1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Copyright (C) 2002,2003 by Andreas Gruenbacher <a.gruenbacher@computer.org> |
4 | * |
5 | * Fixes from William Schumacher incorporated on 15 March 2001. |
6 | * (Reported by Charles Bertsch, <CBertsch@microtest.com>). |
7 | */ |
8 | |
9 | /* |
10 | * This file contains generic functions for manipulating |
11 | * POSIX 1003.1e draft standard 17 ACLs. |
12 | */ |
13 | |
14 | #include <linux/kernel.h> |
15 | #include <linux/slab.h> |
16 | #include <linux/atomic.h> |
17 | #include <linux/fs.h> |
18 | #include <linux/sched.h> |
19 | #include <linux/cred.h> |
20 | #include <linux/posix_acl.h> |
21 | #include <linux/posix_acl_xattr.h> |
22 | #include <linux/xattr.h> |
23 | #include <linux/export.h> |
24 | #include <linux/user_namespace.h> |
25 | #include <linux/namei.h> |
26 | #include <linux/mnt_idmapping.h> |
27 | #include <linux/iversion.h> |
28 | #include <linux/security.h> |
29 | #include <linux/fsnotify.h> |
30 | #include <linux/filelock.h> |
31 | |
32 | #include "internal.h" |
33 | |
34 | static struct posix_acl **acl_by_type(struct inode *inode, int type) |
35 | { |
36 | switch (type) { |
37 | case ACL_TYPE_ACCESS: |
38 | return &inode->i_acl; |
39 | case ACL_TYPE_DEFAULT: |
40 | return &inode->i_default_acl; |
41 | default: |
42 | BUG(); |
43 | } |
44 | } |
45 | |
46 | struct posix_acl *get_cached_acl(struct inode *inode, int type) |
47 | { |
48 | struct posix_acl **p = acl_by_type(inode, type); |
49 | struct posix_acl *acl; |
50 | |
51 | for (;;) { |
52 | rcu_read_lock(); |
53 | acl = rcu_dereference(*p); |
54 | if (!acl || is_uncached_acl(acl) || |
55 | refcount_inc_not_zero(r: &acl->a_refcount)) |
56 | break; |
57 | rcu_read_unlock(); |
58 | cpu_relax(); |
59 | } |
60 | rcu_read_unlock(); |
61 | return acl; |
62 | } |
63 | EXPORT_SYMBOL(get_cached_acl); |
64 | |
65 | struct posix_acl *get_cached_acl_rcu(struct inode *inode, int type) |
66 | { |
67 | struct posix_acl *acl = rcu_dereference(*acl_by_type(inode, type)); |
68 | |
69 | if (acl == ACL_DONT_CACHE) { |
70 | struct posix_acl *ret; |
71 | |
72 | ret = inode->i_op->get_inode_acl(inode, type, LOOKUP_RCU); |
73 | if (!IS_ERR(ptr: ret)) |
74 | acl = ret; |
75 | } |
76 | |
77 | return acl; |
78 | } |
79 | EXPORT_SYMBOL(get_cached_acl_rcu); |
80 | |
81 | void set_cached_acl(struct inode *inode, int type, struct posix_acl *acl) |
82 | { |
83 | struct posix_acl **p = acl_by_type(inode, type); |
84 | struct posix_acl *old; |
85 | |
86 | old = xchg(p, posix_acl_dup(acl)); |
87 | if (!is_uncached_acl(acl: old)) |
88 | posix_acl_release(acl: old); |
89 | } |
90 | EXPORT_SYMBOL(set_cached_acl); |
91 | |
92 | static void __forget_cached_acl(struct posix_acl **p) |
93 | { |
94 | struct posix_acl *old; |
95 | |
96 | old = xchg(p, ACL_NOT_CACHED); |
97 | if (!is_uncached_acl(acl: old)) |
98 | posix_acl_release(acl: old); |
99 | } |
100 | |
101 | void forget_cached_acl(struct inode *inode, int type) |
102 | { |
103 | __forget_cached_acl(p: acl_by_type(inode, type)); |
104 | } |
105 | EXPORT_SYMBOL(forget_cached_acl); |
106 | |
107 | void forget_all_cached_acls(struct inode *inode) |
108 | { |
109 | __forget_cached_acl(p: &inode->i_acl); |
110 | __forget_cached_acl(p: &inode->i_default_acl); |
111 | } |
112 | EXPORT_SYMBOL(forget_all_cached_acls); |
113 | |
114 | static struct posix_acl *__get_acl(struct mnt_idmap *idmap, |
115 | struct dentry *dentry, struct inode *inode, |
116 | int type) |
117 | { |
118 | struct posix_acl *sentinel; |
119 | struct posix_acl **p; |
120 | struct posix_acl *acl; |
121 | |
122 | /* |
123 | * The sentinel is used to detect when another operation like |
124 | * set_cached_acl() or forget_cached_acl() races with get_inode_acl(). |
125 | * It is guaranteed that is_uncached_acl(sentinel) is true. |
126 | */ |
127 | |
128 | acl = get_cached_acl(inode, type); |
129 | if (!is_uncached_acl(acl)) |
130 | return acl; |
131 | |
132 | if (!IS_POSIXACL(inode)) |
133 | return NULL; |
134 | |
135 | sentinel = uncached_acl_sentinel(current); |
136 | p = acl_by_type(inode, type); |
137 | |
138 | /* |
139 | * If the ACL isn't being read yet, set our sentinel. Otherwise, the |
140 | * current value of the ACL will not be ACL_NOT_CACHED and so our own |
141 | * sentinel will not be set; another task will update the cache. We |
142 | * could wait for that other task to complete its job, but it's easier |
143 | * to just call ->get_inode_acl to fetch the ACL ourself. (This is |
144 | * going to be an unlikely race.) |
145 | */ |
146 | cmpxchg(p, ACL_NOT_CACHED, sentinel); |
147 | |
148 | /* |
149 | * Normally, the ACL returned by ->get{_inode}_acl will be cached. |
150 | * A filesystem can prevent that by calling |
151 | * forget_cached_acl(inode, type) in ->get{_inode}_acl. |
152 | * |
153 | * If the filesystem doesn't have a get{_inode}_ acl() function at all, |
154 | * we'll just create the negative cache entry. |
155 | */ |
156 | if (dentry && inode->i_op->get_acl) { |
157 | acl = inode->i_op->get_acl(idmap, dentry, type); |
158 | } else if (inode->i_op->get_inode_acl) { |
159 | acl = inode->i_op->get_inode_acl(inode, type, false); |
160 | } else { |
161 | set_cached_acl(inode, type, NULL); |
162 | return NULL; |
163 | } |
164 | if (IS_ERR(ptr: acl)) { |
165 | /* |
166 | * Remove our sentinel so that we don't block future attempts |
167 | * to cache the ACL. |
168 | */ |
169 | cmpxchg(p, sentinel, ACL_NOT_CACHED); |
170 | return acl; |
171 | } |
172 | |
173 | /* |
174 | * Cache the result, but only if our sentinel is still in place. |
175 | */ |
176 | posix_acl_dup(acl); |
177 | if (unlikely(!try_cmpxchg(p, &sentinel, acl))) |
178 | posix_acl_release(acl); |
179 | return acl; |
180 | } |
181 | |
182 | struct posix_acl *get_inode_acl(struct inode *inode, int type) |
183 | { |
184 | return __get_acl(idmap: &nop_mnt_idmap, NULL, inode, type); |
185 | } |
186 | EXPORT_SYMBOL(get_inode_acl); |
187 | |
188 | /* |
189 | * Init a fresh posix_acl |
190 | */ |
191 | void |
192 | posix_acl_init(struct posix_acl *acl, int count) |
193 | { |
194 | refcount_set(r: &acl->a_refcount, n: 1); |
195 | acl->a_count = count; |
196 | } |
197 | EXPORT_SYMBOL(posix_acl_init); |
198 | |
199 | /* |
200 | * Allocate a new ACL with the specified number of entries. |
201 | */ |
202 | struct posix_acl * |
203 | posix_acl_alloc(int count, gfp_t flags) |
204 | { |
205 | const size_t size = sizeof(struct posix_acl) + |
206 | count * sizeof(struct posix_acl_entry); |
207 | struct posix_acl *acl = kmalloc(size, flags); |
208 | if (acl) |
209 | posix_acl_init(acl, count); |
210 | return acl; |
211 | } |
212 | EXPORT_SYMBOL(posix_acl_alloc); |
213 | |
214 | /* |
215 | * Clone an ACL. |
216 | */ |
217 | struct posix_acl * |
218 | posix_acl_clone(const struct posix_acl *acl, gfp_t flags) |
219 | { |
220 | struct posix_acl *clone = NULL; |
221 | |
222 | if (acl) { |
223 | int size = sizeof(struct posix_acl) + acl->a_count * |
224 | sizeof(struct posix_acl_entry); |
225 | clone = kmemdup(p: acl, size, gfp: flags); |
226 | if (clone) |
227 | refcount_set(r: &clone->a_refcount, n: 1); |
228 | } |
229 | return clone; |
230 | } |
231 | EXPORT_SYMBOL_GPL(posix_acl_clone); |
232 | |
233 | /* |
234 | * Check if an acl is valid. Returns 0 if it is, or -E... otherwise. |
235 | */ |
236 | int |
237 | posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl) |
238 | { |
239 | const struct posix_acl_entry *pa, *pe; |
240 | int state = ACL_USER_OBJ; |
241 | int needs_mask = 0; |
242 | |
243 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
244 | if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)) |
245 | return -EINVAL; |
246 | switch (pa->e_tag) { |
247 | case ACL_USER_OBJ: |
248 | if (state == ACL_USER_OBJ) { |
249 | state = ACL_USER; |
250 | break; |
251 | } |
252 | return -EINVAL; |
253 | |
254 | case ACL_USER: |
255 | if (state != ACL_USER) |
256 | return -EINVAL; |
257 | if (!kuid_has_mapping(ns: user_ns, uid: pa->e_uid)) |
258 | return -EINVAL; |
259 | needs_mask = 1; |
260 | break; |
261 | |
262 | case ACL_GROUP_OBJ: |
263 | if (state == ACL_USER) { |
264 | state = ACL_GROUP; |
265 | break; |
266 | } |
267 | return -EINVAL; |
268 | |
269 | case ACL_GROUP: |
270 | if (state != ACL_GROUP) |
271 | return -EINVAL; |
272 | if (!kgid_has_mapping(ns: user_ns, gid: pa->e_gid)) |
273 | return -EINVAL; |
274 | needs_mask = 1; |
275 | break; |
276 | |
277 | case ACL_MASK: |
278 | if (state != ACL_GROUP) |
279 | return -EINVAL; |
280 | state = ACL_OTHER; |
281 | break; |
282 | |
283 | case ACL_OTHER: |
284 | if (state == ACL_OTHER || |
285 | (state == ACL_GROUP && !needs_mask)) { |
286 | state = 0; |
287 | break; |
288 | } |
289 | return -EINVAL; |
290 | |
291 | default: |
292 | return -EINVAL; |
293 | } |
294 | } |
295 | if (state == 0) |
296 | return 0; |
297 | return -EINVAL; |
298 | } |
299 | EXPORT_SYMBOL(posix_acl_valid); |
300 | |
301 | /* |
302 | * Returns 0 if the acl can be exactly represented in the traditional |
303 | * file mode permission bits, or else 1. Returns -E... on error. |
304 | */ |
305 | int |
306 | posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p) |
307 | { |
308 | const struct posix_acl_entry *pa, *pe; |
309 | umode_t mode = 0; |
310 | int not_equiv = 0; |
311 | |
312 | /* |
313 | * A null ACL can always be presented as mode bits. |
314 | */ |
315 | if (!acl) |
316 | return 0; |
317 | |
318 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
319 | switch (pa->e_tag) { |
320 | case ACL_USER_OBJ: |
321 | mode |= (pa->e_perm & S_IRWXO) << 6; |
322 | break; |
323 | case ACL_GROUP_OBJ: |
324 | mode |= (pa->e_perm & S_IRWXO) << 3; |
325 | break; |
326 | case ACL_OTHER: |
327 | mode |= pa->e_perm & S_IRWXO; |
328 | break; |
329 | case ACL_MASK: |
330 | mode = (mode & ~S_IRWXG) | |
331 | ((pa->e_perm & S_IRWXO) << 3); |
332 | not_equiv = 1; |
333 | break; |
334 | case ACL_USER: |
335 | case ACL_GROUP: |
336 | not_equiv = 1; |
337 | break; |
338 | default: |
339 | return -EINVAL; |
340 | } |
341 | } |
342 | if (mode_p) |
343 | *mode_p = (*mode_p & ~S_IRWXUGO) | mode; |
344 | return not_equiv; |
345 | } |
346 | EXPORT_SYMBOL(posix_acl_equiv_mode); |
347 | |
348 | /* |
349 | * Create an ACL representing the file mode permission bits of an inode. |
350 | */ |
351 | struct posix_acl * |
352 | posix_acl_from_mode(umode_t mode, gfp_t flags) |
353 | { |
354 | struct posix_acl *acl = posix_acl_alloc(3, flags); |
355 | if (!acl) |
356 | return ERR_PTR(error: -ENOMEM); |
357 | |
358 | acl->a_entries[0].e_tag = ACL_USER_OBJ; |
359 | acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; |
360 | |
361 | acl->a_entries[1].e_tag = ACL_GROUP_OBJ; |
362 | acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; |
363 | |
364 | acl->a_entries[2].e_tag = ACL_OTHER; |
365 | acl->a_entries[2].e_perm = (mode & S_IRWXO); |
366 | return acl; |
367 | } |
368 | EXPORT_SYMBOL(posix_acl_from_mode); |
369 | |
370 | /* |
371 | * Return 0 if current is granted want access to the inode |
372 | * by the acl. Returns -E... otherwise. |
373 | */ |
374 | int |
375 | posix_acl_permission(struct mnt_idmap *idmap, struct inode *inode, |
376 | const struct posix_acl *acl, int want) |
377 | { |
378 | const struct posix_acl_entry *pa, *pe, *mask_obj; |
379 | struct user_namespace *fs_userns = i_user_ns(inode); |
380 | int found = 0; |
381 | vfsuid_t vfsuid; |
382 | vfsgid_t vfsgid; |
383 | |
384 | want &= MAY_READ | MAY_WRITE | MAY_EXEC; |
385 | |
386 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
387 | switch(pa->e_tag) { |
388 | case ACL_USER_OBJ: |
389 | /* (May have been checked already) */ |
390 | vfsuid = i_uid_into_vfsuid(idmap, inode); |
391 | if (vfsuid_eq_kuid(vfsuid, current_fsuid())) |
392 | goto check_perm; |
393 | break; |
394 | case ACL_USER: |
395 | vfsuid = make_vfsuid(idmap, fs_userns, |
396 | kuid: pa->e_uid); |
397 | if (vfsuid_eq_kuid(vfsuid, current_fsuid())) |
398 | goto mask; |
399 | break; |
400 | case ACL_GROUP_OBJ: |
401 | vfsgid = i_gid_into_vfsgid(idmap, inode); |
402 | if (vfsgid_in_group_p(vfsgid)) { |
403 | found = 1; |
404 | if ((pa->e_perm & want) == want) |
405 | goto mask; |
406 | } |
407 | break; |
408 | case ACL_GROUP: |
409 | vfsgid = make_vfsgid(idmap, fs_userns, |
410 | kgid: pa->e_gid); |
411 | if (vfsgid_in_group_p(vfsgid)) { |
412 | found = 1; |
413 | if ((pa->e_perm & want) == want) |
414 | goto mask; |
415 | } |
416 | break; |
417 | case ACL_MASK: |
418 | break; |
419 | case ACL_OTHER: |
420 | if (found) |
421 | return -EACCES; |
422 | else |
423 | goto check_perm; |
424 | default: |
425 | return -EIO; |
426 | } |
427 | } |
428 | return -EIO; |
429 | |
430 | mask: |
431 | for (mask_obj = pa+1; mask_obj != pe; mask_obj++) { |
432 | if (mask_obj->e_tag == ACL_MASK) { |
433 | if ((pa->e_perm & mask_obj->e_perm & want) == want) |
434 | return 0; |
435 | return -EACCES; |
436 | } |
437 | } |
438 | |
439 | check_perm: |
440 | if ((pa->e_perm & want) == want) |
441 | return 0; |
442 | return -EACCES; |
443 | } |
444 | |
445 | /* |
446 | * Modify acl when creating a new inode. The caller must ensure the acl is |
447 | * only referenced once. |
448 | * |
449 | * mode_p initially must contain the mode parameter to the open() / creat() |
450 | * system calls. All permissions that are not granted by the acl are removed. |
451 | * The permissions in the acl are changed to reflect the mode_p parameter. |
452 | */ |
453 | static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) |
454 | { |
455 | struct posix_acl_entry *pa, *pe; |
456 | struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; |
457 | umode_t mode = *mode_p; |
458 | int not_equiv = 0; |
459 | |
460 | /* assert(atomic_read(acl->a_refcount) == 1); */ |
461 | |
462 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
463 | switch(pa->e_tag) { |
464 | case ACL_USER_OBJ: |
465 | pa->e_perm &= (mode >> 6) | ~S_IRWXO; |
466 | mode &= (pa->e_perm << 6) | ~S_IRWXU; |
467 | break; |
468 | |
469 | case ACL_USER: |
470 | case ACL_GROUP: |
471 | not_equiv = 1; |
472 | break; |
473 | |
474 | case ACL_GROUP_OBJ: |
475 | group_obj = pa; |
476 | break; |
477 | |
478 | case ACL_OTHER: |
479 | pa->e_perm &= mode | ~S_IRWXO; |
480 | mode &= pa->e_perm | ~S_IRWXO; |
481 | break; |
482 | |
483 | case ACL_MASK: |
484 | mask_obj = pa; |
485 | not_equiv = 1; |
486 | break; |
487 | |
488 | default: |
489 | return -EIO; |
490 | } |
491 | } |
492 | |
493 | if (mask_obj) { |
494 | mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO; |
495 | mode &= (mask_obj->e_perm << 3) | ~S_IRWXG; |
496 | } else { |
497 | if (!group_obj) |
498 | return -EIO; |
499 | group_obj->e_perm &= (mode >> 3) | ~S_IRWXO; |
500 | mode &= (group_obj->e_perm << 3) | ~S_IRWXG; |
501 | } |
502 | |
503 | *mode_p = (*mode_p & ~S_IRWXUGO) | mode; |
504 | return not_equiv; |
505 | } |
506 | |
507 | /* |
508 | * Modify the ACL for the chmod syscall. |
509 | */ |
510 | static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode) |
511 | { |
512 | struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; |
513 | struct posix_acl_entry *pa, *pe; |
514 | |
515 | /* assert(atomic_read(acl->a_refcount) == 1); */ |
516 | |
517 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
518 | switch(pa->e_tag) { |
519 | case ACL_USER_OBJ: |
520 | pa->e_perm = (mode & S_IRWXU) >> 6; |
521 | break; |
522 | |
523 | case ACL_USER: |
524 | case ACL_GROUP: |
525 | break; |
526 | |
527 | case ACL_GROUP_OBJ: |
528 | group_obj = pa; |
529 | break; |
530 | |
531 | case ACL_MASK: |
532 | mask_obj = pa; |
533 | break; |
534 | |
535 | case ACL_OTHER: |
536 | pa->e_perm = (mode & S_IRWXO); |
537 | break; |
538 | |
539 | default: |
540 | return -EIO; |
541 | } |
542 | } |
543 | |
544 | if (mask_obj) { |
545 | mask_obj->e_perm = (mode & S_IRWXG) >> 3; |
546 | } else { |
547 | if (!group_obj) |
548 | return -EIO; |
549 | group_obj->e_perm = (mode & S_IRWXG) >> 3; |
550 | } |
551 | |
552 | return 0; |
553 | } |
554 | |
555 | int |
556 | __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p) |
557 | { |
558 | struct posix_acl *clone = posix_acl_clone(*acl, gfp); |
559 | int err = -ENOMEM; |
560 | if (clone) { |
561 | err = posix_acl_create_masq(acl: clone, mode_p); |
562 | if (err < 0) { |
563 | posix_acl_release(acl: clone); |
564 | clone = NULL; |
565 | } |
566 | } |
567 | posix_acl_release(acl: *acl); |
568 | *acl = clone; |
569 | return err; |
570 | } |
571 | EXPORT_SYMBOL(__posix_acl_create); |
572 | |
573 | int |
574 | __posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode) |
575 | { |
576 | struct posix_acl *clone = posix_acl_clone(*acl, gfp); |
577 | int err = -ENOMEM; |
578 | if (clone) { |
579 | err = __posix_acl_chmod_masq(acl: clone, mode); |
580 | if (err) { |
581 | posix_acl_release(acl: clone); |
582 | clone = NULL; |
583 | } |
584 | } |
585 | posix_acl_release(acl: *acl); |
586 | *acl = clone; |
587 | return err; |
588 | } |
589 | EXPORT_SYMBOL(__posix_acl_chmod); |
590 | |
591 | /** |
592 | * posix_acl_chmod - chmod a posix acl |
593 | * |
594 | * @idmap: idmap of the mount @inode was found from |
595 | * @dentry: dentry to check permissions on |
596 | * @mode: the new mode of @inode |
597 | * |
598 | * If the dentry has been found through an idmapped mount the idmap of |
599 | * the vfsmount must be passed through @idmap. This function will then |
600 | * take care to map the inode according to @idmap before checking |
601 | * permissions. On non-idmapped mounts or if permission checking is to be |
602 | * performed on the raw inode simply pass @nop_mnt_idmap. |
603 | */ |
604 | int |
605 | posix_acl_chmod(struct mnt_idmap *idmap, struct dentry *dentry, |
606 | umode_t mode) |
607 | { |
608 | struct inode *inode = d_inode(dentry); |
609 | struct posix_acl *acl; |
610 | int ret = 0; |
611 | |
612 | if (!IS_POSIXACL(inode)) |
613 | return 0; |
614 | if (!inode->i_op->set_acl) |
615 | return -EOPNOTSUPP; |
616 | |
617 | acl = get_inode_acl(inode, ACL_TYPE_ACCESS); |
618 | if (IS_ERR_OR_NULL(ptr: acl)) { |
619 | if (acl == ERR_PTR(error: -EOPNOTSUPP)) |
620 | return 0; |
621 | return PTR_ERR(ptr: acl); |
622 | } |
623 | |
624 | ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode); |
625 | if (ret) |
626 | return ret; |
627 | ret = inode->i_op->set_acl(idmap, dentry, acl, ACL_TYPE_ACCESS); |
628 | posix_acl_release(acl); |
629 | return ret; |
630 | } |
631 | EXPORT_SYMBOL(posix_acl_chmod); |
632 | |
633 | int |
634 | posix_acl_create(struct inode *dir, umode_t *mode, |
635 | struct posix_acl **default_acl, struct posix_acl **acl) |
636 | { |
637 | struct posix_acl *p; |
638 | struct posix_acl *clone; |
639 | int ret; |
640 | |
641 | *acl = NULL; |
642 | *default_acl = NULL; |
643 | |
644 | if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) |
645 | return 0; |
646 | |
647 | p = get_inode_acl(dir, ACL_TYPE_DEFAULT); |
648 | if (!p || p == ERR_PTR(error: -EOPNOTSUPP)) { |
649 | *mode &= ~current_umask(); |
650 | return 0; |
651 | } |
652 | if (IS_ERR(ptr: p)) |
653 | return PTR_ERR(ptr: p); |
654 | |
655 | ret = -ENOMEM; |
656 | clone = posix_acl_clone(p, GFP_NOFS); |
657 | if (!clone) |
658 | goto err_release; |
659 | |
660 | ret = posix_acl_create_masq(acl: clone, mode_p: mode); |
661 | if (ret < 0) |
662 | goto err_release_clone; |
663 | |
664 | if (ret == 0) |
665 | posix_acl_release(acl: clone); |
666 | else |
667 | *acl = clone; |
668 | |
669 | if (!S_ISDIR(*mode)) |
670 | posix_acl_release(acl: p); |
671 | else |
672 | *default_acl = p; |
673 | |
674 | return 0; |
675 | |
676 | err_release_clone: |
677 | posix_acl_release(acl: clone); |
678 | err_release: |
679 | posix_acl_release(acl: p); |
680 | return ret; |
681 | } |
682 | EXPORT_SYMBOL_GPL(posix_acl_create); |
683 | |
684 | /** |
685 | * posix_acl_update_mode - update mode in set_acl |
686 | * @idmap: idmap of the mount @inode was found from |
687 | * @inode: target inode |
688 | * @mode_p: mode (pointer) for update |
689 | * @acl: acl pointer |
690 | * |
691 | * Update the file mode when setting an ACL: compute the new file permission |
692 | * bits based on the ACL. In addition, if the ACL is equivalent to the new |
693 | * file mode, set *@acl to NULL to indicate that no ACL should be set. |
694 | * |
695 | * As with chmod, clear the setgid bit if the caller is not in the owning group |
696 | * or capable of CAP_FSETID (see inode_change_ok). |
697 | * |
698 | * If the inode has been found through an idmapped mount the idmap of |
699 | * the vfsmount must be passed through @idmap. This function will then |
700 | * take care to map the inode according to @idmap before checking |
701 | * permissions. On non-idmapped mounts or if permission checking is to be |
702 | * performed on the raw inode simply pass @nop_mnt_idmap. |
703 | * |
704 | * Called from set_acl inode operations. |
705 | */ |
706 | int posix_acl_update_mode(struct mnt_idmap *idmap, |
707 | struct inode *inode, umode_t *mode_p, |
708 | struct posix_acl **acl) |
709 | { |
710 | umode_t mode = inode->i_mode; |
711 | int error; |
712 | |
713 | error = posix_acl_equiv_mode(*acl, &mode); |
714 | if (error < 0) |
715 | return error; |
716 | if (error == 0) |
717 | *acl = NULL; |
718 | if (!vfsgid_in_group_p(vfsgid: i_gid_into_vfsgid(idmap, inode)) && |
719 | !capable_wrt_inode_uidgid(idmap, inode, CAP_FSETID)) |
720 | mode &= ~S_ISGID; |
721 | *mode_p = mode; |
722 | return 0; |
723 | } |
724 | EXPORT_SYMBOL(posix_acl_update_mode); |
725 | |
726 | /* |
727 | * Fix up the uids and gids in posix acl extended attributes in place. |
728 | */ |
729 | static int posix_acl_fix_xattr_common(const void *value, size_t size) |
730 | { |
731 | const struct posix_acl_xattr_header * = value; |
732 | int count; |
733 | |
734 | if (!header) |
735 | return -EINVAL; |
736 | if (size < sizeof(struct posix_acl_xattr_header)) |
737 | return -EINVAL; |
738 | if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) |
739 | return -EOPNOTSUPP; |
740 | |
741 | count = posix_acl_xattr_count(size); |
742 | if (count < 0) |
743 | return -EINVAL; |
744 | if (count == 0) |
745 | return 0; |
746 | |
747 | return count; |
748 | } |
749 | |
750 | /** |
751 | * posix_acl_from_xattr - convert POSIX ACLs from backing store to VFS format |
752 | * @userns: the filesystem's idmapping |
753 | * @value: the uapi representation of POSIX ACLs |
754 | * @size: the size of @void |
755 | * |
756 | * Filesystems that store POSIX ACLs in the unaltered uapi format should use |
757 | * posix_acl_from_xattr() when reading them from the backing store and |
758 | * converting them into the struct posix_acl VFS format. The helper is |
759 | * specifically intended to be called from the acl inode operation. |
760 | * |
761 | * The posix_acl_from_xattr() function will map the raw {g,u}id values stored |
762 | * in ACL_{GROUP,USER} entries into idmapping in @userns. |
763 | * |
764 | * Note that posix_acl_from_xattr() does not take idmapped mounts into account. |
765 | * If it did it calling it from the get acl inode operation would return POSIX |
766 | * ACLs mapped according to an idmapped mount which would mean that the value |
767 | * couldn't be cached for the filesystem. Idmapped mounts are taken into |
768 | * account on the fly during permission checking or right at the VFS - |
769 | * userspace boundary before reporting them to the user. |
770 | * |
771 | * Return: Allocated struct posix_acl on success, NULL for a valid header but |
772 | * without actual POSIX ACL entries, or ERR_PTR() encoded error code. |
773 | */ |
774 | struct posix_acl *posix_acl_from_xattr(struct user_namespace *userns, |
775 | const void *value, size_t size) |
776 | { |
777 | const struct posix_acl_xattr_header * = value; |
778 | const struct posix_acl_xattr_entry *entry = (const void *)(header + 1), *end; |
779 | int count; |
780 | struct posix_acl *acl; |
781 | struct posix_acl_entry *acl_e; |
782 | |
783 | count = posix_acl_fix_xattr_common(value, size); |
784 | if (count < 0) |
785 | return ERR_PTR(error: count); |
786 | if (count == 0) |
787 | return NULL; |
788 | |
789 | acl = posix_acl_alloc(count, GFP_NOFS); |
790 | if (!acl) |
791 | return ERR_PTR(error: -ENOMEM); |
792 | acl_e = acl->a_entries; |
793 | |
794 | for (end = entry + count; entry != end; acl_e++, entry++) { |
795 | acl_e->e_tag = le16_to_cpu(entry->e_tag); |
796 | acl_e->e_perm = le16_to_cpu(entry->e_perm); |
797 | |
798 | switch(acl_e->e_tag) { |
799 | case ACL_USER_OBJ: |
800 | case ACL_GROUP_OBJ: |
801 | case ACL_MASK: |
802 | case ACL_OTHER: |
803 | break; |
804 | |
805 | case ACL_USER: |
806 | acl_e->e_uid = make_kuid(from: userns, |
807 | le32_to_cpu(entry->e_id)); |
808 | if (!uid_valid(uid: acl_e->e_uid)) |
809 | goto fail; |
810 | break; |
811 | case ACL_GROUP: |
812 | acl_e->e_gid = make_kgid(from: userns, |
813 | le32_to_cpu(entry->e_id)); |
814 | if (!gid_valid(gid: acl_e->e_gid)) |
815 | goto fail; |
816 | break; |
817 | |
818 | default: |
819 | goto fail; |
820 | } |
821 | } |
822 | return acl; |
823 | |
824 | fail: |
825 | posix_acl_release(acl); |
826 | return ERR_PTR(error: -EINVAL); |
827 | } |
828 | EXPORT_SYMBOL (posix_acl_from_xattr); |
829 | |
830 | /* |
831 | * Convert from in-memory to extended attribute representation. |
832 | */ |
833 | int |
834 | posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, |
835 | void *buffer, size_t size) |
836 | { |
837 | struct posix_acl_xattr_header *ext_acl = buffer; |
838 | struct posix_acl_xattr_entry *ext_entry; |
839 | int real_size, n; |
840 | |
841 | real_size = posix_acl_xattr_size(count: acl->a_count); |
842 | if (!buffer) |
843 | return real_size; |
844 | if (real_size > size) |
845 | return -ERANGE; |
846 | |
847 | ext_entry = (void *)(ext_acl + 1); |
848 | ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); |
849 | |
850 | for (n=0; n < acl->a_count; n++, ext_entry++) { |
851 | const struct posix_acl_entry *acl_e = &acl->a_entries[n]; |
852 | ext_entry->e_tag = cpu_to_le16(acl_e->e_tag); |
853 | ext_entry->e_perm = cpu_to_le16(acl_e->e_perm); |
854 | switch(acl_e->e_tag) { |
855 | case ACL_USER: |
856 | ext_entry->e_id = |
857 | cpu_to_le32(from_kuid(user_ns, acl_e->e_uid)); |
858 | break; |
859 | case ACL_GROUP: |
860 | ext_entry->e_id = |
861 | cpu_to_le32(from_kgid(user_ns, acl_e->e_gid)); |
862 | break; |
863 | default: |
864 | ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); |
865 | break; |
866 | } |
867 | } |
868 | return real_size; |
869 | } |
870 | EXPORT_SYMBOL (posix_acl_to_xattr); |
871 | |
872 | /** |
873 | * vfs_posix_acl_to_xattr - convert from kernel to userspace representation |
874 | * @idmap: idmap of the mount |
875 | * @inode: inode the posix acls are set on |
876 | * @acl: the posix acls as represented by the vfs |
877 | * @buffer: the buffer into which to convert @acl |
878 | * @size: size of @buffer |
879 | * |
880 | * This converts @acl from the VFS representation in the filesystem idmapping |
881 | * to the uapi form reportable to userspace. And mount and caller idmappings |
882 | * are handled appropriately. |
883 | * |
884 | * Return: On success, the size of the stored uapi posix acls, on error a |
885 | * negative errno. |
886 | */ |
887 | static ssize_t vfs_posix_acl_to_xattr(struct mnt_idmap *idmap, |
888 | struct inode *inode, |
889 | const struct posix_acl *acl, void *buffer, |
890 | size_t size) |
891 | |
892 | { |
893 | struct posix_acl_xattr_header *ext_acl = buffer; |
894 | struct posix_acl_xattr_entry *ext_entry; |
895 | struct user_namespace *fs_userns, *caller_userns; |
896 | ssize_t real_size, n; |
897 | vfsuid_t vfsuid; |
898 | vfsgid_t vfsgid; |
899 | |
900 | real_size = posix_acl_xattr_size(count: acl->a_count); |
901 | if (!buffer) |
902 | return real_size; |
903 | if (real_size > size) |
904 | return -ERANGE; |
905 | |
906 | ext_entry = (void *)(ext_acl + 1); |
907 | ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); |
908 | |
909 | fs_userns = i_user_ns(inode); |
910 | caller_userns = current_user_ns(); |
911 | for (n=0; n < acl->a_count; n++, ext_entry++) { |
912 | const struct posix_acl_entry *acl_e = &acl->a_entries[n]; |
913 | ext_entry->e_tag = cpu_to_le16(acl_e->e_tag); |
914 | ext_entry->e_perm = cpu_to_le16(acl_e->e_perm); |
915 | switch(acl_e->e_tag) { |
916 | case ACL_USER: |
917 | vfsuid = make_vfsuid(idmap, fs_userns, kuid: acl_e->e_uid); |
918 | ext_entry->e_id = cpu_to_le32(from_kuid( |
919 | caller_userns, vfsuid_into_kuid(vfsuid))); |
920 | break; |
921 | case ACL_GROUP: |
922 | vfsgid = make_vfsgid(idmap, fs_userns, kgid: acl_e->e_gid); |
923 | ext_entry->e_id = cpu_to_le32(from_kgid( |
924 | caller_userns, vfsgid_into_kgid(vfsgid))); |
925 | break; |
926 | default: |
927 | ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); |
928 | break; |
929 | } |
930 | } |
931 | return real_size; |
932 | } |
933 | |
934 | int |
935 | set_posix_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
936 | int type, struct posix_acl *acl) |
937 | { |
938 | struct inode *inode = d_inode(dentry); |
939 | |
940 | if (!IS_POSIXACL(inode)) |
941 | return -EOPNOTSUPP; |
942 | if (!inode->i_op->set_acl) |
943 | return -EOPNOTSUPP; |
944 | |
945 | if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) |
946 | return acl ? -EACCES : 0; |
947 | if (!inode_owner_or_capable(idmap, inode)) |
948 | return -EPERM; |
949 | |
950 | if (acl) { |
951 | int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl); |
952 | if (ret) |
953 | return ret; |
954 | } |
955 | return inode->i_op->set_acl(idmap, dentry, acl, type); |
956 | } |
957 | EXPORT_SYMBOL(set_posix_acl); |
958 | |
959 | int posix_acl_listxattr(struct inode *inode, char **buffer, |
960 | ssize_t *remaining_size) |
961 | { |
962 | int err; |
963 | |
964 | if (!IS_POSIXACL(inode)) |
965 | return 0; |
966 | |
967 | if (inode->i_acl) { |
968 | err = xattr_list_one(buffer, remaining_size, |
969 | XATTR_NAME_POSIX_ACL_ACCESS); |
970 | if (err) |
971 | return err; |
972 | } |
973 | |
974 | if (inode->i_default_acl) { |
975 | err = xattr_list_one(buffer, remaining_size, |
976 | XATTR_NAME_POSIX_ACL_DEFAULT); |
977 | if (err) |
978 | return err; |
979 | } |
980 | |
981 | return 0; |
982 | } |
983 | |
984 | static bool |
985 | posix_acl_xattr_list(struct dentry *dentry) |
986 | { |
987 | return IS_POSIXACL(d_backing_inode(dentry)); |
988 | } |
989 | |
990 | /* |
991 | * nop_posix_acl_access - legacy xattr handler for access POSIX ACLs |
992 | * |
993 | * This is the legacy POSIX ACL access xattr handler. It is used by some |
994 | * filesystems to implement their ->listxattr() inode operation. New code |
995 | * should never use them. |
996 | */ |
997 | const struct xattr_handler nop_posix_acl_access = { |
998 | .name = XATTR_NAME_POSIX_ACL_ACCESS, |
999 | .list = posix_acl_xattr_list, |
1000 | }; |
1001 | EXPORT_SYMBOL_GPL(nop_posix_acl_access); |
1002 | |
1003 | /* |
1004 | * nop_posix_acl_default - legacy xattr handler for default POSIX ACLs |
1005 | * |
1006 | * This is the legacy POSIX ACL default xattr handler. It is used by some |
1007 | * filesystems to implement their ->listxattr() inode operation. New code |
1008 | * should never use them. |
1009 | */ |
1010 | const struct xattr_handler nop_posix_acl_default = { |
1011 | .name = XATTR_NAME_POSIX_ACL_DEFAULT, |
1012 | .list = posix_acl_xattr_list, |
1013 | }; |
1014 | EXPORT_SYMBOL_GPL(nop_posix_acl_default); |
1015 | |
1016 | int simple_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1017 | struct posix_acl *acl, int type) |
1018 | { |
1019 | int error; |
1020 | struct inode *inode = d_inode(dentry); |
1021 | |
1022 | if (type == ACL_TYPE_ACCESS) { |
1023 | error = posix_acl_update_mode(idmap, inode, |
1024 | &inode->i_mode, &acl); |
1025 | if (error) |
1026 | return error; |
1027 | } |
1028 | |
1029 | inode_set_ctime_current(inode); |
1030 | if (IS_I_VERSION(inode)) |
1031 | inode_inc_iversion(inode); |
1032 | set_cached_acl(inode, type, acl); |
1033 | return 0; |
1034 | } |
1035 | |
1036 | int simple_acl_create(struct inode *dir, struct inode *inode) |
1037 | { |
1038 | struct posix_acl *default_acl, *acl; |
1039 | int error; |
1040 | |
1041 | error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); |
1042 | if (error) |
1043 | return error; |
1044 | |
1045 | set_cached_acl(inode, ACL_TYPE_DEFAULT, default_acl); |
1046 | set_cached_acl(inode, ACL_TYPE_ACCESS, acl); |
1047 | |
1048 | if (default_acl) |
1049 | posix_acl_release(acl: default_acl); |
1050 | if (acl) |
1051 | posix_acl_release(acl); |
1052 | return 0; |
1053 | } |
1054 | |
1055 | static int vfs_set_acl_idmapped_mnt(struct mnt_idmap *idmap, |
1056 | struct user_namespace *fs_userns, |
1057 | struct posix_acl *acl) |
1058 | { |
1059 | for (int n = 0; n < acl->a_count; n++) { |
1060 | struct posix_acl_entry *acl_e = &acl->a_entries[n]; |
1061 | |
1062 | switch (acl_e->e_tag) { |
1063 | case ACL_USER: |
1064 | acl_e->e_uid = from_vfsuid(idmap, fs_userns, |
1065 | VFSUIDT_INIT(acl_e->e_uid)); |
1066 | break; |
1067 | case ACL_GROUP: |
1068 | acl_e->e_gid = from_vfsgid(idmap, fs_userns, |
1069 | VFSGIDT_INIT(acl_e->e_gid)); |
1070 | break; |
1071 | } |
1072 | } |
1073 | |
1074 | return 0; |
1075 | } |
1076 | |
1077 | /** |
1078 | * vfs_set_acl - set posix acls |
1079 | * @idmap: idmap of the mount |
1080 | * @dentry: the dentry based on which to set the posix acls |
1081 | * @acl_name: the name of the posix acl |
1082 | * @kacl: the posix acls in the appropriate VFS format |
1083 | * |
1084 | * This function sets @kacl. The caller must all posix_acl_release() on @kacl |
1085 | * afterwards. |
1086 | * |
1087 | * Return: On success 0, on error negative errno. |
1088 | */ |
1089 | int vfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1090 | const char *acl_name, struct posix_acl *kacl) |
1091 | { |
1092 | int acl_type; |
1093 | int error; |
1094 | struct inode *inode = d_inode(dentry); |
1095 | struct inode *delegated_inode = NULL; |
1096 | |
1097 | acl_type = posix_acl_type(name: acl_name); |
1098 | if (acl_type < 0) |
1099 | return -EINVAL; |
1100 | |
1101 | if (kacl) { |
1102 | /* |
1103 | * If we're on an idmapped mount translate from mount specific |
1104 | * vfs{g,u}id_t into global filesystem k{g,u}id_t. |
1105 | * Afterwards we can cache the POSIX ACLs filesystem wide and - |
1106 | * if this is a filesystem with a backing store - ultimately |
1107 | * translate them to backing store values. |
1108 | */ |
1109 | error = vfs_set_acl_idmapped_mnt(idmap, fs_userns: i_user_ns(inode), acl: kacl); |
1110 | if (error) |
1111 | return error; |
1112 | } |
1113 | |
1114 | retry_deleg: |
1115 | inode_lock(inode); |
1116 | |
1117 | /* |
1118 | * We only care about restrictions the inode struct itself places upon |
1119 | * us otherwise POSIX ACLs aren't subject to any VFS restrictions. |
1120 | */ |
1121 | error = may_write_xattr(idmap, inode); |
1122 | if (error) |
1123 | goto out_inode_unlock; |
1124 | |
1125 | error = security_inode_set_acl(idmap, dentry, acl_name, kacl); |
1126 | if (error) |
1127 | goto out_inode_unlock; |
1128 | |
1129 | error = try_break_deleg(inode, delegated_inode: &delegated_inode); |
1130 | if (error) |
1131 | goto out_inode_unlock; |
1132 | |
1133 | if (likely(!is_bad_inode(inode))) |
1134 | error = set_posix_acl(idmap, dentry, acl_type, kacl); |
1135 | else |
1136 | error = -EIO; |
1137 | if (!error) { |
1138 | fsnotify_xattr(dentry); |
1139 | security_inode_post_set_acl(dentry, acl_name, kacl); |
1140 | } |
1141 | |
1142 | out_inode_unlock: |
1143 | inode_unlock(inode); |
1144 | |
1145 | if (delegated_inode) { |
1146 | error = break_deleg_wait(delegated_inode: &delegated_inode); |
1147 | if (!error) |
1148 | goto retry_deleg; |
1149 | } |
1150 | |
1151 | return error; |
1152 | } |
1153 | EXPORT_SYMBOL_GPL(vfs_set_acl); |
1154 | |
1155 | /** |
1156 | * vfs_get_acl - get posix acls |
1157 | * @idmap: idmap of the mount |
1158 | * @dentry: the dentry based on which to retrieve the posix acls |
1159 | * @acl_name: the name of the posix acl |
1160 | * |
1161 | * This function retrieves @kacl from the filesystem. The caller must all |
1162 | * posix_acl_release() on @kacl. |
1163 | * |
1164 | * Return: On success POSIX ACLs in VFS format, on error negative errno. |
1165 | */ |
1166 | struct posix_acl *vfs_get_acl(struct mnt_idmap *idmap, |
1167 | struct dentry *dentry, const char *acl_name) |
1168 | { |
1169 | struct inode *inode = d_inode(dentry); |
1170 | struct posix_acl *acl; |
1171 | int acl_type, error; |
1172 | |
1173 | acl_type = posix_acl_type(name: acl_name); |
1174 | if (acl_type < 0) |
1175 | return ERR_PTR(error: -EINVAL); |
1176 | |
1177 | /* |
1178 | * The VFS has no restrictions on reading POSIX ACLs so calling |
1179 | * something like xattr_permission() isn't needed. Only LSMs get a say. |
1180 | */ |
1181 | error = security_inode_get_acl(idmap, dentry, acl_name); |
1182 | if (error) |
1183 | return ERR_PTR(error); |
1184 | |
1185 | if (!IS_POSIXACL(inode)) |
1186 | return ERR_PTR(error: -EOPNOTSUPP); |
1187 | if (S_ISLNK(inode->i_mode)) |
1188 | return ERR_PTR(error: -EOPNOTSUPP); |
1189 | |
1190 | acl = __get_acl(idmap, dentry, inode, type: acl_type); |
1191 | if (IS_ERR(ptr: acl)) |
1192 | return acl; |
1193 | if (!acl) |
1194 | return ERR_PTR(error: -ENODATA); |
1195 | |
1196 | return acl; |
1197 | } |
1198 | EXPORT_SYMBOL_GPL(vfs_get_acl); |
1199 | |
1200 | /** |
1201 | * vfs_remove_acl - remove posix acls |
1202 | * @idmap: idmap of the mount |
1203 | * @dentry: the dentry based on which to retrieve the posix acls |
1204 | * @acl_name: the name of the posix acl |
1205 | * |
1206 | * This function removes posix acls. |
1207 | * |
1208 | * Return: On success 0, on error negative errno. |
1209 | */ |
1210 | int vfs_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1211 | const char *acl_name) |
1212 | { |
1213 | int acl_type; |
1214 | int error; |
1215 | struct inode *inode = d_inode(dentry); |
1216 | struct inode *delegated_inode = NULL; |
1217 | |
1218 | acl_type = posix_acl_type(name: acl_name); |
1219 | if (acl_type < 0) |
1220 | return -EINVAL; |
1221 | |
1222 | retry_deleg: |
1223 | inode_lock(inode); |
1224 | |
1225 | /* |
1226 | * We only care about restrictions the inode struct itself places upon |
1227 | * us otherwise POSIX ACLs aren't subject to any VFS restrictions. |
1228 | */ |
1229 | error = may_write_xattr(idmap, inode); |
1230 | if (error) |
1231 | goto out_inode_unlock; |
1232 | |
1233 | error = security_inode_remove_acl(idmap, dentry, acl_name); |
1234 | if (error) |
1235 | goto out_inode_unlock; |
1236 | |
1237 | error = try_break_deleg(inode, delegated_inode: &delegated_inode); |
1238 | if (error) |
1239 | goto out_inode_unlock; |
1240 | |
1241 | if (likely(!is_bad_inode(inode))) |
1242 | error = set_posix_acl(idmap, dentry, acl_type, NULL); |
1243 | else |
1244 | error = -EIO; |
1245 | if (!error) { |
1246 | fsnotify_xattr(dentry); |
1247 | security_inode_post_remove_acl(idmap, dentry, acl_name); |
1248 | } |
1249 | |
1250 | out_inode_unlock: |
1251 | inode_unlock(inode); |
1252 | |
1253 | if (delegated_inode) { |
1254 | error = break_deleg_wait(delegated_inode: &delegated_inode); |
1255 | if (!error) |
1256 | goto retry_deleg; |
1257 | } |
1258 | |
1259 | return error; |
1260 | } |
1261 | EXPORT_SYMBOL_GPL(vfs_remove_acl); |
1262 | |
1263 | int do_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1264 | const char *acl_name, const void *kvalue, size_t size) |
1265 | { |
1266 | int error; |
1267 | struct posix_acl *acl = NULL; |
1268 | |
1269 | if (size) { |
1270 | /* |
1271 | * Note that posix_acl_from_xattr() uses GFP_NOFS when it |
1272 | * probably doesn't need to here. |
1273 | */ |
1274 | acl = posix_acl_from_xattr(current_user_ns(), kvalue, size); |
1275 | if (IS_ERR(ptr: acl)) |
1276 | return PTR_ERR(ptr: acl); |
1277 | } |
1278 | |
1279 | error = vfs_set_acl(idmap, dentry, acl_name, acl); |
1280 | posix_acl_release(acl); |
1281 | return error; |
1282 | } |
1283 | |
1284 | ssize_t do_get_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1285 | const char *acl_name, void *kvalue, size_t size) |
1286 | { |
1287 | ssize_t error; |
1288 | struct posix_acl *acl; |
1289 | |
1290 | acl = vfs_get_acl(idmap, dentry, acl_name); |
1291 | if (IS_ERR(ptr: acl)) |
1292 | return PTR_ERR(ptr: acl); |
1293 | |
1294 | error = vfs_posix_acl_to_xattr(idmap, inode: d_inode(dentry), |
1295 | acl, buffer: kvalue, size); |
1296 | posix_acl_release(acl); |
1297 | return error; |
1298 | } |
1299 | |