Received: by 2002:ab2:620c:0:b0:1ef:ffd0:ce49 with SMTP id o12csp985843lqt; Tue, 19 Mar 2024 09:24:48 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV+4lX6pzReQTwilPJRSczws7YvchUEadb6QwBgQt6H8XcSovPj6GsDIbqmtFIxaGG2wj9O6ae3IE9DsJuaOX13bS09ALG/oO/KgACSdQ== X-Google-Smtp-Source: AGHT+IEMB3GlHGLO4dH19SNuu8hak7X7N7PviFMQTKd9z8p+BoWi4kKTu88tGex3K0wITZ94COXq X-Received: by 2002:a05:6402:1f8c:b0:566:1794:7b2 with SMTP id c12-20020a0564021f8c00b00566179407b2mr11423290edc.13.1710865487904; Tue, 19 Mar 2024 09:24:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710865487; cv=pass; d=google.com; s=arc-20160816; b=Y4f4QqjqHQaxR3ysY6kfm0lw49mcKwcoXfwRm68LHzsLX9eoJq57wxEY99HOaaIwLB l8IK+yhG/bHxSGdefz+QCml9IQxX7HgFuPcadr6epcix28dR/amek10/q1yp0gnq1Vwy Yd4Qi+zb3LFdFjIujj6E+QOMTNt/WrmHvqKDIV7UPkvttBo5DTK4AtT7ATuxXFElbnnB Zx15unv0Y8Arh3LC2fAgRsQAknnoXaF3qdc+OWe2Qx2qxk7eqwJkdoqFHdyt0qzcnK/8 gfIUBj5gPlUVZfHPeZR+QxACei4B+OG7UfCZZwYUYy/W11GjQI89p6kSV1WdxKVLnov8 /sCg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=5KdXTKZfLJq5Tek09/CjSR8axV0GkYiX5uxEdsJOoFE=; fh=k/ntoYyfhVXlJ6dO7vhvqOSVlhGJ2dvIyOJFv53VJIU=; b=jNCotPc/rdBcbC4a4F/vyfBVS0lATnyglGFNLI+mG0aovejqWor/JhGvjYgUfpz2Rt 9hf3tTDjYktns+LgALiPILtK/qcfJRFr99XkrxiXyGUurY7hQCe5yrw0h8j0JLKMI9VR fQMRUY6DpZVALmBzUrV69UcxV5NFVwRpHIxc7NDK8NatRJgc/oPnM+mWFkcWhW3DN/l5 MQtQerT/qCfz34Oe7JAcfroJ+qEhNDtdNQwIW8E+XomJmy8L0oPfkEQEKG9A9fOYplUN d/n0mIh0ewbomyOdrPYasTbcPZDhjwzXBFBdVXnMwDB09IWVHtqHq1DwK1J0y5o70JzJ +DnQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-107821-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-107821-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id j17-20020a05640211d100b0056b9c42d505si562493edw.478.2024.03.19.09.24.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Mar 2024 09:24:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-107821-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-107821-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-107821-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 728171F248B2 for ; Tue, 19 Mar 2024 16:24:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1BC8B83CAF; Tue, 19 Mar 2024 16:17:02 +0000 (UTC) Received: from szxga06-in.huawei.com (szxga06-in.huawei.com [45.249.212.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D5C483A02 for ; Tue, 19 Mar 2024 16:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.32 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865021; cv=none; b=K0PBXeHrvcUzVTjO8sbX4khqjsd1GMnCerv15g+6JmPUpUlMNE0NWLg4NhjNqpvn8if0h+bh3MELP+GaWMYkgQChKgmZpqF/XqsNkdVArum0Lge3AyaHTpLUsmzElLqGSI7e20RfFBSnENtaflukYVQ61VeJOqHy97kFh8AIErU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865021; c=relaxed/simple; bh=mpCI3oCjVwl2nFUvst8LdRaWyCFJGjR1hr3Sv0nZaHg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=O30DRs+QboF081VmAdf7YDtrj4AEnz88nHk3C7QBkgec3xSSDTPvCiEiumCkC0NTlpni34gRNBQ8H44RP1lNxyANTR0B1aS/xRXrR0x9wGjasWPrrPXuygok9iplyWGBEQjcYR3EMVu7maFXmvGCdrQd8jux1eC0DQFfmG27krE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.88.214]) by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4TzcKP4vPTz1vx43; Wed, 20 Mar 2024 00:16:09 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id 9B0931A016C; Wed, 20 Mar 2024 00:16:55 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 20 Mar 2024 00:16:55 +0800 From: Li Zetao To: , CC: , , Subject: [RFC PATCH 1/5] ubifs: Implement POSIX Access Control Lists (ACLs) Date: Wed, 20 Mar 2024 00:16:42 +0800 Message-ID: <20240319161646.2153867-2-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240319161646.2153867-1-lizetao1@huawei.com> References: <20240319161646.2153867-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemd500012.china.huawei.com (7.221.188.25) Implement the ACLs feature for ubifs based on vfs Posix ACLs, details as follows: * Initialize acl for newly created inode. * Provides get/set interface to access ACLs. ACLs feature relies on xattr implementation which using specific key names "system.posix_acl_default" and "system.posix_acl_access". Now Only the v2 version of POSIX ACLs is supported, and ubifs does not need to customize the storage format, which can simplify the implementation. Signed-off-by: Li Zetao --- fs/ubifs/acl.c | 140 +++++++++++++++++++++++++++++++++++++++++++++++ fs/ubifs/ubifs.h | 13 +++++ fs/ubifs/xattr.c | 1 - 3 files changed, 153 insertions(+), 1 deletion(-) create mode 100644 fs/ubifs/acl.c diff --git a/fs/ubifs/acl.c b/fs/ubifs/acl.c new file mode 100644 index 000000000000..253568baf097 --- /dev/null +++ b/fs/ubifs/acl.c @@ -0,0 +1,140 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This file is part of UBIFS. + * + * Copyright (C) 2024 Huawei Tech. Co., Ltd. + * + * Authors: Li Zetao + */ + +/* This file implements POSIX Access Control Lists (ACLs) */ + +#include "ubifs.h" + +#include + +struct posix_acl *ubifs_get_inode_acl(struct inode *inode, int type, bool rcu) +{ + char *xattr_value = NULL; + const char *xattr_name; + struct posix_acl *acl; + ssize_t size; + + if (rcu) + return ERR_PTR(-ECHILD); + + xattr_name = posix_acl_xattr_name(type); + if (unlikely(!strcmp(xattr_name, ""))) + return ERR_PTR(-EINVAL); + + size = ubifs_xattr_get(inode, xattr_name, NULL, 0); + if (size > 0) { + xattr_value = kzalloc(size, GFP_KERNEL); + if (unlikely(!xattr_value)) + return ERR_PTR(-ENOMEM); + + size = ubifs_xattr_get(inode, xattr_name, xattr_value, size); + } + + if (size > 0) + acl = posix_acl_from_xattr(&init_user_ns, xattr_value, size); + else if (size == -ENODATA || size == 0) + acl = NULL; + else + acl = ERR_PTR(size); + + kfree(xattr_value); + + return acl; +} + +static int __ubifs_set_acl(struct inode *inode, int type, struct posix_acl *acl, int flags) +{ + void *xattr_value = NULL; + const char *xattr_name; + size_t size = 0; + int error; + + xattr_name = posix_acl_xattr_name(type); + if (unlikely(!strcmp(xattr_name, ""))) + return -EINVAL; + + if (unlikely(!strcmp(xattr_name, XATTR_NAME_POSIX_ACL_DEFAULT) && !S_ISDIR(inode->i_mode))) + return acl ? -EACCES : 0; + + if (acl) { + size = posix_acl_xattr_size(acl->a_count); + xattr_value = kmalloc(size, GFP_KERNEL); + if (unlikely(!xattr_value)) + return -ENOMEM; + + error = posix_acl_to_xattr(&init_user_ns, acl, xattr_value, size); + if (unlikely(error < 0)) + goto out; + } + + error = ubifs_xattr_set(inode, xattr_name, xattr_value, size, flags, false); + if (likely(!error)) + set_cached_acl(inode, type, acl); +out: + kfree(xattr_value); + return error; +} + +int ubifs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, struct posix_acl *acl, int type) +{ + struct inode *inode = d_inode(dentry); + umode_t old_mode = inode->i_mode; + int error; + + if (type == ACL_TYPE_ACCESS && acl) { + error = posix_acl_update_mode(idmap, inode, &inode->i_mode, &acl); + if (unlikely(error)) + return error; + } + + error = __ubifs_set_acl(inode, type, acl, 0); + if (unlikely(error)) + inode->i_mode = old_mode; + + return error; + +} + +/** + * ubifs_init_acl - initialize the ACLs for a new inode. + * @inode: newly created inode + * @dir: parent directory inode + * + * This function initialize ACLs, including inheriting the + * default ACLs of parent directory or modifying the default + * ACLs according to the mode parameter in open() / creat() + * system calls. + */ +int ubifs_init_acl(struct inode *inode, struct inode *dir) +{ + struct posix_acl *default_acl; + struct posix_acl *acl; + int error; + + error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); + if (unlikely(error)) + return error; + + if (default_acl) { + error = __ubifs_set_acl(inode, ACL_TYPE_DEFAULT, default_acl, XATTR_CREATE); + posix_acl_release(default_acl); + } else { + inode->i_default_acl = NULL; + } + + if (acl) { + if (likely(!error)) + error = __ubifs_set_acl(inode, ACL_TYPE_ACCESS, acl, XATTR_CREATE); + posix_acl_release(acl); + } else { + inode->i_acl = NULL; + } + + return error; +} diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index 3916dc4f30ca..b0d3b076290d 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -2069,6 +2069,19 @@ static inline int ubifs_init_security(struct inode *dentry, } #endif +#ifdef CONFIG_UBIFS_FS_POSIX_ACL +struct posix_acl *ubifs_get_inode_acl(struct inode *inode, int type, bool rcu); +int ubifs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, struct posix_acl *acl, int type); +int ubifs_init_acl(struct inode *inode, struct inode *dir); + +#else /* CONFIG_UBIFS_FS_POSIX_ACL */ +#define ubifs_get_inode_acl NULL +#define ubifs_set_acl NULL +static inline int ubifs_init_acl(struct inode *inode, struct inode *dir) +{ + return 0; +} +#endif /* CONFIG_UBIFS_FS_POSIX_ACL */ /* super.c */ struct inode *ubifs_iget(struct super_block *sb, unsigned long inum); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 0847db521984..eb1c1f5d10df 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -40,7 +40,6 @@ * in the VFS inode cache. The xentries are cached in the LNC cache (see * tnc.c). * - * ACL support is not implemented. */ #include "ubifs.h" -- 2.34.1