1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 #include <sys/types.h>
  27 #include <sys/stat.h>
  28 #include <sys/errno.h>
  29 #include <sys/kmem.h>
  30 #include <sys/t_lock.h>
  31 #include <sys/ksynch.h>
  32 #include <sys/buf.h>
  33 #include <sys/vfs.h>
  34 #include <sys/vnode.h>
  35 #include <sys/mode.h>
  36 #include <sys/systm.h>
  37 #include <vm/seg.h>
  38 #include <sys/file.h>
  39 #include <sys/acl.h>
  40 #include <sys/fs/ufs_inode.h>
  41 #include <sys/fs/ufs_acl.h>
  42 #include <sys/fs/ufs_quota.h>
  43 #include <sys/sysmacros.h>
  44 #include <sys/debug.h>
  45 #include <sys/policy.h>
  46 
  47 /* Cache routines */
  48 static int si_signature(si_t *);
  49 static int si_cachei_get(struct inode *, si_t **);
  50 static int si_cachea_get(struct inode *, si_t *, si_t **);
  51 static int si_cmp(si_t *, si_t *);
  52 static void si_cache_put(si_t *);
  53 void si_cache_del(si_t *, int);
  54 void si_cache_init(void);
  55 
  56 static void ufs_si_free_mem(si_t *);
  57 static int ufs_si_store(struct inode *, si_t *, int, cred_t *);
  58 static si_t *ufs_acl_cp(si_t *);
  59 static int ufs_sectobuf(si_t *, caddr_t *, size_t *);
  60 static int acl_count(ufs_ic_acl_t *);
  61 static int acl_validate(aclent_t *, int, int);
  62 static int vsecattr2aclentry(vsecattr_t *, si_t **);
  63 static int aclentry2vsecattr(si_t *, vsecattr_t *);
  64 
  65 krwlock_t si_cache_lock;                /* Protects si_cache */
  66 int     si_cachecnt = 64;               /* # buckets in si_cache[a|i] */
  67 si_t    **si_cachea;                    /* The 'by acl' cache chains */
  68 si_t    **si_cachei;                    /* The 'by inode' cache chains */
  69 long    si_cachehit = 0;
  70 long    si_cachemiss = 0;
  71 
  72 #define SI_HASH(S)      ((int)(S) & (si_cachecnt - 1))
  73 
  74 /*
  75  * Store the new acls in aclp.  Attempts to make things atomic.
  76  * Search the acl cache for an identical sp and, if found, attach
  77  * the cache'd acl to ip. If the acl is new (not in the cache),
  78  * add it to the cache, then attach it to ip.  Last, remove and
  79  * decrement the reference count of any prior acl list attached
  80  * to the ip.
  81  *
  82  * Parameters:
  83  * ip - Ptr to inode to receive the acl list
  84  * sp - Ptr to in-core acl structure to attach to the inode.
  85  * puship - 0 do not push the object inode(ip) 1 push the ip
  86  * cr - Ptr to credentials
  87  *
  88  * Returns:     0 - Success
  89  *              N - From errno.h
  90  */
  91 static int
  92 ufs_si_store(struct inode *ip, si_t *sp, int puship, cred_t *cr)
  93 {
  94         struct vfs      *vfsp;
  95         struct inode    *sip;
  96         si_t            *oldsp;
  97         si_t            *csp;
  98         caddr_t         acldata;
  99         ino_t           oldshadow;
 100         size_t          acldatalen;
 101         off_t           offset;
 102         int             shadow;
 103         int             err;
 104         int             refcnt;
 105         int             usecnt;
 106         int             signature;
 107         int             resid;
 108         struct ufsvfs   *ufsvfsp        = ip->i_ufsvfs;
 109         struct fs       *fs             = ufsvfsp->vfs_fs;
 110 
 111         ASSERT(RW_WRITE_HELD(&ip->i_contents));
 112         ASSERT(ip->i_ufs_acl != sp);
 113 
 114         if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT))
 115                 return (ENOSYS);
 116 
 117         /*
 118          * if there are only the three owner/group/other then do not
 119          * create a shadow inode.  If there is already a shadow with
 120          * the file, remove it.
 121          *
 122          */
 123         if (!sp->ausers &&
 124             !sp->agroups &&
 125             !sp->downer &&
 126             !sp->dgroup &&
 127             !sp->dother &&
 128             sp->dclass.acl_ismask == 0 &&
 129             !sp->dusers &&
 130             !sp->dgroups) {
 131                 if (ip->i_ufs_acl)
 132                         err = ufs_si_free(ip->i_ufs_acl, ITOV(ip)->v_vfsp, cr);
 133                 ip->i_ufs_acl = NULL;
 134                 ip->i_shadow = 0;
 135                 ip->i_flag |= IMOD | IACC;
 136                 ip->i_mode = (ip->i_smode & ~0777) |
 137                     ((sp->aowner->acl_ic_perm & 07) << 6) |
 138                     (MASK2MODE(sp)) |
 139                     (sp->aother->acl_ic_perm & 07);
 140                 TRANS_INODE(ip->i_ufsvfs, ip);
 141                 ufs_iupdat(ip, 1);
 142                 ufs_si_free_mem(sp);
 143                 return (0);
 144         }
 145 
 146 loop:
 147 
 148         /*
 149          * Check cache. If in cache, use existing shadow inode.
 150          * Increment the shadow link count, then attach to the
 151          * cached ufs_acl_entry struct, and increment it's reference
 152          * count.  Then discard the passed-in ufs_acl_entry and
 153          * return.
 154          */
 155         if (si_cachea_get(ip, sp, &csp) == 0) {
 156                 ASSERT(RW_WRITE_HELD(&csp->s_lock));
 157                 if (ip->i_ufs_acl == csp) {
 158                         rw_exit(&csp->s_lock);
 159                         (void) ufs_si_free_mem(sp);
 160                         return (0);
 161                 }
 162                 vfsp = ITOV(ip)->v_vfsp;
 163                 ASSERT(csp->s_shadow <= INT_MAX);
 164                 shadow = (int)csp->s_shadow;
 165                 /*
 166                  * We can't call ufs_iget while holding the csp locked,
 167                  * because we might deadlock.  So we drop the
 168                  * lock on csp, then go search the si_cache again
 169                  * to see if the csp is still there.
 170                  */
 171                 rw_exit(&csp->s_lock);
 172                 if ((err = ufs_iget(vfsp, shadow, &sip, cr)) != 0) {
 173                         (void) ufs_si_free_mem(sp);
 174                         return (EIO);
 175                 }
 176                 rw_enter(&sip->i_contents, RW_WRITER);
 177                 if ((sip->i_mode & IFMT) != IFSHAD || sip->i_nlink <= 0) {
 178                         rw_exit(&sip->i_contents);
 179                         VN_RELE(ITOV(sip));
 180                         goto loop;
 181                 }
 182                 /* Get the csp again */
 183                 if (si_cachea_get(ip, sp, &csp) != 0) {
 184                         rw_exit(&sip->i_contents);
 185                         VN_RELE(ITOV(sip));
 186                         goto loop;
 187                 }
 188                 ASSERT(RW_WRITE_HELD(&csp->s_lock));
 189                 /* See if we got the right shadow */
 190                 if (csp->s_shadow != shadow) {
 191                         rw_exit(&csp->s_lock);
 192                         rw_exit(&sip->i_contents);
 193                         VN_RELE(ITOV(sip));
 194                         goto loop;
 195                 }
 196                 ASSERT(RW_WRITE_HELD(&sip->i_contents));
 197                 ASSERT(sip->i_dquot == 0);
 198                 /* Increment link count */
 199                 ASSERT(sip->i_nlink > 0);
 200                 sip->i_nlink++;
 201                 TRANS_INODE(ufsvfsp, sip);
 202                 csp->s_use = sip->i_nlink;
 203                 csp->s_ref++;
 204                 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use);
 205                 sip->i_flag |= ICHG | IMOD;
 206                 sip->i_seq++;
 207                 ITIMES_NOLOCK(sip);
 208                 /*
 209                  * Always release s_lock before both releasing i_contents
 210                  * and calling VN_RELE.
 211                  */
 212                 rw_exit(&csp->s_lock);
 213                 rw_exit(&sip->i_contents);
 214                 VN_RELE(ITOV(sip));
 215                 (void) ufs_si_free_mem(sp);
 216                 sp = csp;
 217                 si_cachehit++;
 218                 goto switchshadows;
 219         }
 220 
 221         /* Alloc a shadow inode and fill it in */
 222         err = ufs_ialloc(ip, ip->i_number, (mode_t)IFSHAD, &sip, cr);
 223         if (err) {
 224                 (void) ufs_si_free_mem(sp);
 225                 return (err);
 226         }
 227         rw_enter(&sip->i_contents, RW_WRITER);
 228         sip->i_flag |= IACC | IUPD | ICHG;
 229         sip->i_seq++;
 230         sip->i_mode = (o_mode_t)IFSHAD;
 231         ITOV(sip)->v_type = VREG;
 232         ufs_reset_vnode(ITOV(sip));
 233         sip->i_nlink = 1;
 234         sip->i_uid = crgetuid(cr);
 235         sip->i_suid = (ulong_t)sip->i_uid > (ulong_t)USHRT_MAX ?
 236             UID_LONG : sip->i_uid;
 237         sip->i_gid = crgetgid(cr);
 238         sip->i_sgid = (ulong_t)sip->i_gid > (ulong_t)USHRT_MAX ?
 239             GID_LONG : sip->i_gid;
 240         sip->i_shadow = 0;
 241         TRANS_INODE(ufsvfsp, sip);
 242         sip->i_ufs_acl = NULL;
 243         ASSERT(sip->i_size == 0);
 244 
 245         sp->s_shadow = sip->i_number;
 246 
 247         if ((err = ufs_sectobuf(sp, &acldata, &acldatalen)) != 0)
 248                 goto errout;
 249         offset = 0;
 250 
 251         /*
 252          * We don't actually care about the residual count upon failure,
 253          * but giving ufs_rdwri() the pointer means it won't translate
 254          * all failures to EIO.  Our caller needs to know when ENOSPC
 255          * gets hit.
 256          */
 257         resid = 0;
 258         if (((err = ufs_rdwri(UIO_WRITE, FWRITE|FSYNC, sip, acldata,
 259             acldatalen, (offset_t)0, UIO_SYSSPACE, &resid, cr)) != 0) ||
 260             (resid != 0)) {
 261                 kmem_free(acldata, acldatalen);
 262                 if ((resid != 0) && (err == 0))
 263                         err = ENOSPC;
 264                 goto errout;
 265         }
 266 
 267         offset += acldatalen;
 268         if ((acldatalen + fs->fs_bsize) > ufsvfsp->vfs_maxacl)
 269                 ufsvfsp->vfs_maxacl = acldatalen + fs->fs_bsize;
 270 
 271         kmem_free(acldata, acldatalen);
 272         /* Sync & free the shadow inode */
 273         ufs_iupdat(sip, 1);
 274         rw_exit(&sip->i_contents);
 275         VN_RELE(ITOV(sip));
 276 
 277         /* We're committed to using this sp */
 278         sp->s_use = 1;
 279         sp->s_ref = 1;
 280 
 281         /* Now put the new acl stuff in the cache */
 282         /* XXX Might make a duplicate */
 283         si_cache_put(sp);
 284         si_cachemiss++;
 285 
 286 switchshadows:
 287         /* Now switch the parent inode to use the new shadow inode */
 288         ASSERT(RW_WRITE_HELD(&ip->i_contents));
 289         rw_enter(&sp->s_lock, RW_READER);
 290         oldsp = ip->i_ufs_acl;
 291         oldshadow = ip->i_shadow;
 292         ip->i_ufs_acl = sp;
 293         ASSERT(sp->s_shadow <= INT_MAX);
 294         ip->i_shadow = (int32_t)sp->s_shadow;
 295         ASSERT(oldsp != sp);
 296         ASSERT(oldshadow != ip->i_number);
 297         ASSERT(ip->i_number != ip->i_shadow);
 298         /*
 299          * Change the mode bits to follow the acl list
 300          *
 301          * NOTE:        a directory is not required to have a "regular" acl
 302          *              bug id's 1238908,  1257173, 1263171 and 1263188
 303          *
 304          *              but if a "regular" acl is present, it must contain
 305          *              an "owner", "group", and "other" acl
 306          *
 307          *              If an ACL mask exists, the effective group rights are
 308          *              set to the mask.  Otherwise, the effective group rights
 309          *              are set to the object group bits.
 310          */
 311         if (sp->aowner) {                            /* Owner */
 312                 ip->i_mode &= ~0700;                     /* clear Owner */
 313                 ip->i_mode |= (sp->aowner->acl_ic_perm & 07) << 6;
 314                 ip->i_uid = sp->aowner->acl_ic_who;
 315         }
 316 
 317         if (sp->agroup) {                            /* Group */
 318                 ip->i_mode &= ~0070;                     /* clear Group */
 319                 ip->i_mode |= MASK2MODE(sp);         /* apply mask */
 320                 ip->i_gid = sp->agroup->acl_ic_who;
 321         }
 322 
 323         if (sp->aother) {                            /* Other */
 324                 ip->i_mode &= ~0007;                     /* clear Other */
 325                 ip->i_mode |= (sp->aother->acl_ic_perm & 07);
 326         }
 327 
 328         if (sp->aclass.acl_ismask)
 329                 ip->i_mode = (ip->i_mode & ~070) |
 330                     (((sp->aclass.acl_maskbits & 07) << 3) &
 331                     ip->i_mode);
 332 
 333         TRANS_INODE(ufsvfsp, ip);
 334         rw_exit(&sp->s_lock);
 335         ip->i_flag |= ICHG;
 336         ip->i_seq++;
 337         /*
 338          * when creating a file there is no need to push the inode, it
 339          * is pushed later
 340          */
 341         if (puship == 1)
 342                 ufs_iupdat(ip, 1);
 343 
 344         /*
 345          * Decrement link count on the old shadow inode,
 346          * and decrement reference count on the old aclp,
 347          */
 348         if (oldshadow) {
 349                 /* Get the shadow inode */
 350                 ASSERT(RW_WRITE_HELD(&ip->i_contents));
 351                 vfsp = ITOV(ip)->v_vfsp;
 352                 if ((err = ufs_iget_alloced(vfsp, oldshadow, &sip, cr)) != 0) {
 353                         return (EIO);
 354                 }
 355                 /* Decrement link count */
 356                 rw_enter(&sip->i_contents, RW_WRITER);
 357                 if (oldsp)
 358                         rw_enter(&oldsp->s_lock, RW_WRITER);
 359                 ASSERT(sip->i_dquot == 0);
 360                 ASSERT(sip->i_nlink > 0);
 361                 usecnt = --sip->i_nlink;
 362                 ufs_setreclaim(sip);
 363                 TRANS_INODE(ufsvfsp, sip);
 364                 sip->i_flag |= ICHG | IMOD;
 365                 sip->i_seq++;
 366                 ITIMES_NOLOCK(sip);
 367                 if (oldsp) {
 368                         oldsp->s_use = usecnt;
 369                         refcnt = --oldsp->s_ref;
 370                         signature = oldsp->s_signature;
 371                         /*
 372                          * Always release s_lock before both releasing
 373                          * i_contents and calling VN_RELE.
 374                          */
 375                         rw_exit(&oldsp->s_lock);
 376                 }
 377                 rw_exit(&sip->i_contents);
 378                 VN_RELE(ITOV(sip));
 379                 if (oldsp && (refcnt == 0))
 380                         si_cache_del(oldsp, signature);
 381         }
 382         return (0);
 383 
 384 errout:
 385         /* Throw the newly alloc'd inode away */
 386         sip->i_nlink = 0;
 387         ufs_setreclaim(sip);
 388         TRANS_INODE(ufsvfsp, sip);
 389         ITIMES_NOLOCK(sip);
 390         rw_exit(&sip->i_contents);
 391         VN_RELE(ITOV(sip));
 392         ASSERT(!sp->s_use && !sp->s_ref && !(sp->s_flags & SI_CACHED));
 393         (void) ufs_si_free_mem(sp);
 394         return (err);
 395 }
 396 
 397 /*
 398  * Load the acls for inode ip either from disk (adding to the cache),
 399  * or search the cache and attach the cache'd acl list to the ip.
 400  * In either case, maintain the proper reference count on the cached entry.
 401  *
 402  * Parameters:
 403  * ip - Ptr to the inode which needs the acl list loaded
 404  * cr - Ptr to credentials
 405  *
 406  * Returns:     0 - Success
 407  *              N - From errno.h
 408  */
 409 int
 410 ufs_si_load(struct inode *ip, cred_t *cr)
 411 /*
 412  *      ip      parent inode in
 413  *      cr      credentials in
 414  */
 415 {
 416         struct vfs      *vfsp;
 417         struct inode    *sip;
 418         ufs_fsd_t       *fsdp;
 419         si_t            *sp;
 420         vsecattr_t      vsecattr = {
 421                                 (uint_t)0,
 422                                 (int)0,
 423                                 (void *)NULL,
 424                                 (int)0,
 425                                 (void *)NULL};
 426         aclent_t        *aclp;
 427         ufs_acl_t       *ufsaclp;
 428         caddr_t         acldata = NULL;
 429         ino_t           maxino;
 430         int             err;
 431         size_t          acldatalen;
 432         int             numacls;
 433         int             shadow;
 434         int             usecnt;
 435         struct ufsvfs   *ufsvfsp        = ip->i_ufsvfs;
 436         struct fs       *fs             = ufsvfsp->vfs_fs;
 437 
 438         ASSERT(ip != NULL);
 439         ASSERT(RW_WRITE_HELD(&ip->i_contents));
 440         ASSERT(ip->i_shadow && ip->i_ufs_acl == NULL);
 441         ASSERT((ip->i_mode & IFMT) != IFSHAD);
 442 
 443         if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT))
 444                 return (ENOSYS);
 445 
 446         if (ip->i_shadow == ip->i_number)
 447                 return (EIO);
 448 
 449         maxino = (ino_t)(ITOF(ip)->fs_ncg * ITOF(ip)->fs_ipg);
 450         if (ip->i_shadow < UFSROOTINO || ip->i_shadow > maxino)
 451                 return (EIO);
 452 
 453         /*
 454          * XXX Check cache.  If in cache, link to it and increment
 455          * the reference count, then return.
 456          */
 457         if (si_cachei_get(ip, &sp) == 0) {
 458                 ASSERT(RW_WRITE_HELD(&sp->s_lock));
 459                 ip->i_ufs_acl = sp;
 460                 sp->s_ref++;
 461                 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use);
 462                 rw_exit(&sp->s_lock);
 463                 si_cachehit++;
 464                 return (0);
 465         }
 466 
 467         /* Get the shadow inode */
 468         vfsp = ITOV(ip)->v_vfsp;
 469         shadow = ip->i_shadow;
 470         if ((err = ufs_iget_alloced(vfsp, shadow, &sip, cr)) != 0) {
 471                 return (err);
 472         }
 473         rw_enter(&sip->i_contents, RW_WRITER);
 474 
 475         if ((sip->i_mode & IFMT) != IFSHAD) {
 476                 rw_exit(&sip->i_contents);
 477                 err = EINVAL;
 478                 goto alldone;
 479         }
 480 
 481         ASSERT(sip->i_dquot == 0);
 482         usecnt = sip->i_nlink;
 483         if ((!ULOCKFS_IS_NOIACC(&ufsvfsp->vfs_ulockfs)) &&
 484             (!(sip)->i_ufsvfs->vfs_noatime)) {
 485                 sip->i_flag |= IACC;
 486         }
 487         rw_downgrade(&sip->i_contents);
 488 
 489         ASSERT(sip->i_size <= MAXOFF_T);
 490         /* Read the acl's and other stuff from disk */
 491         acldata  = kmem_zalloc((size_t)sip->i_size, KM_SLEEP);
 492         acldatalen = sip->i_size;
 493 
 494         err = ufs_rdwri(UIO_READ, FREAD, sip, acldata, acldatalen, (offset_t)0,
 495             UIO_SYSSPACE, (int *)0, cr);
 496 
 497         rw_exit(&sip->i_contents);
 498 
 499         if (err)
 500                 goto alldone;
 501 
 502         /*
 503          * Convert from disk format
 504          * Result is a vsecattr struct which we then convert to the
 505          * si struct.
 506          */
 507         bzero((caddr_t)&vsecattr, sizeof (vsecattr_t));
 508         for (fsdp = (ufs_fsd_t *)acldata;
 509                         fsdp < (ufs_fsd_t *)(acldata + acldatalen);
 510                         fsdp = (ufs_fsd_t *)((caddr_t)fsdp +
 511                                 FSD_RECSZ(fsdp, fsdp->fsd_size))) {
 512                 if (fsdp->fsd_size <= 0)
 513                         break;
 514                 switch (fsdp->fsd_type) {
 515                 case FSD_ACL:
 516                         numacls = vsecattr.vsa_aclcnt =
 517                                 (int)((fsdp->fsd_size - 2 * sizeof (int)) /
 518                                                         sizeof (ufs_acl_t));
 519                         aclp = vsecattr.vsa_aclentp =
 520                         kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP);
 521                         for (ufsaclp = (ufs_acl_t *)fsdp->fsd_data;
 522                                                         numacls; ufsaclp++) {
 523                                 aclp->a_type = ufsaclp->acl_tag;
 524                                 aclp->a_id = ufsaclp->acl_who;
 525                                 aclp->a_perm = ufsaclp->acl_perm;
 526                                 aclp++;
 527                                 numacls--;
 528                         }
 529                         break;
 530                 case FSD_DFACL:
 531                         numacls = vsecattr.vsa_dfaclcnt =
 532                                 (int)((fsdp->fsd_size - 2 * sizeof (int)) /
 533                                                         sizeof (ufs_acl_t));
 534                         aclp = vsecattr.vsa_dfaclentp =
 535                         kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP);
 536                         for (ufsaclp = (ufs_acl_t *)fsdp->fsd_data;
 537                                                         numacls; ufsaclp++) {
 538                                 aclp->a_type = ufsaclp->acl_tag;
 539                                 aclp->a_id = ufsaclp->acl_who;
 540                                 aclp->a_perm = ufsaclp->acl_perm;
 541                                 aclp++;
 542                                 numacls--;
 543                         }
 544                         break;
 545                 }
 546         }
 547         /* Sort the lists */
 548         if (vsecattr.vsa_aclentp) {
 549                 ksort((caddr_t)vsecattr.vsa_aclentp, vsecattr.vsa_aclcnt,
 550                                 sizeof (aclent_t), cmp2acls);
 551                 if ((err = acl_validate(vsecattr.vsa_aclentp,
 552                                 vsecattr.vsa_aclcnt, ACL_CHECK)) != 0) {
 553                         goto alldone;
 554                 }
 555         }
 556         if (vsecattr.vsa_dfaclentp) {
 557                 ksort((caddr_t)vsecattr.vsa_dfaclentp, vsecattr.vsa_dfaclcnt,
 558                                 sizeof (aclent_t), cmp2acls);
 559                 if ((err = acl_validate(vsecattr.vsa_dfaclentp,
 560                                 vsecattr.vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) {
 561                         goto alldone;
 562                 }
 563         }
 564 
 565         /* ignore shadow inodes without ACLs */
 566         if (!vsecattr.vsa_aclentp && !vsecattr.vsa_dfaclentp) {
 567                 err = 0;
 568                 goto alldone;
 569         }
 570 
 571         /* Convert from vsecattr struct to ufs_acl_entry struct */
 572         if ((err = vsecattr2aclentry(&vsecattr, &sp)) != 0) {
 573                 goto alldone;
 574         }
 575 
 576         /* There aren't filled in by vsecattr2aclentry */
 577         sp->s_shadow = ip->i_shadow;
 578         sp->s_dev = ip->i_dev;
 579         sp->s_use = usecnt;
 580         sp->s_ref = 1;
 581         ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use);
 582 
 583         /* XXX Might make a duplicate */
 584         si_cache_put(sp);
 585 
 586         /* Signal anyone waiting on this shadow to be loaded */
 587         ip->i_ufs_acl = sp;
 588         err = 0;
 589         si_cachemiss++;
 590         if ((acldatalen + fs->fs_bsize) > ufsvfsp->vfs_maxacl)
 591                 ufsvfsp->vfs_maxacl = acldatalen + fs->fs_bsize;
 592 alldone:
 593         /*
 594          * Common exit point. Mark shadow inode as ISTALE
 595          * if we detect an internal inconsistency, to
 596          * prevent stray inodes appearing in the cache.
 597          */
 598         if (err) {
 599                 rw_enter(&sip->i_contents, RW_READER);
 600                 mutex_enter(&sip->i_tlock);
 601                 sip->i_flag |= ISTALE;
 602                 mutex_exit(&sip->i_tlock);
 603                 rw_exit(&sip->i_contents);
 604         }
 605         VN_RELE(ITOV(sip));
 606 
 607         /*
 608          * Cleanup of data structures allocated
 609          * on the fly.
 610          */
 611         if (acldata)
 612                 kmem_free(acldata, acldatalen);
 613 
 614         if (vsecattr.vsa_aclentp)
 615                 kmem_free(vsecattr.vsa_aclentp,
 616                         vsecattr.vsa_aclcnt * sizeof (aclent_t));
 617         if (vsecattr.vsa_dfaclentp)
 618                 kmem_free(vsecattr.vsa_dfaclentp,
 619                         vsecattr.vsa_dfaclcnt * sizeof (aclent_t));
 620         return (err);
 621 }
 622 
 623 /*
 624  * Check the inode's ACL's to see if this mode of access is
 625  * allowed; return 0 if allowed, EACCES if not.
 626  *
 627  * We follow the procedure defined in Sec. 3.3.5, ACL Access
 628  * Check Algorithm, of the POSIX 1003.6 Draft Standard.
 629  */
 630 int
 631 ufs_acl_access(struct inode *ip, int mode, cred_t *cr)
 632 /*
 633  *      ip      parent inode
 634  *      mode    mode of access read, write, execute/examine
 635  *      cr      credentials
 636  */
 637 {
 638         ufs_ic_acl_t *acl;
 639         int ismask, mask = 0;
 640         int gperm = 0;
 641         int ngroup = 0;
 642         si_t    *sp = NULL;
 643         uid_t uid = crgetuid(cr);
 644         uid_t owner;
 645 
 646         ASSERT(ip->i_ufs_acl != NULL);
 647         ASSERT(RW_LOCK_HELD(&ip->i_contents));
 648 
 649         sp = ip->i_ufs_acl;
 650 
 651         ismask = sp->aclass.acl_ismask ?
 652             sp->aclass.acl_ismask : NULL;
 653 
 654         if (ismask)
 655                 mask = sp->aclass.acl_maskbits;
 656         else
 657                 mask = -1;
 658 
 659         /*
 660          * (1) If user owns the file, obey user mode bits
 661          */
 662         owner = sp->aowner->acl_ic_who;
 663         if (uid == owner) {
 664                 return (MODE_CHECK(owner, mode, (sp->aowner->acl_ic_perm << 6),
 665                                                             cr, ip));
 666         }
 667 
 668         /*
 669          * (2) Obey any matching ACL_USER entry
 670          */
 671         if (sp->ausers)
 672                 for (acl = sp->ausers; acl != NULL; acl = acl->acl_ic_next) {
 673                         if (acl->acl_ic_who == uid) {
 674                                 return (MODE_CHECK(owner, mode,
 675                                     (mask & acl->acl_ic_perm) << 6, cr, ip));
 676                         }
 677                 }
 678 
 679         /*
 680          * (3) If user belongs to file's group, obey group mode bits
 681          * if no ACL mask is defined; if there is an ACL mask, we look
 682          * at both the group mode bits and any ACL_GROUP entries.
 683          */
 684         if (groupmember((uid_t)sp->agroup->acl_ic_who, cr)) {
 685                 ngroup++;
 686                 gperm = (sp->agroup->acl_ic_perm);
 687                 if (!ismask)
 688                         return (MODE_CHECK(owner, mode, (gperm << 6), cr, ip));
 689         }
 690 
 691         /*
 692          * (4) Accumulate the permissions in matching ACL_GROUP entries
 693          */
 694         if (sp->agroups)
 695                 for (acl = sp->agroups; acl != NULL; acl = acl->acl_ic_next)
 696                 {
 697                         if (groupmember(acl->acl_ic_who, cr)) {
 698                                 ngroup++;
 699                                 gperm |= acl->acl_ic_perm;
 700                         }
 701                 }
 702 
 703         if (ngroup != 0)
 704                 return (MODE_CHECK(owner, mode, ((gperm & mask) << 6), cr, ip));
 705 
 706         /*
 707          * (5) Finally, use the "other" mode bits
 708          */
 709         return (MODE_CHECK(owner, mode, sp->aother->acl_ic_perm << 6, cr, ip));
 710 }
 711 
 712 /*ARGSUSED2*/
 713 int
 714 ufs_acl_get(struct inode *ip, vsecattr_t *vsap, int flag, cred_t *cr)
 715 {
 716         aclent_t        *aclentp;
 717 
 718         ASSERT(RW_LOCK_HELD(&ip->i_contents));
 719 
 720         /* XXX Range check, sanity check, shadow check */
 721         /* If an ACL is present, get the data from the shadow inode info */
 722         if (ip->i_ufs_acl)
 723                 return (aclentry2vsecattr(ip->i_ufs_acl, vsap));
 724 
 725         /*
 726          * If no ACLs are present, fabricate one from the mode bits.
 727          * This code is almost identical to fs_fab_acl(), but we
 728          * already have the mode bits handy, so we'll avoid going
 729          * through VOP_GETATTR() again.
 730          */
 731 
 732         vsap->vsa_aclcnt    = 0;
 733         vsap->vsa_aclentp   = NULL;
 734         vsap->vsa_dfaclcnt  = 0;     /* Default ACLs are not fabricated */
 735         vsap->vsa_dfaclentp = NULL;
 736 
 737         if (vsap->vsa_mask & (VSA_ACLCNT | VSA_ACL))
 738                 vsap->vsa_aclcnt    = 4;  /* USER, GROUP, OTHER, and CLASS */
 739 
 740         if (vsap->vsa_mask & VSA_ACL) {
 741                 vsap->vsa_aclentp = kmem_zalloc(4 * sizeof (aclent_t),
 742                     KM_SLEEP);
 743                 if (vsap->vsa_aclentp == NULL)
 744                         return (ENOMEM);
 745                 aclentp = vsap->vsa_aclentp;
 746 
 747                 /* Owner */
 748                 aclentp->a_type = USER_OBJ;
 749                 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0700)) >> 6;
 750                 aclentp->a_id = ip->i_uid;        /* Really undefined */
 751                 aclentp++;
 752 
 753                 /* Group */
 754                 aclentp->a_type = GROUP_OBJ;
 755                 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0070)) >> 3;
 756                 aclentp->a_id = ip->i_gid;        /* Really undefined */
 757                 aclentp++;
 758 
 759                 /* Other */
 760                 aclentp->a_type = OTHER_OBJ;
 761                 aclentp->a_perm = ip->i_mode & 0007;
 762                 aclentp->a_id = 0;           /* Really undefined */
 763                 aclentp++;
 764 
 765                 /* Class */
 766                 aclentp->a_type = CLASS_OBJ;
 767                 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0070)) >> 3;
 768                 aclentp->a_id = 0;           /* Really undefined */
 769                 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt,
 770                     sizeof (aclent_t), cmp2acls);
 771         }
 772 
 773         return (0);
 774 }
 775 
 776 /*ARGSUSED2*/
 777 int
 778 ufs_acl_set(struct inode *ip, vsecattr_t *vsap, int flag, cred_t *cr)
 779 {
 780         si_t    *sp;
 781         int     err;
 782 
 783         ASSERT(RW_WRITE_HELD(&ip->i_contents));
 784 
 785         if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT))
 786                 return (ENOSYS);
 787 
 788         /*
 789          * only the owner of the file or privileged users can change the ACLs
 790          */
 791         if (secpolicy_vnode_setdac(cr, ip->i_uid) != 0)
 792                 return (EPERM);
 793 
 794         /* Convert from vsecattr struct to ufs_acl_entry struct */
 795         if ((err = vsecattr2aclentry(vsap, &sp)) != 0)
 796                 return (err);
 797         sp->s_dev = ip->i_dev;
 798 
 799         /*
 800          * Make the user & group objs in the acl list follow what's
 801          * in the inode.
 802          */
 803 #ifdef DEBUG
 804         if (vsap->vsa_mask == VSA_ACL) {
 805                 ASSERT(sp->aowner);
 806                 ASSERT(sp->agroup);
 807                 ASSERT(sp->aother);
 808         }
 809 #endif  /* DEBUG */
 810 
 811         if (sp->aowner)
 812                 sp->aowner->acl_ic_who = ip->i_uid;
 813         if (sp->agroup)
 814                 sp->agroup->acl_ic_who = ip->i_gid;
 815 
 816         /*
 817          * Write and cache the new acl list
 818          */
 819         err = ufs_si_store(ip, sp, 1, cr);
 820 
 821         return (err);
 822 }
 823 
 824 /*
 825  * XXX Scan sorted array of acl's, checking for:
 826  * 1) Any duplicate/conflicting entries (same type and id)
 827  * 2) More than 1 of USER_OBJ, GROUP_OBJ, OTHER_OBJ, CLASS_OBJ
 828  * 3) More than 1 of DEF_USER_OBJ, DEF_GROUP_OBJ, DEF_OTHER_OBJ, DEF_CLASS_OBJ
 829  *
 830  * Parameters:
 831  * aclentp - ptr to sorted list of acl entries.
 832  * nentries - # acl entries on the list
 833  * flag - Bitmap (ACL_CHECK and/or DEF_ACL_CHECK) indicating whether the
 834  * list contains regular acls, default acls, or both.
 835  *
 836  * Returns:     0 - Success
 837  * EINVAL - Invalid list (dups or multiple entries of type USER_OBJ, etc)
 838  */
 839 static int
 840 acl_validate(aclent_t *aclentp, int nentries, int flag)
 841 {
 842         int     i;
 843         int     nuser_objs = 0;
 844         int     ngroup_objs = 0;
 845         int     nother_objs = 0;
 846         int     nclass_objs = 0;
 847         int     ndef_user_objs = 0;
 848         int     ndef_group_objs = 0;
 849         int     ndef_other_objs = 0;
 850         int     ndef_class_objs = 0;
 851         int     nusers = 0;
 852         int     ngroups = 0;
 853         int     ndef_users = 0;
 854         int     ndef_groups = 0;
 855         int     numdefs = 0;
 856 
 857         /* Null list or list of one */
 858         if (aclentp == NULL)
 859                 return (0);
 860 
 861         if (nentries <= 0)
 862                 return (EINVAL);
 863 
 864         for (i = 1; i < nentries; i++) {
 865                 if (((aclentp[i - 1].a_type == aclentp[i].a_type) &&
 866                     (aclentp[i - 1].a_id   == aclentp[i].a_id)) ||
 867                     (aclentp[i - 1].a_perm > 07)) {
 868                         return (EINVAL);
 869                 }
 870         }
 871 
 872         if (flag == 0 || (flag != ACL_CHECK && flag != DEF_ACL_CHECK))
 873                 return (EINVAL);
 874 
 875         /* Count types */
 876         for (i = 0; i < nentries; i++) {
 877                 switch (aclentp[i].a_type) {
 878                 case USER_OBJ:          /* Owner */
 879                         nuser_objs++;
 880                         break;
 881                 case GROUP_OBJ:         /* Group */
 882                         ngroup_objs++;
 883                         break;
 884                 case OTHER_OBJ:         /* Other */
 885                         nother_objs++;
 886                         break;
 887                 case CLASS_OBJ:         /* Mask */
 888                         nclass_objs++;
 889                         break;
 890                 case DEF_USER_OBJ:      /* Default Owner */
 891                         ndef_user_objs++;
 892                         break;
 893                 case DEF_GROUP_OBJ:     /* Default Group */
 894                         ndef_group_objs++;
 895                         break;
 896                 case DEF_OTHER_OBJ:     /* Default Other */
 897                         ndef_other_objs++;
 898                         break;
 899                 case DEF_CLASS_OBJ:     /* Default Mask */
 900                         ndef_class_objs++;
 901                         break;
 902                 case USER:              /* Users */
 903                         nusers++;
 904                         break;
 905                 case GROUP:             /* Groups */
 906                         ngroups++;
 907                         break;
 908                 case DEF_USER:          /* Default Users */
 909                         ndef_users++;
 910                         break;
 911                 case DEF_GROUP:         /* Default Groups */
 912                         ndef_groups++;
 913                         break;
 914                 default:                /* Unknown type */
 915                         return (EINVAL);
 916                 }
 917         }
 918 
 919         /*
 920          * For normal acl's, we require there be one (and only one)
 921          * USER_OBJ, GROUP_OBJ and OTHER_OBJ.  There is either zero
 922          * or one CLASS_OBJ.
 923          */
 924         if (flag & ACL_CHECK) {
 925                 if (nuser_objs != 1 || ngroup_objs != 1 ||
 926                     nother_objs != 1 || nclass_objs > 1) {
 927                         return (EINVAL);
 928                 }
 929                 /*
 930                  * If there are ANY group acls, there MUST be a
 931                  * class_obj(mask) acl (1003.6/D12 p. 29 lines 75-80).
 932                  */
 933                 if (ngroups && !nclass_objs) {
 934                         return (EINVAL);
 935                 }
 936                 if (nuser_objs + ngroup_objs + nother_objs + nclass_objs +
 937                     ngroups + nusers > MAX_ACL_ENTRIES)
 938                         return (EINVAL);
 939         }
 940 
 941         /*
 942          * For default acl's, we require that there be either one (and only one)
 943          * DEF_USER_OBJ, DEF_GROUP_OBJ and DEF_OTHER_OBJ
 944          * or  there be none of them.
 945          */
 946         if (flag & DEF_ACL_CHECK) {
 947                 if (ndef_other_objs > 1 || ndef_user_objs > 1 ||
 948                     ndef_group_objs > 1 || ndef_class_objs > 1) {
 949                         return (EINVAL);
 950                 }
 951 
 952                 numdefs = ndef_other_objs + ndef_user_objs + ndef_group_objs;
 953 
 954                 if (numdefs != 0 && numdefs != 3) {
 955                         return (EINVAL);
 956                 }
 957                 /*
 958                  * If there are ANY def_group acls, there MUST be a
 959                  * def_class_obj(mask) acl (1003.6/D12 P. 29 lines 75-80).
 960                  * XXX(jimh) This is inferred.
 961                  */
 962                 if (ndef_groups && !ndef_class_objs) {
 963                         return (EINVAL);
 964                 }
 965                 if ((ndef_users || ndef_groups) &&
 966                     ((numdefs != 3) && !ndef_class_objs)) {
 967                         return (EINVAL);
 968                 }
 969                 if (ndef_user_objs + ndef_group_objs + ndef_other_objs +
 970                     ndef_class_objs + ndef_users + ndef_groups >
 971                     MAX_ACL_ENTRIES)
 972                         return (EINVAL);
 973         }
 974         return (0);
 975 }
 976 
 977 static int
 978 formacl(ufs_ic_acl_t **aclpp, aclent_t *aclentp)
 979 {
 980         ufs_ic_acl_t *uaclp;
 981 
 982         uaclp = kmem_alloc(sizeof (ufs_ic_acl_t), KM_SLEEP);
 983         uaclp->acl_ic_perm = aclentp->a_perm;
 984         uaclp->acl_ic_who = aclentp->a_id;
 985         uaclp->acl_ic_next = *aclpp;
 986         *aclpp = uaclp;
 987         return (0);
 988 }
 989 
 990 /*
 991  * XXX - Make more efficient
 992  * Convert from the vsecattr struct, used by the VOP interface, to
 993  * the ufs_acl_entry struct used for in-core storage of acl's.
 994  *
 995  * Parameters:
 996  * vsap - Ptr to array of security attributes.
 997  * spp - Ptr to ptr to si struct for the results
 998  *
 999  * Returns:     0 - Success
1000  *              N - From errno.h
1001  */
1002 static int
1003 vsecattr2aclentry(vsecattr_t *vsap, si_t **spp)
1004 {
1005         aclent_t        *aclentp, *aclp;
1006         si_t            *sp;
1007         int             err;
1008         int             i;
1009 
1010         /* Sort & validate the lists on the vsap */
1011         ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt,
1012             sizeof (aclent_t), cmp2acls);
1013         ksort((caddr_t)vsap->vsa_dfaclentp, vsap->vsa_dfaclcnt,
1014             sizeof (aclent_t), cmp2acls);
1015         if ((err = acl_validate(vsap->vsa_aclentp,
1016             vsap->vsa_aclcnt, ACL_CHECK)) != 0)
1017                 return (err);
1018         if ((err = acl_validate(vsap->vsa_dfaclentp,
1019             vsap->vsa_dfaclcnt, DEF_ACL_CHECK)) != 0)
1020                 return (err);
1021 
1022         /* Create new si struct and hang acl's off it */
1023         sp = kmem_zalloc(sizeof (si_t), KM_SLEEP);
1024         rw_init(&sp->s_lock, NULL, RW_DEFAULT, NULL);
1025 
1026         /* Process acl list */
1027         aclp = (aclent_t *)vsap->vsa_aclentp;
1028         aclentp = aclp + vsap->vsa_aclcnt - 1;
1029         for (i = 0; i < vsap->vsa_aclcnt; i++) {
1030                 switch (aclentp->a_type) {
1031                 case USER_OBJ:          /* Owner */
1032                         if (err = formacl(&sp->aowner, aclentp))
1033                                 goto error;
1034                         break;
1035                 case GROUP_OBJ:         /* Group */
1036                         if (err = formacl(&sp->agroup, aclentp))
1037                                 goto error;
1038                         break;
1039                 case OTHER_OBJ:         /* Other */
1040                         if (err = formacl(&sp->aother, aclentp))
1041                                 goto error;
1042                         break;
1043                 case USER:
1044                         if (err = formacl(&sp->ausers, aclentp))
1045                                 goto error;
1046                         break;
1047                 case CLASS_OBJ:         /* Mask */
1048                         sp->aclass.acl_ismask = 1;
1049                         sp->aclass.acl_maskbits = aclentp->a_perm;
1050                         break;
1051                 case GROUP:
1052                         if (err = formacl(&sp->agroups, aclentp))
1053                                 goto error;
1054                         break;
1055                 default:
1056                         break;
1057                 }
1058                 aclentp--;
1059         }
1060 
1061         /* Process default acl list */
1062         aclp = (aclent_t *)vsap->vsa_dfaclentp;
1063         aclentp = aclp + vsap->vsa_dfaclcnt - 1;
1064         for (i = 0; i < vsap->vsa_dfaclcnt; i++) {
1065                 switch (aclentp->a_type) {
1066                 case DEF_USER_OBJ:      /* Default Owner */
1067                         if (err = formacl(&sp->downer, aclentp))
1068                                 goto error;
1069                         break;
1070                 case DEF_GROUP_OBJ:     /* Default Group */
1071                         if (err = formacl(&sp->dgroup, aclentp))
1072                                 goto error;
1073                         break;
1074                 case DEF_OTHER_OBJ:     /* Default Other */
1075                         if (err = formacl(&sp->dother, aclentp))
1076                                 goto error;
1077                         break;
1078                 case DEF_USER:
1079                         if (err = formacl(&sp->dusers, aclentp))
1080                                 goto error;
1081                         break;
1082                 case DEF_CLASS_OBJ:     /* Default Mask */
1083                         sp->dclass.acl_ismask = 1;
1084                         sp->dclass.acl_maskbits = aclentp->a_perm;
1085                         break;
1086                 case DEF_GROUP:
1087                         if (err = formacl(&sp->dgroups, aclentp))
1088                                 goto error;
1089                         break;
1090                 default:
1091                         break;
1092                 }
1093                 aclentp--;
1094         }
1095         *spp = sp;
1096         return (0);
1097 
1098 error:
1099         ufs_si_free_mem(sp);
1100         return (err);
1101 }
1102 
1103 void
1104 formvsec(int obj_type, ufs_ic_acl_t *aclp, aclent_t **aclentpp)
1105 {
1106         for (; aclp; aclp = aclp->acl_ic_next) {
1107                 (*aclentpp)->a_type = obj_type;
1108                 (*aclentpp)->a_perm = aclp->acl_ic_perm;
1109                 (*aclentpp)->a_id = aclp->acl_ic_who;
1110                 (*aclentpp)++;
1111         }
1112 }
1113 
1114 /*
1115  * XXX - Make more efficient
1116  * Convert from the ufs_acl_entry struct used for in-core storage of acl's
1117  * to the vsecattr struct,  used by the VOP interface.
1118  *
1119  * Parameters:
1120  * sp - Ptr to si struct with the acls
1121  * vsap - Ptr to a vsecattr struct which will take the results.
1122  *
1123  * Returns:     0 - Success
1124  *              N - From errno table
1125  */
1126 static int
1127 aclentry2vsecattr(si_t *sp, vsecattr_t *vsap)
1128 {
1129         aclent_t        *aclentp;
1130         int             numacls = 0;
1131         int             err;
1132 
1133         vsap->vsa_aclentp = vsap->vsa_dfaclentp = NULL;
1134 
1135         numacls = acl_count(sp->aowner) +
1136             acl_count(sp->agroup) +
1137             acl_count(sp->aother) +
1138             acl_count(sp->ausers) +
1139             acl_count(sp->agroups);
1140         if (sp->aclass.acl_ismask)
1141                 numacls++;
1142 
1143         if (vsap->vsa_mask & (VSA_ACLCNT | VSA_ACL))
1144                 vsap->vsa_aclcnt = numacls;
1145 
1146         if (numacls == 0)
1147                 goto do_defaults;
1148 
1149         if (vsap->vsa_mask & VSA_ACL) {
1150                 vsap->vsa_aclentp = kmem_zalloc(numacls * sizeof (aclent_t),
1151                     KM_SLEEP);
1152                 aclentp = vsap->vsa_aclentp;
1153 
1154                 formvsec(USER_OBJ, sp->aowner, &aclentp);
1155                 formvsec(USER, sp->ausers, &aclentp);
1156                 formvsec(GROUP_OBJ, sp->agroup, &aclentp);
1157                 formvsec(GROUP, sp->agroups, &aclentp);
1158                 formvsec(OTHER_OBJ, sp->aother, &aclentp);
1159 
1160                 if (sp->aclass.acl_ismask) {
1161                         aclentp->a_type = CLASS_OBJ;         /* Mask */
1162                         aclentp->a_perm = sp->aclass.acl_maskbits;
1163                         aclentp->a_id = 0;
1164                         aclentp++;
1165                 }
1166 
1167                 /* Sort the acl list */
1168                 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt,
1169                     sizeof (aclent_t), cmp2acls);
1170                 /* Check the acl list */
1171                 if ((err = acl_validate(vsap->vsa_aclentp,
1172                     vsap->vsa_aclcnt, ACL_CHECK)) != 0) {
1173                         kmem_free(vsap->vsa_aclentp,
1174                             numacls * sizeof (aclent_t));
1175                         vsap->vsa_aclentp = NULL;
1176                         return (err);
1177                 }
1178 
1179         }
1180 do_defaults:
1181         /* Process Defaults */
1182 
1183         numacls = acl_count(sp->downer) +
1184             acl_count(sp->dgroup) +
1185             acl_count(sp->dother) +
1186             acl_count(sp->dusers) +
1187             acl_count(sp->dgroups);
1188         if (sp->dclass.acl_ismask)
1189                 numacls++;
1190 
1191         if (vsap->vsa_mask & (VSA_DFACLCNT | VSA_DFACL))
1192                 vsap->vsa_dfaclcnt = numacls;
1193 
1194         if (numacls == 0)
1195                 goto do_others;
1196 
1197         if (vsap->vsa_mask & VSA_DFACL) {
1198                 vsap->vsa_dfaclentp =
1199                     kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP);
1200                 aclentp = vsap->vsa_dfaclentp;
1201                 formvsec(DEF_USER_OBJ, sp->downer, &aclentp);
1202                 formvsec(DEF_USER, sp->dusers, &aclentp);
1203                 formvsec(DEF_GROUP_OBJ, sp->dgroup, &aclentp);
1204                 formvsec(DEF_GROUP, sp->dgroups, &aclentp);
1205                 formvsec(DEF_OTHER_OBJ, sp->dother, &aclentp);
1206 
1207                 if (sp->dclass.acl_ismask) {
1208                         aclentp->a_type = DEF_CLASS_OBJ;     /* Mask */
1209                         aclentp->a_perm = sp->dclass.acl_maskbits;
1210                         aclentp->a_id = 0;
1211                         aclentp++;
1212                 }
1213 
1214                 /* Sort the default acl list */
1215                 ksort((caddr_t)vsap->vsa_dfaclentp, vsap->vsa_dfaclcnt,
1216                     sizeof (aclent_t), cmp2acls);
1217                 if ((err = acl_validate(vsap->vsa_dfaclentp,
1218                     vsap->vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) {
1219                         if (vsap->vsa_aclentp != NULL)
1220                                 kmem_free(vsap->vsa_aclentp,
1221                                     vsap->vsa_aclcnt * sizeof (aclent_t));
1222                         kmem_free(vsap->vsa_dfaclentp,
1223                             vsap->vsa_dfaclcnt * sizeof (aclent_t));
1224                         vsap->vsa_aclentp = vsap->vsa_dfaclentp = NULL;
1225                         return (err);
1226                 }
1227         }
1228 
1229 do_others:
1230         return (0);
1231 }
1232 
1233 static void
1234 acl_free(ufs_ic_acl_t *aclp)
1235 {
1236         while (aclp != NULL) {
1237                 ufs_ic_acl_t *nextaclp = aclp->acl_ic_next;
1238                 kmem_free(aclp, sizeof (ufs_ic_acl_t));
1239                 aclp = nextaclp;
1240         }
1241 }
1242 
1243 /*
1244  * ufs_si_free_mem will discard the sp, and the acl hanging off of the
1245  * sp.  It is required that the sp not be locked, and not be in the
1246  * cache.
1247  *
1248  * input: pointer to sp to discard.
1249  *
1250  * return - nothing.
1251  *
1252  */
1253 static void
1254 ufs_si_free_mem(si_t *sp)
1255 {
1256         ASSERT(!(sp->s_flags & SI_CACHED));
1257         ASSERT(!RW_LOCK_HELD(&sp->s_lock));
1258         /*
1259          *      remove from the cache
1260          *      free the acl entries
1261          */
1262         acl_free(sp->aowner);
1263         acl_free(sp->agroup);
1264         acl_free(sp->aother);
1265         acl_free(sp->ausers);
1266         acl_free(sp->agroups);
1267 
1268         acl_free(sp->downer);
1269         acl_free(sp->dgroup);
1270         acl_free(sp->dother);
1271         acl_free(sp->dusers);
1272         acl_free(sp->dgroups);
1273 
1274         rw_destroy(&sp->s_lock);
1275         kmem_free(sp, sizeof (si_t));
1276 }
1277 
1278 void
1279 acl_cpy(ufs_ic_acl_t *saclp, ufs_ic_acl_t *daclp)
1280 {
1281         ufs_ic_acl_t  *aclp, *prev_aclp = NULL, *aclp1;
1282 
1283         if (saclp == NULL) {
1284                 daclp = NULL;
1285                 return;
1286         }
1287         prev_aclp = daclp;
1288 
1289         for (aclp = saclp; aclp != NULL; aclp = aclp->acl_ic_next) {
1290                 aclp1 = kmem_alloc(sizeof (ufs_ic_acl_t), KM_SLEEP);
1291                 aclp1->acl_ic_next = NULL;
1292                 aclp1->acl_ic_who = aclp->acl_ic_who;
1293                 aclp1->acl_ic_perm = aclp->acl_ic_perm;
1294                 prev_aclp->acl_ic_next = aclp1;
1295                 prev_aclp = (ufs_ic_acl_t *)&aclp1->acl_ic_next;
1296         }
1297 }
1298 
1299 /*
1300  *      ufs_si_inherit takes a parent acl structure (saclp) and the inode
1301  *      of the object that is inheriting an acl and returns the inode
1302  *      with the acl linked to it.  It also writes the acl to disk if
1303  *      it is a unique inode.
1304  *
1305  *      ip - pointer to inode of object inheriting the acl (contents lock)
1306  *      tdp - parent inode (rw_lock and contents lock)
1307  *      mode - creation modes
1308  *      cr - credentials pointer
1309  */
1310 int
1311 ufs_si_inherit(struct inode *ip, struct inode *tdp, o_mode_t mode, cred_t *cr)
1312 {
1313         si_t *tsp, *sp = tdp->i_ufs_acl;
1314         int error;
1315         o_mode_t old_modes, old_uid, old_gid;
1316         int mask;
1317 
1318         ASSERT(RW_WRITE_HELD(&ip->i_contents));
1319         ASSERT(RW_WRITE_HELD(&tdp->i_rwlock));
1320         ASSERT(RW_WRITE_HELD(&tdp->i_contents));
1321 
1322         /*
1323          * if links/symbolic links, or other invalid acl objects are copied
1324          * or moved to a directory with a default acl do not allow inheritance
1325          * just return.
1326          */
1327         if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT))
1328                 return (0);
1329 
1330         /* lock the parent security information */
1331         rw_enter(&sp->s_lock, RW_READER);
1332 
1333         ASSERT(((tdp->i_mode & IFMT) == IFDIR) ||
1334             ((tdp->i_mode & IFMT) == IFATTRDIR));
1335 
1336         mask = ((sp->downer != NULL) ? 1 : 0) |
1337             ((sp->dgroup != NULL) ? 2 : 0) |
1338             ((sp->dother != NULL) ? 4 : 0);
1339 
1340         if (mask == 0) {
1341                 rw_exit(&sp->s_lock);
1342                 return (0);
1343         }
1344 
1345         if (mask != 7) {
1346                 rw_exit(&sp->s_lock);
1347                 return (EINVAL);
1348         }
1349 
1350         tsp = kmem_zalloc(sizeof (si_t), KM_SLEEP);
1351         rw_init(&tsp->s_lock, NULL, RW_DEFAULT, NULL);
1352 
1353         /* copy the default acls */
1354 
1355         ASSERT(RW_READ_HELD(&sp->s_lock));
1356         acl_cpy(sp->downer, (ufs_ic_acl_t *)&tsp->aowner);
1357         acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&tsp->agroup);
1358         acl_cpy(sp->dother, (ufs_ic_acl_t *)&tsp->aother);
1359         acl_cpy(sp->dusers, (ufs_ic_acl_t *)&tsp->ausers);
1360         acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&tsp->agroups);
1361         tsp->aclass.acl_ismask = sp->dclass.acl_ismask;
1362         tsp->aclass.acl_maskbits = sp->dclass.acl_maskbits;
1363 
1364         /*
1365          * set the owner, group, and other values from the master
1366          * inode.
1367          */
1368 
1369         MODE2ACL(tsp->aowner, (mode >> 6), ip->i_uid);
1370         MODE2ACL(tsp->agroup, (mode >> 3), ip->i_gid);
1371         MODE2ACL(tsp->aother, (mode), 0);
1372 
1373         if (tsp->aclass.acl_ismask) {
1374                 tsp->aclass.acl_maskbits &= mode >> 3;
1375         }
1376 
1377 
1378         /* copy default acl if necessary */
1379 
1380         if (((ip->i_mode & IFMT) == IFDIR) ||
1381             ((ip->i_mode & IFMT) == IFATTRDIR)) {
1382                 acl_cpy(sp->downer, (ufs_ic_acl_t *)&tsp->downer);
1383                 acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&tsp->dgroup);
1384                 acl_cpy(sp->dother, (ufs_ic_acl_t *)&tsp->dother);
1385                 acl_cpy(sp->dusers, (ufs_ic_acl_t *)&tsp->dusers);
1386                 acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&tsp->dgroups);
1387                 tsp->dclass.acl_ismask = sp->dclass.acl_ismask;
1388                 tsp->dclass.acl_maskbits = sp->dclass.acl_maskbits;
1389         }
1390         /*
1391          * save the new 9 mode bits in the inode (ip->ic_smode) for
1392          * ufs_getattr.  Be sure the mode can be recovered if the store
1393          * fails.
1394          */
1395         old_modes = ip->i_mode;
1396         old_uid = ip->i_uid;
1397         old_gid = ip->i_gid;
1398         /*
1399          * store the acl, and get back a new security anchor if
1400          * it is a duplicate.
1401          */
1402         rw_exit(&sp->s_lock);
1403         rw_enter(&ip->i_rwlock, RW_WRITER);
1404 
1405         /*
1406          * Suppress out of inodes messages if instructed in the
1407          * tdp inode.
1408          */
1409         ip->i_flag |= tdp->i_flag & IQUIET;
1410 
1411         if ((error = ufs_si_store(ip, tsp, 0, cr)) != 0) {
1412                 ip->i_mode = old_modes;
1413                 ip->i_uid = old_uid;
1414                 ip->i_gid = old_gid;
1415         }
1416         ip->i_flag &= ~IQUIET;
1417         rw_exit(&ip->i_rwlock);
1418         return (error);
1419 }
1420 
1421 si_t *
1422 ufs_acl_cp(si_t *sp)
1423 {
1424 
1425         si_t *dsp;
1426 
1427         ASSERT(RW_READ_HELD(&sp->s_lock));
1428         ASSERT(sp->s_ref && sp->s_use);
1429 
1430         dsp = kmem_zalloc(sizeof (si_t), KM_SLEEP);
1431         rw_init(&dsp->s_lock, NULL, RW_DEFAULT, NULL);
1432 
1433         acl_cpy(sp->aowner, (ufs_ic_acl_t *)&dsp->aowner);
1434         acl_cpy(sp->agroup, (ufs_ic_acl_t *)&dsp->agroup);
1435         acl_cpy(sp->aother, (ufs_ic_acl_t *)&dsp->aother);
1436         acl_cpy(sp->ausers, (ufs_ic_acl_t *)&dsp->ausers);
1437         acl_cpy(sp->agroups, (ufs_ic_acl_t *)&dsp->agroups);
1438 
1439         dsp->aclass.acl_ismask = sp->aclass.acl_ismask;
1440         dsp->aclass.acl_maskbits = sp->aclass.acl_maskbits;
1441 
1442         acl_cpy(sp->downer, (ufs_ic_acl_t *)&dsp->downer);
1443         acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&dsp->dgroup);
1444         acl_cpy(sp->dother, (ufs_ic_acl_t *)&dsp->dother);
1445         acl_cpy(sp->dusers, (ufs_ic_acl_t *)&dsp->dusers);
1446         acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&dsp->dgroups);
1447 
1448         dsp->dclass.acl_ismask = sp->dclass.acl_ismask;
1449         dsp->dclass.acl_maskbits = sp->dclass.acl_maskbits;
1450 
1451         return (dsp);
1452 
1453 }
1454 
1455 int
1456 ufs_acl_setattr(struct inode *ip, struct vattr *vap, cred_t *cr)
1457 {
1458 
1459         si_t *sp;
1460         int mask = vap->va_mask;
1461         int error = 0;
1462 
1463         ASSERT(RW_WRITE_HELD(&ip->i_contents));
1464 
1465         if (!(mask & (AT_MODE|AT_UID|AT_GID)))
1466                 return (0);
1467 
1468         /*
1469          * if no regular acl's, nothing to do, so let's get out
1470          */
1471         if (!(ip->i_ufs_acl) || !(ip->i_ufs_acl->aowner))
1472                 return (0);
1473 
1474         rw_enter(&ip->i_ufs_acl->s_lock, RW_READER);
1475         sp = ufs_acl_cp(ip->i_ufs_acl);
1476         ASSERT(sp != ip->i_ufs_acl);
1477 
1478         /*
1479          * set the mask to the group permissions if a mask entry
1480          * exists.  Otherwise, set the group obj bits to the group
1481          * permissions.  Since non-trivial ACLs always have a mask,
1482          * and the mask is the final arbiter of group permissions,
1483          * setting the mask has the effect of changing the effective
1484          * group permissions, even if the group_obj permissions in
1485          * the ACL aren't changed.  Posix P1003.1e states that when
1486          * an ACL mask exists, chmod(2) must set the acl mask (NOT the
1487          * group_obj permissions) to the requested group permissions.
1488          */
1489         if (mask & AT_MODE) {
1490                 sp->aowner->acl_ic_perm = (o_mode_t)(ip->i_mode & 0700) >> 6;
1491                 if (sp->aclass.acl_ismask)
1492                         sp->aclass.acl_maskbits =
1493                             (o_mode_t)(ip->i_mode & 070) >> 3;
1494                 else
1495                         sp->agroup->acl_ic_perm =
1496                             (o_mode_t)(ip->i_mode & 070) >> 3;
1497                 sp->aother->acl_ic_perm = (o_mode_t)(ip->i_mode & 07);
1498         }
1499 
1500         if (mask & AT_UID) {
1501                 /* Caller has verified our privileges */
1502                 sp->aowner->acl_ic_who = ip->i_uid;
1503         }
1504 
1505         if (mask & AT_GID) {
1506                 sp->agroup->acl_ic_who = ip->i_gid;
1507         }
1508 
1509         rw_exit(&ip->i_ufs_acl->s_lock);
1510         error = ufs_si_store(ip, sp, 0, cr);
1511         return (error);
1512 }
1513 
1514 static int
1515 acl_count(ufs_ic_acl_t *p)
1516 {
1517         ufs_ic_acl_t    *acl;
1518         int             count;
1519 
1520         for (count = 0, acl = p; acl; acl = acl->acl_ic_next, count++)
1521                 ;
1522         return (count);
1523 }
1524 
1525 /*
1526  *      Takes as input a security structure and generates a buffer
1527  *      with fsd's in a form which be written to the shadow inode.
1528  */
1529 static int
1530 ufs_sectobuf(si_t *sp, caddr_t *buf, size_t *len)
1531 {
1532         size_t          acl_size;
1533         size_t          def_acl_size;
1534         caddr_t         buffer;
1535         struct ufs_fsd  *fsdp;
1536         ufs_acl_t       *bufaclp;
1537 
1538         /*
1539          * Calc size of buffer to hold all the acls
1540          */
1541         acl_size = acl_count(sp->aowner) +           /* owner */
1542             acl_count(sp->agroup) +                  /* owner group */
1543             acl_count(sp->aother) +                  /* owner other */
1544             acl_count(sp->ausers) +                  /* acl list */
1545             acl_count(sp->agroups);                  /* group alcs */
1546         if (sp->aclass.acl_ismask)
1547                 acl_size++;
1548 
1549         /* Convert to bytes */
1550         acl_size *= sizeof (ufs_acl_t);
1551 
1552         /* Add fsd header */
1553         if (acl_size)
1554                 acl_size += 2 * sizeof (int);
1555 
1556         /*
1557          * Calc size of buffer to hold all the default acls
1558          */
1559         def_acl_size =
1560             acl_count(sp->downer) +  /* def owner */
1561             acl_count(sp->dgroup) +  /* def owner group */
1562             acl_count(sp->dother) +  /* def owner other */
1563             acl_count(sp->dusers) +  /* def users  */
1564             acl_count(sp->dgroups);  /* def group acls */
1565         if (sp->dclass.acl_ismask)
1566                 def_acl_size++;
1567 
1568         /*
1569          * Convert to bytes
1570          */
1571         def_acl_size *= sizeof (ufs_acl_t);
1572 
1573         /*
1574          * Add fsd header
1575          */
1576         if (def_acl_size)
1577                 def_acl_size += 2 * sizeof (int);
1578 
1579         if (acl_size + def_acl_size == 0)
1580                 return (0);
1581 
1582         buffer = kmem_zalloc((acl_size + def_acl_size), KM_SLEEP);
1583         bufaclp = (ufs_acl_t *)buffer;
1584 
1585         if (acl_size == 0)
1586                 goto wrtdefs;
1587 
1588         /* create fsd and copy acls */
1589         fsdp = (struct ufs_fsd *)bufaclp;
1590         fsdp->fsd_type = FSD_ACL;
1591         bufaclp = (ufs_acl_t *)&fsdp->fsd_data[0];
1592 
1593         ACL_MOVE(sp->aowner, USER_OBJ, bufaclp);
1594         ACL_MOVE(sp->agroup, GROUP_OBJ, bufaclp);
1595         ACL_MOVE(sp->aother, OTHER_OBJ, bufaclp);
1596         ACL_MOVE(sp->ausers, USER, bufaclp);
1597         ACL_MOVE(sp->agroups, GROUP, bufaclp);
1598 
1599         if (sp->aclass.acl_ismask) {
1600                 bufaclp->acl_tag = CLASS_OBJ;
1601                 bufaclp->acl_who = (uid_t)sp->aclass.acl_ismask;
1602                 bufaclp->acl_perm = (o_mode_t)sp->aclass.acl_maskbits;
1603                 bufaclp++;
1604         }
1605         ASSERT(acl_size <= INT_MAX);
1606         fsdp->fsd_size = (int)acl_size;
1607 
1608 wrtdefs:
1609         if (def_acl_size == 0)
1610                 goto alldone;
1611 
1612         /* if defaults exist then create fsd and copy default acls */
1613         fsdp = (struct ufs_fsd *)bufaclp;
1614         fsdp->fsd_type = FSD_DFACL;
1615         bufaclp = (ufs_acl_t *)&fsdp->fsd_data[0];
1616 
1617         ACL_MOVE(sp->downer, DEF_USER_OBJ, bufaclp);
1618         ACL_MOVE(sp->dgroup, DEF_GROUP_OBJ, bufaclp);
1619         ACL_MOVE(sp->dother, DEF_OTHER_OBJ, bufaclp);
1620         ACL_MOVE(sp->dusers, DEF_USER, bufaclp);
1621         ACL_MOVE(sp->dgroups, DEF_GROUP, bufaclp);
1622         if (sp->dclass.acl_ismask) {
1623                 bufaclp->acl_tag = DEF_CLASS_OBJ;
1624                 bufaclp->acl_who = (uid_t)sp->dclass.acl_ismask;
1625                 bufaclp->acl_perm = (o_mode_t)sp->dclass.acl_maskbits;
1626                 bufaclp++;
1627         }
1628         ASSERT(def_acl_size <= INT_MAX);
1629         fsdp->fsd_size = (int)def_acl_size;
1630 
1631 alldone:
1632         *buf = buffer;
1633         *len = acl_size + def_acl_size;
1634 
1635         return (0);
1636 }
1637 
1638 /*
1639  *  free a shadow inode  on disk and in memory
1640  */
1641 int
1642 ufs_si_free(si_t *sp, struct vfs *vfsp, cred_t *cr)
1643 {
1644         struct inode    *sip;
1645         int             shadow;
1646         int             err = 0;
1647         int             refcnt;
1648         int             signature;
1649 
1650         ASSERT(vfsp);
1651         ASSERT(sp);
1652 
1653         rw_enter(&sp->s_lock, RW_READER);
1654         ASSERT(sp->s_shadow <= INT_MAX);
1655         shadow = (int)sp->s_shadow;
1656         ASSERT(sp->s_ref);
1657         rw_exit(&sp->s_lock);
1658 
1659         /*
1660          * Decrement link count on the shadow inode,
1661          * and decrement reference count on the sip.
1662          */
1663         if ((err = ufs_iget_alloced(vfsp, shadow, &sip, cr)) == 0) {
1664                 rw_enter(&sip->i_contents, RW_WRITER);
1665                 rw_enter(&sp->s_lock, RW_WRITER);
1666                 ASSERT(sp->s_shadow == shadow);
1667                 ASSERT(sip->i_dquot == 0);
1668                 /* Decrement link count */
1669                 ASSERT(sip->i_nlink > 0);
1670                 /*
1671                  * bug #1264710 assertion failure below
1672                  */
1673                 sp->s_use = --sip->i_nlink;
1674                 ufs_setreclaim(sip);
1675                 TRANS_INODE(sip->i_ufsvfs, sip);
1676                 sip->i_flag |= ICHG | IMOD;
1677                 sip->i_seq++;
1678                 ITIMES_NOLOCK(sip);
1679                 /* Dec ref counts on si referenced by this ip */
1680                 refcnt = --sp->s_ref;
1681                 signature = sp->s_signature;
1682                 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use);
1683                 /*
1684                  * Release s_lock before calling VN_RELE
1685                  * (which may want to acquire i_contents).
1686                  */
1687                 rw_exit(&sp->s_lock);
1688                 rw_exit(&sip->i_contents);
1689                 VN_RELE(ITOV(sip));
1690         } else {
1691                 rw_enter(&sp->s_lock, RW_WRITER);
1692                 /* Dec ref counts on si referenced by this ip */
1693                 refcnt = --sp->s_ref;
1694                 signature = sp->s_signature;
1695                 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use);
1696                 rw_exit(&sp->s_lock);
1697         }
1698 
1699         if (refcnt == 0)
1700                 si_cache_del(sp, signature);
1701         return (err);
1702 }
1703 
1704 /*
1705  * Seach the si cache for an si structure by inode #.
1706  * Returns a locked si structure.
1707  *
1708  * Parameters:
1709  * ip - Ptr to an inode on this fs
1710  * spp - Ptr to ptr to si struct for the results, if found.
1711  *
1712  * Returns:     0 - Success (results in spp)
1713  *              1 - Failure (spp undefined)
1714  */
1715 static int
1716 si_cachei_get(struct inode *ip, si_t **spp)
1717 {
1718         si_t    *sp;
1719 
1720         rw_enter(&si_cache_lock, RW_READER);
1721 loop:
1722         for (sp = si_cachei[SI_HASH(ip->i_shadow)]; sp; sp = sp->s_forw)
1723                 if (sp->s_shadow == ip->i_shadow && sp->s_dev == ip->i_dev)
1724                         break;
1725 
1726         if (sp == NULL) {
1727                 /* Not in cache */
1728                 rw_exit(&si_cache_lock);
1729                 return (1);
1730         }
1731         /* Found it */
1732         rw_enter(&sp->s_lock, RW_WRITER);
1733 alldone:
1734         rw_exit(&si_cache_lock);
1735         *spp = sp;
1736         return (0);
1737 }
1738 
1739 /*
1740  * Seach the si cache by si structure (ie duplicate of the one passed in).
1741  * In order for a match the signatures must be the same and
1742  * the devices must be the same, the acls must match and
1743  * link count of the cached shadow must be less than the
1744  * size of ic_nlink - 1.  MAXLINK - 1 is used to allow the count
1745  * to be incremented one more time by the caller.
1746  * Returns a locked si structure.
1747  *
1748  * Parameters:
1749  * ip - Ptr to an inode on this fs
1750  * spi - Ptr to si the struct we're searching the cache for.
1751  * spp - Ptr to ptr to si struct for the results, if found.
1752  *
1753  * Returns:     0 - Success (results in spp)
1754  *              1 - Failure (spp undefined)
1755  */
1756 static int
1757 si_cachea_get(struct inode *ip, si_t *spi, si_t **spp)
1758 {
1759         si_t    *sp;
1760 
1761         spi->s_dev = ip->i_dev;
1762         spi->s_signature = si_signature(spi);
1763         rw_enter(&si_cache_lock, RW_READER);
1764 loop:
1765         for (sp = si_cachea[SI_HASH(spi->s_signature)]; sp; sp = sp->s_next) {
1766                 if (sp->s_signature == spi->s_signature &&
1767                     sp->s_dev == spi->s_dev &&
1768                     sp->s_use > 0 &&                      /* deleting */
1769                     sp->s_use <= (MAXLINK - 1) && /* Too many links */
1770                     !si_cmp(sp, spi))
1771                         break;
1772         }
1773 
1774         if (sp == NULL) {
1775                 /* Cache miss */
1776                 rw_exit(&si_cache_lock);
1777                 return (1);
1778         }
1779         /* Found it */
1780         rw_enter(&sp->s_lock, RW_WRITER);
1781 alldone:
1782         spi->s_shadow = sp->s_shadow; /* XXX For debugging */
1783         rw_exit(&si_cache_lock);
1784         *spp = sp;
1785         return (0);
1786 }
1787 
1788 /*
1789  * Place an si structure in the si cache.  May cause duplicates.
1790  *
1791  * Parameters:
1792  * sp - Ptr to the si struct to add to the cache.
1793  *
1794  * Returns: Nothing (void)
1795  */
1796 static void
1797 si_cache_put(si_t *sp)
1798 {
1799         si_t    **tspp;
1800 
1801         ASSERT(sp->s_fore == NULL);
1802         rw_enter(&si_cache_lock, RW_WRITER);
1803         if (!sp->s_signature)
1804                 sp->s_signature = si_signature(sp);
1805         sp->s_flags |= SI_CACHED;
1806         sp->s_fore = NULL;
1807 
1808         /* The 'by acl' chains */
1809         tspp = &si_cachea[SI_HASH(sp->s_signature)];
1810         sp->s_next = *tspp;
1811         *tspp = sp;
1812 
1813         /* The 'by inode' chains */
1814         tspp = &si_cachei[SI_HASH(sp->s_shadow)];
1815         sp->s_forw = *tspp;
1816         *tspp = sp;
1817 
1818         rw_exit(&si_cache_lock);
1819 }
1820 
1821 /*
1822  * The sp passed in is a candidate for deletion from the cache.  We acquire
1823  * the cache lock first, so no cache searches can be done.  Then we search
1824  * for the acl in the cache, and if we find it we can lock it and check that
1825  * nobody else attached to it while we were acquiring the locks.  If the acl
1826  * is in the cache and still has a zero reference count, then we remove it
1827  * from the cache and deallocate it.  If the reference count is non-zero or
1828  * it is not found in the cache, then someone else attached to it or has
1829  * already freed it, so we just return.
1830  *
1831  * Parameters:
1832  * sp - Ptr to the sp struct which is the candicate for deletion.
1833  * signature - the signature for the acl for lookup in the hash table
1834  *
1835  * Returns: Nothing (void)
1836  */
1837 void
1838 si_cache_del(si_t *sp, int signature)
1839 {
1840         si_t    **tspp;
1841         int     hash;
1842         int     foundacl = 0;
1843 
1844         /*
1845          * Unlink & free the sp from the other queues, then destroy it.
1846          * Search the 'by acl' chain first, then the 'by inode' chain
1847          * after the acl is locked.
1848          */
1849         rw_enter(&si_cache_lock, RW_WRITER);
1850         hash = SI_HASH(signature);
1851         for (tspp = &si_cachea[hash]; *tspp; tspp = &(*tspp)->s_next) {
1852                 if (*tspp == sp) {
1853                         /*
1854                          * Wait to grab the acl lock until after the acl has
1855                          * been found in the cache.  Otherwise it might try to
1856                          * grab a lock that has already been destroyed, or
1857                          * delete an acl that has already been freed.
1858                          */
1859                         rw_enter(&sp->s_lock, RW_WRITER);
1860                         /* See if someone else attached to it */
1861                         if (sp->s_ref) {
1862                                 rw_exit(&sp->s_lock);
1863                                 rw_exit(&si_cache_lock);
1864                                 return;
1865                         }
1866                         ASSERT(sp->s_fore == NULL);
1867                         ASSERT(sp->s_flags & SI_CACHED);
1868                         foundacl = 1;
1869                         *tspp = sp->s_next;
1870                         break;
1871                 }
1872         }
1873 
1874         /*
1875          * If the acl was not in the cache, we assume another thread has
1876          * deleted it already. This could happen if another thread attaches to
1877          * the acl and then releases it after this thread has already found the
1878          * reference count to be zero but has not yet taken the cache lock.
1879          * Both threads end up seeing a reference count of zero, and call into
1880          * si_cache_del.  See bug 4244827 for details on the race condition.
1881          */
1882         if (foundacl == 0) {
1883                 rw_exit(&si_cache_lock);
1884                 return;
1885         }
1886 
1887         /* Now check the 'by inode' chain */
1888         hash = SI_HASH(sp->s_shadow);
1889         for (tspp = &si_cachei[hash]; *tspp; tspp = &(*tspp)->s_forw) {
1890                 if (*tspp == sp) {
1891                         *tspp = sp->s_forw;
1892                         break;
1893                 }
1894         }
1895 
1896         /*
1897          * At this point, we can unlock everything because this si
1898          * is no longer in the cache, thus cannot be attached to.
1899          */
1900         rw_exit(&sp->s_lock);
1901         rw_exit(&si_cache_lock);
1902         sp->s_flags &= ~SI_CACHED;
1903         (void) ufs_si_free_mem(sp);
1904 }
1905 
1906 /*
1907  * Alloc the hash buckets for the si cache & initialize
1908  * the unreferenced anchor and the cache lock.
1909  */
1910 void
1911 si_cache_init(void)
1912 {
1913         rw_init(&si_cache_lock, NULL, RW_DEFAULT, NULL);
1914 
1915         /* The 'by acl' headers */
1916         si_cachea = kmem_zalloc(si_cachecnt * sizeof (si_t *), KM_SLEEP);
1917         /* The 'by inode' headers */
1918         si_cachei = kmem_zalloc(si_cachecnt * sizeof (si_t *), KM_SLEEP);
1919 }
1920 
1921 /*
1922  *  aclcksum takes an acl and generates a checksum.  It takes as input
1923  *  the acl to start at.
1924  *
1925  *  s_aclp - pointer to starting acl
1926  *
1927  *  returns checksum
1928  */
1929 static int
1930 aclcksum(ufs_ic_acl_t *s_aclp)
1931 {
1932         ufs_ic_acl_t *aclp;
1933         int signature = 0;
1934         for (aclp = s_aclp; aclp; aclp = aclp->acl_ic_next) {
1935                 signature += aclp->acl_ic_perm;
1936                 signature += aclp->acl_ic_who;
1937         }
1938         return (signature);
1939 }
1940 
1941 /*
1942  * Generate a unique signature for an si structure.  Used by the
1943  * search routine si_cachea_get() to quickly identify candidates
1944  * prior to calling si_cmp().
1945  * Parameters:
1946  * sp - Ptr to the si struct to generate the signature for.
1947  *
1948  * Returns:  A signature for the si struct (really a checksum)
1949  */
1950 static int
1951 si_signature(si_t *sp)
1952 {
1953         int signature = sp->s_dev;
1954 
1955         signature += aclcksum(sp->aowner) + aclcksum(sp->agroup) +
1956             aclcksum(sp->aother) + aclcksum(sp->ausers) +
1957             aclcksum(sp->agroups) + aclcksum(sp->downer) +
1958             aclcksum(sp->dgroup) + aclcksum(sp->dother) +
1959             aclcksum(sp->dusers) + aclcksum(sp->dgroups);
1960         if (sp->aclass.acl_ismask)
1961                 signature += sp->aclass.acl_maskbits;
1962         if (sp->dclass.acl_ismask)
1963                 signature += sp->dclass.acl_maskbits;
1964 
1965         return (signature);
1966 }
1967 
1968 /*
1969  * aclcmp compares to acls to see if they are identical.
1970  *
1971  * sp1 is source
1972  * sp2 is sourceb
1973  *
1974  * returns 0 if equal and 1 if not equal
1975  */
1976 static int
1977 aclcmp(ufs_ic_acl_t *aclin1p, ufs_ic_acl_t *aclin2p)
1978 {
1979         ufs_ic_acl_t *aclp1;
1980         ufs_ic_acl_t *aclp2;
1981 
1982         /*
1983          * if the starting pointers are equal then they are equal so
1984          * just return.
1985          */
1986         if (aclin1p == aclin2p)
1987                 return (0);
1988         /*
1989          * check element by element
1990          */
1991         for (aclp1 = aclin1p, aclp2 = aclin2p; aclp1 && aclp2;
1992             aclp1 = aclp1->acl_ic_next, aclp2 = aclp2->acl_ic_next) {
1993                 if (aclp1->acl_ic_perm != aclp2->acl_ic_perm ||
1994                     aclp1->acl_ic_who != aclp2->acl_ic_who)
1995                         return (1);
1996         }
1997         /*
1998          * both must be zero (at the end of the acl)
1999          */
2000         if (aclp1 || aclp2)
2001                 return (1);
2002 
2003         return (0);
2004 }
2005 
2006 /*
2007  * Do extensive, field-by-field compare of two si structures.  Returns
2008  * 0 if they are exactly identical, 1 otherwise.
2009  *
2010  * Paramters:
2011  * sp1 - Ptr to 1st si struct
2012  * sp2 - Ptr to 2nd si struct
2013  *
2014  * Returns:
2015  *              0 - Not identical
2016  *              1 - Identical
2017  */
2018 static int
2019 si_cmp(si_t *sp1, si_t *sp2)
2020 {
2021         if (sp1->s_dev != sp2->s_dev)
2022                 return (1);
2023         if (aclcmp(sp1->aowner, sp2->aowner) ||
2024             aclcmp(sp1->agroup, sp2->agroup) ||
2025             aclcmp(sp1->aother, sp2->aother) ||
2026             aclcmp(sp1->ausers, sp2->ausers) ||
2027             aclcmp(sp1->agroups, sp2->agroups) ||
2028             aclcmp(sp1->downer, sp2->downer) ||
2029             aclcmp(sp1->dgroup, sp2->dgroup) ||
2030             aclcmp(sp1->dother, sp2->dother) ||
2031             aclcmp(sp1->dusers, sp2->dusers) ||
2032             aclcmp(sp1->dgroups, sp2->dgroups))
2033                 return (1);
2034         if (sp1->aclass.acl_ismask != sp2->aclass.acl_ismask)
2035                 return (1);
2036         if (sp1->dclass.acl_ismask != sp2->dclass.acl_ismask)
2037                 return (1);
2038         if (sp1->aclass.acl_ismask &&
2039             sp1->aclass.acl_maskbits != sp2->aclass.acl_maskbits)
2040                 return (1);
2041         if (sp1->dclass.acl_ismask &&
2042             sp1->dclass.acl_maskbits != sp2->dclass.acl_maskbits)
2043                 return (1);
2044 
2045         return (0);
2046 }
2047 
2048 /*
2049  * Remove all acls associated with a device.  All acls must have
2050  * a reference count of zero.
2051  *
2052  * inputs:
2053  *      device - device to remove from the cache
2054  *
2055  * outputs:
2056  *      none
2057  */
2058 void
2059 ufs_si_cache_flush(dev_t dev)
2060 {
2061         si_t *tsp, **tspp;
2062         int i;
2063 
2064         rw_enter(&si_cache_lock, RW_WRITER);
2065         for (i = 0; i < si_cachecnt; i++) {
2066                 tspp = &si_cachea[i];
2067                 while (*tspp) {
2068                         if ((*tspp)->s_dev == dev) {
2069                                 *tspp = (*tspp)->s_next;
2070                         } else {
2071                                 tspp = &(*tspp)->s_next;
2072                         }
2073                 }
2074         }
2075         for (i = 0; i < si_cachecnt; i++) {
2076                 tspp = &si_cachei[i];
2077                 while (*tspp) {
2078                         if ((*tspp)->s_dev == dev) {
2079                                 tsp = *tspp;
2080                                 *tspp = (*tspp)->s_forw;
2081                                 tsp->s_flags &= ~SI_CACHED;
2082                                 ufs_si_free_mem(tsp);
2083                         } else {
2084                                 tspp = &(*tspp)->s_forw;
2085                         }
2086                 }
2087         }
2088         rw_exit(&si_cache_lock);
2089 }
2090 
2091 /*
2092  * ufs_si_del is used to unhook a sp from a inode in memory
2093  *
2094  * ip is the inode to remove the sp from.
2095  */
2096 void
2097 ufs_si_del(struct inode *ip)
2098 {
2099         si_t    *sp = ip->i_ufs_acl;
2100         int     refcnt;
2101         int     signature;
2102 
2103         if (sp) {
2104                 rw_enter(&sp->s_lock, RW_WRITER);
2105                 refcnt = --sp->s_ref;
2106                 signature = sp->s_signature;
2107                 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use);
2108                 rw_exit(&sp->s_lock);
2109                 if (refcnt == 0)
2110                         si_cache_del(sp, signature);
2111                 ip->i_ufs_acl = NULL;
2112         }
2113 }