mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-05-14 19:53:03 +00:00
dfd500d895
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally. So, in order to avoid ending up with a flexible-array member in the middle of other structs, we use the `struct_group_tagged()` helper to create a new tagged `struct posix_acl_hdr`. This structure groups together all the members of the flexible `struct posix_acl` except the flexible array. As a result, the array is effectively separated from the rest of the members without modifying the memory layout of the flexible structure. We then change the type of the middle struct member currently causing trouble from `struct posix_acl` to `struct posix_acl_hdr`. We also want to ensure that when new members need to be added to the flexible structure, they are always included within the newly created tagged struct. For this, we use `static_assert()`. This ensures that the memory layout for both the flexible structure and the new tagged struct is the same after any changes. This approach avoids having to implement `struct posix_acl_hdr` as a completely separate structure, thus preventing having to maintain two independent but basically identical structures, closing the door to potential bugs in the future. We also use `container_of()` whenever we need to retrieve a pointer to the flexible structure, through which we can access the flexible-array member, if necessary. So, with these changes, fix the following warning: fs/nfs_common/nfsacl.c:45:26: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@oracle.com> Acked-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
423 lines
11 KiB
C
423 lines
11 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* fs/nfs_common/nfsacl.c
|
|
*
|
|
* Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de>
|
|
*/
|
|
|
|
/*
|
|
* The Solaris nfsacl protocol represents some ACLs slightly differently
|
|
* than POSIX 1003.1e draft 17 does (and we do):
|
|
*
|
|
* - Minimal ACLs always have an ACL_MASK entry, so they have
|
|
* four instead of three entries.
|
|
* - The ACL_MASK entry in such minimal ACLs always has the same
|
|
* permissions as the ACL_GROUP_OBJ entry. (In extended ACLs
|
|
* the ACL_MASK and ACL_GROUP_OBJ entries may differ.)
|
|
* - The identifier fields of the ACL_USER_OBJ and ACL_GROUP_OBJ
|
|
* entries contain the identifiers of the owner and owning group.
|
|
* (In POSIX ACLs we always set them to ACL_UNDEFINED_ID).
|
|
* - ACL entries in the kernel are kept sorted in ascending order
|
|
* of (e_tag, e_id). Solaris ACLs are unsorted.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/gfp.h>
|
|
#include <linux/sunrpc/xdr.h>
|
|
#include <linux/nfsacl.h>
|
|
#include <linux/nfs3.h>
|
|
#include <linux/sort.h>
|
|
|
|
MODULE_DESCRIPTION("NFS ACL support");
|
|
MODULE_LICENSE("GPL");
|
|
|
|
struct nfsacl_encode_desc {
|
|
struct xdr_array2_desc desc;
|
|
unsigned int count;
|
|
struct posix_acl *acl;
|
|
int typeflag;
|
|
kuid_t uid;
|
|
kgid_t gid;
|
|
};
|
|
|
|
struct nfsacl_simple_acl {
|
|
struct posix_acl_hdr acl;
|
|
struct posix_acl_entry ace[4];
|
|
};
|
|
|
|
static int
|
|
xdr_nfsace_encode(struct xdr_array2_desc *desc, void *elem)
|
|
{
|
|
struct nfsacl_encode_desc *nfsacl_desc =
|
|
(struct nfsacl_encode_desc *) desc;
|
|
__be32 *p = elem;
|
|
|
|
struct posix_acl_entry *entry =
|
|
&nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
|
|
|
|
*p++ = htonl(entry->e_tag | nfsacl_desc->typeflag);
|
|
switch(entry->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
*p++ = htonl(from_kuid(&init_user_ns, nfsacl_desc->uid));
|
|
break;
|
|
case ACL_GROUP_OBJ:
|
|
*p++ = htonl(from_kgid(&init_user_ns, nfsacl_desc->gid));
|
|
break;
|
|
case ACL_USER:
|
|
*p++ = htonl(from_kuid(&init_user_ns, entry->e_uid));
|
|
break;
|
|
case ACL_GROUP:
|
|
*p++ = htonl(from_kgid(&init_user_ns, entry->e_gid));
|
|
break;
|
|
default: /* Solaris depends on that! */
|
|
*p++ = 0;
|
|
break;
|
|
}
|
|
*p++ = htonl(entry->e_perm & S_IRWXO);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* nfsacl_encode - Encode an NFSv3 ACL
|
|
*
|
|
* @buf: destination xdr_buf to contain XDR encoded ACL
|
|
* @base: byte offset in xdr_buf where XDR'd ACL begins
|
|
* @inode: inode of file whose ACL this is
|
|
* @acl: posix_acl to encode
|
|
* @encode_entries: whether to encode ACEs as well
|
|
* @typeflag: ACL type: NFS_ACL_DEFAULT or zero
|
|
*
|
|
* Returns size of encoded ACL in bytes or a negative errno value.
|
|
*/
|
|
int nfsacl_encode(struct xdr_buf *buf, unsigned int base, struct inode *inode,
|
|
struct posix_acl *acl, int encode_entries, int typeflag)
|
|
{
|
|
int entries = (acl && acl->a_count) ? max_t(int, acl->a_count, 4) : 0;
|
|
struct nfsacl_encode_desc nfsacl_desc = {
|
|
.desc = {
|
|
.elem_size = 12,
|
|
.array_len = encode_entries ? entries : 0,
|
|
.xcode = xdr_nfsace_encode,
|
|
},
|
|
.acl = acl,
|
|
.typeflag = typeflag,
|
|
.uid = inode->i_uid,
|
|
.gid = inode->i_gid,
|
|
};
|
|
struct nfsacl_simple_acl aclbuf;
|
|
int err;
|
|
|
|
if (entries > NFS_ACL_MAX_ENTRIES ||
|
|
xdr_encode_word(buf, base, entries))
|
|
return -EINVAL;
|
|
if (encode_entries && acl && acl->a_count == 3) {
|
|
struct posix_acl *acl2 =
|
|
container_of(&aclbuf.acl, struct posix_acl, hdr);
|
|
|
|
/* Avoid the use of posix_acl_alloc(). nfsacl_encode() is
|
|
* invoked in contexts where a memory allocation failure is
|
|
* fatal. Fortunately this fake ACL is small enough to
|
|
* construct on the stack. */
|
|
posix_acl_init(acl2, 4);
|
|
|
|
/* Insert entries in canonical order: other orders seem
|
|
to confuse Solaris VxFS. */
|
|
acl2->a_entries[0] = acl->a_entries[0]; /* ACL_USER_OBJ */
|
|
acl2->a_entries[1] = acl->a_entries[1]; /* ACL_GROUP_OBJ */
|
|
acl2->a_entries[2] = acl->a_entries[1]; /* ACL_MASK */
|
|
acl2->a_entries[2].e_tag = ACL_MASK;
|
|
acl2->a_entries[3] = acl->a_entries[2]; /* ACL_OTHER */
|
|
nfsacl_desc.acl = acl2;
|
|
}
|
|
err = xdr_encode_array2(buf, base + 4, &nfsacl_desc.desc);
|
|
if (!err)
|
|
err = 8 + nfsacl_desc.desc.elem_size *
|
|
nfsacl_desc.desc.array_len;
|
|
return err;
|
|
}
|
|
EXPORT_SYMBOL_GPL(nfsacl_encode);
|
|
|
|
/**
|
|
* nfs_stream_encode_acl - Encode an NFSv3 ACL
|
|
*
|
|
* @xdr: an xdr_stream positioned to receive an encoded ACL
|
|
* @inode: inode of file whose ACL this is
|
|
* @acl: posix_acl to encode
|
|
* @encode_entries: whether to encode ACEs as well
|
|
* @typeflag: ACL type: NFS_ACL_DEFAULT or zero
|
|
*
|
|
* Return values:
|
|
* %false: The ACL could not be encoded
|
|
* %true: @xdr is advanced to the next available position
|
|
*/
|
|
bool nfs_stream_encode_acl(struct xdr_stream *xdr, struct inode *inode,
|
|
struct posix_acl *acl, int encode_entries,
|
|
int typeflag)
|
|
{
|
|
const size_t elem_size = XDR_UNIT * 3;
|
|
u32 entries = (acl && acl->a_count) ? max_t(int, acl->a_count, 4) : 0;
|
|
struct nfsacl_encode_desc nfsacl_desc = {
|
|
.desc = {
|
|
.elem_size = elem_size,
|
|
.array_len = encode_entries ? entries : 0,
|
|
.xcode = xdr_nfsace_encode,
|
|
},
|
|
.acl = acl,
|
|
.typeflag = typeflag,
|
|
.uid = inode->i_uid,
|
|
.gid = inode->i_gid,
|
|
};
|
|
struct nfsacl_simple_acl aclbuf;
|
|
unsigned int base;
|
|
int err;
|
|
|
|
if (entries > NFS_ACL_MAX_ENTRIES)
|
|
return false;
|
|
if (xdr_stream_encode_u32(xdr, entries) < 0)
|
|
return false;
|
|
|
|
if (encode_entries && acl && acl->a_count == 3) {
|
|
struct posix_acl *acl2 =
|
|
container_of(&aclbuf.acl, struct posix_acl, hdr);
|
|
|
|
/* Avoid the use of posix_acl_alloc(). nfsacl_encode() is
|
|
* invoked in contexts where a memory allocation failure is
|
|
* fatal. Fortunately this fake ACL is small enough to
|
|
* construct on the stack. */
|
|
posix_acl_init(acl2, 4);
|
|
|
|
/* Insert entries in canonical order: other orders seem
|
|
to confuse Solaris VxFS. */
|
|
acl2->a_entries[0] = acl->a_entries[0]; /* ACL_USER_OBJ */
|
|
acl2->a_entries[1] = acl->a_entries[1]; /* ACL_GROUP_OBJ */
|
|
acl2->a_entries[2] = acl->a_entries[1]; /* ACL_MASK */
|
|
acl2->a_entries[2].e_tag = ACL_MASK;
|
|
acl2->a_entries[3] = acl->a_entries[2]; /* ACL_OTHER */
|
|
nfsacl_desc.acl = acl2;
|
|
}
|
|
|
|
base = xdr_stream_pos(xdr);
|
|
if (!xdr_reserve_space(xdr, XDR_UNIT +
|
|
elem_size * nfsacl_desc.desc.array_len))
|
|
return false;
|
|
err = xdr_encode_array2(xdr->buf, base, &nfsacl_desc.desc);
|
|
if (err)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
EXPORT_SYMBOL_GPL(nfs_stream_encode_acl);
|
|
|
|
|
|
struct nfsacl_decode_desc {
|
|
struct xdr_array2_desc desc;
|
|
unsigned int count;
|
|
struct posix_acl *acl;
|
|
};
|
|
|
|
static int
|
|
xdr_nfsace_decode(struct xdr_array2_desc *desc, void *elem)
|
|
{
|
|
struct nfsacl_decode_desc *nfsacl_desc =
|
|
(struct nfsacl_decode_desc *) desc;
|
|
__be32 *p = elem;
|
|
struct posix_acl_entry *entry;
|
|
unsigned int id;
|
|
|
|
if (!nfsacl_desc->acl) {
|
|
if (desc->array_len > NFS_ACL_MAX_ENTRIES)
|
|
return -EINVAL;
|
|
nfsacl_desc->acl = posix_acl_alloc(desc->array_len, GFP_KERNEL);
|
|
if (!nfsacl_desc->acl)
|
|
return -ENOMEM;
|
|
nfsacl_desc->count = 0;
|
|
}
|
|
|
|
entry = &nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
|
|
entry->e_tag = ntohl(*p++) & ~NFS_ACL_DEFAULT;
|
|
id = ntohl(*p++);
|
|
entry->e_perm = ntohl(*p++);
|
|
|
|
switch(entry->e_tag) {
|
|
case ACL_USER:
|
|
entry->e_uid = make_kuid(&init_user_ns, id);
|
|
if (!uid_valid(entry->e_uid))
|
|
return -EINVAL;
|
|
break;
|
|
case ACL_GROUP:
|
|
entry->e_gid = make_kgid(&init_user_ns, id);
|
|
if (!gid_valid(entry->e_gid))
|
|
return -EINVAL;
|
|
break;
|
|
case ACL_USER_OBJ:
|
|
case ACL_GROUP_OBJ:
|
|
case ACL_OTHER:
|
|
if (entry->e_perm & ~S_IRWXO)
|
|
return -EINVAL;
|
|
break;
|
|
case ACL_MASK:
|
|
/* Solaris sometimes sets additional bits in the mask */
|
|
entry->e_perm &= S_IRWXO;
|
|
break;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
cmp_acl_entry(const void *x, const void *y)
|
|
{
|
|
const struct posix_acl_entry *a = x, *b = y;
|
|
|
|
if (a->e_tag != b->e_tag)
|
|
return a->e_tag - b->e_tag;
|
|
else if ((a->e_tag == ACL_USER) && uid_gt(a->e_uid, b->e_uid))
|
|
return 1;
|
|
else if ((a->e_tag == ACL_USER) && uid_lt(a->e_uid, b->e_uid))
|
|
return -1;
|
|
else if ((a->e_tag == ACL_GROUP) && gid_gt(a->e_gid, b->e_gid))
|
|
return 1;
|
|
else if ((a->e_tag == ACL_GROUP) && gid_lt(a->e_gid, b->e_gid))
|
|
return -1;
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Convert from a Solaris ACL to a POSIX 1003.1e draft 17 ACL.
|
|
*/
|
|
static int
|
|
posix_acl_from_nfsacl(struct posix_acl *acl)
|
|
{
|
|
struct posix_acl_entry *pa, *pe,
|
|
*group_obj = NULL, *mask = NULL;
|
|
|
|
if (!acl)
|
|
return 0;
|
|
|
|
sort(acl->a_entries, acl->a_count, sizeof(struct posix_acl_entry),
|
|
cmp_acl_entry, NULL);
|
|
|
|
/* Find the ACL_GROUP_OBJ and ACL_MASK entries. */
|
|
FOREACH_ACL_ENTRY(pa, acl, pe) {
|
|
switch(pa->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
break;
|
|
case ACL_GROUP_OBJ:
|
|
group_obj = pa;
|
|
break;
|
|
case ACL_MASK:
|
|
mask = pa;
|
|
fallthrough;
|
|
case ACL_OTHER:
|
|
break;
|
|
}
|
|
}
|
|
if (acl->a_count == 4 && group_obj && mask &&
|
|
mask->e_perm == group_obj->e_perm) {
|
|
/* remove bogus ACL_MASK entry */
|
|
memmove(mask, mask+1, (3 - (mask - acl->a_entries)) *
|
|
sizeof(struct posix_acl_entry));
|
|
acl->a_count = 3;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* nfsacl_decode - Decode an NFSv3 ACL
|
|
*
|
|
* @buf: xdr_buf containing XDR'd ACL data to decode
|
|
* @base: byte offset in xdr_buf where XDR'd ACL begins
|
|
* @aclcnt: count of ACEs in decoded posix_acl
|
|
* @pacl: buffer in which to place decoded posix_acl
|
|
*
|
|
* Returns the length of the decoded ACL in bytes, or a negative errno value.
|
|
*/
|
|
int nfsacl_decode(struct xdr_buf *buf, unsigned int base, unsigned int *aclcnt,
|
|
struct posix_acl **pacl)
|
|
{
|
|
struct nfsacl_decode_desc nfsacl_desc = {
|
|
.desc = {
|
|
.elem_size = 12,
|
|
.xcode = pacl ? xdr_nfsace_decode : NULL,
|
|
},
|
|
};
|
|
u32 entries;
|
|
int err;
|
|
|
|
if (xdr_decode_word(buf, base, &entries) ||
|
|
entries > NFS_ACL_MAX_ENTRIES)
|
|
return -EINVAL;
|
|
nfsacl_desc.desc.array_maxlen = entries;
|
|
err = xdr_decode_array2(buf, base + 4, &nfsacl_desc.desc);
|
|
if (err)
|
|
return err;
|
|
if (pacl) {
|
|
if (entries != nfsacl_desc.desc.array_len ||
|
|
posix_acl_from_nfsacl(nfsacl_desc.acl) != 0) {
|
|
posix_acl_release(nfsacl_desc.acl);
|
|
return -EINVAL;
|
|
}
|
|
*pacl = nfsacl_desc.acl;
|
|
}
|
|
if (aclcnt)
|
|
*aclcnt = entries;
|
|
return 8 + nfsacl_desc.desc.elem_size *
|
|
nfsacl_desc.desc.array_len;
|
|
}
|
|
EXPORT_SYMBOL_GPL(nfsacl_decode);
|
|
|
|
/**
|
|
* nfs_stream_decode_acl - Decode an NFSv3 ACL
|
|
*
|
|
* @xdr: an xdr_stream positioned at an encoded ACL
|
|
* @aclcnt: OUT: count of ACEs in decoded posix_acl
|
|
* @pacl: OUT: a dynamically-allocated buffer containing the decoded posix_acl
|
|
*
|
|
* Return values:
|
|
* %false: The encoded ACL is not valid
|
|
* %true: @pacl contains a decoded ACL, and @xdr is advanced
|
|
*
|
|
* On a successful return, caller must release *pacl using posix_acl_release().
|
|
*/
|
|
bool nfs_stream_decode_acl(struct xdr_stream *xdr, unsigned int *aclcnt,
|
|
struct posix_acl **pacl)
|
|
{
|
|
const size_t elem_size = XDR_UNIT * 3;
|
|
struct nfsacl_decode_desc nfsacl_desc = {
|
|
.desc = {
|
|
.elem_size = elem_size,
|
|
.xcode = pacl ? xdr_nfsace_decode : NULL,
|
|
},
|
|
};
|
|
unsigned int base;
|
|
u32 entries;
|
|
|
|
if (xdr_stream_decode_u32(xdr, &entries) < 0)
|
|
return false;
|
|
if (entries > NFS_ACL_MAX_ENTRIES)
|
|
return false;
|
|
|
|
base = xdr_stream_pos(xdr);
|
|
if (!xdr_inline_decode(xdr, XDR_UNIT + elem_size * entries))
|
|
return false;
|
|
nfsacl_desc.desc.array_maxlen = entries;
|
|
if (xdr_decode_array2(xdr->buf, base, &nfsacl_desc.desc))
|
|
return false;
|
|
|
|
if (pacl) {
|
|
if (entries != nfsacl_desc.desc.array_len ||
|
|
posix_acl_from_nfsacl(nfsacl_desc.acl) != 0) {
|
|
posix_acl_release(nfsacl_desc.acl);
|
|
return false;
|
|
}
|
|
*pacl = nfsacl_desc.acl;
|
|
}
|
|
if (aclcnt)
|
|
*aclcnt = entries;
|
|
return true;
|
|
}
|
|
EXPORT_SYMBOL_GPL(nfs_stream_decode_acl);
|