1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * fs/f2fs/acl.c |
4 | * |
5 | * Copyright (c) 2012 Samsung Electronics Co., Ltd. |
6 | * http://www.samsung.com/ |
7 | * |
8 | * Portions of this code from linux/fs/ext2/acl.c |
9 | * |
10 | * Copyright (C) 2001-2003 Andreas Gruenbacher, <agruen@suse.de> |
11 | */ |
12 | #include <linux/f2fs_fs.h> |
13 | #include "f2fs.h" |
14 | #include "xattr.h" |
15 | #include "acl.h" |
16 | |
17 | static inline size_t f2fs_acl_size(int count) |
18 | { |
19 | if (count <= 4) { |
20 | return sizeof(struct f2fs_acl_header) + |
21 | count * sizeof(struct f2fs_acl_entry_short); |
22 | } else { |
23 | return sizeof(struct f2fs_acl_header) + |
24 | 4 * sizeof(struct f2fs_acl_entry_short) + |
25 | (count - 4) * sizeof(struct f2fs_acl_entry); |
26 | } |
27 | } |
28 | |
29 | static inline int f2fs_acl_count(size_t size) |
30 | { |
31 | ssize_t s; |
32 | |
33 | size -= sizeof(struct f2fs_acl_header); |
34 | s = size - 4 * sizeof(struct f2fs_acl_entry_short); |
35 | if (s < 0) { |
36 | if (size % sizeof(struct f2fs_acl_entry_short)) |
37 | return -1; |
38 | return size / sizeof(struct f2fs_acl_entry_short); |
39 | } else { |
40 | if (s % sizeof(struct f2fs_acl_entry)) |
41 | return -1; |
42 | return s / sizeof(struct f2fs_acl_entry) + 4; |
43 | } |
44 | } |
45 | |
46 | static struct posix_acl *f2fs_acl_from_disk(const char *value, size_t size) |
47 | { |
48 | int i, count; |
49 | struct posix_acl *acl; |
50 | struct f2fs_acl_header *hdr = (struct f2fs_acl_header *)value; |
51 | struct f2fs_acl_entry *entry = (struct f2fs_acl_entry *)(hdr + 1); |
52 | const char *end = value + size; |
53 | |
54 | if (size < sizeof(struct f2fs_acl_header)) |
55 | return ERR_PTR(error: -EINVAL); |
56 | |
57 | if (hdr->a_version != cpu_to_le32(F2FS_ACL_VERSION)) |
58 | return ERR_PTR(error: -EINVAL); |
59 | |
60 | count = f2fs_acl_count(size); |
61 | if (count < 0) |
62 | return ERR_PTR(error: -EINVAL); |
63 | if (count == 0) |
64 | return NULL; |
65 | |
66 | acl = posix_acl_alloc(count, GFP_NOFS); |
67 | if (!acl) |
68 | return ERR_PTR(error: -ENOMEM); |
69 | |
70 | for (i = 0; i < count; i++) { |
71 | |
72 | if ((char *)entry > end) |
73 | goto fail; |
74 | |
75 | acl->a_entries[i].e_tag = le16_to_cpu(entry->e_tag); |
76 | acl->a_entries[i].e_perm = le16_to_cpu(entry->e_perm); |
77 | |
78 | switch (acl->a_entries[i].e_tag) { |
79 | case ACL_USER_OBJ: |
80 | case ACL_GROUP_OBJ: |
81 | case ACL_MASK: |
82 | case ACL_OTHER: |
83 | entry = (struct f2fs_acl_entry *)((char *)entry + |
84 | sizeof(struct f2fs_acl_entry_short)); |
85 | break; |
86 | |
87 | case ACL_USER: |
88 | acl->a_entries[i].e_uid = |
89 | make_kuid(from: &init_user_ns, |
90 | le32_to_cpu(entry->e_id)); |
91 | entry = (struct f2fs_acl_entry *)((char *)entry + |
92 | sizeof(struct f2fs_acl_entry)); |
93 | break; |
94 | case ACL_GROUP: |
95 | acl->a_entries[i].e_gid = |
96 | make_kgid(from: &init_user_ns, |
97 | le32_to_cpu(entry->e_id)); |
98 | entry = (struct f2fs_acl_entry *)((char *)entry + |
99 | sizeof(struct f2fs_acl_entry)); |
100 | break; |
101 | default: |
102 | goto fail; |
103 | } |
104 | } |
105 | if ((char *)entry != end) |
106 | goto fail; |
107 | return acl; |
108 | fail: |
109 | posix_acl_release(acl); |
110 | return ERR_PTR(error: -EINVAL); |
111 | } |
112 | |
113 | static void *f2fs_acl_to_disk(struct f2fs_sb_info *sbi, |
114 | const struct posix_acl *acl, size_t *size) |
115 | { |
116 | struct f2fs_acl_header *f2fs_acl; |
117 | struct f2fs_acl_entry *entry; |
118 | int i; |
119 | |
120 | f2fs_acl = f2fs_kmalloc(sbi, size: sizeof(struct f2fs_acl_header) + |
121 | acl->a_count * sizeof(struct f2fs_acl_entry), |
122 | GFP_NOFS); |
123 | if (!f2fs_acl) |
124 | return ERR_PTR(error: -ENOMEM); |
125 | |
126 | f2fs_acl->a_version = cpu_to_le32(F2FS_ACL_VERSION); |
127 | entry = (struct f2fs_acl_entry *)(f2fs_acl + 1); |
128 | |
129 | for (i = 0; i < acl->a_count; i++) { |
130 | |
131 | entry->e_tag = cpu_to_le16(acl->a_entries[i].e_tag); |
132 | entry->e_perm = cpu_to_le16(acl->a_entries[i].e_perm); |
133 | |
134 | switch (acl->a_entries[i].e_tag) { |
135 | case ACL_USER: |
136 | entry->e_id = cpu_to_le32( |
137 | from_kuid(&init_user_ns, |
138 | acl->a_entries[i].e_uid)); |
139 | entry = (struct f2fs_acl_entry *)((char *)entry + |
140 | sizeof(struct f2fs_acl_entry)); |
141 | break; |
142 | case ACL_GROUP: |
143 | entry->e_id = cpu_to_le32( |
144 | from_kgid(&init_user_ns, |
145 | acl->a_entries[i].e_gid)); |
146 | entry = (struct f2fs_acl_entry *)((char *)entry + |
147 | sizeof(struct f2fs_acl_entry)); |
148 | break; |
149 | case ACL_USER_OBJ: |
150 | case ACL_GROUP_OBJ: |
151 | case ACL_MASK: |
152 | case ACL_OTHER: |
153 | entry = (struct f2fs_acl_entry *)((char *)entry + |
154 | sizeof(struct f2fs_acl_entry_short)); |
155 | break; |
156 | default: |
157 | goto fail; |
158 | } |
159 | } |
160 | *size = f2fs_acl_size(count: acl->a_count); |
161 | return (void *)f2fs_acl; |
162 | |
163 | fail: |
164 | kfree(objp: f2fs_acl); |
165 | return ERR_PTR(error: -EINVAL); |
166 | } |
167 | |
168 | static struct posix_acl *__f2fs_get_acl(struct inode *inode, int type, |
169 | struct page *dpage) |
170 | { |
171 | int name_index = F2FS_XATTR_INDEX_POSIX_ACL_DEFAULT; |
172 | void *value = NULL; |
173 | struct posix_acl *acl; |
174 | int retval; |
175 | |
176 | if (type == ACL_TYPE_ACCESS) |
177 | name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS; |
178 | |
179 | retval = f2fs_getxattr(inode, name_index, "" , NULL, 0, dpage); |
180 | if (retval > 0) { |
181 | value = f2fs_kmalloc(sbi: F2FS_I_SB(inode), size: retval, GFP_F2FS_ZERO); |
182 | if (!value) |
183 | return ERR_PTR(error: -ENOMEM); |
184 | retval = f2fs_getxattr(inode, name_index, "" , value, |
185 | retval, dpage); |
186 | } |
187 | |
188 | if (retval > 0) |
189 | acl = f2fs_acl_from_disk(value, size: retval); |
190 | else if (retval == -ENODATA) |
191 | acl = NULL; |
192 | else |
193 | acl = ERR_PTR(error: retval); |
194 | kfree(objp: value); |
195 | |
196 | return acl; |
197 | } |
198 | |
199 | struct posix_acl *f2fs_get_acl(struct inode *inode, int type, bool rcu) |
200 | { |
201 | if (rcu) |
202 | return ERR_PTR(error: -ECHILD); |
203 | |
204 | return __f2fs_get_acl(inode, type, NULL); |
205 | } |
206 | |
207 | static int f2fs_acl_update_mode(struct mnt_idmap *idmap, |
208 | struct inode *inode, umode_t *mode_p, |
209 | struct posix_acl **acl) |
210 | { |
211 | umode_t mode = inode->i_mode; |
212 | int error; |
213 | |
214 | if (is_inode_flag_set(inode, flag: FI_ACL_MODE)) |
215 | mode = F2FS_I(inode)->i_acl_mode; |
216 | |
217 | error = posix_acl_equiv_mode(*acl, &mode); |
218 | if (error < 0) |
219 | return error; |
220 | if (error == 0) |
221 | *acl = NULL; |
222 | if (!vfsgid_in_group_p(vfsgid: i_gid_into_vfsgid(idmap, inode)) && |
223 | !capable_wrt_inode_uidgid(idmap, inode, CAP_FSETID)) |
224 | mode &= ~S_ISGID; |
225 | *mode_p = mode; |
226 | return 0; |
227 | } |
228 | |
229 | static int __f2fs_set_acl(struct mnt_idmap *idmap, |
230 | struct inode *inode, int type, |
231 | struct posix_acl *acl, struct page *ipage) |
232 | { |
233 | int name_index; |
234 | void *value = NULL; |
235 | size_t size = 0; |
236 | int error; |
237 | umode_t mode = inode->i_mode; |
238 | |
239 | switch (type) { |
240 | case ACL_TYPE_ACCESS: |
241 | name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS; |
242 | if (acl && !ipage) { |
243 | error = f2fs_acl_update_mode(idmap, inode, |
244 | mode_p: &mode, acl: &acl); |
245 | if (error) |
246 | return error; |
247 | set_acl_inode(inode, mode); |
248 | } |
249 | break; |
250 | |
251 | case ACL_TYPE_DEFAULT: |
252 | name_index = F2FS_XATTR_INDEX_POSIX_ACL_DEFAULT; |
253 | if (!S_ISDIR(inode->i_mode)) |
254 | return acl ? -EACCES : 0; |
255 | break; |
256 | |
257 | default: |
258 | return -EINVAL; |
259 | } |
260 | |
261 | if (acl) { |
262 | value = f2fs_acl_to_disk(sbi: F2FS_I_SB(inode), acl, size: &size); |
263 | if (IS_ERR(ptr: value)) { |
264 | clear_inode_flag(inode, flag: FI_ACL_MODE); |
265 | return PTR_ERR(ptr: value); |
266 | } |
267 | } |
268 | |
269 | error = f2fs_setxattr(inode, name_index, "" , value, size, ipage, 0); |
270 | |
271 | kfree(objp: value); |
272 | if (!error) |
273 | set_cached_acl(inode, type, acl); |
274 | |
275 | clear_inode_flag(inode, flag: FI_ACL_MODE); |
276 | return error; |
277 | } |
278 | |
279 | int f2fs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
280 | struct posix_acl *acl, int type) |
281 | { |
282 | struct inode *inode = d_inode(dentry); |
283 | |
284 | if (unlikely(f2fs_cp_error(F2FS_I_SB(inode)))) |
285 | return -EIO; |
286 | |
287 | return __f2fs_set_acl(idmap, inode, type, acl, NULL); |
288 | } |
289 | |
290 | /* |
291 | * Most part of f2fs_acl_clone, f2fs_acl_create_masq, f2fs_acl_create |
292 | * are copied from posix_acl.c |
293 | */ |
294 | static struct posix_acl *f2fs_acl_clone(const struct posix_acl *acl, |
295 | gfp_t flags) |
296 | { |
297 | struct posix_acl *clone = NULL; |
298 | |
299 | if (acl) { |
300 | int size = sizeof(struct posix_acl) + acl->a_count * |
301 | sizeof(struct posix_acl_entry); |
302 | clone = kmemdup(p: acl, size, gfp: flags); |
303 | if (clone) |
304 | refcount_set(r: &clone->a_refcount, n: 1); |
305 | } |
306 | return clone; |
307 | } |
308 | |
309 | static int f2fs_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) |
310 | { |
311 | struct posix_acl_entry *pa, *pe; |
312 | struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; |
313 | umode_t mode = *mode_p; |
314 | int not_equiv = 0; |
315 | |
316 | /* assert(atomic_read(acl->a_refcount) == 1); */ |
317 | |
318 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
319 | switch (pa->e_tag) { |
320 | case ACL_USER_OBJ: |
321 | pa->e_perm &= (mode >> 6) | ~S_IRWXO; |
322 | mode &= (pa->e_perm << 6) | ~S_IRWXU; |
323 | break; |
324 | |
325 | case ACL_USER: |
326 | case ACL_GROUP: |
327 | not_equiv = 1; |
328 | break; |
329 | |
330 | case ACL_GROUP_OBJ: |
331 | group_obj = pa; |
332 | break; |
333 | |
334 | case ACL_OTHER: |
335 | pa->e_perm &= mode | ~S_IRWXO; |
336 | mode &= pa->e_perm | ~S_IRWXO; |
337 | break; |
338 | |
339 | case ACL_MASK: |
340 | mask_obj = pa; |
341 | not_equiv = 1; |
342 | break; |
343 | |
344 | default: |
345 | return -EIO; |
346 | } |
347 | } |
348 | |
349 | if (mask_obj) { |
350 | mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO; |
351 | mode &= (mask_obj->e_perm << 3) | ~S_IRWXG; |
352 | } else { |
353 | if (!group_obj) |
354 | return -EIO; |
355 | group_obj->e_perm &= (mode >> 3) | ~S_IRWXO; |
356 | mode &= (group_obj->e_perm << 3) | ~S_IRWXG; |
357 | } |
358 | |
359 | *mode_p = (*mode_p & ~S_IRWXUGO) | mode; |
360 | return not_equiv; |
361 | } |
362 | |
363 | static int f2fs_acl_create(struct inode *dir, umode_t *mode, |
364 | struct posix_acl **default_acl, struct posix_acl **acl, |
365 | struct page *dpage) |
366 | { |
367 | struct posix_acl *p; |
368 | struct posix_acl *clone; |
369 | int ret; |
370 | |
371 | *acl = NULL; |
372 | *default_acl = NULL; |
373 | |
374 | if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) |
375 | return 0; |
376 | |
377 | p = __f2fs_get_acl(inode: dir, ACL_TYPE_DEFAULT, dpage); |
378 | if (!p || p == ERR_PTR(error: -EOPNOTSUPP)) { |
379 | *mode &= ~current_umask(); |
380 | return 0; |
381 | } |
382 | if (IS_ERR(ptr: p)) |
383 | return PTR_ERR(ptr: p); |
384 | |
385 | clone = f2fs_acl_clone(acl: p, GFP_NOFS); |
386 | if (!clone) { |
387 | ret = -ENOMEM; |
388 | goto release_acl; |
389 | } |
390 | |
391 | ret = f2fs_acl_create_masq(acl: clone, mode_p: mode); |
392 | if (ret < 0) |
393 | goto release_clone; |
394 | |
395 | if (ret == 0) |
396 | posix_acl_release(acl: clone); |
397 | else |
398 | *acl = clone; |
399 | |
400 | if (!S_ISDIR(*mode)) |
401 | posix_acl_release(acl: p); |
402 | else |
403 | *default_acl = p; |
404 | |
405 | return 0; |
406 | |
407 | release_clone: |
408 | posix_acl_release(acl: clone); |
409 | release_acl: |
410 | posix_acl_release(acl: p); |
411 | return ret; |
412 | } |
413 | |
414 | int f2fs_init_acl(struct inode *inode, struct inode *dir, struct page *ipage, |
415 | struct page *dpage) |
416 | { |
417 | struct posix_acl *default_acl = NULL, *acl = NULL; |
418 | int error; |
419 | |
420 | error = f2fs_acl_create(dir, mode: &inode->i_mode, default_acl: &default_acl, acl: &acl, dpage); |
421 | if (error) |
422 | return error; |
423 | |
424 | f2fs_mark_inode_dirty_sync(inode, sync: true); |
425 | |
426 | if (default_acl) { |
427 | error = __f2fs_set_acl(NULL, inode, ACL_TYPE_DEFAULT, acl: default_acl, |
428 | ipage); |
429 | posix_acl_release(acl: default_acl); |
430 | } else { |
431 | inode->i_default_acl = NULL; |
432 | } |
433 | if (acl) { |
434 | if (!error) |
435 | error = __f2fs_set_acl(NULL, inode, ACL_TYPE_ACCESS, acl, |
436 | ipage); |
437 | posix_acl_release(acl); |
438 | } else { |
439 | inode->i_acl = NULL; |
440 | } |
441 | |
442 | return error; |
443 | } |
444 | |