1b3b94faaSDavid Teigland /* 2b3b94faaSDavid Teigland * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. 33a8a9a10SSteven Whitehouse * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. 4b3b94faaSDavid Teigland * 5b3b94faaSDavid Teigland * This copyrighted material is made available to anyone wishing to use, 6b3b94faaSDavid Teigland * modify, copy, or redistribute it subject to the terms and conditions 7e9fc2aa0SSteven Whitehouse * of the GNU General Public License version 2. 8b3b94faaSDavid Teigland */ 9b3b94faaSDavid Teigland 10b3b94faaSDavid Teigland #include <linux/sched.h> 11b3b94faaSDavid Teigland #include <linux/slab.h> 12b3b94faaSDavid Teigland #include <linux/spinlock.h> 13b3b94faaSDavid Teigland #include <linux/completion.h> 14b3b94faaSDavid Teigland #include <linux/buffer_head.h> 152646a1f6SSteven Whitehouse #include <linux/xattr.h> 16b3b94faaSDavid Teigland #include <linux/posix_acl.h> 17b3b94faaSDavid Teigland #include <linux/posix_acl_xattr.h> 185c676f6dSSteven Whitehouse #include <linux/gfs2_ondisk.h> 19b3b94faaSDavid Teigland 20b3b94faaSDavid Teigland #include "gfs2.h" 215c676f6dSSteven Whitehouse #include "incore.h" 22b3b94faaSDavid Teigland #include "acl.h" 23307cf6e6SSteven Whitehouse #include "xattr.h" 24b3b94faaSDavid Teigland #include "glock.h" 25b3b94faaSDavid Teigland #include "inode.h" 26b3b94faaSDavid Teigland #include "meta_io.h" 27b3b94faaSDavid Teigland #include "trans.h" 285c676f6dSSteven Whitehouse #include "util.h" 29b3b94faaSDavid Teigland 30479c427dSSteven Whitehouse static const char *gfs2_acl_name(int type) 31b3b94faaSDavid Teigland { 32479c427dSSteven Whitehouse switch (type) { 33479c427dSSteven Whitehouse case ACL_TYPE_ACCESS: 34479c427dSSteven Whitehouse return GFS2_POSIX_ACL_ACCESS; 35479c427dSSteven Whitehouse case ACL_TYPE_DEFAULT: 36479c427dSSteven Whitehouse return GFS2_POSIX_ACL_DEFAULT; 37479c427dSSteven Whitehouse } 38479c427dSSteven Whitehouse return NULL; 39479c427dSSteven Whitehouse } 40b3b94faaSDavid Teigland 41018a01cdSSteven Whitehouse struct posix_acl *gfs2_get_acl(struct inode *inode, int type) 42479c427dSSteven Whitehouse { 43018a01cdSSteven Whitehouse struct gfs2_inode *ip = GFS2_I(inode); 44479c427dSSteven Whitehouse struct posix_acl *acl; 45479c427dSSteven Whitehouse const char *name; 46479c427dSSteven Whitehouse char *data; 47479c427dSSteven Whitehouse int len; 4840b78a32SSteven Whitehouse 493767ac21SSteven Whitehouse if (!ip->i_eattr) 50479c427dSSteven Whitehouse return NULL; 51b3b94faaSDavid Teigland 52106381bfSSteven Whitehouse acl = get_cached_acl(&ip->i_inode, type); 53106381bfSSteven Whitehouse if (acl != ACL_NOT_CACHED) 54106381bfSSteven Whitehouse return acl; 55106381bfSSteven Whitehouse 56479c427dSSteven Whitehouse name = gfs2_acl_name(type); 57479c427dSSteven Whitehouse if (name == NULL) 58479c427dSSteven Whitehouse return ERR_PTR(-EINVAL); 59b3b94faaSDavid Teigland 60479c427dSSteven Whitehouse len = gfs2_xattr_acl_get(ip, name, &data); 61479c427dSSteven Whitehouse if (len < 0) 62479c427dSSteven Whitehouse return ERR_PTR(len); 63479c427dSSteven Whitehouse if (len == 0) 64479c427dSSteven Whitehouse return NULL; 65b3b94faaSDavid Teigland 665f3a4a28SEric W. Biederman acl = posix_acl_from_xattr(&init_user_ns, data, len); 6740b78a32SSteven Whitehouse kfree(data); 68479c427dSSteven Whitehouse return acl; 69b3b94faaSDavid Teigland } 70b3b94faaSDavid Teigland 71d3fb6120SAl Viro static int gfs2_set_mode(struct inode *inode, umode_t mode) 72b3b94faaSDavid Teigland { 7369dca424SSteven Whitehouse int error = 0; 74b3b94faaSDavid Teigland 7569dca424SSteven Whitehouse if (mode != inode->i_mode) { 76f9425ad4SSteven Whitehouse inode->i_mode = mode; 77f9425ad4SSteven Whitehouse mark_inode_dirty(inode); 78b3b94faaSDavid Teigland } 79b3b94faaSDavid Teigland 8069dca424SSteven Whitehouse return error; 81b3b94faaSDavid Teigland } 82b3b94faaSDavid Teigland 83479c427dSSteven Whitehouse static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl) 84b3b94faaSDavid Teigland { 85b3b94faaSDavid Teigland int error; 86479c427dSSteven Whitehouse int len; 87479c427dSSteven Whitehouse char *data; 88479c427dSSteven Whitehouse const char *name = gfs2_acl_name(type); 89479c427dSSteven Whitehouse 90479c427dSSteven Whitehouse BUG_ON(name == NULL); 915f3a4a28SEric W. Biederman len = posix_acl_to_xattr(&init_user_ns, acl, NULL, 0); 92479c427dSSteven Whitehouse if (len == 0) 93479c427dSSteven Whitehouse return 0; 94479c427dSSteven Whitehouse data = kmalloc(len, GFP_NOFS); 95479c427dSSteven Whitehouse if (data == NULL) 96479c427dSSteven Whitehouse return -ENOMEM; 975f3a4a28SEric W. Biederman error = posix_acl_to_xattr(&init_user_ns, acl, data, len); 98479c427dSSteven Whitehouse if (error < 0) 99479c427dSSteven Whitehouse goto out; 100431547b3SChristoph Hellwig error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS); 101106381bfSSteven Whitehouse if (!error) 102106381bfSSteven Whitehouse set_cached_acl(inode, type, acl); 103479c427dSSteven Whitehouse out: 104479c427dSSteven Whitehouse kfree(data); 105479c427dSSteven Whitehouse return error; 106479c427dSSteven Whitehouse } 107479c427dSSteven Whitehouse 108479c427dSSteven Whitehouse int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode) 109479c427dSSteven Whitehouse { 110479c427dSSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode); 111826cae2fSAl Viro struct posix_acl *acl; 112d3fb6120SAl Viro umode_t mode = inode->i_mode; 113479c427dSSteven Whitehouse int error = 0; 114b3b94faaSDavid Teigland 115b3b94faaSDavid Teigland if (!sdp->sd_args.ar_posix_acl) 116b3b94faaSDavid Teigland return 0; 117479c427dSSteven Whitehouse if (S_ISLNK(inode->i_mode)) 118b3b94faaSDavid Teigland return 0; 119b3b94faaSDavid Teigland 120018a01cdSSteven Whitehouse acl = gfs2_get_acl(&dip->i_inode, ACL_TYPE_DEFAULT); 121479c427dSSteven Whitehouse if (IS_ERR(acl)) 122479c427dSSteven Whitehouse return PTR_ERR(acl); 123b3b94faaSDavid Teigland if (!acl) { 124ce3b0f8dSAl Viro mode &= ~current_umask(); 125f9425ad4SSteven Whitehouse return gfs2_set_mode(inode, mode); 126b3b94faaSDavid Teigland } 127b3b94faaSDavid Teigland 128479c427dSSteven Whitehouse if (S_ISDIR(inode->i_mode)) { 129479c427dSSteven Whitehouse error = gfs2_acl_set(inode, ACL_TYPE_DEFAULT, acl); 130479c427dSSteven Whitehouse if (error) 131479c427dSSteven Whitehouse goto out; 132479c427dSSteven Whitehouse } 133479c427dSSteven Whitehouse 134826cae2fSAl Viro error = posix_acl_create(&acl, GFP_NOFS, &mode); 135b3b94faaSDavid Teigland if (error < 0) 136826cae2fSAl Viro return error; 137826cae2fSAl Viro 13840b78a32SSteven Whitehouse if (error == 0) 13940b78a32SSteven Whitehouse goto munge; 14040b78a32SSteven Whitehouse 141479c427dSSteven Whitehouse error = gfs2_acl_set(inode, ACL_TYPE_ACCESS, acl); 142b3b94faaSDavid Teigland if (error) 143b3b94faaSDavid Teigland goto out; 14440b78a32SSteven Whitehouse munge: 145479c427dSSteven Whitehouse error = gfs2_set_mode(inode, mode); 146b3b94faaSDavid Teigland out: 147b3b94faaSDavid Teigland posix_acl_release(acl); 148b3b94faaSDavid Teigland return error; 149b3b94faaSDavid Teigland } 150b3b94faaSDavid Teigland 151b3b94faaSDavid Teigland int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr) 152b3b94faaSDavid Teigland { 153ab9bbda0SSteven Whitehouse struct inode *inode = &ip->i_inode; 154bc26ab5fSAl Viro struct posix_acl *acl; 155b3b94faaSDavid Teigland char *data; 156b3b94faaSDavid Teigland unsigned int len; 157b3b94faaSDavid Teigland int error; 158b3b94faaSDavid Teigland 159018a01cdSSteven Whitehouse acl = gfs2_get_acl(&ip->i_inode, ACL_TYPE_ACCESS); 160479c427dSSteven Whitehouse if (IS_ERR(acl)) 161479c427dSSteven Whitehouse return PTR_ERR(acl); 162b3b94faaSDavid Teigland if (!acl) 163ab9bbda0SSteven Whitehouse return gfs2_setattr_simple(inode, attr); 164b3b94faaSDavid Teigland 165bc26ab5fSAl Viro error = posix_acl_chmod(&acl, GFP_NOFS, attr->ia_mode); 166bc26ab5fSAl Viro if (error) 167bc26ab5fSAl Viro return error; 168b3b94faaSDavid Teigland 1695f3a4a28SEric W. Biederman len = posix_acl_to_xattr(&init_user_ns, acl, NULL, 0); 170479c427dSSteven Whitehouse data = kmalloc(len, GFP_NOFS); 171479c427dSSteven Whitehouse error = -ENOMEM; 172479c427dSSteven Whitehouse if (data == NULL) 173479c427dSSteven Whitehouse goto out; 1745f3a4a28SEric W. Biederman posix_acl_to_xattr(&init_user_ns, acl, data, len); 175479c427dSSteven Whitehouse error = gfs2_xattr_acl_chmod(ip, attr, data); 176479c427dSSteven Whitehouse kfree(data); 177106381bfSSteven Whitehouse set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl); 178b3b94faaSDavid Teigland 179b3b94faaSDavid Teigland out: 180b3b94faaSDavid Teigland posix_acl_release(acl); 181b3b94faaSDavid Teigland return error; 182b3b94faaSDavid Teigland } 183b3b94faaSDavid Teigland 1842646a1f6SSteven Whitehouse static int gfs2_acl_type(const char *name) 1852646a1f6SSteven Whitehouse { 1862646a1f6SSteven Whitehouse if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0) 1872646a1f6SSteven Whitehouse return ACL_TYPE_ACCESS; 1882646a1f6SSteven Whitehouse if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0) 1892646a1f6SSteven Whitehouse return ACL_TYPE_DEFAULT; 1902646a1f6SSteven Whitehouse return -EINVAL; 1912646a1f6SSteven Whitehouse } 1922646a1f6SSteven Whitehouse 193431547b3SChristoph Hellwig static int gfs2_xattr_system_get(struct dentry *dentry, const char *name, 194431547b3SChristoph Hellwig void *buffer, size_t size, int xtype) 1952646a1f6SSteven Whitehouse { 196431547b3SChristoph Hellwig struct inode *inode = dentry->d_inode; 197f72f2d2eSSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(inode); 198106381bfSSteven Whitehouse struct posix_acl *acl; 1992646a1f6SSteven Whitehouse int type; 200106381bfSSteven Whitehouse int error; 2012646a1f6SSteven Whitehouse 202f72f2d2eSSteven Whitehouse if (!sdp->sd_args.ar_posix_acl) 203f72f2d2eSSteven Whitehouse return -EOPNOTSUPP; 204f72f2d2eSSteven Whitehouse 2052646a1f6SSteven Whitehouse type = gfs2_acl_type(name); 2062646a1f6SSteven Whitehouse if (type < 0) 2072646a1f6SSteven Whitehouse return type; 2082646a1f6SSteven Whitehouse 209018a01cdSSteven Whitehouse acl = gfs2_get_acl(inode, type); 210106381bfSSteven Whitehouse if (IS_ERR(acl)) 211106381bfSSteven Whitehouse return PTR_ERR(acl); 212106381bfSSteven Whitehouse if (acl == NULL) 213106381bfSSteven Whitehouse return -ENODATA; 2142646a1f6SSteven Whitehouse 2155f3a4a28SEric W. Biederman error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size); 216106381bfSSteven Whitehouse posix_acl_release(acl); 217106381bfSSteven Whitehouse 218106381bfSSteven Whitehouse return error; 219106381bfSSteven Whitehouse } 2202646a1f6SSteven Whitehouse 221431547b3SChristoph Hellwig static int gfs2_xattr_system_set(struct dentry *dentry, const char *name, 222431547b3SChristoph Hellwig const void *value, size_t size, int flags, 223431547b3SChristoph Hellwig int xtype) 2242646a1f6SSteven Whitehouse { 225431547b3SChristoph Hellwig struct inode *inode = dentry->d_inode; 2262646a1f6SSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(inode); 2272646a1f6SSteven Whitehouse struct posix_acl *acl = NULL; 2282646a1f6SSteven Whitehouse int error = 0, type; 2292646a1f6SSteven Whitehouse 2302646a1f6SSteven Whitehouse if (!sdp->sd_args.ar_posix_acl) 2312646a1f6SSteven Whitehouse return -EOPNOTSUPP; 2322646a1f6SSteven Whitehouse 2332646a1f6SSteven Whitehouse type = gfs2_acl_type(name); 2342646a1f6SSteven Whitehouse if (type < 0) 2352646a1f6SSteven Whitehouse return type; 2362646a1f6SSteven Whitehouse if (flags & XATTR_CREATE) 2372646a1f6SSteven Whitehouse return -EINVAL; 2382646a1f6SSteven Whitehouse if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) 2392646a1f6SSteven Whitehouse return value ? -EACCES : 0; 2402646a1f6SSteven Whitehouse if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER)) 2412646a1f6SSteven Whitehouse return -EPERM; 2422646a1f6SSteven Whitehouse if (S_ISLNK(inode->i_mode)) 2432646a1f6SSteven Whitehouse return -EOPNOTSUPP; 2442646a1f6SSteven Whitehouse 2452646a1f6SSteven Whitehouse if (!value) 2462646a1f6SSteven Whitehouse goto set_acl; 2472646a1f6SSteven Whitehouse 2485f3a4a28SEric W. Biederman acl = posix_acl_from_xattr(&init_user_ns, value, size); 2492646a1f6SSteven Whitehouse if (!acl) { 2502646a1f6SSteven Whitehouse /* 2512646a1f6SSteven Whitehouse * acl_set_file(3) may request that we set default ACLs with 2522646a1f6SSteven Whitehouse * zero length -- defend (gracefully) against that here. 2532646a1f6SSteven Whitehouse */ 2542646a1f6SSteven Whitehouse goto out; 2552646a1f6SSteven Whitehouse } 2562646a1f6SSteven Whitehouse if (IS_ERR(acl)) { 2572646a1f6SSteven Whitehouse error = PTR_ERR(acl); 2582646a1f6SSteven Whitehouse goto out; 2592646a1f6SSteven Whitehouse } 2602646a1f6SSteven Whitehouse 2612646a1f6SSteven Whitehouse error = posix_acl_valid(acl); 2622646a1f6SSteven Whitehouse if (error) 2632646a1f6SSteven Whitehouse goto out_release; 2642646a1f6SSteven Whitehouse 2652646a1f6SSteven Whitehouse error = -EINVAL; 2662646a1f6SSteven Whitehouse if (acl->a_count > GFS2_ACL_MAX_ENTRIES) 2672646a1f6SSteven Whitehouse goto out_release; 2682646a1f6SSteven Whitehouse 2692646a1f6SSteven Whitehouse if (type == ACL_TYPE_ACCESS) { 270d6952123SAl Viro umode_t mode = inode->i_mode; 2712646a1f6SSteven Whitehouse error = posix_acl_equiv_mode(acl, &mode); 2722646a1f6SSteven Whitehouse 2732646a1f6SSteven Whitehouse if (error <= 0) { 2742646a1f6SSteven Whitehouse posix_acl_release(acl); 2752646a1f6SSteven Whitehouse acl = NULL; 2762646a1f6SSteven Whitehouse 2772646a1f6SSteven Whitehouse if (error < 0) 2782646a1f6SSteven Whitehouse return error; 2792646a1f6SSteven Whitehouse } 2802646a1f6SSteven Whitehouse 2812646a1f6SSteven Whitehouse error = gfs2_set_mode(inode, mode); 2822646a1f6SSteven Whitehouse if (error) 2832646a1f6SSteven Whitehouse goto out_release; 2842646a1f6SSteven Whitehouse } 2852646a1f6SSteven Whitehouse 2862646a1f6SSteven Whitehouse set_acl: 287431547b3SChristoph Hellwig error = __gfs2_xattr_set(inode, name, value, size, 0, GFS2_EATYPE_SYS); 288106381bfSSteven Whitehouse if (!error) { 289106381bfSSteven Whitehouse if (acl) 290106381bfSSteven Whitehouse set_cached_acl(inode, type, acl); 291106381bfSSteven Whitehouse else 292106381bfSSteven Whitehouse forget_cached_acl(inode, type); 293106381bfSSteven Whitehouse } 2942646a1f6SSteven Whitehouse out_release: 2952646a1f6SSteven Whitehouse posix_acl_release(acl); 2962646a1f6SSteven Whitehouse out: 2972646a1f6SSteven Whitehouse return error; 2982646a1f6SSteven Whitehouse } 2992646a1f6SSteven Whitehouse 300b7bb0a12SStephen Hemminger const struct xattr_handler gfs2_xattr_system_handler = { 3012646a1f6SSteven Whitehouse .prefix = XATTR_SYSTEM_PREFIX, 302431547b3SChristoph Hellwig .flags = GFS2_EATYPE_SYS, 3032646a1f6SSteven Whitehouse .get = gfs2_xattr_system_get, 3042646a1f6SSteven Whitehouse .set = gfs2_xattr_system_set, 3052646a1f6SSteven Whitehouse }; 3062646a1f6SSteven Whitehouse 307