diff options
Diffstat (limited to 'usr/src/uts/common/fs')
| -rw-r--r-- | usr/src/uts/common/fs/namefs/namevfs.c | 27 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/proc/prsubr.c | 70 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/dsl_crypt.c | 9 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/sys/dsl_crypt.h | 7 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/sys/zcp_change_key.h | 41 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/zcp_change_key.c | 144 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/zcp_synctask.c | 71 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/zfs_ioctl.c | 11 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/zfs_vnops.c | 42 |
9 files changed, 406 insertions, 16 deletions
diff --git a/usr/src/uts/common/fs/namefs/namevfs.c b/usr/src/uts/common/fs/namefs/namevfs.c index 9952f0a742..63e618de11 100644 --- a/usr/src/uts/common/fs/namefs/namevfs.c +++ b/usr/src/uts/common/fs/namefs/namevfs.c @@ -21,6 +21,7 @@ /* * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2017 by Delphix. All rights reserved. + * Copyright 2020 OmniOS Community Edition (OmniOSce) Association. */ /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ @@ -182,6 +183,31 @@ namefind(vnode_t *vp, vnode_t *mnt) } /* + * For each namenode that has nm_filevp == vp, call the provided function + * with the namenode as an argument. This finds all of the namefs entries + * which are mounted on vp; note that there can be more than one. + */ +int +nm_walk_mounts(const vnode_t *vp, nm_walk_mounts_f *func, cred_t *cr, void *arg) +{ + struct namenode *np; + int ret = 0; + + mutex_enter(&ntable_lock); + + for (np = *NM_FILEVP_HASH(vp); np != NULL; np = np->nm_nextp) { + if (np->nm_filevp == vp) { + if ((ret = func(np, cr, arg)) != 0) + break; + } + } + + mutex_exit(&ntable_lock); + + return (ret); +} + +/* * Force the unmouting of a file descriptor from ALL of the nodes * that it was mounted to. * At the present time, the only usage for this routine is in the @@ -480,6 +506,7 @@ nm_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *crp) newvp->v_rdev = filevp->v_rdev; newvp->v_data = (caddr_t)nodep; VFS_HOLD(vfsp); + vn_copypath(mvp, newvp); vn_exists(newvp); /* diff --git a/usr/src/uts/common/fs/proc/prsubr.c b/usr/src/uts/common/fs/proc/prsubr.c index 0a9589a373..08aee63610 100644 --- a/usr/src/uts/common/fs/proc/prsubr.c +++ b/usr/src/uts/common/fs/proc/prsubr.c @@ -75,6 +75,7 @@ #include <sys/autoconf.h> #include <sys/dtrace.h> #include <sys/timod.h> +#include <sys/fs/namenode.h> #include <netinet/udp.h> #include <netinet/tcp.h> #include <inet/cc.h> @@ -2552,7 +2553,11 @@ prfdinfopath(proc_t *p, vnode_t *vp, list_t *data, cred_t *cred) size_t pathlen; size_t sz = 0; - pathlen = MAXPATHLEN + 1; + /* + * The global zone's path to a file in a non-global zone can exceed + * MAXPATHLEN. + */ + pathlen = MAXPATHLEN * 2 + 1; pathname = kmem_alloc(pathlen, KM_SLEEP); if (vnodetopath(NULL, vp, pathname, pathlen, cred) == 0) { @@ -2561,6 +2566,7 @@ prfdinfopath(proc_t *p, vnode_t *vp, list_t *data, cred_t *cred) } kmem_free(pathname, pathlen); + return (sz); } @@ -2789,6 +2795,22 @@ prfdinfosockopt(vnode_t *vp, list_t *data, cred_t *cred) return (sz); } +typedef struct prfdinfo_nm_path_cbdata { + proc_t *nmp_p; + u_offset_t nmp_sz; + list_t *nmp_data; +} prfdinfo_nm_path_cbdata_t; + +static int +prfdinfo_nm_path(const struct namenode *np, cred_t *cred, void *arg) +{ + prfdinfo_nm_path_cbdata_t *cb = arg; + + cb->nmp_sz += prfdinfopath(cb->nmp_p, np->nm_vnode, cb->nmp_data, cred); + + return (0); +} + u_offset_t prgetfdinfosize(proc_t *p, vnode_t *vp, cred_t *cred) { @@ -2801,8 +2823,23 @@ prgetfdinfosize(proc_t *p, vnode_t *vp, cred_t *cred) sz = offsetof(prfdinfo_t, pr_misc) + sizeof (pr_misc_header_t); /* Pathname */ - if (vp->v_type != VSOCK && vp->v_type != VDOOR) + switch (vp->v_type) { + case VDOOR: { + prfdinfo_nm_path_cbdata_t cb = { + .nmp_p = p, + .nmp_data = NULL, + .nmp_sz = 0 + }; + + (void) nm_walk_mounts(vp, prfdinfo_nm_path, cred, &cb); + sz += cb.nmp_sz; + break; + } + case VSOCK: + break; + default: sz += prfdinfopath(p, vp, NULL, cred); + } /* Socket options */ if (vp->v_type == VSOCK) @@ -2946,14 +2983,31 @@ prgetfdinfo(proc_t *p, vnode_t *vp, prfdinfo_t *fdinfo, cred_t *cred, } } - /* - * Don't attempt to determine the vnode path for a socket or a door - * as it will cause a linear scan of the dnlc table given there is no - * v_path associated with the vnode. - */ - if (vp->v_type != VSOCK && vp->v_type != VDOOR) + /* pathname */ + + switch (vp->v_type) { + case VDOOR: { + prfdinfo_nm_path_cbdata_t cb = { + .nmp_p = p, + .nmp_data = data, + .nmp_sz = 0 + }; + + (void) nm_walk_mounts(vp, prfdinfo_nm_path, cred, &cb); + break; + } + case VSOCK: + /* + * Don't attempt to determine the path for a socket as the + * vnode has no associated v_path. It will cause a linear scan + * of the dnlc table and result in no path being found. + */ + break; + default: (void) prfdinfopath(p, vp, data, cred); + } + /* socket options */ if (vp->v_type == VSOCK) (void) prfdinfosockopt(vp, data, cred); diff --git a/usr/src/uts/common/fs/zfs/dsl_crypt.c b/usr/src/uts/common/fs/zfs/dsl_crypt.c index c9d02e1c57..a092326a9c 100644 --- a/usr/src/uts/common/fs/zfs/dsl_crypt.c +++ b/usr/src/uts/common/fs/zfs/dsl_crypt.c @@ -1220,12 +1220,7 @@ dsl_crypto_key_sync(dsl_crypto_key_t *dck, dmu_tx_t *tx) tx); } -typedef struct spa_keystore_change_key_args { - const char *skcka_dsname; - dsl_crypto_params_t *skcka_cp; -} spa_keystore_change_key_args_t; - -static int +int spa_keystore_change_key_check(void *arg, dmu_tx_t *tx) { int ret; @@ -1469,7 +1464,7 @@ spa_keystore_change_key_sync_impl(uint64_t rddobj, uint64_t ddobj, dsl_dir_rele(dd, FTAG); } -static void +void spa_keystore_change_key_sync(void *arg, dmu_tx_t *tx) { dsl_dataset_t *ds; diff --git a/usr/src/uts/common/fs/zfs/sys/dsl_crypt.h b/usr/src/uts/common/fs/zfs/sys/dsl_crypt.h index cf19665aae..5b7c1a9510 100644 --- a/usr/src/uts/common/fs/zfs/sys/dsl_crypt.h +++ b/usr/src/uts/common/fs/zfs/sys/dsl_crypt.h @@ -164,6 +164,11 @@ typedef struct spa_keystore { avl_tree_t sk_wkeys; } spa_keystore_t; +typedef struct spa_keystore_change_key_args { + const char *skcka_dsname; + dsl_crypto_params_t *skcka_cp; +} spa_keystore_change_key_args_t; + int dsl_crypto_params_create_nvlist(dcp_cmd_t cmd, nvlist_t *props, nvlist_t *crypto_args, dsl_crypto_params_t **dcp_out); void dsl_crypto_params_free(dsl_crypto_params_t *dcp, boolean_t unload); @@ -199,6 +204,8 @@ int dsl_crypto_recv_raw(const char *poolname, uint64_t dsobj, uint64_t fromobj, dmu_objset_type_t ostype, nvlist_t *nvl, boolean_t do_key); int spa_keystore_change_key(const char *dsname, dsl_crypto_params_t *dcp); +int spa_keystore_change_key_check(void *arg, dmu_tx_t *tx); +void spa_keystore_change_key_sync(void *arg, dmu_tx_t *tx); int dsl_dir_rename_crypt_check(dsl_dir_t *dd, dsl_dir_t *newparent); int dsl_dataset_promote_crypt_check(dsl_dir_t *target, dsl_dir_t *origin); void dsl_dataset_promote_crypt_sync(dsl_dir_t *target, dsl_dir_t *origin, diff --git a/usr/src/uts/common/fs/zfs/sys/zcp_change_key.h b/usr/src/uts/common/fs/zfs/sys/zcp_change_key.h new file mode 100644 index 0000000000..fea520455f --- /dev/null +++ b/usr/src/uts/common/fs/zfs/sys/zcp_change_key.h @@ -0,0 +1,41 @@ +/* + * CDDL HEADER START + * + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + * + * CDDL HEADER END + */ + +/* + * Copyright 2020 Joyent, Inc. + */ + +#ifndef _SYS_ZCP_CHANGE_KEY_H +#define _SYS_ZCP_CHANGE_KEY_H + +#include <sys/types.h> +#include <sys/dmu.h> +#include <sys/dsl_crypt.h> + +#ifdef __cplusplus +extern "C" { +#endif + +void zcp_synctask_change_key_cleanup(void *arg); +int zcp_synctask_change_key_check(void *arg, dmu_tx_t *tx); +void zcp_synctask_change_key_sync(void *arg, dmu_tx_t *tx); +int zcp_synctask_change_key_create_params(const char *key, size_t keylen, + zfs_keyformat_t keyformat, dsl_crypto_params_t **dcpp); + +#ifdef __cplusplus +} +#endif + +#endif /* _SYS_ZCP_CHANGE_KEY_H */ diff --git a/usr/src/uts/common/fs/zfs/zcp_change_key.c b/usr/src/uts/common/fs/zfs/zcp_change_key.c new file mode 100644 index 0000000000..be16a8d5c6 --- /dev/null +++ b/usr/src/uts/common/fs/zfs/zcp_change_key.c @@ -0,0 +1,144 @@ +/* + * CDDL HEADER START + * + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + * + * CDDL HEADER END + */ + +/* + * Copyright 2020 Joyent, Inc. + */ + +#include <sys/ctype.h> +#include <sys/zcp.h> +#include <sys/zcp_change_key.h> + +static uint8_t +hexval(char c) +{ + if (c >= '0' && c <= '9') + return (c - '0'); + else if (c >= 'a' && c <= 'f') + return (c - 'a' + 10); + else if (c >= 'A' && c <= 'F') + return (c - 'A' + 10); + + panic("invalid hex value"); +} + +static int +hex_to_raw(const char *key, uint8_t *buf, size_t buflen) +{ + uint8_t *p; + size_t srclen = strlen(key); + size_t i; + + if (buflen * 2 != srclen) + return (SET_ERROR(EINVAL)); + + for (i = 0, p = buf; i < srclen; i += 2, p++) { + if (!isxdigit(key[i]) || !isxdigit(key[i + 1])) + return (SET_ERROR(EINVAL)); + + *p = hexval(key[i]) << 4 | hexval(key[i + 1]); + } + + return (0); +} + +int +zcp_synctask_change_key_create_params(const char *key, size_t keylen, + zfs_keyformat_t keyformat, dsl_crypto_params_t **dcpp) +{ + nvlist_t *args = fnvlist_alloc(); + nvlist_t *hidden_args = fnvlist_alloc(); + uint8_t rawkey[WRAPPING_KEY_LEN]; + uint_t rawlen = 0; + int err = 0; + + /* + * Currently, only raw and hex keys are supported in channel + * programs (there is no pbkdf2 support in the kernel to convert + * a passphrase). + */ + switch (keyformat) { + case ZFS_KEYFORMAT_RAW: + /* + * dsl_crypto_params_create_nvlist() also verifies the + * raw key is WRAPPING_KEY_LEN bytes, so this is + * _almost_ redundant -- however we still want to + * guarantee we won't overflow rawkey when copying + * the contents over. + */ + if (keylen != WRAPPING_KEY_LEN) { + err = SET_ERROR(EINVAL); + goto done; + } + + bcopy(key, rawkey, keylen); + rawlen = keylen; + break; + case ZFS_KEYFORMAT_HEX: + /* + * hex_to_raw() will reject any input that doesn't exactly + * fit into rawkey + */ + err = hex_to_raw(key, rawkey, sizeof (rawkey)); + if (err != 0) + goto done; + rawlen = sizeof (rawkey); + break; + default: + err = SET_ERROR(EINVAL); + goto done; + } + + fnvlist_add_uint64(args, zfs_prop_to_name(ZFS_PROP_KEYFORMAT), + (uint64_t)keyformat); + fnvlist_add_uint8_array(hidden_args, "wkeydata", rawkey, rawlen); + + err = dsl_crypto_params_create_nvlist(DCP_CMD_NEW_KEY, args, + hidden_args, dcpp); + +done: + fnvlist_free(args); + fnvlist_free(hidden_args); + bzero(rawkey, sizeof (rawkey)); + + return (err); +} + +void +zcp_synctask_change_key_cleanup(void *arg) +{ + spa_keystore_change_key_args_t *skcka = arg; + + dsl_crypto_params_free(skcka->skcka_cp, B_TRUE); +} + +int +zcp_synctask_change_key_check(void *arg, dmu_tx_t *tx) +{ + /* + * zcp_synctask_change_key_create_params() already validates that + * the new key is in an acceptable format and size for a channel + * program. Any future channel program specific checks would go here. + * For now, we just perform all the same checks done for + * 'zfs change-key' by calling spa_keystore_change_key_check(). + */ + return (spa_keystore_change_key_check(arg, tx)); +} + +void +zcp_synctask_change_key_sync(void *arg, dmu_tx_t *tx) +{ + spa_keystore_change_key_sync(arg, tx); +} diff --git a/usr/src/uts/common/fs/zfs/zcp_synctask.c b/usr/src/uts/common/fs/zfs/zcp_synctask.c index 09af25c1c9..9a1dceb044 100644 --- a/usr/src/uts/common/fs/zfs/zcp_synctask.c +++ b/usr/src/uts/common/fs/zfs/zcp_synctask.c @@ -23,6 +23,8 @@ #include <sys/zcp.h> #include <sys/zcp_set.h> +#include <sys/zcp_change_key.h> +#include <sys/dsl_crypt.h> #include <sys/dsl_dir.h> #include <sys/dsl_pool.h> #include <sys/dsl_prop.h> @@ -399,6 +401,74 @@ zcp_synctask_set_prop(lua_State *state, boolean_t sync, nvlist_t *err_details) return (err); } +static int zcp_synctask_change_key(lua_State *, boolean_t, nvlist_t *); +static zcp_synctask_info_t zcp_synctask_change_key_info = { + .name = "change_key", + .func = zcp_synctask_change_key, + .pargs = { + { .za_name = "dataset", .za_lua_type = LUA_TSTRING }, + { .za_name = "key", .za_lua_type = LUA_TSTRING }, + { .za_name = "format", .za_lua_type = LUA_TSTRING }, + { NULL, 0 }, + }, + .kwargs = { + { NULL, 0 } + }, + .space_check = ZFS_SPACE_CHECK_RESERVED, + /* + * This is the same value that is used when zfs change-key is run. + * See spa_keystore_change_key() in dsl_crypt.c + */ + .blocks_modified = 15 +}; + +static int +zcp_synctask_change_key(lua_State *state, boolean_t sync, nvlist_t *err_details) +{ + int err; + spa_keystore_change_key_args_t skcka = { 0 }; + dsl_crypto_params_t *dcp = NULL; + const char *dsname; + const char *key; + const char *format; + size_t keylen; + uint64_t keyformat; + + dsname = lua_tostring(state, 1); + + /* + * The key may be raw key, which could contain NUL within it. + * Use lua_tolstring() instead of lua_tostring() to obtain the length. + */ + key = lua_tolstring(state, 2, &keylen); + + format = lua_tostring(state, 3); + + if (zfs_prop_string_to_index(ZFS_PROP_KEYFORMAT, format, + &keyformat) != 0) + return (SET_ERROR(EINVAL)); + + err = zcp_synctask_change_key_create_params(key, keylen, keyformat, + &dcp); + if (err != 0) + goto done; + + skcka.skcka_dsname = dsname; + skcka.skcka_cp = dcp; + + zcp_cleanup_handler_t *zch = zcp_register_cleanup(state, + (zcp_cleanup_t *)&zcp_synctask_change_key_cleanup, &skcka); + + err = zcp_sync_task(state, zcp_synctask_change_key_check, + zcp_synctask_change_key_sync, &skcka, sync, dsname); + + zcp_deregister_cleanup(state, zch); + +done: + dsl_crypto_params_free(dcp, (err != 0 || !sync) ? B_TRUE : B_FALSE); + return (err); +} + static int zcp_synctask_wrapper(lua_State *state) { @@ -468,6 +538,7 @@ zcp_load_synctask_lib(lua_State *state, boolean_t sync) &zcp_synctask_snapshot_info, &zcp_synctask_inherit_prop_info, &zcp_synctask_set_prop_info, + &zcp_synctask_change_key_info, NULL }; diff --git a/usr/src/uts/common/fs/zfs/zfs_ioctl.c b/usr/src/uts/common/fs/zfs/zfs_ioctl.c index 2b4c1d55e7..153dcf1502 100644 --- a/usr/src/uts/common/fs/zfs/zfs_ioctl.c +++ b/usr/src/uts/common/fs/zfs/zfs_ioctl.c @@ -3767,6 +3767,7 @@ zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl, uint64_t instrlimit, memlimit; boolean_t sync_flag; nvpair_t *nvarg = NULL; + nvlist_t *hidden_args = NULL; if (0 != nvlist_lookup_string(innvl, ZCP_ARG_PROGRAM, &program)) { return (EINVAL); @@ -3784,6 +3785,16 @@ zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl, return (EINVAL); } + /* hidden args are optional */ + if (nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args) == 0) { + nvlist_t *argnvl = fnvpair_value_nvlist(nvarg); + int ret; + + ret = nvlist_add_nvlist(argnvl, ZPOOL_HIDDEN_ARGS, hidden_args); + if (ret != 0) + return (ret); + } + if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit) return (EINVAL); if (memlimit == 0 || memlimit > zfs_lua_max_memlimit) diff --git a/usr/src/uts/common/fs/zfs/zfs_vnops.c b/usr/src/uts/common/fs/zfs/zfs_vnops.c index f33a1abe4f..99011b83b4 100644 --- a/usr/src/uts/common/fs/zfs/zfs_vnops.c +++ b/usr/src/uts/common/fs/zfs/zfs_vnops.c @@ -23,7 +23,7 @@ * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2017 by Delphix. All rights reserved. * Copyright (c) 2014 Integros [integros.com] - * Copyright 2019 Joyent, Inc. + * Copyright 2020 Joyent, Inc. * Copyright 2017 Nexenta Systems, Inc. */ @@ -377,6 +377,46 @@ zfs_ioctl(vnode_t *vp, int com, intptr_t data, int flag, cred_t *cred, return (0); } + case _FIODIRECTIO: + { + /* + * ZFS inherently provides the basic semantics for directio. + * This is the summary from the ZFS on Linux support for + * O_DIRECT, which is the common form of directio, and required + * no changes to ZFS. + * + * 1. Minimize cache effects of the I/O. + * + * By design the ARC is already scan-resistant, which helps + * mitigate the need for special O_DIRECT handling. + * + * 2. O_DIRECT _MAY_ impose restrictions on IO alignment and + * length. + * + * No additional alignment or length restrictions are + * imposed by ZFS. + * + * 3. O_DIRECT _MAY_ perform unbuffered IO operations directly + * between user memory and block device. + * + * No unbuffered IO operations are currently supported. In + * order to support features such as compression, encryption, + * and checksumming a copy must be made to transform the + * data. + * + * 4. O_DIRECT _MAY_ imply O_DSYNC (XFS). + * + * O_DIRECT does not imply O_DSYNC for ZFS. + * + * 5. O_DIRECT _MAY_ disable file locking that serializes IO + * operations. + * + * All I/O in ZFS is locked for correctness and this locking + * is not disabled by O_DIRECT. + */ + return (0); + } + case _FIO_SEEK_DATA: case _FIO_SEEK_HOLE: { |