From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from zeniv.linux.org.uk ([195.92.253.2]:45376 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725970AbeJMLPn (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Sat, 13 Oct 2018 07:15:43 -0400
Date: Sat, 13 Oct 2018 04:40:11 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Andreas Dilger <adilger@dilger.ca>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: Fwd: posix_acl_permission() and MAY_* flags
Message-ID: <20181013034010.GK32577@ZenIV.linux.org.uk>
References: <1254FD78-8392-4B97-A191-EDA01B719635@whamcloud.com>
 <ADCDD815-9330-4BF2-B3BB-67F7AA223098@dilger.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ADCDD815-9330-4BF2-B3BB-67F7AA223098@dilger.ca>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Thu, Oct 11, 2018 at 06:43:57PM -0600, Andreas Dilger wrote:
> I was looking at POSIX ACL on-disk and in-memory code and it looks like
> there is a subtle dependency between the on-disk format and what (IMHO)
> would be considered in-memory declarations.
> 
> When a POSIX ACL is read from disk, posix_acl_from_mode() copies the file
> mode (S_I[RWX][UGO]) into the e_perm fields of the ACL default entries.
> Similarly, in posix_acl_equiv_mode() and posix_acl_create_masq() it uses
> S_IRWXO to mask the e_perm flags.
> 
> However, later on in posix_acl_permission() it directly uses the "want"
> flag contains MAY_{READ,WRITE,EXEC} flags and compares those to e_perm of
> each ACL entry.
> 
> In posix_acl_valid() it compares e_perm with ACL_{READ,WRITE,EXECUTE}.
> 
> While the MAY_[RWX] and ACL_[RWX] currently have the same value as
> S_I[RWX]OTH, it isn't very clear that these flags MUST all have the same
> values or POSIX ACLs will break.
> 
> This definitely doesn't seem quite right.  Are the ACL_* constants the
> values to be used, with "conversion" in between the flags/modes?  Should
> there be a BUILD_BUG_ON() that trips if those values ever differ?

Encoding of rwx bits is pretty much cast in stone - they go all way back
to v1 (if not to PDP7 times) and I can't imagine any Unix variant that
would have them not in the same order.  MAY_... is tied to those and
so are the bits in ->e_perm.

IOW, all of those are in practice immutable - too closely tied to on-disk
data structures in a lot of filesystems *and* to any number of userland
programs using explicit octal values for mkdir(), etc. arguments.

Symbolic constants != can realistically be redefined...