1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * linux/fs/reiserfs/xattr.c |
4 | * |
5 | * Copyright (c) 2002 by Jeff Mahoney, <jeffm@suse.com> |
6 | * |
7 | */ |
8 | |
9 | /* |
10 | * In order to implement EA/ACLs in a clean, backwards compatible manner, |
11 | * they are implemented as files in a "private" directory. |
12 | * Each EA is in it's own file, with the directory layout like so (/ is assumed |
13 | * to be relative to fs root). Inside the /.reiserfs_priv/xattrs directory, |
14 | * directories named using the capital-hex form of the objectid and |
15 | * generation number are used. Inside each directory are individual files |
16 | * named with the name of the extended attribute. |
17 | * |
18 | * So, for objectid 12648430, we could have: |
19 | * /.reiserfs_priv/xattrs/C0FFEE.0/system.posix_acl_access |
20 | * /.reiserfs_priv/xattrs/C0FFEE.0/system.posix_acl_default |
21 | * /.reiserfs_priv/xattrs/C0FFEE.0/user.Content-Type |
22 | * .. or similar. |
23 | * |
24 | * The file contents are the text of the EA. The size is known based on the |
25 | * stat data describing the file. |
26 | * |
27 | * In the case of system.posix_acl_access and system.posix_acl_default, since |
28 | * these are special cases for filesystem ACLs, they are interpreted by the |
29 | * kernel, in addition, they are negatively and positively cached and attached |
30 | * to the inode so that unnecessary lookups are avoided. |
31 | * |
32 | * Locking works like so: |
33 | * Directory components (xattr root, xattr dir) are protectd by their i_mutex. |
34 | * The xattrs themselves are protected by the xattr_sem. |
35 | */ |
36 | |
37 | #include "reiserfs.h" |
38 | #include <linux/capability.h> |
39 | #include <linux/dcache.h> |
40 | #include <linux/namei.h> |
41 | #include <linux/errno.h> |
42 | #include <linux/gfp.h> |
43 | #include <linux/fs.h> |
44 | #include <linux/file.h> |
45 | #include <linux/pagemap.h> |
46 | #include <linux/xattr.h> |
47 | #include "xattr.h" |
48 | #include "acl.h" |
49 | #include <linux/uaccess.h> |
50 | #include <net/checksum.h> |
51 | #include <linux/stat.h> |
52 | #include <linux/quotaops.h> |
53 | #include <linux/security.h> |
54 | #include <linux/posix_acl_xattr.h> |
55 | #include <linux/xattr.h> |
56 | |
57 | #define PRIVROOT_NAME ".reiserfs_priv" |
58 | #define XAROOT_NAME "xattrs" |
59 | |
60 | |
61 | /* |
62 | * Helpers for inode ops. We do this so that we don't have all the VFS |
63 | * overhead and also for proper i_mutex annotation. |
64 | * dir->i_mutex must be held for all of them. |
65 | */ |
66 | #ifdef CONFIG_REISERFS_FS_XATTR |
67 | static int xattr_create(struct inode *dir, struct dentry *dentry, int mode) |
68 | { |
69 | BUG_ON(!inode_is_locked(dir)); |
70 | return dir->i_op->create(&nop_mnt_idmap, dir, dentry, mode, true); |
71 | } |
72 | #endif |
73 | |
74 | static int xattr_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) |
75 | { |
76 | BUG_ON(!inode_is_locked(dir)); |
77 | return dir->i_op->mkdir(&nop_mnt_idmap, dir, dentry, mode); |
78 | } |
79 | |
80 | /* |
81 | * We use I_MUTEX_CHILD here to silence lockdep. It's safe because xattr |
82 | * mutation ops aren't called during rename or splace, which are the |
83 | * only other users of I_MUTEX_CHILD. It violates the ordering, but that's |
84 | * better than allocating another subclass just for this code. |
85 | */ |
86 | static int xattr_unlink(struct inode *dir, struct dentry *dentry) |
87 | { |
88 | int error; |
89 | |
90 | BUG_ON(!inode_is_locked(dir)); |
91 | |
92 | inode_lock_nested(inode: d_inode(dentry), subclass: I_MUTEX_CHILD); |
93 | error = dir->i_op->unlink(dir, dentry); |
94 | inode_unlock(inode: d_inode(dentry)); |
95 | |
96 | if (!error) |
97 | d_delete(dentry); |
98 | return error; |
99 | } |
100 | |
101 | static int xattr_rmdir(struct inode *dir, struct dentry *dentry) |
102 | { |
103 | int error; |
104 | |
105 | BUG_ON(!inode_is_locked(dir)); |
106 | |
107 | inode_lock_nested(inode: d_inode(dentry), subclass: I_MUTEX_CHILD); |
108 | error = dir->i_op->rmdir(dir, dentry); |
109 | if (!error) |
110 | d_inode(dentry)->i_flags |= S_DEAD; |
111 | inode_unlock(inode: d_inode(dentry)); |
112 | if (!error) |
113 | d_delete(dentry); |
114 | |
115 | return error; |
116 | } |
117 | |
118 | #define xattr_may_create(flags) (!flags || flags & XATTR_CREATE) |
119 | |
120 | static struct dentry *open_xa_root(struct super_block *sb, int flags) |
121 | { |
122 | struct dentry *privroot = REISERFS_SB(sb)->priv_root; |
123 | struct dentry *xaroot; |
124 | |
125 | if (d_really_is_negative(dentry: privroot)) |
126 | return ERR_PTR(error: -EOPNOTSUPP); |
127 | |
128 | inode_lock_nested(inode: d_inode(dentry: privroot), subclass: I_MUTEX_XATTR); |
129 | |
130 | xaroot = dget(dentry: REISERFS_SB(sb)->xattr_root); |
131 | if (!xaroot) |
132 | xaroot = ERR_PTR(error: -EOPNOTSUPP); |
133 | else if (d_really_is_negative(dentry: xaroot)) { |
134 | int err = -ENODATA; |
135 | |
136 | if (xattr_may_create(flags)) |
137 | err = xattr_mkdir(dir: d_inode(dentry: privroot), dentry: xaroot, mode: 0700); |
138 | if (err) { |
139 | dput(xaroot); |
140 | xaroot = ERR_PTR(error: err); |
141 | } |
142 | } |
143 | |
144 | inode_unlock(inode: d_inode(dentry: privroot)); |
145 | return xaroot; |
146 | } |
147 | |
148 | static struct dentry *open_xa_dir(const struct inode *inode, int flags) |
149 | { |
150 | struct dentry *xaroot, *xadir; |
151 | char namebuf[17]; |
152 | |
153 | xaroot = open_xa_root(sb: inode->i_sb, flags); |
154 | if (IS_ERR(ptr: xaroot)) |
155 | return xaroot; |
156 | |
157 | snprintf(buf: namebuf, size: sizeof(namebuf), fmt: "%X.%X" , |
158 | le32_to_cpu(INODE_PKEY(inode)->k_objectid), |
159 | inode->i_generation); |
160 | |
161 | inode_lock_nested(inode: d_inode(dentry: xaroot), subclass: I_MUTEX_XATTR); |
162 | |
163 | xadir = lookup_one_len(namebuf, xaroot, strlen(namebuf)); |
164 | if (!IS_ERR(ptr: xadir) && d_really_is_negative(dentry: xadir)) { |
165 | int err = -ENODATA; |
166 | |
167 | if (xattr_may_create(flags)) |
168 | err = xattr_mkdir(dir: d_inode(dentry: xaroot), dentry: xadir, mode: 0700); |
169 | if (err) { |
170 | dput(xadir); |
171 | xadir = ERR_PTR(error: err); |
172 | } |
173 | } |
174 | |
175 | inode_unlock(inode: d_inode(dentry: xaroot)); |
176 | dput(xaroot); |
177 | return xadir; |
178 | } |
179 | |
180 | /* |
181 | * The following are side effects of other operations that aren't explicitly |
182 | * modifying extended attributes. This includes operations such as permissions |
183 | * or ownership changes, object deletions, etc. |
184 | */ |
185 | struct reiserfs_dentry_buf { |
186 | struct dir_context ctx; |
187 | struct dentry *xadir; |
188 | int count; |
189 | int err; |
190 | struct dentry *dentries[8]; |
191 | }; |
192 | |
193 | static bool |
194 | fill_with_dentries(struct dir_context *ctx, const char *name, int namelen, |
195 | loff_t offset, u64 ino, unsigned int d_type) |
196 | { |
197 | struct reiserfs_dentry_buf *dbuf = |
198 | container_of(ctx, struct reiserfs_dentry_buf, ctx); |
199 | struct dentry *dentry; |
200 | |
201 | WARN_ON_ONCE(!inode_is_locked(d_inode(dbuf->xadir))); |
202 | |
203 | if (dbuf->count == ARRAY_SIZE(dbuf->dentries)) |
204 | return false; |
205 | |
206 | if (name[0] == '.' && (namelen < 2 || |
207 | (namelen == 2 && name[1] == '.'))) |
208 | return true; |
209 | |
210 | dentry = lookup_one_len(name, dbuf->xadir, namelen); |
211 | if (IS_ERR(ptr: dentry)) { |
212 | dbuf->err = PTR_ERR(ptr: dentry); |
213 | return false; |
214 | } else if (d_really_is_negative(dentry)) { |
215 | /* A directory entry exists, but no file? */ |
216 | reiserfs_error(dentry->d_sb, "xattr-20003" , |
217 | "Corrupted directory: xattr %pd listed but " |
218 | "not found for file %pd.\n" , |
219 | dentry, dbuf->xadir); |
220 | dput(dentry); |
221 | dbuf->err = -EIO; |
222 | return false; |
223 | } |
224 | |
225 | dbuf->dentries[dbuf->count++] = dentry; |
226 | return true; |
227 | } |
228 | |
229 | static void |
230 | cleanup_dentry_buf(struct reiserfs_dentry_buf *buf) |
231 | { |
232 | int i; |
233 | |
234 | for (i = 0; i < buf->count; i++) |
235 | if (buf->dentries[i]) |
236 | dput(buf->dentries[i]); |
237 | } |
238 | |
239 | static int reiserfs_for_each_xattr(struct inode *inode, |
240 | int (*action)(struct dentry *, void *), |
241 | void *data) |
242 | { |
243 | struct dentry *dir; |
244 | int i, err = 0; |
245 | struct reiserfs_dentry_buf buf = { |
246 | .ctx.actor = fill_with_dentries, |
247 | }; |
248 | |
249 | /* Skip out, an xattr has no xattrs associated with it */ |
250 | if (IS_PRIVATE(inode) || get_inode_sd_version(inode) == STAT_DATA_V1) |
251 | return 0; |
252 | |
253 | dir = open_xa_dir(inode, XATTR_REPLACE); |
254 | if (IS_ERR(ptr: dir)) { |
255 | err = PTR_ERR(ptr: dir); |
256 | goto out; |
257 | } else if (d_really_is_negative(dentry: dir)) { |
258 | err = 0; |
259 | goto out_dir; |
260 | } |
261 | |
262 | inode_lock_nested(inode: d_inode(dentry: dir), subclass: I_MUTEX_XATTR); |
263 | |
264 | buf.xadir = dir; |
265 | while (1) { |
266 | err = reiserfs_readdir_inode(d_inode(dentry: dir), &buf.ctx); |
267 | if (err) |
268 | break; |
269 | if (buf.err) { |
270 | err = buf.err; |
271 | break; |
272 | } |
273 | if (!buf.count) |
274 | break; |
275 | for (i = 0; !err && i < buf.count && buf.dentries[i]; i++) { |
276 | struct dentry *dentry = buf.dentries[i]; |
277 | |
278 | if (!d_is_dir(dentry)) |
279 | err = action(dentry, data); |
280 | |
281 | dput(dentry); |
282 | buf.dentries[i] = NULL; |
283 | } |
284 | if (err) |
285 | break; |
286 | buf.count = 0; |
287 | } |
288 | inode_unlock(inode: d_inode(dentry: dir)); |
289 | |
290 | cleanup_dentry_buf(buf: &buf); |
291 | |
292 | if (!err) { |
293 | /* |
294 | * We start a transaction here to avoid a ABBA situation |
295 | * between the xattr root's i_mutex and the journal lock. |
296 | * This doesn't incur much additional overhead since the |
297 | * new transaction will just nest inside the |
298 | * outer transaction. |
299 | */ |
300 | int blocks = JOURNAL_PER_BALANCE_CNT * 2 + 2 + |
301 | 4 * REISERFS_QUOTA_TRANS_BLOCKS(inode->i_sb); |
302 | struct reiserfs_transaction_handle th; |
303 | |
304 | reiserfs_write_lock(s: inode->i_sb); |
305 | err = journal_begin(&th, sb: inode->i_sb, blocks); |
306 | reiserfs_write_unlock(s: inode->i_sb); |
307 | if (!err) { |
308 | int jerror; |
309 | |
310 | inode_lock_nested(inode: d_inode(dentry: dir->d_parent), |
311 | subclass: I_MUTEX_XATTR); |
312 | err = action(dir, data); |
313 | reiserfs_write_lock(s: inode->i_sb); |
314 | jerror = journal_end(&th); |
315 | reiserfs_write_unlock(s: inode->i_sb); |
316 | inode_unlock(inode: d_inode(dentry: dir->d_parent)); |
317 | err = jerror ?: err; |
318 | } |
319 | } |
320 | out_dir: |
321 | dput(dir); |
322 | out: |
323 | /* |
324 | * -ENODATA: this object doesn't have any xattrs |
325 | * -EOPNOTSUPP: this file system doesn't have xattrs enabled on disk. |
326 | * Neither are errors |
327 | */ |
328 | if (err == -ENODATA || err == -EOPNOTSUPP) |
329 | err = 0; |
330 | return err; |
331 | } |
332 | |
333 | static int delete_one_xattr(struct dentry *dentry, void *data) |
334 | { |
335 | struct inode *dir = d_inode(dentry: dentry->d_parent); |
336 | |
337 | /* This is the xattr dir, handle specially. */ |
338 | if (d_is_dir(dentry)) |
339 | return xattr_rmdir(dir, dentry); |
340 | |
341 | return xattr_unlink(dir, dentry); |
342 | } |
343 | |
344 | static int chown_one_xattr(struct dentry *dentry, void *data) |
345 | { |
346 | struct iattr *attrs = data; |
347 | int ia_valid = attrs->ia_valid; |
348 | int err; |
349 | |
350 | /* |
351 | * We only want the ownership bits. Otherwise, we'll do |
352 | * things like change a directory to a regular file if |
353 | * ATTR_MODE is set. |
354 | */ |
355 | attrs->ia_valid &= (ATTR_UID|ATTR_GID); |
356 | err = reiserfs_setattr(idmap: &nop_mnt_idmap, dentry, attr: attrs); |
357 | attrs->ia_valid = ia_valid; |
358 | |
359 | return err; |
360 | } |
361 | |
362 | /* No i_mutex, but the inode is unconnected. */ |
363 | int reiserfs_delete_xattrs(struct inode *inode) |
364 | { |
365 | int err = reiserfs_for_each_xattr(inode, action: delete_one_xattr, NULL); |
366 | |
367 | if (err) |
368 | reiserfs_warning(inode->i_sb, "jdm-20004" , |
369 | "Couldn't delete all xattrs (%d)\n" , err); |
370 | return err; |
371 | } |
372 | |
373 | /* inode->i_mutex: down */ |
374 | int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs) |
375 | { |
376 | int err = reiserfs_for_each_xattr(inode, action: chown_one_xattr, data: attrs); |
377 | |
378 | if (err) |
379 | reiserfs_warning(inode->i_sb, "jdm-20007" , |
380 | "Couldn't chown all xattrs (%d)\n" , err); |
381 | return err; |
382 | } |
383 | |
384 | #ifdef CONFIG_REISERFS_FS_XATTR |
385 | /* |
386 | * Returns a dentry corresponding to a specific extended attribute file |
387 | * for the inode. If flags allow, the file is created. Otherwise, a |
388 | * valid or negative dentry, or an error is returned. |
389 | */ |
390 | static struct dentry *xattr_lookup(struct inode *inode, const char *name, |
391 | int flags) |
392 | { |
393 | struct dentry *xadir, *xafile; |
394 | int err = 0; |
395 | |
396 | xadir = open_xa_dir(inode, flags); |
397 | if (IS_ERR(ptr: xadir)) |
398 | return ERR_CAST(ptr: xadir); |
399 | |
400 | inode_lock_nested(inode: d_inode(dentry: xadir), subclass: I_MUTEX_XATTR); |
401 | xafile = lookup_one_len(name, xadir, strlen(name)); |
402 | if (IS_ERR(ptr: xafile)) { |
403 | err = PTR_ERR(ptr: xafile); |
404 | goto out; |
405 | } |
406 | |
407 | if (d_really_is_positive(dentry: xafile) && (flags & XATTR_CREATE)) |
408 | err = -EEXIST; |
409 | |
410 | if (d_really_is_negative(dentry: xafile)) { |
411 | err = -ENODATA; |
412 | if (xattr_may_create(flags)) |
413 | err = xattr_create(dir: d_inode(dentry: xadir), dentry: xafile, |
414 | mode: 0700|S_IFREG); |
415 | } |
416 | |
417 | if (err) |
418 | dput(xafile); |
419 | out: |
420 | inode_unlock(inode: d_inode(dentry: xadir)); |
421 | dput(xadir); |
422 | if (err) |
423 | return ERR_PTR(error: err); |
424 | return xafile; |
425 | } |
426 | |
427 | /* Internal operations on file data */ |
428 | static inline void reiserfs_put_page(struct page *page) |
429 | { |
430 | kunmap(page); |
431 | put_page(page); |
432 | } |
433 | |
434 | static struct page *reiserfs_get_page(struct inode *dir, size_t n) |
435 | { |
436 | struct address_space *mapping = dir->i_mapping; |
437 | struct page *page; |
438 | /* |
439 | * We can deadlock if we try to free dentries, |
440 | * and an unlink/rmdir has just occurred - GFP_NOFS avoids this |
441 | */ |
442 | mapping_set_gfp_mask(m: mapping, GFP_NOFS); |
443 | page = read_mapping_page(mapping, index: n >> PAGE_SHIFT, NULL); |
444 | if (!IS_ERR(ptr: page)) |
445 | kmap(page); |
446 | return page; |
447 | } |
448 | |
449 | static inline __u32 xattr_hash(const char *msg, int len) |
450 | { |
451 | /* |
452 | * csum_partial() gives different results for little-endian and |
453 | * big endian hosts. Images created on little-endian hosts and |
454 | * mounted on big-endian hosts(and vice versa) will see csum mismatches |
455 | * when trying to fetch xattrs. Treating the hash as __wsum_t would |
456 | * lower the frequency of mismatch. This is an endianness bug in |
457 | * reiserfs. The return statement would result in a sparse warning. Do |
458 | * not fix the sparse warning so as to not hide a reminder of the bug. |
459 | */ |
460 | return csum_partial(buff: msg, len, sum: 0); |
461 | } |
462 | |
463 | int reiserfs_commit_write(struct file *f, struct page *page, |
464 | unsigned from, unsigned to); |
465 | |
466 | static void update_ctime(struct inode *inode) |
467 | { |
468 | struct timespec64 now = current_time(inode); |
469 | struct timespec64 ctime = inode_get_ctime(inode); |
470 | |
471 | if (inode_unhashed(inode) || !inode->i_nlink || |
472 | timespec64_equal(a: &ctime, b: &now)) |
473 | return; |
474 | |
475 | inode_set_ctime_to_ts(inode, ts: now); |
476 | mark_inode_dirty(inode); |
477 | } |
478 | |
479 | static int lookup_and_delete_xattr(struct inode *inode, const char *name) |
480 | { |
481 | int err = 0; |
482 | struct dentry *dentry, *xadir; |
483 | |
484 | xadir = open_xa_dir(inode, XATTR_REPLACE); |
485 | if (IS_ERR(ptr: xadir)) |
486 | return PTR_ERR(ptr: xadir); |
487 | |
488 | inode_lock_nested(inode: d_inode(dentry: xadir), subclass: I_MUTEX_XATTR); |
489 | dentry = lookup_one_len(name, xadir, strlen(name)); |
490 | if (IS_ERR(ptr: dentry)) { |
491 | err = PTR_ERR(ptr: dentry); |
492 | goto out_dput; |
493 | } |
494 | |
495 | if (d_really_is_positive(dentry)) { |
496 | err = xattr_unlink(dir: d_inode(dentry: xadir), dentry); |
497 | update_ctime(inode); |
498 | } |
499 | |
500 | dput(dentry); |
501 | out_dput: |
502 | inode_unlock(inode: d_inode(dentry: xadir)); |
503 | dput(xadir); |
504 | return err; |
505 | } |
506 | |
507 | |
508 | /* Generic extended attribute operations that can be used by xa plugins */ |
509 | |
510 | /* |
511 | * inode->i_mutex: down |
512 | */ |
513 | int |
514 | reiserfs_xattr_set_handle(struct reiserfs_transaction_handle *th, |
515 | struct inode *inode, const char *name, |
516 | const void *buffer, size_t buffer_size, int flags) |
517 | { |
518 | int err = 0; |
519 | struct dentry *dentry; |
520 | struct page *page; |
521 | char *data; |
522 | size_t file_pos = 0; |
523 | size_t buffer_pos = 0; |
524 | size_t new_size; |
525 | __u32 xahash = 0; |
526 | |
527 | if (get_inode_sd_version(inode) == STAT_DATA_V1) |
528 | return -EOPNOTSUPP; |
529 | |
530 | if (!buffer) { |
531 | err = lookup_and_delete_xattr(inode, name); |
532 | return err; |
533 | } |
534 | |
535 | dentry = xattr_lookup(inode, name, flags); |
536 | if (IS_ERR(ptr: dentry)) |
537 | return PTR_ERR(ptr: dentry); |
538 | |
539 | down_write(sem: &REISERFS_I(inode)->i_xattr_sem); |
540 | |
541 | xahash = xattr_hash(msg: buffer, len: buffer_size); |
542 | while (buffer_pos < buffer_size || buffer_pos == 0) { |
543 | size_t chunk; |
544 | size_t skip = 0; |
545 | size_t page_offset = (file_pos & (PAGE_SIZE - 1)); |
546 | |
547 | if (buffer_size - buffer_pos > PAGE_SIZE) |
548 | chunk = PAGE_SIZE; |
549 | else |
550 | chunk = buffer_size - buffer_pos; |
551 | |
552 | page = reiserfs_get_page(dir: d_inode(dentry), n: file_pos); |
553 | if (IS_ERR(ptr: page)) { |
554 | err = PTR_ERR(ptr: page); |
555 | goto out_unlock; |
556 | } |
557 | |
558 | lock_page(page); |
559 | data = page_address(page); |
560 | |
561 | if (file_pos == 0) { |
562 | struct reiserfs_xattr_header *rxh; |
563 | |
564 | skip = file_pos = sizeof(struct reiserfs_xattr_header); |
565 | if (chunk + skip > PAGE_SIZE) |
566 | chunk = PAGE_SIZE - skip; |
567 | rxh = (struct reiserfs_xattr_header *)data; |
568 | rxh->h_magic = cpu_to_le32(REISERFS_XATTR_MAGIC); |
569 | rxh->h_hash = cpu_to_le32(xahash); |
570 | } |
571 | |
572 | reiserfs_write_lock(s: inode->i_sb); |
573 | err = __reiserfs_write_begin(page, from: page_offset, len: chunk + skip); |
574 | if (!err) { |
575 | if (buffer) |
576 | memcpy(data + skip, buffer + buffer_pos, chunk); |
577 | err = reiserfs_commit_write(NULL, page, from: page_offset, |
578 | to: page_offset + chunk + |
579 | skip); |
580 | } |
581 | reiserfs_write_unlock(s: inode->i_sb); |
582 | unlock_page(page); |
583 | reiserfs_put_page(page); |
584 | buffer_pos += chunk; |
585 | file_pos += chunk; |
586 | skip = 0; |
587 | if (err || buffer_size == 0 || !buffer) |
588 | break; |
589 | } |
590 | |
591 | new_size = buffer_size + sizeof(struct reiserfs_xattr_header); |
592 | if (!err && new_size < i_size_read(inode: d_inode(dentry))) { |
593 | struct iattr newattrs = { |
594 | .ia_ctime = current_time(inode), |
595 | .ia_size = new_size, |
596 | .ia_valid = ATTR_SIZE | ATTR_CTIME, |
597 | }; |
598 | |
599 | inode_lock_nested(inode: d_inode(dentry), subclass: I_MUTEX_XATTR); |
600 | inode_dio_wait(inode: d_inode(dentry)); |
601 | |
602 | err = reiserfs_setattr(idmap: &nop_mnt_idmap, dentry, attr: &newattrs); |
603 | inode_unlock(inode: d_inode(dentry)); |
604 | } else |
605 | update_ctime(inode); |
606 | out_unlock: |
607 | up_write(sem: &REISERFS_I(inode)->i_xattr_sem); |
608 | dput(dentry); |
609 | return err; |
610 | } |
611 | |
612 | /* We need to start a transaction to maintain lock ordering */ |
613 | int reiserfs_xattr_set(struct inode *inode, const char *name, |
614 | const void *buffer, size_t buffer_size, int flags) |
615 | { |
616 | |
617 | struct reiserfs_transaction_handle th; |
618 | int error, error2; |
619 | size_t jbegin_count = reiserfs_xattr_nblocks(inode, size: buffer_size); |
620 | |
621 | /* Check before we start a transaction and then do nothing. */ |
622 | if (!d_really_is_positive(dentry: REISERFS_SB(sb: inode->i_sb)->priv_root)) |
623 | return -EOPNOTSUPP; |
624 | |
625 | if (!(flags & XATTR_REPLACE)) |
626 | jbegin_count += reiserfs_xattr_jcreate_nblocks(inode); |
627 | |
628 | reiserfs_write_lock(s: inode->i_sb); |
629 | error = journal_begin(&th, sb: inode->i_sb, jbegin_count); |
630 | reiserfs_write_unlock(s: inode->i_sb); |
631 | if (error) { |
632 | return error; |
633 | } |
634 | |
635 | error = reiserfs_xattr_set_handle(th: &th, inode, name, |
636 | buffer, buffer_size, flags); |
637 | |
638 | reiserfs_write_lock(s: inode->i_sb); |
639 | error2 = journal_end(&th); |
640 | reiserfs_write_unlock(s: inode->i_sb); |
641 | if (error == 0) |
642 | error = error2; |
643 | |
644 | return error; |
645 | } |
646 | |
647 | /* |
648 | * inode->i_mutex: down |
649 | */ |
650 | int |
651 | reiserfs_xattr_get(struct inode *inode, const char *name, void *buffer, |
652 | size_t buffer_size) |
653 | { |
654 | ssize_t err = 0; |
655 | struct dentry *dentry; |
656 | size_t isize; |
657 | size_t file_pos = 0; |
658 | size_t buffer_pos = 0; |
659 | struct page *page; |
660 | __u32 hash = 0; |
661 | |
662 | if (name == NULL) |
663 | return -EINVAL; |
664 | |
665 | /* |
666 | * We can't have xattrs attached to v1 items since they don't have |
667 | * generation numbers |
668 | */ |
669 | if (get_inode_sd_version(inode) == STAT_DATA_V1) |
670 | return -EOPNOTSUPP; |
671 | |
672 | /* |
673 | * priv_root needn't be initialized during mount so allow initial |
674 | * lookups to succeed. |
675 | */ |
676 | if (!REISERFS_SB(sb: inode->i_sb)->priv_root) |
677 | return 0; |
678 | |
679 | dentry = xattr_lookup(inode, name, XATTR_REPLACE); |
680 | if (IS_ERR(ptr: dentry)) { |
681 | err = PTR_ERR(ptr: dentry); |
682 | goto out; |
683 | } |
684 | |
685 | down_read(sem: &REISERFS_I(inode)->i_xattr_sem); |
686 | |
687 | isize = i_size_read(inode: d_inode(dentry)); |
688 | |
689 | /* Just return the size needed */ |
690 | if (buffer == NULL) { |
691 | err = isize - sizeof(struct reiserfs_xattr_header); |
692 | goto out_unlock; |
693 | } |
694 | |
695 | if (buffer_size < isize - sizeof(struct reiserfs_xattr_header)) { |
696 | err = -ERANGE; |
697 | goto out_unlock; |
698 | } |
699 | |
700 | while (file_pos < isize) { |
701 | size_t chunk; |
702 | char *data; |
703 | size_t skip = 0; |
704 | |
705 | if (isize - file_pos > PAGE_SIZE) |
706 | chunk = PAGE_SIZE; |
707 | else |
708 | chunk = isize - file_pos; |
709 | |
710 | page = reiserfs_get_page(dir: d_inode(dentry), n: file_pos); |
711 | if (IS_ERR(ptr: page)) { |
712 | err = PTR_ERR(ptr: page); |
713 | goto out_unlock; |
714 | } |
715 | |
716 | lock_page(page); |
717 | data = page_address(page); |
718 | if (file_pos == 0) { |
719 | struct reiserfs_xattr_header *rxh = |
720 | (struct reiserfs_xattr_header *)data; |
721 | skip = file_pos = sizeof(struct reiserfs_xattr_header); |
722 | chunk -= skip; |
723 | /* Magic doesn't match up.. */ |
724 | if (rxh->h_magic != cpu_to_le32(REISERFS_XATTR_MAGIC)) { |
725 | unlock_page(page); |
726 | reiserfs_put_page(page); |
727 | reiserfs_warning(inode->i_sb, "jdm-20001" , |
728 | "Invalid magic for xattr (%s) " |
729 | "associated with %k" , name, |
730 | INODE_PKEY(inode)); |
731 | err = -EIO; |
732 | goto out_unlock; |
733 | } |
734 | hash = le32_to_cpu(rxh->h_hash); |
735 | } |
736 | memcpy(buffer + buffer_pos, data + skip, chunk); |
737 | unlock_page(page); |
738 | reiserfs_put_page(page); |
739 | file_pos += chunk; |
740 | buffer_pos += chunk; |
741 | skip = 0; |
742 | } |
743 | err = isize - sizeof(struct reiserfs_xattr_header); |
744 | |
745 | if (xattr_hash(msg: buffer, len: isize - sizeof(struct reiserfs_xattr_header)) != |
746 | hash) { |
747 | reiserfs_warning(inode->i_sb, "jdm-20002" , |
748 | "Invalid hash for xattr (%s) associated " |
749 | "with %k" , name, INODE_PKEY(inode)); |
750 | err = -EIO; |
751 | } |
752 | |
753 | out_unlock: |
754 | up_read(sem: &REISERFS_I(inode)->i_xattr_sem); |
755 | dput(dentry); |
756 | |
757 | out: |
758 | return err; |
759 | } |
760 | |
761 | /* |
762 | * In order to implement different sets of xattr operations for each xattr |
763 | * prefix with the generic xattr API, a filesystem should create a |
764 | * null-terminated array of struct xattr_handler (one for each prefix) and |
765 | * hang a pointer to it off of the s_xattr field of the superblock. |
766 | * |
767 | * The generic_fooxattr() functions will use this list to dispatch xattr |
768 | * operations to the correct xattr_handler. |
769 | */ |
770 | #define for_each_xattr_handler(handlers, handler) \ |
771 | for ((handler) = *(handlers)++; \ |
772 | (handler) != NULL; \ |
773 | (handler) = *(handlers)++) |
774 | |
775 | static inline bool reiserfs_posix_acl_list(const char *name, |
776 | struct dentry *dentry) |
777 | { |
778 | return (posix_acl_type(name) >= 0) && |
779 | IS_POSIXACL(d_backing_inode(dentry)); |
780 | } |
781 | |
782 | /* This is the implementation for the xattr plugin infrastructure */ |
783 | static inline bool reiserfs_xattr_list(const struct xattr_handler * const *handlers, |
784 | const char *name, struct dentry *dentry) |
785 | { |
786 | if (handlers) { |
787 | const struct xattr_handler *xah = NULL; |
788 | |
789 | for_each_xattr_handler(handlers, xah) { |
790 | const char *prefix = xattr_prefix(handler: xah); |
791 | |
792 | if (strncmp(prefix, name, strlen(prefix))) |
793 | continue; |
794 | |
795 | if (!xattr_handler_can_list(handler: xah, dentry)) |
796 | return false; |
797 | |
798 | return true; |
799 | } |
800 | } |
801 | |
802 | return reiserfs_posix_acl_list(name, dentry); |
803 | } |
804 | |
805 | struct listxattr_buf { |
806 | struct dir_context ctx; |
807 | size_t size; |
808 | size_t pos; |
809 | char *buf; |
810 | struct dentry *dentry; |
811 | }; |
812 | |
813 | static bool listxattr_filler(struct dir_context *ctx, const char *name, |
814 | int namelen, loff_t offset, u64 ino, |
815 | unsigned int d_type) |
816 | { |
817 | struct listxattr_buf *b = |
818 | container_of(ctx, struct listxattr_buf, ctx); |
819 | size_t size; |
820 | |
821 | if (name[0] != '.' || |
822 | (namelen != 1 && (name[1] != '.' || namelen != 2))) { |
823 | if (!reiserfs_xattr_list(handlers: b->dentry->d_sb->s_xattr, name, |
824 | dentry: b->dentry)) |
825 | return true; |
826 | size = namelen + 1; |
827 | if (b->buf) { |
828 | if (b->pos + size > b->size) { |
829 | b->pos = -ERANGE; |
830 | return false; |
831 | } |
832 | memcpy(b->buf + b->pos, name, namelen); |
833 | b->buf[b->pos + namelen] = 0; |
834 | } |
835 | b->pos += size; |
836 | } |
837 | return true; |
838 | } |
839 | |
840 | /* |
841 | * Inode operation listxattr() |
842 | * |
843 | * We totally ignore the generic listxattr here because it would be stupid |
844 | * not to. Since the xattrs are organized in a directory, we can just |
845 | * readdir to find them. |
846 | */ |
847 | ssize_t reiserfs_listxattr(struct dentry * dentry, char *buffer, size_t size) |
848 | { |
849 | struct dentry *dir; |
850 | int err = 0; |
851 | struct listxattr_buf buf = { |
852 | .ctx.actor = listxattr_filler, |
853 | .dentry = dentry, |
854 | .buf = buffer, |
855 | .size = buffer ? size : 0, |
856 | }; |
857 | |
858 | if (d_really_is_negative(dentry)) |
859 | return -EINVAL; |
860 | |
861 | if (get_inode_sd_version(d_inode(dentry)) == STAT_DATA_V1) |
862 | return -EOPNOTSUPP; |
863 | |
864 | dir = open_xa_dir(inode: d_inode(dentry), XATTR_REPLACE); |
865 | if (IS_ERR(ptr: dir)) { |
866 | err = PTR_ERR(ptr: dir); |
867 | if (err == -ENODATA) |
868 | err = 0; /* Not an error if there aren't any xattrs */ |
869 | goto out; |
870 | } |
871 | |
872 | inode_lock_nested(inode: d_inode(dentry: dir), subclass: I_MUTEX_XATTR); |
873 | err = reiserfs_readdir_inode(d_inode(dentry: dir), &buf.ctx); |
874 | inode_unlock(inode: d_inode(dentry: dir)); |
875 | |
876 | if (!err) |
877 | err = buf.pos; |
878 | |
879 | dput(dir); |
880 | out: |
881 | return err; |
882 | } |
883 | |
884 | static int create_privroot(struct dentry *dentry) |
885 | { |
886 | int err; |
887 | struct inode *inode = d_inode(dentry: dentry->d_parent); |
888 | |
889 | WARN_ON_ONCE(!inode_is_locked(inode)); |
890 | |
891 | err = xattr_mkdir(dir: inode, dentry, mode: 0700); |
892 | if (err || d_really_is_negative(dentry)) { |
893 | reiserfs_warning(dentry->d_sb, "jdm-20006" , |
894 | "xattrs/ACLs enabled and couldn't " |
895 | "find/create .reiserfs_priv. " |
896 | "Failing mount." ); |
897 | return -EOPNOTSUPP; |
898 | } |
899 | |
900 | reiserfs_init_priv_inode(inode: d_inode(dentry)); |
901 | reiserfs_info(s: dentry->d_sb, fmt: "Created %s - reserved for xattr " |
902 | "storage.\n" , PRIVROOT_NAME); |
903 | |
904 | return 0; |
905 | } |
906 | |
907 | #else |
908 | int __init reiserfs_xattr_register_handlers(void) { return 0; } |
909 | void reiserfs_xattr_unregister_handlers(void) {} |
910 | static int create_privroot(struct dentry *dentry) { return 0; } |
911 | #endif |
912 | |
913 | /* Actual operations that are exported to VFS-land */ |
914 | const struct xattr_handler * const reiserfs_xattr_handlers[] = { |
915 | #ifdef CONFIG_REISERFS_FS_XATTR |
916 | &reiserfs_xattr_user_handler, |
917 | &reiserfs_xattr_trusted_handler, |
918 | #endif |
919 | #ifdef CONFIG_REISERFS_FS_SECURITY |
920 | &reiserfs_xattr_security_handler, |
921 | #endif |
922 | NULL |
923 | }; |
924 | |
925 | static int xattr_mount_check(struct super_block *s) |
926 | { |
927 | /* |
928 | * We need generation numbers to ensure that the oid mapping is correct |
929 | * v3.5 filesystems don't have them. |
930 | */ |
931 | if (old_format_only(s)) { |
932 | if (reiserfs_xattrs_optional(s)) { |
933 | /* |
934 | * Old format filesystem, but optional xattrs have |
935 | * been enabled. Error out. |
936 | */ |
937 | reiserfs_warning(s, "jdm-2005" , |
938 | "xattrs/ACLs not supported " |
939 | "on pre-v3.6 format filesystems. " |
940 | "Failing mount." ); |
941 | return -EOPNOTSUPP; |
942 | } |
943 | } |
944 | |
945 | return 0; |
946 | } |
947 | |
948 | int reiserfs_permission(struct mnt_idmap *idmap, struct inode *inode, |
949 | int mask) |
950 | { |
951 | /* |
952 | * We don't do permission checks on the internal objects. |
953 | * Permissions are determined by the "owning" object. |
954 | */ |
955 | if (IS_PRIVATE(inode)) |
956 | return 0; |
957 | |
958 | return generic_permission(&nop_mnt_idmap, inode, mask); |
959 | } |
960 | |
961 | static int xattr_hide_revalidate(struct dentry *dentry, unsigned int flags) |
962 | { |
963 | return -EPERM; |
964 | } |
965 | |
966 | static const struct dentry_operations xattr_lookup_poison_ops = { |
967 | .d_revalidate = xattr_hide_revalidate, |
968 | }; |
969 | |
970 | int reiserfs_lookup_privroot(struct super_block *s) |
971 | { |
972 | struct dentry *dentry; |
973 | int err = 0; |
974 | |
975 | /* If we don't have the privroot located yet - go find it */ |
976 | inode_lock(inode: d_inode(dentry: s->s_root)); |
977 | dentry = lookup_one_len(PRIVROOT_NAME, s->s_root, |
978 | strlen(PRIVROOT_NAME)); |
979 | if (!IS_ERR(ptr: dentry)) { |
980 | REISERFS_SB(sb: s)->priv_root = dentry; |
981 | d_set_d_op(dentry, op: &xattr_lookup_poison_ops); |
982 | if (d_really_is_positive(dentry)) |
983 | reiserfs_init_priv_inode(inode: d_inode(dentry)); |
984 | } else |
985 | err = PTR_ERR(ptr: dentry); |
986 | inode_unlock(inode: d_inode(dentry: s->s_root)); |
987 | |
988 | return err; |
989 | } |
990 | |
991 | /* |
992 | * We need to take a copy of the mount flags since things like |
993 | * SB_RDONLY don't get set until *after* we're called. |
994 | * mount_flags != mount_options |
995 | */ |
996 | int reiserfs_xattr_init(struct super_block *s, int mount_flags) |
997 | { |
998 | int err = 0; |
999 | struct dentry *privroot = REISERFS_SB(sb: s)->priv_root; |
1000 | |
1001 | err = xattr_mount_check(s); |
1002 | if (err) |
1003 | goto error; |
1004 | |
1005 | if (d_really_is_negative(dentry: privroot) && !(mount_flags & SB_RDONLY)) { |
1006 | inode_lock(inode: d_inode(dentry: s->s_root)); |
1007 | err = create_privroot(dentry: REISERFS_SB(sb: s)->priv_root); |
1008 | inode_unlock(inode: d_inode(dentry: s->s_root)); |
1009 | } |
1010 | |
1011 | if (d_really_is_positive(dentry: privroot)) { |
1012 | inode_lock(inode: d_inode(dentry: privroot)); |
1013 | if (!REISERFS_SB(sb: s)->xattr_root) { |
1014 | struct dentry *dentry; |
1015 | |
1016 | dentry = lookup_one_len(XAROOT_NAME, privroot, |
1017 | strlen(XAROOT_NAME)); |
1018 | if (!IS_ERR(ptr: dentry)) |
1019 | REISERFS_SB(sb: s)->xattr_root = dentry; |
1020 | else |
1021 | err = PTR_ERR(ptr: dentry); |
1022 | } |
1023 | inode_unlock(inode: d_inode(dentry: privroot)); |
1024 | } |
1025 | |
1026 | error: |
1027 | if (err) { |
1028 | clear_bit(nr: REISERFS_XATTRS_USER, addr: &REISERFS_SB(sb: s)->s_mount_opt); |
1029 | clear_bit(nr: REISERFS_POSIXACL, addr: &REISERFS_SB(sb: s)->s_mount_opt); |
1030 | } |
1031 | |
1032 | /* The super_block SB_POSIXACL must mirror the (no)acl mount option. */ |
1033 | if (reiserfs_posixacl(s)) |
1034 | s->s_flags |= SB_POSIXACL; |
1035 | else |
1036 | s->s_flags &= ~SB_POSIXACL; |
1037 | |
1038 | return err; |
1039 | } |
1040 | |