4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2011, Lawrence Livermore National Security, LLC.
24 * Extended attributes (xattr) on Solaris are implemented as files
25 * which exist in a hidden xattr directory. These extended attributes
26 * can be accessed using the attropen() system call which opens
27 * the extended attribute. It can then be manipulated just like
28 * a standard file descriptor. This has a couple advantages such
29 * as practically no size limit on the file, and the extended
30 * attributes permissions may differ from those of the parent file.
31 * This interface is really quite clever, but it's also completely
32 * different than what is supported on Linux. It also comes with a
33 * steep performance penalty when accessing small xattrs because they
34 * are not stored with the parent file.
36 * Under Linux extended attributes are manipulated by the system
37 * calls getxattr(2), setxattr(2), and listxattr(2). They consider
38 * extended attributes to be name/value pairs where the name is a
39 * NULL terminated string. The name must also include one of the
40 * following namespace prefixes:
42 * user - No restrictions and is available to user applications.
43 * trusted - Restricted to kernel and root (CAP_SYS_ADMIN) use.
44 * system - Used for access control lists (system.nfs4_acl, etc).
45 * security - Used by SELinux to store a files security context.
47 * The value under Linux to limited to 65536 bytes of binary data.
48 * In practice, individual xattrs tend to be much smaller than this
49 * and are typically less than 100 bytes. A good example of this
50 * are the security.selinux xattrs which are less than 100 bytes and
51 * exist for every file when xattr labeling is enabled.
53 * The Linux xattr implementation has been written to take advantage of
54 * this typical usage. When the dataset property 'xattr=sa' is set,
55 * then xattrs will be preferentially stored as System Attributes (SA).
56 * This allows tiny xattrs (~100 bytes) to be stored with the dnode and
57 * up to 64k of xattrs to be stored in the spill block. If additional
58 * xattr space is required, which is unlikely under Linux, they will
59 * be stored using the traditional directory approach.
61 * This optimization results in roughly a 3x performance improvement
62 * when accessing xattrs because it avoids the need to perform a seek
63 * for every xattr value. When multiple xattrs are stored per-file
64 * the performance improvements are even greater because all of the
65 * xattrs stored in the spill block will be cached.
67 * However, by default SA based xattrs are disabled in the Linux port
68 * to maximize compatibility with other implementations. If you do
69 * enable SA based xattrs then they will not be visible on platforms
70 * which do not support this feature.
72 * NOTE: One additional consequence of the xattr directory implementation
73 * is that when an extended attribute is manipulated an inode is created.
74 * This inode will exist in the Linux inode cache but there will be no
75 * associated entry in the dentry cache which references it. This is
76 * safe but it may result in some confusion. Enabling SA based xattrs
77 * largely avoids the issue except in the overflow case.
80 #include <sys/zfs_znode.h>
81 #include <sys/zfs_vfsops.h>
82 #include <sys/zfs_vnops.h>
87 typedef struct xattr_filldir {
91 struct dentry *dentry;
94 static const struct xattr_handler *zpl_xattr_handler(const char *);
97 zpl_xattr_permission(xattr_filldir_t *xf, const char *name, int name_len)
99 static const struct xattr_handler *handler;
100 struct dentry *d = xf->dentry;
102 handler = zpl_xattr_handler(name);
107 #if defined(HAVE_XATTR_LIST_SIMPLE)
108 if (!handler->list(d))
110 #elif defined(HAVE_XATTR_LIST_DENTRY)
111 if (!handler->list(d, NULL, 0, name, name_len, 0))
113 #elif defined(HAVE_XATTR_LIST_HANDLER)
114 if (!handler->list(handler, d, NULL, 0, name, name_len))
123 * Determine is a given xattr name should be visible and if so copy it
124 * in to the provided buffer (xf->buf).
127 zpl_xattr_filldir(xattr_filldir_t *xf, const char *name, int name_len)
129 /* Check permissions using the per-namespace list xattr handler. */
130 if (!zpl_xattr_permission(xf, name, name_len))
133 /* When xf->buf is NULL only calculate the required size. */
135 if (xf->offset + name_len + 1 > xf->size)
138 memcpy(xf->buf + xf->offset, name, name_len);
139 xf->buf[xf->offset + name_len] = '\0';
142 xf->offset += (name_len + 1);
148 * Read as many directory entry names as will fit in to the provided buffer,
149 * or when no buffer is provided calculate the required buffer size.
152 zpl_xattr_readdir(struct inode *dxip, xattr_filldir_t *xf)
158 zap_cursor_init(&zc, ITOZSB(dxip)->z_os, ITOZ(dxip)->z_id);
160 while ((error = -zap_cursor_retrieve(&zc, &zap)) == 0) {
162 if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
167 error = zpl_xattr_filldir(xf, zap.za_name, strlen(zap.za_name));
171 zap_cursor_advance(&zc);
174 zap_cursor_fini(&zc);
176 if (error == -ENOENT)
183 zpl_xattr_list_dir(xattr_filldir_t *xf, cred_t *cr)
185 struct inode *ip = xf->dentry->d_inode;
186 struct inode *dxip = NULL;
190 /* Lookup the xattr directory */
191 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
194 if (error == -ENOENT)
201 error = zpl_xattr_readdir(dxip, xf);
208 zpl_xattr_list_sa(xattr_filldir_t *xf)
210 znode_t *zp = ITOZ(xf->dentry->d_inode);
211 nvpair_t *nvp = NULL;
214 mutex_enter(&zp->z_lock);
215 if (zp->z_xattr_cached == NULL)
216 error = -zfs_sa_get_xattr(zp);
217 mutex_exit(&zp->z_lock);
222 ASSERT(zp->z_xattr_cached);
224 while ((nvp = nvlist_next_nvpair(zp->z_xattr_cached, nvp)) != NULL) {
225 ASSERT3U(nvpair_type(nvp), ==, DATA_TYPE_BYTE_ARRAY);
227 error = zpl_xattr_filldir(xf, nvpair_name(nvp),
228 strlen(nvpair_name(nvp)));
237 zpl_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
239 znode_t *zp = ITOZ(dentry->d_inode);
240 zfsvfs_t *zfsvfs = ZTOZSB(zp);
241 xattr_filldir_t xf = { buffer_size, 0, buffer, dentry };
243 fstrans_cookie_t cookie;
247 cookie = spl_fstrans_mark();
250 rw_enter(&zp->z_xattr_lock, RW_READER);
252 if (zfsvfs->z_use_sa && zp->z_is_sa) {
253 error = zpl_xattr_list_sa(&xf);
258 error = zpl_xattr_list_dir(&xf, cr);
265 rw_exit(&zp->z_xattr_lock);
267 spl_fstrans_unmark(cookie);
274 zpl_xattr_get_dir(struct inode *ip, const char *name, void *value,
275 size_t size, cred_t *cr)
277 struct inode *xip = NULL;
278 znode_t *dxzp = NULL;
283 /* Lookup the xattr directory */
284 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, LOOKUP_XATTR,
289 /* Lookup a specific xattr name in the directory */
290 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
296 error = i_size_read(xip);
300 if (size < i_size_read(xip)) {
305 error = zpl_read_common(xip, value, size, &pos, UIO_SYSSPACE, 0, cr);
317 zpl_xattr_get_sa(struct inode *ip, const char *name, void *value, size_t size)
319 znode_t *zp = ITOZ(ip);
324 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
326 mutex_enter(&zp->z_lock);
327 if (zp->z_xattr_cached == NULL)
328 error = -zfs_sa_get_xattr(zp);
329 mutex_exit(&zp->z_lock);
334 ASSERT(zp->z_xattr_cached);
335 error = -nvlist_lookup_byte_array(zp->z_xattr_cached, name,
336 &nv_value, &nv_size);
340 if (size == 0 || value == NULL)
346 memcpy(value, nv_value, nv_size);
352 __zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size,
355 znode_t *zp = ITOZ(ip);
356 zfsvfs_t *zfsvfs = ZTOZSB(zp);
359 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
361 if (zfsvfs->z_use_sa && zp->z_is_sa) {
362 error = zpl_xattr_get_sa(ip, name, value, size);
363 if (error != -ENOENT)
367 error = zpl_xattr_get_dir(ip, name, value, size, cr);
369 if (error == -ENOENT)
375 #define XATTR_NOENT 0x0
376 #define XATTR_IN_SA 0x1
377 #define XATTR_IN_DIR 0x2
378 /* check where the xattr resides */
380 __zpl_xattr_where(struct inode *ip, const char *name, int *where, cred_t *cr)
382 znode_t *zp = ITOZ(ip);
383 zfsvfs_t *zfsvfs = ZTOZSB(zp);
387 ASSERT(RW_LOCK_HELD(&zp->z_xattr_lock));
389 *where = XATTR_NOENT;
390 if (zfsvfs->z_use_sa && zp->z_is_sa) {
391 error = zpl_xattr_get_sa(ip, name, NULL, 0);
393 *where |= XATTR_IN_SA;
394 else if (error != -ENOENT)
398 error = zpl_xattr_get_dir(ip, name, NULL, 0, cr);
400 *where |= XATTR_IN_DIR;
401 else if (error != -ENOENT)
404 if (*where == (XATTR_IN_SA|XATTR_IN_DIR))
405 cmn_err(CE_WARN, "ZFS: inode %p has xattr \"%s\""
406 " in both SA and dir", ip, name);
407 if (*where == XATTR_NOENT)
415 zpl_xattr_get(struct inode *ip, const char *name, void *value, size_t size)
417 znode_t *zp = ITOZ(ip);
418 zfsvfs_t *zfsvfs = ZTOZSB(zp);
420 fstrans_cookie_t cookie;
424 cookie = spl_fstrans_mark();
427 rw_enter(&zp->z_xattr_lock, RW_READER);
428 error = __zpl_xattr_get(ip, name, value, size, cr);
429 rw_exit(&zp->z_xattr_lock);
431 spl_fstrans_unmark(cookie);
438 zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
439 size_t size, int flags, cred_t *cr)
441 znode_t *dxzp = NULL;
445 int lookup_flags, error;
446 const int xattr_mode = S_IFREG | 0644;
450 * Lookup the xattr directory. When we're adding an entry pass
451 * CREATE_XATTR_DIR to ensure the xattr directory is created.
452 * When removing an entry this flag is not passed to avoid
453 * unnecessarily creating a new xattr directory.
455 lookup_flags = LOOKUP_XATTR;
457 lookup_flags |= CREATE_XATTR_DIR;
459 error = -zfs_lookup(ITOZ(ip), NULL, &dxzp, lookup_flags,
464 /* Lookup a specific xattr name in the directory */
465 error = -zfs_lookup(dxzp, (char *)name, &xzp, 0, cr, NULL, NULL);
466 if (error && (error != -ENOENT))
471 /* Remove a specific name xattr when value is set to NULL. */
474 error = -zfs_remove(dxzp, (char *)name, cr, 0);
479 /* Lookup failed create a new xattr. */
481 vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
482 vap->va_mode = xattr_mode;
483 vap->va_mask = ATTR_MODE;
484 vap->va_uid = crgetfsuid(cr);
485 vap->va_gid = crgetfsgid(cr);
487 error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp,
495 error = -zfs_freesp(xzp, 0, 0, xattr_mode, TRUE);
499 wrote = zpl_write_common(ZTOI(xzp), value, size, &pos,
500 UIO_SYSSPACE, 0, cr);
507 ip->i_ctime = current_time(ip);
508 zfs_mark_inode_dirty(ip);
512 kmem_free(vap, sizeof (vattr_t));
520 if (error == -ENOENT)
523 ASSERT3S(error, <=, 0);
529 zpl_xattr_set_sa(struct inode *ip, const char *name, const void *value,
530 size_t size, int flags, cred_t *cr)
532 znode_t *zp = ITOZ(ip);
537 mutex_enter(&zp->z_lock);
538 if (zp->z_xattr_cached == NULL)
539 error = -zfs_sa_get_xattr(zp);
540 mutex_exit(&zp->z_lock);
545 ASSERT(zp->z_xattr_cached);
546 nvl = zp->z_xattr_cached;
549 error = -nvlist_remove(nvl, name, DATA_TYPE_BYTE_ARRAY);
550 if (error == -ENOENT)
551 error = zpl_xattr_set_dir(ip, name, NULL, 0, flags, cr);
553 /* Limited to 32k to keep nvpair memory allocations small */
554 if (size > DXATTR_MAX_ENTRY_SIZE)
557 /* Prevent the DXATTR SA from consuming the entire SA region */
558 error = -nvlist_size(nvl, &sa_size, NV_ENCODE_XDR);
562 if (sa_size > DXATTR_MAX_SA_SIZE)
565 error = -nvlist_add_byte_array(nvl, name,
566 (uchar_t *)value, size);
570 * Update the SA for additions, modifications, and removals. On
571 * error drop the inconsistent cached version of the nvlist, it
572 * will be reconstructed from the ARC when next accessed.
575 error = -zfs_sa_set_xattr(zp);
579 zp->z_xattr_cached = NULL;
582 ASSERT3S(error, <=, 0);
588 zpl_xattr_set(struct inode *ip, const char *name, const void *value,
589 size_t size, int flags)
591 znode_t *zp = ITOZ(ip);
592 zfsvfs_t *zfsvfs = ZTOZSB(zp);
594 fstrans_cookie_t cookie;
599 cookie = spl_fstrans_mark();
602 rw_enter(&ITOZ(ip)->z_xattr_lock, RW_WRITER);
605 * Before setting the xattr check to see if it already exists.
606 * This is done to ensure the following optional flags are honored.
608 * XATTR_CREATE: fail if xattr already exists
609 * XATTR_REPLACE: fail if xattr does not exist
611 * We also want to know if it resides in sa or dir, so we can make
612 * sure we don't end up with duplicate in both places.
614 error = __zpl_xattr_where(ip, name, &where, cr);
616 if (error != -ENODATA)
618 if (flags & XATTR_REPLACE)
621 /* The xattr to be removed already doesn't exist */
627 if (flags & XATTR_CREATE)
631 /* Preferentially store the xattr as a SA for better performance */
632 if (zfsvfs->z_use_sa && zp->z_is_sa &&
633 (zfsvfs->z_xattr_sa || (value == NULL && where & XATTR_IN_SA))) {
634 error = zpl_xattr_set_sa(ip, name, value, size, flags, cr);
637 * Successfully put into SA, we need to clear the one
640 if (where & XATTR_IN_DIR)
641 zpl_xattr_set_dir(ip, name, NULL, 0, 0, cr);
646 error = zpl_xattr_set_dir(ip, name, value, size, flags, cr);
648 * Successfully put into dir, we need to clear the one in SA.
650 if (error == 0 && (where & XATTR_IN_SA))
651 zpl_xattr_set_sa(ip, name, NULL, 0, 0, cr);
653 rw_exit(&ITOZ(ip)->z_xattr_lock);
655 spl_fstrans_unmark(cookie);
657 ASSERT3S(error, <=, 0);
663 * Extended user attributes
665 * "Extended user attributes may be assigned to files and directories for
666 * storing arbitrary additional information such as the mime type,
667 * character set or encoding of a file. The access permissions for user
668 * attributes are defined by the file permission bits: read permission
669 * is required to retrieve the attribute value, and writer permission is
670 * required to change it.
672 * The file permission bits of regular files and directories are
673 * interpreted differently from the file permission bits of special
674 * files and symbolic links. For regular files and directories the file
675 * permission bits define access to the file's contents, while for
676 * device special files they define access to the device described by
677 * the special file. The file permissions of symbolic links are not
678 * used in access checks. These differences would allow users to
679 * consume filesystem resources in a way not controllable by disk quotas
680 * for group or world writable special files and directories.
682 * For this reason, extended user attributes are allowed only for
683 * regular files and directories, and access to extended user attributes
684 * is restricted to the owner and to users with appropriate capabilities
685 * for directories with the sticky bit set (see the chmod(1) manual page
686 * for an explanation of the sticky bit)." - xattr(7)
688 * ZFS allows extended user attributes to be disabled administratively
689 * by setting the 'xattr=off' property on the dataset.
692 __zpl_xattr_user_list(struct inode *ip, char *list, size_t list_size,
693 const char *name, size_t name_len)
695 return (ITOZSB(ip)->z_flags & ZSB_XATTR);
697 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_user_list);
700 __zpl_xattr_user_get(struct inode *ip, const char *name,
701 void *value, size_t size)
705 /* xattr_resolve_name will do this for us if this is defined */
706 #ifndef HAVE_XATTR_HANDLER_NAME
707 if (strcmp(name, "") == 0)
710 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
711 return (-EOPNOTSUPP);
713 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
714 error = zpl_xattr_get(ip, xattr_name, value, size);
715 kmem_strfree(xattr_name);
719 ZPL_XATTR_GET_WRAPPER(zpl_xattr_user_get);
722 __zpl_xattr_user_set(struct inode *ip, const char *name,
723 const void *value, size_t size, int flags)
727 /* xattr_resolve_name will do this for us if this is defined */
728 #ifndef HAVE_XATTR_HANDLER_NAME
729 if (strcmp(name, "") == 0)
732 if (!(ITOZSB(ip)->z_flags & ZSB_XATTR))
733 return (-EOPNOTSUPP);
735 xattr_name = kmem_asprintf("%s%s", XATTR_USER_PREFIX, name);
736 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
737 kmem_strfree(xattr_name);
741 ZPL_XATTR_SET_WRAPPER(zpl_xattr_user_set);
743 xattr_handler_t zpl_xattr_user_handler =
745 .prefix = XATTR_USER_PREFIX,
746 .list = zpl_xattr_user_list,
747 .get = zpl_xattr_user_get,
748 .set = zpl_xattr_user_set,
752 * Trusted extended attributes
754 * "Trusted extended attributes are visible and accessible only to
755 * processes that have the CAP_SYS_ADMIN capability. Attributes in this
756 * class are used to implement mechanisms in user space (i.e., outside
757 * the kernel) which keep information in extended attributes to which
758 * ordinary processes should not have access." - xattr(7)
761 __zpl_xattr_trusted_list(struct inode *ip, char *list, size_t list_size,
762 const char *name, size_t name_len)
764 return (capable(CAP_SYS_ADMIN));
766 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_trusted_list);
769 __zpl_xattr_trusted_get(struct inode *ip, const char *name,
770 void *value, size_t size)
775 if (!capable(CAP_SYS_ADMIN))
777 /* xattr_resolve_name will do this for us if this is defined */
778 #ifndef HAVE_XATTR_HANDLER_NAME
779 if (strcmp(name, "") == 0)
782 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
783 error = zpl_xattr_get(ip, xattr_name, value, size);
784 kmem_strfree(xattr_name);
788 ZPL_XATTR_GET_WRAPPER(zpl_xattr_trusted_get);
791 __zpl_xattr_trusted_set(struct inode *ip, const char *name,
792 const void *value, size_t size, int flags)
797 if (!capable(CAP_SYS_ADMIN))
799 /* xattr_resolve_name will do this for us if this is defined */
800 #ifndef HAVE_XATTR_HANDLER_NAME
801 if (strcmp(name, "") == 0)
804 xattr_name = kmem_asprintf("%s%s", XATTR_TRUSTED_PREFIX, name);
805 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
806 kmem_strfree(xattr_name);
810 ZPL_XATTR_SET_WRAPPER(zpl_xattr_trusted_set);
812 xattr_handler_t zpl_xattr_trusted_handler =
814 .prefix = XATTR_TRUSTED_PREFIX,
815 .list = zpl_xattr_trusted_list,
816 .get = zpl_xattr_trusted_get,
817 .set = zpl_xattr_trusted_set,
821 * Extended security attributes
823 * "The security attribute namespace is used by kernel security modules,
824 * such as Security Enhanced Linux, and also to implement file
825 * capabilities (see capabilities(7)). Read and write access
826 * permissions to security attributes depend on the policy implemented
827 * for each security attribute by the security module. When no security
828 * module is loaded, all processes have read access to extended security
829 * attributes, and write access is limited to processes that have the
830 * CAP_SYS_ADMIN capability." - xattr(7)
833 __zpl_xattr_security_list(struct inode *ip, char *list, size_t list_size,
834 const char *name, size_t name_len)
838 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_security_list);
841 __zpl_xattr_security_get(struct inode *ip, const char *name,
842 void *value, size_t size)
846 /* xattr_resolve_name will do this for us if this is defined */
847 #ifndef HAVE_XATTR_HANDLER_NAME
848 if (strcmp(name, "") == 0)
851 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
852 error = zpl_xattr_get(ip, xattr_name, value, size);
853 kmem_strfree(xattr_name);
857 ZPL_XATTR_GET_WRAPPER(zpl_xattr_security_get);
860 __zpl_xattr_security_set(struct inode *ip, const char *name,
861 const void *value, size_t size, int flags)
865 /* xattr_resolve_name will do this for us if this is defined */
866 #ifndef HAVE_XATTR_HANDLER_NAME
867 if (strcmp(name, "") == 0)
870 xattr_name = kmem_asprintf("%s%s", XATTR_SECURITY_PREFIX, name);
871 error = zpl_xattr_set(ip, xattr_name, value, size, flags);
872 kmem_strfree(xattr_name);
876 ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
879 zpl_xattr_security_init_impl(struct inode *ip, const struct xattr *xattrs,
882 const struct xattr *xattr;
885 for (xattr = xattrs; xattr->name != NULL; xattr++) {
886 error = __zpl_xattr_security_set(ip,
887 xattr->name, xattr->value, xattr->value_len, 0);
897 zpl_xattr_security_init(struct inode *ip, struct inode *dip,
898 const struct qstr *qstr)
900 return security_inode_init_security(ip, dip, qstr,
901 &zpl_xattr_security_init_impl, NULL);
905 * Security xattr namespace handlers.
907 xattr_handler_t zpl_xattr_security_handler = {
908 .prefix = XATTR_SECURITY_PREFIX,
909 .list = zpl_xattr_security_list,
910 .get = zpl_xattr_security_get,
911 .set = zpl_xattr_security_set,
915 * Extended system attributes
917 * "Extended system attributes are used by the kernel to store system
918 * objects such as Access Control Lists. Read and write access permissions
919 * to system attributes depend on the policy implemented for each system
920 * attribute implemented by filesystems in the kernel." - xattr(7)
922 #ifdef CONFIG_FS_POSIX_ACL
927 zpl_set_acl(struct inode *ip, struct posix_acl *acl, int type)
929 char *name, *value = NULL;
933 if (S_ISLNK(ip->i_mode))
934 return (-EOPNOTSUPP);
937 case ACL_TYPE_ACCESS:
938 name = XATTR_NAME_POSIX_ACL_ACCESS;
940 umode_t mode = ip->i_mode;
941 error = posix_acl_equiv_mode(acl, &mode);
946 * The mode bits will have been set by
947 * ->zfs_setattr()->zfs_acl_chmod_setattr()
948 * using the ZFS ACL conversion. If they
949 * differ from the Posix ACL conversion dirty
950 * the inode to write the Posix mode bits.
952 if (ip->i_mode != mode) {
954 ip->i_ctime = current_time(ip);
955 zfs_mark_inode_dirty(ip);
964 case ACL_TYPE_DEFAULT:
965 name = XATTR_NAME_POSIX_ACL_DEFAULT;
966 if (!S_ISDIR(ip->i_mode))
967 return (acl ? -EACCES : 0);
975 size = posix_acl_xattr_size(acl->a_count);
976 value = kmem_alloc(size, KM_SLEEP);
978 error = zpl_acl_to_xattr(acl, value, size);
980 kmem_free(value, size);
985 error = zpl_xattr_set(ip, name, value, size, 0);
987 kmem_free(value, size);
991 zpl_set_cached_acl(ip, type, acl);
993 zpl_forget_cached_acl(ip, type);
1000 zpl_get_acl(struct inode *ip, int type)
1002 struct posix_acl *acl;
1008 * As of Linux 3.14, the kernel get_acl will check this for us.
1009 * Also as of Linux 4.7, comparing against ACL_NOT_CACHED is wrong
1010 * as the kernel get_acl will set it to temporary sentinel value.
1012 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1013 acl = get_cached_acl(ip, type);
1014 if (acl != ACL_NOT_CACHED)
1019 case ACL_TYPE_ACCESS:
1020 name = XATTR_NAME_POSIX_ACL_ACCESS;
1022 case ACL_TYPE_DEFAULT:
1023 name = XATTR_NAME_POSIX_ACL_DEFAULT;
1026 return (ERR_PTR(-EINVAL));
1029 size = zpl_xattr_get(ip, name, NULL, 0);
1031 value = kmem_alloc(size, KM_SLEEP);
1032 size = zpl_xattr_get(ip, name, value, size);
1036 acl = zpl_acl_from_xattr(value, size);
1037 } else if (size == -ENODATA || size == -ENOSYS) {
1040 acl = ERR_PTR(-EIO);
1044 kmem_free(value, size);
1046 /* As of Linux 4.7, the kernel get_acl will set this for us */
1047 #ifndef HAVE_KERNEL_GET_ACL_HANDLE_CACHE
1049 zpl_set_cached_acl(ip, type, acl);
1056 zpl_init_acl(struct inode *ip, struct inode *dir)
1058 struct posix_acl *acl = NULL;
1061 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1064 if (!S_ISLNK(ip->i_mode)) {
1065 acl = zpl_get_acl(dir, ACL_TYPE_DEFAULT);
1067 return (PTR_ERR(acl));
1069 ip->i_mode &= ~current_umask();
1070 ip->i_ctime = current_time(ip);
1071 zfs_mark_inode_dirty(ip);
1079 if (S_ISDIR(ip->i_mode)) {
1080 error = zpl_set_acl(ip, acl, ACL_TYPE_DEFAULT);
1086 error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
1089 zfs_mark_inode_dirty(ip);
1091 error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS);
1095 zpl_posix_acl_release(acl);
1101 zpl_chmod_acl(struct inode *ip)
1103 struct posix_acl *acl;
1106 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1109 if (S_ISLNK(ip->i_mode))
1110 return (-EOPNOTSUPP);
1112 acl = zpl_get_acl(ip, ACL_TYPE_ACCESS);
1113 if (IS_ERR(acl) || !acl)
1114 return (PTR_ERR(acl));
1116 error = __posix_acl_chmod(&acl, GFP_KERNEL, ip->i_mode);
1118 error = zpl_set_acl(ip, acl, ACL_TYPE_ACCESS);
1120 zpl_posix_acl_release(acl);
1126 __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size,
1127 const char *name, size_t name_len)
1129 char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS;
1130 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS);
1132 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1135 if (list && xattr_size <= list_size)
1136 memcpy(list, xattr_name, xattr_size);
1138 return (xattr_size);
1140 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_access);
1143 __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size,
1144 const char *name, size_t name_len)
1146 char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT;
1147 size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT);
1149 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1152 if (list && xattr_size <= list_size)
1153 memcpy(list, xattr_name, xattr_size);
1155 return (xattr_size);
1157 ZPL_XATTR_LIST_WRAPPER(zpl_xattr_acl_list_default);
1160 __zpl_xattr_acl_get_access(struct inode *ip, const char *name,
1161 void *buffer, size_t size)
1163 struct posix_acl *acl;
1164 int type = ACL_TYPE_ACCESS;
1166 /* xattr_resolve_name will do this for us if this is defined */
1167 #ifndef HAVE_XATTR_HANDLER_NAME
1168 if (strcmp(name, "") != 0)
1171 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1172 return (-EOPNOTSUPP);
1174 acl = zpl_get_acl(ip, type);
1176 return (PTR_ERR(acl));
1180 error = zpl_acl_to_xattr(acl, buffer, size);
1181 zpl_posix_acl_release(acl);
1185 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_access);
1188 __zpl_xattr_acl_get_default(struct inode *ip, const char *name,
1189 void *buffer, size_t size)
1191 struct posix_acl *acl;
1192 int type = ACL_TYPE_DEFAULT;
1194 /* xattr_resolve_name will do this for us if this is defined */
1195 #ifndef HAVE_XATTR_HANDLER_NAME
1196 if (strcmp(name, "") != 0)
1199 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1200 return (-EOPNOTSUPP);
1202 acl = zpl_get_acl(ip, type);
1204 return (PTR_ERR(acl));
1208 error = zpl_acl_to_xattr(acl, buffer, size);
1209 zpl_posix_acl_release(acl);
1213 ZPL_XATTR_GET_WRAPPER(zpl_xattr_acl_get_default);
1216 __zpl_xattr_acl_set_access(struct inode *ip, const char *name,
1217 const void *value, size_t size, int flags)
1219 struct posix_acl *acl;
1220 int type = ACL_TYPE_ACCESS;
1222 /* xattr_resolve_name will do this for us if this is defined */
1223 #ifndef HAVE_XATTR_HANDLER_NAME
1224 if (strcmp(name, "") != 0)
1227 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1228 return (-EOPNOTSUPP);
1230 if (!inode_owner_or_capable(ip))
1234 acl = zpl_acl_from_xattr(value, size);
1236 return (PTR_ERR(acl));
1238 error = zpl_posix_acl_valid(ip, acl);
1240 zpl_posix_acl_release(acl);
1248 error = zpl_set_acl(ip, acl, type);
1249 zpl_posix_acl_release(acl);
1253 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_access);
1256 __zpl_xattr_acl_set_default(struct inode *ip, const char *name,
1257 const void *value, size_t size, int flags)
1259 struct posix_acl *acl;
1260 int type = ACL_TYPE_DEFAULT;
1262 /* xattr_resolve_name will do this for us if this is defined */
1263 #ifndef HAVE_XATTR_HANDLER_NAME
1264 if (strcmp(name, "") != 0)
1267 if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX)
1268 return (-EOPNOTSUPP);
1270 if (!inode_owner_or_capable(ip))
1274 acl = zpl_acl_from_xattr(value, size);
1276 return (PTR_ERR(acl));
1278 error = zpl_posix_acl_valid(ip, acl);
1280 zpl_posix_acl_release(acl);
1288 error = zpl_set_acl(ip, acl, type);
1289 zpl_posix_acl_release(acl);
1293 ZPL_XATTR_SET_WRAPPER(zpl_xattr_acl_set_default);
1296 * ACL access xattr namespace handlers.
1298 * Use .name instead of .prefix when available. xattr_resolve_name will match
1299 * whole name and reject anything that has .name only as prefix.
1301 xattr_handler_t zpl_xattr_acl_access_handler =
1303 #ifdef HAVE_XATTR_HANDLER_NAME
1304 .name = XATTR_NAME_POSIX_ACL_ACCESS,
1306 .prefix = XATTR_NAME_POSIX_ACL_ACCESS,
1308 .list = zpl_xattr_acl_list_access,
1309 .get = zpl_xattr_acl_get_access,
1310 .set = zpl_xattr_acl_set_access,
1311 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1312 defined(HAVE_XATTR_LIST_DENTRY) || \
1313 defined(HAVE_XATTR_LIST_HANDLER)
1314 .flags = ACL_TYPE_ACCESS,
1319 * ACL default xattr namespace handlers.
1321 * Use .name instead of .prefix when available. xattr_resolve_name will match
1322 * whole name and reject anything that has .name only as prefix.
1324 xattr_handler_t zpl_xattr_acl_default_handler =
1326 #ifdef HAVE_XATTR_HANDLER_NAME
1327 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
1329 .prefix = XATTR_NAME_POSIX_ACL_DEFAULT,
1331 .list = zpl_xattr_acl_list_default,
1332 .get = zpl_xattr_acl_get_default,
1333 .set = zpl_xattr_acl_set_default,
1334 #if defined(HAVE_XATTR_LIST_SIMPLE) || \
1335 defined(HAVE_XATTR_LIST_DENTRY) || \
1336 defined(HAVE_XATTR_LIST_HANDLER)
1337 .flags = ACL_TYPE_DEFAULT,
1341 #endif /* CONFIG_FS_POSIX_ACL */
1343 xattr_handler_t *zpl_xattr_handlers[] = {
1344 &zpl_xattr_security_handler,
1345 &zpl_xattr_trusted_handler,
1346 &zpl_xattr_user_handler,
1347 #ifdef CONFIG_FS_POSIX_ACL
1348 &zpl_xattr_acl_access_handler,
1349 &zpl_xattr_acl_default_handler,
1350 #endif /* CONFIG_FS_POSIX_ACL */
1354 static const struct xattr_handler *
1355 zpl_xattr_handler(const char *name)
1357 if (strncmp(name, XATTR_USER_PREFIX,
1358 XATTR_USER_PREFIX_LEN) == 0)
1359 return (&zpl_xattr_user_handler);
1361 if (strncmp(name, XATTR_TRUSTED_PREFIX,
1362 XATTR_TRUSTED_PREFIX_LEN) == 0)
1363 return (&zpl_xattr_trusted_handler);
1365 if (strncmp(name, XATTR_SECURITY_PREFIX,
1366 XATTR_SECURITY_PREFIX_LEN) == 0)
1367 return (&zpl_xattr_security_handler);
1369 #ifdef CONFIG_FS_POSIX_ACL
1370 if (strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
1371 sizeof (XATTR_NAME_POSIX_ACL_ACCESS)) == 0)
1372 return (&zpl_xattr_acl_access_handler);
1374 if (strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1375 sizeof (XATTR_NAME_POSIX_ACL_DEFAULT)) == 0)
1376 return (&zpl_xattr_acl_default_handler);
1377 #endif /* CONFIG_FS_POSIX_ACL */
1382 #if !defined(HAVE_POSIX_ACL_RELEASE) || defined(HAVE_POSIX_ACL_RELEASE_GPL_ONLY)
1383 struct acl_rel_struct {
1384 struct acl_rel_struct *next;
1385 struct posix_acl *acl;
1389 #define ACL_REL_GRACE (60*HZ)
1390 #define ACL_REL_WINDOW (1*HZ)
1391 #define ACL_REL_SCHED (ACL_REL_GRACE+ACL_REL_WINDOW)
1394 * Lockless multi-producer single-consumer fifo list.
1395 * Nodes are added to tail and removed from head. Tail pointer is our
1396 * synchronization point. It always points to the next pointer of the last
1397 * node, or head if list is empty.
1399 static struct acl_rel_struct *acl_rel_head = NULL;
1400 static struct acl_rel_struct **acl_rel_tail = &acl_rel_head;
1403 zpl_posix_acl_free(void *arg)
1405 struct acl_rel_struct *freelist = NULL;
1406 struct acl_rel_struct *a;
1408 boolean_t refire = B_FALSE;
1410 ASSERT3P(acl_rel_head, !=, NULL);
1411 while (acl_rel_head) {
1413 if (ddi_get_lbolt() - a->time >= ACL_REL_GRACE) {
1415 * If a is the last node we need to reset tail, but we
1416 * need to use cmpxchg to make sure it is still the
1419 if (acl_rel_tail == &a->next) {
1420 acl_rel_head = NULL;
1421 if (cmpxchg(&acl_rel_tail, &a->next,
1422 &acl_rel_head) == &a->next) {
1423 ASSERT3P(a->next, ==, NULL);
1430 * a is not last node, make sure next pointer is set
1431 * by the adder and advance the head.
1433 while (READ_ONCE(a->next) == NULL)
1435 acl_rel_head = a->next;
1440 * a is still in grace period. We are responsible to
1441 * reschedule the free task, since adder will only do
1442 * so if list is empty.
1444 new_time = a->time + ACL_REL_SCHED;
1451 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1452 NULL, TQ_SLEEP, new_time);
1458 kmem_free(a, sizeof (struct acl_rel_struct));
1463 zpl_posix_acl_release_impl(struct posix_acl *acl)
1465 struct acl_rel_struct *a, **prev;
1467 a = kmem_alloc(sizeof (struct acl_rel_struct), KM_SLEEP);
1470 a->time = ddi_get_lbolt();
1471 /* atomically points tail to us and get the previous tail */
1472 prev = xchg(&acl_rel_tail, &a->next);
1473 ASSERT3P(*prev, ==, NULL);
1475 /* if it was empty before, schedule the free task */
1476 if (prev == &acl_rel_head)
1477 taskq_dispatch_delay(system_delay_taskq, zpl_posix_acl_free,
1478 NULL, TQ_SLEEP, ddi_get_lbolt() + ACL_REL_SCHED);