From 4704be2879e660c0128839f466eaeb61c6c19136 Mon Sep 17 00:00:00 2001 From: Ryan Moeller Date: Tue, 11 May 2021 01:02:25 -0400 Subject: [PATCH] Remove unimplemented virus scanning hooks Reviewed-by: Adam Moss Reviewed-by: Brian Behlendorf Reviewed-by: Igor Kozhukhov Signed-off-by: Ryan Moeller Closes #11972 --- include/os/freebsd/spl/sys/vfs.h | 2 -- include/os/freebsd/zfs/sys/zfs_vfsops_os.h | 1 - include/os/linux/zfs/sys/zfs_vfsops_os.h | 1 - man/man8/zfsprops.8 | 2 +- module/os/freebsd/zfs/zfs_vfsops.c | 10 --------- module/os/freebsd/zfs/zfs_vnops_os.c | 14 ------------ module/os/linux/zfs/zfs_vfsops.c | 8 ------- module/os/linux/zfs/zfs_vnops_os.c | 25 ---------------------- 8 files changed, 1 insertion(+), 62 deletions(-) diff --git a/include/os/freebsd/spl/sys/vfs.h b/include/os/freebsd/spl/sys/vfs.h index a432f6c567..22d57cc473 100644 --- a/include/os/freebsd/spl/sys/vfs.h +++ b/include/os/freebsd/spl/sys/vfs.h @@ -55,8 +55,6 @@ typedef int umode_t; #define VFS_NOSETUID MNT_NOSUID #define VFS_NOEXEC MNT_NOEXEC -#define fs_vscan(vp, cr, async) (0) - #define VROOT VV_ROOT #define XU_NGROUPS 16 diff --git a/include/os/freebsd/zfs/sys/zfs_vfsops_os.h b/include/os/freebsd/zfs/sys/zfs_vfsops_os.h index a263b48f75..ccbbf4f732 100644 --- a/include/os/freebsd/zfs/sys/zfs_vfsops_os.h +++ b/include/os/freebsd/zfs/sys/zfs_vfsops_os.h @@ -98,7 +98,6 @@ struct zfsvfs { struct zfsctl_root *z_ctldir; /* .zfs directory pointer */ boolean_t z_show_ctldir; /* expose .zfs in the root dir */ boolean_t z_issnap; /* true if this is a snapshot */ - boolean_t z_vscan; /* virus scan on/off */ boolean_t z_use_fuids; /* version allows fuids */ boolean_t z_replay; /* set during ZIL replay */ boolean_t z_use_sa; /* version allow system attributes */ diff --git a/include/os/linux/zfs/sys/zfs_vfsops_os.h b/include/os/linux/zfs/sys/zfs_vfsops_os.h index 7b4a1aac9a..8e03ae99a7 100644 --- a/include/os/linux/zfs/sys/zfs_vfsops_os.h +++ b/include/os/linux/zfs/sys/zfs_vfsops_os.h @@ -113,7 +113,6 @@ struct zfsvfs { struct inode *z_ctldir; /* .zfs directory inode */ boolean_t z_show_ctldir; /* expose .zfs in the root dir */ boolean_t z_issnap; /* true if this is a snapshot */ - boolean_t z_vscan; /* virus scan on/off */ boolean_t z_use_fuids; /* version allows fuids */ boolean_t z_replay; /* set during ZIL replay */ boolean_t z_use_sa; /* version allow system attributes */ diff --git a/man/man8/zfsprops.8 b/man/man8/zfsprops.8 index ec7d5d2787..9ae77e7bfe 100644 --- a/man/man8/zfsprops.8 +++ b/man/man8/zfsprops.8 @@ -1775,7 +1775,7 @@ In addition to enabling this property, the virus scan service must also be enabled for virus scanning to occur. The default value is .Sy off . -This property is not used on Linux. +This property is not used by OpenZFS. .It Sy xattr Ns = Ns Sy on Ns | Ns Sy off Ns | Ns Sy sa Controls whether extended attributes are enabled for this file system. Two styles of extended attributes are supported either directory based or system diff --git a/module/os/freebsd/zfs/zfs_vfsops.c b/module/os/freebsd/zfs/zfs_vfsops.c index bbf2d95557..8aba11f3f7 100644 --- a/module/os/freebsd/zfs/zfs_vfsops.c +++ b/module/os/freebsd/zfs/zfs_vfsops.c @@ -569,14 +569,6 @@ snapdir_changed_cb(void *arg, uint64_t newval) zfsvfs->z_show_ctldir = newval; } -static void -vscan_changed_cb(void *arg, uint64_t newval) -{ - zfsvfs_t *zfsvfs = arg; - - zfsvfs->z_vscan = newval; -} - static void acl_mode_changed_cb(void *arg, uint64_t newval) { @@ -738,8 +730,6 @@ zfs_register_callbacks(vfs_t *vfsp) error = error ? error : dsl_prop_register(ds, zfs_prop_to_name(ZFS_PROP_ACLINHERIT), acl_inherit_changed_cb, zfsvfs); - error = error ? error : dsl_prop_register(ds, - zfs_prop_to_name(ZFS_PROP_VSCAN), vscan_changed_cb, zfsvfs); dsl_pool_config_exit(dmu_objset_pool(os), FTAG); if (error) goto unregister; diff --git a/module/os/freebsd/zfs/zfs_vnops_os.c b/module/os/freebsd/zfs/zfs_vnops_os.c index 70aebc125d..1214f8a2b6 100644 --- a/module/os/freebsd/zfs/zfs_vnops_os.c +++ b/module/os/freebsd/zfs/zfs_vnops_os.c @@ -231,15 +231,6 @@ zfs_open(vnode_t **vpp, int flag, cred_t *cr) return (SET_ERROR(EPERM)); } - if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan && - ZTOV(zp)->v_type == VREG && - !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) { - if (fs_vscan(*vpp, cr, 0) != 0) { - ZFS_EXIT(zfsvfs); - return (SET_ERROR(EACCES)); - } - } - /* Keep a count of the synchronous opens in the znode */ if (flag & (FSYNC | FDSYNC)) atomic_inc_32(&zp->z_sync_cnt); @@ -262,11 +253,6 @@ zfs_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr) if ((flag & (FSYNC | FDSYNC)) && (count == 1)) atomic_dec_32(&zp->z_sync_cnt); - if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan && - ZTOV(zp)->v_type == VREG && - !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) - VERIFY0(fs_vscan(vp, cr, 1)); - ZFS_EXIT(zfsvfs); return (0); } diff --git a/module/os/linux/zfs/zfs_vfsops.c b/module/os/linux/zfs/zfs_vfsops.c index 5d672af0e8..ff0b0d9df8 100644 --- a/module/os/linux/zfs/zfs_vfsops.c +++ b/module/os/linux/zfs/zfs_vfsops.c @@ -433,12 +433,6 @@ snapdir_changed_cb(void *arg, uint64_t newval) ((zfsvfs_t *)arg)->z_show_ctldir = newval; } -static void -vscan_changed_cb(void *arg, uint64_t newval) -{ - ((zfsvfs_t *)arg)->z_vscan = newval; -} - static void acl_mode_changed_cb(void *arg, uint64_t newval) { @@ -511,8 +505,6 @@ zfs_register_callbacks(vfs_t *vfsp) error = error ? error : dsl_prop_register(ds, zfs_prop_to_name(ZFS_PROP_ACLINHERIT), acl_inherit_changed_cb, zfsvfs); - error = error ? error : dsl_prop_register(ds, - zfs_prop_to_name(ZFS_PROP_VSCAN), vscan_changed_cb, zfsvfs); error = error ? error : dsl_prop_register(ds, zfs_prop_to_name(ZFS_PROP_NBMAND), nbmand_changed_cb, zfsvfs); dsl_pool_config_exit(dmu_objset_pool(os), FTAG); diff --git a/module/os/linux/zfs/zfs_vnops_os.c b/module/os/linux/zfs/zfs_vnops_os.c index 6f3faab04f..24c016c5fc 100644 --- a/module/os/linux/zfs/zfs_vnops_os.c +++ b/module/os/linux/zfs/zfs_vnops_os.c @@ -175,18 +175,6 @@ * return (error); // done, report error */ -/* - * Virus scanning is unsupported. It would be possible to add a hook - * here to performance the required virus scan. This could be done - * entirely in the kernel or potentially as an update to invoke a - * scanning utility. - */ -static int -zfs_vscan(struct inode *ip, cred_t *cr, int async) -{ - return (0); -} - /* ARGSUSED */ int zfs_open(struct inode *ip, int mode, int flag, cred_t *cr) @@ -204,15 +192,6 @@ zfs_open(struct inode *ip, int mode, int flag, cred_t *cr) return (SET_ERROR(EPERM)); } - /* Virus scan eligible files on open */ - if (!zfs_has_ctldir(zp) && zfsvfs->z_vscan && S_ISREG(ip->i_mode) && - !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) { - if (zfs_vscan(ip, cr, 0) != 0) { - ZFS_EXIT(zfsvfs); - return (SET_ERROR(EACCES)); - } - } - /* Keep a count of the synchronous opens in the znode */ if (flag & O_SYNC) atomic_inc_32(&zp->z_sync_cnt); @@ -235,10 +214,6 @@ zfs_close(struct inode *ip, int flag, cred_t *cr) if (flag & O_SYNC) atomic_dec_32(&zp->z_sync_cnt); - if (!zfs_has_ctldir(zp) && zfsvfs->z_vscan && S_ISREG(ip->i_mode) && - !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) - VERIFY(zfs_vscan(ip, cr, 1) == 0); - ZFS_EXIT(zfsvfs); return (0); }