]> git.ipfire.org Git - thirdparty/linux.git/blob - fs/f2fs/acl.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fs: port ->set_acl() to pass mnt_idmap
[thirdparty/linux.git] / fs / f2fs / acl.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * fs/f2fs/acl.c
4 *
5 * Copyright (c) 2012 Samsung Electronics Co., Ltd.
6 * http://www.samsung.com/
7 *
8 * Portions of this code from linux/fs/ext2/acl.c
9 *
10 * Copyright (C) 2001-2003 Andreas Gruenbacher, <agruen@suse.de>
11 */
12 #include <linux/f2fs_fs.h>
13 #include "f2fs.h"
14 #include "xattr.h"
15 #include "acl.h"
16
17 static inline size_t f2fs_acl_size(int count)
18 {
19 if (count <= 4) {
20 return sizeof(struct f2fs_acl_header) +
21 count * sizeof(struct f2fs_acl_entry_short);
22 } else {
23 return sizeof(struct f2fs_acl_header) +
24 4 * sizeof(struct f2fs_acl_entry_short) +
25 (count - 4) * sizeof(struct f2fs_acl_entry);
26 }
27 }
28
29 static inline int f2fs_acl_count(size_t size)
30 {
31 ssize_t s;
32
33 size -= sizeof(struct f2fs_acl_header);
34 s = size - 4 * sizeof(struct f2fs_acl_entry_short);
35 if (s < 0) {
36 if (size % sizeof(struct f2fs_acl_entry_short))
37 return -1;
38 return size / sizeof(struct f2fs_acl_entry_short);
39 } else {
40 if (s % sizeof(struct f2fs_acl_entry))
41 return -1;
42 return s / sizeof(struct f2fs_acl_entry) + 4;
43 }
44 }
45
46 static struct posix_acl *f2fs_acl_from_disk(const char *value, size_t size)
47 {
48 int i, count;
49 struct posix_acl *acl;
50 struct f2fs_acl_header *hdr = (struct f2fs_acl_header *)value;
51 struct f2fs_acl_entry *entry = (struct f2fs_acl_entry *)(hdr + 1);
52 const char *end = value + size;
53
54 if (size < sizeof(struct f2fs_acl_header))
55 return ERR_PTR(-EINVAL);
56
57 if (hdr->a_version != cpu_to_le32(F2FS_ACL_VERSION))
58 return ERR_PTR(-EINVAL);
59
60 count = f2fs_acl_count(size);
61 if (count < 0)
62 return ERR_PTR(-EINVAL);
63 if (count == 0)
64 return NULL;
65
66 acl = posix_acl_alloc(count, GFP_NOFS);
67 if (!acl)
68 return ERR_PTR(-ENOMEM);
69
70 for (i = 0; i < count; i++) {
71
72 if ((char *)entry > end)
73 goto fail;
74
75 acl->a_entries[i].e_tag = le16_to_cpu(entry->e_tag);
76 acl->a_entries[i].e_perm = le16_to_cpu(entry->e_perm);
77
78 switch (acl->a_entries[i].e_tag) {
79 case ACL_USER_OBJ:
80 case ACL_GROUP_OBJ:
81 case ACL_MASK:
82 case ACL_OTHER:
83 entry = (struct f2fs_acl_entry *)((char *)entry +
84 sizeof(struct f2fs_acl_entry_short));
85 break;
86
87 case ACL_USER:
88 acl->a_entries[i].e_uid =
89 make_kuid(&init_user_ns,
90 le32_to_cpu(entry->e_id));
91 entry = (struct f2fs_acl_entry *)((char *)entry +
92 sizeof(struct f2fs_acl_entry));
93 break;
94 case ACL_GROUP:
95 acl->a_entries[i].e_gid =
96 make_kgid(&init_user_ns,
97 le32_to_cpu(entry->e_id));
98 entry = (struct f2fs_acl_entry *)((char *)entry +
99 sizeof(struct f2fs_acl_entry));
100 break;
101 default:
102 goto fail;
103 }
104 }
105 if ((char *)entry != end)
106 goto fail;
107 return acl;
108 fail:
109 posix_acl_release(acl);
110 return ERR_PTR(-EINVAL);
111 }
112
113 static void *f2fs_acl_to_disk(struct f2fs_sb_info *sbi,
114 const struct posix_acl *acl, size_t *size)
115 {
116 struct f2fs_acl_header *f2fs_acl;
117 struct f2fs_acl_entry *entry;
118 int i;
119
120 f2fs_acl = f2fs_kmalloc(sbi, sizeof(struct f2fs_acl_header) +
121 acl->a_count * sizeof(struct f2fs_acl_entry),
122 GFP_NOFS);
123 if (!f2fs_acl)
124 return ERR_PTR(-ENOMEM);
125
126 f2fs_acl->a_version = cpu_to_le32(F2FS_ACL_VERSION);
127 entry = (struct f2fs_acl_entry *)(f2fs_acl + 1);
128
129 for (i = 0; i < acl->a_count; i++) {
130
131 entry->e_tag = cpu_to_le16(acl->a_entries[i].e_tag);
132 entry->e_perm = cpu_to_le16(acl->a_entries[i].e_perm);
133
134 switch (acl->a_entries[i].e_tag) {
135 case ACL_USER:
136 entry->e_id = cpu_to_le32(
137 from_kuid(&init_user_ns,
138 acl->a_entries[i].e_uid));
139 entry = (struct f2fs_acl_entry *)((char *)entry +
140 sizeof(struct f2fs_acl_entry));
141 break;
142 case ACL_GROUP:
143 entry->e_id = cpu_to_le32(
144 from_kgid(&init_user_ns,
145 acl->a_entries[i].e_gid));
146 entry = (struct f2fs_acl_entry *)((char *)entry +
147 sizeof(struct f2fs_acl_entry));
148 break;
149 case ACL_USER_OBJ:
150 case ACL_GROUP_OBJ:
151 case ACL_MASK:
152 case ACL_OTHER:
153 entry = (struct f2fs_acl_entry *)((char *)entry +
154 sizeof(struct f2fs_acl_entry_short));
155 break;
156 default:
157 goto fail;
158 }
159 }
160 *size = f2fs_acl_size(acl->a_count);
161 return (void *)f2fs_acl;
162
163 fail:
164 kfree(f2fs_acl);
165 return ERR_PTR(-EINVAL);
166 }
167
168 static struct posix_acl *__f2fs_get_acl(struct inode *inode, int type,
169 struct page *dpage)
170 {
171 int name_index = F2FS_XATTR_INDEX_POSIX_ACL_DEFAULT;
172 void *value = NULL;
173 struct posix_acl *acl;
174 int retval;
175
176 if (type == ACL_TYPE_ACCESS)
177 name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS;
178
179 retval = f2fs_getxattr(inode, name_index, "", NULL, 0, dpage);
180 if (retval > 0) {
181 value = f2fs_kmalloc(F2FS_I_SB(inode), retval, GFP_F2FS_ZERO);
182 if (!value)
183 return ERR_PTR(-ENOMEM);
184 retval = f2fs_getxattr(inode, name_index, "", value,
185 retval, dpage);
186 }
187
188 if (retval > 0)
189 acl = f2fs_acl_from_disk(value, retval);
190 else if (retval == -ENODATA)
191 acl = NULL;
192 else
193 acl = ERR_PTR(retval);
194 kfree(value);
195
196 return acl;
197 }
198
199 struct posix_acl *f2fs_get_acl(struct inode *inode, int type, bool rcu)
200 {
201 if (rcu)
202 return ERR_PTR(-ECHILD);
203
204 return __f2fs_get_acl(inode, type, NULL);
205 }
206
207 static int f2fs_acl_update_mode(struct user_namespace *mnt_userns,
208 struct inode *inode, umode_t *mode_p,
209 struct posix_acl **acl)
210 {
211 umode_t mode = inode->i_mode;
212 int error;
213
214 if (is_inode_flag_set(inode, FI_ACL_MODE))
215 mode = F2FS_I(inode)->i_acl_mode;
216
217 error = posix_acl_equiv_mode(*acl, &mode);
218 if (error < 0)
219 return error;
220 if (error == 0)
221 *acl = NULL;
222 if (!vfsgid_in_group_p(i_gid_into_vfsgid(mnt_userns, inode)) &&
223 !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
224 mode &= ~S_ISGID;
225 *mode_p = mode;
226 return 0;
227 }
228
229 static int __f2fs_set_acl(struct user_namespace *mnt_userns,
230 struct inode *inode, int type,
231 struct posix_acl *acl, struct page *ipage)
232 {
233 int name_index;
234 void *value = NULL;
235 size_t size = 0;
236 int error;
237 umode_t mode = inode->i_mode;
238
239 switch (type) {
240 case ACL_TYPE_ACCESS:
241 name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS;
242 if (acl && !ipage) {
243 error = f2fs_acl_update_mode(mnt_userns, inode,
244 &mode, &acl);
245 if (error)
246 return error;
247 set_acl_inode(inode, mode);
248 }
249 break;
250
251 case ACL_TYPE_DEFAULT:
252 name_index = F2FS_XATTR_INDEX_POSIX_ACL_DEFAULT;
253 if (!S_ISDIR(inode->i_mode))
254 return acl ? -EACCES : 0;
255 break;
256
257 default:
258 return -EINVAL;
259 }
260
261 if (acl) {
262 value = f2fs_acl_to_disk(F2FS_I_SB(inode), acl, &size);
263 if (IS_ERR(value)) {
264 clear_inode_flag(inode, FI_ACL_MODE);
265 return PTR_ERR(value);
266 }
267 }
268
269 error = f2fs_setxattr(inode, name_index, "", value, size, ipage, 0);
270
271 kfree(value);
272 if (!error)
273 set_cached_acl(inode, type, acl);
274
275 clear_inode_flag(inode, FI_ACL_MODE);
276 return error;
277 }
278
279 int f2fs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
280 struct posix_acl *acl, int type)
281 {
282 struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
283 struct inode *inode = d_inode(dentry);
284
285 if (unlikely(f2fs_cp_error(F2FS_I_SB(inode))))
286 return -EIO;
287
288 return __f2fs_set_acl(mnt_userns, inode, type, acl, NULL);
289 }
290
291 /*
292 * Most part of f2fs_acl_clone, f2fs_acl_create_masq, f2fs_acl_create
293 * are copied from posix_acl.c
294 */
295 static struct posix_acl *f2fs_acl_clone(const struct posix_acl *acl,
296 gfp_t flags)
297 {
298 struct posix_acl *clone = NULL;
299
300 if (acl) {
301 int size = sizeof(struct posix_acl) + acl->a_count *
302 sizeof(struct posix_acl_entry);
303 clone = kmemdup(acl, size, flags);
304 if (clone)
305 refcount_set(&clone->a_refcount, 1);
306 }
307 return clone;
308 }
309
310 static int f2fs_acl_create_masq(struct posix_acl *acl, umode_t *mode_p)
311 {
312 struct posix_acl_entry *pa, *pe;
313 struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL;
314 umode_t mode = *mode_p;
315 int not_equiv = 0;
316
317 /* assert(atomic_read(acl->a_refcount) == 1); */
318
319 FOREACH_ACL_ENTRY(pa, acl, pe) {
320 switch (pa->e_tag) {
321 case ACL_USER_OBJ:
322 pa->e_perm &= (mode >> 6) | ~S_IRWXO;
323 mode &= (pa->e_perm << 6) | ~S_IRWXU;
324 break;
325
326 case ACL_USER:
327 case ACL_GROUP:
328 not_equiv = 1;
329 break;
330
331 case ACL_GROUP_OBJ:
332 group_obj = pa;
333 break;
334
335 case ACL_OTHER:
336 pa->e_perm &= mode | ~S_IRWXO;
337 mode &= pa->e_perm | ~S_IRWXO;
338 break;
339
340 case ACL_MASK:
341 mask_obj = pa;
342 not_equiv = 1;
343 break;
344
345 default:
346 return -EIO;
347 }
348 }
349
350 if (mask_obj) {
351 mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO;
352 mode &= (mask_obj->e_perm << 3) | ~S_IRWXG;
353 } else {
354 if (!group_obj)
355 return -EIO;
356 group_obj->e_perm &= (mode >> 3) | ~S_IRWXO;
357 mode &= (group_obj->e_perm << 3) | ~S_IRWXG;
358 }
359
360 *mode_p = (*mode_p & ~S_IRWXUGO) | mode;
361 return not_equiv;
362 }
363
364 static int f2fs_acl_create(struct inode *dir, umode_t *mode,
365 struct posix_acl **default_acl, struct posix_acl **acl,
366 struct page *dpage)
367 {
368 struct posix_acl *p;
369 struct posix_acl *clone;
370 int ret;
371
372 *acl = NULL;
373 *default_acl = NULL;
374
375 if (S_ISLNK(*mode) || !IS_POSIXACL(dir))
376 return 0;
377
378 p = __f2fs_get_acl(dir, ACL_TYPE_DEFAULT, dpage);
379 if (!p || p == ERR_PTR(-EOPNOTSUPP)) {
380 *mode &= ~current_umask();
381 return 0;
382 }
383 if (IS_ERR(p))
384 return PTR_ERR(p);
385
386 clone = f2fs_acl_clone(p, GFP_NOFS);
387 if (!clone) {
388 ret = -ENOMEM;
389 goto release_acl;
390 }
391
392 ret = f2fs_acl_create_masq(clone, mode);
393 if (ret < 0)
394 goto release_clone;
395
396 if (ret == 0)
397 posix_acl_release(clone);
398 else
399 *acl = clone;
400
401 if (!S_ISDIR(*mode))
402 posix_acl_release(p);
403 else
404 *default_acl = p;
405
406 return 0;
407
408 release_clone:
409 posix_acl_release(clone);
410 release_acl:
411 posix_acl_release(p);
412 return ret;
413 }
414
415 int f2fs_init_acl(struct inode *inode, struct inode *dir, struct page *ipage,
416 struct page *dpage)
417 {
418 struct posix_acl *default_acl = NULL, *acl = NULL;
419 int error;
420
421 error = f2fs_acl_create(dir, &inode->i_mode, &default_acl, &acl, dpage);
422 if (error)
423 return error;
424
425 f2fs_mark_inode_dirty_sync(inode, true);
426
427 if (default_acl) {
428 error = __f2fs_set_acl(NULL, inode, ACL_TYPE_DEFAULT, default_acl,
429 ipage);
430 posix_acl_release(default_acl);
431 } else {
432 inode->i_default_acl = NULL;
433 }
434 if (acl) {
435 if (!error)
436 error = __f2fs_set_acl(NULL, inode, ACL_TYPE_ACCESS, acl,
437 ipage);
438 posix_acl_release(acl);
439 } else {
440 inode->i_acl = NULL;
441 }
442
443 return error;
444 }
A mirror of Linus' kernel repository