they define access to the device described by
687 * the special file. The file permissions of symbolic links are not
688 * used in access checks. These differences would allow users to
689 * consume filesystem resources in a way not controllable by disk quotas
690 * for group or world writable special files and directories.
691 *
692 * For this reason, extended user attributes are allowed only for
693 * regular files and directories, and access to extended user attributes
694 * is restricted to the owner and to users with appropriate capabilities
695 * for directories with the sticky bit set (see the chmod(1) manual page
696 * for an explanation of the sticky bit)." - xattr(7)
697 *
698 * ZFS allows extended user attributes to be disabled administratively
699 * by setting the 'xattr=off' property on the dataset.
700 */
701 static int
702 __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size,
703 const char *name, size_t name_len)
704 {
705 return (ITOZSB(ip)->z_flags & ZSB_XATTR);
706 }
707 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list);
708
709 static int
710 __zpl_xattr_user_get(struct inode *ip, const char *name,
711 void *value, size_t size)
712 {
713 int error;
714 /* xattr_resolve_name will do this for us if this is defined */
715 #ifndef HAVE_XATTR_HANDLER_NAME
716 if (strcmp(name, "") == 0)
717 return (-EINVAL);
718 #endif
719 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
720 return (-EINVAL);
721 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
722 return (-EOPNOTSUPP);
723
724 /*
725 * Try to look up the name with the namespace prefix first for
726 * compatibility with xattrs from this platform. If that fails,
727 * try again without the namespace prefix for compatibility with
728 * other platforms.
729 */
730 char *xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
731 error = zpl_xattr_get(ip, xattr_name, value, size);
732 kmem_strfree(xattr_name);
733 if (error == -ENODATA)
734 error = zpl_xattr_get(ip, name, value, size);
735
736 return (error);
737 }
738 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
739
740 static int
741 __zpl_xattr_user_set(struct inode *ip, const char *name,
742 const void *value, size_t size, int flags)
743 {
744 int error = 0;
745 /* xattr_resolve_name will do this for us if this is defined */
746 #ifndef HAVE_XATTR_HANDLER_NAME
747 if (strcmp(name, "") == 0)
748 return (-EINVAL);
749 #endif
750 if (ZFS_XA_NS_PREFIX_FORBIDDEN(name))
751 return (-EINVAL);
752 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
753 return (-EOPNOTSUPP);
754
755 /*
756 * Remove alternate compat version of the xattr so we only set the
757 * version specified by the zfs_xattr_compat tunable.
758 *
759 * The following flags must be handled correctly:
760 *
761 * XATTR_CREATE: fail if xattr already exists
762 * XATTR_REPLACE: fail if xattr does not exist
763 */
764 char *prefixed_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
765 const char *clear_name, *set_name;
766 if (zfs_xattr_compat) {
767 clear_name = prefixed_name;
768 set_name = name;
769 } else {
770 clear_name = name;
771 set_name = prefixed_name;
772 }
773 /*
774 * Clear the old value with the alternative name format, if it exists.
775 */
776 error = zpl_xattr_set(ip, clear_name, NULL, 0, flags);
777 /*
778 * XATTR_CREATE was specified and we failed to clear the xattr
779 * because it already exists. Stop here.
780 */
781 if (error == -EEXIST)
782 goto out;
783 /*
784 * If XATTR_REPLACE was specified and we succeeded to clear
785 * an xattr, we don't need to replace anything when setting
786 * the new value. If we failed with -ENODATA that's fine,
787 * there was nothing to be cleared and we can ignore the error.
788 */
789 if (error == 0)
790 flags &= ~XATTR_REPLACE;
791 /*
792 * Set the new value with the configured name format.
793 */
794 error = zpl_xattr_set(ip, set_name, value, size, flags);
795 out:
796 kmem_strfree(prefixed_name);
797 return (error);
798 }
799 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
800
801 static xattr_handler_t zpl_xattr_user_handler =
802 {
803 .prefix = XATTR_USER_PREFIX,
804 .list = zpl_xattr_user_list,
805 .get = zpl_xattr_user_get,
806 .set = zpl_xattr_user_set,
807 };
808
809 /*
810 * Trusted extended attributes
811 *
812 * "Trusted extended attributes are visible and accessible only to
813 * processes that have the CAP_SYS_ADMIN capability. Attributes in this
814 * class are used to implement mechanisms in user space (i.e., outside
815 * the kernel) which keep information in extended attributes to which
816 * ordinary processes should not have access." - xattr(7)
817 */
818 static int
819 __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size,
820 const char *name, size_t name_len)
821 {
822 return (capable(CAP_SYS_ADMIN));
823 }
824 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list);
825
826 static int
827 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
828 void *value, size_t size)
829 {
830 char *xattr_name;
831 int error;
832
833 if (!capable(CAP_SYS_ADMIN))
834 return (-EACCES);
835 /* xattr_resolve_name will do this for us if this is defined */
836 #ifndef HAVE_XATTR_HANDLER_NAME
837 if (strcmp(name, "") == 0)
838 return (-EINVAL);
839 #endif
840 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
841 error = zpl_xattr_get(ip, xattr_name, value, size);
842 kmem_strfree(xattr_name);
843
844 return (error);
845 }
846 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
847
848 static int
849 __zpl_xattr_trusted_set(struct inode *ip, const char *name,
850 const void *value, size_t size, int flags)
851 {
852 char *xattr_name;
853 int error;
854
855 if (!capable(CAP_SYS_ADMIN))
856 return (-EACCES);
857 /* xattr_resolve_name will do this for us if this is defined */
858 #ifndef HAVE_XATTR_HANDLER_NAME
859 if (strcmp(name, "") == 0)
860 return (-EINVAL);
861 #endif
862 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
863 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
864 kmem_strfree(xattr_name);
865
866 return (error);
867 }
868 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
869
870 static xattr_handler_t zpl_xattr_trusted_handler = {
871 .prefix = XATTR_TRUSTED_PREFIX,
872 .list = zpl_xattr_trusted_list,
873 .get = zpl_xattr_trusted_get,
874 .set = zpl_xattr_trusted_set,
875 };
876
877 /*
878 * Extended security attributes
879 *
880 * "The security attribute namespace is used by kernel security modules,
881 * such as Security Enhanced Linux, and also to implement file
882 * capabilities (see capabilities(7)). Read and write access
883 * permissions to security attributes depend on the policy implemented
884 * for each security attribute by the security module. When no security
885 * module is loaded, all processes have read access to extended security
886 * attributes, and write access is limited to processes that have the
887 * CAP_SYS_ADMIN capability." - xattr(7)
888 */
889 static int
890 __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size,
891 const char *name, size_t name_len)
892 {
893 return (1);
894 }
895 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list);
896
897 static int
898 __zpl_xattr_security_get(struct inode *ip, const char *name,
899 void *value, size_t size)
900 {
901 char *xattr_name;
902 int error;
903 /* xattr_resolve_name will do this for us if this is defined */
904 #ifndef HAVE_XATTR_HANDLER_NAME
905 if (strcmp(name, "") == 0)
906 return (-EINVAL);
907 #endif
908 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
909 error = zpl_xattr_get(ip, xattr_name, value, size);
910 kmem_strfree(xattr_name);
911
912 return (error);
913 }
914 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
915
916 static int
917 __zpl_xattr_security_set(struct inode *ip, const char *name,
918 const void *value, size_t size, int flags)
919 {
920 char *xattr_name;
921 int error;
922 /* xattr_resolve_name will do this for us if this is defined */
923 #ifndef HAVE_XATTR_HANDLER_NAME
924 if (strcmp(name, "") == 0)
925 return (-EINVAL);
926 #endif
927 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
928 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
929 kmem_strfree(xattr_name);
930
931 return (error);
932 }
933 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
934
935 static int
936 zpl_xattr_security_init_impl(struct inode *ip, const struct xattr *xattrs,
937 void *fs_info)
938 {
939 const struct xattr *xattr;
940 int error = 0;
941
942 for (xattr = xattrs; xattr->name != NULL; xattr++) {
943 error = __zpl_xattr_security_set(ip,
944 xattr->name, xattr->value, xattr->value_len, 0);
945
946 if (error < 0)
947 break;
948 }
949
950 return (error);
951 }
952
953 int
954 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
955 const struct qstr *qstr)
956 {
957 return security_inode_init_security(ip, dip, qstr,
958 &zpl_xattr_security_init_impl, NULL);
959 }
960
961 /*
962 * Security xattr namespace handlers.
963 */
964 static xattr_handler_t zpl_xattr_security_handler = {
965 .prefix = XATTR_SECURITY_PREFIX,
966 .list = zpl_xattr_security_list,
967 .get = zpl_xattr_security_get,
968 .set = zpl_xattr_security_set,
969 };
970
971 /*
972 * Extended system attributes
973 *
974 * "Extended system attributes are used by the kernel to store system
975 * objects such as Access Control Lists. Read and write access permissions
976 * to system attributes depend on the policy implemented for each system
977 * attribute implemented by filesystems in the kernel." - xattr(7)
978 */
979 #ifdef CONFIG_FS_POSIX_ACL
980 static int
981 zpl_set_acl_impl(struct inode *ip, struct posix_acl *acl, int type)
982 {
983 char *name, *value = NULL;
984 int error = 0;
985 size_t size = 0;
986
987 if (S_ISLNK(ip->i_mode))
988 return (-EOPNOTSUPP);
989
990 switch (type) {
991 case ACL_TYPE_ACCESS:
992 name = XATTR_NAME_POSIX_ACL_ACCESS;
993 if (acl) {
994 umode_t mode = ip->i_mode;
995 error = posix_acl_equiv_mode(acl, &mode);
996 if (error < 0) {
997 return (error);
998 } else {
999 /*
1000 * The mode bits will have been set by
1001 * ->zfs_setattr()->zfs_acl_chmod_setattr()
1002 * using the ZFS ACL conversion. If they
1003 * differ from the Posix ACL conversion dirty
1004 * the inode to write the Posix mode bits.
1005 */
1006 if (ip->i_mode != mode) {
1007 ip->i_mode = ITOZ(ip)->z_mode = mode;
1008 ip->i_ctime = current_time(ip);
1009 zfs_mark_inode_dirty(ip);
1010 }
1011
1012 if (error == 0)
1013 acl = NULL;
1014 }
1015 }
1016 break;
1017
1018 case ACL_TYPE_DEFAULT:
1019 name = XATTR_NAME_POSIX_ACL_DEFAULT;
1020 if (!S_ISDIR(ip->i_mode))
1021 return (acl ? -EACCES : 0);
1022 break;
1023
1024 default:
1025 return (-EINVAL);
1026 }
1027
1028 if (acl) {
1029 size = posix_acl_xattr_size(acl->a_count);
1030 value = kmem_alloc(size, KM_SLEEP);
1031
1032 error = zpl_acl_to_xattr(acl, value, size);
1033 if (error < 0) {
1034 kmem_free(value, size);
1035 return (error);
1036 }
1037 }
1038
1039 error = zpl_xattr_set(ip, name, value, size, 0);
1040 if (value)
1041 kmem_free(value, size);
1042
1043 if (!error) {
1044 if (acl)
1045 zpl_set_cached_acl(ip, type, acl);
1046 else
1047 zpl_forget_cached_acl(ip, type);
1048 }
1049
1050 return (error);
1051 }
1052
1053 #ifdef HAVE_SET_ACL
1054 int
1055 #ifdef HAVE_SET_ACL_USERNS
1056 zpl_set_acl(struct user_namespace *userns, struct inode *ip,
1057 struct posix_acl *acl, int type)
1058 #else
1059 zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type)
1060 #endif /* HAVE_SET_ACL_USERNS */
1061 {
1062 return (zpl_set_acl_impl(ip, acl, type));
1063 }
1064 #endif /* HAVE_SET_ACL */
1065
1066 static struct posix_acl *
1067 zpl_get_acl_impl(struct inode *ip, int type)
1068 {
1069 struct posix_acl *acl;
1070 void *value = NULL;
1071 char *name;
1072
1073 /*
1074 * As of Linux 3.14, the kernel get_acl will check this for us.
1075 * Also as of Linux 4.7, comparing against ACL_NOT_CACHED is wrong
1076 * as the kernel get_acl will set it to temporary sentinel value.
1077 */
1078 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1079 acl = get_cached_acl(ip, type);
1080 if (acl != ACL_NOT_CACHED)
1081 return (acl);
1082 #endif
1083
1084 switch (type) {
1085 case ACL_TYPE_ACCESS:
1086 name = XATTR_NAME_POSIX_ACL_ACCESS;
1087 break;
1088 case ACL_TYPE_DEFAULT:
1089 name = XATTR_NAME_POSIX_ACL_DEFAULT;
1090 break;
1091 default:
1092 return (ERR_PTR(-EINVAL));
1093 }
1094
1095 int size = zpl_xattr_get(ip, name, NULL, 0);
1096 if (size > 0) {
1097 value = kmem_alloc(size, KM_SLEEP);
1098 size = zpl_xattr_get(ip, name, value, size);
1099 }
1100
1101 if (size > 0) {
1102 acl = zpl_acl_from_xattr(value, size);
1103 } else if (size == -ENODATA || size == -ENOSYS) {
1104 acl = NULL;
1105 } else {
1106 acl = ERR_PTR(-EIO);
1107 }
1108
1109 if (size > 0)
1110 kmem_free(value, size);
1111
1112 /* As of Linux 4.7, the kernel get_acl will set this for us */
1113 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1114 if (!IS_ERR(acl))
1115 zpl_set_cached_acl(ip, type, acl);
1116 #endif
1117
1118 return (acl);
1119 }
1120
1121 #if defined(HAVE_GET_ACL_RCU)
1122 struct posix_acl *
1123 zpl_get_acl(struct inode *ip, int type, bool rcu)
1124 {
1125 if (rcu)
1126 return (ERR_PTR(-ECHILD));
1127
1128 return (zpl_get_acl_impl(ip, type));
1129 }
1130 #elif defined(HAVE_GET_ACL)
1131 struct posix_acl *
1132 zpl_get_acl(struct inode *ip, int type)
1133 {
1134 return (zpl_get_acl_impl(ip, type));
1135 }
1136 #else
1137 #error "Unsupported iops->get_acl() implementation"
1138 #endif /* HAVE_GET_ACL_RCU */
1139
1140 int
1141 zpl_init_acl(struct inode *ip, struct inode *dir)
1142 {
1143 struct posix_acl *acl = NULL;
1144 int error = 0;
1145
1146 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1147 return (0);
1148
1149 if (!S_ISLNK(ip->i_mode)) {
1150 acl = zpl_get_acl_impl(dir, ACL_TYPE_DEFAULT);
1151 if (IS_ERR(acl))
1152 return (PTR_ERR(acl));
1153 if (!acl) {
1154 ITOZ(ip)->z_mode = (ip->i_mode &= ~current_umask());
1155 ip->i_ctime = current_time(ip);
1156 zfs_mark_inode_dirty(ip);
1157 return (0);
1158 }
1159 }
1160
1161 if (acl) {
1162 umode_t mode;
1163
1164 if (S_ISDIR(ip->i_mode)) {
1165 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_DEFAULT);
1166 if (error)
1167 goto out;
1168 }
1169
1170 mode = ip->i_mode;
1171 error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
1172 if (error >= 0) {
1173 ip->i_mode = ITOZ(ip)->z_mode = mode;
1174 zfs_mark_inode_dirty(ip);
1175 if (error > 0) {
1176 error = zpl_set_acl_impl(ip, acl,
1177 ACL_TYPE_ACCESS);
1178 }
1179 }
1180 }
1181 out:
1182 zpl_posix_acl_release(acl);
1183
1184 return (error);
1185 }
1186
1187 int
1188 zpl_chmod_acl(struct inode *ip)
1189 {
1190 struct posix_acl *acl;
1191 int error;
1192
1193 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1194 return (0);
1195
1196 if (S_ISLNK(ip->i_mode))
1197 return (-EOPNOTSUPP);
1198
1199 acl = zpl_get_acl_impl(ip, ACL_TYPE_ACCESS);
1200 if (IS_ERR(acl) || !acl)
1201 return (PTR_ERR(acl));
1202
1203 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
1204 if (!error)
1205 error = zpl_set_acl_impl(ip, acl, ACL_TYPE_ACCESS);
1206
1207 zpl_posix_acl_release(acl);
1208
1209 return (error);
1210 }
1211
1212 static int
1213 __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1214 const char *name, size_t name_len)
1215 {
1216 char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS;
1217 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS);
1218
1219 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1220 return (0);
1221
1222 if (list && xattr_size <= list_size)
1223 memcpy(list, xattr_name, xattr_size);
1224
1225 return (xattr_size);
1226 }
1227 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access);
1228
1229 static int
1230 __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1231 const char *name, size_t name_len)
1232 {
1233 char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT;
1234 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT);
1235
1236 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1237 return (0);
1238
1239 if (list && xattr_size <= list_size)
1240 memcpy(list, xattr_name, xattr_size);
1241
1242 return (xattr_size);
1243 }
1244 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default);
1245
1246 static int
1247 __zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1248 void *buffer, size_t size)
1249 {
1250 struct posix_acl *acl;
1251 int type = ACL_TYPE_ACCESS;
1252 int error;
1253 /* xattr_resolve_name will do this for us if this is defined */
1254 #ifndef HAVE_XATTR_HANDLER_NAME
1255 if (strcmp(name, "") != 0)
1256 return (-EINVAL);
1257 #endif
1258 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1259 return (-EOPNOTSUPP);
1260
1261 acl = zpl_get_acl_impl(ip, type);
1262 if (IS_ERR(acl))
1263 return (PTR_ERR(acl));
1264 if (acl == NULL)
1265 return (-ENODATA);
1266
1267 error = zpl_acl_to_xattr(acl, buffer, size);
1268 zpl_posix_acl_release(acl);
1269
1270 return (error);
1271 }
1272 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access);
1273
1274 static int
1275 __zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1276 void *buffer, size_t size)
1277 {
1278 struct posix_acl *acl;
1279 int type = ACL_TYPE_DEFAULT;
1280 int error;
1281 /* xattr_resolve_name will do this for us if this is defined */
1282 #ifndef HAVE_XATTR_HANDLER_NAME
1283 if (strcmp(name, "") != 0)
1284 return (-EINVAL);
1285 #endif
1286 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1287 return (-EOPNOTSUPP);
1288
1289 acl = zpl_get_acl_impl(ip, type);
1290 if (IS_ERR(acl))
1291 return (PTR_ERR(acl));
1292 if (acl == NULL)
1293 return (-ENODATA);
1294
1295 error = zpl_acl_to_xattr(acl, buffer, size);
1296 zpl_posix_acl_release(acl);
1297
1298 return (error);
1299 }
1300 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default);
1301
1302 static int
1303 __zpl_xattr_acl_set_access(struct inode *ip, const char *name,
1304 const void *value, size_t size, int flags)
1305 {
1306 struct posix_acl *acl;
1307 int type = ACL_TYPE_ACCESS;
1308 int error = 0;
1309 /* xattr_resolve_name will do this for us if this is defined */
1310 #ifndef HAVE_XATTR_HANDLER_NAME
1311 if (strcmp(name, "") != 0)
1312 return (-EINVAL);
1313 #endif
1314 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1315 return (-EOPNOTSUPP);
1316
1317 if (!zpl_inode_owner_or_capable(kcred->user_ns, ip))
1318 return (-EPERM);
1319
1320 if (value) {
1321 acl = zpl_acl_from_xattr(value, size);
1322 if (IS_ERR(acl))
1323 return (PTR_ERR(acl));
1324 else if (acl) {
1325 error = zpl_posix_acl_valid(ip, acl);
1326 if (error) {
1327 zpl_posix_acl_release(acl);
1328 return (error);
1329 }
1330 }
1331 } else {
1332 acl = NULL;
1333 }
1334 error = zpl_set_acl_impl(ip, acl, type);
1335 zpl_posix_acl_release(acl);
1336
1337 return (error);
1338 }
1339 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access);
1340
1341 static int
1342 __zpl_xattr_acl_set_default(struct inode *ip, const char *name,
1343 const void *value, size_t size, int flags)
1344 {
1345 struct posix_acl *acl;
1346 int type = ACL_TYPE_DEFAULT;
1347 int error = 0;
1348 /* xattr_resolve_name will do this for us if this is defined */
1349 #ifndef HAVE_XATTR_HANDLER_NAME
1350 if (strcmp(name, "") != 0)
1351 return (-EINVAL);
1352 #endif
1353 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1354 return (-EOPNOTSUPP);
1355
1356 if (!zpl_inode_owner_or_capable(kcred->user_ns, ip))
1357 return (-EPERM);
1358
1359 if (value) {
1360 acl = zpl_acl_from_xattr(value, size);
1361 if (IS_ERR(acl))
1362 return (PTR_ERR(acl));
1363 else if (acl) {
1364 error = zpl_posix_acl_valid(ip, acl);
1365 if (error) {
1366 zpl_posix_acl_release(acl);
1367 return (error);
1368 }
1369 }
1370 } else {
1371 acl = NULL;
1372 }
1373
1374 error = zpl_set_acl_impl(ip, acl, type);
1375 zpl_posix_acl_release(acl);
1376
1377 return (error);
1378 }
1379 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default);
1380
1381 /*
1382 * ACL access xattr namespace handlers.
1383 *
1384 * Use .name instead of .prefix when available. xattr_resolve_name will match
1385 * whole name and reject anything that has .name only as prefix.
1386 */
1387 static xattr_handler_t zpl_xattr_acl_access_handler = {
1388 #ifdef HAVE_XATTR_HANDLER_NAME
1389 .name = XATTR_NAME_POSIX_ACL_ACCESS,
1390 #else
1391 .prefix = XATTR_NAME_POSIX_ACL_ACCESS,
1392 #endif
1393 .list = zpl_xattr_acl_list_access,
1394 .get = zpl_xattr_acl_get_access,
1395 .set = zpl_xattr_acl_set_access,
1396 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1397 defined(HAVE_XATTR_LIST_DENTRY) || \
1398 defined(HAVE_XATTR_LIST_HANDLER)
1399 .flags = ACL_TYPE_ACCESS,
1400 #endif
1401 };
1402
1403 /*
1404 * ACL default xattr namespace handlers.
1405 *
1406 * Use .name instead of .prefix when available. xattr_resolve_name will match
1407 * whole name and reject anything that has .name only as prefix.
1408 */
1409 static xattr_handler_t zpl_xattr_acl_default_handler = {
1410 #ifdef HAVE_XATTR_HANDLER_NAME
1411 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
1412 #else
1413 .prefix = XATTR_NAME_POSIX_ACL_DEFAULT,
1414 #endif
1415 .list = zpl_xattr_acl_list_default,
1416 .get = zpl_xattr_acl_get_default,
1417 .set = zpl_xattr_acl_set_default,
1418 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1419 defined(HAVE_XATTR_LIST_DENTRY) || \
1420 defined(HAVE_XATTR_LIST_HANDLER)
1421 .flags = ACL_TYPE_DEFAULT,
1422 #endif
1423 };
1424
1425 #endif /* CONFIG_FS_POSIX_ACL */
1426
1427 xattr_handler_t *zpl_xattr_handlers[] = {
1428 &zpl_xattr_security_handler,
1429 &zpl_xattr_trusted_handler,
1430 &zpl_xattr_user_handler,
1431 #ifdef CONFIG_FS_POSIX_ACL
1432 &zpl_xattr_acl_access_handler,
1433 &zpl_xattr_acl_default_handler,
1434 #endif /* CONFIG_FS_POSIX_ACL */
1435 NULL
1436 };
1437
1438 static const struct xattr_handler *
1439 zpl_xattr_handler(const char *name)
1440 {
1441 if (strncmp(name, XATTR_USER_PREFIX,
1442 XATTR_USER_PREFIX_LEN) == 0)
1443 return (&zpl_xattr_user_handler);
1444
1445 if (strncmp(name, XATTR_TRUSTED_PREFIX,
1446 XATTR_TRUSTED_PREFIX_LEN) == 0)
1447 return (&zpl_xattr_trusted_handler);
1448
1449 if (strncmp(name, XATTR_SECURITY_PREFIX,
1450 XATTR_SECURITY_PREFIX_LEN) == 0)
1451 return (&zpl_xattr_security_handler);
1452
1453 #ifdef CONFIG_FS_POSIX_ACL
1454 if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
1455 sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0)
1456 return (&zpl_xattr_acl_access_handler);
1457
1458 if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1459 sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0)
1460 return (&zpl_xattr_acl_default_handler);
1461 #endif /* CONFIG_FS_POSIX_ACL */
1462
1463 return (NULL);
1464 }
1465
1466 static enum xattr_permission
1467 zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len)
1468 {
1469 const struct xattr_handler *handler;
1470 struct dentry *d __maybe_unused = xf->dentry;
1471 enum xattr_permission perm = XAPERM_ALLOW;
1472
1473 handler = zpl_xattr_handler(name);
1474 if (handler == NULL) {
1475 /* Do not expose FreeBSD system namespace xattrs. */
1476 if (ZFS_XA_NS_PREFIX_MATCH(FREEBSD, name))
1477 return (XAPERM_DENY);
1478 /*
1479 * Anything that doesn't match a known namespace gets put in the
1480 * user namespace for compatibility with other platforms.
1481 */
1482 perm = XAPERM_COMPAT;
1483 handler = &zpl_xattr_user_handler;
1484 }
1485
1486 if (handler->list) {
1487 #if defined(HAVE_XATTR_LIST_SIMPLE)
1488 if (!handler->list(d))
1489 return (XAPERM_DENY);
1490 #elif defined(HAVE_XATTR_LIST_DENTRY)
1491 if (!handler->list(d, NULL, 0, name, name_len, 0))
1492 return (XAPERM_DENY);
1493 #elif defined(HAVE_XATTR_LIST_HANDLER)
1494 if (!handler->list(handler, d, NULL, 0, name, name_len))
1495 return (XAPERM_DENY);
1496 #endif
1497 }
1498
1499 return (perm);
1500 }
1501
1502 #if defined(CONFIG_FS_POSIX_ACL) && \
1503 (!defined(HAVE_POSIX_ACL_RELEASE) || \
1504 defined(HAVE_POSIX_ACL_RELEASE_GPL_ONLY))
1505 struct acl_rel_struct {
1506 struct acl_rel_struct *next;
1507 struct posix_acl *acl;
1508 clock_t time;
1509 };
1510
1511 #define ACL_REL_GRACE (60*HZ)
1512 #define ACL_REL_WINDOW (1*HZ)
1513 #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW)
1514
1515 /*
1516 * Lockless multi-producer single-consumer fifo list.
1517 * Nodes are added to tail and removed from head. Tail pointer is our
1518 * synchronization point. It always points to the next pointer of the last
1519 * node, or head if list is empty.
1520 */
1521 static struct acl_rel_struct *acl_rel_head = NULL;
1522 static struct acl_rel_struct **acl_rel_tail = &acl_rel_head;
1523
1524 static void
1525 zpl_posix_acl_free(void *arg)
1526 {
1527 struct acl_rel_struct *freelist = NULL;
1528 struct acl_rel_struct *a;
1529 clock_t new_time;
1530 boolean_t refire = B_FALSE;
1531
1532 ASSERT3P(acl_rel_head, !=, NULL);
1533 while (acl_rel_head) {
1534 a = acl_rel_head;
1535 if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) {
1536 /*
1537 * If a is the last node we need to reset tail, but we
1538 * need to use cmpxchg to make sure it is still the
1539 * last node.
1540 */
1541 if (acl_rel_tail == &a->next) {
1542 acl_rel_head = NULL;
1543 if (cmpxchg(&acl_rel_tail, &a->next,
1544 &acl_rel_head) == &a->next) {
1545 ASSERT3P(a->next, ==, NULL);
1546 a->next = freelist;
1547 freelist = a;
1548 break;
1549 }
1550 }
1551 /*
1552 * a is not last node, make sure next pointer is set
1553 * by the adder and advance the head.
1554 */
1555 while (READ_ONCE(a->next) == NULL)
1556 cpu_relax();
1557 acl_rel_head = a->next;
1558 a->next = freelist;
1559 freelist = a;
1560 } else {
1561 /*
1562 * a is still in grace period. We are responsible to
1563 * reschedule the free task, since adder will only do
1564 * so if list is empty.
1565 */
1566 new_time = a->time + ACL_REL_SCHED;
1567 refire = B_TRUE;
1568 break;
1569 }
1570 }
1571
1572 if (refire)
1573 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1574 NULL, TQ_SLEEP, new_time);
1575
1576 while (freelist) {
1577 a = freelist;
1578 freelist = a->next;
1579 kfree(a->acl);
1580 kmem_free(a, sizeof (struct acl_rel_struct));
1581 }
1582 }
1583
1584 void
1585 zpl_posix_acl_release_impl(struct posix_acl *acl)
1586 {
1587 struct acl_rel_struct *a, **prev;
1588
1589 a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP);
1590 a->next = NULL;
1591 a->acl = acl;
1592 a->time = ddi_get_lbolt();
1593 /* atomically points tail to us and get the previous tail */
1594 prev = xchg(&acl_rel_tail, &a->next);
1595 ASSERT3P(*prev, ==, NULL);
1596 *prev = a;
1597 /* if it was empty before, schedule the free task */
1598 if (prev == &acl_rel_head)
1599 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1600 NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED);
1601 }
1602 #endif
1603
1604 ZFS_MODULE_PARAM(zfs, zfs_, xattr_compat, INT, ZMOD_RW,
1605 "Use legacy ZFS xattr naming for writing new user namespace xattrs");
OpenZFS on Linux and FreeBSD