From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeff Layton Subject: Re: [PATCH v23 20/22] vfs: Add richacl permission checking Date: Tue, 12 Jul 2016 08:13:54 -0400 Message-ID: <1468325634.7798.24.camel@redhat.com> References: <1467294433-3222-1-git-send-email-agruenba@redhat.com> <1467294433-3222-21-git-send-email-agruenba@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Christoph Hellwig , Theodore Ts'o , Andreas Dilger , "J. Bruce Fields" , Trond Myklebust , Anna Schumaker , Dave Chinner , linux-ext4@vger.kernel.org, xfs@oss.sgi.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-api@vger.kernel.org To: Andreas Gruenbacher , Alexander Viro Return-path: In-Reply-To: <1467294433-3222-21-git-send-email-agruenba@redhat.com> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-cifs.vger.kernel.org On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: > Hook the richacl permission checking function into the vfs. >=20 > Signed-off-by: Andreas Gruenbacher > --- > =C2=A0fs/namei.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++= +++++-- > =C2=A01 file changed, 52 insertions(+), 2 deletions(-) >=20 > diff --git a/fs/namei.c b/fs/namei.c > index 7a822d0..48c9958 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -34,6 +34,7 @@ > =C2=A0#include=20 > =C2=A0#include=20 > =C2=A0#include=20 > +#include=20 > =C2=A0#include=20 > =C2=A0#include=20 > =C2=A0#include=20 > @@ -256,7 +257,43 @@ void putname(struct filename *name) > =C2=A0 __putname(name); > =C2=A0} > =C2=A0 > -static int check_acl(struct inode *inode, int mask) > +static int check_richacl(struct inode *inode, int mask) > +{ > +#ifdef CONFIG_FS_RICHACL > + if (mask & MAY_NOT_BLOCK) { > + struct base_acl *base_acl; > + > + base_acl =3D rcu_dereference(inode->i_acl); > + if (!base_acl) > + goto no_acl; > + /* no ->get_richacl() calls in RCU mode... */ > + if (is_uncached_acl(base_acl)) > + return -ECHILD; > + return richacl_permission(inode, richacl(base_acl), > + =C2=A0=C2=A0mask & ~MAY_NOT_BLOCK); > + } else { > + struct richacl *acl; > + > + acl =3D get_richacl(inode); > + if (IS_ERR(acl)) > + return PTR_ERR(acl); > + if (acl) { > + int error =3D richacl_permission(inode, acl, mask); > + richacl_put(acl); > + return error; > + } > + } > +no_acl: > +#endif nit: Can you move the above to a static inline or something that become= s a noop when the config var is turned off? > + if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP | > + =C2=A0=C2=A0=C2=A0=C2=A0MAY_CHMOD | MAY_SET_TIMES)) { > + /* File permission bits cannot grant this. */ > + return -EACCES; > + } > + return -EAGAIN; > +} > + > +static int check_posix_acl(struct inode *inode, int mask) > =C2=A0{ > =C2=A0#ifdef CONFIG_FS_POSIX_ACL > =C2=A0 if (mask & MAY_NOT_BLOCK) { > @@ -294,11 +331,24 @@ static int acl_permission_check(struct inode *i= node, int mask) > =C2=A0{ > =C2=A0 unsigned int mode =3D inode->i_mode; > =C2=A0 > + /* > + =C2=A0* With POSIX ACLs, the (mode & S_IRWXU) bits exactly match th= e owner > + =C2=A0* permissions, and we can skip checking posix acls for the ow= ner. > + =C2=A0* With richacls, the owner may be granted fewer permissions t= han the > + =C2=A0* mode bits seem to suggest (for example, append but not writ= e), and > + =C2=A0* we always need to check the richacl. > + =C2=A0*/ > + > + if (IS_RICHACL(inode)) { > + int error =3D check_richacl(inode, mask); > + if (error !=3D -EAGAIN) > + return error; > + } > =C2=A0 if (likely(uid_eq(current_fsuid(), inode->i_uid))) > =C2=A0 mode >>=3D 6; > =C2=A0 else { > =C2=A0 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) { > - int error =3D check_acl(inode, mask); > + int error =3D check_posix_acl(inode, mask); > =C2=A0 if (error !=3D -EAGAIN) > =C2=A0 return error; > =C2=A0 } Looks fine other than the nit above: Reviewed-by: Jeff Layton -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel= " in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933180AbcGLMOE (ORCPT ); Tue, 12 Jul 2016 08:14:04 -0400 Received: from mail-qk0-f176.google.com ([209.85.220.176]:34582 "EHLO mail-qk0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932622AbcGLMOC (ORCPT ); Tue, 12 Jul 2016 08:14:02 -0400 Message-ID: <1468325634.7798.24.camel@redhat.com> Subject: Re: [PATCH v23 20/22] vfs: Add richacl permission checking From: Jeff Layton To: Andreas Gruenbacher , Alexander Viro Cc: Christoph Hellwig , "Theodore Ts'o" , Andreas Dilger , "J. Bruce Fields" , Trond Myklebust , Anna Schumaker , Dave Chinner , linux-ext4@vger.kernel.org, xfs@oss.sgi.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-api@vger.kernel.org Date: Tue, 12 Jul 2016 08:13:54 -0400 In-Reply-To: <1467294433-3222-21-git-send-email-agruenba@redhat.com> References: <1467294433-3222-1-git-send-email-agruenba@redhat.com> <1467294433-3222-21-git-send-email-agruenba@redhat.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.3 (3.20.3-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: > Hook the richacl permission checking function into the vfs. > > Signed-off-by: Andreas Gruenbacher > --- >  fs/namei.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- >  1 file changed, 52 insertions(+), 2 deletions(-) > > diff --git a/fs/namei.c b/fs/namei.c > index 7a822d0..48c9958 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -34,6 +34,7 @@ >  #include >  #include >  #include > +#include >  #include >  #include >  #include > @@ -256,7 +257,43 @@ void putname(struct filename *name) >   __putname(name); >  } >   > -static int check_acl(struct inode *inode, int mask) > +static int check_richacl(struct inode *inode, int mask) > +{ > +#ifdef CONFIG_FS_RICHACL > + if (mask & MAY_NOT_BLOCK) { > + struct base_acl *base_acl; > + > + base_acl = rcu_dereference(inode->i_acl); > + if (!base_acl) > + goto no_acl; > + /* no ->get_richacl() calls in RCU mode... */ > + if (is_uncached_acl(base_acl)) > + return -ECHILD; > + return richacl_permission(inode, richacl(base_acl), > +   mask & ~MAY_NOT_BLOCK); > + } else { > + struct richacl *acl; > + > + acl = get_richacl(inode); > + if (IS_ERR(acl)) > + return PTR_ERR(acl); > + if (acl) { > + int error = richacl_permission(inode, acl, mask); > + richacl_put(acl); > + return error; > + } > + } > +no_acl: > +#endif nit: Can you move the above to a static inline or something that becomes a noop when the config var is turned off? > + if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP | > +     MAY_CHMOD | MAY_SET_TIMES)) { > + /* File permission bits cannot grant this. */ > + return -EACCES; > + } > + return -EAGAIN; > +} > + > +static int check_posix_acl(struct inode *inode, int mask) >  { >  #ifdef CONFIG_FS_POSIX_ACL >   if (mask & MAY_NOT_BLOCK) { > @@ -294,11 +331,24 @@ static int acl_permission_check(struct inode *inode, int mask) >  { >   unsigned int mode = inode->i_mode; >   > + /* > +  * With POSIX ACLs, the (mode & S_IRWXU) bits exactly match the owner > +  * permissions, and we can skip checking posix acls for the owner. > +  * With richacls, the owner may be granted fewer permissions than the > +  * mode bits seem to suggest (for example, append but not write), and > +  * we always need to check the richacl. > +  */ > + > + if (IS_RICHACL(inode)) { > + int error = check_richacl(inode, mask); > + if (error != -EAGAIN) > + return error; > + } >   if (likely(uid_eq(current_fsuid(), inode->i_uid))) >   mode >>= 6; >   else { >   if (IS_POSIXACL(inode) && (mode & S_IRWXG)) { > - int error = check_acl(inode, mask); > + int error = check_posix_acl(inode, mask); >   if (error != -EAGAIN) >   return error; >   } Looks fine other than the nit above: Reviewed-by: Jeff Layton From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.sgi.com (relay2.corp.sgi.com [137.38.102.29]) by oss.sgi.com (Postfix) with ESMTP id 085507CB3 for ; Tue, 12 Jul 2016 07:13:59 -0500 (CDT) Received: from cuda.sgi.com (cuda2.sgi.com [192.48.176.25]) by relay2.corp.sgi.com (Postfix) with ESMTP id CE2FC304048 for ; Tue, 12 Jul 2016 05:13:58 -0700 (PDT) Received: from mail-qk0-f174.google.com (mail-qk0-f174.google.com [209.85.220.174]) by cuda.sgi.com with ESMTP id Vto4bHZ2f6wfdtox (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 12 Jul 2016 05:13:56 -0700 (PDT) Received: by mail-qk0-f174.google.com with SMTP id p74so11454607qka.0 for ; Tue, 12 Jul 2016 05:13:56 -0700 (PDT) Message-ID: <1468325634.7798.24.camel@redhat.com> Subject: Re: [PATCH v23 20/22] vfs: Add richacl permission checking From: Jeff Layton Date: Tue, 12 Jul 2016 08:13:54 -0400 In-Reply-To: <1467294433-3222-21-git-send-email-agruenba@redhat.com> References: <1467294433-3222-1-git-send-email-agruenba@redhat.com> <1467294433-3222-21-git-send-email-agruenba@redhat.com> Mime-Version: 1.0 List-Id: XFS Filesystem from SGI List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xfs-bounces@oss.sgi.com Sender: xfs-bounces@oss.sgi.com To: Andreas Gruenbacher , Alexander Viro Cc: "J. Bruce Fields" , linux-nfs@vger.kernel.org, Theodore Ts'o , linux-cifs@vger.kernel.org, linux-api@vger.kernel.org, Trond Myklebust , linux-kernel@vger.kernel.org, xfs@oss.sgi.com, Christoph Hellwig , Andreas Dilger , linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, Anna Schumaker T24gVGh1LCAyMDE2LTA2LTMwIGF0IDE1OjQ3ICswMjAwLCBBbmRyZWFzIEdydWVuYmFjaGVyIHdy b3RlOgo+IEhvb2sgdGhlIHJpY2hhY2wgcGVybWlzc2lvbiBjaGVja2luZyBmdW5jdGlvbiBpbnRv IHRoZSB2ZnMuCj4gCj4gU2lnbmVkLW9mZi1ieTogQW5kcmVhcyBHcnVlbmJhY2hlciA8YWdydWVu YmFAcmVkaGF0LmNvbT4KPiAtLS0KPiDCoGZzL25hbWVpLmMgfCA1NCArKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrLS0KPiDCoDEgZmlsZSBjaGFuZ2Vk LCA1MiBpbnNlcnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQo+IAo+IGRpZmYgLS1naXQgYS9mcy9u YW1laS5jIGIvZnMvbmFtZWkuYwo+IGluZGV4IDdhODIyZDAuLjQ4Yzk5NTggMTAwNjQ0Cj4gLS0t IGEvZnMvbmFtZWkuYwo+ICsrKyBiL2ZzL25hbWVpLmMKPiBAQCAtMzQsNiArMzQsNyBAQAo+IMKg I2luY2x1ZGUgCj4gwqAjaW5jbHVkZSAKPiDCoCNpbmNsdWRlIAo+ICsjaW5jbHVkZSAKPiDCoCNp bmNsdWRlIAo+IMKgI2luY2x1ZGUgCj4gwqAjaW5jbHVkZSAKPiBAQCAtMjU2LDcgKzI1Nyw0MyBA QCB2b2lkIHB1dG5hbWUoc3RydWN0IGZpbGVuYW1lICpuYW1lKQo+IMKgCQlfX3B1dG5hbWUobmFt ZSk7Cj4gwqB9Cj4gwqAKPiAtc3RhdGljIGludCBjaGVja19hY2woc3RydWN0IGlub2RlICppbm9k ZSwgaW50IG1hc2spCj4gK3N0YXRpYyBpbnQgY2hlY2tfcmljaGFjbChzdHJ1Y3QgaW5vZGUgKmlu b2RlLCBpbnQgbWFzaykKPiArewo+ICsjaWZkZWYgQ09ORklHX0ZTX1JJQ0hBQ0wKPiArCWlmICht YXNrICYgTUFZX05PVF9CTE9DSykgewo+ICsJCXN0cnVjdCBiYXNlX2FjbCAqYmFzZV9hY2w7Cj4g Kwo+ICsJCWJhc2VfYWNsID0gcmN1X2RlcmVmZXJlbmNlKGlub2RlLT5pX2FjbCk7Cj4gKwkJaWYg KCFiYXNlX2FjbCkKPiArCQkJZ290byBub19hY2w7Cj4gKwkJLyogbm8gLT5nZXRfcmljaGFjbCgp IGNhbGxzIGluIFJDVSBtb2RlLi4uICovCj4gKwkJaWYgKGlzX3VuY2FjaGVkX2FjbChiYXNlX2Fj bCkpCj4gKwkJCXJldHVybiAtRUNISUxEOwo+ICsJCXJldHVybiByaWNoYWNsX3Blcm1pc3Npb24o aW5vZGUsIHJpY2hhY2woYmFzZV9hY2wpLAo+ICsJCQkJCcKgwqBtYXNrICYgfk1BWV9OT1RfQkxP Q0spOwo+ICsJfSBlbHNlIHsKPiArCQlzdHJ1Y3QgcmljaGFjbCAqYWNsOwo+ICsKPiArCQlhY2wg PSBnZXRfcmljaGFjbChpbm9kZSk7Cj4gKwkJaWYgKElTX0VSUihhY2wpKQo+ICsJCQlyZXR1cm4g UFRSX0VSUihhY2wpOwo+ICsJCWlmIChhY2wpIHsKPiArCQkJaW50IGVycm9yID0gcmljaGFjbF9w ZXJtaXNzaW9uKGlub2RlLCBhY2wsIG1hc2spOwo+ICsJCQlyaWNoYWNsX3B1dChhY2wpOwo+ICsJ CQlyZXR1cm4gZXJyb3I7Cj4gKwkJfQo+ICsJfQo+ICtub19hY2w6Cj4gKyNlbmRpZgoKbml0OiBD YW4geW91IG1vdmUgdGhlIGFib3ZlIHRvIGEgc3RhdGljIGlubGluZSBvciBzb21ldGhpbmcgdGhh dCBiZWNvbWVzIGEgbm9vcCB3aGVuIHRoZSBjb25maWcgdmFyIGlzIHR1cm5lZCBvZmY/Cgo+ICsJ aWYgKG1hc2sgJiAoTUFZX0RFTEVURV9TRUxGIHwgTUFZX1RBS0VfT1dORVJTSElQIHwKPiArCQnC oMKgwqDCoE1BWV9DSE1PRCB8IE1BWV9TRVRfVElNRVMpKSB7Cj4gKwkJLyogRmlsZSBwZXJtaXNz aW9uIGJpdHMgY2Fubm90IGdyYW50IHRoaXMuICovCj4gKwkJcmV0dXJuIC1FQUNDRVM7Cj4gKwl9 Cj4gKwlyZXR1cm4gLUVBR0FJTjsKPiArfQo+ICsKPiArc3RhdGljIGludCBjaGVja19wb3NpeF9h Y2woc3RydWN0IGlub2RlICppbm9kZSwgaW50IG1hc2spCj4gwqB7Cj4gwqAjaWZkZWYgQ09ORklH X0ZTX1BPU0lYX0FDTAo+IMKgCWlmIChtYXNrICYgTUFZX05PVF9CTE9DSykgewo+IEBAIC0yOTQs MTEgKzMzMSwyNCBAQCBzdGF0aWMgaW50IGFjbF9wZXJtaXNzaW9uX2NoZWNrKHN0cnVjdCBpbm9k ZSAqaW5vZGUsIGludCBtYXNrKQo+IMKgewo+IMKgCXVuc2lnbmVkIGludCBtb2RlID0gaW5vZGUt PmlfbW9kZTsKPiDCoAo+ICsJLyoKPiArCcKgKiBXaXRoIFBPU0lYIEFDTHMsIHRoZSAobW9kZSAm IFNfSVJXWFUpIGJpdHMgZXhhY3RseSBtYXRjaCB0aGUgb3duZXIKPiArCcKgKiBwZXJtaXNzaW9u cywgYW5kIHdlIGNhbiBza2lwIGNoZWNraW5nIHBvc2l4IGFjbHMgZm9yIHRoZSBvd25lci4KPiAr CcKgKiBXaXRoIHJpY2hhY2xzLCB0aGUgb3duZXIgbWF5IGJlIGdyYW50ZWQgZmV3ZXIgcGVybWlz c2lvbnMgdGhhbiB0aGUKPiArCcKgKiBtb2RlIGJpdHMgc2VlbSB0byBzdWdnZXN0IChmb3IgZXhh bXBsZSwgYXBwZW5kIGJ1dCBub3Qgd3JpdGUpLCBhbmQKPiArCcKgKiB3ZSBhbHdheXMgbmVlZCB0 byBjaGVjayB0aGUgcmljaGFjbC4KPiArCcKgKi8KPiArCj4gKwlpZiAoSVNfUklDSEFDTChpbm9k ZSkpIHsKPiArCQlpbnQgZXJyb3IgPSBjaGVja19yaWNoYWNsKGlub2RlLCBtYXNrKTsKPiArCQlp ZiAoZXJyb3IgIT0gLUVBR0FJTikKPiArCQkJcmV0dXJuIGVycm9yOwo+ICsJfQo+IMKgCWlmIChs aWtlbHkodWlkX2VxKGN1cnJlbnRfZnN1aWQoKSwgaW5vZGUtPmlfdWlkKSkpCj4gwqAJCW1vZGUg Pj49IDY7Cj4gwqAJZWxzZSB7Cj4gwqAJCWlmIChJU19QT1NJWEFDTChpbm9kZSkgJiYgKG1vZGUg JiBTX0lSV1hHKSkgewo+IC0JCQlpbnQgZXJyb3IgPSBjaGVja19hY2woaW5vZGUsIG1hc2spOwo+ ICsJCQlpbnQgZXJyb3IgPSBjaGVja19wb3NpeF9hY2woaW5vZGUsIG1hc2spOwo+IMKgCQkJaWYg KGVycm9yICE9IC1FQUdBSU4pCj4gwqAJCQkJcmV0dXJuIGVycm9yOwo+IMKgCQl9CgpMb29rcyBm aW5lIG90aGVyIHRoYW4gdGhlIG5pdCBhYm92ZToKClJldmlld2VkLWJ5OiBKZWZmIExheXRvbiA8 amxheXRvbkByZWRoYXQuY29tPgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18KeGZzIG1haWxpbmcgbGlzdAp4ZnNAb3NzLnNnaS5jb20KaHR0cDovL29zcy5z Z2kuY29tL21haWxtYW4vbGlzdGluZm8veGZzCg==