xref: /openbmc/linux/fs/ext4/acl.c (revision 483eb062) 
1 /*
2  * linux/fs/ext4/acl.c
3  *
4  * Copyright (C) 2001-2003 Andreas Gruenbacher, <agruen@suse.de>
5  */
6 
7 #include <linux/init.h>
8 #include <linux/sched.h>
9 #include <linux/slab.h>
10 #include <linux/capability.h>
11 #include <linux/fs.h>
12 #include "ext4_jbd2.h"
13 #include "ext4.h"
14 #include "xattr.h"
15 #include "acl.h"
16 
17 /*
18  * Convert from filesystem to in-memory representation.
19  */
20 static struct posix_acl *
21 ext4_acl_from_disk(const void *value, size_t size)
22 {
23 	const char *end = (char *)value + size;
24 	int n, count;
25 	struct posix_acl *acl;
26 
27 	if (!value)
28 		return NULL;
29 	if (size < sizeof(ext4_acl_header))
30 		 return ERR_PTR(-EINVAL);
31 	if (((ext4_acl_header *)value)->a_version !=
32 	    cpu_to_le32(EXT4_ACL_VERSION))
33 		return ERR_PTR(-EINVAL);
34 	value = (char *)value + sizeof(ext4_acl_header);
35 	count = ext4_acl_count(size);
36 	if (count < 0)
37 		return ERR_PTR(-EINVAL);
38 	if (count == 0)
39 		return NULL;
40 	acl = posix_acl_alloc(count, GFP_NOFS);
41 	if (!acl)
42 		return ERR_PTR(-ENOMEM);
43 	for (n = 0; n < count; n++) {
44 		ext4_acl_entry *entry =
45 			(ext4_acl_entry *)value;
46 		if ((char *)value + sizeof(ext4_acl_entry_short) > end)
47 			goto fail;
48 		acl->a_entries[n].e_tag  = le16_to_cpu(entry->e_tag);
49 		acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm);
50 
51 		switch (acl->a_entries[n].e_tag) {
52 		case ACL_USER_OBJ:
53 		case ACL_GROUP_OBJ:
54 		case ACL_MASK:
55 		case ACL_OTHER:
56 			value = (char *)value +
57 				sizeof(ext4_acl_entry_short);
58 			break;
59 
60 		case ACL_USER:
61 			value = (char *)value + sizeof(ext4_acl_entry);
62 			if ((char *)value > end)
63 				goto fail;
64 			acl->a_entries[n].e_uid =
65 				make_kuid(&init_user_ns,
66 					  le32_to_cpu(entry->e_id));
67 			break;
68 		case ACL_GROUP:
69 			value = (char *)value + sizeof(ext4_acl_entry);
70 			if ((char *)value > end)
71 				goto fail;
72 			acl->a_entries[n].e_gid =
73 				make_kgid(&init_user_ns,
74 					  le32_to_cpu(entry->e_id));
75 			break;
76 
77 		default:
78 			goto fail;
79 		}
80 	}
81 	if (value != end)
82 		goto fail;
83 	return acl;
84 
85 fail:
86 	posix_acl_release(acl);
87 	return ERR_PTR(-EINVAL);
88 }
89 
90 /*
91  * Convert from in-memory to filesystem representation.
92  */
93 static void *
94 ext4_acl_to_disk(const struct posix_acl *acl, size_t *size)
95 {
96 	ext4_acl_header *ext_acl;
97 	char *e;
98 	size_t n;
99 
100 	*size = ext4_acl_size(acl->a_count);
101 	ext_acl = kmalloc(sizeof(ext4_acl_header) + acl->a_count *
102 			sizeof(ext4_acl_entry), GFP_NOFS);
103 	if (!ext_acl)
104 		return ERR_PTR(-ENOMEM);
105 	ext_acl->a_version = cpu_to_le32(EXT4_ACL_VERSION);
106 	e = (char *)ext_acl + sizeof(ext4_acl_header);
107 	for (n = 0; n < acl->a_count; n++) {
108 		const struct posix_acl_entry *acl_e = &acl->a_entries[n];
109 		ext4_acl_entry *entry = (ext4_acl_entry *)e;
110 		entry->e_tag  = cpu_to_le16(acl_e->e_tag);
111 		entry->e_perm = cpu_to_le16(acl_e->e_perm);
112 		switch (acl_e->e_tag) {
113 		case ACL_USER:
114 			entry->e_id = cpu_to_le32(
115 				from_kuid(&init_user_ns, acl_e->e_uid));
116 			e += sizeof(ext4_acl_entry);
117 			break;
118 		case ACL_GROUP:
119 			entry->e_id = cpu_to_le32(
120 				from_kgid(&init_user_ns, acl_e->e_gid));
121 			e += sizeof(ext4_acl_entry);
122 			break;
123 
124 		case ACL_USER_OBJ:
125 		case ACL_GROUP_OBJ:
126 		case ACL_MASK:
127 		case ACL_OTHER:
128 			e += sizeof(ext4_acl_entry_short);
129 			break;
130 
131 		default:
132 			goto fail;
133 		}
134 	}
135 	return (char *)ext_acl;
136 
137 fail:
138 	kfree(ext_acl);
139 	return ERR_PTR(-EINVAL);
140 }
141 
142 /*
143  * Inode operation get_posix_acl().
144  *
145  * inode->i_mutex: don't care
146  */
147 struct posix_acl *
148 ext4_get_acl(struct inode *inode, int type)
149 {
150 	int name_index;
151 	char *value = NULL;
152 	struct posix_acl *acl;
153 	int retval;
154 
155 	switch (type) {
156 	case ACL_TYPE_ACCESS:
157 		name_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;
158 		break;
159 	case ACL_TYPE_DEFAULT:
160 		name_index = EXT4_XATTR_INDEX_POSIX_ACL_DEFAULT;
161 		break;
162 	default:
163 		BUG();
164 	}
165 	retval = ext4_xattr_get(inode, name_index, "", NULL, 0);
166 	if (retval > 0) {
167 		value = kmalloc(retval, GFP_NOFS);
168 		if (!value)
169 			return ERR_PTR(-ENOMEM);
170 		retval = ext4_xattr_get(inode, name_index, "", value, retval);
171 	}
172 	if (retval > 0)
173 		acl = ext4_acl_from_disk(value, retval);
174 	else if (retval == -ENODATA || retval == -ENOSYS)
175 		acl = NULL;
176 	else
177 		acl = ERR_PTR(retval);
178 	kfree(value);
179 
180 	if (!IS_ERR(acl))
181 		set_cached_acl(inode, type, acl);
182 
183 	return acl;
184 }
185 
186 /*
187  * Set the access or default ACL of an inode.
188  *
189  * inode->i_mutex: down unless called from ext4_new_inode
190  */
191 static int
192 __ext4_set_acl(handle_t *handle, struct inode *inode, int type,
193 	     struct posix_acl *acl)
194 {
195 	int name_index;
196 	void *value = NULL;
197 	size_t size = 0;
198 	int error;
199 
200 	switch (type) {
201 	case ACL_TYPE_ACCESS:
202 		name_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;
203 		if (acl) {
204 			error = posix_acl_equiv_mode(acl, &inode->i_mode);
205 			if (error < 0)
206 				return error;
207 			else {
208 				inode->i_ctime = ext4_current_time(inode);
209 				ext4_mark_inode_dirty(handle, inode);
210 				if (error == 0)
211 					acl = NULL;
212 			}
213 		}
214 		break;
215 
216 	case ACL_TYPE_DEFAULT:
217 		name_index = EXT4_XATTR_INDEX_POSIX_ACL_DEFAULT;
218 		if (!S_ISDIR(inode->i_mode))
219 			return acl ? -EACCES : 0;
220 		break;
221 
222 	default:
223 		return -EINVAL;
224 	}
225 	if (acl) {
226 		value = ext4_acl_to_disk(acl, &size);
227 		if (IS_ERR(value))
228 			return (int)PTR_ERR(value);
229 	}
230 
231 	error = ext4_xattr_set_handle(handle, inode, name_index, "",
232 				      value, size, 0);
233 
234 	kfree(value);
235 	if (!error)
236 		set_cached_acl(inode, type, acl);
237 
238 	return error;
239 }
240 
241 int
242 ext4_set_acl(struct inode *inode, struct posix_acl *acl, int type)
243 {
244 	handle_t *handle;
245 	int error, retries = 0;
246 
247 retry:
248 	handle = ext4_journal_start(inode, EXT4_HT_XATTR,
249 				    ext4_jbd2_credits_xattr(inode));
250 	if (IS_ERR(handle))
251 		return PTR_ERR(handle);
252 
253 	error = __ext4_set_acl(handle, inode, type, acl);
254 	ext4_journal_stop(handle);
255 	if (error == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
256 		goto retry;
257 	return error;
258 }
259 
260 /*
261  * Initialize the ACLs of a new inode. Called from ext4_new_inode.
262  *
263  * dir->i_mutex: down
264  * inode->i_mutex: up (access to inode is still exclusive)
265  */
266 int
267 ext4_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
268 {
269 	struct posix_acl *default_acl, *acl;
270 	int error;
271 
272 	error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl);
273 	if (error)
274 		return error;
275 
276 	if (default_acl) {
277 		error = __ext4_set_acl(handle, inode, ACL_TYPE_DEFAULT,
278 				       default_acl);
279 		posix_acl_release(default_acl);
280 	}
281 	if (acl) {
282 		if (!error)
283 			error = __ext4_set_acl(handle, inode, ACL_TYPE_ACCESS,
284 					       acl);
285 		posix_acl_release(acl);
286 	}
287 	return error;
288 }
289