xref: /openbmc/linux/fs/ext2/acl.c (revision c900529f3d9161bfde5cca0754f83b4d3c3e0220) 
1b2441318SGreg Kroah-Hartman // SPDX-License-Identifier: GPL-2.0
21da177e4SLinus Torvalds /*
31da177e4SLinus Torvalds  * linux/fs/ext2/acl.c
41da177e4SLinus Torvalds  *
51da177e4SLinus Torvalds  * Copyright (C) 2001-2003 Andreas Gruenbacher, <agruen@suse.de>
61da177e4SLinus Torvalds  */
71da177e4SLinus Torvalds 
81da177e4SLinus Torvalds #include <linux/init.h>
91da177e4SLinus Torvalds #include <linux/sched.h>
101da177e4SLinus Torvalds #include <linux/slab.h>
111da177e4SLinus Torvalds #include <linux/fs.h>
121da177e4SLinus Torvalds #include "ext2.h"
131da177e4SLinus Torvalds #include "xattr.h"
141da177e4SLinus Torvalds #include "acl.h"
151da177e4SLinus Torvalds 
161da177e4SLinus Torvalds /*
171da177e4SLinus Torvalds  * Convert from filesystem to in-memory representation.
181da177e4SLinus Torvalds  */
191da177e4SLinus Torvalds static struct posix_acl *
ext2_acl_from_disk(const void * value,size_t size)201da177e4SLinus Torvalds ext2_acl_from_disk(const void *value, size_t size)
211da177e4SLinus Torvalds {
221da177e4SLinus Torvalds 	const char *end = (char *)value + size;
231da177e4SLinus Torvalds 	int n, count;
241da177e4SLinus Torvalds 	struct posix_acl *acl;
251da177e4SLinus Torvalds 
261da177e4SLinus Torvalds 	if (!value)
271da177e4SLinus Torvalds 		return NULL;
281da177e4SLinus Torvalds 	if (size < sizeof(ext2_acl_header))
291da177e4SLinus Torvalds 		 return ERR_PTR(-EINVAL);
301da177e4SLinus Torvalds 	if (((ext2_acl_header *)value)->a_version !=
311da177e4SLinus Torvalds 	    cpu_to_le32(EXT2_ACL_VERSION))
321da177e4SLinus Torvalds 		return ERR_PTR(-EINVAL);
331da177e4SLinus Torvalds 	value = (char *)value + sizeof(ext2_acl_header);
341da177e4SLinus Torvalds 	count = ext2_acl_count(size);
351da177e4SLinus Torvalds 	if (count < 0)
361da177e4SLinus Torvalds 		return ERR_PTR(-EINVAL);
371da177e4SLinus Torvalds 	if (count == 0)
381da177e4SLinus Torvalds 		return NULL;
391da177e4SLinus Torvalds 	acl = posix_acl_alloc(count, GFP_KERNEL);
401da177e4SLinus Torvalds 	if (!acl)
411da177e4SLinus Torvalds 		return ERR_PTR(-ENOMEM);
421da177e4SLinus Torvalds 	for (n=0; n < count; n++) {
431da177e4SLinus Torvalds 		ext2_acl_entry *entry =
441da177e4SLinus Torvalds 			(ext2_acl_entry *)value;
451da177e4SLinus Torvalds 		if ((char *)value + sizeof(ext2_acl_entry_short) > end)
461da177e4SLinus Torvalds 			goto fail;
471da177e4SLinus Torvalds 		acl->a_entries[n].e_tag  = le16_to_cpu(entry->e_tag);
481da177e4SLinus Torvalds 		acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm);
491da177e4SLinus Torvalds 		switch(acl->a_entries[n].e_tag) {
501da177e4SLinus Torvalds 			case ACL_USER_OBJ:
511da177e4SLinus Torvalds 			case ACL_GROUP_OBJ:
521da177e4SLinus Torvalds 			case ACL_MASK:
531da177e4SLinus Torvalds 			case ACL_OTHER:
541da177e4SLinus Torvalds 				value = (char *)value +
551da177e4SLinus Torvalds 					sizeof(ext2_acl_entry_short);
561da177e4SLinus Torvalds 				break;
571da177e4SLinus Torvalds 
581da177e4SLinus Torvalds 			case ACL_USER:
59af84df93SEric W. Biederman 				value = (char *)value + sizeof(ext2_acl_entry);
60af84df93SEric W. Biederman 				if ((char *)value > end)
61af84df93SEric W. Biederman 					goto fail;
62af84df93SEric W. Biederman 				acl->a_entries[n].e_uid =
63af84df93SEric W. Biederman 					make_kuid(&init_user_ns,
64af84df93SEric W. Biederman 						  le32_to_cpu(entry->e_id));
65af84df93SEric W. Biederman 				break;
661da177e4SLinus Torvalds 			case ACL_GROUP:
671da177e4SLinus Torvalds 				value = (char *)value + sizeof(ext2_acl_entry);
681da177e4SLinus Torvalds 				if ((char *)value > end)
691da177e4SLinus Torvalds 					goto fail;
70af84df93SEric W. Biederman 				acl->a_entries[n].e_gid =
71af84df93SEric W. Biederman 					make_kgid(&init_user_ns,
72af84df93SEric W. Biederman 						  le32_to_cpu(entry->e_id));
731da177e4SLinus Torvalds 				break;
741da177e4SLinus Torvalds 
751da177e4SLinus Torvalds 			default:
761da177e4SLinus Torvalds 				goto fail;
771da177e4SLinus Torvalds 		}
781da177e4SLinus Torvalds 	}
791da177e4SLinus Torvalds 	if (value != end)
801da177e4SLinus Torvalds 		goto fail;
811da177e4SLinus Torvalds 	return acl;
821da177e4SLinus Torvalds 
831da177e4SLinus Torvalds fail:
841da177e4SLinus Torvalds 	posix_acl_release(acl);
851da177e4SLinus Torvalds 	return ERR_PTR(-EINVAL);
861da177e4SLinus Torvalds }
871da177e4SLinus Torvalds 
881da177e4SLinus Torvalds /*
891da177e4SLinus Torvalds  * Convert from in-memory to filesystem representation.
901da177e4SLinus Torvalds  */
911da177e4SLinus Torvalds static void *
ext2_acl_to_disk(const struct posix_acl * acl,size_t * size)921da177e4SLinus Torvalds ext2_acl_to_disk(const struct posix_acl *acl, size_t *size)
931da177e4SLinus Torvalds {
941da177e4SLinus Torvalds 	ext2_acl_header *ext_acl;
951da177e4SLinus Torvalds 	char *e;
961da177e4SLinus Torvalds 	size_t n;
971da177e4SLinus Torvalds 
981da177e4SLinus Torvalds 	*size = ext2_acl_size(acl->a_count);
99f52720caSPanagiotis Issaris 	ext_acl = kmalloc(sizeof(ext2_acl_header) + acl->a_count *
100f52720caSPanagiotis Issaris 			sizeof(ext2_acl_entry), GFP_KERNEL);
1011da177e4SLinus Torvalds 	if (!ext_acl)
1021da177e4SLinus Torvalds 		return ERR_PTR(-ENOMEM);
1031da177e4SLinus Torvalds 	ext_acl->a_version = cpu_to_le32(EXT2_ACL_VERSION);
1041da177e4SLinus Torvalds 	e = (char *)ext_acl + sizeof(ext2_acl_header);
1051da177e4SLinus Torvalds 	for (n=0; n < acl->a_count; n++) {
106af84df93SEric W. Biederman 		const struct posix_acl_entry *acl_e = &acl->a_entries[n];
1071da177e4SLinus Torvalds 		ext2_acl_entry *entry = (ext2_acl_entry *)e;
108af84df93SEric W. Biederman 		entry->e_tag  = cpu_to_le16(acl_e->e_tag);
109af84df93SEric W. Biederman 		entry->e_perm = cpu_to_le16(acl_e->e_perm);
110af84df93SEric W. Biederman 		switch(acl_e->e_tag) {
1111da177e4SLinus Torvalds 			case ACL_USER:
112af84df93SEric W. Biederman 				entry->e_id = cpu_to_le32(
113af84df93SEric W. Biederman 					from_kuid(&init_user_ns, acl_e->e_uid));
114af84df93SEric W. Biederman 				e += sizeof(ext2_acl_entry);
115af84df93SEric W. Biederman 				break;
1161da177e4SLinus Torvalds 			case ACL_GROUP:
117af84df93SEric W. Biederman 				entry->e_id = cpu_to_le32(
118af84df93SEric W. Biederman 					from_kgid(&init_user_ns, acl_e->e_gid));
1191da177e4SLinus Torvalds 				e += sizeof(ext2_acl_entry);
1201da177e4SLinus Torvalds 				break;
1211da177e4SLinus Torvalds 
1221da177e4SLinus Torvalds 			case ACL_USER_OBJ:
1231da177e4SLinus Torvalds 			case ACL_GROUP_OBJ:
1241da177e4SLinus Torvalds 			case ACL_MASK:
1251da177e4SLinus Torvalds 			case ACL_OTHER:
1261da177e4SLinus Torvalds 				e += sizeof(ext2_acl_entry_short);
1271da177e4SLinus Torvalds 				break;
1281da177e4SLinus Torvalds 
1291da177e4SLinus Torvalds 			default:
1301da177e4SLinus Torvalds 				goto fail;
1311da177e4SLinus Torvalds 		}
1321da177e4SLinus Torvalds 	}
1331da177e4SLinus Torvalds 	return (char *)ext_acl;
1341da177e4SLinus Torvalds 
1351da177e4SLinus Torvalds fail:
1361da177e4SLinus Torvalds 	kfree(ext_acl);
1371da177e4SLinus Torvalds 	return ERR_PTR(-EINVAL);
1381da177e4SLinus Torvalds }
1391da177e4SLinus Torvalds 
1401da177e4SLinus Torvalds /*
1411b1dcc1bSJes Sorensen  * inode->i_mutex: don't care
1421da177e4SLinus Torvalds  */
1434e34e719SChristoph Hellwig struct posix_acl *
ext2_get_acl(struct inode * inode,int type,bool rcu)1440cad6246SMiklos Szeredi ext2_get_acl(struct inode *inode, int type, bool rcu)
1451da177e4SLinus Torvalds {
1461da177e4SLinus Torvalds 	int name_index;
1471da177e4SLinus Torvalds 	char *value = NULL;
1481da177e4SLinus Torvalds 	struct posix_acl *acl;
1491da177e4SLinus Torvalds 	int retval;
1501da177e4SLinus Torvalds 
1510cad6246SMiklos Szeredi 	if (rcu)
1520cad6246SMiklos Szeredi 		return ERR_PTR(-ECHILD);
1530cad6246SMiklos Szeredi 
1541da177e4SLinus Torvalds 	switch (type) {
1551da177e4SLinus Torvalds 	case ACL_TYPE_ACCESS:
1561da177e4SLinus Torvalds 		name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
1571da177e4SLinus Torvalds 		break;
1581da177e4SLinus Torvalds 	case ACL_TYPE_DEFAULT:
1591da177e4SLinus Torvalds 		name_index = EXT2_XATTR_INDEX_POSIX_ACL_DEFAULT;
1601da177e4SLinus Torvalds 		break;
1611da177e4SLinus Torvalds 	default:
162073aaa1bSAl Viro 		BUG();
1631da177e4SLinus Torvalds 	}
1641da177e4SLinus Torvalds 	retval = ext2_xattr_get(inode, name_index, "", NULL, 0);
1651da177e4SLinus Torvalds 	if (retval > 0) {
1661da177e4SLinus Torvalds 		value = kmalloc(retval, GFP_KERNEL);
1671da177e4SLinus Torvalds 		if (!value)
1681da177e4SLinus Torvalds 			return ERR_PTR(-ENOMEM);
1691da177e4SLinus Torvalds 		retval = ext2_xattr_get(inode, name_index, "", value, retval);
1701da177e4SLinus Torvalds 	}
1711da177e4SLinus Torvalds 	if (retval > 0)
1721da177e4SLinus Torvalds 		acl = ext2_acl_from_disk(value, retval);
1731da177e4SLinus Torvalds 	else if (retval == -ENODATA || retval == -ENOSYS)
1741da177e4SLinus Torvalds 		acl = NULL;
1751da177e4SLinus Torvalds 	else
1761da177e4SLinus Torvalds 		acl = ERR_PTR(retval);
1771da177e4SLinus Torvalds 	kfree(value);
1781da177e4SLinus Torvalds 
1791da177e4SLinus Torvalds 	return acl;
1801da177e4SLinus Torvalds }
1811da177e4SLinus Torvalds 
182a992f2d3SJan Kara static int
__ext2_set_acl(struct inode * inode,struct posix_acl * acl,int type)183a992f2d3SJan Kara __ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
1841da177e4SLinus Torvalds {
1851da177e4SLinus Torvalds 	int name_index;
1861da177e4SLinus Torvalds 	void *value = NULL;
187dfa08592SAndreas Gruenbacher 	size_t size = 0;
1881da177e4SLinus Torvalds 	int error;
1891da177e4SLinus Torvalds 
1901da177e4SLinus Torvalds 	switch(type) {
1911da177e4SLinus Torvalds 		case ACL_TYPE_ACCESS:
1921da177e4SLinus Torvalds 			name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
1931da177e4SLinus Torvalds 			break;
1941da177e4SLinus Torvalds 
1951da177e4SLinus Torvalds 		case ACL_TYPE_DEFAULT:
1961da177e4SLinus Torvalds 			name_index = EXT2_XATTR_INDEX_POSIX_ACL_DEFAULT;
1971da177e4SLinus Torvalds 			if (!S_ISDIR(inode->i_mode))
1981da177e4SLinus Torvalds 				return acl ? -EACCES : 0;
1991da177e4SLinus Torvalds 			break;
2001da177e4SLinus Torvalds 
2011da177e4SLinus Torvalds 		default:
2021da177e4SLinus Torvalds 			return -EINVAL;
2031da177e4SLinus Torvalds 	}
2041da177e4SLinus Torvalds  	if (acl) {
2051da177e4SLinus Torvalds 		value = ext2_acl_to_disk(acl, &size);
2061da177e4SLinus Torvalds 		if (IS_ERR(value))
2071da177e4SLinus Torvalds 			return (int)PTR_ERR(value);
2081da177e4SLinus Torvalds 	}
2091da177e4SLinus Torvalds 
2101da177e4SLinus Torvalds 	error = ext2_xattr_set(inode, name_index, "", value, size, 0);
2111da177e4SLinus Torvalds 
2121da177e4SLinus Torvalds 	kfree(value);
213073aaa1bSAl Viro 	if (!error)
214073aaa1bSAl Viro 		set_cached_acl(inode, type, acl);
2151da177e4SLinus Torvalds 	return error;
2161da177e4SLinus Torvalds }
2171da177e4SLinus Torvalds 
2181da177e4SLinus Torvalds /*
219a992f2d3SJan Kara  * inode->i_mutex: down
220a992f2d3SJan Kara  */
221a992f2d3SJan Kara int
ext2_set_acl(struct mnt_idmap * idmap,struct dentry * dentry,struct posix_acl * acl,int type)22213e83a49SChristian Brauner ext2_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
223549c7297SChristian Brauner 	     struct posix_acl *acl, int type)
224a992f2d3SJan Kara {
225a992f2d3SJan Kara 	int error;
226fe26569eSErnesto A. Fernández 	int update_mode = 0;
227138060baSChristian Brauner 	struct inode *inode = d_inode(dentry);
228fe26569eSErnesto A. Fernández 	umode_t mode = inode->i_mode;
229a992f2d3SJan Kara 
230a992f2d3SJan Kara 	if (type == ACL_TYPE_ACCESS && acl) {
231700b7940SChristian Brauner 		error = posix_acl_update_mode(&nop_mnt_idmap, inode, &mode,
232e65ce2a5SChristian Brauner 					      &acl);
233a992f2d3SJan Kara 		if (error)
234a992f2d3SJan Kara 			return error;
235fe26569eSErnesto A. Fernández 		update_mode = 1;
236fe26569eSErnesto A. Fernández 	}
237fe26569eSErnesto A. Fernández 	error = __ext2_set_acl(inode, acl, type);
238fe26569eSErnesto A. Fernández 	if (!error && update_mode) {
239fe26569eSErnesto A. Fernández 		inode->i_mode = mode;
240*fc4eed64SJeff Layton 		inode_set_ctime_current(inode);
241a992f2d3SJan Kara 		mark_inode_dirty(inode);
242a992f2d3SJan Kara 	}
243fe26569eSErnesto A. Fernández 	return error;
244a992f2d3SJan Kara }
245a992f2d3SJan Kara 
246a992f2d3SJan Kara /*
2471da177e4SLinus Torvalds  * Initialize the ACLs of a new inode. Called from ext2_new_inode.
2481da177e4SLinus Torvalds  *
2491b1dcc1bSJes Sorensen  * dir->i_mutex: down
2501b1dcc1bSJes Sorensen  * inode->i_mutex: up (access to inode is still exclusive)
2511da177e4SLinus Torvalds  */
2521da177e4SLinus Torvalds int
ext2_init_acl(struct inode * inode,struct inode * dir)2531da177e4SLinus Torvalds ext2_init_acl(struct inode *inode, struct inode *dir)
2541da177e4SLinus Torvalds {
25564e178a7SChristoph Hellwig 	struct posix_acl *default_acl, *acl;
2561da177e4SLinus Torvalds 	int error;
2571da177e4SLinus Torvalds 
25864e178a7SChristoph Hellwig 	error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl);
259bc26ab5fSAl Viro 	if (error)
260bc26ab5fSAl Viro 		return error;
26164e178a7SChristoph Hellwig 
26264e178a7SChristoph Hellwig 	if (default_acl) {
263a992f2d3SJan Kara 		error = __ext2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
26464e178a7SChristoph Hellwig 		posix_acl_release(default_acl);
26559fed3bfSChengguang Xu 	} else {
26659fed3bfSChengguang Xu 		inode->i_default_acl = NULL;
26764e178a7SChristoph Hellwig 	}
26864e178a7SChristoph Hellwig 	if (acl) {
26964e178a7SChristoph Hellwig 		if (!error)
270a992f2d3SJan Kara 			error = __ext2_set_acl(inode, acl, ACL_TYPE_ACCESS);
2711da177e4SLinus Torvalds 		posix_acl_release(acl);
27259fed3bfSChengguang Xu 	} else {
27359fed3bfSChengguang Xu 		inode->i_acl = NULL;
27464e178a7SChristoph Hellwig 	}
2751da177e4SLinus Torvalds 	return error;
2761da177e4SLinus Torvalds }
277