/* * linux/fs/reiserfs/xattr.c * * Copyright (c) 2002 by Jeff Mahoney, <jeffm@suse.com> * */ /* * In order to implement EA/ACLs in a clean, backwards compatible manner, * they are implemented as files in a "private" directory. * Each EA is in it's own file, with the directory layout like so (/ is assumed * to be relative to fs root). Inside the /.reiserfs_priv/xattrs directory, * directories named using the capital-hex form of the objectid and * generation number are used. Inside each directory are individual files * named with the name of the extended attribute. * * So, for objectid 12648430, we could have: * /.reiserfs_priv/xattrs/C0FFEE.0/system.posix_acl_access * /.reiserfs_priv/xattrs/C0FFEE.0/system.posix_acl_default * /.reiserfs_priv/xattrs/C0FFEE.0/user.Content-Type * .. or similar. * * The file contents are the text of the EA. The size is known based on the * stat data describing the file. * * In the case of system.posix_acl_access and system.posix_acl_default, since * these are special cases for filesystem ACLs, they are interpreted by the * kernel, in addition, they are negatively and positively cached and attached * to the inode so that unnecessary lookups are avoided. */ #include <linux/reiserfs_fs.h> #include <linux/dcache.h> #include <linux/namei.h> #include <linux/errno.h> #include <linux/fs.h> #include <linux/file.h> #include <linux/pagemap.h> #include <linux/xattr.h> #include <linux/reiserfs_xattr.h> #include <linux/reiserfs_acl.h> #include <asm/uaccess.h> #include <asm/checksum.h> #include <linux/smp_lock.h> #include <linux/stat.h> #include <asm/semaphore.h> #define FL_READONLY 128 #define FL_DIR_SEM_HELD 256 #define PRIVROOT_NAME ".reiserfs_priv" #define XAROOT_NAME "xattrs" static struct reiserfs_xattr_handler *find_xattr_handler_prefix(const char *prefix); static struct dentry *create_xa_root(struct super_block *sb) { struct dentry *privroot = dget(REISERFS_SB(sb)->priv_root); struct dentry *xaroot; /* This needs to be created at mount-time */ if (!privroot) return ERR_PTR(-EOPNOTSUPP); xaroot = lookup_one_len(XAROOT_NAME, privroot, strlen(XAROOT_NAME)); if (IS_ERR(xaroot)) { goto out; } else if (!xaroot->d_inode) { int err; down(&privroot->d_inode->i_sem); err = privroot->d_inode->i_op->mkdir(privroot->d_inode, xaroot, 0700); up(&privroot->d_inode->i_sem); if (err) { dput(xaroot); dput(privroot); return ERR_PTR(err); } REISERFS_SB(sb)->xattr_root = dget(xaroot); } out: dput(privroot); return xaroot; } /* This will return a dentry, or error, refering to the xa root directory. * If the xa root doesn't exist yet, the dentry will be returned without * an associated inode. This dentry can be used with ->mkdir to create * the xa directory. */ static struct dentry *__get_xa_root(struct super_block *s) { struct dentry *privroot = dget(REISERFS_SB(s)->priv_root); struct dentry *xaroot = NULL; if (IS_ERR(privroot) || !privroot) return privroot; xaroot = lookup_one_len(XAROOT_NAME, privroot, strlen(XAROOT_NAME)); if (IS_ERR(xaroot)) { goto out; } else if (!xaroot->d_inode) { dput(xaroot); xaroot = NULL; goto out; } REISERFS_SB(s)->xattr_root = dget(xaroot); out: dput(privroot); return xaroot; } /* Returns the dentry (or NULL) referring to the root of the extended * attribute directory tree. If it has already been retreived, it is used. * Otherwise, we attempt to retreive it from disk. It may also return * a pointer-encoded error. */ static inline struct dentry *get_xa_root(struct super_block *s) { struct dentry *dentry = dget(REISERFS_SB(s)->xattr_root); if (!dentry) dentry = __get_xa_root(s); return dentry; } /* Opens the directory corresponding to the inode's extended attribute store. * If flags allow, the tree to the directory may be created. If creation is * prohibited, -ENODATA is returned. */ static struct dentry *open_xa_dir(const struct inode *inode, int flags) { struct dentry *xaroot, *xadir; char namebuf[17]; xaroot = get_xa_root(inode->i_sb); if (IS_ERR(xaroot)) { return xaroot; } else if (!xaroot) { if (flags == 0 || flags & XATTR_CREATE) { xaroot = create_xa_root(inode->i_sb); if (IS_ERR(xaroot)) return xaroot; } if (!xaroot) return ERR_PTR(-ENODATA); } /* ok, we have xaroot open */ snprintf(namebuf, sizeof(namebuf), "%X.%X", le32_to_cpu(INODE_PKEY(inode)->k_objectid), inode->i_generation); xadir = lookup_one_len(namebuf, xaroot, strlen(namebuf)); if (IS_ERR(xadir)) { dput(xaroot); return xadir; } if (!xadir->d_inode) { int err; if (flags == 0 || flags & XATTR_CREATE) { /* Although there is nothing else trying to create this directory, * another directory with the same hash may be created, so we need * to protect against that */ err = xaroot->d_inode->i_op->mkdir(xaroot->d_inode, xadir, 0700); if (err) { dput(xaroot); dput(xadir); return ERR_PTR(err); } } if (!xadir->d_inode) { dput(xaroot); dput(xadir); return ERR_PTR(-ENODATA); } } dput(xaroot); return xadir; } /* Returns a dentry corresponding to a specific extended attribute file * for the inode. If flags allow, the file is created. Otherwise, a * valid or negative dentry, or an error is returned. */ static struct dentry *get_xa_file_dentry(const struct inode *inode, const char *name, int flags) { struct dentry *xadir, *xafile; int err = 0; xadir = open_xa_dir(inode, flags); if (IS_ERR(xadir)) { return ERR_PTR(PTR_ERR(xadir)); } else if (xadir && !xadir->d_inode) { dput(xadir); return ERR_PTR(-ENODATA); } xafile = lookup_one_len(name, xadir, strlen(name)); if (IS_ERR(xafile)) { dput(xadir); return ERR_PTR(PTR_ERR(xafile)); } if (xafile->d_inode) { /* file exists */ if (flags & XATTR_CREATE) { err = -EEXIST; dput(xafile); goto out; } } else if (flags & XATTR_REPLACE || flags & FL_READONLY) { goto out; } else { /* inode->i_sem is down, so nothing else can try to create * the same xattr */ err = xadir->d_inode->i_op->create(xadir->d_inode, xafile, 0700 | S_IFREG, NULL); if (err) { dput(xafile); goto out; } } out: dput(xadir); if (err) xafile = ERR_PTR(err); return xafile; } /* Opens a file pointer to the attribute associated with inode */ static struct file *open_xa_file(const struct inode *inode, const char *name, int flags) { struct dentry *xafile; struct file *fp; xafile = get_xa_file_dentry(inode, name, flags); if (IS_ERR(xafile)) return ERR_PTR(PTR_ERR(xafile)); else if (!xafile->d_inode) { dput(xafile); return ERR_PTR(-ENODATA); } fp = dentry_open(xafile, NULL, O_RDWR); /* dentry_open dputs the dentry if it fails */ return fp; } /* * this is very similar to fs/reiserfs/dir.c:reiserfs_readdir, but * we need to drop the path before calling the filldir struct. That * would be a big performance hit to the non-xattr case, so I've copied * the whole thing for now. --clm * * the big difference is that I go backwards through the directory, * and don't mess with f->f_pos, but the idea is the same. Do some * action on each and every entry in the directory. * * we're called with i_sem held, so there are no worries about the directory * changing underneath us. */ static int __xattr_readdir(struct file *filp, void *dirent, filldir_t filldir) { struct inode *inode = filp->f_dentry->d_inode; struct cpu_key pos_key; /* key of current position in the directory (key of directory entry) */ INITIALIZE_PATH(path_to_entry); struct buffer_head *bh; int entry_num; struct item_head *ih, tmp_ih; int search_res; char *local_buf; loff_t next_pos; char small_buf[32]; /* avoid kmalloc if we can */ struct reiserfs_de_head *deh; int d_reclen; char *d_name; off_t d_off; ino_t d_ino; struct reiserfs_dir_entry de; /* form key for search the next directory entry using f_pos field of file structure */ next_pos = max_reiserfs_offset(inode); while (1) { research: if (next_pos <= DOT_DOT_OFFSET) break; make_cpu_key(&pos_key, inode, next_pos, TYPE_DIRENTRY, 3); search_res = search_by_entry_key(inode->i_sb, &pos_key, &path_to_entry, &de); if (search_res == IO_ERROR) { // FIXME: we could just skip part of directory which could // not be read pathrelse(&path_to_entry); return -EIO; } if (search_res == NAME_NOT_FOUND) de.de_entry_num--; set_de_name_and_namelen(&de); entry_num = de.de_entry_num; deh = &(de.de_deh[entry_num]); bh = de.de_bh; ih = de.de_ih; if (!is_direntry_le_ih(ih)) { reiserfs_warning(inode->i_sb, "not direntry %h", ih); break; } copy_item_head(&tmp_ih, ih); /* we must have found item, that is item of this directory, */ RFALSE(COMP_SHORT_KEYS(&(ih->ih_key), &pos_key), "vs-9000: found item %h does not match to dir we readdir %K", ih, &pos_key); if (deh_offset(deh) <= DOT_DOT_OFFSET) { break; } /* look for the previous entry in the directory */ next_pos = deh_offset(deh) - 1; if (!de_visible(deh)) /* it is hidden entry */ continue; d_reclen = entry_length(bh, ih, entry_num); d_name = B_I_DEH_ENTRY_FILE_NAME(bh, ih, deh); d_off = deh_offset(deh); d_ino = deh_objectid(deh); if (!d_name[d_reclen - 1]) d_reclen = strlen(d_name); if (d_reclen > REISERFS_MAX_NAME(inode->i_sb->s_blocksize)) { /* too big to send back to VFS */ continue; } /* Ignore the .reiserfs_priv entry */ if (reiserfs_xattrs(inode->i_sb) && !old_format_only(inode->i_sb) && deh_objectid(deh) == le32_to_cpu(INODE_PKEY (REISERFS_SB(inode->i_sb)->priv_root->d_inode)-> k_objectid)) continue; if (d_reclen <= 32) { local_buf = small_buf; } else { local_buf = reiserfs_kmalloc(d_reclen, GFP_NOFS, inode->i_sb); if (!local_buf) { pathrelse(&path_to_entry); return -ENOMEM; } if (item_moved(&tmp_ih, &path_to_entry)) { reiserfs_kfree(local_buf, d_reclen, inode->i_sb); /* sigh, must retry. Do this same offset again */ next_pos = d_off; goto research; } } // Note, that we copy name to user space via temporary // buffer (local_buf) because filldir will block if // user space buffer is swapped out. At that time // entry can move to somewhere else memcpy(local_buf, d_name, d_reclen); /* the filldir function might need to start transactions, * or do who knows what. Release the path now that we've * copied all the important stuff out of the deh */ pathrelse(&path_to_entry); if (filldir(dirent, local_buf, d_reclen, d_off, d_ino, DT_UNKNOWN) < 0) { if (local_buf != small_buf) { reiserfs_kfree(local_buf, d_reclen, inode->i_sb); } goto end; } if (local_buf != small_buf) { reiserfs_kfree(local_buf, d_reclen, inode->i_sb); } } /* while */ end: pathrelse(&path_to_entry); return 0; } /* * this could be done with dedicated readdir ops for the xattr files, * but I want to get something working asap * this is stolen from vfs_readdir * */ static int xattr_readdir(struct file *file, filldir_t filler, void *buf) { struct inode *inode = file->f_dentry->d_inode; int res = -ENOTDIR; if (!file->f_op || !file->f_op->readdir) goto out; down(&inode->i_sem); // down(&inode->i_zombie); res = -ENOENT; if (!IS_DEADDIR(inode)) { lock_kernel(); res = __xattr_readdir(file, buf, filler); unlock_kernel(); } // up(&inode->i_zombie); up(&inode->i_sem); out: return res; } /* Internal operations on file data */ static inline void reiserfs_put_page(struct page *page) { kunmap(page); page_cache_release(page); } static struct page *reiserfs_get_page(struct inode *dir, unsigned long n) { struct address_space *mapping = dir->i_mapping; struct page *page; /* We can deadlock if we try to free dentries, and an unlink/rmdir has just occured - GFP_NOFS avoids this */ mapping_set_gfp_mask(mapping, GFP_NOFS); page = read_cache_page(mapping, n, (filler_t *) mapping->a_ops->readpage, NULL); if (!IS_ERR(page)) { wait_on_page_locked(page); kmap(page); if (!PageUptodate(page)) goto fail; if (PageError(page)) goto fail; } return page; fail: reiserfs_put_page(page); return ERR_PTR(-EIO); } static inline __u32 xattr_hash(const char *msg, int len) { return csum_partial(msg, len, 0); } /* Generic extended attribute operations that can be used by xa plugins */ /* * inode->i_sem: down */ int reiserfs_xattr_set(struct inode *inode, const char *name, const void *buffer, size_t buffer_size, int flags) { int err = 0; struct file *fp; struct page *page; char *data; struct address_space *mapping; size_t file_pos = 0; size_t buffer_pos = 0; struct inode *xinode; struct iattr newattrs; __u32 xahash = 0; if (IS_RDONLY(inode)) return -EROFS; if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) return -EPERM; if (get_inode_sd_version(inode) == STAT_DATA_V1) return -EOPNOTSUPP; /* Empty xattrs are ok, they're just empty files, no hash */ if (buffer && buffer_size) xahash = xattr_hash(buffer, buffer_size); open_file: fp = open_xa_file(inode, name, flags); if (IS_ERR(fp)) { err = PTR_ERR(fp); goto out; } xinode = fp->f_dentry->d_inode; REISERFS_I(inode)->i_flags |= i_has_xattr_dir; /* we need to copy it off.. */ if (xinode->i_nlink > 1) { fput(fp); err = reiserfs_xattr_del(inode, name); if (err < 0) goto out; /* We just killed the old one, we're not replacing anymore */ if (flags & XATTR_REPLACE) flags &= ~XATTR_REPLACE; goto open_file; } /* Resize it so we're ok to write there */ newattrs.ia_size = buffer_size; newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; down(&xinode->i_sem); err = notify_change(fp->f_dentry, &newattrs); if (err) goto out_filp; mapping = xinode->i_mapping; while (buffer_pos < buffer_size || buffer_pos == 0) { size_t chunk; size_t skip = 0; size_t page_offset = (file_pos & (PAGE_CACHE_SIZE - 1)); if (buffer_size - buffer_pos > PAGE_CACHE_SIZE) chunk = PAGE_CACHE_SIZE; else chunk = buffer_size - buffer_pos; page = reiserfs_get_page(xinode, file_pos >> PAGE_CACHE_SHIFT); if (IS_ERR(page)) { err = PTR_ERR(page); goto out_filp; } lock_page(page); data = page_address(page); if (file_pos == 0) { struct reiserfs_xattr_header *rxh; skip = file_pos = sizeof(struct reiserfs_xattr_header); if (chunk + skip > PAGE_CACHE_SIZE) chunk = PAGE_CACHE_SIZE - skip; rxh = (struct reiserfs_xattr_header *)data; rxh->h_magic = cpu_to_le32(REISERFS_XATTR_MAGIC); rxh->h_hash = cpu_to_le32(xahash); } err = mapping->a_ops->prepare_write(fp, page, page_offset, page_offset + chunk + skip); if (!err) { if (buffer) memcpy(data + skip, buffer + buffer_pos, chunk); err = mapping->a_ops->commit_write(fp, page, page_offset, page_offset + chunk + skip); } unlock_page(page); reiserfs_put_page(page); buffer_pos += chunk; file_pos += chunk; skip = 0; if (err || buffer_size == 0 || !buffer) break; } /* We can't mark the inode dirty if it's not hashed. This is the case * when we're inheriting the default ACL. If we dirty it, the inode * gets marked dirty, but won't (ever) make it onto the dirty list until * it's synced explicitly to clear I_DIRTY. This is bad. */ if (!hlist_unhashed(&inode->i_hash)) { inode->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(inode); } out_filp: up(&xinode->i_sem); fput(fp); out: return err; } /* * inode->i_sem: down */ int reiserfs_xattr_get(const struct inode *inode, const char *name, void *buffer, size_t buffer_size) { ssize_t err = 0; struct file *fp; size_t isize; size_t file_pos = 0; size_t buffer_pos = 0; struct page *page; struct inode *xinode; __u32 hash = 0; if (name == NULL) return -EINVAL; /* We can't have xattrs attached to v1 items since they don't have * generation numbers */ if (get_inode_sd_version(inode) == STAT_DATA_V1) return -EOPNOTSUPP; fp = open_xa_file(inode, name, FL_READONLY); if (IS_ERR(fp)) { err = PTR_ERR(fp); goto out; } xinode = fp->f_dentry->d_inode; isize = xinode->i_size; REISERFS_I(inode)->i_flags |= i_has_xattr_dir; /* Just return the size needed */ if (buffer == NULL) { err = isize - sizeof(struct reiserfs_xattr_header); goto out_dput; } if (buffer_size < isize - sizeof(struct reiserfs_xattr_header)) { err = -ERANGE; goto out_dput; } while (file_pos < isize) { size_t chunk; char *data; size_t skip = 0; if (isize - file_pos > PAGE_CACHE_SIZE) chunk = PAGE_CACHE_SIZE; else chunk = isize - file_pos; page = reiserfs_get_page(xinode, file_pos >> PAGE_CACHE_SHIFT); if (IS_ERR(page)) { err = PTR_ERR(page); goto out_dput; } lock_page(page); data = page_address(page); if (file_pos == 0) { struct reiserfs_xattr_header *rxh = (struct reiserfs_xattr_header *)data; skip = file_pos = sizeof(struct reiserfs_xattr_header); chunk -= skip; /* Magic doesn't match up.. */ if (rxh->h_magic != cpu_to_le32(REISERFS_XATTR_MAGIC)) { unlock_page(page); reiserfs_put_page(page); reiserfs_warning(inode->i_sb, "Invalid magic for xattr (%s) " "associated with %k", name, INODE_PKEY(inode)); err = -EIO; goto out_dput; } hash = le32_to_cpu(rxh->h_hash); } memcpy(buffer + buffer_pos, data + skip, chunk); unlock_page(page); reiserfs_put_page(page); file_pos += chunk; buffer_pos += chunk; skip = 0; } err = isize - sizeof(struct reiserfs_xattr_header); if (xattr_hash(buffer, isize - sizeof(struct reiserfs_xattr_header)) != hash) { reiserfs_warning(inode->i_sb, "Invalid hash for xattr (%s) associated " "with %k", name, INODE_PKEY(inode)); err = -EIO; } out_dput: fput(fp); out: return err; } static int __reiserfs_xattr_del(struct dentry *xadir, const char *name, int namelen) { struct dentry *dentry; struct inode *dir = xadir->d_inode; int err = 0; dentry = lookup_one_len(name, xadir, namelen); if (IS_ERR(dentry)) { err = PTR_ERR(dentry); goto out; } else if (!dentry->d_inode) { err = -ENODATA; goto out_file; } /* Skip directories.. */ if (S_ISDIR(dentry->d_inode->i_mode)) goto out_file; if (!is_reiserfs_priv_object(dentry->d_inode)) { reiserfs_warning(dir->i_sb, "OID %08x [%.*s/%.*s] doesn't have " "priv flag set [parent is %sset].", le32_to_cpu(INODE_PKEY(dentry->d_inode)-> k_objectid), xadir->d_name.len, xadir->d_name.name, namelen, name, is_reiserfs_priv_object(xadir-> d_inode) ? "" : "not "); dput(dentry); return -EIO; } err = dir->i_op->unlink(dir, dentry); if (!err) d_delete(dentry); out_file: dput(dentry); out: return err; } int reiserfs_xattr_del(struct inode *inode, const char *name) { struct dentry *dir; int err; if (IS_RDONLY(inode)) return -EROFS; dir = open_xa_dir(inode, FL_READONLY); if (IS_ERR(dir)) { err = PTR_ERR(dir); goto out; } err = __reiserfs_xattr_del(dir, name, strlen(name)); dput(dir); if (!err) { inode->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(inode); } out: return err; } /* The following are side effects of other operations that aren't explicitly * modifying extended attributes. This includes operations such as permissions * or ownership changes, object deletions, etc. */ static int reiserfs_delete_xattrs_filler(void *buf, const char *name, int namelen, loff_t offset, ino_t ino, unsigned int d_type) { struct dentry *xadir = (struct dentry *)buf; return __reiserfs_xattr_del(xadir, name, namelen); } /* This is called w/ inode->i_sem downed */ int reiserfs_delete_xattrs(struct inode *inode) { struct file *fp; struct dentry *dir, *root; int err = 0; /* Skip out, an xattr has no xattrs associated with it */ if (is_reiserfs_priv_object(inode) || get_inode_sd_version(inode) == STAT_DATA_V1 || !reiserfs_xattrs(inode->i_sb)) { return 0; } reiserfs_read_lock_xattrs(inode->i_sb); dir = open_xa_dir(inode, FL_READONLY); reiserfs_read_unlock_xattrs(inode->i_sb); if (IS_ERR(dir)) { err = PTR_ERR(dir); goto out; } else if (!dir->d_inode) { dput(dir); return 0; } fp = dentry_open(dir, NULL, O_RDWR); if (IS_ERR(fp)) { err = PTR_ERR(fp); /* dentry_open dputs the dentry if it fails */ goto out; } lock_kernel(); err = xattr_readdir(fp, reiserfs_delete_xattrs_filler, dir); if (err) { unlock_kernel(); goto out_dir; } /* Leftovers besides . and .. -- that's not good. */ if (dir->d_inode->i_nlink <= 2) { root = get_xa_root(inode->i_sb); reiserfs_write_lock_xattrs(inode->i_sb); err = vfs_rmdir(root->d_inode, dir); reiserfs_write_unlock_xattrs(inode->i_sb); dput(root); } else { reiserfs_warning(inode->i_sb, "Couldn't remove all entries in directory"); } unlock_kernel(); out_dir: fput(fp); out: if (!err) REISERFS_I(inode)->i_flags = REISERFS_I(inode)->i_flags & ~i_has_xattr_dir; return err; } struct reiserfs_chown_buf { struct inode *inode; struct dentry *xadir; struct iattr *attrs; }; /* XXX: If there is a better way to do this, I'd love to hear about it */ static int reiserfs_chown_xattrs_filler(void *buf, const char *name, int namelen, loff_t offset, ino_t ino, unsigned int d_type) { struct reiserfs_chown_buf *chown_buf = (struct reiserfs_chown_buf *)buf; struct dentry *xafile, *xadir = chown_buf->xadir; struct iattr *attrs = chown_buf->attrs; int err = 0; xafile = lookup_one_len(name, xadir, namelen); if (IS_ERR(xafile)) return PTR_ERR(xafile); else if (!xafile->d_inode) { dput(xafile); return -ENODATA; } if (!S_ISDIR(xafile->d_inode->i_mode)) err = notify_change(xafile, attrs); dput(xafile); return err; } int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs) { struct file *fp; struct dentry *dir; int err = 0; struct reiserfs_chown_buf buf; unsigned int ia_valid = attrs->ia_valid; /* Skip out, an xattr has no xattrs associated with it */ if (is_reiserfs_priv_object(inode) || get_inode_sd_version(inode) == STAT_DATA_V1 || !reiserfs_xattrs(inode->i_sb)) { return 0; } reiserfs_read_lock_xattrs(inode->i_sb); dir = open_xa_dir(inode, FL_READONLY); reiserfs_read_unlock_xattrs(inode->i_sb); if (IS_ERR(dir)) { if (PTR_ERR(dir) != -ENODATA) err = PTR_ERR(dir); goto out; } else if (!dir->d_inode) { dput(dir); goto out; } fp = dentry_open(dir, NULL, O_RDWR); if (IS_ERR(fp)) { err = PTR_ERR(fp); /* dentry_open dputs the dentry if it fails */ goto out; } lock_kernel(); attrs->ia_valid &= (ATTR_UID | ATTR_GID | ATTR_CTIME); buf.xadir = dir; buf.attrs = attrs; buf.inode = inode; err = xattr_readdir(fp, reiserfs_chown_xattrs_filler, &buf); if (err) { unlock_kernel(); goto out_dir; } err = notify_change(dir, attrs); unlock_kernel(); out_dir: fput(fp); out: attrs->ia_valid = ia_valid; return err; } /* Actual operations that are exported to VFS-land */ /* * Inode operation getxattr() * Preliminary locking: we down dentry->d_inode->i_sem */ ssize_t reiserfs_getxattr(struct dentry * dentry, const char *name, void *buffer, size_t size) { struct reiserfs_xattr_handler *xah = find_xattr_handler_prefix(name); int err; if (!xah || !reiserfs_xattrs(dentry->d_sb) || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; reiserfs_read_lock_xattr_i(dentry->d_inode); reiserfs_read_lock_xattrs(dentry->d_sb); err = xah->get(dentry->d_inode, name, buffer, size); reiserfs_read_unlock_xattrs(dentry->d_sb); reiserfs_read_unlock_xattr_i(dentry->d_inode); return err; } /* * Inode operation setxattr() * * dentry->d_inode->i_sem down */ int reiserfs_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct reiserfs_xattr_handler *xah = find_xattr_handler_prefix(name); int err; int lock; if (!xah || !reiserfs_xattrs(dentry->d_sb) || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; if (IS_RDONLY(dentry->d_inode)) return -EROFS; if (IS_IMMUTABLE(dentry->d_inode) || IS_APPEND(dentry->d_inode)) return -EROFS; reiserfs_write_lock_xattr_i(dentry->d_inode); lock = !has_xattr_dir(dentry->d_inode); if (lock) reiserfs_write_lock_xattrs(dentry->d_sb); else reiserfs_read_lock_xattrs(dentry->d_sb); err = xah->set(dentry->d_inode, name, value, size, flags); if (lock) reiserfs_write_unlock_xattrs(dentry->d_sb); else reiserfs_read_unlock_xattrs(dentry->d_sb); reiserfs_write_unlock_xattr_i(dentry->d_inode); return err; } /* * Inode operation removexattr() * * dentry->d_inode->i_sem down */ int reiserfs_removexattr(struct dentry *dentry, const char *name) { int err; struct reiserfs_xattr_handler *xah = find_xattr_handler_prefix(name); if (!xah || !reiserfs_xattrs(dentry->d_sb) || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; if (IS_RDONLY(dentry->d_inode)) return -EROFS; if (IS_IMMUTABLE(dentry->d_inode) || IS_APPEND(dentry->d_inode)) return -EPERM; reiserfs_write_lock_xattr_i(dentry->d_inode); reiserfs_read_lock_xattrs(dentry->d_sb); /* Deletion pre-operation */ if (xah->del) { err = xah->del(dentry->d_inode, name); if (err) goto out; } err = reiserfs_xattr_del(dentry->d_inode, name); dentry->d_inode->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(dentry->d_inode); out: reiserfs_read_unlock_xattrs(dentry->d_sb); reiserfs_write_unlock_xattr_i(dentry->d_inode); return err; } /* This is what filldir will use: * r_pos will always contain the amount of space required for the entire * list. If r_pos becomes larger than r_size, we need more space and we * return an error indicating this. If r_pos is less than r_size, then we've * filled the buffer successfully and we return success */ struct reiserfs_listxattr_buf { int r_pos; int r_size; char *r_buf; struct inode *r_inode; }; static int reiserfs_listxattr_filler(void *buf, const char *name, int namelen, loff_t offset, ino_t ino, unsigned int d_type) { struct reiserfs_listxattr_buf *b = (struct reiserfs_listxattr_buf *)buf; int len = 0; if (name[0] != '.' || (namelen != 1 && (name[1] != '.' || namelen != 2))) { struct reiserfs_xattr_handler *xah = find_xattr_handler_prefix(name); if (!xah) return 0; /* Unsupported xattr name, skip it */ /* We call ->list() twice because the operation isn't required to just * return the name back - we want to make sure we have enough space */ len += xah->list(b->r_inode, name, namelen, NULL); if (len) { if (b->r_pos + len + 1 <= b->r_size) { char *p = b->r_buf + b->r_pos; p += xah->list(b->r_inode, name, namelen, p); *p++ = '\0'; } b->r_pos += len + 1; } } return 0; } /* * Inode operation listxattr() * * Preliminary locking: we down dentry->d_inode->i_sem */ ssize_t reiserfs_listxattr(struct dentry * dentry, char *buffer, size_t size) { struct file *fp; struct dentry *dir; int err = 0; struct reiserfs_listxattr_buf buf; if (!dentry->d_inode) return -EINVAL; if (!reiserfs_xattrs(dentry->d_sb) || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; reiserfs_read_lock_xattr_i(dentry->d_inode); reiserfs_read_lock_xattrs(dentry->d_sb); dir = open_xa_dir(dentry->d_inode, FL_READONLY); reiserfs_read_unlock_xattrs(dentry->d_sb); if (IS_ERR(dir)) { err = PTR_ERR(dir); if (err == -ENODATA) err = 0; /* Not an error if there aren't any xattrs */ goto out; } fp = dentry_open(dir, NULL, O_RDWR); if (IS_ERR(fp)) { err = PTR_ERR(fp); /* dentry_open dputs the dentry if it fails */ goto out; } buf.r_buf = buffer; buf.r_size = buffer ? size : 0; buf.r_pos = 0; buf.r_inode = dentry->d_inode; REISERFS_I(dentry->d_inode)->i_flags |= i_has_xattr_dir; err = xattr_readdir(fp, reiserfs_listxattr_filler, &buf); if (err) goto out_dir; if (buf.r_pos > buf.r_size && buffer != NULL) err = -ERANGE; else err = buf.r_pos; out_dir: fput(fp); out: reiserfs_read_unlock_xattr_i(dentry->d_inode); return err; } /* This is the implementation for the xattr plugin infrastructure */ static struct list_head xattr_handlers = LIST_HEAD_INIT(xattr_handlers); static DEFINE_RWLOCK(handler_lock); static struct reiserfs_xattr_handler *find_xattr_handler_prefix(const char *prefix) { struct reiserfs_xattr_handler *xah = NULL; struct list_head *p; read_lock(&handler_lock); list_for_each(p, &xattr_handlers) { xah = list_entry(p, struct reiserfs_xattr_handler, handlers); if (strncmp(xah->prefix, prefix, strlen(xah->prefix)) == 0) break; xah = NULL; } read_unlock(&handler_lock); return xah; } static void __unregister_handlers(void) { struct reiserfs_xattr_handler *xah; struct list_head *p, *tmp; list_for_each_safe(p, tmp, &xattr_handlers) { xah = list_entry(p, struct reiserfs_xattr_handler, handlers); if (xah->exit) xah->exit(); list_del_init(p); } INIT_LIST_HEAD(&xattr_handlers); } int __init reiserfs_xattr_register_handlers(void) { int err = 0; struct reiserfs_xattr_handler *xah; struct list_head *p; write_lock(&handler_lock); /* If we're already initialized, nothing to do */ if (!list_empty(&xattr_handlers)) { write_unlock(&handler_lock); return 0; } /* Add the handlers */ list_add_tail(&user_handler.handlers, &xattr_handlers); list_add_tail(&trusted_handler.handlers, &xattr_handlers); #ifdef CONFIG_REISERFS_FS_SECURITY list_add_tail(&security_handler.handlers, &xattr_handlers); #endif #ifdef CONFIG_REISERFS_FS_POSIX_ACL list_add_tail(&posix_acl_access_handler.handlers, &xattr_handlers); list_add_tail(&posix_acl_default_handler.handlers, &xattr_handlers); #endif /* Run initializers, if available */ list_for_each(p, &xattr_handlers) { xah = list_entry(p, struct reiserfs_xattr_handler, handlers); if (xah->init) { err = xah->init(); if (err) { list_del_init(p); break; } } } /* Clean up other handlers, if any failed */ if (err) __unregister_handlers(); write_unlock(&handler_lock); return err; } void reiserfs_xattr_unregister_handlers(void) { write_lock(&handler_lock); __unregister_handlers(); write_unlock(&handler_lock); } /* This will catch lookups from the fs root to .reiserfs_priv */ static int xattr_lookup_poison(struct dentry *dentry, struct qstr *q1, struct qstr *name) { struct dentry *priv_root = REISERFS_SB(dentry->d_sb)->priv_root; if (name->len == priv_root->d_name.len && name->hash == priv_root->d_name.hash && !memcmp(name->name, priv_root->d_name.name, name->len)) { return -ENOENT; } else if (q1->len == name->len && !memcmp(q1->name, name->name, name->len)) return 0; return 1; } static struct dentry_operations xattr_lookup_poison_ops = { .d_compare = xattr_lookup_poison, }; /* We need to take a copy of the mount flags since things like * MS_RDONLY don't get set until *after* we're called. * mount_flags != mount_options */ int reiserfs_xattr_init(struct super_block *s, int mount_flags) { int err = 0; /* We need generation numbers to ensure that the oid mapping is correct * v3.5 filesystems don't have them. */ if (!old_format_only(s)) { set_bit(REISERFS_XATTRS, &(REISERFS_SB(s)->s_mount_opt)); } else if (reiserfs_xattrs_optional(s)) { /* Old format filesystem, but optional xattrs have been enabled * at mount time. Error out. */ reiserfs_warning(s, "xattrs/ACLs not supported on pre v3.6 " "format filesystem. Failing mount."); err = -EOPNOTSUPP; goto error; } else { /* Old format filesystem, but no optional xattrs have been enabled. This * means we silently disable xattrs on the filesystem. */ clear_bit(REISERFS_XATTRS, &(REISERFS_SB(s)->s_mount_opt)); } /* If we don't have the privroot located yet - go find it */ if (reiserfs_xattrs(s) && !REISERFS_SB(s)->priv_root) { struct dentry *dentry; dentry = lookup_one_len(PRIVROOT_NAME, s->s_root, strlen(PRIVROOT_NAME)); if (!IS_ERR(dentry)) { if (!(mount_flags & MS_RDONLY) && !dentry->d_inode) { struct inode *inode = dentry->d_parent->d_inode; down(&inode->i_sem); err = inode->i_op->mkdir(inode, dentry, 0700); up(&inode->i_sem); if (err) { dput(dentry); dentry = NULL; } if (dentry && dentry->d_inode) reiserfs_warning(s, "Created %s on %s - reserved for " "xattr storage.", PRIVROOT_NAME, reiserfs_bdevname (inode->i_sb)); } else if (!dentry->d_inode) { dput(dentry); dentry = NULL; } } else err = PTR_ERR(dentry); if (!err && dentry) { s->s_root->d_op = &xattr_lookup_poison_ops; reiserfs_mark_inode_private(dentry->d_inode); REISERFS_SB(s)->priv_root = dentry; } else if (!(mount_flags & MS_RDONLY)) { /* xattrs are unavailable */ /* If we're read-only it just means that the dir hasn't been * created. Not an error -- just no xattrs on the fs. We'll * check again if we go read-write */ reiserfs_warning(s, "xattrs/ACLs enabled and couldn't " "find/create .reiserfs_priv. Failing mount."); err = -EOPNOTSUPP; } } error: /* This is only nonzero if there was an error initializing the xattr * directory or if there is a condition where we don't support them. */ if (err) { clear_bit(REISERFS_XATTRS, &(REISERFS_SB(s)->s_mount_opt)); clear_bit(REISERFS_XATTRS_USER, &(REISERFS_SB(s)->s_mount_opt)); clear_bit(REISERFS_POSIXACL, &(REISERFS_SB(s)->s_mount_opt)); } /* The super_block MS_POSIXACL must mirror the (no)acl mount option. */ s->s_flags = s->s_flags & ~MS_POSIXACL; if (reiserfs_posixacl(s)) s->s_flags |= MS_POSIXACL; return err; } static int __reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd, int need_lock) { umode_t mode = inode->i_mode; if (mask & MAY_WRITE) { /* * Nobody gets write access to a read-only fs. */ if (IS_RDONLY(inode) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) return -EROFS; /* * Nobody gets write access to an immutable file. */ if (IS_IMMUTABLE(inode)) return -EACCES; } /* We don't do permission checks on the internal objects. * Permissions are determined by the "owning" object. */ if (is_reiserfs_priv_object(inode)) return 0; if (current->fsuid == inode->i_uid) { mode >>= 6; #ifdef CONFIG_REISERFS_FS_POSIX_ACL } else if (reiserfs_posixacl(inode->i_sb) && get_inode_sd_version(inode) != STAT_DATA_V1) { struct posix_acl *acl; /* ACL can't contain additional permissions if the ACL_MASK entry is 0 */ if (!(mode & S_IRWXG)) goto check_groups; if (need_lock) { reiserfs_read_lock_xattr_i(inode); reiserfs_read_lock_xattrs(inode->i_sb); } acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS); if (need_lock) { reiserfs_read_unlock_xattrs(inode->i_sb); reiserfs_read_unlock_xattr_i(inode); } if (IS_ERR(acl)) { if (PTR_ERR(acl) == -ENODATA) goto check_groups; return PTR_ERR(acl); } if (acl) { int err = posix_acl_permission(inode, acl, mask); posix_acl_release(acl); if (err == -EACCES) { goto check_capabilities; } return err; } else { goto check_groups; } #endif } else { check_groups: if (in_group_p(inode->i_gid)) mode >>= 3; } /* * If the DACs are ok we don't need any capability check. */ if (((mode & mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == mask)) return 0; check_capabilities: /* * Read/write DACs are always overridable. * Executable DACs are overridable if at least one exec bit is set. */ if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode)) if (capable(CAP_DAC_OVERRIDE)) return 0; /* * Searching includes executable on directories, else just read. */ if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) if (capable(CAP_DAC_READ_SEARCH)) return 0; return -EACCES; } int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd) { return __reiserfs_permission(inode, mask, nd, 1); } int reiserfs_permission_locked(struct inode *inode, int mask, struct nameidata *nd) { return __reiserfs_permission(inode, mask, nd, 0); }