xattr.c 81.5 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0
2
/*
3
 * linux/fs/ext4/xattr.c
4
5
6
7
 *
 * Copyright (C) 2001-2003 Andreas Gruenbacher, <agruen@suse.de>
 *
 * Fix by Harrison Xing <harrison@mountainviewdata.com>.
8
 * Ext4 code with a lot of help from Eric Jarman <ejarman@acm.org>.
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 * Extended attributes for symlinks and special files added per
 *  suggestion of Luka Renko <luka.renko@hermes.si>.
 * xattr consolidation Copyright (c) 2004 James Morris <jmorris@redhat.com>,
 *  Red Hat Inc.
 * ea-in-inode support by Alex Tomas <alex@clusterfs.com> aka bzzz
 *  and Andreas Gruenbacher <agruen@suse.de>.
 */

/*
 * Extended attributes are stored directly in inodes (on file systems with
 * inodes bigger than 128 bytes) and on additional disk blocks. The i_file_acl
 * field contains the block number if an inode uses an additional block. All
 * attributes must fit in the inode and one additional block. Blocks that
 * contain the identical set of attributes may be shared among several inodes.
 * Identical blocks are detected by keeping a cache of blocks that have
 * recently been accessed.
 *
 * The attributes in inodes and on blocks have a different header; the entries
 * are stored in the same format:
 *
 *   +------------------+
 *   | header           |
 *   | entry 1          | |
 *   | entry 2          | | growing downwards
 *   | entry 3          | v
 *   | four null bytes  |
 *   | . . .            |
 *   | value 1          | ^
 *   | value 3          | | growing upwards
 *   | value 2          | |
 *   +------------------+
 *
 * The header is followed by multiple entry descriptors. In disk blocks, the
 * entry descriptors are kept sorted. In inodes, they are unsorted. The
 * attribute values are aligned to the end of the block in no specific order.
 *
 * Locking strategy
 * ----------------
47
 * EXT4_I(inode)->i_file_acl is protected by EXT4_I(inode)->xattr_sem.
48
49
50
51
52
53
54
55
56
 * EA blocks are only changed if they are exclusive to an inode, so
 * holding xattr_sem also means that nothing but the EA block's reference
 * count can change. Multiple writers to the same block are synchronized
 * by the buffer lock.
 */

#include <linux/init.h>
#include <linux/fs.h>
#include <linux/slab.h>
Jan Kara's avatar
Jan Kara committed
57
#include <linux/mbcache.h>
58
#include <linux/quotaops.h>
59
60
#include "ext4_jbd2.h"
#include "ext4.h"
61
62
63
#include "xattr.h"
#include "acl.h"

64
#ifdef EXT4_XATTR_DEBUG
65
66
67
68
69
70
# define ea_idebug(inode, fmt, ...)					\
	printk(KERN_DEBUG "inode %s:%lu: " fmt "\n",			\
	       inode->i_sb->s_id, inode->i_ino, ##__VA_ARGS__)
# define ea_bdebug(bh, fmt, ...)					\
	printk(KERN_DEBUG "block %pg:%lu: " fmt "\n",			\
	       bh->b_bdev, (unsigned long)bh->b_blocknr, ##__VA_ARGS__)
71
#else
72
73
# define ea_idebug(inode, fmt, ...)	no_printk(fmt, ##__VA_ARGS__)
# define ea_bdebug(bh, fmt, ...)	no_printk(fmt, ##__VA_ARGS__)
74
75
#endif

76
77
78
79
80
static void ext4_xattr_block_cache_insert(struct mb_cache *,
					  struct buffer_head *);
static struct buffer_head *
ext4_xattr_block_cache_find(struct inode *, struct ext4_xattr_header *,
			    struct mb_cache_entry **);
81
82
static __le32 ext4_xattr_hash_entry(char *name, size_t name_len, __le32 *value,
				    size_t value_count);
83
static void ext4_xattr_rehash(struct ext4_xattr_header *);
84

85
static const struct xattr_handler * const ext4_xattr_handler_map[] = {
86
	[EXT4_XATTR_INDEX_USER]		     = &ext4_xattr_user_handler,
Theodore Ts'o's avatar
Theodore Ts'o committed
87
#ifdef CONFIG_EXT4_FS_POSIX_ACL
88
89
	[EXT4_XATTR_INDEX_POSIX_ACL_ACCESS]  = &posix_acl_access_xattr_handler,
	[EXT4_XATTR_INDEX_POSIX_ACL_DEFAULT] = &posix_acl_default_xattr_handler,
90
#endif
91
	[EXT4_XATTR_INDEX_TRUSTED]	     = &ext4_xattr_trusted_handler,
Theodore Ts'o's avatar
Theodore Ts'o committed
92
#ifdef CONFIG_EXT4_FS_SECURITY
93
	[EXT4_XATTR_INDEX_SECURITY]	     = &ext4_xattr_security_handler,
94
95
96
#endif
};

97
const struct xattr_handler *ext4_xattr_handlers[] = {
98
99
	&ext4_xattr_user_handler,
	&ext4_xattr_trusted_handler,
Theodore Ts'o's avatar
Theodore Ts'o committed
100
#ifdef CONFIG_EXT4_FS_POSIX_ACL
101
102
	&posix_acl_access_xattr_handler,
	&posix_acl_default_xattr_handler,
103
#endif
Theodore Ts'o's avatar
Theodore Ts'o committed
104
#ifdef CONFIG_EXT4_FS_SECURITY
105
	&ext4_xattr_security_handler,
106
107
108
109
#endif
	NULL
};

110
111
#define EA_BLOCK_CACHE(inode)	(((struct ext4_sb_info *) \
				inode->i_sb->s_fs_info)->s_ea_block_cache)
112

113
114
115
#define EA_INODE_CACHE(inode)	(((struct ext4_sb_info *) \
				inode->i_sb->s_fs_info)->s_ea_inode_cache)

116
117
118
119
static int
ext4_expand_inode_array(struct ext4_xattr_inode_array **ea_inode_array,
			struct inode *inode);

120
121
122
123
124
125
126
#ifdef CONFIG_LOCKDEP
void ext4_xattr_inode_set_class(struct inode *ea_inode)
{
	lockdep_set_subclass(&ea_inode->i_rwsem, 1);
}
#endif

127
128
129
130
131
static __le32 ext4_xattr_block_csum(struct inode *inode,
				    sector_t block_nr,
				    struct ext4_xattr_header *hdr)
{
	struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
132
133
	__u32 csum;
	__le64 dsk_block_nr = cpu_to_le64(block_nr);
134
135
	__u32 dummy_csum = 0;
	int offset = offsetof(struct ext4_xattr_header, h_checksum);
136

137
138
	csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&dsk_block_nr,
			   sizeof(dsk_block_nr));
139
140
141
142
143
	csum = ext4_chksum(sbi, csum, (__u8 *)hdr, offset);
	csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, sizeof(dummy_csum));
	offset += sizeof(dummy_csum);
	csum = ext4_chksum(sbi, csum, (__u8 *)hdr + offset,
			   EXT4_BLOCK_SIZE(inode->i_sb) - offset);
144

145
146
147
148
	return cpu_to_le32(csum);
}

static int ext4_xattr_block_csum_verify(struct inode *inode,
149
					struct buffer_head *bh)
150
{
151
152
	struct ext4_xattr_header *hdr = BHDR(bh);
	int ret = 1;
153

154
155
156
157
158
159
160
	if (ext4_has_metadata_csum(inode->i_sb)) {
		lock_buffer(bh);
		ret = (hdr->h_checksum == ext4_xattr_block_csum(inode,
							bh->b_blocknr, hdr));
		unlock_buffer(bh);
	}
	return ret;
161
162
}

163
164
static void ext4_xattr_block_csum_set(struct inode *inode,
				      struct buffer_head *bh)
165
{
166
167
168
	if (ext4_has_metadata_csum(inode->i_sb))
		BHDR(bh)->h_checksum = ext4_xattr_block_csum(inode,
						bh->b_blocknr, BHDR(bh));
169
170
}

171
static inline const struct xattr_handler *
172
ext4_xattr_handler(int name_index)
173
{
174
	const struct xattr_handler *handler = NULL;
175

176
177
	if (name_index > 0 && name_index < ARRAY_SIZE(ext4_xattr_handler_map))
		handler = ext4_xattr_handler_map[name_index];
178
179
180
181
	return handler;
}

static int
182
183
ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end,
			 void *value_start)
184
{
185
186
	struct ext4_xattr_entry *e = entry;

187
	/* Find the end of the names list */
188
189
	while (!IS_LAST_ENTRY(e)) {
		struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e);
190
		if ((void *)next >= end)
191
			return -EFSCORRUPTED;
192
193
		if (strnlen(e->e_name, e->e_name_len) != e->e_name_len)
			return -EFSCORRUPTED;
194
		e = next;
195
	}
196

197
	/* Check the values */
198
	while (!IS_LAST_ENTRY(entry)) {
199
200
		u32 size = le32_to_cpu(entry->e_value_size);

201
		if (size > EXT4_XATTR_SIZE_MAX)
202
203
204
			return -EFSCORRUPTED;

		if (size != 0 && entry->e_value_inum == 0) {
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
			u16 offs = le16_to_cpu(entry->e_value_offs);
			void *value;

			/*
			 * The value cannot overlap the names, and the value
			 * with padding cannot extend beyond 'end'.  Check both
			 * the padded and unpadded sizes, since the size may
			 * overflow to 0 when adding padding.
			 */
			if (offs > end - value_start)
				return -EFSCORRUPTED;
			value = value_start + offs;
			if (value < (void *)e + sizeof(u32) ||
			    size > end - value ||
			    EXT4_XATTR_SIZE(size) > end - value)
				return -EFSCORRUPTED;
		}
222
223
224
		entry = EXT4_XATTR_NEXT(entry);
	}

225
226
227
228
	return 0;
}

static inline int
229
230
__ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh,
			 const char *function, unsigned int line)
231
{
232
	int error = -EFSCORRUPTED;
233

234
	if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) ||
235
	    BHDR(bh)->h_blocks != cpu_to_le32(1))
236
		goto errout;
237
238
239
	if (buffer_verified(bh))
		return 0;

240
	error = -EFSBADCRC;
241
	if (!ext4_xattr_block_csum_verify(inode, bh))
242
		goto errout;
243
244
	error = ext4_xattr_check_entries(BFIRST(bh), bh->b_data + bh->b_size,
					 bh->b_data);
245
246
247
248
249
250
errout:
	if (error)
		__ext4_error_inode(inode, function, line, 0,
				   "corrupted xattr block %llu",
				   (unsigned long long) bh->b_blocknr);
	else
251
252
		set_buffer_verified(bh);
	return error;
253
254
}

255
256
257
258
#define ext4_xattr_check_block(inode, bh) \
	__ext4_xattr_check_block((inode), (bh),  __func__, __LINE__)


259
260
261
262
263
264
static int
__xattr_check_inode(struct inode *inode, struct ext4_xattr_ibody_header *header,
			 void *end, const char *function, unsigned int line)
{
	int error = -EFSCORRUPTED;

265
	if (end - (void *)header < sizeof(*header) + sizeof(u32) ||
266
	    (header->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC)))
267
		goto errout;
268
	error = ext4_xattr_check_entries(IFIRST(header), end, IFIRST(header));
269
270
271
272
273
274
275
276
277
278
errout:
	if (error)
		__ext4_error_inode(inode, function, line, 0,
				   "corrupted in-inode xattr");
	return error;
}

#define xattr_check_inode(inode, header, end) \
	__xattr_check_inode((inode), (header), (end), __func__, __LINE__)

279
static int
280
281
xattr_find_entry(struct inode *inode, struct ext4_xattr_entry **pentry,
		 void *end, int name_index, const char *name, int sorted)
282
{
283
	struct ext4_xattr_entry *entry, *next;
284
285
286
287
288
289
	size_t name_len;
	int cmp = 1;

	if (name == NULL)
		return -EINVAL;
	name_len = strlen(name);
290
291
292
293
294
295
	for (entry = *pentry; !IS_LAST_ENTRY(entry); entry = next) {
		next = EXT4_XATTR_NEXT(entry);
		if ((void *) next >= end) {
			EXT4_ERROR_INODE(inode, "corrupted xattr entries");
			return -EFSCORRUPTED;
		}
296
297
298
299
300
301
302
303
304
305
306
307
		cmp = name_index - entry->e_name_index;
		if (!cmp)
			cmp = name_len - entry->e_name_len;
		if (!cmp)
			cmp = memcmp(name, entry->e_name, name_len);
		if (cmp <= 0 && (sorted || cmp == 0))
			break;
	}
	*pentry = entry;
	return cmp ? -ENODATA : 0;
}

308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
static u32
ext4_xattr_inode_hash(struct ext4_sb_info *sbi, const void *buffer, size_t size)
{
	return ext4_chksum(sbi, sbi->s_csum_seed, buffer, size);
}

static u64 ext4_xattr_inode_get_ref(struct inode *ea_inode)
{
	return ((u64)ea_inode->i_ctime.tv_sec << 32) |
	       ((u32)ea_inode->i_version);
}

static void ext4_xattr_inode_set_ref(struct inode *ea_inode, u64 ref_count)
{
	ea_inode->i_ctime.tv_sec = (u32)(ref_count >> 32);
	ea_inode->i_version = (u32)ref_count;
}

static u32 ext4_xattr_inode_get_hash(struct inode *ea_inode)
{
	return (u32)ea_inode->i_atime.tv_sec;
}

static void ext4_xattr_inode_set_hash(struct inode *ea_inode, u32 hash)
{
	ea_inode->i_atime.tv_sec = hash;
}

Andreas Dilger's avatar
Andreas Dilger committed
336
337
338
/*
 * Read the EA value from an inode.
 */
339
static int ext4_xattr_inode_read(struct inode *ea_inode, void *buf, size_t size)
Andreas Dilger's avatar
Andreas Dilger committed
340
{
341
342
343
344
345
346
347
348
349
350
351
352
	int blocksize = 1 << ea_inode->i_blkbits;
	int bh_count = (size + blocksize - 1) >> ea_inode->i_blkbits;
	int tail_size = (size % blocksize) ?: blocksize;
	struct buffer_head *bhs_inline[8];
	struct buffer_head **bhs = bhs_inline;
	int i, ret;

	if (bh_count > ARRAY_SIZE(bhs_inline)) {
		bhs = kmalloc_array(bh_count, sizeof(*bhs), GFP_NOFS);
		if (!bhs)
			return -ENOMEM;
	}
353

354
355
356
357
	ret = ext4_bread_batch(ea_inode, 0 /* block */, bh_count,
			       true /* wait */, bhs);
	if (ret)
		goto free_bhs;
Andreas Dilger's avatar
Andreas Dilger committed
358

359
360
361
362
363
364
365
366
	for (i = 0; i < bh_count; i++) {
		/* There shouldn't be any holes in ea_inode. */
		if (!bhs[i]) {
			ret = -EFSCORRUPTED;
			goto put_bhs;
		}
		memcpy((char *)buf + blocksize * i, bhs[i]->b_data,
		       i < bh_count - 1 ? blocksize : tail_size);
Andreas Dilger's avatar
Andreas Dilger committed
367
	}
368
369
370
371
372
373
374
375
	ret = 0;
put_bhs:
	for (i = 0; i < bh_count; i++)
		brelse(bhs[i]);
free_bhs:
	if (bhs != bhs_inline)
		kfree(bhs);
	return ret;
Andreas Dilger's avatar
Andreas Dilger committed
376
377
}

378
379
#define EXT4_XATTR_INODE_GET_PARENT(inode) ((__u32)(inode)->i_mtime.tv_sec)

380
static int ext4_xattr_inode_iget(struct inode *parent, unsigned long ea_ino,
381
				 u32 ea_inode_hash, struct inode **ea_inode)
Andreas Dilger's avatar
Andreas Dilger committed
382
{
383
384
	struct inode *inode;
	int err;
Andreas Dilger's avatar
Andreas Dilger committed
385

386
387
388
	inode = ext4_iget(parent->i_sb, ea_ino);
	if (IS_ERR(inode)) {
		err = PTR_ERR(inode);
389
390
391
		ext4_error(parent->i_sb,
			   "error while reading EA inode %lu err=%d", ea_ino,
			   err);
392
		return err;
Andreas Dilger's avatar
Andreas Dilger committed
393
394
	}

395
	if (is_bad_inode(inode)) {
396
397
398
		ext4_error(parent->i_sb,
			   "error while reading EA inode %lu is_bad_inode",
			   ea_ino);
399
400
401
402
403
		err = -EIO;
		goto error;
	}

	if (!(EXT4_I(inode)->i_flags & EXT4_EA_INODE_FL)) {
404
405
406
		ext4_error(parent->i_sb,
			   "EA inode %lu does not have EXT4_EA_INODE_FL flag",
			    ea_ino);
407
		err = -EINVAL;
Andreas Dilger's avatar
Andreas Dilger committed
408
409
410
		goto error;
	}

411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
	ext4_xattr_inode_set_class(inode);

	/*
	 * Check whether this is an old Lustre-style xattr inode. Lustre
	 * implementation does not have hash validation, rather it has a
	 * backpointer from ea_inode to the parent inode.
	 */
	if (ea_inode_hash != ext4_xattr_inode_get_hash(inode) &&
	    EXT4_XATTR_INODE_GET_PARENT(inode) == parent->i_ino &&
	    inode->i_generation == parent->i_generation) {
		ext4_set_inode_state(inode, EXT4_STATE_LUSTRE_EA_INODE);
		ext4_xattr_inode_set_ref(inode, 1);
	} else {
		inode_lock(inode);
		inode->i_flags |= S_NOQUOTA;
		inode_unlock(inode);
	}

429
430
	*ea_inode = inode;
	return 0;
Andreas Dilger's avatar
Andreas Dilger committed
431
error:
432
433
	iput(inode);
	return err;
Andreas Dilger's avatar
Andreas Dilger committed
434
435
}

436
static int
437
438
439
ext4_xattr_inode_verify_hashes(struct inode *ea_inode,
			       struct ext4_xattr_entry *entry, void *buffer,
			       size_t size)
440
441
442
443
444
445
446
{
	u32 hash;

	/* Verify stored hash matches calculated hash. */
	hash = ext4_xattr_inode_hash(EXT4_SB(ea_inode->i_sb), buffer, size);
	if (hash != ext4_xattr_inode_get_hash(ea_inode))
		return -EFSCORRUPTED;
447
448
449
450
451
452
453
454
455
456
457

	if (entry) {
		__le32 e_hash, tmp_data;

		/* Verify entry hash. */
		tmp_data = cpu_to_le32(hash);
		e_hash = ext4_xattr_hash_entry(entry->e_name, entry->e_name_len,
					       &tmp_data, 1);
		if (e_hash != entry->e_hash)
			return -EFSCORRUPTED;
	}
458
459
460
	return 0;
}

Andreas Dilger's avatar
Andreas Dilger committed
461
/*
462
 * Read xattr value from the EA inode.
Andreas Dilger's avatar
Andreas Dilger committed
463
464
 */
static int
465
466
ext4_xattr_inode_get(struct inode *inode, struct ext4_xattr_entry *entry,
		     void *buffer, size_t size)
Andreas Dilger's avatar
Andreas Dilger committed
467
{
468
	struct mb_cache *ea_inode_cache = EA_INODE_CACHE(inode);
469
	struct inode *ea_inode;
470
	int err;
Andreas Dilger's avatar
Andreas Dilger committed
471

472
	err = ext4_xattr_inode_iget(inode, le32_to_cpu(entry->e_value_inum),
473
				    le32_to_cpu(entry->e_hash), &ea_inode);
474
475
476
477
	if (err) {
		ea_inode = NULL;
		goto out;
	}
Andreas Dilger's avatar
Andreas Dilger committed
478

479
480
481
482
483
484
485
	if (i_size_read(ea_inode) != size) {
		ext4_warning_inode(ea_inode,
				   "ea_inode file size=%llu entry size=%zu",
				   i_size_read(ea_inode), size);
		err = -EFSCORRUPTED;
		goto out;
	}
Andreas Dilger's avatar
Andreas Dilger committed
486

487
488
489
490
	err = ext4_xattr_inode_read(ea_inode, buffer, size);
	if (err)
		goto out;

491
492
493
494
	if (!ext4_test_inode_state(ea_inode, EXT4_STATE_LUSTRE_EA_INODE)) {
		err = ext4_xattr_inode_verify_hashes(ea_inode, entry, buffer,
						     size);
		if (err) {
495
496
497
498
499
			ext4_warning_inode(ea_inode,
					   "EA inode hash validation failed");
			goto out;
		}

500
501
502
503
504
		if (ea_inode_cache)
			mb_cache_entry_create(ea_inode_cache, GFP_NOFS,
					ext4_xattr_inode_get_hash(ea_inode),
					ea_inode->i_ino, true /* reusable */);
	}
505
506
507
out:
	iput(ea_inode);
	return err;
Andreas Dilger's avatar
Andreas Dilger committed
508
509
}

510
static int
511
ext4_xattr_block_get(struct inode *inode, int name_index, const char *name,
512
513
514
		     void *buffer, size_t buffer_size)
{
	struct buffer_head *bh = NULL;
515
	struct ext4_xattr_entry *entry;
516
	size_t size;
517
	void *end;
518
	int error;
519
	struct mb_cache *ea_block_cache = EA_BLOCK_CACHE(inode);
520
521
522
523
524

	ea_idebug(inode, "name=%d.%s, buffer=%p, buffer_size=%ld",
		  name_index, name, buffer, (long)buffer_size);

	error = -ENODATA;
525
	if (!EXT4_I(inode)->i_file_acl)
526
		goto cleanup;
527
528
	ea_idebug(inode, "reading block %llu",
		  (unsigned long long)EXT4_I(inode)->i_file_acl);
529
	bh = sb_bread(inode->i_sb, EXT4_I(inode)->i_file_acl);
530
531
532
533
	if (!bh)
		goto cleanup;
	ea_bdebug(bh, "b_count=%d, refcount=%d",
		atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount));
534
535
	error = ext4_xattr_check_block(inode, bh);
	if (error)
536
		goto cleanup;
537
	ext4_xattr_block_cache_insert(ea_block_cache, bh);
538
	entry = BFIRST(bh);
539
540
	end = bh->b_data + bh->b_size;
	error = xattr_find_entry(inode, &entry, end, name_index, name, 1);
541
542
543
	if (error)
		goto cleanup;
	size = le32_to_cpu(entry->e_value_size);
544
545
546
	error = -ERANGE;
	if (unlikely(size > EXT4_XATTR_SIZE_MAX))
		goto cleanup;
547
548
549
	if (buffer) {
		if (size > buffer_size)
			goto cleanup;
Andreas Dilger's avatar
Andreas Dilger committed
550
		if (entry->e_value_inum) {
551
552
			error = ext4_xattr_inode_get(inode, entry, buffer,
						     size);
Andreas Dilger's avatar
Andreas Dilger committed
553
554
555
			if (error)
				goto cleanup;
		} else {
556
557
558
559
560
561
			u16 offset = le16_to_cpu(entry->e_value_offs);
			void *p = bh->b_data + offset;

			if (unlikely(p + size > end))
				goto cleanup;
			memcpy(buffer, p, size);
Andreas Dilger's avatar
Andreas Dilger committed
562
		}
563
564
565
566
567
568
569
570
	}
	error = size;

cleanup:
	brelse(bh);
	return error;
}

Tao Ma's avatar
Tao Ma committed
571
int
572
ext4_xattr_ibody_get(struct inode *inode, int name_index, const char *name,
573
574
		     void *buffer, size_t buffer_size)
{
575
576
577
578
	struct ext4_xattr_ibody_header *header;
	struct ext4_xattr_entry *entry;
	struct ext4_inode *raw_inode;
	struct ext4_iloc iloc;
579
580
581
582
	size_t size;
	void *end;
	int error;

583
	if (!ext4_test_inode_state(inode, EXT4_STATE_XATTR))
584
		return -ENODATA;
585
	error = ext4_get_inode_loc(inode, &iloc);
586
587
	if (error)
		return error;
588
	raw_inode = ext4_raw_inode(&iloc);
589
	header = IHDR(inode, raw_inode);
590
	end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
591
	error = xattr_check_inode(inode, header, end);
592
593
	if (error)
		goto cleanup;
594
	entry = IFIRST(header);
595
	error = xattr_find_entry(inode, &entry, end, name_index, name, 0);
596
597
598
	if (error)
		goto cleanup;
	size = le32_to_cpu(entry->e_value_size);
599
600
601
	error = -ERANGE;
	if (unlikely(size > EXT4_XATTR_SIZE_MAX))
		goto cleanup;
602
603
604
	if (buffer) {
		if (size > buffer_size)
			goto cleanup;
Andreas Dilger's avatar
Andreas Dilger committed
605
		if (entry->e_value_inum) {
606
607
			error = ext4_xattr_inode_get(inode, entry, buffer,
						     size);
Andreas Dilger's avatar
Andreas Dilger committed
608
609
610
			if (error)
				goto cleanup;
		} else {
611
612
613
614
615
616
			u16 offset = le16_to_cpu(entry->e_value_offs);
			void *p = (void *)IFIRST(header) + offset;

			if (unlikely(p + size > end))
				goto cleanup;
			memcpy(buffer, p, size);
Andreas Dilger's avatar
Andreas Dilger committed
617
		}
618
619
620
621
622
623
624
625
626
	}
	error = size;

cleanup:
	brelse(iloc.bh);
	return error;
}

/*
627
 * ext4_xattr_get()
628
629
630
631
632
633
634
635
636
 *
 * Copy an extended attribute into the buffer
 * provided, or compute the buffer size required.
 * Buffer is NULL to compute the size of the buffer required.
 *
 * Returns a negative error number on failure, or the number of bytes
 * used / required on success.
 */
int
637
ext4_xattr_get(struct inode *inode, int name_index, const char *name,
638
639
640
641
	       void *buffer, size_t buffer_size)
{
	int error;

642
643
644
	if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
		return -EIO;

645
646
647
	if (strlen(name) > 255)
		return -ERANGE;

648
649
	down_read(&EXT4_I(inode)->xattr_sem);
	error = ext4_xattr_ibody_get(inode, name_index, name, buffer,
650
651
				     buffer_size);
	if (error == -ENODATA)
652
		error = ext4_xattr_block_get(inode, name_index, name, buffer,
653
					     buffer_size);
654
	up_read(&EXT4_I(inode)->xattr_sem);
655
656
657
658
	return error;
}

static int
659
ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
660
661
662
663
			char *buffer, size_t buffer_size)
{
	size_t rest = buffer_size;

664
	for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) {
665
		const struct xattr_handler *handler =
666
			ext4_xattr_handler(entry->e_name_index);
667

668
669
670
671
672
		if (handler && (!handler->list || handler->list(dentry))) {
			const char *prefix = handler->prefix ?: handler->name;
			size_t prefix_len = strlen(prefix);
			size_t size = prefix_len + entry->e_name_len + 1;

673
674
675
			if (buffer) {
				if (size > rest)
					return -ERANGE;
676
677
678
679
680
				memcpy(buffer, prefix, prefix_len);
				buffer += prefix_len;
				memcpy(buffer, entry->e_name, entry->e_name_len);
				buffer += entry->e_name_len;
				*buffer++ = 0;
681
682
683
684
			}
			rest -= size;
		}
	}
685
	return buffer_size - rest;  /* total size */
686
687
688
}

static int
689
ext4_xattr_block_list(struct dentry *dentry, char *buffer, size_t buffer_size)
690
{
691
	struct inode *inode = d_inode(dentry);
692
693
694
695
696
697
698
	struct buffer_head *bh = NULL;
	int error;

	ea_idebug(inode, "buffer=%p, buffer_size=%ld",
		  buffer, (long)buffer_size);

	error = 0;
699
	if (!EXT4_I(inode)->i_file_acl)
700
		goto cleanup;
701
702
	ea_idebug(inode, "reading block %llu",
		  (unsigned long long)EXT4_I(inode)->i_file_acl);
703
	bh = sb_bread(inode->i_sb, EXT4_I(inode)->i_file_acl);
704
705
706
707
708
	error = -EIO;
	if (!bh)
		goto cleanup;
	ea_bdebug(bh, "b_count=%d, refcount=%d",
		atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount));
709
710
	error = ext4_xattr_check_block(inode, bh);
	if (error)
711
		goto cleanup;
712
	ext4_xattr_block_cache_insert(EA_BLOCK_CACHE(inode), bh);
713
	error = ext4_xattr_list_entries(dentry, BFIRST(bh), buffer, buffer_size);
714
715
716
717
718
719
720
721

cleanup:
	brelse(bh);

	return error;
}

static int
722
ext4_xattr_ibody_list(struct dentry *dentry, char *buffer, size_t buffer_size)
723
{
724
	struct inode *inode = d_inode(dentry);
725
726
727
	struct ext4_xattr_ibody_header *header;
	struct ext4_inode *raw_inode;
	struct ext4_iloc iloc;
728
729
730
	void *end;
	int error;

731
	if (!ext4_test_inode_state(inode, EXT4_STATE_XATTR))
732
		return 0;
733
	error = ext4_get_inode_loc(inode, &iloc);
734
735
	if (error)
		return error;
736
	raw_inode = ext4_raw_inode(&iloc);
737
	header = IHDR(inode, raw_inode);
738
	end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
739
	error = xattr_check_inode(inode, header, end);
740
741
	if (error)
		goto cleanup;
742
	error = ext4_xattr_list_entries(dentry, IFIRST(header),
743
744
745
746
747
748
749
750
					buffer, buffer_size);

cleanup:
	brelse(iloc.bh);
	return error;
}

/*
751
752
753
 * Inode operation listxattr()
 *
 * d_inode(dentry)->i_rwsem: don't care
754
755
756
757
758
759
760
761
 *
 * Copy a list of attribute names into the buffer
 * provided, or compute the buffer size required.
 * Buffer is NULL to compute the size of the buffer required.
 *
 * Returns a negative error number on failure, or the number of bytes
 * used / required on success.
 */
762
763
ssize_t
ext4_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
764
{
765
	int ret, ret2;
766

767
	down_read(&EXT4_I(d_inode(dentry))->xattr_sem);
768
769
770
771
772
773
	ret = ret2 = ext4_xattr_ibody_list(dentry, buffer, buffer_size);
	if (ret < 0)
		goto errout;
	if (buffer) {
		buffer += ret;
		buffer_size -= ret;
774
	}
775
776
777
778
779
	ret = ext4_xattr_block_list(dentry, buffer, buffer_size);
	if (ret < 0)
		goto errout;
	ret += ret2;
errout:
780
	up_read(&EXT4_I(d_inode(dentry))->xattr_sem);
781
	return ret;
782
783
784
}

/*
785
 * If the EXT4_FEATURE_COMPAT_EXT_ATTR feature of this file system is
786
787
 * not set, set it.
 */
788
static void ext4_xattr_update_super_block(handle_t *handle,
789
790
					  struct super_block *sb)
{
791
	if (ext4_has_feature_xattr(sb))
792
793
		return;

794
	BUFFER_TRACE(EXT4_SB(sb)->s_sbh, "get_write_access");
795
	if (ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh) == 0) {
796
		ext4_set_feature_xattr(sb);
Theodore Ts'o's avatar
Theodore Ts'o committed
797
		ext4_handle_dirty_super(handle, sb);
798
799
800
	}
}

801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
int ext4_get_inode_usage(struct inode *inode, qsize_t *usage)
{
	struct ext4_iloc iloc = { .bh = NULL };
	struct buffer_head *bh = NULL;
	struct ext4_inode *raw_inode;
	struct ext4_xattr_ibody_header *header;
	struct ext4_xattr_entry *entry;
	qsize_t ea_inode_refs = 0;
	void *end;
	int ret;

	lockdep_assert_held_read(&EXT4_I(inode)->xattr_sem);

	if (ext4_test_inode_state(inode, EXT4_STATE_XATTR)) {
		ret = ext4_get_inode_loc(inode, &iloc);
		if (ret)
			goto out;
		raw_inode = ext4_raw_inode(&iloc);
		header = IHDR(inode, raw_inode);
		end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
		ret = xattr_check_inode(inode, header, end);
		if (ret)
			goto out;

		for (entry = IFIRST(header); !IS_LAST_ENTRY(entry);
		     entry = EXT4_XATTR_NEXT(entry))
			if (entry->e_value_inum)
				ea_inode_refs++;
	}

	if (EXT4_I(inode)->i_file_acl) {
		bh = sb_bread(inode->i_sb, EXT4_I(inode)->i_file_acl);
		if (!bh) {
			ret = -EIO;
			goto out;
		}

838
839
		ret = ext4_xattr_check_block(inode, bh);
		if (ret)
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
			goto out;

		for (entry = BFIRST(bh); !IS_LAST_ENTRY(entry);
		     entry = EXT4_XATTR_NEXT(entry))
			if (entry->e_value_inum)
				ea_inode_refs++;
	}
	*usage = ea_inode_refs + 1;
	ret = 0;
out:
	brelse(iloc.bh);
	brelse(bh);
	return ret;
}

855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
static inline size_t round_up_cluster(struct inode *inode, size_t length)
{
	struct super_block *sb = inode->i_sb;
	size_t cluster_size = 1 << (EXT4_SB(sb)->s_cluster_bits +
				    inode->i_blkbits);
	size_t mask = ~(cluster_size - 1);

	return (length + cluster_size - 1) & mask;
}

static int ext4_xattr_inode_alloc_quota(struct inode *inode, size_t len)
{
	int err;

	err = dquot_alloc_inode(inode);
	if (err)
		return err;
	err = dquot_alloc_space_nodirty(inode, round_up_cluster(inode, len));
	if (err)
		dquot_free_inode(inode);
	return err;
}

878
879
880
static void ext4_xattr_inode_free_quota(struct inode *parent,
					struct inode *ea_inode,
					size_t len)
881
{
882
883
884
885
886
	if (ea_inode &&
	    ext4_test_inode_state(ea_inode, EXT4_STATE_LUSTRE_EA_INODE))
		return;
	dquot_free_space_nodirty(parent, round_up_cluster(parent, len));
	dquot_free_inode(parent);
887
888
}

889
890
891
int __ext4_xattr_set_credits(struct super_block *sb, struct inode *inode,
			     struct buffer_head *block_bh, size_t value_len,
			     bool is_create)
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
{
	int credits;
	int blocks;

	/*
	 * 1) Owner inode update
	 * 2) Ref count update on old xattr block
	 * 3) new xattr block
	 * 4) block bitmap update for new xattr block
	 * 5) group descriptor for new xattr block
	 * 6) block bitmap update for old xattr block
	 * 7) group descriptor for old block
	 *
	 * 6 & 7 can happen if we have two racing threads T_a and T_b
	 * which are each trying to set an xattr on inodes I_a and I_b
	 * which were both initially sharing an xattr block.
	 */
	credits = 7;

	/* Quota updates. */
	credits += EXT4_MAXQUOTAS_TRANS_BLOCKS(sb);

	/*
	 * In case of inline data, we may push out the data to a block,
	 * so we need to reserve credits for this eventuality
	 */
918
	if (inode && ext4_has_inline_data(inode))
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
		credits += ext4_writepage_trans_blocks(inode) + 1;

	/* We are done if ea_inode feature is not enabled. */
	if (!ext4_has_feature_ea_inode(sb))
		return credits;

	/* New ea_inode, inode map, block bitmap, group descriptor. */
	credits += 4;

	/* Data blocks. */
	blocks = (value_len + sb->s_blocksize - 1) >> sb->s_blocksize_bits;

	/* Indirection block or one level of extent tree. */
	blocks += 1;

	/* Block bitmap and group descriptor updates for each block. */
	credits += blocks * 2;

	/* Blocks themselves. */
	credits += blocks;

940
941
942
943
944
	if (!is_create) {
		/* Dereference ea_inode holding old xattr value.
		 * Old ea_inode, inode map, block bitmap, group descriptor.
		 */
		credits += 4;
945

946
947
		/* Data blocks for old ea_inode. */
		blocks = XATTR_SIZE_MAX >> sb->s_blocksize_bits;
948

949
950
951
952
		/* Indirection block or one level of extent tree for old
		 * ea_inode.
		 */
		blocks += 1;
953

954
955
956
		/* Block bitmap and group descriptor updates for each block. */
		credits += blocks * 2;
	}
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971

	/* We may need to clone the existing xattr block in which case we need
	 * to increment ref counts for existing ea_inodes referenced by it.
	 */
	if (block_bh) {
		struct ext4_xattr_entry *entry = BFIRST(block_bh);

		for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry))
			if (entry->e_value_inum)
				/* Ref count update on ea_inode. */
				credits += 1;
	}
	return credits;
}

972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
static int ext4_xattr_ensure_credits(handle_t *handle, struct inode *inode,
				     int credits, struct buffer_head *bh,
				     bool dirty, bool block_csum)
{
	int error;

	if (!ext4_handle_valid(handle))
		return 0;

	if (handle->h_buffer_credits >= credits)
		return 0;

	error = ext4_journal_extend(handle, credits - handle->h_buffer_credits);
	if (!error)
		return 0;
	if (error < 0) {
		ext4_warning(inode->i_sb, "Extend journal (error %d)", error);
		return error;
	}

	if (bh && dirty) {
		if (block_csum)
			ext4_xattr_block_csum_set(inode, bh);
		error = ext4_handle_dirty_metadata(handle, NULL, bh);
		if (error) {
			ext4_warning(inode->i_sb, "Handle metadata (error %d)",
				     error);
			return error;
		}