1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Copyright (C) 2002,2003 by Andreas Gruenbacher <a.gruenbacher@computer.org> |
4 | * |
5 | * Fixes from William Schumacher incorporated on 15 March 2001. |
6 | * (Reported by Charles Bertsch, <CBertsch@microtest.com>). |
7 | */ |
8 | |
9 | /* |
10 | * This file contains generic functions for manipulating |
11 | * POSIX 1003.1e draft standard 17 ACLs. |
12 | */ |
13 | |
14 | #include <linux/kernel.h> |
15 | #include <linux/slab.h> |
16 | #include <linux/atomic.h> |
17 | #include <linux/fs.h> |
18 | #include <linux/sched.h> |
19 | #include <linux/cred.h> |
20 | #include <linux/posix_acl.h> |
21 | #include <linux/posix_acl_xattr.h> |
22 | #include <linux/xattr.h> |
23 | #include <linux/export.h> |
24 | #include <linux/user_namespace.h> |
25 | #include <linux/namei.h> |
26 | #include <linux/mnt_idmapping.h> |
27 | #include <linux/iversion.h> |
28 | #include <linux/security.h> |
29 | #include <linux/evm.h> |
30 | #include <linux/fsnotify.h> |
31 | #include <linux/filelock.h> |
32 | |
33 | #include "internal.h" |
34 | |
35 | static struct posix_acl **acl_by_type(struct inode *inode, int type) |
36 | { |
37 | switch (type) { |
38 | case ACL_TYPE_ACCESS: |
39 | return &inode->i_acl; |
40 | case ACL_TYPE_DEFAULT: |
41 | return &inode->i_default_acl; |
42 | default: |
43 | BUG(); |
44 | } |
45 | } |
46 | |
47 | struct posix_acl *get_cached_acl(struct inode *inode, int type) |
48 | { |
49 | struct posix_acl **p = acl_by_type(inode, type); |
50 | struct posix_acl *acl; |
51 | |
52 | for (;;) { |
53 | rcu_read_lock(); |
54 | acl = rcu_dereference(*p); |
55 | if (!acl || is_uncached_acl(acl) || |
56 | refcount_inc_not_zero(r: &acl->a_refcount)) |
57 | break; |
58 | rcu_read_unlock(); |
59 | cpu_relax(); |
60 | } |
61 | rcu_read_unlock(); |
62 | return acl; |
63 | } |
64 | EXPORT_SYMBOL(get_cached_acl); |
65 | |
66 | struct posix_acl *get_cached_acl_rcu(struct inode *inode, int type) |
67 | { |
68 | struct posix_acl *acl = rcu_dereference(*acl_by_type(inode, type)); |
69 | |
70 | if (acl == ACL_DONT_CACHE) { |
71 | struct posix_acl *ret; |
72 | |
73 | ret = inode->i_op->get_inode_acl(inode, type, LOOKUP_RCU); |
74 | if (!IS_ERR(ptr: ret)) |
75 | acl = ret; |
76 | } |
77 | |
78 | return acl; |
79 | } |
80 | EXPORT_SYMBOL(get_cached_acl_rcu); |
81 | |
82 | void set_cached_acl(struct inode *inode, int type, struct posix_acl *acl) |
83 | { |
84 | struct posix_acl **p = acl_by_type(inode, type); |
85 | struct posix_acl *old; |
86 | |
87 | old = xchg(p, posix_acl_dup(acl)); |
88 | if (!is_uncached_acl(acl: old)) |
89 | posix_acl_release(acl: old); |
90 | } |
91 | EXPORT_SYMBOL(set_cached_acl); |
92 | |
93 | static void __forget_cached_acl(struct posix_acl **p) |
94 | { |
95 | struct posix_acl *old; |
96 | |
97 | old = xchg(p, ACL_NOT_CACHED); |
98 | if (!is_uncached_acl(acl: old)) |
99 | posix_acl_release(acl: old); |
100 | } |
101 | |
102 | void forget_cached_acl(struct inode *inode, int type) |
103 | { |
104 | __forget_cached_acl(p: acl_by_type(inode, type)); |
105 | } |
106 | EXPORT_SYMBOL(forget_cached_acl); |
107 | |
108 | void forget_all_cached_acls(struct inode *inode) |
109 | { |
110 | __forget_cached_acl(p: &inode->i_acl); |
111 | __forget_cached_acl(p: &inode->i_default_acl); |
112 | } |
113 | EXPORT_SYMBOL(forget_all_cached_acls); |
114 | |
115 | static struct posix_acl *__get_acl(struct mnt_idmap *idmap, |
116 | struct dentry *dentry, struct inode *inode, |
117 | int type) |
118 | { |
119 | struct posix_acl *sentinel; |
120 | struct posix_acl **p; |
121 | struct posix_acl *acl; |
122 | |
123 | /* |
124 | * The sentinel is used to detect when another operation like |
125 | * set_cached_acl() or forget_cached_acl() races with get_inode_acl(). |
126 | * It is guaranteed that is_uncached_acl(sentinel) is true. |
127 | */ |
128 | |
129 | acl = get_cached_acl(inode, type); |
130 | if (!is_uncached_acl(acl)) |
131 | return acl; |
132 | |
133 | if (!IS_POSIXACL(inode)) |
134 | return NULL; |
135 | |
136 | sentinel = uncached_acl_sentinel(current); |
137 | p = acl_by_type(inode, type); |
138 | |
139 | /* |
140 | * If the ACL isn't being read yet, set our sentinel. Otherwise, the |
141 | * current value of the ACL will not be ACL_NOT_CACHED and so our own |
142 | * sentinel will not be set; another task will update the cache. We |
143 | * could wait for that other task to complete its job, but it's easier |
144 | * to just call ->get_inode_acl to fetch the ACL ourself. (This is |
145 | * going to be an unlikely race.) |
146 | */ |
147 | cmpxchg(p, ACL_NOT_CACHED, sentinel); |
148 | |
149 | /* |
150 | * Normally, the ACL returned by ->get{_inode}_acl will be cached. |
151 | * A filesystem can prevent that by calling |
152 | * forget_cached_acl(inode, type) in ->get{_inode}_acl. |
153 | * |
154 | * If the filesystem doesn't have a get{_inode}_ acl() function at all, |
155 | * we'll just create the negative cache entry. |
156 | */ |
157 | if (dentry && inode->i_op->get_acl) { |
158 | acl = inode->i_op->get_acl(idmap, dentry, type); |
159 | } else if (inode->i_op->get_inode_acl) { |
160 | acl = inode->i_op->get_inode_acl(inode, type, false); |
161 | } else { |
162 | set_cached_acl(inode, type, NULL); |
163 | return NULL; |
164 | } |
165 | if (IS_ERR(ptr: acl)) { |
166 | /* |
167 | * Remove our sentinel so that we don't block future attempts |
168 | * to cache the ACL. |
169 | */ |
170 | cmpxchg(p, sentinel, ACL_NOT_CACHED); |
171 | return acl; |
172 | } |
173 | |
174 | /* |
175 | * Cache the result, but only if our sentinel is still in place. |
176 | */ |
177 | posix_acl_dup(acl); |
178 | if (unlikely(!try_cmpxchg(p, &sentinel, acl))) |
179 | posix_acl_release(acl); |
180 | return acl; |
181 | } |
182 | |
183 | struct posix_acl *get_inode_acl(struct inode *inode, int type) |
184 | { |
185 | return __get_acl(idmap: &nop_mnt_idmap, NULL, inode, type); |
186 | } |
187 | EXPORT_SYMBOL(get_inode_acl); |
188 | |
189 | /* |
190 | * Init a fresh posix_acl |
191 | */ |
192 | void |
193 | posix_acl_init(struct posix_acl *acl, int count) |
194 | { |
195 | refcount_set(r: &acl->a_refcount, n: 1); |
196 | acl->a_count = count; |
197 | } |
198 | EXPORT_SYMBOL(posix_acl_init); |
199 | |
200 | /* |
201 | * Allocate a new ACL with the specified number of entries. |
202 | */ |
203 | struct posix_acl * |
204 | posix_acl_alloc(int count, gfp_t flags) |
205 | { |
206 | const size_t size = sizeof(struct posix_acl) + |
207 | count * sizeof(struct posix_acl_entry); |
208 | struct posix_acl *acl = kmalloc(size, flags); |
209 | if (acl) |
210 | posix_acl_init(acl, count); |
211 | return acl; |
212 | } |
213 | EXPORT_SYMBOL(posix_acl_alloc); |
214 | |
215 | /* |
216 | * Clone an ACL. |
217 | */ |
218 | struct posix_acl * |
219 | posix_acl_clone(const struct posix_acl *acl, gfp_t flags) |
220 | { |
221 | struct posix_acl *clone = NULL; |
222 | |
223 | if (acl) { |
224 | int size = sizeof(struct posix_acl) + acl->a_count * |
225 | sizeof(struct posix_acl_entry); |
226 | clone = kmemdup(p: acl, size, gfp: flags); |
227 | if (clone) |
228 | refcount_set(r: &clone->a_refcount, n: 1); |
229 | } |
230 | return clone; |
231 | } |
232 | EXPORT_SYMBOL_GPL(posix_acl_clone); |
233 | |
234 | /* |
235 | * Check if an acl is valid. Returns 0 if it is, or -E... otherwise. |
236 | */ |
237 | int |
238 | posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl) |
239 | { |
240 | const struct posix_acl_entry *pa, *pe; |
241 | int state = ACL_USER_OBJ; |
242 | int needs_mask = 0; |
243 | |
244 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
245 | if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)) |
246 | return -EINVAL; |
247 | switch (pa->e_tag) { |
248 | case ACL_USER_OBJ: |
249 | if (state == ACL_USER_OBJ) { |
250 | state = ACL_USER; |
251 | break; |
252 | } |
253 | return -EINVAL; |
254 | |
255 | case ACL_USER: |
256 | if (state != ACL_USER) |
257 | return -EINVAL; |
258 | if (!kuid_has_mapping(ns: user_ns, uid: pa->e_uid)) |
259 | return -EINVAL; |
260 | needs_mask = 1; |
261 | break; |
262 | |
263 | case ACL_GROUP_OBJ: |
264 | if (state == ACL_USER) { |
265 | state = ACL_GROUP; |
266 | break; |
267 | } |
268 | return -EINVAL; |
269 | |
270 | case ACL_GROUP: |
271 | if (state != ACL_GROUP) |
272 | return -EINVAL; |
273 | if (!kgid_has_mapping(ns: user_ns, gid: pa->e_gid)) |
274 | return -EINVAL; |
275 | needs_mask = 1; |
276 | break; |
277 | |
278 | case ACL_MASK: |
279 | if (state != ACL_GROUP) |
280 | return -EINVAL; |
281 | state = ACL_OTHER; |
282 | break; |
283 | |
284 | case ACL_OTHER: |
285 | if (state == ACL_OTHER || |
286 | (state == ACL_GROUP && !needs_mask)) { |
287 | state = 0; |
288 | break; |
289 | } |
290 | return -EINVAL; |
291 | |
292 | default: |
293 | return -EINVAL; |
294 | } |
295 | } |
296 | if (state == 0) |
297 | return 0; |
298 | return -EINVAL; |
299 | } |
300 | EXPORT_SYMBOL(posix_acl_valid); |
301 | |
302 | /* |
303 | * Returns 0 if the acl can be exactly represented in the traditional |
304 | * file mode permission bits, or else 1. Returns -E... on error. |
305 | */ |
306 | int |
307 | posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p) |
308 | { |
309 | const struct posix_acl_entry *pa, *pe; |
310 | umode_t mode = 0; |
311 | int not_equiv = 0; |
312 | |
313 | /* |
314 | * A null ACL can always be presented as mode bits. |
315 | */ |
316 | if (!acl) |
317 | return 0; |
318 | |
319 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
320 | switch (pa->e_tag) { |
321 | case ACL_USER_OBJ: |
322 | mode |= (pa->e_perm & S_IRWXO) << 6; |
323 | break; |
324 | case ACL_GROUP_OBJ: |
325 | mode |= (pa->e_perm & S_IRWXO) << 3; |
326 | break; |
327 | case ACL_OTHER: |
328 | mode |= pa->e_perm & S_IRWXO; |
329 | break; |
330 | case ACL_MASK: |
331 | mode = (mode & ~S_IRWXG) | |
332 | ((pa->e_perm & S_IRWXO) << 3); |
333 | not_equiv = 1; |
334 | break; |
335 | case ACL_USER: |
336 | case ACL_GROUP: |
337 | not_equiv = 1; |
338 | break; |
339 | default: |
340 | return -EINVAL; |
341 | } |
342 | } |
343 | if (mode_p) |
344 | *mode_p = (*mode_p & ~S_IRWXUGO) | mode; |
345 | return not_equiv; |
346 | } |
347 | EXPORT_SYMBOL(posix_acl_equiv_mode); |
348 | |
349 | /* |
350 | * Create an ACL representing the file mode permission bits of an inode. |
351 | */ |
352 | struct posix_acl * |
353 | posix_acl_from_mode(umode_t mode, gfp_t flags) |
354 | { |
355 | struct posix_acl *acl = posix_acl_alloc(3, flags); |
356 | if (!acl) |
357 | return ERR_PTR(error: -ENOMEM); |
358 | |
359 | acl->a_entries[0].e_tag = ACL_USER_OBJ; |
360 | acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; |
361 | |
362 | acl->a_entries[1].e_tag = ACL_GROUP_OBJ; |
363 | acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; |
364 | |
365 | acl->a_entries[2].e_tag = ACL_OTHER; |
366 | acl->a_entries[2].e_perm = (mode & S_IRWXO); |
367 | return acl; |
368 | } |
369 | EXPORT_SYMBOL(posix_acl_from_mode); |
370 | |
371 | /* |
372 | * Return 0 if current is granted want access to the inode |
373 | * by the acl. Returns -E... otherwise. |
374 | */ |
375 | int |
376 | posix_acl_permission(struct mnt_idmap *idmap, struct inode *inode, |
377 | const struct posix_acl *acl, int want) |
378 | { |
379 | const struct posix_acl_entry *pa, *pe, *mask_obj; |
380 | struct user_namespace *fs_userns = i_user_ns(inode); |
381 | int found = 0; |
382 | vfsuid_t vfsuid; |
383 | vfsgid_t vfsgid; |
384 | |
385 | want &= MAY_READ | MAY_WRITE | MAY_EXEC; |
386 | |
387 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
388 | switch(pa->e_tag) { |
389 | case ACL_USER_OBJ: |
390 | /* (May have been checked already) */ |
391 | vfsuid = i_uid_into_vfsuid(idmap, inode); |
392 | if (vfsuid_eq_kuid(vfsuid, current_fsuid())) |
393 | goto check_perm; |
394 | break; |
395 | case ACL_USER: |
396 | vfsuid = make_vfsuid(idmap, fs_userns, |
397 | kuid: pa->e_uid); |
398 | if (vfsuid_eq_kuid(vfsuid, current_fsuid())) |
399 | goto mask; |
400 | break; |
401 | case ACL_GROUP_OBJ: |
402 | vfsgid = i_gid_into_vfsgid(idmap, inode); |
403 | if (vfsgid_in_group_p(vfsgid)) { |
404 | found = 1; |
405 | if ((pa->e_perm & want) == want) |
406 | goto mask; |
407 | } |
408 | break; |
409 | case ACL_GROUP: |
410 | vfsgid = make_vfsgid(idmap, fs_userns, |
411 | kgid: pa->e_gid); |
412 | if (vfsgid_in_group_p(vfsgid)) { |
413 | found = 1; |
414 | if ((pa->e_perm & want) == want) |
415 | goto mask; |
416 | } |
417 | break; |
418 | case ACL_MASK: |
419 | break; |
420 | case ACL_OTHER: |
421 | if (found) |
422 | return -EACCES; |
423 | else |
424 | goto check_perm; |
425 | default: |
426 | return -EIO; |
427 | } |
428 | } |
429 | return -EIO; |
430 | |
431 | mask: |
432 | for (mask_obj = pa+1; mask_obj != pe; mask_obj++) { |
433 | if (mask_obj->e_tag == ACL_MASK) { |
434 | if ((pa->e_perm & mask_obj->e_perm & want) == want) |
435 | return 0; |
436 | return -EACCES; |
437 | } |
438 | } |
439 | |
440 | check_perm: |
441 | if ((pa->e_perm & want) == want) |
442 | return 0; |
443 | return -EACCES; |
444 | } |
445 | |
446 | /* |
447 | * Modify acl when creating a new inode. The caller must ensure the acl is |
448 | * only referenced once. |
449 | * |
450 | * mode_p initially must contain the mode parameter to the open() / creat() |
451 | * system calls. All permissions that are not granted by the acl are removed. |
452 | * The permissions in the acl are changed to reflect the mode_p parameter. |
453 | */ |
454 | static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) |
455 | { |
456 | struct posix_acl_entry *pa, *pe; |
457 | struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; |
458 | umode_t mode = *mode_p; |
459 | int not_equiv = 0; |
460 | |
461 | /* assert(atomic_read(acl->a_refcount) == 1); */ |
462 | |
463 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
464 | switch(pa->e_tag) { |
465 | case ACL_USER_OBJ: |
466 | pa->e_perm &= (mode >> 6) | ~S_IRWXO; |
467 | mode &= (pa->e_perm << 6) | ~S_IRWXU; |
468 | break; |
469 | |
470 | case ACL_USER: |
471 | case ACL_GROUP: |
472 | not_equiv = 1; |
473 | break; |
474 | |
475 | case ACL_GROUP_OBJ: |
476 | group_obj = pa; |
477 | break; |
478 | |
479 | case ACL_OTHER: |
480 | pa->e_perm &= mode | ~S_IRWXO; |
481 | mode &= pa->e_perm | ~S_IRWXO; |
482 | break; |
483 | |
484 | case ACL_MASK: |
485 | mask_obj = pa; |
486 | not_equiv = 1; |
487 | break; |
488 | |
489 | default: |
490 | return -EIO; |
491 | } |
492 | } |
493 | |
494 | if (mask_obj) { |
495 | mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO; |
496 | mode &= (mask_obj->e_perm << 3) | ~S_IRWXG; |
497 | } else { |
498 | if (!group_obj) |
499 | return -EIO; |
500 | group_obj->e_perm &= (mode >> 3) | ~S_IRWXO; |
501 | mode &= (group_obj->e_perm << 3) | ~S_IRWXG; |
502 | } |
503 | |
504 | *mode_p = (*mode_p & ~S_IRWXUGO) | mode; |
505 | return not_equiv; |
506 | } |
507 | |
508 | /* |
509 | * Modify the ACL for the chmod syscall. |
510 | */ |
511 | static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode) |
512 | { |
513 | struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; |
514 | struct posix_acl_entry *pa, *pe; |
515 | |
516 | /* assert(atomic_read(acl->a_refcount) == 1); */ |
517 | |
518 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
519 | switch(pa->e_tag) { |
520 | case ACL_USER_OBJ: |
521 | pa->e_perm = (mode & S_IRWXU) >> 6; |
522 | break; |
523 | |
524 | case ACL_USER: |
525 | case ACL_GROUP: |
526 | break; |
527 | |
528 | case ACL_GROUP_OBJ: |
529 | group_obj = pa; |
530 | break; |
531 | |
532 | case ACL_MASK: |
533 | mask_obj = pa; |
534 | break; |
535 | |
536 | case ACL_OTHER: |
537 | pa->e_perm = (mode & S_IRWXO); |
538 | break; |
539 | |
540 | default: |
541 | return -EIO; |
542 | } |
543 | } |
544 | |
545 | if (mask_obj) { |
546 | mask_obj->e_perm = (mode & S_IRWXG) >> 3; |
547 | } else { |
548 | if (!group_obj) |
549 | return -EIO; |
550 | group_obj->e_perm = (mode & S_IRWXG) >> 3; |
551 | } |
552 | |
553 | return 0; |
554 | } |
555 | |
556 | int |
557 | __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p) |
558 | { |
559 | struct posix_acl *clone = posix_acl_clone(*acl, gfp); |
560 | int err = -ENOMEM; |
561 | if (clone) { |
562 | err = posix_acl_create_masq(acl: clone, mode_p); |
563 | if (err < 0) { |
564 | posix_acl_release(acl: clone); |
565 | clone = NULL; |
566 | } |
567 | } |
568 | posix_acl_release(acl: *acl); |
569 | *acl = clone; |
570 | return err; |
571 | } |
572 | EXPORT_SYMBOL(__posix_acl_create); |
573 | |
574 | int |
575 | __posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode) |
576 | { |
577 | struct posix_acl *clone = posix_acl_clone(*acl, gfp); |
578 | int err = -ENOMEM; |
579 | if (clone) { |
580 | err = __posix_acl_chmod_masq(acl: clone, mode); |
581 | if (err) { |
582 | posix_acl_release(acl: clone); |
583 | clone = NULL; |
584 | } |
585 | } |
586 | posix_acl_release(acl: *acl); |
587 | *acl = clone; |
588 | return err; |
589 | } |
590 | EXPORT_SYMBOL(__posix_acl_chmod); |
591 | |
592 | /** |
593 | * posix_acl_chmod - chmod a posix acl |
594 | * |
595 | * @idmap: idmap of the mount @inode was found from |
596 | * @dentry: dentry to check permissions on |
597 | * @mode: the new mode of @inode |
598 | * |
599 | * If the dentry has been found through an idmapped mount the idmap of |
600 | * the vfsmount must be passed through @idmap. This function will then |
601 | * take care to map the inode according to @idmap before checking |
602 | * permissions. On non-idmapped mounts or if permission checking is to be |
603 | * performed on the raw inode simply passs @nop_mnt_idmap. |
604 | */ |
605 | int |
606 | posix_acl_chmod(struct mnt_idmap *idmap, struct dentry *dentry, |
607 | umode_t mode) |
608 | { |
609 | struct inode *inode = d_inode(dentry); |
610 | struct posix_acl *acl; |
611 | int ret = 0; |
612 | |
613 | if (!IS_POSIXACL(inode)) |
614 | return 0; |
615 | if (!inode->i_op->set_acl) |
616 | return -EOPNOTSUPP; |
617 | |
618 | acl = get_inode_acl(inode, ACL_TYPE_ACCESS); |
619 | if (IS_ERR_OR_NULL(ptr: acl)) { |
620 | if (acl == ERR_PTR(error: -EOPNOTSUPP)) |
621 | return 0; |
622 | return PTR_ERR(ptr: acl); |
623 | } |
624 | |
625 | ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode); |
626 | if (ret) |
627 | return ret; |
628 | ret = inode->i_op->set_acl(idmap, dentry, acl, ACL_TYPE_ACCESS); |
629 | posix_acl_release(acl); |
630 | return ret; |
631 | } |
632 | EXPORT_SYMBOL(posix_acl_chmod); |
633 | |
634 | int |
635 | posix_acl_create(struct inode *dir, umode_t *mode, |
636 | struct posix_acl **default_acl, struct posix_acl **acl) |
637 | { |
638 | struct posix_acl *p; |
639 | struct posix_acl *clone; |
640 | int ret; |
641 | |
642 | *acl = NULL; |
643 | *default_acl = NULL; |
644 | |
645 | if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) |
646 | return 0; |
647 | |
648 | p = get_inode_acl(dir, ACL_TYPE_DEFAULT); |
649 | if (!p || p == ERR_PTR(error: -EOPNOTSUPP)) { |
650 | *mode &= ~current_umask(); |
651 | return 0; |
652 | } |
653 | if (IS_ERR(ptr: p)) |
654 | return PTR_ERR(ptr: p); |
655 | |
656 | ret = -ENOMEM; |
657 | clone = posix_acl_clone(p, GFP_NOFS); |
658 | if (!clone) |
659 | goto err_release; |
660 | |
661 | ret = posix_acl_create_masq(acl: clone, mode_p: mode); |
662 | if (ret < 0) |
663 | goto err_release_clone; |
664 | |
665 | if (ret == 0) |
666 | posix_acl_release(acl: clone); |
667 | else |
668 | *acl = clone; |
669 | |
670 | if (!S_ISDIR(*mode)) |
671 | posix_acl_release(acl: p); |
672 | else |
673 | *default_acl = p; |
674 | |
675 | return 0; |
676 | |
677 | err_release_clone: |
678 | posix_acl_release(acl: clone); |
679 | err_release: |
680 | posix_acl_release(acl: p); |
681 | return ret; |
682 | } |
683 | EXPORT_SYMBOL_GPL(posix_acl_create); |
684 | |
685 | /** |
686 | * posix_acl_update_mode - update mode in set_acl |
687 | * @idmap: idmap of the mount @inode was found from |
688 | * @inode: target inode |
689 | * @mode_p: mode (pointer) for update |
690 | * @acl: acl pointer |
691 | * |
692 | * Update the file mode when setting an ACL: compute the new file permission |
693 | * bits based on the ACL. In addition, if the ACL is equivalent to the new |
694 | * file mode, set *@acl to NULL to indicate that no ACL should be set. |
695 | * |
696 | * As with chmod, clear the setgid bit if the caller is not in the owning group |
697 | * or capable of CAP_FSETID (see inode_change_ok). |
698 | * |
699 | * If the inode has been found through an idmapped mount the idmap of |
700 | * the vfsmount must be passed through @idmap. This function will then |
701 | * take care to map the inode according to @idmap before checking |
702 | * permissions. On non-idmapped mounts or if permission checking is to be |
703 | * performed on the raw inode simply passs @nop_mnt_idmap. |
704 | * |
705 | * Called from set_acl inode operations. |
706 | */ |
707 | int posix_acl_update_mode(struct mnt_idmap *idmap, |
708 | struct inode *inode, umode_t *mode_p, |
709 | struct posix_acl **acl) |
710 | { |
711 | umode_t mode = inode->i_mode; |
712 | int error; |
713 | |
714 | error = posix_acl_equiv_mode(*acl, &mode); |
715 | if (error < 0) |
716 | return error; |
717 | if (error == 0) |
718 | *acl = NULL; |
719 | if (!vfsgid_in_group_p(vfsgid: i_gid_into_vfsgid(idmap, inode)) && |
720 | !capable_wrt_inode_uidgid(idmap, inode, CAP_FSETID)) |
721 | mode &= ~S_ISGID; |
722 | *mode_p = mode; |
723 | return 0; |
724 | } |
725 | EXPORT_SYMBOL(posix_acl_update_mode); |
726 | |
727 | /* |
728 | * Fix up the uids and gids in posix acl extended attributes in place. |
729 | */ |
730 | static int posix_acl_fix_xattr_common(const void *value, size_t size) |
731 | { |
732 | const struct posix_acl_xattr_header * = value; |
733 | int count; |
734 | |
735 | if (!header) |
736 | return -EINVAL; |
737 | if (size < sizeof(struct posix_acl_xattr_header)) |
738 | return -EINVAL; |
739 | if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) |
740 | return -EOPNOTSUPP; |
741 | |
742 | count = posix_acl_xattr_count(size); |
743 | if (count < 0) |
744 | return -EINVAL; |
745 | if (count == 0) |
746 | return 0; |
747 | |
748 | return count; |
749 | } |
750 | |
751 | /** |
752 | * posix_acl_from_xattr - convert POSIX ACLs from backing store to VFS format |
753 | * @userns: the filesystem's idmapping |
754 | * @value: the uapi representation of POSIX ACLs |
755 | * @size: the size of @void |
756 | * |
757 | * Filesystems that store POSIX ACLs in the unaltered uapi format should use |
758 | * posix_acl_from_xattr() when reading them from the backing store and |
759 | * converting them into the struct posix_acl VFS format. The helper is |
760 | * specifically intended to be called from the acl inode operation. |
761 | * |
762 | * The posix_acl_from_xattr() function will map the raw {g,u}id values stored |
763 | * in ACL_{GROUP,USER} entries into idmapping in @userns. |
764 | * |
765 | * Note that posix_acl_from_xattr() does not take idmapped mounts into account. |
766 | * If it did it calling it from the get acl inode operation would return POSIX |
767 | * ACLs mapped according to an idmapped mount which would mean that the value |
768 | * couldn't be cached for the filesystem. Idmapped mounts are taken into |
769 | * account on the fly during permission checking or right at the VFS - |
770 | * userspace boundary before reporting them to the user. |
771 | * |
772 | * Return: Allocated struct posix_acl on success, NULL for a valid header but |
773 | * without actual POSIX ACL entries, or ERR_PTR() encoded error code. |
774 | */ |
775 | struct posix_acl *posix_acl_from_xattr(struct user_namespace *userns, |
776 | const void *value, size_t size) |
777 | { |
778 | const struct posix_acl_xattr_header * = value; |
779 | const struct posix_acl_xattr_entry *entry = (const void *)(header + 1), *end; |
780 | int count; |
781 | struct posix_acl *acl; |
782 | struct posix_acl_entry *acl_e; |
783 | |
784 | count = posix_acl_fix_xattr_common(value, size); |
785 | if (count < 0) |
786 | return ERR_PTR(error: count); |
787 | if (count == 0) |
788 | return NULL; |
789 | |
790 | acl = posix_acl_alloc(count, GFP_NOFS); |
791 | if (!acl) |
792 | return ERR_PTR(error: -ENOMEM); |
793 | acl_e = acl->a_entries; |
794 | |
795 | for (end = entry + count; entry != end; acl_e++, entry++) { |
796 | acl_e->e_tag = le16_to_cpu(entry->e_tag); |
797 | acl_e->e_perm = le16_to_cpu(entry->e_perm); |
798 | |
799 | switch(acl_e->e_tag) { |
800 | case ACL_USER_OBJ: |
801 | case ACL_GROUP_OBJ: |
802 | case ACL_MASK: |
803 | case ACL_OTHER: |
804 | break; |
805 | |
806 | case ACL_USER: |
807 | acl_e->e_uid = make_kuid(from: userns, |
808 | le32_to_cpu(entry->e_id)); |
809 | if (!uid_valid(uid: acl_e->e_uid)) |
810 | goto fail; |
811 | break; |
812 | case ACL_GROUP: |
813 | acl_e->e_gid = make_kgid(from: userns, |
814 | le32_to_cpu(entry->e_id)); |
815 | if (!gid_valid(gid: acl_e->e_gid)) |
816 | goto fail; |
817 | break; |
818 | |
819 | default: |
820 | goto fail; |
821 | } |
822 | } |
823 | return acl; |
824 | |
825 | fail: |
826 | posix_acl_release(acl); |
827 | return ERR_PTR(error: -EINVAL); |
828 | } |
829 | EXPORT_SYMBOL (posix_acl_from_xattr); |
830 | |
831 | /* |
832 | * Convert from in-memory to extended attribute representation. |
833 | */ |
834 | int |
835 | posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, |
836 | void *buffer, size_t size) |
837 | { |
838 | struct posix_acl_xattr_header *ext_acl = buffer; |
839 | struct posix_acl_xattr_entry *ext_entry; |
840 | int real_size, n; |
841 | |
842 | real_size = posix_acl_xattr_size(count: acl->a_count); |
843 | if (!buffer) |
844 | return real_size; |
845 | if (real_size > size) |
846 | return -ERANGE; |
847 | |
848 | ext_entry = (void *)(ext_acl + 1); |
849 | ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); |
850 | |
851 | for (n=0; n < acl->a_count; n++, ext_entry++) { |
852 | const struct posix_acl_entry *acl_e = &acl->a_entries[n]; |
853 | ext_entry->e_tag = cpu_to_le16(acl_e->e_tag); |
854 | ext_entry->e_perm = cpu_to_le16(acl_e->e_perm); |
855 | switch(acl_e->e_tag) { |
856 | case ACL_USER: |
857 | ext_entry->e_id = |
858 | cpu_to_le32(from_kuid(user_ns, acl_e->e_uid)); |
859 | break; |
860 | case ACL_GROUP: |
861 | ext_entry->e_id = |
862 | cpu_to_le32(from_kgid(user_ns, acl_e->e_gid)); |
863 | break; |
864 | default: |
865 | ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); |
866 | break; |
867 | } |
868 | } |
869 | return real_size; |
870 | } |
871 | EXPORT_SYMBOL (posix_acl_to_xattr); |
872 | |
873 | /** |
874 | * vfs_posix_acl_to_xattr - convert from kernel to userspace representation |
875 | * @idmap: idmap of the mount |
876 | * @inode: inode the posix acls are set on |
877 | * @acl: the posix acls as represented by the vfs |
878 | * @buffer: the buffer into which to convert @acl |
879 | * @size: size of @buffer |
880 | * |
881 | * This converts @acl from the VFS representation in the filesystem idmapping |
882 | * to the uapi form reportable to userspace. And mount and caller idmappings |
883 | * are handled appropriately. |
884 | * |
885 | * Return: On success, the size of the stored uapi posix acls, on error a |
886 | * negative errno. |
887 | */ |
888 | static ssize_t vfs_posix_acl_to_xattr(struct mnt_idmap *idmap, |
889 | struct inode *inode, |
890 | const struct posix_acl *acl, void *buffer, |
891 | size_t size) |
892 | |
893 | { |
894 | struct posix_acl_xattr_header *ext_acl = buffer; |
895 | struct posix_acl_xattr_entry *ext_entry; |
896 | struct user_namespace *fs_userns, *caller_userns; |
897 | ssize_t real_size, n; |
898 | vfsuid_t vfsuid; |
899 | vfsgid_t vfsgid; |
900 | |
901 | real_size = posix_acl_xattr_size(count: acl->a_count); |
902 | if (!buffer) |
903 | return real_size; |
904 | if (real_size > size) |
905 | return -ERANGE; |
906 | |
907 | ext_entry = (void *)(ext_acl + 1); |
908 | ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); |
909 | |
910 | fs_userns = i_user_ns(inode); |
911 | caller_userns = current_user_ns(); |
912 | for (n=0; n < acl->a_count; n++, ext_entry++) { |
913 | const struct posix_acl_entry *acl_e = &acl->a_entries[n]; |
914 | ext_entry->e_tag = cpu_to_le16(acl_e->e_tag); |
915 | ext_entry->e_perm = cpu_to_le16(acl_e->e_perm); |
916 | switch(acl_e->e_tag) { |
917 | case ACL_USER: |
918 | vfsuid = make_vfsuid(idmap, fs_userns, kuid: acl_e->e_uid); |
919 | ext_entry->e_id = cpu_to_le32(from_kuid( |
920 | caller_userns, vfsuid_into_kuid(vfsuid))); |
921 | break; |
922 | case ACL_GROUP: |
923 | vfsgid = make_vfsgid(idmap, fs_userns, kgid: acl_e->e_gid); |
924 | ext_entry->e_id = cpu_to_le32(from_kgid( |
925 | caller_userns, vfsgid_into_kgid(vfsgid))); |
926 | break; |
927 | default: |
928 | ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); |
929 | break; |
930 | } |
931 | } |
932 | return real_size; |
933 | } |
934 | |
935 | int |
936 | set_posix_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
937 | int type, struct posix_acl *acl) |
938 | { |
939 | struct inode *inode = d_inode(dentry); |
940 | |
941 | if (!IS_POSIXACL(inode)) |
942 | return -EOPNOTSUPP; |
943 | if (!inode->i_op->set_acl) |
944 | return -EOPNOTSUPP; |
945 | |
946 | if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) |
947 | return acl ? -EACCES : 0; |
948 | if (!inode_owner_or_capable(idmap, inode)) |
949 | return -EPERM; |
950 | |
951 | if (acl) { |
952 | int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl); |
953 | if (ret) |
954 | return ret; |
955 | } |
956 | return inode->i_op->set_acl(idmap, dentry, acl, type); |
957 | } |
958 | EXPORT_SYMBOL(set_posix_acl); |
959 | |
960 | int posix_acl_listxattr(struct inode *inode, char **buffer, |
961 | ssize_t *remaining_size) |
962 | { |
963 | int err; |
964 | |
965 | if (!IS_POSIXACL(inode)) |
966 | return 0; |
967 | |
968 | if (inode->i_acl) { |
969 | err = xattr_list_one(buffer, remaining_size, |
970 | XATTR_NAME_POSIX_ACL_ACCESS); |
971 | if (err) |
972 | return err; |
973 | } |
974 | |
975 | if (inode->i_default_acl) { |
976 | err = xattr_list_one(buffer, remaining_size, |
977 | XATTR_NAME_POSIX_ACL_DEFAULT); |
978 | if (err) |
979 | return err; |
980 | } |
981 | |
982 | return 0; |
983 | } |
984 | |
985 | static bool |
986 | posix_acl_xattr_list(struct dentry *dentry) |
987 | { |
988 | return IS_POSIXACL(d_backing_inode(dentry)); |
989 | } |
990 | |
991 | /* |
992 | * nop_posix_acl_access - legacy xattr handler for access POSIX ACLs |
993 | * |
994 | * This is the legacy POSIX ACL access xattr handler. It is used by some |
995 | * filesystems to implement their ->listxattr() inode operation. New code |
996 | * should never use them. |
997 | */ |
998 | const struct xattr_handler nop_posix_acl_access = { |
999 | .name = XATTR_NAME_POSIX_ACL_ACCESS, |
1000 | .list = posix_acl_xattr_list, |
1001 | }; |
1002 | EXPORT_SYMBOL_GPL(nop_posix_acl_access); |
1003 | |
1004 | /* |
1005 | * nop_posix_acl_default - legacy xattr handler for default POSIX ACLs |
1006 | * |
1007 | * This is the legacy POSIX ACL default xattr handler. It is used by some |
1008 | * filesystems to implement their ->listxattr() inode operation. New code |
1009 | * should never use them. |
1010 | */ |
1011 | const struct xattr_handler nop_posix_acl_default = { |
1012 | .name = XATTR_NAME_POSIX_ACL_DEFAULT, |
1013 | .list = posix_acl_xattr_list, |
1014 | }; |
1015 | EXPORT_SYMBOL_GPL(nop_posix_acl_default); |
1016 | |
1017 | int simple_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1018 | struct posix_acl *acl, int type) |
1019 | { |
1020 | int error; |
1021 | struct inode *inode = d_inode(dentry); |
1022 | |
1023 | if (type == ACL_TYPE_ACCESS) { |
1024 | error = posix_acl_update_mode(idmap, inode, |
1025 | &inode->i_mode, &acl); |
1026 | if (error) |
1027 | return error; |
1028 | } |
1029 | |
1030 | inode_set_ctime_current(inode); |
1031 | if (IS_I_VERSION(inode)) |
1032 | inode_inc_iversion(inode); |
1033 | set_cached_acl(inode, type, acl); |
1034 | return 0; |
1035 | } |
1036 | |
1037 | int simple_acl_create(struct inode *dir, struct inode *inode) |
1038 | { |
1039 | struct posix_acl *default_acl, *acl; |
1040 | int error; |
1041 | |
1042 | error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); |
1043 | if (error) |
1044 | return error; |
1045 | |
1046 | set_cached_acl(inode, ACL_TYPE_DEFAULT, default_acl); |
1047 | set_cached_acl(inode, ACL_TYPE_ACCESS, acl); |
1048 | |
1049 | if (default_acl) |
1050 | posix_acl_release(acl: default_acl); |
1051 | if (acl) |
1052 | posix_acl_release(acl); |
1053 | return 0; |
1054 | } |
1055 | |
1056 | static int vfs_set_acl_idmapped_mnt(struct mnt_idmap *idmap, |
1057 | struct user_namespace *fs_userns, |
1058 | struct posix_acl *acl) |
1059 | { |
1060 | for (int n = 0; n < acl->a_count; n++) { |
1061 | struct posix_acl_entry *acl_e = &acl->a_entries[n]; |
1062 | |
1063 | switch (acl_e->e_tag) { |
1064 | case ACL_USER: |
1065 | acl_e->e_uid = from_vfsuid(idmap, fs_userns, |
1066 | VFSUIDT_INIT(acl_e->e_uid)); |
1067 | break; |
1068 | case ACL_GROUP: |
1069 | acl_e->e_gid = from_vfsgid(idmap, fs_userns, |
1070 | VFSGIDT_INIT(acl_e->e_gid)); |
1071 | break; |
1072 | } |
1073 | } |
1074 | |
1075 | return 0; |
1076 | } |
1077 | |
1078 | /** |
1079 | * vfs_set_acl - set posix acls |
1080 | * @idmap: idmap of the mount |
1081 | * @dentry: the dentry based on which to set the posix acls |
1082 | * @acl_name: the name of the posix acl |
1083 | * @kacl: the posix acls in the appropriate VFS format |
1084 | * |
1085 | * This function sets @kacl. The caller must all posix_acl_release() on @kacl |
1086 | * afterwards. |
1087 | * |
1088 | * Return: On success 0, on error negative errno. |
1089 | */ |
1090 | int vfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1091 | const char *acl_name, struct posix_acl *kacl) |
1092 | { |
1093 | int acl_type; |
1094 | int error; |
1095 | struct inode *inode = d_inode(dentry); |
1096 | struct inode *delegated_inode = NULL; |
1097 | |
1098 | acl_type = posix_acl_type(name: acl_name); |
1099 | if (acl_type < 0) |
1100 | return -EINVAL; |
1101 | |
1102 | if (kacl) { |
1103 | /* |
1104 | * If we're on an idmapped mount translate from mount specific |
1105 | * vfs{g,u}id_t into global filesystem k{g,u}id_t. |
1106 | * Afterwards we can cache the POSIX ACLs filesystem wide and - |
1107 | * if this is a filesystem with a backing store - ultimately |
1108 | * translate them to backing store values. |
1109 | */ |
1110 | error = vfs_set_acl_idmapped_mnt(idmap, fs_userns: i_user_ns(inode), acl: kacl); |
1111 | if (error) |
1112 | return error; |
1113 | } |
1114 | |
1115 | retry_deleg: |
1116 | inode_lock(inode); |
1117 | |
1118 | /* |
1119 | * We only care about restrictions the inode struct itself places upon |
1120 | * us otherwise POSIX ACLs aren't subject to any VFS restrictions. |
1121 | */ |
1122 | error = may_write_xattr(idmap, inode); |
1123 | if (error) |
1124 | goto out_inode_unlock; |
1125 | |
1126 | error = security_inode_set_acl(idmap, dentry, acl_name, kacl); |
1127 | if (error) |
1128 | goto out_inode_unlock; |
1129 | |
1130 | error = try_break_deleg(inode, delegated_inode: &delegated_inode); |
1131 | if (error) |
1132 | goto out_inode_unlock; |
1133 | |
1134 | if (likely(!is_bad_inode(inode))) |
1135 | error = set_posix_acl(idmap, dentry, acl_type, kacl); |
1136 | else |
1137 | error = -EIO; |
1138 | if (!error) { |
1139 | fsnotify_xattr(dentry); |
1140 | evm_inode_post_set_acl(dentry, acl_name, kacl); |
1141 | } |
1142 | |
1143 | out_inode_unlock: |
1144 | inode_unlock(inode); |
1145 | |
1146 | if (delegated_inode) { |
1147 | error = break_deleg_wait(delegated_inode: &delegated_inode); |
1148 | if (!error) |
1149 | goto retry_deleg; |
1150 | } |
1151 | |
1152 | return error; |
1153 | } |
1154 | EXPORT_SYMBOL_GPL(vfs_set_acl); |
1155 | |
1156 | /** |
1157 | * vfs_get_acl - get posix acls |
1158 | * @idmap: idmap of the mount |
1159 | * @dentry: the dentry based on which to retrieve the posix acls |
1160 | * @acl_name: the name of the posix acl |
1161 | * |
1162 | * This function retrieves @kacl from the filesystem. The caller must all |
1163 | * posix_acl_release() on @kacl. |
1164 | * |
1165 | * Return: On success POSIX ACLs in VFS format, on error negative errno. |
1166 | */ |
1167 | struct posix_acl *vfs_get_acl(struct mnt_idmap *idmap, |
1168 | struct dentry *dentry, const char *acl_name) |
1169 | { |
1170 | struct inode *inode = d_inode(dentry); |
1171 | struct posix_acl *acl; |
1172 | int acl_type, error; |
1173 | |
1174 | acl_type = posix_acl_type(name: acl_name); |
1175 | if (acl_type < 0) |
1176 | return ERR_PTR(error: -EINVAL); |
1177 | |
1178 | /* |
1179 | * The VFS has no restrictions on reading POSIX ACLs so calling |
1180 | * something like xattr_permission() isn't needed. Only LSMs get a say. |
1181 | */ |
1182 | error = security_inode_get_acl(idmap, dentry, acl_name); |
1183 | if (error) |
1184 | return ERR_PTR(error); |
1185 | |
1186 | if (!IS_POSIXACL(inode)) |
1187 | return ERR_PTR(error: -EOPNOTSUPP); |
1188 | if (S_ISLNK(inode->i_mode)) |
1189 | return ERR_PTR(error: -EOPNOTSUPP); |
1190 | |
1191 | acl = __get_acl(idmap, dentry, inode, type: acl_type); |
1192 | if (IS_ERR(ptr: acl)) |
1193 | return acl; |
1194 | if (!acl) |
1195 | return ERR_PTR(error: -ENODATA); |
1196 | |
1197 | return acl; |
1198 | } |
1199 | EXPORT_SYMBOL_GPL(vfs_get_acl); |
1200 | |
1201 | /** |
1202 | * vfs_remove_acl - remove posix acls |
1203 | * @idmap: idmap of the mount |
1204 | * @dentry: the dentry based on which to retrieve the posix acls |
1205 | * @acl_name: the name of the posix acl |
1206 | * |
1207 | * This function removes posix acls. |
1208 | * |
1209 | * Return: On success 0, on error negative errno. |
1210 | */ |
1211 | int vfs_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1212 | const char *acl_name) |
1213 | { |
1214 | int acl_type; |
1215 | int error; |
1216 | struct inode *inode = d_inode(dentry); |
1217 | struct inode *delegated_inode = NULL; |
1218 | |
1219 | acl_type = posix_acl_type(name: acl_name); |
1220 | if (acl_type < 0) |
1221 | return -EINVAL; |
1222 | |
1223 | retry_deleg: |
1224 | inode_lock(inode); |
1225 | |
1226 | /* |
1227 | * We only care about restrictions the inode struct itself places upon |
1228 | * us otherwise POSIX ACLs aren't subject to any VFS restrictions. |
1229 | */ |
1230 | error = may_write_xattr(idmap, inode); |
1231 | if (error) |
1232 | goto out_inode_unlock; |
1233 | |
1234 | error = security_inode_remove_acl(idmap, dentry, acl_name); |
1235 | if (error) |
1236 | goto out_inode_unlock; |
1237 | |
1238 | error = try_break_deleg(inode, delegated_inode: &delegated_inode); |
1239 | if (error) |
1240 | goto out_inode_unlock; |
1241 | |
1242 | if (likely(!is_bad_inode(inode))) |
1243 | error = set_posix_acl(idmap, dentry, acl_type, NULL); |
1244 | else |
1245 | error = -EIO; |
1246 | if (!error) { |
1247 | fsnotify_xattr(dentry); |
1248 | evm_inode_post_remove_acl(idmap, dentry, acl_name); |
1249 | } |
1250 | |
1251 | out_inode_unlock: |
1252 | inode_unlock(inode); |
1253 | |
1254 | if (delegated_inode) { |
1255 | error = break_deleg_wait(delegated_inode: &delegated_inode); |
1256 | if (!error) |
1257 | goto retry_deleg; |
1258 | } |
1259 | |
1260 | return error; |
1261 | } |
1262 | EXPORT_SYMBOL_GPL(vfs_remove_acl); |
1263 | |
1264 | int do_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1265 | const char *acl_name, const void *kvalue, size_t size) |
1266 | { |
1267 | int error; |
1268 | struct posix_acl *acl = NULL; |
1269 | |
1270 | if (size) { |
1271 | /* |
1272 | * Note that posix_acl_from_xattr() uses GFP_NOFS when it |
1273 | * probably doesn't need to here. |
1274 | */ |
1275 | acl = posix_acl_from_xattr(current_user_ns(), kvalue, size); |
1276 | if (IS_ERR(ptr: acl)) |
1277 | return PTR_ERR(ptr: acl); |
1278 | } |
1279 | |
1280 | error = vfs_set_acl(idmap, dentry, acl_name, acl); |
1281 | posix_acl_release(acl); |
1282 | return error; |
1283 | } |
1284 | |
1285 | ssize_t do_get_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
1286 | const char *acl_name, void *kvalue, size_t size) |
1287 | { |
1288 | ssize_t error; |
1289 | struct posix_acl *acl; |
1290 | |
1291 | acl = vfs_get_acl(idmap, dentry, acl_name); |
1292 | if (IS_ERR(ptr: acl)) |
1293 | return PTR_ERR(ptr: acl); |
1294 | |
1295 | error = vfs_posix_acl_to_xattr(idmap, inode: d_inode(dentry), |
1296 | acl, buffer: kvalue, size); |
1297 | posix_acl_release(acl); |
1298 | return error; |
1299 | } |
1300 | |