1 #include <linux/capability.h> 2 #include <linux/fs.h> 3 #include <linux/posix_acl.h> 4 #include "reiserfs.h" 5 #include <linux/errno.h> 6 #include <linux/pagemap.h> 7 #include <linux/xattr.h> 8 #include <linux/slab.h> 9 #include <linux/posix_acl_xattr.h> 10 #include "xattr.h" 11 #include "acl.h" 12 #include <linux/uaccess.h> 13 14 static int __reiserfs_set_acl(struct reiserfs_transaction_handle *th, 15 struct inode *inode, int type, 16 struct posix_acl *acl); 17 18 19 int 20 reiserfs_set_acl(struct inode *inode, struct posix_acl *acl, int type) 21 { 22 int error, error2; 23 struct reiserfs_transaction_handle th; 24 size_t jcreate_blocks; 25 int size = acl ? posix_acl_xattr_size(acl->a_count) : 0; 26 int update_mode = 0; 27 umode_t mode = inode->i_mode; 28 29 /* 30 * Pessimism: We can't assume that anything from the xattr root up 31 * has been created. 32 */ 33 34 jcreate_blocks = reiserfs_xattr_jcreate_nblocks(inode) + 35 reiserfs_xattr_nblocks(inode, size) * 2; 36 37 reiserfs_write_lock(inode->i_sb); 38 error = journal_begin(&th, inode->i_sb, jcreate_blocks); 39 reiserfs_write_unlock(inode->i_sb); 40 if (error == 0) { 41 if (type == ACL_TYPE_ACCESS && acl) { 42 error = posix_acl_update_mode(inode, &mode, &acl); 43 if (error) 44 goto unlock; 45 update_mode = 1; 46 } 47 error = __reiserfs_set_acl(&th, inode, type, acl); 48 if (!error && update_mode) 49 inode->i_mode = mode; 50 unlock: 51 reiserfs_write_lock(inode->i_sb); 52 error2 = journal_end(&th); 53 reiserfs_write_unlock(inode->i_sb); 54 if (error2) 55 error = error2; 56 } 57 58 return error; 59 } 60 61 /* 62 * Convert from filesystem to in-memory representation. 63 */ 64 static struct posix_acl *reiserfs_posix_acl_from_disk(const void *value, size_t size) 65 { 66 const char *end = (char *)value + size; 67 int n, count; 68 struct posix_acl *acl; 69 70 if (!value) 71 return NULL; 72 if (size < sizeof(reiserfs_acl_header)) 73 return ERR_PTR(-EINVAL); 74 if (((reiserfs_acl_header *) value)->a_version != 75 cpu_to_le32(REISERFS_ACL_VERSION)) 76 return ERR_PTR(-EINVAL); 77 value = (char *)value + sizeof(reiserfs_acl_header); 78 count = reiserfs_acl_count(size); 79 if (count < 0) 80 return ERR_PTR(-EINVAL); 81 if (count == 0) 82 return NULL; 83 acl = posix_acl_alloc(count, GFP_NOFS); 84 if (!acl) 85 return ERR_PTR(-ENOMEM); 86 for (n = 0; n < count; n++) { 87 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) value; 88 if ((char *)value + sizeof(reiserfs_acl_entry_short) > end) 89 goto fail; 90 acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag); 91 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm); 92 switch (acl->a_entries[n].e_tag) { 93 case ACL_USER_OBJ: 94 case ACL_GROUP_OBJ: 95 case ACL_MASK: 96 case ACL_OTHER: 97 value = (char *)value + 98 sizeof(reiserfs_acl_entry_short); 99 break; 100 101 case ACL_USER: 102 value = (char *)value + sizeof(reiserfs_acl_entry); 103 if ((char *)value > end) 104 goto fail; 105 acl->a_entries[n].e_uid = 106 make_kuid(&init_user_ns, 107 le32_to_cpu(entry->e_id)); 108 break; 109 case ACL_GROUP: 110 value = (char *)value + sizeof(reiserfs_acl_entry); 111 if ((char *)value > end) 112 goto fail; 113 acl->a_entries[n].e_gid = 114 make_kgid(&init_user_ns, 115 le32_to_cpu(entry->e_id)); 116 break; 117 118 default: 119 goto fail; 120 } 121 } 122 if (value != end) 123 goto fail; 124 return acl; 125 126 fail: 127 posix_acl_release(acl); 128 return ERR_PTR(-EINVAL); 129 } 130 131 /* 132 * Convert from in-memory to filesystem representation. 133 */ 134 static void *reiserfs_posix_acl_to_disk(const struct posix_acl *acl, size_t * size) 135 { 136 reiserfs_acl_header *ext_acl; 137 char *e; 138 int n; 139 140 *size = reiserfs_acl_size(acl->a_count); 141 ext_acl = kmalloc(sizeof(reiserfs_acl_header) + 142 acl->a_count * 143 sizeof(reiserfs_acl_entry), 144 GFP_NOFS); 145 if (!ext_acl) 146 return ERR_PTR(-ENOMEM); 147 ext_acl->a_version = cpu_to_le32(REISERFS_ACL_VERSION); 148 e = (char *)ext_acl + sizeof(reiserfs_acl_header); 149 for (n = 0; n < acl->a_count; n++) { 150 const struct posix_acl_entry *acl_e = &acl->a_entries[n]; 151 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) e; 152 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 153 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 154 switch (acl->a_entries[n].e_tag) { 155 case ACL_USER: 156 entry->e_id = cpu_to_le32( 157 from_kuid(&init_user_ns, acl_e->e_uid)); 158 e += sizeof(reiserfs_acl_entry); 159 break; 160 case ACL_GROUP: 161 entry->e_id = cpu_to_le32( 162 from_kgid(&init_user_ns, acl_e->e_gid)); 163 e += sizeof(reiserfs_acl_entry); 164 break; 165 166 case ACL_USER_OBJ: 167 case ACL_GROUP_OBJ: 168 case ACL_MASK: 169 case ACL_OTHER: 170 e += sizeof(reiserfs_acl_entry_short); 171 break; 172 173 default: 174 goto fail; 175 } 176 } 177 return (char *)ext_acl; 178 179 fail: 180 kfree(ext_acl); 181 return ERR_PTR(-EINVAL); 182 } 183 184 /* 185 * Inode operation get_posix_acl(). 186 * 187 * inode->i_mutex: down 188 * BKL held [before 2.5.x] 189 */ 190 struct posix_acl *reiserfs_get_acl(struct inode *inode, int type) 191 { 192 char *name, *value; 193 struct posix_acl *acl; 194 int size; 195 int retval; 196 197 switch (type) { 198 case ACL_TYPE_ACCESS: 199 name = XATTR_NAME_POSIX_ACL_ACCESS; 200 break; 201 case ACL_TYPE_DEFAULT: 202 name = XATTR_NAME_POSIX_ACL_DEFAULT; 203 break; 204 default: 205 BUG(); 206 } 207 208 size = reiserfs_xattr_get(inode, name, NULL, 0); 209 if (size < 0) { 210 if (size == -ENODATA || size == -ENOSYS) 211 return NULL; 212 return ERR_PTR(size); 213 } 214 215 value = kmalloc(size, GFP_NOFS); 216 if (!value) 217 return ERR_PTR(-ENOMEM); 218 219 retval = reiserfs_xattr_get(inode, name, value, size); 220 if (retval == -ENODATA || retval == -ENOSYS) { 221 /* 222 * This shouldn't actually happen as it should have 223 * been caught above.. but just in case 224 */ 225 acl = NULL; 226 } else if (retval < 0) { 227 acl = ERR_PTR(retval); 228 } else { 229 acl = reiserfs_posix_acl_from_disk(value, retval); 230 } 231 232 kfree(value); 233 return acl; 234 } 235 236 /* 237 * Inode operation set_posix_acl(). 238 * 239 * inode->i_mutex: down 240 * BKL held [before 2.5.x] 241 */ 242 static int 243 __reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode, 244 int type, struct posix_acl *acl) 245 { 246 char *name; 247 void *value = NULL; 248 size_t size = 0; 249 int error; 250 251 switch (type) { 252 case ACL_TYPE_ACCESS: 253 name = XATTR_NAME_POSIX_ACL_ACCESS; 254 break; 255 case ACL_TYPE_DEFAULT: 256 name = XATTR_NAME_POSIX_ACL_DEFAULT; 257 if (!S_ISDIR(inode->i_mode)) 258 return acl ? -EACCES : 0; 259 break; 260 default: 261 return -EINVAL; 262 } 263 264 if (acl) { 265 value = reiserfs_posix_acl_to_disk(acl, &size); 266 if (IS_ERR(value)) 267 return (int)PTR_ERR(value); 268 } 269 270 error = reiserfs_xattr_set_handle(th, inode, name, value, size, 0); 271 272 /* 273 * Ensure that the inode gets dirtied if we're only using 274 * the mode bits and an old ACL didn't exist. We don't need 275 * to check if the inode is hashed here since we won't get 276 * called by reiserfs_inherit_default_acl(). 277 */ 278 if (error == -ENODATA) { 279 error = 0; 280 if (type == ACL_TYPE_ACCESS) { 281 inode->i_ctime = current_time(inode); 282 mark_inode_dirty(inode); 283 } 284 } 285 286 kfree(value); 287 288 if (!error) 289 set_cached_acl(inode, type, acl); 290 291 return error; 292 } 293 294 /* 295 * dir->i_mutex: locked, 296 * inode is new and not released into the wild yet 297 */ 298 int 299 reiserfs_inherit_default_acl(struct reiserfs_transaction_handle *th, 300 struct inode *dir, struct dentry *dentry, 301 struct inode *inode) 302 { 303 struct posix_acl *default_acl, *acl; 304 int err = 0; 305 306 /* ACLs only get applied to files and directories */ 307 if (S_ISLNK(inode->i_mode)) 308 return 0; 309 310 /* 311 * ACLs can only be used on "new" objects, so if it's an old object 312 * there is nothing to inherit from 313 */ 314 if (get_inode_sd_version(dir) == STAT_DATA_V1) 315 goto apply_umask; 316 317 /* 318 * Don't apply ACLs to objects in the .reiserfs_priv tree.. This 319 * would be useless since permissions are ignored, and a pain because 320 * it introduces locking cycles 321 */ 322 if (IS_PRIVATE(dir)) { 323 inode->i_flags |= S_PRIVATE; 324 goto apply_umask; 325 } 326 327 err = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); 328 if (err) 329 return err; 330 331 if (default_acl) { 332 err = __reiserfs_set_acl(th, inode, ACL_TYPE_DEFAULT, 333 default_acl); 334 posix_acl_release(default_acl); 335 } 336 if (acl) { 337 if (!err) 338 err = __reiserfs_set_acl(th, inode, ACL_TYPE_ACCESS, 339 acl); 340 posix_acl_release(acl); 341 } 342 343 return err; 344 345 apply_umask: 346 /* no ACL, apply umask */ 347 inode->i_mode &= ~current_umask(); 348 return err; 349 } 350 351 /* This is used to cache the default acl before a new object is created. 352 * The biggest reason for this is to get an idea of how many blocks will 353 * actually be required for the create operation if we must inherit an ACL. 354 * An ACL write can add up to 3 object creations and an additional file write 355 * so we'd prefer not to reserve that many blocks in the journal if we can. 356 * It also has the advantage of not loading the ACL with a transaction open, 357 * this may seem silly, but if the owner of the directory is doing the 358 * creation, the ACL may not be loaded since the permissions wouldn't require 359 * it. 360 * We return the number of blocks required for the transaction. 361 */ 362 int reiserfs_cache_default_acl(struct inode *inode) 363 { 364 struct posix_acl *acl; 365 int nblocks = 0; 366 367 if (IS_PRIVATE(inode)) 368 return 0; 369 370 acl = get_acl(inode, ACL_TYPE_DEFAULT); 371 372 if (acl && !IS_ERR(acl)) { 373 int size = reiserfs_acl_size(acl->a_count); 374 375 /* Other xattrs can be created during inode creation. We don't 376 * want to claim too many blocks, so we check to see if we 377 * we need to create the tree to the xattrs, and then we 378 * just want two files. */ 379 nblocks = reiserfs_xattr_jcreate_nblocks(inode); 380 nblocks += JOURNAL_BLOCKS_PER_OBJECT(inode->i_sb); 381 382 REISERFS_I(inode)->i_flags |= i_has_xattr_dir; 383 384 /* We need to account for writes + bitmaps for two files */ 385 nblocks += reiserfs_xattr_nblocks(inode, size) * 4; 386 posix_acl_release(acl); 387 } 388 389 return nblocks; 390 } 391 392 /* 393 * Called under i_mutex 394 */ 395 int reiserfs_acl_chmod(struct inode *inode) 396 { 397 if (IS_PRIVATE(inode)) 398 return 0; 399 if (get_inode_sd_version(inode) == STAT_DATA_V1 || 400 !reiserfs_posixacl(inode->i_sb)) 401 return 0; 402 403 return posix_acl_chmod(inode, inode->i_mode); 404 } 405