1/* $NetBSD: ulfs_extattr.c,v 1.18 2024/02/10 18:43:53 andvar Exp $ */ 2/* from NetBSD: ulfs_extattr.c,v 1.48 2016/11/09 05:08:35 dholland Exp */ 3 4/*- 5 * Copyright (c) 1999-2002 Robert N. M. Watson 6 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 7 * All rights reserved. 8 * 9 * This software was developed by Robert Watson for the TrustedBSD Project. 10 * 11 * This software was developed for the FreeBSD Project in part by Network 12 * Associates Laboratories, the Security Research Division of Network 13 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 14 * as part of the DARPA CHATS research program. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 1. Redistributions of source code must retain the above copyright 20 * notice, this list of conditions and the following disclaimer. 21 * 2. Redistributions in binary form must reproduce the above copyright 22 * notice, this list of conditions and the following disclaimer in the 23 * documentation and/or other materials provided with the distribution. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 */ 38 39/* 40 * Support for file system extended attributes on the ULFS1 file system. 41 * 42 * Extended attributes are defined in the form name=value, where name is 43 * a nul-terminated string in the style of a file name, and value is a 44 * binary blob of zero or more bytes. The ULFS1 extended attribute service 45 * layers support for extended attributes onto a backing file, in the style 46 * of the quota implementation, meaning that it requires no underlying format 47 * changes to the file system. This design choice exchanges simplicity, 48 * usability, and easy deployment for performance. 49 */ 50 51#include <sys/cdefs.h> 52__KERNEL_RCSID(0, "$NetBSD: ulfs_extattr.c,v 1.18 2024/02/10 18:43:53 andvar Exp $"); 53 54#ifdef _KERNEL_OPT 55#include "opt_lfs.h" 56#endif 57 58#include <sys/param.h> 59#include <sys/systm.h> 60#include <sys/reboot.h> 61#include <sys/kauth.h> 62#include <sys/kernel.h> 63#include <sys/namei.h> 64#include <sys/kmem.h> 65#include <sys/fcntl.h> 66#include <sys/lwp.h> 67#include <sys/vnode.h> 68#include <sys/mount.h> 69#include <sys/lock.h> 70#include <sys/dirent.h> 71#include <sys/extattr.h> 72#include <sys/sysctl.h> 73 74#include <ufs/lfs/ulfs_extattr.h> 75#include <ufs/lfs/ulfsmount.h> 76#include <ufs/lfs/ulfs_inode.h> 77#include <ufs/lfs/ulfs_bswap.h> 78#include <ufs/lfs/ulfs_extern.h> 79 80int ulfs_extattr_sync = 1; 81int ulfs_extattr_autocreate = 1024; 82 83static int ulfs_extattr_valid_attrname(int attrnamespace, 84 const char *attrname); 85static int ulfs_extattr_enable_with_open(struct ulfsmount *ump, 86 struct vnode *vp, int attrnamespace, const char *attrname, 87 struct lwp *l); 88static int ulfs_extattr_enable(struct ulfsmount *ump, int attrnamespace, 89 const char *attrname, struct vnode *backing_vnode, 90 struct lwp *l); 91static int ulfs_extattr_disable(struct ulfsmount *ump, int attrnamespace, 92 const char *attrname, struct lwp *l); 93static int ulfs_extattr_get(struct vnode *vp, int attrnamespace, 94 const char *name, struct uio *uio, size_t *size, 95 kauth_cred_t cred, struct lwp *l); 96static int ulfs_extattr_list(struct vnode *vp, int attrnamespace, 97 struct uio *uio, size_t *size, int flag, 98 kauth_cred_t cred, struct lwp *l); 99static int ulfs_extattr_set(struct vnode *vp, int attrnamespace, 100 const char *name, struct uio *uio, kauth_cred_t cred, 101 struct lwp *l); 102static int ulfs_extattr_rm(struct vnode *vp, int attrnamespace, 103 const char *name, kauth_cred_t cred, struct lwp *l); 104static struct ulfs_extattr_list_entry *ulfs_extattr_find_attr(struct ulfsmount *, 105 int, const char *); 106static int ulfs_extattr_get_header(struct vnode *, 107 struct ulfs_extattr_list_entry *, 108 struct ulfs_extattr_header *, off_t *); 109 110/* 111 * Per-FS attribute lock protecting attribute operations. 112 * XXX Right now there is a lot of lock contention due to having a single 113 * lock per-FS; really, this should be far more fine-grained. 114 */ 115static void 116ulfs_extattr_uepm_lock(struct ulfsmount *ump) 117{ 118 119 /* 120 * XXX This needs to be recursive for the following reasons: 121 * - it is taken in ulfs_extattr_vnode_inactive 122 * - which is called from VOP_INACTIVE 123 * - which can be triggered by any vrele, vput, or vn_close 124 * - several of these can happen while it's held 125 */ 126 if (mutex_owned(&ump->um_extattr.uepm_lock)) { 127 ump->um_extattr.uepm_lockcnt++; 128 return; 129 } 130 mutex_enter(&ump->um_extattr.uepm_lock); 131} 132 133static void 134ulfs_extattr_uepm_unlock(struct ulfsmount *ump) 135{ 136 137 if (ump->um_extattr.uepm_lockcnt != 0) { 138 KASSERT(mutex_owned(&ump->um_extattr.uepm_lock)); 139 ump->um_extattr.uepm_lockcnt--; 140 return; 141 } 142 mutex_exit(&ump->um_extattr.uepm_lock); 143} 144 145/*- 146 * Determine whether the name passed is a valid name for an actual 147 * attribute. 148 * 149 * Invalid currently consists of: 150 * NULL pointer for attrname 151 * zero-length attrname (used to retrieve application attribute list) 152 */ 153static int 154ulfs_extattr_valid_attrname(int attrnamespace, const char *attrname) 155{ 156 157 if (attrname == NULL) 158 return (0); 159 if (strlen(attrname) == 0) 160 return (0); 161 return (1); 162} 163 164/* 165 * Autocreate an attribute storage 166 */ 167static int 168ulfs_extattr_autocreate_attr(struct vnode *vp, int attrnamespace, 169 const char *attrname, struct lwp *l, struct ulfs_extattr_list_entry **uelep) 170{ 171 struct mount *mp = vp->v_mount; 172 struct ulfsmount *ump = VFSTOULFS(mp); 173 struct vnode *backing_vp; 174 struct pathbuf *pb; 175 char *path; 176 struct ulfs_extattr_fileheader uef; 177 struct ulfs_extattr_list_entry *uele; 178 int error; 179 180 path = PNBUF_GET(); 181 182 /* 183 * We only support system and user namespace autocreation 184 */ 185 switch (attrnamespace) { 186 case EXTATTR_NAMESPACE_SYSTEM: 187 (void)snprintf(path, PATH_MAX, "%s/%s/%s/%s", 188 mp->mnt_stat.f_mntonname, 189 ULFS_EXTATTR_FSROOTSUBDIR, 190 ULFS_EXTATTR_SUBDIR_SYSTEM, 191 attrname); 192 break; 193 case EXTATTR_NAMESPACE_USER: 194 (void)snprintf(path, PATH_MAX, "%s/%s/%s/%s", 195 mp->mnt_stat.f_mntonname, 196 ULFS_EXTATTR_FSROOTSUBDIR, 197 ULFS_EXTATTR_SUBDIR_USER, 198 attrname); 199 break; 200 default: 201 PNBUF_PUT(path); 202 *uelep = NULL; 203 return EINVAL; 204 break; 205 } 206 207 /* 208 * Release extended attribute mount lock, otherwise 209 * we can deadlock with another thread that would lock 210 * vp after we unlock it below, and call 211 * ulfs_extattr_uepm_lock(ump), for instance 212 * in ulfs_getextattr(). 213 */ 214 ulfs_extattr_uepm_unlock(ump); 215 216 /* 217 * XXX unlock/lock should only be done when setting extattr 218 * on backing store or one of its parent directory 219 * including root, but we always do it for now. 220 */ 221 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 222 VOP_UNLOCK(vp); 223 224 pb = pathbuf_create(path); 225 226 /* 227 * Since we do not hold ulfs_extattr_uepm_lock anymore, 228 * another thread may race with us for backend creation, 229 * but only one can succeed here thanks to O_EXCL. 230 * 231 * backing_vp is the backing store. 232 */ 233 error = vn_open(NULL, pb, 0, O_CREAT|O_EXCL|O_RDWR, 0600, 234 &backing_vp, NULL, NULL); 235 236 /* 237 * Reacquire the lock on the vnode 238 */ 239 KASSERT(VOP_ISLOCKED(vp) == 0); 240 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 241 242 ulfs_extattr_uepm_lock(ump); 243 244 if (error != 0) { 245 pathbuf_destroy(pb); 246 PNBUF_PUT(path); 247 *uelep = NULL; 248 return error; 249 } 250 251 KASSERT(backing_vp != NULL); 252 KASSERT(VOP_ISLOCKED(backing_vp) == LK_EXCLUSIVE); 253 254 pathbuf_destroy(pb); 255 PNBUF_PUT(path); 256 257 uef.uef_magic = ULFS_EXTATTR_MAGIC; 258 uef.uef_version = ULFS_EXTATTR_VERSION; 259 uef.uef_size = ulfs_extattr_autocreate; 260 261 error = vn_rdwr(UIO_WRITE, backing_vp, &uef, sizeof(uef), 0, 262 UIO_SYSSPACE, IO_NODELOCKED|IO_APPEND, 263 l->l_cred, NULL, l); 264 265 VOP_UNLOCK(backing_vp); 266 267 if (error != 0) { 268 printf("%s: write uef header failed for %s, error = %d\n", 269 __func__, attrname, error); 270 vn_close(backing_vp, FREAD|FWRITE, l->l_cred); 271 *uelep = NULL; 272 return error; 273 } 274 275 /* 276 * Now enable attribute. 277 */ 278 error = ulfs_extattr_enable(ump,attrnamespace, attrname, backing_vp, l); 279 KASSERT(VOP_ISLOCKED(backing_vp) == 0); 280 281 if (error != 0) { 282 printf("%s: enable %s failed, error %d\n", 283 __func__, attrname, error); 284 vn_close(backing_vp, FREAD|FWRITE, l->l_cred); 285 *uelep = NULL; 286 return error; 287 } 288 289 uele = ulfs_extattr_find_attr(ump, attrnamespace, attrname); 290 if (uele == NULL) { 291 printf("%s: attribute %s created but not found!\n", 292 __func__, attrname); 293 vn_close(backing_vp, FREAD|FWRITE, l->l_cred); 294 *uelep = NULL; 295 return ESRCH; /* really internal error */ 296 } 297 298 printf("%s: EA backing store autocreated for %s\n", 299 mp->mnt_stat.f_mntonname, attrname); 300 301 *uelep = uele; 302 return 0; 303} 304 305/* 306 * Locate an attribute given a name and mountpoint. 307 * Must be holding uepm lock for the mount point. 308 */ 309static struct ulfs_extattr_list_entry * 310ulfs_extattr_find_attr(struct ulfsmount *ump, int attrnamespace, 311 const char *attrname) 312{ 313 struct ulfs_extattr_list_entry *search_attribute; 314 315 for (search_attribute = LIST_FIRST(&ump->um_extattr.uepm_list); 316 search_attribute != NULL; 317 search_attribute = LIST_NEXT(search_attribute, uele_entries)) { 318 if (!(strncmp(attrname, search_attribute->uele_attrname, 319 ULFS_EXTATTR_MAXEXTATTRNAME)) && 320 (attrnamespace == search_attribute->uele_attrnamespace)) { 321 return (search_attribute); 322 } 323 } 324 325 return (0); 326} 327 328/* 329 * Initialize per-FS structures supporting extended attributes. Do not 330 * start extended attributes yet. 331 */ 332void 333ulfs_extattr_uepm_init(struct ulfs_extattr_per_mount *uepm) 334{ 335 336 uepm->uepm_flags = 0; 337 uepm->uepm_lockcnt = 0; 338 339 LIST_INIT(&uepm->uepm_list); 340 mutex_init(&uepm->uepm_lock, MUTEX_DEFAULT, IPL_NONE); 341 uepm->uepm_flags |= ULFS_EXTATTR_UEPM_INITIALIZED; 342} 343 344/* 345 * Destroy per-FS structures supporting extended attributes. Assumes 346 * that EAs have already been stopped, and will panic if not. 347 */ 348void 349ulfs_extattr_uepm_destroy(struct ulfs_extattr_per_mount *uepm) 350{ 351 352 if (!(uepm->uepm_flags & ULFS_EXTATTR_UEPM_INITIALIZED)) 353 panic("ulfs_extattr_uepm_destroy: not initialized"); 354 355 if ((uepm->uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) 356 panic("ulfs_extattr_uepm_destroy: called while still started"); 357 358 /* 359 * It's not clear that either order for the next three lines is 360 * ideal, and it should never be a problem if this is only called 361 * during unmount, and with vfs_busy(). 362 */ 363 uepm->uepm_flags &= ~ULFS_EXTATTR_UEPM_STARTED; 364 uepm->uepm_flags &= ~ULFS_EXTATTR_UEPM_INITIALIZED; 365 mutex_destroy(&uepm->uepm_lock); 366} 367 368/* 369 * Start extended attribute support on an FS. 370 */ 371int 372ulfs_extattr_start(struct mount *mp, struct lwp *l) 373{ 374 struct ulfsmount *ump; 375 int error = 0; 376 377 ump = VFSTOULFS(mp); 378 379 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_INITIALIZED)) 380 ulfs_extattr_uepm_init(&ump->um_extattr); 381 382 ulfs_extattr_uepm_lock(ump); 383 384 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_INITIALIZED)) { 385 error = EOPNOTSUPP; 386 goto unlock; 387 } 388 if (ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED) { 389 error = EBUSY; 390 goto unlock; 391 } 392 393 ump->um_extattr.uepm_flags |= ULFS_EXTATTR_UEPM_STARTED; 394 395 ump->um_extattr.uepm_ucred = l->l_cred; 396 kauth_cred_hold(ump->um_extattr.uepm_ucred); 397 398 unlock: 399 ulfs_extattr_uepm_unlock(ump); 400 401 return (error); 402} 403 404/* 405 * Helper routine: given a locked parent directory and filename, return 406 * the locked vnode of the inode associated with the name. Will not 407 * follow symlinks, may return any type of vnode. Lock on parent will 408 * be released even in the event of a failure. In the event that the 409 * target is the parent (i.e., "."), there will be two references and 410 * one lock, requiring the caller to possibly special-case. 411 */ 412static int 413ulfs_extattr_lookup(struct vnode *start_dvp, int lockparent, const char *dirname, 414 struct vnode **vp, struct lwp *l) 415{ 416 struct vop_lookup_v2_args vargs; 417 struct componentname cnp; 418 struct vnode *target_vp; 419 char *pnbuf; 420 int error; 421 422 KASSERT(VOP_ISLOCKED(start_dvp) == LK_EXCLUSIVE); 423 424 pnbuf = PNBUF_GET(); 425 426 memset(&cnp, 0, sizeof(cnp)); 427 cnp.cn_nameiop = LOOKUP; 428 cnp.cn_flags = ISLASTCN | lockparent; 429 cnp.cn_cred = l->l_cred; 430 cnp.cn_nameptr = pnbuf; 431 error = copystr(dirname, pnbuf, MAXPATHLEN, &cnp.cn_namelen); 432 if (error) { 433 if (lockparent == 0) { 434 VOP_UNLOCK(start_dvp); 435 } 436 PNBUF_PUT(pnbuf); 437 printf("ulfs_extattr_lookup: copystr failed\n"); 438 return (error); 439 } 440 cnp.cn_namelen--; /* trim nul termination */ 441 vargs.a_desc = NULL; 442 vargs.a_dvp = start_dvp; 443 vargs.a_vpp = &target_vp; 444 vargs.a_cnp = &cnp; 445 error = ulfs_lookup(&vargs); 446 PNBUF_PUT(pnbuf); 447 if (error) { 448 if (lockparent == 0) { 449 VOP_UNLOCK(start_dvp); 450 } 451 return (error); 452 } 453#if 0 454 if (target_vp == start_dvp) 455 panic("ulfs_extattr_lookup: target_vp == start_dvp"); 456#endif 457 458 if (target_vp != start_dvp) { 459 error = vn_lock(target_vp, LK_EXCLUSIVE); 460 if (lockparent == 0) 461 VOP_UNLOCK(start_dvp); 462 if (error) { 463 vrele(target_vp); 464 return error; 465 } 466 } 467 468 KASSERT(VOP_ISLOCKED(target_vp) == LK_EXCLUSIVE); 469 *vp = target_vp; 470 return (0); 471} 472 473/* 474 * Enable an EA using the passed filesystem, backing vnode, attribute name, 475 * namespace, and proc. Will perform a VOP_OPEN() on the vp, so expects vp 476 * to be locked when passed in. The vnode will be returned unlocked, 477 * regardless of success/failure of the function. As a result, the caller 478 * will always need to vrele(), but not vput(). 479 */ 480static int 481ulfs_extattr_enable_with_open(struct ulfsmount *ump, struct vnode *vp, 482 int attrnamespace, const char *attrname, struct lwp *l) 483{ 484 int error; 485 486 error = VOP_OPEN(vp, FREAD|FWRITE, l->l_cred); 487 if (error) { 488 printf("ulfs_extattr_enable_with_open.VOP_OPEN(): failed " 489 "with %d\n", error); 490 VOP_UNLOCK(vp); 491 return (error); 492 } 493 494 mutex_enter(vp->v_interlock); 495 vp->v_writecount++; 496 mutex_exit(vp->v_interlock); 497 498 vref(vp); 499 500 VOP_UNLOCK(vp); 501 502 error = ulfs_extattr_enable(ump, attrnamespace, attrname, vp, l); 503 if (error != 0) 504 vn_close(vp, FREAD|FWRITE, l->l_cred); 505 return (error); 506} 507 508/* 509 * Given a locked directory vnode, iterate over the names in the directory 510 * and use ulfs_extattr_lookup() to retrieve locked vnodes of potential 511 * attribute files. Then invoke ulfs_extattr_enable_with_open() on each 512 * to attempt to start the attribute. Leaves the directory locked on 513 * exit. 514 */ 515static int 516ulfs_extattr_iterate_directory(struct ulfsmount *ump, struct vnode *dvp, 517 int attrnamespace, struct lwp *l) 518{ 519 struct vop_readdir_args vargs; 520 struct statvfs *sbp = &ump->um_mountp->mnt_stat; 521 struct dirent *dp, *edp; 522 struct vnode *attr_vp; 523 struct uio auio; 524 struct iovec aiov; 525 char *dirbuf; 526 int error, eofflag = 0; 527 528 if (dvp->v_type != VDIR) 529 return (ENOTDIR); 530 531 dirbuf = kmem_alloc(LFS_DIRBLKSIZ, KM_SLEEP); 532 533 auio.uio_iov = &aiov; 534 auio.uio_iovcnt = 1; 535 auio.uio_rw = UIO_READ; 536 auio.uio_offset = 0; 537 UIO_SETUP_SYSSPACE(&auio); 538 539 vargs.a_desc = NULL; 540 vargs.a_vp = dvp; 541 vargs.a_uio = &auio; 542 vargs.a_cred = l->l_cred; 543 vargs.a_eofflag = &eofflag; 544 vargs.a_ncookies = NULL; 545 vargs.a_cookies = NULL; 546 547 while (!eofflag) { 548 auio.uio_resid = LFS_DIRBLKSIZ; 549 aiov.iov_base = dirbuf; 550 aiov.iov_len = LFS_DIRBLKSIZ; 551 error = ulfs_readdir(&vargs); 552 if (error) { 553 printf("ulfs_extattr_iterate_directory: ulfs_readdir " 554 "%d\n", error); 555 return (error); 556 } 557 558 /* 559 * XXXRW: While in LFS, we always get LFS_DIRBLKSIZ returns from 560 * the directory code on success, on other file systems this 561 * may not be the case. For portability, we should check the 562 * read length on return from ulfs_readdir(). 563 */ 564 edp = (struct dirent *)&dirbuf[LFS_DIRBLKSIZ]; 565 for (dp = (struct dirent *)dirbuf; dp < edp; ) { 566 if (dp->d_reclen == 0) 567 break; 568 /* Skip "." and ".." */ 569 if (dp->d_name[0] == '.' && 570 (dp->d_name[1] == '\0' || 571 (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) 572 goto next; 573 error = ulfs_extattr_lookup(dvp, LOCKPARENT, 574 dp->d_name, &attr_vp, l); 575 if (error == ENOENT) { 576 goto next; /* keep silent */ 577 } else if (error) { 578 printf("ulfs_extattr_iterate_directory: lookup " 579 "%s %d\n", dp->d_name, error); 580 } else if (attr_vp == dvp) { 581 vrele(attr_vp); 582 } else if (attr_vp->v_type != VREG) { 583 vput(attr_vp); 584 } else { 585 error = ulfs_extattr_enable_with_open(ump, 586 attr_vp, attrnamespace, dp->d_name, l); 587 vrele(attr_vp); 588 if (error) { 589 printf("ulfs_extattr_iterate_directory: " 590 "enable %s %d\n", dp->d_name, 591 error); 592 } else if (bootverbose) { 593 printf("%s: EA %s loaded\n", 594 sbp->f_mntonname, dp->d_name); 595 } 596 } 597 next: 598 dp = (struct dirent *) ((char *)dp + dp->d_reclen); 599 if (dp >= edp) 600 break; 601 } 602 } 603 kmem_free(dirbuf, LFS_DIRBLKSIZ); 604 605 return (0); 606} 607 608/* 609 * Auto-start of extended attributes, to be executed (optionally) at 610 * mount-time. 611 */ 612int 613ulfs_extattr_autostart(struct mount *mp, struct lwp *l) 614{ 615 struct vnode *rvp, *attr_dvp, *attr_system_dvp, *attr_user_dvp; 616 int error; 617 618 /* 619 * Does ULFS_EXTATTR_FSROOTSUBDIR exist off the filesystem root? 620 * If so, automatically start EA's. 621 */ 622 error = VFS_ROOT(mp, LK_EXCLUSIVE, &rvp); 623 if (error) { 624 printf("ulfs_extattr_autostart.VFS_ROOT() returned %d\n", 625 error); 626 return (error); 627 } 628 629 KASSERT(VOP_ISLOCKED(rvp) == LK_EXCLUSIVE); 630 631 error = ulfs_extattr_lookup(rvp, 0, 632 ULFS_EXTATTR_FSROOTSUBDIR, &attr_dvp, l); 633 if (error) { 634 /* rvp ref'd but now unlocked */ 635 KASSERT(VOP_ISLOCKED(rvp) == 0); 636 vrele(rvp); 637 return (error); 638 } 639 if (rvp == attr_dvp) { 640 /* Should never happen. */ 641 KASSERT(VOP_ISLOCKED(rvp) == LK_EXCLUSIVE); 642 vrele(attr_dvp); 643 vput(rvp); 644 return (EINVAL); 645 } 646 KASSERT(VOP_ISLOCKED(rvp) == 0); 647 vrele(rvp); 648 649 KASSERT(VOP_ISLOCKED(attr_dvp) == LK_EXCLUSIVE); 650 651 if (attr_dvp->v_type != VDIR) { 652 printf("ulfs_extattr_autostart: %s != VDIR\n", 653 ULFS_EXTATTR_FSROOTSUBDIR); 654 goto return_vput_attr_dvp; 655 } 656 657 error = ulfs_extattr_start(mp, l); 658 if (error) { 659 printf("ulfs_extattr_autostart: ulfs_extattr_start failed (%d)\n", 660 error); 661 goto return_vput_attr_dvp; 662 } 663 664 /* 665 * Look for two subdirectories: ULFS_EXTATTR_SUBDIR_SYSTEM, 666 * ULFS_EXTATTR_SUBDIR_USER. For each, iterate over the sub-directory, 667 * and start with appropriate type. Failures in either don't 668 * result in an over-all failure. attr_dvp is left locked to 669 * be cleaned up on exit. 670 */ 671 error = ulfs_extattr_lookup(attr_dvp, LOCKPARENT, 672 ULFS_EXTATTR_SUBDIR_SYSTEM, &attr_system_dvp, l); 673 KASSERT(VOP_ISLOCKED(attr_dvp) == LK_EXCLUSIVE); 674 if (error == 0) { 675 KASSERT(VOP_ISLOCKED(attr_system_dvp) == LK_EXCLUSIVE); 676 error = ulfs_extattr_iterate_directory(VFSTOULFS(mp), 677 attr_system_dvp, EXTATTR_NAMESPACE_SYSTEM, l); 678 if (error) 679 printf("ulfs_extattr_iterate_directory returned %d\n", 680 error); 681 KASSERT(VOP_ISLOCKED(attr_system_dvp) == LK_EXCLUSIVE); 682 vput(attr_system_dvp); 683 } 684 685 error = ulfs_extattr_lookup(attr_dvp, LOCKPARENT, 686 ULFS_EXTATTR_SUBDIR_USER, &attr_user_dvp, l); 687 KASSERT(VOP_ISLOCKED(attr_dvp) == LK_EXCLUSIVE); 688 if (error == 0) { 689 KASSERT(VOP_ISLOCKED(attr_user_dvp) == LK_EXCLUSIVE); 690 error = ulfs_extattr_iterate_directory(VFSTOULFS(mp), 691 attr_user_dvp, EXTATTR_NAMESPACE_USER, l); 692 if (error) 693 printf("ulfs_extattr_iterate_directory returned %d\n", 694 error); 695 KASSERT(VOP_ISLOCKED(attr_user_dvp) == LK_EXCLUSIVE); 696 vput(attr_user_dvp); 697 } 698 699 /* Mask startup failures in sub-directories. */ 700 error = 0; 701 702 return_vput_attr_dvp: 703 KASSERT(VOP_ISLOCKED(attr_dvp) == LK_EXCLUSIVE); 704 vput(attr_dvp); 705 706 return (error); 707} 708 709/* 710 * Stop extended attribute support on an FS. 711 */ 712void 713ulfs_extattr_stop(struct mount *mp, struct lwp *l) 714{ 715 struct ulfs_extattr_list_entry *uele; 716 struct ulfsmount *ump = VFSTOULFS(mp); 717 718 ulfs_extattr_uepm_lock(ump); 719 720 /* 721 * If we haven't been started, no big deal. Just short-circuit 722 * the processing work. 723 */ 724 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) { 725 goto unlock; 726 } 727 728 while (LIST_FIRST(&ump->um_extattr.uepm_list) != NULL) { 729 uele = LIST_FIRST(&ump->um_extattr.uepm_list); 730 ulfs_extattr_disable(ump, uele->uele_attrnamespace, 731 uele->uele_attrname, l); 732 } 733 734 ump->um_extattr.uepm_flags &= ~ULFS_EXTATTR_UEPM_STARTED; 735 736 kauth_cred_free(ump->um_extattr.uepm_ucred); 737 ump->um_extattr.uepm_ucred = NULL; 738 739 unlock: 740 ulfs_extattr_uepm_unlock(ump); 741} 742 743/* 744 * Enable a named attribute on the specified filesystem; provide an 745 * unlocked backing vnode to hold the attribute data. 746 */ 747static int 748ulfs_extattr_enable(struct ulfsmount *ump, int attrnamespace, 749 const char *attrname, struct vnode *backing_vnode, struct lwp *l) 750{ 751 struct ulfs_extattr_list_entry *attribute; 752 struct iovec aiov; 753 struct uio auio; 754 int error = 0; 755 756 if (!ulfs_extattr_valid_attrname(attrnamespace, attrname)) 757 return (EINVAL); 758 if (backing_vnode->v_type != VREG) 759 return (EINVAL); 760 761 attribute = kmem_zalloc(sizeof(*attribute), KM_SLEEP); 762 763 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) { 764 error = EOPNOTSUPP; 765 goto free_exit; 766 } 767 768 if (ulfs_extattr_find_attr(ump, attrnamespace, attrname)) { 769 error = EEXIST; 770 goto free_exit; 771 } 772 773 strncpy(attribute->uele_attrname, attrname, 774 ULFS_EXTATTR_MAXEXTATTRNAME); 775 attribute->uele_attrnamespace = attrnamespace; 776 memset(&attribute->uele_fileheader, 0, 777 sizeof(struct ulfs_extattr_fileheader)); 778 779 attribute->uele_backing_vnode = backing_vnode; 780 781 auio.uio_iov = &aiov; 782 auio.uio_iovcnt = 1; 783 aiov.iov_base = (void *) &attribute->uele_fileheader; 784 aiov.iov_len = sizeof(struct ulfs_extattr_fileheader); 785 auio.uio_resid = sizeof(struct ulfs_extattr_fileheader); 786 auio.uio_offset = (off_t) 0; 787 auio.uio_rw = UIO_READ; 788 UIO_SETUP_SYSSPACE(&auio); 789 790 vn_lock(backing_vnode, LK_SHARED | LK_RETRY); 791 error = VOP_READ(backing_vnode, &auio, IO_NODELOCKED, 792 ump->um_extattr.uepm_ucred); 793 794 if (error) 795 goto unlock_free_exit; 796 797 if (auio.uio_resid != 0) { 798 printf("ulfs_extattr_enable: malformed attribute header\n"); 799 error = EINVAL; 800 goto unlock_free_exit; 801 } 802 803 /* 804 * Try to determine the byte order of the attribute file. 805 */ 806 if (attribute->uele_fileheader.uef_magic != ULFS_EXTATTR_MAGIC) { 807 attribute->uele_flags |= UELE_F_NEEDSWAP; 808 attribute->uele_fileheader.uef_magic = 809 ulfs_rw32(attribute->uele_fileheader.uef_magic, 810 UELE_NEEDSWAP(attribute)); 811 if (attribute->uele_fileheader.uef_magic != ULFS_EXTATTR_MAGIC) { 812 printf("ulfs_extattr_enable: invalid attribute header " 813 "magic\n"); 814 error = EINVAL; 815 goto unlock_free_exit; 816 } 817 } 818 attribute->uele_fileheader.uef_version = 819 ulfs_rw32(attribute->uele_fileheader.uef_version, 820 UELE_NEEDSWAP(attribute)); 821 attribute->uele_fileheader.uef_size = 822 ulfs_rw32(attribute->uele_fileheader.uef_size, 823 UELE_NEEDSWAP(attribute)); 824 825 if (attribute->uele_fileheader.uef_version != ULFS_EXTATTR_VERSION) { 826 printf("ulfs_extattr_enable: incorrect attribute header " 827 "version\n"); 828 error = EINVAL; 829 goto unlock_free_exit; 830 } 831 832 LIST_INSERT_HEAD(&ump->um_extattr.uepm_list, attribute, 833 uele_entries); 834 835 VOP_UNLOCK(backing_vnode); 836 return (0); 837 838 unlock_free_exit: 839 VOP_UNLOCK(backing_vnode); 840 841 free_exit: 842 kmem_free(attribute, sizeof(*attribute)); 843 return (error); 844} 845 846/* 847 * Disable extended attribute support on an FS. 848 */ 849static int 850ulfs_extattr_disable(struct ulfsmount *ump, int attrnamespace, 851 const char *attrname, struct lwp *l) 852{ 853 struct ulfs_extattr_list_entry *uele; 854 int error = 0; 855 856 if (!ulfs_extattr_valid_attrname(attrnamespace, attrname)) 857 return (EINVAL); 858 859 uele = ulfs_extattr_find_attr(ump, attrnamespace, attrname); 860 if (!uele) 861 return (ENODATA); 862 863 LIST_REMOVE(uele, uele_entries); 864 865 error = vn_close(uele->uele_backing_vnode, FREAD|FWRITE, 866 l->l_cred); 867 868 kmem_free(uele, sizeof(*uele)); 869 870 return (error); 871} 872 873/* 874 * VFS call to manage extended attributes in ULFS. If filename_vp is 875 * non-NULL, it must be passed in locked, and regardless of errors in 876 * processing, will be unlocked. 877 */ 878int 879ulfs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp, 880 int attrnamespace, const char *attrname) 881{ 882 struct lwp *l = curlwp; 883 struct ulfsmount *ump = VFSTOULFS(mp); 884 int error; 885 886 /* 887 * Only privileged processes can configure extended attributes. 888 */ 889 error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_EXTATTR, 890 0, mp, NULL, NULL); 891 if (error) { 892 if (filename_vp != NULL) 893 VOP_UNLOCK(filename_vp); 894 return (error); 895 } 896 897 switch(cmd) { 898 case ULFS_EXTATTR_CMD_START: 899 if (filename_vp != NULL) { 900 VOP_UNLOCK(filename_vp); 901 return (EINVAL); 902 } 903 if (attrname != NULL) 904 return (EINVAL); 905 906 error = ulfs_extattr_autostart(mp, l); 907 return (error); 908 909 case ULFS_EXTATTR_CMD_STOP: 910 if (filename_vp != NULL) { 911 VOP_UNLOCK(filename_vp); 912 return (EINVAL); 913 } 914 if (attrname != NULL) 915 return (EINVAL); 916 917 ulfs_extattr_stop(mp, l); 918 return (0); 919 920 case ULFS_EXTATTR_CMD_ENABLE: 921 if (filename_vp == NULL) 922 return (EINVAL); 923 if (attrname == NULL) { 924 VOP_UNLOCK(filename_vp); 925 return (EINVAL); 926 } 927 928 /* 929 * ulfs_extattr_enable_with_open() will always unlock the 930 * vnode, regardless of failure. 931 */ 932 ulfs_extattr_uepm_lock(ump); 933 error = ulfs_extattr_enable_with_open(ump, filename_vp, 934 attrnamespace, attrname, l); 935 ulfs_extattr_uepm_unlock(ump); 936 return (error); 937 938 case ULFS_EXTATTR_CMD_DISABLE: 939 if (filename_vp != NULL) { 940 VOP_UNLOCK(filename_vp); 941 return (EINVAL); 942 } 943 if (attrname == NULL) 944 return (EINVAL); 945 946 ulfs_extattr_uepm_lock(ump); 947 error = ulfs_extattr_disable(ump, attrnamespace, attrname, l); 948 ulfs_extattr_uepm_unlock(ump); 949 return (error); 950 951 default: 952 return (EINVAL); 953 } 954} 955 956/* 957 * Read extended attribute header for a given vnode and attribute. 958 * Backing vnode should be locked and unlocked by caller. 959 */ 960static int 961ulfs_extattr_get_header(struct vnode *vp, struct ulfs_extattr_list_entry *uele, 962 struct ulfs_extattr_header *ueh, off_t *bap) 963{ 964 struct mount *mp = vp->v_mount; 965 struct ulfsmount *ump = VFSTOULFS(mp); 966 struct inode *ip = VTOI(vp); 967 off_t base_offset; 968 struct iovec aiov; 969 struct uio aio; 970 int error; 971 972 /* 973 * Find base offset of header in file based on file header size, and 974 * data header size + maximum data size, indexed by inode number. 975 */ 976 base_offset = sizeof(struct ulfs_extattr_fileheader) + 977 ip->i_number * (sizeof(struct ulfs_extattr_header) + 978 uele->uele_fileheader.uef_size); 979 980 /* 981 * Read in the data header to see if the data is defined, and if so 982 * how much. 983 */ 984 memset(ueh, 0, sizeof(struct ulfs_extattr_header)); 985 aiov.iov_base = ueh; 986 aiov.iov_len = sizeof(struct ulfs_extattr_header); 987 aio.uio_iov = &aiov; 988 aio.uio_iovcnt = 1; 989 aio.uio_rw = UIO_READ; 990 aio.uio_offset = base_offset; 991 aio.uio_resid = sizeof(struct ulfs_extattr_header); 992 UIO_SETUP_SYSSPACE(&aio); 993 994 error = VOP_READ(uele->uele_backing_vnode, &aio, 995 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 996 if (error) 997 return error; 998 999 /* 1000 * Attribute headers are kept in file system byte order. 1001 * XXX What about the blob of data? 1002 */ 1003 ueh->ueh_flags = ulfs_rw32(ueh->ueh_flags, UELE_NEEDSWAP(uele)); 1004 ueh->ueh_len = ulfs_rw32(ueh->ueh_len, UELE_NEEDSWAP(uele)); 1005 ueh->ueh_i_gen = ulfs_rw32(ueh->ueh_i_gen, UELE_NEEDSWAP(uele)); 1006 1007 /* Defined? */ 1008 if ((ueh->ueh_flags & ULFS_EXTATTR_ATTR_FLAG_INUSE) == 0) 1009 return ENODATA; 1010 1011 /* Valid for the current inode generation? */ 1012 if (ueh->ueh_i_gen != ip->i_gen) { 1013 /* 1014 * The inode itself has a different generation number 1015 * than the uele data. For now, the best solution 1016 * is to coerce this to undefined, and let it get cleaned 1017 * up by the next write or extattrctl clean. 1018 */ 1019 printf("%s (%s): inode gen inconsistency (%u, %jd)\n", 1020 __func__, mp->mnt_stat.f_mntonname, ueh->ueh_i_gen, 1021 (intmax_t)ip->i_gen); 1022 return ENODATA; 1023 } 1024 1025 /* Local size consistency check. */ 1026 if (ueh->ueh_len > uele->uele_fileheader.uef_size) 1027 return ENXIO; 1028 1029 /* Return base offset */ 1030 if (bap != NULL) 1031 *bap = base_offset; 1032 1033 return 0; 1034} 1035 1036/* 1037 * Vnode operation to retrieve a named extended attribute. 1038 */ 1039int 1040ulfs_getextattr(struct vop_getextattr_args *ap) 1041/* 1042vop_getextattr { 1043 IN struct vnode *a_vp; 1044 IN int a_attrnamespace; 1045 IN const char *a_name; 1046 INOUT struct uio *a_uio; 1047 OUT size_t *a_size; 1048 IN kauth_cred_t a_cred; 1049}; 1050*/ 1051{ 1052 struct mount *mp = ap->a_vp->v_mount; 1053 struct ulfsmount *ump = VFSTOULFS(mp); 1054 int error; 1055 1056 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) 1057 return (EOPNOTSUPP); 1058 1059 ulfs_extattr_uepm_lock(ump); 1060 1061 error = ulfs_extattr_get(ap->a_vp, ap->a_attrnamespace, ap->a_name, 1062 ap->a_uio, ap->a_size, ap->a_cred, curlwp); 1063 1064 ulfs_extattr_uepm_unlock(ump); 1065 1066 return (error); 1067} 1068 1069/* 1070 * Real work associated with retrieving a named attribute--assumes that 1071 * the attribute lock has already been grabbed. 1072 */ 1073static int 1074ulfs_extattr_get(struct vnode *vp, int attrnamespace, const char *name, 1075 struct uio *uio, size_t *size, kauth_cred_t cred, struct lwp *l) 1076{ 1077 struct ulfs_extattr_list_entry *attribute; 1078 struct ulfs_extattr_header ueh; 1079 struct mount *mp = vp->v_mount; 1080 struct ulfsmount *ump = VFSTOULFS(mp); 1081 off_t base_offset; 1082 size_t len, old_len; 1083 int error = 0; 1084 1085 if (strlen(name) == 0) 1086 return (EINVAL); 1087 1088 error = extattr_check_cred(vp, attrnamespace, cred, VREAD); 1089 if (error) 1090 return (error); 1091 1092 attribute = ulfs_extattr_find_attr(ump, attrnamespace, name); 1093 if (!attribute) 1094 return (ENODATA); 1095 1096 /* 1097 * Allow only offsets of zero to encourage the read/replace 1098 * extended attribute semantic. Otherwise we can't guarantee 1099 * atomicity, as we don't provide locks for extended attributes. 1100 */ 1101 if (uio != NULL && uio->uio_offset != 0) 1102 return (ENXIO); 1103 1104 /* 1105 * Don't need to get a lock on the backing file if the getattr is 1106 * being applied to the backing file, as the lock is already held. 1107 */ 1108 if (attribute->uele_backing_vnode != vp) 1109 vn_lock(attribute->uele_backing_vnode, LK_SHARED | LK_RETRY); 1110 1111 error = ulfs_extattr_get_header(vp, attribute, &ueh, &base_offset); 1112 if (error) 1113 goto vopunlock_exit; 1114 1115 /* Return full data size if caller requested it. */ 1116 if (size != NULL) 1117 *size = ueh.ueh_len; 1118 1119 /* Return data if the caller requested it. */ 1120 if (uio != NULL) { 1121 /* Allow for offset into the attribute data. */ 1122 uio->uio_offset = base_offset + sizeof(struct 1123 ulfs_extattr_header); 1124 1125 /* 1126 * Figure out maximum to transfer -- use buffer size and 1127 * local data limit. 1128 */ 1129 len = MIN(uio->uio_resid, ueh.ueh_len); 1130 old_len = uio->uio_resid; 1131 uio->uio_resid = len; 1132 1133 error = VOP_READ(attribute->uele_backing_vnode, uio, 1134 IO_NODELOCKED, ump->um_extattr.uepm_ucred); 1135 if (error) 1136 goto vopunlock_exit; 1137 1138 uio->uio_resid = old_len - (len - uio->uio_resid); 1139 } 1140 1141 vopunlock_exit: 1142 1143 if (uio != NULL) 1144 uio->uio_offset = 0; 1145 1146 if (attribute->uele_backing_vnode != vp) 1147 VOP_UNLOCK(attribute->uele_backing_vnode); 1148 1149 return (error); 1150} 1151 1152/* 1153 * Vnode operation to list extended attribute for a vnode 1154 */ 1155int 1156ulfs_listextattr(struct vop_listextattr_args *ap) 1157/* 1158vop_listextattr { 1159 IN struct vnode *a_vp; 1160 IN int a_attrnamespace; 1161 INOUT struct uio *a_uio; 1162 OUT size_t *a_size; 1163 IN int flag; 1164 IN kauth_cred_t a_cred; 1165 struct proc *a_p; 1166}; 1167*/ 1168{ 1169 struct mount *mp = ap->a_vp->v_mount; 1170 struct ulfsmount *ump = VFSTOULFS(mp); 1171 int error; 1172 1173 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) 1174 return (EOPNOTSUPP); 1175 1176 ulfs_extattr_uepm_lock(ump); 1177 1178 error = ulfs_extattr_list(ap->a_vp, ap->a_attrnamespace, 1179 ap->a_uio, ap->a_size, ap->a_flag, ap->a_cred, curlwp); 1180 1181 ulfs_extattr_uepm_unlock(ump); 1182 1183 return (error); 1184} 1185 1186/* 1187 * Real work associated with retrieving list of attributes--assumes that 1188 * the attribute lock has already been grabbed. 1189 */ 1190static int 1191ulfs_extattr_list(struct vnode *vp, int attrnamespace, 1192 struct uio *uio, size_t *size, int flag, 1193 kauth_cred_t cred, struct lwp *l) 1194{ 1195 struct ulfs_extattr_list_entry *uele; 1196 struct ulfs_extattr_header ueh; 1197 struct mount *mp = vp->v_mount; 1198 struct ulfsmount *ump = VFSTOULFS(mp); 1199 size_t listsize = 0; 1200 int error = 0; 1201 1202 /* 1203 * XXX: We can move this inside the loop and iterate on individual 1204 * attributes. 1205 */ 1206 error = extattr_check_cred(vp, attrnamespace, cred, VREAD); 1207 if (error) 1208 return (error); 1209 1210 LIST_FOREACH(uele, &ump->um_extattr.uepm_list, uele_entries) { 1211 unsigned char attrnamelen; 1212 1213 if (uele->uele_attrnamespace != attrnamespace) 1214 continue; 1215 1216 error = ulfs_extattr_get_header(vp, uele, &ueh, NULL); 1217 if (error == ENODATA) 1218 continue; 1219 if (error != 0) 1220 return error; 1221 1222 /* 1223 * Don't need to get a lock on the backing file if 1224 * the listattr is being applied to the backing file, 1225 * as the lock is already held. 1226 */ 1227 if (uele->uele_backing_vnode != vp) 1228 vn_lock(uele->uele_backing_vnode, LK_SHARED | LK_RETRY); 1229 1230 /* 1231 * +1 for trailing NUL (listxattr flavor) 1232 * or leading name length (extattr_list_file flavor) 1233 */ 1234 attrnamelen = strlen(uele->uele_attrname); 1235 listsize += attrnamelen + 1; 1236 1237 /* Return data if the caller requested it. */ 1238 if (uio != NULL) { 1239 /* 1240 * We support two flavors. Either NUL-terminated 1241 * strings (a la listxattr), or non NUL-terminated, 1242 * one byte length prefixed strings (for 1243 * extattr_list_file). EXTATTR_LIST_LENPREFIX switches 1244 * that second behavior. 1245 */ 1246 if (flag & EXTATTR_LIST_LENPREFIX) { 1247 uint8_t len = (uint8_t)attrnamelen; 1248 1249 /* Copy leading name length */ 1250 error = uiomove(&len, sizeof(len), uio); 1251 if (error != 0) 1252 break; 1253 } else { 1254 /* Include trailing NULL */ 1255 attrnamelen++; 1256 } 1257 1258 error = uiomove(uele->uele_attrname, 1259 (size_t)attrnamelen, uio); 1260 if (error != 0) 1261 break; 1262 } 1263 1264 if (uele->uele_backing_vnode != vp) 1265 VOP_UNLOCK(uele->uele_backing_vnode); 1266 1267 if (error != 0) 1268 return error; 1269 } 1270 1271 if (uio != NULL) 1272 uio->uio_offset = 0; 1273 1274 /* Return full data size if caller requested it. */ 1275 if (size != NULL) 1276 *size = listsize; 1277 1278 return 0; 1279} 1280 1281/* 1282 * Vnode operation to remove a named attribute. 1283 */ 1284int 1285ulfs_deleteextattr(struct vop_deleteextattr_args *ap) 1286/* 1287vop_deleteextattr { 1288 IN struct vnode *a_vp; 1289 IN int a_attrnamespace; 1290 IN const char *a_name; 1291 IN kauth_cred_t a_cred; 1292}; 1293*/ 1294{ 1295 struct mount *mp = ap->a_vp->v_mount; 1296 struct ulfsmount *ump = VFSTOULFS(mp); 1297 int error; 1298 1299 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) 1300 return (EOPNOTSUPP); 1301 1302 ulfs_extattr_uepm_lock(ump); 1303 1304 error = ulfs_extattr_rm(ap->a_vp, ap->a_attrnamespace, ap->a_name, 1305 ap->a_cred, curlwp); 1306 1307 ulfs_extattr_uepm_unlock(ump); 1308 1309 return (error); 1310} 1311 1312/* 1313 * Vnode operation to set a named attribute. 1314 */ 1315int 1316ulfs_setextattr(struct vop_setextattr_args *ap) 1317/* 1318vop_setextattr { 1319 IN struct vnode *a_vp; 1320 IN int a_attrnamespace; 1321 IN const char *a_name; 1322 INOUT struct uio *a_uio; 1323 IN kauth_cred_t a_cred; 1324}; 1325*/ 1326{ 1327 struct mount *mp = ap->a_vp->v_mount; 1328 struct ulfsmount *ump = VFSTOULFS(mp); 1329 int error; 1330 1331 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) 1332 return (EOPNOTSUPP); 1333 1334 ulfs_extattr_uepm_lock(ump); 1335 1336 /* 1337 * XXX: No longer a supported way to delete extended attributes. 1338 */ 1339 if (ap->a_uio == NULL) { 1340 ulfs_extattr_uepm_unlock(ump); 1341 return (EINVAL); 1342 } 1343 1344 error = ulfs_extattr_set(ap->a_vp, ap->a_attrnamespace, ap->a_name, 1345 ap->a_uio, ap->a_cred, curlwp); 1346 1347 ulfs_extattr_uepm_unlock(ump); 1348 1349 return (error); 1350} 1351 1352/* 1353 * Real work associated with setting a vnode's extended attributes; 1354 * assumes that the attribute lock has already been grabbed. 1355 */ 1356static int 1357ulfs_extattr_set(struct vnode *vp, int attrnamespace, const char *name, 1358 struct uio *uio, kauth_cred_t cred, struct lwp *l) 1359{ 1360 struct ulfs_extattr_list_entry *attribute; 1361 struct ulfs_extattr_header ueh; 1362 struct iovec local_aiov; 1363 struct uio local_aio; 1364 struct mount *mp = vp->v_mount; 1365 struct ulfsmount *ump = VFSTOULFS(mp); 1366 struct inode *ip = VTOI(vp); 1367 off_t base_offset; 1368 int error = 0, ioflag; 1369 1370 if (vp->v_mount->mnt_flag & MNT_RDONLY) 1371 return (EROFS); 1372 1373 if (!ulfs_extattr_valid_attrname(attrnamespace, name)) 1374 return (EINVAL); 1375 1376 error = extattr_check_cred(vp, attrnamespace, cred, VWRITE); 1377 if (error) 1378 return (error); 1379 1380 attribute = ulfs_extattr_find_attr(ump, attrnamespace, name); 1381 if (!attribute) { 1382 error = ulfs_extattr_autocreate_attr(vp, attrnamespace, 1383 name, l, &attribute); 1384 if (error == EEXIST) { 1385 /* Another thread raced us for backend creation */ 1386 error = 0; 1387 attribute = 1388 ulfs_extattr_find_attr(ump, attrnamespace, name); 1389 } 1390 1391 if (error || !attribute) 1392 return ENODATA; 1393 } 1394 1395 /* 1396 * Early rejection of invalid offsets/length. 1397 * Reject: any offset but 0 (replace) 1398 * Any size greater than attribute size limit 1399 */ 1400 if (uio->uio_offset != 0 || 1401 uio->uio_resid > attribute->uele_fileheader.uef_size) 1402 return (ENXIO); 1403 1404 /* 1405 * Find base offset of header in file based on file header size, and 1406 * data header size + maximum data size, indexed by inode number. 1407 */ 1408 base_offset = sizeof(struct ulfs_extattr_fileheader) + 1409 ip->i_number * (sizeof(struct ulfs_extattr_header) + 1410 attribute->uele_fileheader.uef_size); 1411 1412 /* 1413 * Write out a data header for the data. 1414 */ 1415 ueh.ueh_len = ulfs_rw32((uint32_t) uio->uio_resid, 1416 UELE_NEEDSWAP(attribute)); 1417 ueh.ueh_flags = ulfs_rw32(ULFS_EXTATTR_ATTR_FLAG_INUSE, 1418 UELE_NEEDSWAP(attribute)); 1419 ueh.ueh_i_gen = ulfs_rw32(ip->i_gen, UELE_NEEDSWAP(attribute)); 1420 local_aiov.iov_base = &ueh; 1421 local_aiov.iov_len = sizeof(struct ulfs_extattr_header); 1422 local_aio.uio_iov = &local_aiov; 1423 local_aio.uio_iovcnt = 1; 1424 local_aio.uio_rw = UIO_WRITE; 1425 local_aio.uio_offset = base_offset; 1426 local_aio.uio_resid = sizeof(struct ulfs_extattr_header); 1427 UIO_SETUP_SYSSPACE(&local_aio); 1428 1429 /* 1430 * Don't need to get a lock on the backing file if the setattr is 1431 * being applied to the backing file, as the lock is already held. 1432 */ 1433 if (attribute->uele_backing_vnode != vp) 1434 vn_lock(attribute->uele_backing_vnode, 1435 LK_EXCLUSIVE | LK_RETRY); 1436 1437 ioflag = IO_NODELOCKED; 1438 if (ulfs_extattr_sync) 1439 ioflag |= IO_SYNC; 1440 error = VOP_WRITE(attribute->uele_backing_vnode, &local_aio, ioflag, 1441 ump->um_extattr.uepm_ucred); 1442 if (error) 1443 goto vopunlock_exit; 1444 1445 if (local_aio.uio_resid != 0) { 1446 error = ENXIO; 1447 goto vopunlock_exit; 1448 } 1449 1450 /* 1451 * Write out user data. 1452 * XXX NOT ATOMIC WITH RESPECT TO THE HEADER. 1453 */ 1454 uio->uio_offset = base_offset + sizeof(struct ulfs_extattr_header); 1455 1456 ioflag = IO_NODELOCKED; 1457 if (ulfs_extattr_sync) 1458 ioflag |= IO_SYNC; 1459 error = VOP_WRITE(attribute->uele_backing_vnode, uio, ioflag, 1460 ump->um_extattr.uepm_ucred); 1461 1462 vopunlock_exit: 1463 uio->uio_offset = 0; 1464 1465 if (attribute->uele_backing_vnode != vp) 1466 VOP_UNLOCK(attribute->uele_backing_vnode); 1467 1468 return (error); 1469} 1470 1471/* 1472 * Real work associated with removing an extended attribute from a vnode. 1473 * Assumes the attribute lock has already been grabbed. 1474 */ 1475static int 1476ulfs_extattr_rm(struct vnode *vp, int attrnamespace, const char *name, 1477 kauth_cred_t cred, struct lwp *l) 1478{ 1479 struct ulfs_extattr_list_entry *attribute; 1480 struct ulfs_extattr_header ueh; 1481 struct mount *mp = vp->v_mount; 1482 struct ulfsmount *ump = VFSTOULFS(mp); 1483 struct iovec local_aiov; 1484 struct uio local_aio; 1485 off_t base_offset; 1486 int error = 0, ioflag; 1487 1488 if (vp->v_mount->mnt_flag & MNT_RDONLY) 1489 return (EROFS); 1490 1491 if (!ulfs_extattr_valid_attrname(attrnamespace, name)) 1492 return (EINVAL); 1493 1494 error = extattr_check_cred(vp, attrnamespace, cred, VWRITE); 1495 if (error) 1496 return (error); 1497 1498 attribute = ulfs_extattr_find_attr(ump, attrnamespace, name); 1499 if (!attribute) 1500 return (ENODATA); 1501 1502 /* 1503 * Don't need to get a lock on the backing file if the getattr is 1504 * being applied to the backing file, as the lock is already held. 1505 */ 1506 if (attribute->uele_backing_vnode != vp) 1507 vn_lock(attribute->uele_backing_vnode, LK_EXCLUSIVE | LK_RETRY); 1508 1509 error = ulfs_extattr_get_header(vp, attribute, &ueh, &base_offset); 1510 if (error) 1511 goto vopunlock_exit; 1512 1513 /* Flag it as not in use. */ 1514 ueh.ueh_flags = 0; /* No need to byte swap 0 */ 1515 ueh.ueh_len = 0; /* ...ditto... */ 1516 1517 local_aiov.iov_base = &ueh; 1518 local_aiov.iov_len = sizeof(struct ulfs_extattr_header); 1519 local_aio.uio_iov = &local_aiov; 1520 local_aio.uio_iovcnt = 1; 1521 local_aio.uio_rw = UIO_WRITE; 1522 local_aio.uio_offset = base_offset; 1523 local_aio.uio_resid = sizeof(struct ulfs_extattr_header); 1524 UIO_SETUP_SYSSPACE(&local_aio); 1525 1526 ioflag = IO_NODELOCKED; 1527 if (ulfs_extattr_sync) 1528 ioflag |= IO_SYNC; 1529 error = VOP_WRITE(attribute->uele_backing_vnode, &local_aio, ioflag, 1530 ump->um_extattr.uepm_ucred); 1531 if (error) 1532 goto vopunlock_exit; 1533 1534 if (local_aio.uio_resid != 0) 1535 error = ENXIO; 1536 1537 vopunlock_exit: 1538 VOP_UNLOCK(attribute->uele_backing_vnode); 1539 1540 return (error); 1541} 1542 1543/* 1544 * Called by ULFS when an inode is no longer active and should have its 1545 * attributes stripped. 1546 */ 1547void 1548ulfs_extattr_vnode_inactive(struct vnode *vp, struct lwp *l) 1549{ 1550 struct ulfs_extattr_list_entry *uele; 1551 struct mount *mp = vp->v_mount; 1552 struct ulfsmount *ump = VFSTOULFS(mp); 1553 1554 /* 1555 * In that case, we cannot lock. We should not have any active vnodes 1556 * on the fs if this is not yet initialized but is going to be, so 1557 * this can go unlocked. 1558 */ 1559 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_INITIALIZED)) 1560 return; 1561 1562 if (!(ump->um_extattr.uepm_flags & ULFS_EXTATTR_UEPM_STARTED)) 1563 return; 1564 1565 ulfs_extattr_uepm_lock(ump); 1566 1567 LIST_FOREACH(uele, &ump->um_extattr.uepm_list, uele_entries) 1568 ulfs_extattr_rm(vp, uele->uele_attrnamespace, 1569 uele->uele_attrname, lwp0.l_cred, l); 1570 1571 ulfs_extattr_uepm_unlock(ump); 1572} 1573 1574void 1575ulfs_extattr_init(void) 1576{ 1577 1578} 1579 1580void 1581ulfs_extattr_done(void) 1582{ 1583 1584} 1585