ufs_extattr.c revision 106394
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network 9 * Associates Laboratories, the Security Research Division of Network 10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11 * as part of the DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD: head/sys/ufs/ufs/ufs_extattr.c 106394 2002-11-04 02:35:46Z rwatson $ 35 */ 36/* 37 * Developed by the TrustedBSD Project. 38 * Support for filesystem extended attribute: UFS-specific support functions. 39 */ 40 41#include "opt_ufs.h" 42 43#include <sys/param.h> 44#include <sys/systm.h> 45#include <sys/kernel.h> 46#include <sys/namei.h> 47#include <sys/malloc.h> 48#include <sys/fcntl.h> 49#include <sys/proc.h> 50#include <sys/vnode.h> 51#include <sys/mount.h> 52#include <sys/lock.h> 53#include <sys/dirent.h> 54#include <sys/extattr.h> 55#include <sys/sysctl.h> 56 57#include <vm/uma.h> 58 59#include <ufs/ufs/dir.h> 60#include <ufs/ufs/extattr.h> 61#include <ufs/ufs/quota.h> 62#include <ufs/ufs/ufsmount.h> 63#include <ufs/ufs/inode.h> 64#include <ufs/ufs/ufs_extern.h> 65 66#ifdef UFS_EXTATTR 67 68#define MIN(a,b) (((a)<(b))?(a):(b)) 69 70static MALLOC_DEFINE(M_UFS_EXTATTR, "ufs_extattr", "ufs extended attribute"); 71 72static int ufs_extattr_sync = 0; 73SYSCTL_INT(_debug, OID_AUTO, ufs_extattr_sync, CTLFLAG_RW, &ufs_extattr_sync, 74 0, ""); 75 76static int ufs_extattr_valid_attrname(int attrnamespace, 77 const char *attrname); 78static int ufs_extattr_enable_with_open(struct ufsmount *ump, 79 struct vnode *vp, int attrnamespace, const char *attrname, 80 struct thread *td); 81static int ufs_extattr_enable(struct ufsmount *ump, int attrnamespace, 82 const char *attrname, struct vnode *backing_vnode, 83 struct thread *td); 84static int ufs_extattr_disable(struct ufsmount *ump, int attrnamespace, 85 const char *attrname, struct thread *td); 86static int ufs_extattr_get(struct vnode *vp, int attrnamespace, 87 const char *name, struct uio *uio, size_t *size, 88 struct ucred *cred, struct thread *td); 89static int ufs_extattr_set(struct vnode *vp, int attrnamespace, 90 const char *name, struct uio *uio, struct ucred *cred, 91 struct thread *td); 92static int ufs_extattr_rm(struct vnode *vp, int attrnamespace, 93 const char *name, struct ucred *cred, struct thread *td); 94 95/* 96 * Per-FS attribute lock protecting attribute operations. 97 * XXX Right now there is a lot of lock contention due to having a single 98 * lock per-FS; really, this should be far more fine-grained. 99 */ 100static void 101ufs_extattr_uepm_lock(struct ufsmount *ump, struct thread *td) 102{ 103 104 /* Ideally, LK_CANRECURSE would not be used, here. */ 105 lockmgr(&ump->um_extattr.uepm_lock, LK_EXCLUSIVE | LK_RETRY | 106 LK_CANRECURSE, 0, td); 107} 108 109static void 110ufs_extattr_uepm_unlock(struct ufsmount *ump, struct thread *td) 111{ 112 113 lockmgr(&ump->um_extattr.uepm_lock, LK_RELEASE, 0, td); 114} 115 116/* 117 * Determine whether the name passed is a valid name for an actual 118 * attribute. 119 * 120 * Invalid currently consists of: 121 * NULL pointer for attrname 122 * zero-length attrname (used to retrieve application attribute list) 123 */ 124static int 125ufs_extattr_valid_attrname(int attrnamespace, const char *attrname) 126{ 127 128 if (attrname == NULL) 129 return (0); 130 if (strlen(attrname) == 0) 131 return (0); 132 return (1); 133} 134 135/* 136 * Locate an attribute given a name and mountpoint. 137 * Must be holding uepm lock for the mount point. 138 */ 139static struct ufs_extattr_list_entry * 140ufs_extattr_find_attr(struct ufsmount *ump, int attrnamespace, 141 const char *attrname) 142{ 143 struct ufs_extattr_list_entry *search_attribute; 144 145 for (search_attribute = LIST_FIRST(&ump->um_extattr.uepm_list); 146 search_attribute; 147 search_attribute = LIST_NEXT(search_attribute, uele_entries)) { 148 if (!(strncmp(attrname, search_attribute->uele_attrname, 149 UFS_EXTATTR_MAXEXTATTRNAME)) && 150 (attrnamespace == search_attribute->uele_attrnamespace)) { 151 return (search_attribute); 152 } 153 } 154 155 return (0); 156} 157 158/* 159 * Initialize per-FS structures supporting extended attributes. Do not 160 * start extended attributes yet. 161 */ 162void 163ufs_extattr_uepm_init(struct ufs_extattr_per_mount *uepm) 164{ 165 166 uepm->uepm_flags = 0; 167 168 LIST_INIT(&uepm->uepm_list); 169 /* XXX is PVFS right, here? */ 170 lockinit(&uepm->uepm_lock, PVFS, "extattr", 0, 0); 171 uepm->uepm_flags |= UFS_EXTATTR_UEPM_INITIALIZED; 172} 173 174/* 175 * Destroy per-FS structures supporting extended attributes. Assumes 176 * that EAs have already been stopped, and will panic if not. 177 */ 178void 179ufs_extattr_uepm_destroy(struct ufs_extattr_per_mount *uepm) 180{ 181 182 if (!(uepm->uepm_flags & UFS_EXTATTR_UEPM_INITIALIZED)) 183 panic("ufs_extattr_uepm_destroy: not initialized"); 184 185 if ((uepm->uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 186 panic("ufs_extattr_uepm_destroy: called while still started"); 187 188 /* 189 * It's not clear that either order for the next two lines is 190 * ideal, and it should never be a problem if this is only called 191 * during unmount, and with vfs_busy(). 192 */ 193 uepm->uepm_flags &= ~UFS_EXTATTR_UEPM_INITIALIZED; 194 lockdestroy(&uepm->uepm_lock); 195} 196 197/* 198 * Start extended attribute support on an FS. 199 */ 200int 201ufs_extattr_start(struct mount *mp, struct thread *td) 202{ 203 struct ufsmount *ump; 204 int error = 0; 205 206 ump = VFSTOUFS(mp); 207 208 ufs_extattr_uepm_lock(ump, td); 209 210 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_INITIALIZED)) { 211 error = EOPNOTSUPP; 212 goto unlock; 213 } 214 if (ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED) { 215 error = EBUSY; 216 goto unlock; 217 } 218 219 ump->um_extattr.uepm_flags |= UFS_EXTATTR_UEPM_STARTED; 220 221 ump->um_extattr.uepm_ucred = crhold(td->td_ucred); 222 223unlock: 224 ufs_extattr_uepm_unlock(ump, td); 225 226 return (error); 227} 228 229#ifdef UFS_EXTATTR_AUTOSTART 230/* 231 * Helper routine: given a locked parent directory and filename, return 232 * the locked vnode of the inode associated with the name. Will not 233 * follow symlinks, may return any type of vnode. Lock on parent will 234 * be released even in the event of a failure. In the event that the 235 * target is the parent (i.e., "."), there will be two references and 236 * one lock, requiring the caller to possibly special-case. 237 */ 238#define UE_GETDIR_LOCKPARENT 1 239#define UE_GETDIR_LOCKPARENT_DONT 2 240static int 241ufs_extattr_lookup(struct vnode *start_dvp, int lockparent, char *dirname, 242 struct vnode **vp, struct thread *td) 243{ 244 struct vop_cachedlookup_args vargs; 245 struct componentname cnp; 246 struct vnode *target_vp; 247 int error; 248 249 bzero(&cnp, sizeof(cnp)); 250 cnp.cn_nameiop = LOOKUP; 251 cnp.cn_flags = ISLASTCN; 252 if (lockparent == UE_GETDIR_LOCKPARENT) 253 cnp.cn_flags |= LOCKPARENT; 254 cnp.cn_thread = td; 255 cnp.cn_cred = td->td_ucred; 256 cnp.cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK); 257 cnp.cn_nameptr = cnp.cn_pnbuf; 258 error = copystr(dirname, cnp.cn_pnbuf, MAXPATHLEN, 259 (size_t *) &cnp.cn_namelen); 260 if (error) { 261 if (lockparent == UE_GETDIR_LOCKPARENT_DONT) { 262 VOP_UNLOCK(start_dvp, 0, td); 263 } 264 uma_zfree(namei_zone, cnp.cn_pnbuf); 265 printf("ufs_extattr_lookup: copystr failed\n"); 266 return (error); 267 } 268 cnp.cn_namelen--; /* trim nul termination */ 269 vargs.a_desc = NULL; 270 vargs.a_dvp = start_dvp; 271 vargs.a_vpp = &target_vp; 272 vargs.a_cnp = &cnp; 273 error = ufs_lookup(&vargs); 274 uma_zfree(namei_zone, cnp.cn_pnbuf); 275 if (error) { 276 /* 277 * Error condition, may have to release the lock on the parent 278 * if ufs_lookup() didn't. 279 */ 280 if (!(cnp.cn_flags & PDIRUNLOCK) && 281 (lockparent == UE_GETDIR_LOCKPARENT_DONT)) 282 VOP_UNLOCK(start_dvp, 0, td); 283 284 /* 285 * Check that ufs_lookup() didn't release the lock when we 286 * didn't want it to. 287 */ 288 if ((cnp.cn_flags & PDIRUNLOCK) && 289 (lockparent == UE_GETDIR_LOCKPARENT)) 290 panic("ufs_extattr_lookup: lockparent but PDIRUNLOCK"); 291 292 return (error); 293 } 294/* 295 if (target_vp == start_dvp) 296 panic("ufs_extattr_lookup: target_vp == start_dvp"); 297*/ 298 299 if (target_vp != start_dvp && 300 !(cnp.cn_flags & PDIRUNLOCK) && 301 (lockparent == UE_GETDIR_LOCKPARENT_DONT)) 302 panic("ufs_extattr_lookup: !lockparent but !PDIRUNLOCK"); 303 304 if ((cnp.cn_flags & PDIRUNLOCK) && 305 (lockparent == UE_GETDIR_LOCKPARENT)) 306 panic("ufs_extattr_lookup: lockparent but PDIRUNLOCK"); 307 308 /* printf("ufs_extattr_lookup: success\n"); */ 309 *vp = target_vp; 310 return (0); 311} 312#endif /* !UFS_EXTATTR_AUTOSTART */ 313 314/* 315 * Enable an EA using the passed filesystem, backing vnode, attribute name, 316 * namespace, and proc. Will perform a VOP_OPEN() on the vp, so expects vp 317 * to be locked when passed in. The vnode will be returned unlocked, 318 * regardless of success/failure of the function. As a result, the caller 319 * will always need to vrele(), but not vput(). 320 */ 321static int 322ufs_extattr_enable_with_open(struct ufsmount *ump, struct vnode *vp, 323 int attrnamespace, const char *attrname, struct thread *td) 324{ 325 int error; 326 327 error = VOP_OPEN(vp, FREAD|FWRITE, td->td_ucred, td); 328 if (error) { 329 printf("ufs_extattr_enable_with_open.VOP_OPEN(): failed " 330 "with %d\n", error); 331 VOP_UNLOCK(vp, 0, td); 332 return (error); 333 } 334 335 /* 336 * XXX: Note, should VOP_CLOSE() if vfs_object_create() fails, but due 337 * to a similar piece of code in vn_open(), we don't. 338 */ 339 if (vn_canvmio(vp) == TRUE) 340 if ((error = vfs_object_create(vp, td, 341 td->td_ucred)) != 0) { 342 /* 343 * XXX: bug replicated from vn_open(): should 344 * VOP_CLOSE() here. 345 */ 346 VOP_UNLOCK(vp, 0, td); 347 return (error); 348 } 349 350 vp->v_writecount++; 351 352 vref(vp); 353 354 VOP_UNLOCK(vp, 0, td); 355 356 error = ufs_extattr_enable(ump, attrnamespace, attrname, vp, td); 357 if (error != 0) 358 vn_close(vp, FREAD|FWRITE, td->td_ucred, td); 359 return (error); 360} 361 362#ifdef UFS_EXTATTR_AUTOSTART 363/* 364 * Given a locked directory vnode, iterate over the names in the directory 365 * and use ufs_extattr_lookup() to retrieve locked vnodes of potential 366 * attribute files. Then invoke ufs_extattr_enable_with_open() on each 367 * to attempt to start the attribute. Leaves the directory locked on 368 * exit. 369 */ 370static int 371ufs_extattr_iterate_directory(struct ufsmount *ump, struct vnode *dvp, 372 int attrnamespace, struct thread *td) 373{ 374 struct vop_readdir_args vargs; 375 struct dirent *dp, *edp; 376 struct vnode *attr_vp; 377 struct uio auio; 378 struct iovec aiov; 379 char *dirbuf; 380 int error, eofflag = 0; 381 382 if (dvp->v_type != VDIR) 383 return (ENOTDIR); 384 385 MALLOC(dirbuf, char *, DIRBLKSIZ, M_TEMP, M_WAITOK); 386 387 auio.uio_iov = &aiov; 388 auio.uio_iovcnt = 1; 389 auio.uio_rw = UIO_READ; 390 auio.uio_segflg = UIO_SYSSPACE; 391 auio.uio_td = td; 392 auio.uio_offset = 0; 393 394 vargs.a_desc = NULL; 395 vargs.a_vp = dvp; 396 vargs.a_uio = &auio; 397 vargs.a_cred = td->td_ucred; 398 vargs.a_eofflag = &eofflag; 399 vargs.a_ncookies = NULL; 400 vargs.a_cookies = NULL; 401 402 while (!eofflag) { 403 auio.uio_resid = DIRBLKSIZ; 404 aiov.iov_base = dirbuf; 405 aiov.iov_len = DIRBLKSIZ; 406 error = ufs_readdir(&vargs); 407 if (error) { 408 printf("ufs_extattr_iterate_directory: ufs_readdir " 409 "%d\n", error); 410 return (error); 411 } 412 413 edp = (struct dirent *)&dirbuf[DIRBLKSIZ]; 414 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 415#if (BYTE_ORDER == LITTLE_ENDIAN) 416 dp->d_type = dp->d_namlen; 417 dp->d_namlen = 0; 418#else 419 dp->d_type = 0; 420#endif 421 if (dp->d_reclen == 0) 422 break; 423 error = ufs_extattr_lookup(dvp, UE_GETDIR_LOCKPARENT, 424 dp->d_name, &attr_vp, td); 425 if (error) { 426 printf("ufs_extattr_iterate_directory: lookup " 427 "%s %d\n", dp->d_name, error); 428 } else if (attr_vp == dvp) { 429 vrele(attr_vp); 430 } else if (attr_vp->v_type != VREG) { 431 vput(attr_vp); 432 } else { 433 error = ufs_extattr_enable_with_open(ump, 434 attr_vp, attrnamespace, dp->d_name, td); 435 vrele(attr_vp); 436 if (error) { 437 printf("ufs_extattr_iterate_directory: " 438 "enable %s %d\n", dp->d_name, 439 error); 440 } else if (bootverbose) { 441 printf("UFS autostarted EA %s\n", 442 dp->d_name); 443 } 444 } 445 dp = (struct dirent *) ((char *)dp + dp->d_reclen); 446 if (dp >= edp) 447 break; 448 } 449 } 450 FREE(dirbuf, M_TEMP); 451 452 return (0); 453} 454 455/* 456 * Auto-start of extended attributes, to be executed (optionally) at 457 * mount-time. 458 */ 459int 460ufs_extattr_autostart(struct mount *mp, struct thread *td) 461{ 462 struct vnode *rvp, *attr_dvp, *attr_system_dvp, *attr_user_dvp; 463 int error; 464 465 /* 466 * Does UFS_EXTATTR_FSROOTSUBDIR exist off the filesystem root? 467 * If so, automatically start EA's. 468 */ 469 error = VFS_ROOT(mp, &rvp); 470 if (error) { 471 printf("ufs_extattr_autostart.VFS_ROOT() returned %d\n", 472 error); 473 return (error); 474 } 475 476 error = ufs_extattr_lookup(rvp, UE_GETDIR_LOCKPARENT_DONT, 477 UFS_EXTATTR_FSROOTSUBDIR, &attr_dvp, td); 478 if (error) { 479 /* rvp ref'd but now unlocked */ 480 vrele(rvp); 481 return (error); 482 } 483 if (rvp == attr_dvp) { 484 /* Should never happen. */ 485 vrele(attr_dvp); 486 vput(rvp); 487 return (EINVAL); 488 } 489 vrele(rvp); 490 491 if (attr_dvp->v_type != VDIR) { 492 printf("ufs_extattr_autostart: %s != VDIR\n", 493 UFS_EXTATTR_FSROOTSUBDIR); 494 goto return_vput_attr_dvp; 495 } 496 497 error = ufs_extattr_start(mp, td); 498 if (error) { 499 printf("ufs_extattr_autostart: ufs_extattr_start failed (%d)\n", 500 error); 501 goto return_vput_attr_dvp; 502 } 503 504 /* 505 * Look for two subdirectories: UFS_EXTATTR_SUBDIR_SYSTEM, 506 * UFS_EXTATTR_SUBDIR_USER. For each, iterate over the sub-directory, 507 * and start with appropriate type. Failures in either don't 508 * result in an over-all failure. attr_dvp is left locked to 509 * be cleaned up on exit. 510 */ 511 error = ufs_extattr_lookup(attr_dvp, UE_GETDIR_LOCKPARENT, 512 UFS_EXTATTR_SUBDIR_SYSTEM, &attr_system_dvp, td); 513 if (!error) { 514 error = ufs_extattr_iterate_directory(VFSTOUFS(mp), 515 attr_system_dvp, EXTATTR_NAMESPACE_SYSTEM, td); 516 if (error) 517 printf("ufs_extattr_iterate_directory returned %d\n", 518 error); 519 vput(attr_system_dvp); 520 } 521 522 error = ufs_extattr_lookup(attr_dvp, UE_GETDIR_LOCKPARENT, 523 UFS_EXTATTR_SUBDIR_USER, &attr_user_dvp, td); 524 if (!error) { 525 error = ufs_extattr_iterate_directory(VFSTOUFS(mp), 526 attr_user_dvp, EXTATTR_NAMESPACE_USER, td); 527 if (error) 528 printf("ufs_extattr_iterate_directory returned %d\n", 529 error); 530 vput(attr_user_dvp); 531 } 532 533 /* Mask startup failures in sub-directories. */ 534 error = 0; 535 536return_vput_attr_dvp: 537 vput(attr_dvp); 538 539 return (error); 540} 541#endif /* !UFS_EXTATTR_AUTOSTART */ 542 543/* 544 * Stop extended attribute support on an FS. 545 */ 546int 547ufs_extattr_stop(struct mount *mp, struct thread *td) 548{ 549 struct ufs_extattr_list_entry *uele; 550 struct ufsmount *ump = VFSTOUFS(mp); 551 int error = 0; 552 553 ufs_extattr_uepm_lock(ump, td); 554 555 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) { 556 error = EOPNOTSUPP; 557 goto unlock; 558 } 559 560 while (LIST_FIRST(&ump->um_extattr.uepm_list) != NULL) { 561 uele = LIST_FIRST(&ump->um_extattr.uepm_list); 562 ufs_extattr_disable(ump, uele->uele_attrnamespace, 563 uele->uele_attrname, td); 564 } 565 566 ump->um_extattr.uepm_flags &= ~UFS_EXTATTR_UEPM_STARTED; 567 568 crfree(ump->um_extattr.uepm_ucred); 569 ump->um_extattr.uepm_ucred = NULL; 570 571unlock: 572 ufs_extattr_uepm_unlock(ump, td); 573 574 return (error); 575} 576 577/* 578 * Enable a named attribute on the specified filesystem; provide an 579 * unlocked backing vnode to hold the attribute data. 580 */ 581static int 582ufs_extattr_enable(struct ufsmount *ump, int attrnamespace, 583 const char *attrname, struct vnode *backing_vnode, struct thread *td) 584{ 585 struct ufs_extattr_list_entry *attribute; 586 struct iovec aiov; 587 struct uio auio; 588 int error = 0; 589 590 if (!ufs_extattr_valid_attrname(attrnamespace, attrname)) 591 return (EINVAL); 592 if (backing_vnode->v_type != VREG) 593 return (EINVAL); 594 595 MALLOC(attribute, struct ufs_extattr_list_entry *, 596 sizeof(struct ufs_extattr_list_entry), M_UFS_EXTATTR, M_WAITOK); 597 if (attribute == NULL) 598 return (ENOMEM); 599 600 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) { 601 error = EOPNOTSUPP; 602 goto free_exit; 603 } 604 605 if (ufs_extattr_find_attr(ump, attrnamespace, attrname)) { 606 error = EEXIST; 607 goto free_exit; 608 } 609 610 strncpy(attribute->uele_attrname, attrname, 611 UFS_EXTATTR_MAXEXTATTRNAME); 612 attribute->uele_attrnamespace = attrnamespace; 613 bzero(&attribute->uele_fileheader, 614 sizeof(struct ufs_extattr_fileheader)); 615 616 attribute->uele_backing_vnode = backing_vnode; 617 618 auio.uio_iov = &aiov; 619 auio.uio_iovcnt = 1; 620 aiov.iov_base = (caddr_t) &attribute->uele_fileheader; 621 aiov.iov_len = sizeof(struct ufs_extattr_fileheader); 622 auio.uio_resid = sizeof(struct ufs_extattr_fileheader); 623 auio.uio_offset = (off_t) 0; 624 auio.uio_segflg = UIO_SYSSPACE; 625 auio.uio_rw = UIO_READ; 626 auio.uio_td = td; 627 628 VOP_LEASE(backing_vnode, td, td->td_ucred, LEASE_WRITE); 629 vn_lock(backing_vnode, LK_SHARED | LK_NOPAUSE | LK_RETRY, td); 630 error = VOP_READ(backing_vnode, &auio, IO_NODELOCKED, 631 ump->um_extattr.uepm_ucred); 632 VOP_UNLOCK(backing_vnode, 0, td); 633 634 if (error) 635 goto free_exit; 636 637 if (auio.uio_resid != 0) { 638 printf("ufs_extattr_enable: malformed attribute header\n"); 639 error = EINVAL; 640 goto free_exit; 641 } 642 643 if (attribute->uele_fileheader.uef_magic != UFS_EXTATTR_MAGIC) { 644 printf("ufs_extattr_enable: invalid attribute header magic\n"); 645 error = EINVAL; 646 goto free_exit; 647 } 648 649 if (attribute->uele_fileheader.uef_version != UFS_EXTATTR_VERSION) { 650 printf("ufs_extattr_enable: incorrect attribute header " 651 "version\n"); 652 error = EINVAL; 653 goto free_exit; 654 } 655 656 ASSERT_VOP_LOCKED(backing_vnode, "ufs_extattr_enable"); 657 backing_vnode->v_vflag |= VV_SYSTEM; 658 LIST_INSERT_HEAD(&ump->um_extattr.uepm_list, attribute, 659 uele_entries); 660 661 return (0); 662 663free_exit: 664 FREE(attribute, M_UFS_EXTATTR); 665 return (error); 666} 667 668/* 669 * Disable extended attribute support on an FS. 670 */ 671static int 672ufs_extattr_disable(struct ufsmount *ump, int attrnamespace, 673 const char *attrname, struct thread *td) 674{ 675 struct ufs_extattr_list_entry *uele; 676 int error = 0; 677 678 if (!ufs_extattr_valid_attrname(attrnamespace, attrname)) 679 return (EINVAL); 680 681 uele = ufs_extattr_find_attr(ump, attrnamespace, attrname); 682 if (!uele) 683 return (ENOATTR); 684 685 LIST_REMOVE(uele, uele_entries); 686 687 ASSERT_VOP_LOCKED(uele->uele_backing_vnode, "ufs_extattr_disable"); 688 uele->uele_backing_vnode->v_vflag &= ~VV_SYSTEM; 689 error = vn_close(uele->uele_backing_vnode, FREAD|FWRITE, 690 td->td_ucred, td); 691 692 FREE(uele, M_UFS_EXTATTR); 693 694 return (error); 695} 696 697/* 698 * VFS call to manage extended attributes in UFS. If filename_vp is 699 * non-NULL, it must be passed in locked, and regardless of errors in 700 * processing, will be unlocked. 701 */ 702int 703ufs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp, 704 int attrnamespace, const char *attrname, struct thread *td) 705{ 706 struct ufsmount *ump = VFSTOUFS(mp); 707 int error; 708 709 /* 710 * Processes with privilege, but in jail, are not allowed to 711 * configure extended attributes. 712 */ 713 if ((error = suser(td))) { 714 if (filename_vp != NULL) 715 VOP_UNLOCK(filename_vp, 0, td); 716 return (error); 717 } 718 719 switch(cmd) { 720 case UFS_EXTATTR_CMD_START: 721 if (filename_vp != NULL) { 722 VOP_UNLOCK(filename_vp, 0, td); 723 return (EINVAL); 724 } 725 if (attrname != NULL) 726 return (EINVAL); 727 728 error = ufs_extattr_start(mp, td); 729 730 return (error); 731 732 case UFS_EXTATTR_CMD_STOP: 733 if (filename_vp != NULL) { 734 VOP_UNLOCK(filename_vp, 0, td); 735 return (EINVAL); 736 } 737 if (attrname != NULL) 738 return (EINVAL); 739 740 error = ufs_extattr_stop(mp, td); 741 742 return (error); 743 744 case UFS_EXTATTR_CMD_ENABLE: 745 746 if (filename_vp == NULL) 747 return (EINVAL); 748 if (attrname == NULL) { 749 VOP_UNLOCK(filename_vp, 0, td); 750 return (EINVAL); 751 } 752 753 /* 754 * ufs_extattr_enable_with_open() will always unlock the 755 * vnode, regardless of failure. 756 */ 757 ufs_extattr_uepm_lock(ump, td); 758 error = ufs_extattr_enable_with_open(ump, filename_vp, 759 attrnamespace, attrname, td); 760 ufs_extattr_uepm_unlock(ump, td); 761 762 return (error); 763 764 case UFS_EXTATTR_CMD_DISABLE: 765 766 if (filename_vp != NULL) { 767 VOP_UNLOCK(filename_vp, 0, td); 768 return (EINVAL); 769 } 770 if (attrname == NULL) 771 return (EINVAL); 772 773 ufs_extattr_uepm_lock(ump, td); 774 error = ufs_extattr_disable(ump, attrnamespace, attrname, 775 td); 776 ufs_extattr_uepm_unlock(ump, td); 777 778 return (error); 779 780 default: 781 return (EINVAL); 782 } 783} 784 785/* 786 * Vnode operating to retrieve a named extended attribute. 787 */ 788int 789ufs_getextattr(struct vop_getextattr_args *ap) 790/* 791vop_getextattr { 792 IN struct vnode *a_vp; 793 IN int a_attrnamespace; 794 IN const char *a_name; 795 INOUT struct uio *a_uio; 796 OUT size_t *a_size; 797 IN struct ucred *a_cred; 798 IN struct thread *a_td; 799}; 800*/ 801{ 802 struct mount *mp = ap->a_vp->v_mount; 803 struct ufsmount *ump = VFSTOUFS(mp); 804 int error; 805 806 ufs_extattr_uepm_lock(ump, ap->a_td); 807 808 error = ufs_extattr_get(ap->a_vp, ap->a_attrnamespace, ap->a_name, 809 ap->a_uio, ap->a_size, ap->a_cred, ap->a_td); 810 811 ufs_extattr_uepm_unlock(ump, ap->a_td); 812 813 return (error); 814} 815 816/* 817 * Real work associated with retrieving a named attribute--assumes that 818 * the attribute lock has already been grabbed. 819 */ 820static int 821ufs_extattr_get(struct vnode *vp, int attrnamespace, const char *name, 822 struct uio *uio, size_t *size, struct ucred *cred, struct thread *td) 823{ 824 struct ufs_extattr_list_entry *attribute; 825 struct ufs_extattr_header ueh; 826 struct iovec local_aiov; 827 struct uio local_aio; 828 struct mount *mp = vp->v_mount; 829 struct ufsmount *ump = VFSTOUFS(mp); 830 struct inode *ip = VTOI(vp); 831 off_t base_offset; 832 size_t len, old_len; 833 int error = 0; 834 835 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 836 return (EOPNOTSUPP); 837 838 if (strlen(name) == 0) { 839 /* XXX retrieve attribute lists. */ 840 /* XXX should probably be checking for name == NULL? */ 841 return (EINVAL); 842 } 843 844 error = extattr_check_cred(vp, attrnamespace, cred, td, IREAD); 845 if (error) 846 return (error); 847 848 attribute = ufs_extattr_find_attr(ump, attrnamespace, name); 849 if (!attribute) 850 return (ENOATTR); 851 852 /* 853 * Allow only offsets of zero to encourage the read/replace 854 * extended attribute semantic. Otherwise we can't guarantee 855 * atomicity, as we don't provide locks for extended attributes. 856 */ 857 if (uio != NULL && uio->uio_offset != 0) 858 return (ENXIO); 859 860 /* 861 * Find base offset of header in file based on file header size, and 862 * data header size + maximum data size, indexed by inode number. 863 */ 864 base_offset = sizeof(struct ufs_extattr_fileheader) + 865 ip->i_number * (sizeof(struct ufs_extattr_header) + 866 attribute->uele_fileheader.uef_size); 867 868 /* 869 * Read in the data header to see if the data is defined, and if so 870 * how much. 871 */ 872 bzero(&ueh, sizeof(struct ufs_extattr_header)); 873 local_aiov.iov_base = (caddr_t) &ueh; 874 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 875 local_aio.uio_iov = &local_aiov; 876 local_aio.uio_iovcnt = 1; 877 local_aio.uio_rw = UIO_READ; 878 local_aio.uio_segflg = UIO_SYSSPACE; 879 local_aio.uio_td = td; 880 local_aio.uio_offset = base_offset; 881 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 882 883 /* 884 * Acquire locks. 885 */ 886 VOP_LEASE(attribute->uele_backing_vnode, td, cred, LEASE_READ); 887 /* 888 * Don't need to get a lock on the backing file if the getattr is 889 * being applied to the backing file, as the lock is already held. 890 */ 891 if (attribute->uele_backing_vnode != vp) 892 vn_lock(attribute->uele_backing_vnode, LK_SHARED | 893 LK_NOPAUSE | LK_RETRY, td); 894 895 error = VOP_READ(attribute->uele_backing_vnode, &local_aio, 896 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 897 if (error) 898 goto vopunlock_exit; 899 900 /* Defined? */ 901 if ((ueh.ueh_flags & UFS_EXTATTR_ATTR_FLAG_INUSE) == 0) { 902 error = ENOATTR; 903 goto vopunlock_exit; 904 } 905 906 /* Valid for the current inode generation? */ 907 if (ueh.ueh_i_gen != ip->i_gen) { 908 /* 909 * The inode itself has a different generation number 910 * than the attribute data. For now, the best solution 911 * is to coerce this to undefined, and let it get cleaned 912 * up by the next write or extattrctl clean. 913 */ 914 printf("ufs_extattr_get (%s): inode number inconsistency (%d, %lld)\n", 915 mp->mnt_stat.f_mntonname, ueh.ueh_i_gen, ip->i_gen); 916 error = ENOATTR; 917 goto vopunlock_exit; 918 } 919 920 /* Local size consistency check. */ 921 if (ueh.ueh_len > attribute->uele_fileheader.uef_size) { 922 error = ENXIO; 923 goto vopunlock_exit; 924 } 925 926 /* Return full data size if caller requested it. */ 927 if (size != NULL) 928 *size = ueh.ueh_len; 929 930 /* Return data if the caller requested it. */ 931 if (uio != NULL) { 932 /* Allow for offset into the attribute data. */ 933 uio->uio_offset = base_offset + sizeof(struct 934 ufs_extattr_header); 935 936 /* 937 * Figure out maximum to transfer -- use buffer size and 938 * local data limit. 939 */ 940 len = MIN(uio->uio_resid, ueh.ueh_len); 941 old_len = uio->uio_resid; 942 uio->uio_resid = len; 943 944 error = VOP_READ(attribute->uele_backing_vnode, uio, 945 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 946 if (error) 947 goto vopunlock_exit; 948 949 uio->uio_resid = old_len - (len - uio->uio_resid); 950 } 951 952vopunlock_exit: 953 954 if (uio != NULL) 955 uio->uio_offset = 0; 956 957 if (attribute->uele_backing_vnode != vp) 958 VOP_UNLOCK(attribute->uele_backing_vnode, 0, td); 959 960 return (error); 961} 962 963/* 964 * Vnode operation to set a named attribute. 965 */ 966int 967ufs_setextattr(struct vop_setextattr_args *ap) 968/* 969vop_setextattr { 970 IN struct vnode *a_vp; 971 IN int a_attrnamespace; 972 IN const char *a_name; 973 INOUT struct uio *a_uio; 974 IN struct ucred *a_cred; 975 IN struct thread *a_td; 976}; 977*/ 978{ 979 struct mount *mp = ap->a_vp->v_mount; 980 struct ufsmount *ump = VFSTOUFS(mp); 981 982 int error; 983 984 ufs_extattr_uepm_lock(ump, ap->a_td); 985 986 if (ap->a_uio != NULL) 987 error = ufs_extattr_set(ap->a_vp, ap->a_attrnamespace, 988 ap->a_name, ap->a_uio, ap->a_cred, ap->a_td); 989 else 990 error = ufs_extattr_rm(ap->a_vp, ap->a_attrnamespace, 991 ap->a_name, ap->a_cred, ap->a_td); 992 993 ufs_extattr_uepm_unlock(ump, ap->a_td); 994 995 return (error); 996} 997 998/* 999 * Real work associated with setting a vnode's extended attributes; 1000 * assumes that the attribute lock has already been grabbed. 1001 */ 1002static int 1003ufs_extattr_set(struct vnode *vp, int attrnamespace, const char *name, 1004 struct uio *uio, struct ucred *cred, struct thread *td) 1005{ 1006 struct ufs_extattr_list_entry *attribute; 1007 struct ufs_extattr_header ueh; 1008 struct iovec local_aiov; 1009 struct uio local_aio; 1010 struct mount *mp = vp->v_mount; 1011 struct ufsmount *ump = VFSTOUFS(mp); 1012 struct inode *ip = VTOI(vp); 1013 off_t base_offset; 1014 int error = 0, ioflag; 1015 1016 if (vp->v_mount->mnt_flag & MNT_RDONLY) 1017 return (EROFS); 1018 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 1019 return (EOPNOTSUPP); 1020 if (!ufs_extattr_valid_attrname(attrnamespace, name)) 1021 return (EINVAL); 1022 1023 error = extattr_check_cred(vp, attrnamespace, cred, td, IWRITE); 1024 if (error) 1025 return (error); 1026 1027 attribute = ufs_extattr_find_attr(ump, attrnamespace, name); 1028 if (!attribute) 1029 return (ENOATTR); 1030 1031 /* 1032 * Early rejection of invalid offsets/length. 1033 * Reject: any offset but 0 (replace) 1034 * Any size greater than attribute size limit 1035 */ 1036 if (uio->uio_offset != 0 || 1037 uio->uio_resid > attribute->uele_fileheader.uef_size) 1038 return (ENXIO); 1039 1040 /* 1041 * Find base offset of header in file based on file header size, and 1042 * data header size + maximum data size, indexed by inode number. 1043 */ 1044 base_offset = sizeof(struct ufs_extattr_fileheader) + 1045 ip->i_number * (sizeof(struct ufs_extattr_header) + 1046 attribute->uele_fileheader.uef_size); 1047 1048 /* 1049 * Write out a data header for the data. 1050 */ 1051 ueh.ueh_len = uio->uio_resid; 1052 ueh.ueh_flags = UFS_EXTATTR_ATTR_FLAG_INUSE; 1053 ueh.ueh_i_gen = ip->i_gen; 1054 local_aiov.iov_base = (caddr_t) &ueh; 1055 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 1056 local_aio.uio_iov = &local_aiov; 1057 local_aio.uio_iovcnt = 1; 1058 local_aio.uio_rw = UIO_WRITE; 1059 local_aio.uio_segflg = UIO_SYSSPACE; 1060 local_aio.uio_td = td; 1061 local_aio.uio_offset = base_offset; 1062 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 1063 1064 /* 1065 * Acquire locks. 1066 */ 1067 VOP_LEASE(attribute->uele_backing_vnode, td, cred, LEASE_WRITE); 1068 1069 /* 1070 * Don't need to get a lock on the backing file if the setattr is 1071 * being applied to the backing file, as the lock is already held. 1072 */ 1073 if (attribute->uele_backing_vnode != vp) 1074 vn_lock(attribute->uele_backing_vnode, 1075 LK_EXCLUSIVE | LK_NOPAUSE | LK_RETRY, td); 1076 1077 ioflag = IO_NODELOCKED; 1078 if (ufs_extattr_sync) 1079 ioflag |= IO_SYNC; 1080 error = VOP_WRITE(attribute->uele_backing_vnode, &local_aio, ioflag, 1081 ump->um_extattr.uepm_ucred); 1082 if (error) 1083 goto vopunlock_exit; 1084 1085 if (local_aio.uio_resid != 0) { 1086 error = ENXIO; 1087 goto vopunlock_exit; 1088 } 1089 1090 /* 1091 * Write out user data. 1092 */ 1093 uio->uio_offset = base_offset + sizeof(struct ufs_extattr_header); 1094 1095 ioflag = IO_NODELOCKED; 1096 if (ufs_extattr_sync) 1097 ioflag |= IO_SYNC; 1098 error = VOP_WRITE(attribute->uele_backing_vnode, uio, ioflag, 1099 ump->um_extattr.uepm_ucred); 1100 1101vopunlock_exit: 1102 uio->uio_offset = 0; 1103 1104 if (attribute->uele_backing_vnode != vp) 1105 VOP_UNLOCK(attribute->uele_backing_vnode, 0, td); 1106 1107 return (error); 1108} 1109 1110/* 1111 * Real work associated with removing an extended attribute from a vnode. 1112 * Assumes the attribute lock has already been grabbed. 1113 */ 1114static int 1115ufs_extattr_rm(struct vnode *vp, int attrnamespace, const char *name, 1116 struct ucred *cred, struct thread *td) 1117{ 1118 struct ufs_extattr_list_entry *attribute; 1119 struct ufs_extattr_header ueh; 1120 struct iovec local_aiov; 1121 struct uio local_aio; 1122 struct mount *mp = vp->v_mount; 1123 struct ufsmount *ump = VFSTOUFS(mp); 1124 struct inode *ip = VTOI(vp); 1125 off_t base_offset; 1126 int error = 0, ioflag; 1127 1128 if (vp->v_mount->mnt_flag & MNT_RDONLY) 1129 return (EROFS); 1130 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 1131 return (EOPNOTSUPP); 1132 if (!ufs_extattr_valid_attrname(attrnamespace, name)) 1133 return (EINVAL); 1134 1135 error = extattr_check_cred(vp, attrnamespace, cred, td, IWRITE); 1136 if (error) 1137 return (error); 1138 1139 attribute = ufs_extattr_find_attr(ump, attrnamespace, name); 1140 if (!attribute) 1141 return (ENOATTR); 1142 1143 /* 1144 * Find base offset of header in file based on file header size, and 1145 * data header size + maximum data size, indexed by inode number. 1146 */ 1147 base_offset = sizeof(struct ufs_extattr_fileheader) + 1148 ip->i_number * (sizeof(struct ufs_extattr_header) + 1149 attribute->uele_fileheader.uef_size); 1150 1151 /* 1152 * Check to see if currently defined. 1153 */ 1154 bzero(&ueh, sizeof(struct ufs_extattr_header)); 1155 1156 local_aiov.iov_base = (caddr_t) &ueh; 1157 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 1158 local_aio.uio_iov = &local_aiov; 1159 local_aio.uio_iovcnt = 1; 1160 local_aio.uio_rw = UIO_READ; 1161 local_aio.uio_segflg = UIO_SYSSPACE; 1162 local_aio.uio_td = td; 1163 local_aio.uio_offset = base_offset; 1164 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 1165 1166 VOP_LEASE(attribute->uele_backing_vnode, td, cred, LEASE_WRITE); 1167 1168 /* 1169 * Don't need to get the lock on the backing vnode if the vnode we're 1170 * modifying is it, as we already hold the lock. 1171 */ 1172 if (attribute->uele_backing_vnode != vp) 1173 vn_lock(attribute->uele_backing_vnode, 1174 LK_EXCLUSIVE | LK_NOPAUSE | LK_RETRY, td); 1175 1176 error = VOP_READ(attribute->uele_backing_vnode, &local_aio, 1177 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 1178 if (error) 1179 goto vopunlock_exit; 1180 1181 /* Defined? */ 1182 if ((ueh.ueh_flags & UFS_EXTATTR_ATTR_FLAG_INUSE) == 0) { 1183 error = ENOATTR; 1184 goto vopunlock_exit; 1185 } 1186 1187 /* Valid for the current inode generation? */ 1188 if (ueh.ueh_i_gen != ip->i_gen) { 1189 /* 1190 * The inode itself has a different generation number than 1191 * the attribute data. For now, the best solution is to 1192 * coerce this to undefined, and let it get cleaned up by 1193 * the next write or extattrctl clean. 1194 */ 1195 printf("ufs_extattr_rm (%s): inode number inconsistency (%d, %lld)\n", 1196 mp->mnt_stat.f_mntonname, ueh.ueh_i_gen, ip->i_gen); 1197 error = ENOATTR; 1198 goto vopunlock_exit; 1199 } 1200 1201 /* Flag it as not in use. */ 1202 ueh.ueh_flags = 0; 1203 ueh.ueh_len = 0; 1204 1205 local_aiov.iov_base = (caddr_t) &ueh; 1206 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 1207 local_aio.uio_iov = &local_aiov; 1208 local_aio.uio_iovcnt = 1; 1209 local_aio.uio_rw = UIO_WRITE; 1210 local_aio.uio_segflg = UIO_SYSSPACE; 1211 local_aio.uio_td = td; 1212 local_aio.uio_offset = base_offset; 1213 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 1214 1215 ioflag = IO_NODELOCKED; 1216 if (ufs_extattr_sync) 1217 ioflag |= IO_SYNC; 1218 error = VOP_WRITE(attribute->uele_backing_vnode, &local_aio, ioflag, 1219 ump->um_extattr.uepm_ucred); 1220 if (error) 1221 goto vopunlock_exit; 1222 1223 if (local_aio.uio_resid != 0) 1224 error = ENXIO; 1225 1226vopunlock_exit: 1227 VOP_UNLOCK(attribute->uele_backing_vnode, 0, td); 1228 1229 return (error); 1230} 1231 1232/* 1233 * Called by UFS when an inode is no longer active and should have its 1234 * attributes stripped. 1235 */ 1236void 1237ufs_extattr_vnode_inactive(struct vnode *vp, struct thread *td) 1238{ 1239 struct ufs_extattr_list_entry *uele; 1240 struct mount *mp = vp->v_mount; 1241 struct ufsmount *ump = VFSTOUFS(mp); 1242 1243 /* 1244 * In that case, we cannot lock. We should not have any active vnodes 1245 * on the fs if this is not yet initialized but is going to be, so 1246 * this can go unlocked. 1247 */ 1248 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_INITIALIZED)) 1249 return; 1250 1251 ufs_extattr_uepm_lock(ump, td); 1252 1253 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) { 1254 ufs_extattr_uepm_unlock(ump, td); 1255 return; 1256 } 1257 1258 LIST_FOREACH(uele, &ump->um_extattr.uepm_list, uele_entries) 1259 ufs_extattr_rm(vp, uele->uele_attrnamespace, 1260 uele->uele_attrname, NULL, td); 1261 1262 ufs_extattr_uepm_unlock(ump, td); 1263} 1264 1265#endif /* !UFS_EXTATTR */ 1266