summaryrefslogtreecommitdiff
path: root/fs/posix_acl.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/posix_acl.c')
-rw-r--r--fs/posix_acl.c198
1 files changed, 114 insertions, 84 deletions
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index d7bc81fc0840..768f027c1428 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -26,8 +26,8 @@
#include <linux/mnt_idmapping.h>
#include <linux/iversion.h>
#include <linux/security.h>
-#include <linux/evm.h>
#include <linux/fsnotify.h>
+#include <linux/filelock.h>
#include "internal.h"
@@ -111,7 +111,7 @@ void forget_all_cached_acls(struct inode *inode)
}
EXPORT_SYMBOL(forget_all_cached_acls);
-static struct posix_acl *__get_acl(struct user_namespace *mnt_userns,
+static struct posix_acl *__get_acl(struct mnt_idmap *idmap,
struct dentry *dentry, struct inode *inode,
int type)
{
@@ -154,7 +154,7 @@ static struct posix_acl *__get_acl(struct user_namespace *mnt_userns,
* we'll just create the negative cache entry.
*/
if (dentry && inode->i_op->get_acl) {
- acl = inode->i_op->get_acl(mnt_userns, dentry, type);
+ acl = inode->i_op->get_acl(idmap, dentry, type);
} else if (inode->i_op->get_inode_acl) {
acl = inode->i_op->get_inode_acl(inode, type, false);
} else {
@@ -174,14 +174,14 @@ static struct posix_acl *__get_acl(struct user_namespace *mnt_userns,
* Cache the result, but only if our sentinel is still in place.
*/
posix_acl_dup(acl);
- if (unlikely(cmpxchg(p, sentinel, acl) != sentinel))
+ if (unlikely(!try_cmpxchg(p, &sentinel, acl)))
posix_acl_release(acl);
return acl;
}
struct posix_acl *get_inode_acl(struct inode *inode, int type)
{
- return __get_acl(&init_user_ns, NULL, inode, type);
+ return __get_acl(&nop_mnt_idmap, NULL, inode, type);
}
EXPORT_SYMBOL(get_inode_acl);
@@ -200,11 +200,11 @@ EXPORT_SYMBOL(posix_acl_init);
* Allocate a new ACL with the specified number of entries.
*/
struct posix_acl *
-posix_acl_alloc(int count, gfp_t flags)
+posix_acl_alloc(unsigned int count, gfp_t flags)
{
- const size_t size = sizeof(struct posix_acl) +
- count * sizeof(struct posix_acl_entry);
- struct posix_acl *acl = kmalloc(size, flags);
+ struct posix_acl *acl;
+
+ acl = kmalloc(struct_size(acl, a_entries, count), flags);
if (acl)
posix_acl_init(acl, count);
return acl;
@@ -220,9 +220,8 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
struct posix_acl *clone = NULL;
if (acl) {
- int size = sizeof(struct posix_acl) + acl->a_count *
- sizeof(struct posix_acl_entry);
- clone = kmemdup(acl, size, flags);
+ clone = kmemdup(acl, struct_size(acl, a_entries, acl->a_count),
+ flags);
if (clone)
refcount_set(&clone->a_refcount, 1);
}
@@ -372,7 +371,7 @@ EXPORT_SYMBOL(posix_acl_from_mode);
* by the acl. Returns -E... otherwise.
*/
int
-posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
+posix_acl_permission(struct mnt_idmap *idmap, struct inode *inode,
const struct posix_acl *acl, int want)
{
const struct posix_acl_entry *pa, *pe, *mask_obj;
@@ -387,18 +386,18 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
switch(pa->e_tag) {
case ACL_USER_OBJ:
/* (May have been checked already) */
- vfsuid = i_uid_into_vfsuid(mnt_userns, inode);
+ vfsuid = i_uid_into_vfsuid(idmap, inode);
if (vfsuid_eq_kuid(vfsuid, current_fsuid()))
goto check_perm;
break;
case ACL_USER:
- vfsuid = make_vfsuid(mnt_userns, fs_userns,
+ vfsuid = make_vfsuid(idmap, fs_userns,
pa->e_uid);
if (vfsuid_eq_kuid(vfsuid, current_fsuid()))
goto mask;
break;
case ACL_GROUP_OBJ:
- vfsgid = i_gid_into_vfsgid(mnt_userns, inode);
+ vfsgid = i_gid_into_vfsgid(idmap, inode);
if (vfsgid_in_group_p(vfsgid)) {
found = 1;
if ((pa->e_perm & want) == want)
@@ -406,7 +405,7 @@ posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
}
break;
case ACL_GROUP:
- vfsgid = make_vfsgid(mnt_userns, fs_userns,
+ vfsgid = make_vfsgid(idmap, fs_userns,
pa->e_gid);
if (vfsgid_in_group_p(vfsgid)) {
found = 1;
@@ -591,18 +590,18 @@ EXPORT_SYMBOL(__posix_acl_chmod);
/**
* posix_acl_chmod - chmod a posix acl
*
- * @mnt_userns: user namespace of the mount @inode was found from
+ * @idmap: idmap of the mount @inode was found from
* @dentry: dentry to check permissions on
* @mode: the new mode of @inode
*
- * If the dentry has been found through an idmapped mount the user namespace of
- * the vfsmount must be passed through @mnt_userns. This function will then
- * take care to map the inode according to @mnt_userns before checking
+ * If the dentry has been found through an idmapped mount the idmap of
+ * the vfsmount must be passed through @idmap. This function will then
+ * take care to map the inode according to @idmap before checking
* permissions. On non-idmapped mounts or if permission checking is to be
- * performed on the raw inode simply passs init_user_ns.
+ * performed on the raw inode simply pass @nop_mnt_idmap.
*/
int
- posix_acl_chmod(struct user_namespace *mnt_userns, struct dentry *dentry,
+ posix_acl_chmod(struct mnt_idmap *idmap, struct dentry *dentry,
umode_t mode)
{
struct inode *inode = d_inode(dentry);
@@ -624,7 +623,7 @@ int
ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode);
if (ret)
return ret;
- ret = inode->i_op->set_acl(mnt_userns, dentry, acl, ACL_TYPE_ACCESS);
+ ret = inode->i_op->set_acl(idmap, dentry, acl, ACL_TYPE_ACCESS);
posix_acl_release(acl);
return ret;
}
@@ -683,7 +682,7 @@ EXPORT_SYMBOL_GPL(posix_acl_create);
/**
* posix_acl_update_mode - update mode in set_acl
- * @mnt_userns: user namespace of the mount @inode was found from
+ * @idmap: idmap of the mount @inode was found from
* @inode: target inode
* @mode_p: mode (pointer) for update
* @acl: acl pointer
@@ -695,15 +694,15 @@ EXPORT_SYMBOL_GPL(posix_acl_create);
* As with chmod, clear the setgid bit if the caller is not in the owning group
* or capable of CAP_FSETID (see inode_change_ok).
*
- * If the inode has been found through an idmapped mount the user namespace of
- * the vfsmount must be passed through @mnt_userns. This function will then
- * take care to map the inode according to @mnt_userns before checking
+ * If the inode has been found through an idmapped mount the idmap of
+ * the vfsmount must be passed through @idmap. This function will then
+ * take care to map the inode according to @idmap before checking
* permissions. On non-idmapped mounts or if permission checking is to be
- * performed on the raw inode simply passs init_user_ns.
+ * performed on the raw inode simply pass @nop_mnt_idmap.
*
* Called from set_acl inode operations.
*/
-int posix_acl_update_mode(struct user_namespace *mnt_userns,
+int posix_acl_update_mode(struct mnt_idmap *idmap,
struct inode *inode, umode_t *mode_p,
struct posix_acl **acl)
{
@@ -715,8 +714,8 @@ int posix_acl_update_mode(struct user_namespace *mnt_userns,
return error;
if (error == 0)
*acl = NULL;
- if (!vfsgid_in_group_p(i_gid_into_vfsgid(mnt_userns, inode)) &&
- !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
+ if (!in_group_or_capable(idmap, inode,
+ i_gid_into_vfsgid(idmap, inode)))
mode &= ~S_ISGID;
*mode_p = mode;
return 0;
@@ -785,12 +784,12 @@ struct posix_acl *posix_acl_from_xattr(struct user_namespace *userns,
return ERR_PTR(count);
if (count == 0)
return NULL;
-
+
acl = posix_acl_alloc(count, GFP_NOFS);
if (!acl)
return ERR_PTR(-ENOMEM);
acl_e = acl->a_entries;
-
+
for (end = entry + count; entry != end; acl_e++, entry++) {
acl_e->e_tag = le16_to_cpu(entry->e_tag);
acl_e->e_perm = le16_to_cpu(entry->e_perm);
@@ -893,7 +892,6 @@ static ssize_t vfs_posix_acl_to_xattr(struct mnt_idmap *idmap,
struct posix_acl_xattr_header *ext_acl = buffer;
struct posix_acl_xattr_entry *ext_entry;
struct user_namespace *fs_userns, *caller_userns;
- struct user_namespace *mnt_userns;
ssize_t real_size, n;
vfsuid_t vfsuid;
vfsgid_t vfsgid;
@@ -909,19 +907,18 @@ static ssize_t vfs_posix_acl_to_xattr(struct mnt_idmap *idmap,
fs_userns = i_user_ns(inode);
caller_userns = current_user_ns();
- mnt_userns = mnt_idmap_owner(idmap);
for (n=0; n < acl->a_count; n++, ext_entry++) {
const struct posix_acl_entry *acl_e = &acl->a_entries[n];
ext_entry->e_tag = cpu_to_le16(acl_e->e_tag);
ext_entry->e_perm = cpu_to_le16(acl_e->e_perm);
switch(acl_e->e_tag) {
case ACL_USER:
- vfsuid = make_vfsuid(mnt_userns, fs_userns, acl_e->e_uid);
+ vfsuid = make_vfsuid(idmap, fs_userns, acl_e->e_uid);
ext_entry->e_id = cpu_to_le32(from_kuid(
caller_userns, vfsuid_into_kuid(vfsuid)));
break;
case ACL_GROUP:
- vfsgid = make_vfsgid(mnt_userns, fs_userns, acl_e->e_gid);
+ vfsgid = make_vfsgid(idmap, fs_userns, acl_e->e_gid);
ext_entry->e_id = cpu_to_le32(from_kgid(
caller_userns, vfsgid_into_kgid(vfsgid)));
break;
@@ -934,7 +931,7 @@ static ssize_t vfs_posix_acl_to_xattr(struct mnt_idmap *idmap,
}
int
-set_posix_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
+set_posix_acl(struct mnt_idmap *idmap, struct dentry *dentry,
int type, struct posix_acl *acl)
{
struct inode *inode = d_inode(dentry);
@@ -946,7 +943,7 @@ set_posix_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
return acl ? -EACCES : 0;
- if (!inode_owner_or_capable(mnt_userns, inode))
+ if (!inode_owner_or_capable(idmap, inode))
return -EPERM;
if (acl) {
@@ -954,44 +951,81 @@ set_posix_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
if (ret)
return ret;
}
- return inode->i_op->set_acl(mnt_userns, dentry, acl, type);
+ return inode->i_op->set_acl(idmap, dentry, acl, type);
}
EXPORT_SYMBOL(set_posix_acl);
+int posix_acl_listxattr(struct inode *inode, char **buffer,
+ ssize_t *remaining_size)
+{
+ int err;
+
+ if (!IS_POSIXACL(inode))
+ return 0;
+
+ if (inode->i_acl) {
+ err = xattr_list_one(buffer, remaining_size,
+ XATTR_NAME_POSIX_ACL_ACCESS);
+ if (err)
+ return err;
+ }
+
+ if (inode->i_default_acl) {
+ err = xattr_list_one(buffer, remaining_size,
+ XATTR_NAME_POSIX_ACL_DEFAULT);
+ if (err)
+ return err;
+ }
+
+ return 0;
+}
+
static bool
posix_acl_xattr_list(struct dentry *dentry)
{
return IS_POSIXACL(d_backing_inode(dentry));
}
-const struct xattr_handler posix_acl_access_xattr_handler = {
+/*
+ * nop_posix_acl_access - legacy xattr handler for access POSIX ACLs
+ *
+ * This is the legacy POSIX ACL access xattr handler. It is used by some
+ * filesystems to implement their ->listxattr() inode operation. New code
+ * should never use them.
+ */
+const struct xattr_handler nop_posix_acl_access = {
.name = XATTR_NAME_POSIX_ACL_ACCESS,
- .flags = ACL_TYPE_ACCESS,
.list = posix_acl_xattr_list,
};
-EXPORT_SYMBOL_GPL(posix_acl_access_xattr_handler);
+EXPORT_SYMBOL_GPL(nop_posix_acl_access);
-const struct xattr_handler posix_acl_default_xattr_handler = {
+/*
+ * nop_posix_acl_default - legacy xattr handler for default POSIX ACLs
+ *
+ * This is the legacy POSIX ACL default xattr handler. It is used by some
+ * filesystems to implement their ->listxattr() inode operation. New code
+ * should never use them.
+ */
+const struct xattr_handler nop_posix_acl_default = {
.name = XATTR_NAME_POSIX_ACL_DEFAULT,
- .flags = ACL_TYPE_DEFAULT,
.list = posix_acl_xattr_list,
};
-EXPORT_SYMBOL_GPL(posix_acl_default_xattr_handler);
+EXPORT_SYMBOL_GPL(nop_posix_acl_default);
-int simple_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
+int simple_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
struct posix_acl *acl, int type)
{
int error;
struct inode *inode = d_inode(dentry);
if (type == ACL_TYPE_ACCESS) {
- error = posix_acl_update_mode(mnt_userns, inode,
+ error = posix_acl_update_mode(idmap, inode,
&inode->i_mode, &acl);
if (error)
return error;
}
- inode->i_ctime = current_time(inode);
+ inode_set_ctime_current(inode);
if (IS_I_VERSION(inode))
inode_inc_iversion(inode);
set_cached_acl(inode, type, acl);
@@ -1017,7 +1051,7 @@ int simple_acl_create(struct inode *dir, struct inode *inode)
return 0;
}
-static int vfs_set_acl_idmapped_mnt(struct user_namespace *mnt_userns,
+static int vfs_set_acl_idmapped_mnt(struct mnt_idmap *idmap,
struct user_namespace *fs_userns,
struct posix_acl *acl)
{
@@ -1026,11 +1060,11 @@ static int vfs_set_acl_idmapped_mnt(struct user_namespace *mnt_userns,
switch (acl_e->e_tag) {
case ACL_USER:
- acl_e->e_uid = from_vfsuid(mnt_userns, fs_userns,
+ acl_e->e_uid = from_vfsuid(idmap, fs_userns,
VFSUIDT_INIT(acl_e->e_uid));
break;
case ACL_GROUP:
- acl_e->e_gid = from_vfsgid(mnt_userns, fs_userns,
+ acl_e->e_gid = from_vfsgid(idmap, fs_userns,
VFSGIDT_INIT(acl_e->e_gid));
break;
}
@@ -1041,7 +1075,7 @@ static int vfs_set_acl_idmapped_mnt(struct user_namespace *mnt_userns,
/**
* vfs_set_acl - set posix acls
- * @mnt_userns: user namespace of the mount
+ * @idmap: idmap of the mount
* @dentry: the dentry based on which to set the posix acls
* @acl_name: the name of the posix acl
* @kacl: the posix acls in the appropriate VFS format
@@ -1051,13 +1085,13 @@ static int vfs_set_acl_idmapped_mnt(struct user_namespace *mnt_userns,
*
* Return: On success 0, on error negative errno.
*/
-int vfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
+int vfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
const char *acl_name, struct posix_acl *kacl)
{
int acl_type;
int error;
struct inode *inode = d_inode(dentry);
- struct inode *delegated_inode = NULL;
+ struct delegated_inode delegated_inode = { };
acl_type = posix_acl_type(acl_name);
if (acl_type < 0)
@@ -1071,7 +1105,7 @@ int vfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
* if this is a filesystem with a backing store - ultimately
* translate them to backing store values.
*/
- error = vfs_set_acl_idmapped_mnt(mnt_userns, i_user_ns(inode), kacl);
+ error = vfs_set_acl_idmapped_mnt(idmap, i_user_ns(inode), kacl);
if (error)
return error;
}
@@ -1083,11 +1117,11 @@ retry_deleg:
* We only care about restrictions the inode struct itself places upon
* us otherwise POSIX ACLs aren't subject to any VFS restrictions.
*/
- error = may_write_xattr(mnt_userns, inode);
+ error = may_write_xattr(idmap, inode);
if (error)
goto out_inode_unlock;
- error = security_inode_set_acl(mnt_userns, dentry, acl_name, kacl);
+ error = security_inode_set_acl(idmap, dentry, acl_name, kacl);
if (error)
goto out_inode_unlock;
@@ -1095,21 +1129,19 @@ retry_deleg:
if (error)
goto out_inode_unlock;
- if (inode->i_opflags & IOP_XATTR)
- error = set_posix_acl(mnt_userns, dentry, acl_type, kacl);
- else if (unlikely(is_bad_inode(inode)))
- error = -EIO;
+ if (likely(!is_bad_inode(inode)))
+ error = set_posix_acl(idmap, dentry, acl_type, kacl);
else
- error = -EOPNOTSUPP;
+ error = -EIO;
if (!error) {
fsnotify_xattr(dentry);
- evm_inode_post_set_acl(dentry, acl_name, kacl);
+ security_inode_post_set_acl(dentry, acl_name, kacl);
}
out_inode_unlock:
inode_unlock(inode);
- if (delegated_inode) {
+ if (is_delegated(&delegated_inode)) {
error = break_deleg_wait(&delegated_inode);
if (!error)
goto retry_deleg;
@@ -1121,7 +1153,7 @@ EXPORT_SYMBOL_GPL(vfs_set_acl);
/**
* vfs_get_acl - get posix acls
- * @mnt_userns: user namespace of the mount
+ * @idmap: idmap of the mount
* @dentry: the dentry based on which to retrieve the posix acls
* @acl_name: the name of the posix acl
*
@@ -1130,7 +1162,7 @@ EXPORT_SYMBOL_GPL(vfs_set_acl);
*
* Return: On success POSIX ACLs in VFS format, on error negative errno.
*/
-struct posix_acl *vfs_get_acl(struct user_namespace *mnt_userns,
+struct posix_acl *vfs_get_acl(struct mnt_idmap *idmap,
struct dentry *dentry, const char *acl_name)
{
struct inode *inode = d_inode(dentry);
@@ -1145,7 +1177,7 @@ struct posix_acl *vfs_get_acl(struct user_namespace *mnt_userns,
* The VFS has no restrictions on reading POSIX ACLs so calling
* something like xattr_permission() isn't needed. Only LSMs get a say.
*/
- error = security_inode_get_acl(mnt_userns, dentry, acl_name);
+ error = security_inode_get_acl(idmap, dentry, acl_name);
if (error)
return ERR_PTR(error);
@@ -1154,7 +1186,7 @@ struct posix_acl *vfs_get_acl(struct user_namespace *mnt_userns,
if (S_ISLNK(inode->i_mode))
return ERR_PTR(-EOPNOTSUPP);
- acl = __get_acl(mnt_userns, dentry, inode, acl_type);
+ acl = __get_acl(idmap, dentry, inode, acl_type);
if (IS_ERR(acl))
return acl;
if (!acl)
@@ -1166,7 +1198,7 @@ EXPORT_SYMBOL_GPL(vfs_get_acl);
/**
* vfs_remove_acl - remove posix acls
- * @mnt_userns: user namespace of the mount
+ * @idmap: idmap of the mount
* @dentry: the dentry based on which to retrieve the posix acls
* @acl_name: the name of the posix acl
*
@@ -1174,13 +1206,13 @@ EXPORT_SYMBOL_GPL(vfs_get_acl);
*
* Return: On success 0, on error negative errno.
*/
-int vfs_remove_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
+int vfs_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry,
const char *acl_name)
{
int acl_type;
int error;
struct inode *inode = d_inode(dentry);
- struct inode *delegated_inode = NULL;
+ struct delegated_inode delegated_inode = { };
acl_type = posix_acl_type(acl_name);
if (acl_type < 0)
@@ -1193,11 +1225,11 @@ retry_deleg:
* We only care about restrictions the inode struct itself places upon
* us otherwise POSIX ACLs aren't subject to any VFS restrictions.
*/
- error = may_write_xattr(mnt_userns, inode);
+ error = may_write_xattr(idmap, inode);
if (error)
goto out_inode_unlock;
- error = security_inode_remove_acl(mnt_userns, dentry, acl_name);
+ error = security_inode_remove_acl(idmap, dentry, acl_name);
if (error)
goto out_inode_unlock;
@@ -1205,21 +1237,19 @@ retry_deleg:
if (error)
goto out_inode_unlock;
- if (inode->i_opflags & IOP_XATTR)
- error = set_posix_acl(mnt_userns, dentry, acl_type, NULL);
- else if (unlikely(is_bad_inode(inode)))
- error = -EIO;
+ if (likely(!is_bad_inode(inode)))
+ error = set_posix_acl(idmap, dentry, acl_type, NULL);
else
- error = -EOPNOTSUPP;
+ error = -EIO;
if (!error) {
fsnotify_xattr(dentry);
- evm_inode_post_remove_acl(mnt_userns, dentry, acl_name);
+ security_inode_post_remove_acl(idmap, dentry, acl_name);
}
out_inode_unlock:
inode_unlock(inode);
- if (delegated_inode) {
+ if (is_delegated(&delegated_inode)) {
error = break_deleg_wait(&delegated_inode);
if (!error)
goto retry_deleg;
@@ -1245,7 +1275,7 @@ int do_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
return PTR_ERR(acl);
}
- error = vfs_set_acl(mnt_idmap_owner(idmap), dentry, acl_name, acl);
+ error = vfs_set_acl(idmap, dentry, acl_name, acl);
posix_acl_release(acl);
return error;
}
@@ -1256,7 +1286,7 @@ ssize_t do_get_acl(struct mnt_idmap *idmap, struct dentry *dentry,
ssize_t error;
struct posix_acl *acl;
- acl = vfs_get_acl(mnt_idmap_owner(idmap), dentry, acl_name);
+ acl = vfs_get_acl(idmap, dentry, acl_name);
if (IS_ERR(acl))
return PTR_ERR(acl);
generated by cgit (git 2.34.1) at 2025-12-21 20:58:19 +0000