ufs_extattr.c revision 75858
1/*- 2 * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: head/sys/ufs/ufs/ufs_extattr.c 75858 2001-04-23 09:05:15Z grog $ 27 */ 28/* 29 * TrustedBSD Project - extended attribute support for UFS-like file systems 30 */ 31 32#include <sys/param.h> 33#include <sys/systm.h> 34#include <sys/kernel.h> 35#include <sys/namei.h> 36#include <sys/malloc.h> 37#include <sys/fcntl.h> 38#include <sys/proc.h> 39#include <sys/vnode.h> 40#include <net/radix.h> 41#include <sys/socket.h> 42#include <sys/mount.h> 43#include <sys/lock.h> 44#include <sys/dirent.h> 45#include <sys/extattr.h> 46#include <sys/sysctl.h> 47 48#include <vm/vm_zone.h> 49 50#include <ufs/ufs/dir.h> 51#include <ufs/ufs/extattr.h> 52#include <ufs/ufs/quota.h> 53#include <ufs/ufs/ufsmount.h> 54#include <ufs/ufs/inode.h> 55#include <ufs/ufs/ufs_extern.h> 56 57#include "opt_ufs.h" 58 59#ifdef UFS_EXTATTR 60 61#define MIN(a,b) (((a)<(b))?(a):(b)) 62 63static MALLOC_DEFINE(M_UFS_EXTATTR, "ufs_extattr", "ufs extended attribute"); 64 65static int ufs_extattr_sync = 0; 66SYSCTL_INT(_debug, OID_AUTO, ufs_extattr_sync, CTLFLAG_RW, &ufs_extattr_sync, 67 0, ""); 68 69static int ufs_extattr_valid_attrname(const char *attrname); 70static int ufs_extattr_credcheck(struct vnode *vp, 71 struct ufs_extattr_list_entry *uele, struct ucred *cred, struct proc *p, 72 int access); 73static int ufs_extattr_enable_with_open(struct ufsmount *ump, 74 struct vnode *vp, int attrnamespace, const char *attrname, struct proc *p); 75static int ufs_extattr_enable(struct ufsmount *ump, int attrnamespace, 76 const char *attrname, struct vnode *backing_vnode, struct proc *p); 77static int ufs_extattr_disable(struct ufsmount *ump, int attrnamespace, 78 const char *attrname, struct proc *p); 79static int ufs_extattr_get(struct vnode *vp, int attrnamespace, 80 const char *name, struct uio *uio, struct ucred *cred, struct proc *p); 81static int ufs_extattr_set(struct vnode *vp, int attrnamespace, 82 const char *name, struct uio *uio, struct ucred *cred, struct proc *p); 83static int ufs_extattr_rm(struct vnode *vp, int attrnamespace, 84 const char *name, struct ucred *cred, struct proc *p); 85 86/* 87 * Per-FS attribute lock protecting attribute operations. 88 * XXX Right now there is a lot of lock contention due to having a single 89 * lock per-FS; really, this should be far more fine-grained. 90 */ 91static void 92ufs_extattr_uepm_lock(struct ufsmount *ump, struct proc *p) 93{ 94 95 /* Ideally, LK_CANRECURSE would not be used, here. */ 96 lockmgr(&ump->um_extattr.uepm_lock, LK_EXCLUSIVE | LK_RETRY | 97 LK_CANRECURSE, 0, p); 98} 99 100static void 101ufs_extattr_uepm_unlock(struct ufsmount *ump, struct proc *p) 102{ 103 104 lockmgr(&ump->um_extattr.uepm_lock, LK_RELEASE, 0, p); 105} 106 107/* 108 * Determine whether the name passed is a valid name for an actual 109 * attribute. 110 * 111 * Invalid currently consists of: 112 * NULL pointer for attrname 113 * zero-length attrname (used to retrieve application attribute list) 114 * attrname consisting of "$" (used to treive system attribute list) 115 */ 116static int 117ufs_extattr_valid_attrname(const char *attrname) 118{ 119 120 if (attrname == NULL) 121 return (0); 122 if (strlen(attrname) == 0) 123 return (0); 124 if (strlen(attrname) == 1 && attrname[0] == '$') 125 return (0); 126 return (1); 127} 128 129/* 130 * Locate an attribute given a name and mountpoint. 131 * Must be holding uepm lock for the mount point. 132 */ 133static struct ufs_extattr_list_entry * 134ufs_extattr_find_attr(struct ufsmount *ump, int attrnamespace, 135 const char *attrname) 136{ 137 struct ufs_extattr_list_entry *search_attribute; 138 139 for (search_attribute = LIST_FIRST(&ump->um_extattr.uepm_list); 140 search_attribute; 141 search_attribute = LIST_NEXT(search_attribute, uele_entries)) { 142 if (!(strncmp(attrname, search_attribute->uele_attrname, 143 UFS_EXTATTR_MAXEXTATTRNAME)) && 144 (attrnamespace == search_attribute->uele_attrnamespace)) { 145 return (search_attribute); 146 } 147 } 148 149 return (0); 150} 151 152/* 153 * Initialize per-FS structures supporting extended attributes. Do not 154 * start extended attributes yet. 155 */ 156void 157ufs_extattr_uepm_init(struct ufs_extattr_per_mount *uepm) 158{ 159 160 uepm->uepm_flags = 0; 161 162 LIST_INIT(&uepm->uepm_list); 163 /* XXX is PVFS right, here? */ 164 lockinit(&uepm->uepm_lock, PVFS, "extattr", 0, 0); 165 uepm->uepm_flags |= UFS_EXTATTR_UEPM_INITIALIZED; 166} 167 168/* 169 * Destroy per-FS structures supporting extended attributes. Assumes 170 * that EAs have already been stopped, and will panic if not. 171 */ 172void 173ufs_extattr_uepm_destroy(struct ufs_extattr_per_mount *uepm) 174{ 175 176 if (!(uepm->uepm_flags & UFS_EXTATTR_UEPM_INITIALIZED)) 177 panic("ufs_extattr_uepm_destroy: not initialized"); 178 179 if ((uepm->uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 180 panic("ufs_extattr_uepm_destroy: called while still started"); 181 182 /* 183 * XXX: It's not clear that either order for the next two lines is 184 * ideal, and it should never be a problem if this is only called 185 * during unmount, and with vfs_busy(). 186 */ 187 uepm->uepm_flags &= ~UFS_EXTATTR_UEPM_INITIALIZED; 188 lockdestroy(&uepm->uepm_lock); 189} 190 191/* 192 * Start extended attribute support on an FS. 193 */ 194int 195ufs_extattr_start(struct mount *mp, struct proc *p) 196{ 197 struct ufsmount *ump; 198 int error = 0; 199 200 ump = VFSTOUFS(mp); 201 202 ufs_extattr_uepm_lock(ump, p); 203 204 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_INITIALIZED)) { 205 error = EOPNOTSUPP; 206 goto unlock; 207 } 208 if (ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED) { 209 error = EBUSY; 210 goto unlock; 211 } 212 213 ump->um_extattr.uepm_flags |= UFS_EXTATTR_UEPM_STARTED; 214 215 crhold(p->p_ucred); 216 ump->um_extattr.uepm_ucred = p->p_ucred; 217 218unlock: 219 ufs_extattr_uepm_unlock(ump, p); 220 221 return (error); 222} 223 224#ifdef UFS_EXTATTR_AUTOSTART 225/* 226 * Helper routine: given a locked parent directory and filename, return 227 * the locked vnode of the inode associated with the name. Will not 228 * follow symlinks, may return any type of vnode. Lock on parent will 229 * be released even in the event of a failure. In the event that the 230 * target is the parent (i.e., "."), there will be two references and 231 * one lock, requiring the caller to possibly special-case. 232 */ 233#define UE_GETDIR_LOCKPARENT 1 234#define UE_GETDIR_LOCKPARENT_DONT 2 235static int 236ufs_extattr_lookup(struct vnode *start_dvp, int lockparent, char *dirname, 237 struct vnode **vp, struct proc *p) 238{ 239 struct vop_cachedlookup_args vargs; 240 struct componentname cnp; 241 struct vnode *target_vp; 242 int error; 243 244 bzero(&cnp, sizeof(cnp)); 245 cnp.cn_nameiop = LOOKUP; 246 cnp.cn_flags = ISLASTCN; 247 if (lockparent == UE_GETDIR_LOCKPARENT) 248 cnp.cn_flags |= LOCKPARENT; 249 cnp.cn_proc = p; 250 cnp.cn_cred = p->p_ucred; 251 cnp.cn_pnbuf = zalloc(namei_zone); 252 cnp.cn_nameptr = cnp.cn_pnbuf; 253 error = copystr(dirname, cnp.cn_pnbuf, MAXPATHLEN, 254 (size_t *) &cnp.cn_namelen); 255 if (error) { 256 if (lockparent == UE_GETDIR_LOCKPARENT_DONT) { 257 VOP_UNLOCK(start_dvp, 0, p); 258 } 259 zfree(namei_zone, cnp.cn_pnbuf); 260 printf("ufs_extattr_lookup: copystr failed\n"); 261 return (error); 262 } 263 cnp.cn_namelen--; /* trim nul termination */ 264 vargs.a_desc = NULL; 265 vargs.a_dvp = start_dvp; 266 vargs.a_vpp = &target_vp; 267 vargs.a_cnp = &cnp; 268 error = ufs_lookup(&vargs); 269 zfree(namei_zone, cnp.cn_pnbuf); 270 if (error) { 271 /* 272 * Error condition, may have to release the lock on the parent 273 * if ufs_lookup() didn't. 274 */ 275 if (!(cnp.cn_flags & PDIRUNLOCK) && 276 (lockparent == UE_GETDIR_LOCKPARENT_DONT)) 277 VOP_UNLOCK(start_dvp, 0, p); 278 279 /* 280 * Check that ufs_lookup() didn't release the lock when we 281 * didn't want it to. 282 */ 283 if ((cnp.cn_flags & PDIRUNLOCK) && 284 (lockparent == UE_GETDIR_LOCKPARENT)) 285 panic("ufs_extattr_lookup: lockparent but PDIRUNLOCK"); 286 287 return (error); 288 } 289/* 290 if (target_vp == start_dvp) 291 panic("ufs_extattr_lookup: target_vp == start_dvp"); 292*/ 293 294 if (target_vp != start_dvp && 295 !(cnp.cn_flags & PDIRUNLOCK) && 296 (lockparent == UE_GETDIR_LOCKPARENT_DONT)) 297 panic("ufs_extattr_lookup: !lockparent but !PDIRUNLOCK"); 298 299 if ((cnp.cn_flags & PDIRUNLOCK) && 300 (lockparent == UE_GETDIR_LOCKPARENT)) 301 panic("ufs_extattr_lookup: lockparent but PDIRUNLOCK"); 302 303 /* printf("ufs_extattr_lookup: success\n"); */ 304 *vp = target_vp; 305 return (0); 306} 307#endif /* !UFS_EXTATTR_AUTOSTART */ 308 309/* 310 * Enable an EA using the passed file system, backing vnode, attribute name, 311 * namespace, and proc. Will perform a VOP_OPEN() on the vp, so expects vp 312 * to be locked when passed in. Will unlock vp, and grab its own reference, 313 * so the caller needs to vrele(), just not vput(). The unlock the vnode 314 * regardless of call success or failure. 315 */ 316static int 317ufs_extattr_enable_with_open(struct ufsmount *ump, struct vnode *vp, 318 int attrnamespace, const char *attrname, struct proc *p) 319{ 320 int error; 321 322 error = VOP_OPEN(vp, FREAD|FWRITE, p->p_ucred, p); 323 if (error) { 324 printf("ufs_extattr_enable_with_open.VOP_OPEN(): failed " 325 "with %d\n", error); 326 VOP_UNLOCK(vp, 0, p); 327 return (error); 328 } 329 330 /* 331 * XXX: Note, should VOP_CLOSE() if vfs_object_create() fails, but due 332 * to a similar piece of code in vn_open(), we don't. 333 */ 334 if (vn_canvmio(vp) == TRUE) 335 if ((error = vfs_object_create(vp, p, p->p_ucred)) != 0) { 336 /* 337 * XXX: bug replicated from vn_open(): should 338 * VOP_CLOSE() here. 339 */ 340 VOP_UNLOCK(vp, 0, p); 341 return (error); 342 } 343 344 vp->v_writecount++; 345 346 vref(vp); 347 348 VOP_UNLOCK(vp, 0, p); 349 350 return (ufs_extattr_enable(ump, attrnamespace, attrname, vp, p)); 351} 352 353#ifdef UFS_EXTATTR_AUTOSTART 354/* 355 * Given a locked directory vnode, iterate over the names in the directory 356 * and use ufs_extattr_lookup() to retrieve locked vnodes of potential 357 * attribute files. Then invoke ufs_extattr_enable_with_open() on each 358 * to attempt to start the attribute. Leaves the directory locked on 359 * exit. 360 */ 361static int 362ufs_extattr_iterate_directory(struct ufsmount *ump, struct vnode *dvp, 363 int attrnamespace, struct proc *p) 364{ 365 struct vop_readdir_args vargs; 366 struct dirent *dp, *edp; 367 struct vnode *attr_vp; 368 struct uio auio; 369 struct iovec aiov; 370 char *dirbuf; 371 int error, eofflag = 0; 372 373 if (dvp->v_type != VDIR) 374 return (ENOTDIR); 375 376 MALLOC(dirbuf, char *, DIRBLKSIZ, M_TEMP, M_WAITOK); 377 378 auio.uio_iov = &aiov; 379 auio.uio_iovcnt = 1; 380 auio.uio_rw = UIO_READ; 381 auio.uio_segflg = UIO_SYSSPACE; 382 auio.uio_procp = p; 383 auio.uio_offset = 0; 384 385 vargs.a_desc = NULL; 386 vargs.a_vp = dvp; 387 vargs.a_uio = &auio; 388 vargs.a_cred = p->p_ucred; 389 vargs.a_eofflag = &eofflag; 390 vargs.a_ncookies = NULL; 391 vargs.a_cookies = NULL; 392 393 while (!eofflag) { 394 auio.uio_resid = DIRBLKSIZ; 395 aiov.iov_base = dirbuf; 396 aiov.iov_len = DIRBLKSIZ; 397 error = ufs_readdir(&vargs); 398 if (error) { 399 printf("ufs_extattr_iterate_directory: ufs_readdir " 400 "%d\n", error); 401 return (error); 402 } 403 404 edp = (struct dirent *)&dirbuf[DIRBLKSIZ]; 405 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 406#if (BYTE_ORDER == LITTLE_ENDIAN) 407 dp->d_type = dp->d_namlen; 408 dp->d_namlen = 0; 409#else 410 dp->d_type = 0; 411#endif 412 if (dp->d_reclen == 0) 413 break; 414 error = ufs_extattr_lookup(dvp, UE_GETDIR_LOCKPARENT, 415 dp->d_name, &attr_vp, p); 416 if (error) { 417 printf("ufs_extattr_iterate_directory: lookup " 418 "%s %d\n", dp->d_name, error); 419 } else if (attr_vp == dvp) { 420 vrele(attr_vp); 421 } else if (attr_vp->v_type != VREG) { 422/* 423 * Eventually, this will be uncommented, but in the mean time, the ".." 424 * entry causes unnecessary console warnings. 425 printf("ufs_extattr_iterate_directory: " 426 "%s not VREG\n", dp->d_name); 427*/ 428 vput(attr_vp); 429 } else { 430 error = ufs_extattr_enable_with_open(ump, 431 attr_vp, attrnamespace, dp->d_name, p); 432 vrele(attr_vp); 433 if (error) { 434 printf("ufs_extattr_iterate_directory: " 435 "enable %s %d\n", dp->d_name, 436 error); 437 } else { 438/* 439 * While it's nice to have some visual output here, skip for the time-being. 440 * Probably should be enabled by -v at boot. 441 printf("Autostarted %s\n", dp->d_name); 442 */ 443 } 444 } 445 dp = (struct dirent *) ((char *)dp + dp->d_reclen); 446 if (dp >= edp) 447 break; 448 } 449 } 450 FREE(dirbuf, M_TEMP); 451 452 return (0); 453} 454 455/* 456 * Auto-start of extended attributes, to be executed (optionally) at 457 * mount-time. 458 */ 459int 460ufs_extattr_autostart(struct mount *mp, struct proc *p) 461{ 462 struct vnode *rvp, *attr_dvp, *attr_system_dvp, *attr_user_dvp; 463 int error; 464 465 /* 466 * Does UFS_EXTATTR_FSROOTSUBDIR exist off the file system root? 467 * If so, automatically start EA's. 468 */ 469 error = VFS_ROOT(mp, &rvp); 470 if (error) { 471 printf("ufs_extattr_autostart.VFS_ROOT() returned %d\n", error); 472 return (error); 473 } 474 475 error = ufs_extattr_lookup(rvp, UE_GETDIR_LOCKPARENT_DONT, 476 UFS_EXTATTR_FSROOTSUBDIR, &attr_dvp, p); 477 if (error) { 478 /* rvp ref'd but now unlocked */ 479 vrele(rvp); 480 return (error); 481 } 482 if (rvp == attr_dvp) { 483 /* Should never happen. */ 484 vrele(attr_dvp); 485 vput(rvp); 486 return (EINVAL); 487 } 488 vrele(rvp); 489 490 if (attr_dvp->v_type != VDIR) { 491 printf("ufs_extattr_autostart: %s != VDIR\n", 492 UFS_EXTATTR_FSROOTSUBDIR); 493 goto return_vput_attr_dvp; 494 } 495 496 error = ufs_extattr_start(mp, p); 497 if (error) { 498 printf("ufs_extattr_autostart: ufs_extattr_start failed (%d)\n", 499 error); 500 goto return_vput_attr_dvp; 501 } 502 503 /* 504 * Look for two subdirectories: UFS_EXTATTR_SUBDIR_SYSTEM, 505 * UFS_EXTATTR_SUBDIR_USER. For each, iterate over the sub-directory, 506 * and start with appropriate type. Failures in either don't 507 * result in an over-all failure. attr_dvp is left locked to 508 * be cleaned up on exit. 509 */ 510 error = ufs_extattr_lookup(attr_dvp, UE_GETDIR_LOCKPARENT, 511 UFS_EXTATTR_SUBDIR_SYSTEM, &attr_system_dvp, p); 512 if (!error) { 513 error = ufs_extattr_iterate_directory(VFSTOUFS(mp), 514 attr_system_dvp, EXTATTR_NAMESPACE_SYSTEM, p); 515 if (error) 516 printf("ufs_extattr_iterate_directory returned %d\n", 517 error); 518 vput(attr_system_dvp); 519 } 520 521 error = ufs_extattr_lookup(attr_dvp, UE_GETDIR_LOCKPARENT, 522 UFS_EXTATTR_SUBDIR_USER, &attr_user_dvp, p); 523 if (!error) { 524 error = ufs_extattr_iterate_directory(VFSTOUFS(mp), 525 attr_user_dvp, EXTATTR_NAMESPACE_USER, p); 526 if (error) 527 printf("ufs_extattr_iterate_directory returned %d\n", 528 error); 529 vput(attr_user_dvp); 530 } 531 532 /* Mask startup failures in sub-directories. */ 533 error = 0; 534 535return_vput_attr_dvp: 536 vput(attr_dvp); 537 538 return (error); 539} 540#endif /* !UFS_EXTATTR_AUTOSTART */ 541 542/* 543 * Stop extended attribute support on an FS. 544 */ 545int 546ufs_extattr_stop(struct mount *mp, struct proc *p) 547{ 548 struct ufs_extattr_list_entry *uele; 549 struct ufsmount *ump = VFSTOUFS(mp); 550 int error = 0; 551 552 ufs_extattr_uepm_lock(ump, p); 553 554 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) { 555 error = EOPNOTSUPP; 556 goto unlock; 557 } 558 559 while (LIST_FIRST(&ump->um_extattr.uepm_list) != NULL) { 560 uele = LIST_FIRST(&ump->um_extattr.uepm_list); 561 ufs_extattr_disable(ump, uele->uele_attrnamespace, 562 uele->uele_attrname, p); 563 } 564 565 ump->um_extattr.uepm_flags &= ~UFS_EXTATTR_UEPM_STARTED; 566 567 crfree(ump->um_extattr.uepm_ucred); 568 ump->um_extattr.uepm_ucred = NULL; 569 570unlock: 571 ufs_extattr_uepm_unlock(ump, p); 572 573 return (error); 574} 575 576/* 577 * Enable a named attribute on the specified file system; provide an 578 * unlocked backing vnode to hold the attribute data. 579 */ 580static int 581ufs_extattr_enable(struct ufsmount *ump, int attrnamespace, 582 const char *attrname, struct vnode *backing_vnode, struct proc *p) 583{ 584 struct ufs_extattr_list_entry *attribute; 585 struct iovec aiov; 586 struct uio auio; 587 int error = 0; 588 589 if (!ufs_extattr_valid_attrname(attrname)) 590 return (EINVAL); 591 if (backing_vnode->v_type != VREG) 592 return (EINVAL); 593 594 MALLOC(attribute, struct ufs_extattr_list_entry *, 595 sizeof(struct ufs_extattr_list_entry), M_UFS_EXTATTR, M_WAITOK); 596 if (attribute == NULL) 597 return (ENOMEM); 598 599 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) { 600 error = EOPNOTSUPP; 601 goto free_exit; 602 } 603 604 if (ufs_extattr_find_attr(ump, attrnamespace, attrname)) { 605 error = EEXIST; 606 goto free_exit; 607 } 608 609 strncpy(attribute->uele_attrname, attrname, UFS_EXTATTR_MAXEXTATTRNAME); 610 attribute->uele_attrnamespace = attrnamespace; 611 bzero(&attribute->uele_fileheader, 612 sizeof(struct ufs_extattr_fileheader)); 613 614 attribute->uele_backing_vnode = backing_vnode; 615 616 auio.uio_iov = &aiov; 617 auio.uio_iovcnt = 1; 618 aiov.iov_base = (caddr_t) &attribute->uele_fileheader; 619 aiov.iov_len = sizeof(struct ufs_extattr_fileheader); 620 auio.uio_resid = sizeof(struct ufs_extattr_fileheader); 621 auio.uio_offset = (off_t) 0; 622 auio.uio_segflg = UIO_SYSSPACE; 623 auio.uio_rw = UIO_READ; 624 auio.uio_procp = (struct proc *) p; 625 626 VOP_LEASE(backing_vnode, p, p->p_cred->pc_ucred, LEASE_WRITE); 627 vn_lock(backing_vnode, LK_SHARED | LK_NOPAUSE | LK_RETRY, p); 628 error = VOP_READ(backing_vnode, &auio, IO_NODELOCKED, 629 ump->um_extattr.uepm_ucred); 630 VOP_UNLOCK(backing_vnode, 0, p); 631 632 if (error) 633 goto free_exit; 634 635 if (auio.uio_resid != 0) { 636 printf("ufs_extattr_enable: malformed attribute header\n"); 637 error = EINVAL; 638 goto free_exit; 639 } 640 641 if (attribute->uele_fileheader.uef_magic != UFS_EXTATTR_MAGIC) { 642 printf("ufs_extattr_enable: invalid attribute header magic\n"); 643 error = EINVAL; 644 goto free_exit; 645 } 646 647 if (attribute->uele_fileheader.uef_version != UFS_EXTATTR_VERSION) { 648 printf("ufs_extattr_enable: incorrect attribute header " 649 "version\n"); 650 error = EINVAL; 651 goto free_exit; 652 } 653 654 backing_vnode->v_flag |= VSYSTEM; 655 LIST_INSERT_HEAD(&ump->um_extattr.uepm_list, attribute, uele_entries); 656 657 return (0); 658 659free_exit: 660 FREE(attribute, M_UFS_EXTATTR); 661 return (error); 662} 663 664/* 665 * Disable extended attribute support on an FS. 666 */ 667static int 668ufs_extattr_disable(struct ufsmount *ump, int attrnamespace, 669 const char *attrname, struct proc *p) 670{ 671 struct ufs_extattr_list_entry *uele; 672 int error = 0; 673 674 if (!ufs_extattr_valid_attrname(attrname)) 675 return (EINVAL); 676 677 uele = ufs_extattr_find_attr(ump, attrnamespace, attrname); 678 if (!uele) 679 return (ENOENT); 680 681 LIST_REMOVE(uele, uele_entries); 682 683 uele->uele_backing_vnode->v_flag &= ~VSYSTEM; 684 error = vn_close(uele->uele_backing_vnode, FREAD|FWRITE, p->p_ucred, p); 685 686 FREE(uele, M_UFS_EXTATTR); 687 688 return (error); 689} 690 691/* 692 * VFS call to manage extended attributes in UFS. If filename_vp is 693 * non-NULL, it must be passed in locked, and regardless of errors in 694 * processing, will be unlocked. 695 */ 696int 697ufs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp, 698 int attrnamespace, const char *attrname, struct proc *p) 699{ 700 struct ufsmount *ump = VFSTOUFS(mp); 701 int error; 702 703 /* 704 * Processes with privilege, but in jail, are not allowed to 705 * configure extended attributes. 706 */ 707 if ((error = suser_xxx(p->p_cred->pc_ucred, p, 0))) { 708 if (filename_vp != NULL) 709 VOP_UNLOCK(filename_vp, 0, p); 710 return (error); 711 } 712 713 switch(cmd) { 714 case UFS_EXTATTR_CMD_START: 715 if (filename_vp != NULL) { 716 VOP_UNLOCK(filename_vp, 0, p); 717 return (EINVAL); 718 } 719 if (attrname != NULL) 720 return (EINVAL); 721 722 error = ufs_extattr_start(mp, p); 723 724 return (error); 725 726 case UFS_EXTATTR_CMD_STOP: 727 if (filename_vp != NULL) { 728 VOP_UNLOCK(filename_vp, 0, p); 729 return (EINVAL); 730 } 731 if (attrname != NULL) 732 return (EINVAL); 733 734 error = ufs_extattr_stop(mp, p); 735 736 return (error); 737 738 case UFS_EXTATTR_CMD_ENABLE: 739 740 if (filename_vp == NULL) 741 return (EINVAL); 742 if (attrname == NULL) { 743 VOP_UNLOCK(filename_vp, 0, p); 744 return (EINVAL); 745 } 746 747 /* 748 * ufs_extattr_enable_with_open() will always unlock the 749 * vnode, regardless of failure. 750 */ 751 ufs_extattr_uepm_lock(ump, p); 752 error = ufs_extattr_enable_with_open(ump, filename_vp, 753 attrnamespace, attrname, p); 754 ufs_extattr_uepm_unlock(ump, p); 755 756 return (error); 757 758 case UFS_EXTATTR_CMD_DISABLE: 759 760 if (filename_vp != NULL) { 761 VOP_UNLOCK(filename_vp, 0, p); 762 return (EINVAL); 763 } 764 if (attrname == NULL) 765 return (EINVAL); 766 767 ufs_extattr_uepm_lock(ump, p); 768 error = ufs_extattr_disable(ump, attrnamespace, attrname, p); 769 ufs_extattr_uepm_unlock(ump, p); 770 771 return (error); 772 773 default: 774 return (EINVAL); 775 } 776} 777 778/* 779 * Credential check based on process requesting service, and per-attribute 780 * permissions. 781 */ 782static int 783ufs_extattr_credcheck(struct vnode *vp, struct ufs_extattr_list_entry *uele, 784 struct ucred *cred, struct proc *p, int access) 785{ 786 787 /* 788 * Kernel-invoked always succeeds. 789 */ 790 if (cred == NULL) 791 return (0); 792 793 /* 794 * Do not allow privileged processes in jail to directly 795 * manipulate system attributes. 796 * 797 * XXX What capability should apply here? 798 * Probably CAP_SYS_SETFFLAG. 799 */ 800 switch (uele->uele_attrnamespace) { 801 case EXTATTR_NAMESPACE_SYSTEM: 802 return (suser_xxx(cred, p, 0)); 803 case EXTATTR_NAMESPACE_USER: 804 return (VOP_ACCESS(vp, access, cred, p)); 805 default: 806 return (EPERM); 807 } 808} 809 810/* 811 * Vnode operating to retrieve a named extended attribute. 812 */ 813int 814ufs_vop_getextattr(struct vop_getextattr_args *ap) 815/* 816vop_getextattr { 817 IN struct vnode *a_vp; 818 IN int a_attrnamespace; 819 IN const char *a_name; 820 INOUT struct uio *a_uio; 821 IN struct ucred *a_cred; 822 IN struct proc *a_p; 823}; 824*/ 825{ 826 struct mount *mp = ap->a_vp->v_mount; 827 struct ufsmount *ump = VFSTOUFS(mp); 828 int error; 829 830 ufs_extattr_uepm_lock(ump, ap->a_p); 831 832 error = ufs_extattr_get(ap->a_vp, ap->a_attrnamespace, ap->a_name, 833 ap->a_uio, ap->a_cred, ap->a_p); 834 835 ufs_extattr_uepm_unlock(ump, ap->a_p); 836 837 return (error); 838} 839 840/* 841 * Real work associated with retrieving a named attribute--assumes that 842 * the attribute lock has already been grabbed. 843 */ 844static int 845ufs_extattr_get(struct vnode *vp, int attrnamespace, const char *name, 846 struct uio *uio, struct ucred *cred, struct proc *p) 847{ 848 struct ufs_extattr_list_entry *attribute; 849 struct ufs_extattr_header ueh; 850 struct iovec local_aiov; 851 struct uio local_aio; 852 struct mount *mp = vp->v_mount; 853 struct ufsmount *ump = VFSTOUFS(mp); 854 struct inode *ip = VTOI(vp); 855 off_t base_offset; 856 size_t size, old_size; 857 int error = 0; 858 859 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 860 return (EOPNOTSUPP); 861 862 if (strlen(name) == 0) { 863 /* XXX retrieve attribute lists. */ 864 /* XXX should probably be checking for name == NULL? */ 865 return (EINVAL); 866 } 867 868 attribute = ufs_extattr_find_attr(ump, attrnamespace, name); 869 if (!attribute) 870 return (ENOENT); 871 872 if ((error = ufs_extattr_credcheck(vp, attribute, cred, p, IREAD))) 873 return (error); 874 875 /* 876 * Allow only offsets of zero to encourage the read/replace 877 * extended attribute semantic. Otherwise we can't guarantee 878 * atomicity, as we don't provide locks for extended attributes. 879 */ 880 if (uio->uio_offset != 0) 881 return (ENXIO); 882 883 /* 884 * Find base offset of header in file based on file header size, and 885 * data header size + maximum data size, indexed by inode number. 886 */ 887 base_offset = sizeof(struct ufs_extattr_fileheader) + 888 ip->i_number * (sizeof(struct ufs_extattr_header) + 889 attribute->uele_fileheader.uef_size); 890 891 /* 892 * Read in the data header to see if the data is defined, and if so 893 * how much. 894 */ 895 bzero(&ueh, sizeof(struct ufs_extattr_header)); 896 local_aiov.iov_base = (caddr_t) &ueh; 897 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 898 local_aio.uio_iov = &local_aiov; 899 local_aio.uio_iovcnt = 1; 900 local_aio.uio_rw = UIO_READ; 901 local_aio.uio_segflg = UIO_SYSSPACE; 902 local_aio.uio_procp = p; 903 local_aio.uio_offset = base_offset; 904 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 905 906 /* 907 * Acquire locks. 908 */ 909 VOP_LEASE(attribute->uele_backing_vnode, p, cred, LEASE_READ); 910 /* 911 * Don't need to get a lock on the backing file if the getattr is 912 * being applied to the backing file, as the lock is already held. 913 */ 914 if (attribute->uele_backing_vnode != vp) 915 vn_lock(attribute->uele_backing_vnode, LK_SHARED | 916 LK_NOPAUSE | LK_RETRY, p); 917 918 error = VOP_READ(attribute->uele_backing_vnode, &local_aio, 919 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 920 if (error) 921 goto vopunlock_exit; 922 923 /* Defined? */ 924 if ((ueh.ueh_flags & UFS_EXTATTR_ATTR_FLAG_INUSE) == 0) { 925 error = ENOENT; 926 goto vopunlock_exit; 927 } 928 929 /* Valid for the current inode generation? */ 930 if (ueh.ueh_i_gen != ip->i_gen) { 931 /* 932 * The inode itself has a different generation number 933 * than the attribute data. For now, the best solution 934 * is to coerce this to undefined, and let it get cleaned 935 * up by the next write or extattrctl clean. 936 */ 937 printf("ufs_extattr_get: inode number inconsistency (%d, %d)\n", 938 ueh.ueh_i_gen, ip->i_gen); 939 error = ENOENT; 940 goto vopunlock_exit; 941 } 942 943 /* Local size consistency check. */ 944 if (ueh.ueh_len > attribute->uele_fileheader.uef_size) { 945 error = ENXIO; 946 goto vopunlock_exit; 947 } 948 949 /* Allow for offset into the attribute data. */ 950 uio->uio_offset = base_offset + sizeof(struct ufs_extattr_header); 951 952 /* 953 * Figure out maximum to transfer -- use buffer size and local data 954 * limit. 955 */ 956 size = MIN(uio->uio_resid, ueh.ueh_len); 957 old_size = uio->uio_resid; 958 uio->uio_resid = size; 959 960 error = VOP_READ(attribute->uele_backing_vnode, uio, 961 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 962 if (error) 963 goto vopunlock_exit; 964 965 uio->uio_resid = old_size - (size - uio->uio_resid); 966 967vopunlock_exit: 968 969 uio->uio_offset = 0; 970 971 if (attribute->uele_backing_vnode != vp) 972 VOP_UNLOCK(attribute->uele_backing_vnode, 0, p); 973 974 return (error); 975} 976 977/* 978 * Vnode operation to set a named attribute. 979 */ 980int 981ufs_vop_setextattr(struct vop_setextattr_args *ap) 982/* 983vop_setextattr { 984 IN struct vnode *a_vp; 985 IN int a_attrnamespace; 986 IN const char *a_name; 987 INOUT struct uio *a_uio; 988 IN struct ucred *a_cred; 989 IN struct proc *a_p; 990}; 991*/ 992{ 993 struct mount *mp = ap->a_vp->v_mount; 994 struct ufsmount *ump = VFSTOUFS(mp); 995 996 int error; 997 998 ufs_extattr_uepm_lock(ump, ap->a_p); 999 1000 if (ap->a_uio != NULL) 1001 error = ufs_extattr_set(ap->a_vp, ap->a_attrnamespace, 1002 ap->a_name, ap->a_uio, ap->a_cred, ap->a_p); 1003 else 1004 error = ufs_extattr_rm(ap->a_vp, ap->a_attrnamespace, 1005 ap->a_name, ap->a_cred, ap->a_p); 1006 1007 ufs_extattr_uepm_unlock(ump, ap->a_p); 1008 1009 return (error); 1010} 1011 1012/* 1013 * Real work associated with setting a vnode's extended attributes; 1014 * assumes that the attribute lock has already been grabbed. 1015 */ 1016static int 1017ufs_extattr_set(struct vnode *vp, int attrnamespace, const char *name, 1018 struct uio *uio, struct ucred *cred, struct proc *p) 1019{ 1020 struct ufs_extattr_list_entry *attribute; 1021 struct ufs_extattr_header ueh; 1022 struct iovec local_aiov; 1023 struct uio local_aio; 1024 struct mount *mp = vp->v_mount; 1025 struct ufsmount *ump = VFSTOUFS(mp); 1026 struct inode *ip = VTOI(vp); 1027 off_t base_offset; 1028 int error = 0, ioflag; 1029 1030 if (vp->v_mount->mnt_flag & MNT_RDONLY) 1031 return (EROFS); 1032 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 1033 return (EOPNOTSUPP); 1034 if (!ufs_extattr_valid_attrname(name)) 1035 return (EINVAL); 1036 1037 attribute = ufs_extattr_find_attr(ump, attrnamespace, name); 1038 if (!attribute) 1039 return (ENOENT); 1040 1041 if ((error = ufs_extattr_credcheck(vp, attribute, cred, p, IWRITE))) 1042 return (error); 1043 1044 /* 1045 * Early rejection of invalid offsets/length. 1046 * Reject: any offset but 0 (replace) 1047 * Any size greater than attribute size limit 1048 */ 1049 if (uio->uio_offset != 0 || 1050 uio->uio_resid > attribute->uele_fileheader.uef_size) 1051 return (ENXIO); 1052 1053 /* 1054 * Find base offset of header in file based on file header size, and 1055 * data header size + maximum data size, indexed by inode number. 1056 */ 1057 base_offset = sizeof(struct ufs_extattr_fileheader) + 1058 ip->i_number * (sizeof(struct ufs_extattr_header) + 1059 attribute->uele_fileheader.uef_size); 1060 1061 /* 1062 * Write out a data header for the data. 1063 */ 1064 ueh.ueh_len = uio->uio_resid; 1065 ueh.ueh_flags = UFS_EXTATTR_ATTR_FLAG_INUSE; 1066 ueh.ueh_i_gen = ip->i_gen; 1067 local_aiov.iov_base = (caddr_t) &ueh; 1068 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 1069 local_aio.uio_iov = &local_aiov; 1070 local_aio.uio_iovcnt = 1; 1071 local_aio.uio_rw = UIO_WRITE; 1072 local_aio.uio_segflg = UIO_SYSSPACE; 1073 local_aio.uio_procp = p; 1074 local_aio.uio_offset = base_offset; 1075 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 1076 1077 /* 1078 * Acquire locks. 1079 */ 1080 VOP_LEASE(attribute->uele_backing_vnode, p, cred, LEASE_WRITE); 1081 1082 /* 1083 * Don't need to get a lock on the backing file if the setattr is 1084 * being applied to the backing file, as the lock is already held. 1085 */ 1086 if (attribute->uele_backing_vnode != vp) 1087 vn_lock(attribute->uele_backing_vnode, 1088 LK_EXCLUSIVE | LK_NOPAUSE | LK_RETRY, p); 1089 1090 ioflag = IO_NODELOCKED; 1091 if (ufs_extattr_sync) 1092 ioflag |= IO_SYNC; 1093 error = VOP_WRITE(attribute->uele_backing_vnode, &local_aio, ioflag, 1094 ump->um_extattr.uepm_ucred); 1095 if (error) 1096 goto vopunlock_exit; 1097 1098 if (local_aio.uio_resid != 0) { 1099 error = ENXIO; 1100 goto vopunlock_exit; 1101 } 1102 1103 /* 1104 * Write out user data. 1105 */ 1106 uio->uio_offset = base_offset + sizeof(struct ufs_extattr_header); 1107 1108 ioflag = IO_NODELOCKED; 1109 if (ufs_extattr_sync) 1110 ioflag |= IO_SYNC; 1111 error = VOP_WRITE(attribute->uele_backing_vnode, uio, ioflag, 1112 ump->um_extattr.uepm_ucred); 1113 1114vopunlock_exit: 1115 uio->uio_offset = 0; 1116 1117 if (attribute->uele_backing_vnode != vp) 1118 VOP_UNLOCK(attribute->uele_backing_vnode, 0, p); 1119 1120 return (error); 1121} 1122 1123/* 1124 * Real work associated with removing an extended attribute from a vnode. 1125 * Assumes the attribute lock has already been grabbed. 1126 */ 1127static int 1128ufs_extattr_rm(struct vnode *vp, int attrnamespace, const char *name, 1129 struct ucred *cred, struct proc *p) 1130{ 1131 struct ufs_extattr_list_entry *attribute; 1132 struct ufs_extattr_header ueh; 1133 struct iovec local_aiov; 1134 struct uio local_aio; 1135 struct mount *mp = vp->v_mount; 1136 struct ufsmount *ump = VFSTOUFS(mp); 1137 struct inode *ip = VTOI(vp); 1138 off_t base_offset; 1139 int error = 0, ioflag; 1140 1141 if (vp->v_mount->mnt_flag & MNT_RDONLY) 1142 return (EROFS); 1143 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) 1144 return (EOPNOTSUPP); 1145 if (!ufs_extattr_valid_attrname(name)) 1146 return (EINVAL); 1147 1148 attribute = ufs_extattr_find_attr(ump, attrnamespace, name); 1149 if (!attribute) 1150 return (ENOENT); 1151 1152 if ((error = ufs_extattr_credcheck(vp, attribute, cred, p, IWRITE))) 1153 return (error); 1154 1155 /* 1156 * Find base offset of header in file based on file header size, and 1157 * data header size + maximum data size, indexed by inode number. 1158 */ 1159 base_offset = sizeof(struct ufs_extattr_fileheader) + 1160 ip->i_number * (sizeof(struct ufs_extattr_header) + 1161 attribute->uele_fileheader.uef_size); 1162 1163 /* 1164 * Check to see if currently defined. 1165 */ 1166 bzero(&ueh, sizeof(struct ufs_extattr_header)); 1167 1168 local_aiov.iov_base = (caddr_t) &ueh; 1169 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 1170 local_aio.uio_iov = &local_aiov; 1171 local_aio.uio_iovcnt = 1; 1172 local_aio.uio_rw = UIO_READ; 1173 local_aio.uio_segflg = UIO_SYSSPACE; 1174 local_aio.uio_procp = p; 1175 local_aio.uio_offset = base_offset; 1176 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 1177 1178 VOP_LEASE(attribute->uele_backing_vnode, p, cred, LEASE_WRITE); 1179 1180 /* 1181 * Don't need to get the lock on the backing vnode if the vnode we're 1182 * modifying is it, as we already hold the lock. 1183 */ 1184 if (attribute->uele_backing_vnode != vp) 1185 vn_lock(attribute->uele_backing_vnode, 1186 LK_EXCLUSIVE | LK_NOPAUSE | LK_RETRY, p); 1187 1188 error = VOP_READ(attribute->uele_backing_vnode, &local_aio, 1189 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 1190 if (error) 1191 goto vopunlock_exit; 1192 1193 /* Defined? */ 1194 if ((ueh.ueh_flags & UFS_EXTATTR_ATTR_FLAG_INUSE) == 0) { 1195 error = ENOENT; 1196 goto vopunlock_exit; 1197 } 1198 1199 /* Valid for the current inode generation? */ 1200 if (ueh.ueh_i_gen != ip->i_gen) { 1201 /* 1202 * The inode itself has a different generation number than 1203 * the attribute data. For now, the best solution is to 1204 * coerce this to undefined, and let it get cleaned up by 1205 * the next write or extattrctl clean. 1206 */ 1207 printf("ufs_extattr_rm: inode number inconsistency (%d, %d)\n", 1208 ueh.ueh_i_gen, ip->i_gen); 1209 error = ENOENT; 1210 goto vopunlock_exit; 1211 } 1212 1213 /* Flag it as not in use. */ 1214 ueh.ueh_flags = 0; 1215 ueh.ueh_len = 0; 1216 1217 local_aiov.iov_base = (caddr_t) &ueh; 1218 local_aiov.iov_len = sizeof(struct ufs_extattr_header); 1219 local_aio.uio_iov = &local_aiov; 1220 local_aio.uio_iovcnt = 1; 1221 local_aio.uio_rw = UIO_WRITE; 1222 local_aio.uio_segflg = UIO_SYSSPACE; 1223 local_aio.uio_procp = p; 1224 local_aio.uio_offset = base_offset; 1225 local_aio.uio_resid = sizeof(struct ufs_extattr_header); 1226 1227 ioflag = IO_NODELOCKED; 1228 if (ufs_extattr_sync) 1229 ioflag |= IO_SYNC; 1230 error = VOP_WRITE(attribute->uele_backing_vnode, &local_aio, ioflag, 1231 ump->um_extattr.uepm_ucred); 1232 if (error) 1233 goto vopunlock_exit; 1234 1235 if (local_aio.uio_resid != 0) 1236 error = ENXIO; 1237 1238vopunlock_exit: 1239 VOP_UNLOCK(attribute->uele_backing_vnode, 0, p); 1240 1241 return (error); 1242} 1243 1244/* 1245 * Called by UFS when an inode is no longer active and should have its 1246 * attributes stripped. 1247 */ 1248void 1249ufs_extattr_vnode_inactive(struct vnode *vp, struct proc *p) 1250{ 1251 struct ufs_extattr_list_entry *uele; 1252 struct mount *mp = vp->v_mount; 1253 struct ufsmount *ump = VFSTOUFS(mp); 1254 1255 ufs_extattr_uepm_lock(ump, p); 1256 1257 if (!(ump->um_extattr.uepm_flags & UFS_EXTATTR_UEPM_STARTED)) { 1258 ufs_extattr_uepm_unlock(ump, p); 1259 return; 1260 } 1261 1262 LIST_FOREACH(uele, &ump->um_extattr.uepm_list, uele_entries) 1263 ufs_extattr_rm(vp, uele->uele_attrnamespace, 1264 uele->uele_attrname, NULL, p); 1265 1266 ufs_extattr_uepm_unlock(ump, p); 1267} 1268 1269#endif /* !UFS_EXTATTR */ 1270