1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/capability.h> 3 #include <linux/fs.h> 4 #include <linux/posix_acl.h> 5 #include "reiserfs.h" 6 #include <linux/errno.h> 7 #include <linux/pagemap.h> 8 #include <linux/xattr.h> 9 #include <linux/slab.h> 10 #include <linux/posix_acl_xattr.h> 11 #include "xattr.h" 12 #include "acl.h" 13 #include <linux/uaccess.h> 14 15 static int __reiserfs_set_acl(struct reiserfs_transaction_handle *th, 16 struct inode *inode, int type, 17 struct posix_acl *acl); 18 19 20 int 21 reiserfs_set_acl(struct inode *inode, struct posix_acl *acl, int type) 22 { 23 int error, error2; 24 struct reiserfs_transaction_handle th; 25 size_t jcreate_blocks; 26 int size = acl ? posix_acl_xattr_size(acl->a_count) : 0; 27 int update_mode = 0; 28 umode_t mode = inode->i_mode; 29 30 /* 31 * Pessimism: We can't assume that anything from the xattr root up 32 * has been created. 33 */ 34 35 jcreate_blocks = reiserfs_xattr_jcreate_nblocks(inode) + 36 reiserfs_xattr_nblocks(inode, size) * 2; 37 38 reiserfs_write_lock(inode->i_sb); 39 error = journal_begin(&th, inode->i_sb, jcreate_blocks); 40 reiserfs_write_unlock(inode->i_sb); 41 if (error == 0) { 42 if (type == ACL_TYPE_ACCESS && acl) { 43 error = posix_acl_update_mode(inode, &mode, &acl); 44 if (error) 45 goto unlock; 46 update_mode = 1; 47 } 48 error = __reiserfs_set_acl(&th, inode, type, acl); 49 if (!error && update_mode) 50 inode->i_mode = mode; 51 unlock: 52 reiserfs_write_lock(inode->i_sb); 53 error2 = journal_end(&th); 54 reiserfs_write_unlock(inode->i_sb); 55 if (error2) 56 error = error2; 57 } 58 59 return error; 60 } 61 62 /* 63 * Convert from filesystem to in-memory representation. 64 */ 65 static struct posix_acl *reiserfs_posix_acl_from_disk(const void *value, size_t size) 66 { 67 const char *end = (char *)value + size; 68 int n, count; 69 struct posix_acl *acl; 70 71 if (!value) 72 return NULL; 73 if (size < sizeof(reiserfs_acl_header)) 74 return ERR_PTR(-EINVAL); 75 if (((reiserfs_acl_header *) value)->a_version != 76 cpu_to_le32(REISERFS_ACL_VERSION)) 77 return ERR_PTR(-EINVAL); 78 value = (char *)value + sizeof(reiserfs_acl_header); 79 count = reiserfs_acl_count(size); 80 if (count < 0) 81 return ERR_PTR(-EINVAL); 82 if (count == 0) 83 return NULL; 84 acl = posix_acl_alloc(count, GFP_NOFS); 85 if (!acl) 86 return ERR_PTR(-ENOMEM); 87 for (n = 0; n < count; n++) { 88 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) value; 89 if ((char *)value + sizeof(reiserfs_acl_entry_short) > end) 90 goto fail; 91 acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag); 92 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm); 93 switch (acl->a_entries[n].e_tag) { 94 case ACL_USER_OBJ: 95 case ACL_GROUP_OBJ: 96 case ACL_MASK: 97 case ACL_OTHER: 98 value = (char *)value + 99 sizeof(reiserfs_acl_entry_short); 100 break; 101 102 case ACL_USER: 103 value = (char *)value + sizeof(reiserfs_acl_entry); 104 if ((char *)value > end) 105 goto fail; 106 acl->a_entries[n].e_uid = 107 make_kuid(&init_user_ns, 108 le32_to_cpu(entry->e_id)); 109 break; 110 case ACL_GROUP: 111 value = (char *)value + sizeof(reiserfs_acl_entry); 112 if ((char *)value > end) 113 goto fail; 114 acl->a_entries[n].e_gid = 115 make_kgid(&init_user_ns, 116 le32_to_cpu(entry->e_id)); 117 break; 118 119 default: 120 goto fail; 121 } 122 } 123 if (value != end) 124 goto fail; 125 return acl; 126 127 fail: 128 posix_acl_release(acl); 129 return ERR_PTR(-EINVAL); 130 } 131 132 /* 133 * Convert from in-memory to filesystem representation. 134 */ 135 static void *reiserfs_posix_acl_to_disk(const struct posix_acl *acl, size_t * size) 136 { 137 reiserfs_acl_header *ext_acl; 138 char *e; 139 int n; 140 141 *size = reiserfs_acl_size(acl->a_count); 142 ext_acl = kmalloc(sizeof(reiserfs_acl_header) + 143 acl->a_count * 144 sizeof(reiserfs_acl_entry), 145 GFP_NOFS); 146 if (!ext_acl) 147 return ERR_PTR(-ENOMEM); 148 ext_acl->a_version = cpu_to_le32(REISERFS_ACL_VERSION); 149 e = (char *)ext_acl + sizeof(reiserfs_acl_header); 150 for (n = 0; n < acl->a_count; n++) { 151 const struct posix_acl_entry *acl_e = &acl->a_entries[n]; 152 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) e; 153 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 154 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 155 switch (acl->a_entries[n].e_tag) { 156 case ACL_USER: 157 entry->e_id = cpu_to_le32( 158 from_kuid(&init_user_ns, acl_e->e_uid)); 159 e += sizeof(reiserfs_acl_entry); 160 break; 161 case ACL_GROUP: 162 entry->e_id = cpu_to_le32( 163 from_kgid(&init_user_ns, acl_e->e_gid)); 164 e += sizeof(reiserfs_acl_entry); 165 break; 166 167 case ACL_USER_OBJ: 168 case ACL_GROUP_OBJ: 169 case ACL_MASK: 170 case ACL_OTHER: 171 e += sizeof(reiserfs_acl_entry_short); 172 break; 173 174 default: 175 goto fail; 176 } 177 } 178 return (char *)ext_acl; 179 180 fail: 181 kfree(ext_acl); 182 return ERR_PTR(-EINVAL); 183 } 184 185 /* 186 * Inode operation get_posix_acl(). 187 * 188 * inode->i_mutex: down 189 * BKL held [before 2.5.x] 190 */ 191 struct posix_acl *reiserfs_get_acl(struct inode *inode, int type) 192 { 193 char *name, *value; 194 struct posix_acl *acl; 195 int size; 196 int retval; 197 198 switch (type) { 199 case ACL_TYPE_ACCESS: 200 name = XATTR_NAME_POSIX_ACL_ACCESS; 201 break; 202 case ACL_TYPE_DEFAULT: 203 name = XATTR_NAME_POSIX_ACL_DEFAULT; 204 break; 205 default: 206 BUG(); 207 } 208 209 size = reiserfs_xattr_get(inode, name, NULL, 0); 210 if (size < 0) { 211 if (size == -ENODATA || size == -ENOSYS) 212 return NULL; 213 return ERR_PTR(size); 214 } 215 216 value = kmalloc(size, GFP_NOFS); 217 if (!value) 218 return ERR_PTR(-ENOMEM); 219 220 retval = reiserfs_xattr_get(inode, name, value, size); 221 if (retval == -ENODATA || retval == -ENOSYS) { 222 /* 223 * This shouldn't actually happen as it should have 224 * been caught above.. but just in case 225 */ 226 acl = NULL; 227 } else if (retval < 0) { 228 acl = ERR_PTR(retval); 229 } else { 230 acl = reiserfs_posix_acl_from_disk(value, retval); 231 } 232 233 kfree(value); 234 return acl; 235 } 236 237 /* 238 * Inode operation set_posix_acl(). 239 * 240 * inode->i_mutex: down 241 * BKL held [before 2.5.x] 242 */ 243 static int 244 __reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode, 245 int type, struct posix_acl *acl) 246 { 247 char *name; 248 void *value = NULL; 249 size_t size = 0; 250 int error; 251 252 switch (type) { 253 case ACL_TYPE_ACCESS: 254 name = XATTR_NAME_POSIX_ACL_ACCESS; 255 break; 256 case ACL_TYPE_DEFAULT: 257 name = XATTR_NAME_POSIX_ACL_DEFAULT; 258 if (!S_ISDIR(inode->i_mode)) 259 return acl ? -EACCES : 0; 260 break; 261 default: 262 return -EINVAL; 263 } 264 265 if (acl) { 266 value = reiserfs_posix_acl_to_disk(acl, &size); 267 if (IS_ERR(value)) 268 return (int)PTR_ERR(value); 269 } 270 271 error = reiserfs_xattr_set_handle(th, inode, name, value, size, 0); 272 273 /* 274 * Ensure that the inode gets dirtied if we're only using 275 * the mode bits and an old ACL didn't exist. We don't need 276 * to check if the inode is hashed here since we won't get 277 * called by reiserfs_inherit_default_acl(). 278 */ 279 if (error == -ENODATA) { 280 error = 0; 281 if (type == ACL_TYPE_ACCESS) { 282 inode->i_ctime = current_time(inode); 283 mark_inode_dirty(inode); 284 } 285 } 286 287 kfree(value); 288 289 if (!error) 290 set_cached_acl(inode, type, acl); 291 292 return error; 293 } 294 295 /* 296 * dir->i_mutex: locked, 297 * inode is new and not released into the wild yet 298 */ 299 int 300 reiserfs_inherit_default_acl(struct reiserfs_transaction_handle *th, 301 struct inode *dir, struct dentry *dentry, 302 struct inode *inode) 303 { 304 struct posix_acl *default_acl, *acl; 305 int err = 0; 306 307 /* ACLs only get applied to files and directories */ 308 if (S_ISLNK(inode->i_mode)) 309 return 0; 310 311 /* 312 * ACLs can only be used on "new" objects, so if it's an old object 313 * there is nothing to inherit from 314 */ 315 if (get_inode_sd_version(dir) == STAT_DATA_V1) 316 goto apply_umask; 317 318 /* 319 * Don't apply ACLs to objects in the .reiserfs_priv tree.. This 320 * would be useless since permissions are ignored, and a pain because 321 * it introduces locking cycles 322 */ 323 if (IS_PRIVATE(dir)) { 324 inode->i_flags |= S_PRIVATE; 325 goto apply_umask; 326 } 327 328 err = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); 329 if (err) 330 return err; 331 332 if (default_acl) { 333 err = __reiserfs_set_acl(th, inode, ACL_TYPE_DEFAULT, 334 default_acl); 335 posix_acl_release(default_acl); 336 } 337 if (acl) { 338 if (!err) 339 err = __reiserfs_set_acl(th, inode, ACL_TYPE_ACCESS, 340 acl); 341 posix_acl_release(acl); 342 } 343 344 return err; 345 346 apply_umask: 347 /* no ACL, apply umask */ 348 inode->i_mode &= ~current_umask(); 349 return err; 350 } 351 352 /* This is used to cache the default acl before a new object is created. 353 * The biggest reason for this is to get an idea of how many blocks will 354 * actually be required for the create operation if we must inherit an ACL. 355 * An ACL write can add up to 3 object creations and an additional file write 356 * so we'd prefer not to reserve that many blocks in the journal if we can. 357 * It also has the advantage of not loading the ACL with a transaction open, 358 * this may seem silly, but if the owner of the directory is doing the 359 * creation, the ACL may not be loaded since the permissions wouldn't require 360 * it. 361 * We return the number of blocks required for the transaction. 362 */ 363 int reiserfs_cache_default_acl(struct inode *inode) 364 { 365 struct posix_acl *acl; 366 int nblocks = 0; 367 368 if (IS_PRIVATE(inode)) 369 return 0; 370 371 acl = get_acl(inode, ACL_TYPE_DEFAULT); 372 373 if (acl && !IS_ERR(acl)) { 374 int size = reiserfs_acl_size(acl->a_count); 375 376 /* Other xattrs can be created during inode creation. We don't 377 * want to claim too many blocks, so we check to see if we 378 * we need to create the tree to the xattrs, and then we 379 * just want two files. */ 380 nblocks = reiserfs_xattr_jcreate_nblocks(inode); 381 nblocks += JOURNAL_BLOCKS_PER_OBJECT(inode->i_sb); 382 383 REISERFS_I(inode)->i_flags |= i_has_xattr_dir; 384 385 /* We need to account for writes + bitmaps for two files */ 386 nblocks += reiserfs_xattr_nblocks(inode, size) * 4; 387 posix_acl_release(acl); 388 } 389 390 return nblocks; 391 } 392 393 /* 394 * Called under i_mutex 395 */ 396 int reiserfs_acl_chmod(struct inode *inode) 397 { 398 if (IS_PRIVATE(inode)) 399 return 0; 400 if (get_inode_sd_version(inode) == STAT_DATA_V1 || 401 !reiserfs_posixacl(inode->i_sb)) 402 return 0; 403 404 return posix_acl_chmod(inode, inode->i_mode); 405 } 406