public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-11-27 01:11:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/fs/gfs2/acl.c

156 lines
3.3 KiB
C
Raw Normal View History

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 398 Based on 1 normalized pattern(s): this copyrighted material is made available to anyone wishing to use modify copy or redistribute it subject to the terms and conditions of the gnu general public license version 2 extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 44 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531081038.653000175@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-31 01:09:56 -07:00
// SPDX-License-Identifier: GPL-2.0-only
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
/*
* Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
[GFS2] Update copyright date to 2006 Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-05-18 15:09:15 -04:00
* Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved.
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
*/
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/completion.h>
#include <linux/buffer_head.h>
GFS2: Fix up system xattrs This code has been shamelessly stolen from XFS at the suggestion of Christoph Hellwig. I've not added support for cached ACLs so far... watch for that in a later patch, although this is designed in such a way that they should be easy to add. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com> Cc: Christoph Hellwig <hch@infradead.org>
2009-10-02 11:50:54 +01:00
#include <linux/xattr.h>
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
#include <linux/posix_acl.h>
#include <linux/posix_acl_xattr.h>
[GFS2] Macros removal in gfs2.h As suggested by Pekka Enberg <penberg@cs.helsinki.fi>. The DIV_RU macro is renamed DIV_ROUND_UP and and moved to kernel.h The other macros are gone from gfs2.h as (although not requested by Pekka Enberg) are a number of included header file which are now included individually. The inode number comparison function is now an inline function. The DT2IF and IF2DT may be addressed in a future patch. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-02-27 17:23:27 -05:00
#include <linux/gfs2_ondisk.h>
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
#include "gfs2.h"
[GFS2] Macros removal in gfs2.h As suggested by Pekka Enberg <penberg@cs.helsinki.fi>. The DIV_RU macro is renamed DIV_ROUND_UP and and moved to kernel.h The other macros are gone from gfs2.h as (although not requested by Pekka Enberg) are a number of included header file which are now included individually. The inode number comparison function is now an inline function. The DT2IF and IF2DT may be addressed in a future patch. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-02-27 17:23:27 -05:00
#include "incore.h"
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
#include "acl.h"
GFS2: Rename eattr.[ch] as xattr.[ch] Use the more conventional name for the extended attribute support code. Update all the places which care. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-08-26 18:51:04 +01:00
#include "xattr.h"
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
#include "glock.h"
#include "inode.h"
#include "meta_io.h"
gfs2: eliminate gfs2_rsqa_alloc in favor of gfs2_qa_alloc Before this patch, multiple callers called gfs2_rsqa_alloc to force the existence of a reservations structure and a quota data structure if needed. However, now the reservations are handled separately, so the quota data is only the quota data. So we eliminate the one in favor of just calling gfs2_qa_alloc directly. Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2020-03-06 10:18:44 -06:00
#include "quota.h"
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
#include "rgrp.h"
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
#include "trans.h"
[GFS2] Macros removal in gfs2.h As suggested by Pekka Enberg <penberg@cs.helsinki.fi>. The DIV_RU macro is renamed DIV_ROUND_UP and and moved to kernel.h The other macros are gone from gfs2.h as (although not requested by Pekka Enberg) are a number of included header file which are now included individually. The inode number comparison function is now an inline function. The DT2IF and IF2DT may be addressed in a future patch. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-02-27 17:23:27 -05:00
#include "util.h"
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
static const char *gfs2_acl_name(int type)
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
{
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
switch (type) {
case ACL_TYPE_ACCESS:
posix acls: Remove duplicate xattr name definitions Remove POSIX_ACL_XATTR_{ACCESS,DEFAULT} and GFS2_POSIX_ACL_{ACCESS,DEFAULT} and replace them with the definitions in <include/uapi/linux/xattr.h>. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-12-02 14:44:35 +01:00
return XATTR_POSIX_ACL_ACCESS;
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
case ACL_TYPE_DEFAULT:
posix acls: Remove duplicate xattr name definitions Remove POSIX_ACL_XATTR_{ACCESS,DEFAULT} and GFS2_POSIX_ACL_{ACCESS,DEFAULT} and replace them with the definitions in <include/uapi/linux/xattr.h>. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-12-02 14:44:35 +01:00
return XATTR_POSIX_ACL_DEFAULT;
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
}
return NULL;
}
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
static struct posix_acl *__gfs2_get_acl(struct inode *inode, int type)
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
{
GFS2: We only need one ACL getting function There is no need to have two versions of this function with slightly different arguments. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2011-11-23 13:31:51 +00:00
struct gfs2_inode *ip = GFS2_I(inode);
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
struct posix_acl *acl;
const char *name;
char *data;
int len;
GFS2: Clean up of extended attribute support This has been on my list for some time. We need to change the way in which we handle extended attributes to allow faster file creation times (by reducing the number of transactions required) and the extended attribute code is the main obstacle to this. In addition to that, the VFS provides a way to demultiplex the xattr calls which we ought to be using, rather than rolling our own. This patch changes the GFS2 code to use that VFS feature and as a result the code shrinks by a couple of hundred lines or so, and becomes easier to read. I'm planning on doing further clean up work in this area, but this patch is a good start. The cleaned up code also uses the more usual "xattr" shorthand, I plan to eliminate the use of "eattr" eventually and in the mean time it serves as a flag as to which bits of the code have been updated. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-08-26 18:41:32 +01:00
GFS2: Move di_eattr into "proper" inode This moves the di_eattr field out of gfs2_inode_host and into the inode proper. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2008-11-03 14:28:42 +00:00
if (!ip->i_eattr)
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
return NULL;
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
name = gfs2_acl_name(type);
len = gfs2_xattr_acl_get(ip, name, &data);
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
if (len <= 0)
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
return ERR_PTR(len);
userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr - Pass the user namespace the uid and gid values in the xattr are stored in into posix_acl_from_xattr. - Pass the user namespace kuid and kgid values should be converted into when storing uid and gid values in an xattr in posix_acl_to_xattr. - Modify all callers of posix_acl_from_xattr and posix_acl_to_xattr to pass in &init_user_ns. In the short term this change is not strictly needed but it makes the code clearer. In the longer term this change is necessary to be able to mount filesystems outside of the initial user namespace that natively store posix acls in the linux xattr format. Cc: Theodore Tso <tytso@mit.edu> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Jan Kara <jack@suse.cz> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2012-09-10 20:17:44 -07:00
acl = posix_acl_from_xattr(&init_user_ns, data, len);
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
kfree(data);
return acl;
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
}
vfs: add rcu argument to ->get_acl() callback Add a rcu argument to the ->get_acl() callback to allow get_cached_acl_rcu() to call the ->get_acl() method in the next patch. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2021-08-18 22:08:24 +02:00
struct posix_acl *gfs2_get_acl(struct inode *inode, int type, bool rcu)
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
{
struct gfs2_inode *ip = GFS2_I(inode);
struct gfs2_holder gh;
bool need_unlock = false;
struct posix_acl *acl;
vfs: add rcu argument to ->get_acl() callback Add a rcu argument to the ->get_acl() callback to allow get_cached_acl_rcu() to call the ->get_acl() method in the next patch. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2021-08-18 22:08:24 +02:00
if (rcu)
return ERR_PTR(-ECHILD);
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
if (!gfs2_glock_is_locked_by_me(ip->i_gl)) {
int ret = gfs2_glock_nq_init(ip->i_gl, LM_ST_SHARED,
LM_FLAG_ANY, &gh);
if (ret)
return ERR_PTR(ret);
need_unlock = true;
}
acl = __gfs2_get_acl(inode, type);
if (need_unlock)
gfs2_glock_dq_uninit(&gh);
return acl;
}
int __gfs2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
[GFS2] The core of GFS2 This patch contains all the core files for GFS2. Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2006-01-16 16:50:04 +00:00
{
int error;
gfs2: using posix_acl_xattr_size instead of posix_acl_to_xattr It seems better to get size by calling posix_acl_xattr_size() instead of calling posix_acl_to_xattr() with NULL buffer argument. posix_acl_xattr_size() never returns 0, so remove the unnecessary check. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2018-06-22 09:51:43 +08:00
size_t len;
GFS2: Clean up ACLs To prepare for support for caching of ACLs, this cleans up the GFS2 ACL support by pushing the xattr code back into xattr.c and changing the acl_get function into one which only returns ACLs so that we can drop the caching function into it shortly. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-10-02 12:00:00 +01:00
char *data;
const char *name = gfs2_acl_name(type);
gfs2: use generic posix ACL infrastructure This contains some major refactoring for the create path so that inodes are created with the right mode to start with instead of fixing it up later. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-12-20 05:16:52 -08:00
if (acl) {
gfs2: using posix_acl_xattr_size instead of posix_acl_to_xattr It seems better to get size by calling posix_acl_xattr_size() instead of calling posix_acl_to_xattr() with NULL buffer argument. posix_acl_xattr_size() never returns 0, so remove the unnecessary check. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2018-06-22 09:51:43 +08:00
len = posix_acl_xattr_size(acl->a_count);
gfs2: use generic posix ACL infrastructure This contains some major refactoring for the create path so that inodes are created with the right mode to start with instead of fixing it up later. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-12-20 05:16:52 -08:00
data = kmalloc(len, GFP_NOFS);
if (data == NULL)
return -ENOMEM;
error = posix_acl_to_xattr(&init_user_ns, acl, data, len);
if (error < 0)
goto out;
} else {
data = NULL;
len = 0;
GFS2: Add cached ACLs support The other patches in this series have been building towards being able to support cached ACLs like other filesystems. The only real difference with GFS2 is that we have to invalidate the cache when we drop a glock, but that is dealt with in earlier patches. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2009-09-29 16:26:23 +01:00
}
gfs2: use generic posix ACL infrastructure This contains some major refactoring for the create path so that inodes are created with the right mode to start with instead of fixing it up later. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-12-20 05:16:52 -08:00
error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS);
if (error)
goto out;
GFS2: gfs2_set_acl(): Cache "no acl" as well When removing a default acl or setting an access acl that is entirely represented in the file mode, we end up with acl == NULL in gfs2_set_acl(). In that case, bring gfs2 in line with other file systems and cache the NULL acl with set_cached_acl() instead of invalidating the cache with forget_cached_acl(). Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2015-02-13 12:16:37 -06:00
set_cached_acl(inode, type, acl);
GFS2: Fix up system xattrs This code has been shamelessly stolen from XFS at the suggestion of Christoph Hellwig. I've not added support for cached ACLs so far... watch for that in a later patch, although this is designed in such a way that they should be easy to add. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com> Cc: Christoph Hellwig <hch@infradead.org>
2009-10-02 11:50:54 +01:00
out:
gfs2: use generic posix ACL infrastructure This contains some major refactoring for the create path so that inodes are created with the right mode to start with instead of fixing it up later. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-12-20 05:16:52 -08:00
kfree(data);
GFS2: Fix up system xattrs This code has been shamelessly stolen from XFS at the suggestion of Christoph Hellwig. I've not added support for cached ACLs so far... watch for that in a later patch, although this is designed in such a way that they should be easy to add. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com> Cc: Christoph Hellwig <hch@infradead.org>
2009-10-02 11:50:54 +01:00
return error;
}
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
fs: pass dentry to set acl method The current way of setting and getting posix acls through the generic xattr interface is error prone and type unsafe. The vfs needs to interpret and fixup posix acls before storing or reporting it to userspace. Various hacks exist to make this work. The code is hard to understand and difficult to maintain in it's current form. Instead of making this work by hacking posix acls through xattr handlers we are building a dedicated posix acl api around the get and set inode operations. This removes a lot of hackiness and makes the codepaths easier to maintain. A lot of background can be found in [1]. Since some filesystem rely on the dentry being available to them when setting posix acls (e.g., 9p and cifs) they cannot rely on set acl inode operation. But since ->set_acl() is required in order to use the generic posix acl xattr handlers filesystems that do not implement this inode operation cannot use the handler and need to implement their own dedicated posix acl handlers. Update the ->set_acl() inode method to take a dentry argument. This allows all filesystems to rely on ->set_acl(). As far as I can tell all codepaths can be switched to rely on the dentry instead of just the inode. Note that the original motivation for passing the dentry separate from the inode instead of just the dentry in the xattr handlers was because of security modules that call security_d_instantiate(). This hook is called during d_instantiate_new(), d_add(), __d_instantiate_anon(), and d_splice_alias() to initialize the inode's security context and possibly to set security.* xattrs. Since this only affects security.* xattrs this is completely irrelevant for posix acls. Link: https://lore.kernel.org/all/20220801145520.1532837-1-brauner@kernel.org [1] Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-09-23 10:29:39 +02:00
int gfs2_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
fs: make helpers idmap mount aware Extend some inode methods with an additional user namespace argument. A filesystem that is aware of idmapped mounts will receive the user namespace the mount has been marked with. This can be used for additional permission checking and also to enable filesystems to translate between uids and gids if they need to. We have implemented all relevant helpers in earlier patches. As requested we simply extend the exisiting inode method instead of introducing new ones. This is a little more code churn but it's mostly mechanical and doesnt't leave us with additional inode methods. Link: https://lore.kernel.org/r/20210121131959.646623-25-christian.brauner@ubuntu.com Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-01-21 14:19:43 +01:00
struct posix_acl *acl, int type)
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
{
fs: pass dentry to set acl method The current way of setting and getting posix acls through the generic xattr interface is error prone and type unsafe. The vfs needs to interpret and fixup posix acls before storing or reporting it to userspace. Various hacks exist to make this work. The code is hard to understand and difficult to maintain in it's current form. Instead of making this work by hacking posix acls through xattr handlers we are building a dedicated posix acl api around the get and set inode operations. This removes a lot of hackiness and makes the codepaths easier to maintain. A lot of background can be found in [1]. Since some filesystem rely on the dentry being available to them when setting posix acls (e.g., 9p and cifs) they cannot rely on set acl inode operation. But since ->set_acl() is required in order to use the generic posix acl xattr handlers filesystems that do not implement this inode operation cannot use the handler and need to implement their own dedicated posix acl handlers. Update the ->set_acl() inode method to take a dentry argument. This allows all filesystems to rely on ->set_acl(). As far as I can tell all codepaths can be switched to rely on the dentry instead of just the inode. Note that the original motivation for passing the dentry separate from the inode instead of just the dentry in the xattr handlers was because of security modules that call security_d_instantiate(). This hook is called during d_instantiate_new(), d_add(), __d_instantiate_anon(), and d_splice_alias() to initialize the inode's security context and possibly to set security.* xattrs. Since this only affects security.* xattrs this is completely irrelevant for posix acls. Link: https://lore.kernel.org/all/20220801145520.1532837-1-brauner@kernel.org [1] Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-09-23 10:29:39 +02:00
struct inode *inode = d_inode(dentry);
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
struct gfs2_inode *ip = GFS2_I(inode);
struct gfs2_holder gh;
bool need_unlock = false;
int ret;
gfs2: preserve i_mode if __gfs2_set_acl() fails When changing a file's acl mask, __gfs2_set_acl() will first set the group bits of i_mode to the value of the mask, and only then set the actual extended attribute representing the new acl. If the second part fails (due to lack of space, for example) and the file had no acl attribute to begin with, the system will from now on assume that the mask permission bits are actual group permission bits, potentially granting access to the wrong users. Prevent this by only changing the inode mode after the acl has been set. Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-08-31 07:53:15 -05:00
umode_t mode;
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
gfs2: Don't clear SGID when inheriting ACLs When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit set, DIR1 is expected to have SGID bit set (and owning group equal to the owning group of 'DIR0'). However when 'DIR0' also has some default ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on 'DIR1' to get cleared if user is not member of the owning group. Fix the problem by moving posix_acl_update_mode() out of __gfs2_set_acl() into gfs2_set_acl(). That way the function will not be called when inheriting ACLs which is what we want as it prevents SGID bit clearing and the mode has been properly set by posix_acl_create() anyway. Fixes: 073931017b49d9458aa351605b43a7e34598caef Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-07-19 10:56:42 -05:00
if (acl && acl->a_count > GFS2_ACL_MAX_ENTRIES(GFS2_SB(inode)))
return -E2BIG;
gfs2: Change inode qa_data to allow multiple users Before this patch, multiple users called gfs2_qa_alloc which allocated a qadata structure to the inode, if quotas are turned on. Later, in file close or evict, the structure was deleted with gfs2_qa_delete. But there can be several competing processes who need access to the structure. There were races between file close (release) and the others. Thus, a release could delete the structure out from under a process that relied upon its existence. For example, chown. This patch changes the management of the qadata structures to be a get/put scheme. Function gfs2_qa_alloc has been changed to gfs2_qa_get and if the structure is allocated, the count essentially starts out at 1. Function gfs2_qa_delete has been renamed to gfs2_qa_put, and the last guy to decrement the count to 0 frees the memory. Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2020-02-27 12:47:53 -06:00
ret = gfs2_qa_get(ip);
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
if (ret)
return ret;
if (!gfs2_glock_is_locked_by_me(ip->i_gl)) {
ret = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh);
if (ret)
gfs2: Change inode qa_data to allow multiple users Before this patch, multiple users called gfs2_qa_alloc which allocated a qadata structure to the inode, if quotas are turned on. Later, in file close or evict, the structure was deleted with gfs2_qa_delete. But there can be several competing processes who need access to the structure. There were races between file close (release) and the others. Thus, a release could delete the structure out from under a process that relied upon its existence. For example, chown. This patch changes the management of the qadata structures to be a get/put scheme. Function gfs2_qa_alloc has been changed to gfs2_qa_get and if the structure is allocated, the count essentially starts out at 1. Function gfs2_qa_delete has been renamed to gfs2_qa_put, and the last guy to decrement the count to 0 frees the memory. Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2020-02-27 12:47:53 -06:00
goto out;
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
need_unlock = true;
}
gfs2: Don't clear SGID when inheriting ACLs When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit set, DIR1 is expected to have SGID bit set (and owning group equal to the owning group of 'DIR0'). However when 'DIR0' also has some default ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on 'DIR1' to get cleared if user is not member of the owning group. Fix the problem by moving posix_acl_update_mode() out of __gfs2_set_acl() into gfs2_set_acl(). That way the function will not be called when inheriting ACLs which is what we want as it prevents SGID bit clearing and the mode has been properly set by posix_acl_create() anyway. Fixes: 073931017b49d9458aa351605b43a7e34598caef Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-07-19 10:56:42 -05:00
gfs2: preserve i_mode if __gfs2_set_acl() fails When changing a file's acl mask, __gfs2_set_acl() will first set the group bits of i_mode to the value of the mask, and only then set the actual extended attribute representing the new acl. If the second part fails (due to lack of space, for example) and the file had no acl attribute to begin with, the system will from now on assume that the mask permission bits are actual group permission bits, potentially granting access to the wrong users. Prevent this by only changing the inode mode after the acl has been set. Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-08-31 07:53:15 -05:00
mode = inode->i_mode;
if (type == ACL_TYPE_ACCESS && acl) {
acl: handle idmapped mounts The posix acl permission checking helpers determine whether a caller is privileged over an inode according to the acls associated with the inode. Add helpers that make it possible to handle acls on idmapped mounts. The vfs and the filesystems targeted by this first iteration make use of posix_acl_fix_xattr_from_user() and posix_acl_fix_xattr_to_user() to translate basic posix access and default permissions such as the ACL_USER and ACL_GROUP type according to the initial user namespace (or the superblock's user namespace) to and from the caller's current user namespace. Adapt these two helpers to handle idmapped mounts whereby we either map from or into the mount's user namespace depending on in which direction we're translating. Similarly, cap_convert_nscap() is used by the vfs to translate user namespace and non-user namespace aware filesystem capabilities from the superblock's user namespace to the caller's user namespace. Enable it to handle idmapped mounts by accounting for the mount's user namespace. In addition the fileystems targeted in the first iteration of this patch series make use of the posix_acl_chmod() and, posix_acl_update_mode() helpers. Both helpers perform permission checks on the target inode. Let them handle idmapped mounts. These two helpers are called when posix acls are set by the respective filesystems to handle this case we extend the ->set() method to take an additional user namespace argument to pass the mount's user namespace down. Link: https://lore.kernel.org/r/20210121131959.646623-9-christian.brauner@ubuntu.com Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-01-21 14:19:27 +01:00
ret = posix_acl_update_mode(&init_user_ns, inode, &mode, &acl);
gfs2: Don't clear SGID when inheriting ACLs When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit set, DIR1 is expected to have SGID bit set (and owning group equal to the owning group of 'DIR0'). However when 'DIR0' also has some default ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on 'DIR1' to get cleared if user is not member of the owning group. Fix the problem by moving posix_acl_update_mode() out of __gfs2_set_acl() into gfs2_set_acl(). That way the function will not be called when inheriting ACLs which is what we want as it prevents SGID bit clearing and the mode has been properly set by posix_acl_create() anyway. Fixes: 073931017b49d9458aa351605b43a7e34598caef Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-07-19 10:56:42 -05:00
if (ret)
goto unlock;
}
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
ret = __gfs2_set_acl(inode, acl, type);
gfs2: preserve i_mode if __gfs2_set_acl() fails When changing a file's acl mask, __gfs2_set_acl() will first set the group bits of i_mode to the value of the mask, and only then set the actual extended attribute representing the new acl. If the second part fails (due to lack of space, for example) and the file had no acl attribute to begin with, the system will from now on assume that the mask permission bits are actual group permission bits, potentially granting access to the wrong users. Prevent this by only changing the inode mode after the acl has been set. Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-08-31 07:53:15 -05:00
if (!ret && mode != inode->i_mode) {
gfs2: Always update inode ctime in set_acl Three-entry POSIX ACLs can be stored in the file mode permission bits, with no need to store them in extended attributes. When a process sets such a minimal ACL, the kernel updates the file mode like chmod does, and removes any existing extended attributes for that ACL. Make sure the ctime is always updated in that case. Fixes xfstest generic/307. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-09-25 08:37:15 -05:00
inode->i_ctime = current_time(inode);
gfs2: preserve i_mode if __gfs2_set_acl() fails When changing a file's acl mask, __gfs2_set_acl() will first set the group bits of i_mode to the value of the mask, and only then set the actual extended attribute representing the new acl. If the second part fails (due to lack of space, for example) and the file had no acl attribute to begin with, the system will from now on assume that the mask permission bits are actual group permission bits, potentially granting access to the wrong users. Prevent this by only changing the inode mode after the acl has been set. Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-08-31 07:53:15 -05:00
inode->i_mode = mode;
mark_inode_dirty(inode);
}
gfs2: Don't clear SGID when inheriting ACLs When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit set, DIR1 is expected to have SGID bit set (and owning group equal to the owning group of 'DIR0'). However when 'DIR0' also has some default ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on 'DIR1' to get cleared if user is not member of the owning group. Fix the problem by moving posix_acl_update_mode() out of __gfs2_set_acl() into gfs2_set_acl(). That way the function will not be called when inheriting ACLs which is what we want as it prevents SGID bit clearing and the mode has been properly set by posix_acl_create() anyway. Fixes: 073931017b49d9458aa351605b43a7e34598caef Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-07-19 10:56:42 -05:00
unlock:
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
if (need_unlock)
gfs2_glock_dq_uninit(&gh);
gfs2: Change inode qa_data to allow multiple users Before this patch, multiple users called gfs2_qa_alloc which allocated a qadata structure to the inode, if quotas are turned on. Later, in file close or evict, the structure was deleted with gfs2_qa_delete. But there can be several competing processes who need access to the structure. There were races between file close (release) and the others. Thus, a release could delete the structure out from under a process that relied upon its existence. For example, chown. This patch changes the management of the qadata structures to be a get/put scheme. Function gfs2_qa_alloc has been changed to gfs2_qa_get and if the structure is allocated, the count essentially starts out at 1. Function gfs2_qa_delete has been renamed to gfs2_qa_put, and the last guy to decrement the count to 0 frees the memory. Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2020-02-27 12:47:53 -06:00
out:
gfs2_qa_put(ip);
gfs2: Switch to generic xattr handlers Switch to the generic xattr handlers and take the necessary glocks at the layer below. The following are the new xattr "entry points"; they are called with the glock held already in the following cases: gfs2_xattr_get: From SELinux, during lookups. gfs2_xattr_set: The glock is never held. gfs2_get_acl: From gfs2_create_inode -> posix_acl_create and gfs2_setattr -> posix_acl_chmod. gfs2_set_acl: From gfs2_setattr -> posix_acl_chmod. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-05-13 03:59:17 +02:00
return ret;
}
Reference in a new issue Copy permalink