From: Aneesh Kumar K.V Date: Fri, 11 Jun 2010 16:12:52 +0530 Subject: [PATCH 16/16] ext4: Implement richacl support in ext4 Patch-mainline: not yet Support the richacl permission model in ext4. The richacls are stored in "system.richacl" xattrs. Signed-off-by: Aneesh Kumar K.V Signed-off-by: Andreas Gruenbacher --- fs/ext4/Kconfig | 10 + fs/ext4/Makefile | 1 fs/ext4/ext4.h | 4 fs/ext4/file.c | 4 fs/ext4/ialloc.c | 7 + fs/ext4/inode.c | 19 ++- fs/ext4/namei.c | 7 + fs/ext4/richacl.c | 293 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/ext4/richacl.h | 56 ++++++++++ fs/ext4/super.c | 45 ++++++-- fs/ext4/xattr.c | 6 + fs/ext4/xattr.h | 5 12 files changed, 441 insertions(+), 16 deletions(-) create mode 100644 fs/ext4/richacl.c create mode 100644 fs/ext4/richacl.h --- a/fs/ext4/Kconfig +++ b/fs/ext4/Kconfig @@ -83,3 +83,13 @@ config EXT4_DEBUG If you select Y here, then you will be able to turn on debugging with a command such as "echo 1 > /sys/kernel/debug/ext4/mballoc-debug" + +config EXT4_FS_RICHACL + bool "Ext4 Rich Access Control Lists (EXPERIMENTAL)" + depends on EXT4_FS_XATTR && EXPERIMENTAL + select FS_RICHACL + help + Rich ACLs are an implementation of NFSv4 ACLs, extended by file masks + to fit into the standard POSIX file permission model. They are + designed to work seamlessly locally as well as across the NFSv4 and + CIFS/SMB2 network file system protocols. --- a/fs/ext4/Makefile +++ b/fs/ext4/Makefile @@ -11,3 +11,4 @@ ext4-y := balloc.o bitmap.o dir.o file.o ext4-$(CONFIG_EXT4_FS_XATTR) += xattr.o xattr_user.o xattr_trusted.o ext4-$(CONFIG_EXT4_FS_POSIX_ACL) += acl.o ext4-$(CONFIG_EXT4_FS_SECURITY) += xattr_security.o +ext4-$(CONFIG_EXT4_FS_RICHACL) += richacl.o --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -841,6 +841,10 @@ struct ext4_inode_info { */ tid_t i_sync_tid; tid_t i_datasync_tid; +#ifdef CONFIG_EXT4_FS_RICHACL + struct richacl *i_richacl; +#endif + }; /* --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -28,6 +28,7 @@ #include "ext4_jbd2.h" #include "xattr.h" #include "acl.h" +#include "richacl.h" /* * Called when an inode is released. Note that this is different @@ -161,5 +162,8 @@ const struct inode_operations ext4_file_ #endif .check_acl = ext4_check_acl, .fiemap = ext4_fiemap, + .permission = ext4_permission, + .may_create = ext4_may_create, + .may_delete = ext4_may_delete, }; --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -28,6 +28,7 @@ #include "ext4_jbd2.h" #include "xattr.h" #include "acl.h" +#include "richacl.h" #include @@ -1023,7 +1024,11 @@ got: if (err) goto fail_drop; - err = ext4_init_acl(handle, inode, dir); + if (EXT4_IS_RICHACL(dir)) + err = ext4_init_richacl(handle, inode, dir); + else + err = ext4_init_acl(handle, inode, dir); + if (err) goto fail_free_drop; --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -45,6 +45,7 @@ #include "xattr.h" #include "acl.h" #include "ext4_extents.h" +#include "richacl.h" #include @@ -5041,6 +5042,9 @@ struct inode *ext4_iget(struct super_blo inode->i_nlink = le16_to_cpu(raw_inode->i_links_count); ext4_clear_state_flags(ei); /* Only relevant on 32-bit archs */ +#ifdef CONFIG_EXT4_FS_RICHACL + ei->i_richacl = EXT4_RICHACL_NOT_CACHED; +#endif ei->i_dir_start_lookup = 0; ei->i_dtime = le32_to_cpu(raw_inode->i_dtime); /* We now have enough fields to check if the inode was active or not. @@ -5466,7 +5470,11 @@ int ext4_setattr(struct dentry *dentry, int orphan = 0; const unsigned int ia_valid = attr->ia_valid; - error = inode_change_ok(inode, attr); + if (EXT4_IS_RICHACL(inode)) + error = richacl_inode_change_ok(inode, attr, + ext4_richacl_permission); + else + error = inode_change_ok(inode, attr); if (error) return error; @@ -5563,9 +5571,12 @@ int ext4_setattr(struct dentry *dentry, if (orphan && inode->i_nlink) ext4_orphan_del(NULL, inode); - if (!rc && (ia_valid & ATTR_MODE)) - rc = ext4_acl_chmod(inode); - + if (!rc && (ia_valid & ATTR_MODE)) { + if (EXT4_IS_RICHACL(inode)) + rc = ext4_richacl_chmod(inode); + else + rc = ext4_acl_chmod(inode); + } err_out: ext4_std_error(inode->i_sb, error); if (!error) --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -39,6 +39,7 @@ #include "xattr.h" #include "acl.h" +#include "richacl.h" /* * define how far ahead to read directories while searching them. @@ -2522,6 +2523,9 @@ const struct inode_operations ext4_dir_i #endif .check_acl = ext4_check_acl, .fiemap = ext4_fiemap, + .permission = ext4_permission, + .may_create = ext4_may_create, + .may_delete = ext4_may_delete, }; const struct inode_operations ext4_special_inode_operations = { @@ -2533,4 +2537,7 @@ const struct inode_operations ext4_speci .removexattr = generic_removexattr, #endif .check_acl = ext4_check_acl, + .permission = ext4_permission, + .may_create = ext4_may_create, + .may_delete = ext4_may_delete, }; --- /dev/null +++ b/fs/ext4/richacl.c @@ -0,0 +1,293 @@ +/* + * Copyright IBM Corporation, 2010 + * Author Aneesh Kumar K.V + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#include +#include +#include + +#include "ext4.h" +#include "ext4_jbd2.h" +#include "xattr.h" +#include "acl.h" +#include "richacl.h" + +static inline struct richacl * +ext4_iget_richacl(struct inode *inode) +{ + struct richacl *acl = EXT4_RICHACL_NOT_CACHED; + struct ext4_inode_info *ei = EXT4_I(inode); + + spin_lock(&inode->i_lock); + if (ei->i_richacl != EXT4_RICHACL_NOT_CACHED) + acl = richacl_get(ei->i_richacl); + spin_unlock(&inode->i_lock); + + return acl; +} + +static inline void +ext4_iset_richacl(struct inode *inode, struct richacl *acl) +{ + struct ext4_inode_info *ei = EXT4_I(inode); + + spin_lock(&inode->i_lock); + if (ei->i_richacl != EXT4_RICHACL_NOT_CACHED) + richacl_put(ei->i_richacl); + ei->i_richacl = richacl_get(acl); + spin_unlock(&inode->i_lock); +} + +static struct richacl * +ext4_get_richacl(struct inode *inode) +{ + const int name_index = EXT4_XATTR_INDEX_RICHACL; + void *value = NULL; + struct richacl *acl; + int retval; + + if (!IS_RICHACL(inode)) + return ERR_PTR(-EOPNOTSUPP); + acl = ext4_iget_richacl(inode); + if (acl != EXT4_RICHACL_NOT_CACHED) + return acl; + retval = ext4_xattr_get(inode, name_index, "", NULL, 0); + if (retval > 0) { + value = kmalloc(retval, GFP_KERNEL); + if (!value) + return ERR_PTR(-ENOMEM); + retval = ext4_xattr_get(inode, name_index, "", value, retval); + } + if (retval > 0) { + acl = richacl_from_xattr(value, retval); + if (acl == ERR_PTR(-EINVAL)) + acl = ERR_PTR(-EIO); + } else if (retval == -ENODATA || retval == -ENOSYS) + acl = NULL; + else + acl = ERR_PTR(retval); + kfree(value); + + if (!IS_ERR_OR_NULL(acl)) + ext4_iset_richacl(inode, acl); + + return acl; +} + +static int +ext4_set_richacl(handle_t *handle, struct inode *inode, struct richacl *acl) +{ + const int name_index = EXT4_XATTR_INDEX_RICHACL; + size_t size = 0; + void *value = NULL; + int retval; + + if (acl) { + mode_t mode = inode->i_mode; + if (richacl_equiv_mode(acl, &mode) == 0) { + inode->i_mode = mode; + ext4_mark_inode_dirty(handle, inode); + acl = NULL; + } + } + if (acl) { + size = richacl_xattr_size(acl); + value = kmalloc(size, GFP_KERNEL); + if (!value) + return -ENOMEM; + richacl_to_xattr(acl, value); + } + if (handle) + retval = ext4_xattr_set_handle(handle, inode, name_index, "", + value, size, 0); + else + retval = ext4_xattr_set(inode, name_index, "", value, size, 0); + kfree(value); + if (!retval) + ext4_iset_richacl(inode, acl); + + return retval; +} + +int +ext4_richacl_permission(struct inode *inode, unsigned int mask) +{ + struct richacl *acl; + int retval; + + if (!IS_RICHACL(inode)) + BUG(); + + acl = ext4_get_richacl(inode); + if (acl && IS_ERR(acl)) + retval = PTR_ERR(acl); + else { + retval = richacl_inode_permission(inode, acl, mask); + richacl_put(acl); + } + + return retval; +} + +int ext4_permission(struct inode *inode, int mask) +{ + if (IS_RICHACL(inode)) + return ext4_richacl_permission(inode, + richacl_want_to_mask(mask)); + else + return generic_permission(inode, mask, ext4_check_acl); +} + +int ext4_may_create(struct inode *dir, int isdir) +{ + return richacl_may_create(dir, isdir, ext4_richacl_permission); +} + +int ext4_may_delete(struct inode *dir, struct inode *inode, int replace) +{ + return richacl_may_delete(dir, inode, replace, ext4_richacl_permission); +} + +int +ext4_init_richacl(handle_t *handle, struct inode *inode, struct inode *dir) +{ + struct richacl *dir_acl = NULL; + + if (!S_ISLNK(inode->i_mode)) { + dir_acl = ext4_get_richacl(dir); + if (IS_ERR(dir_acl)) + return PTR_ERR(dir_acl); + } + if (dir_acl) { + struct richacl *acl; + int retval; + + acl = richacl_inherit(dir_acl, inode); + richacl_put(dir_acl); + + retval = PTR_ERR(acl); + if (acl && !IS_ERR(acl)) { + retval = ext4_set_richacl(handle, inode, acl); + richacl_put(acl); + } + return retval; + } else { + inode->i_mode &= ~current_umask(); + return 0; + } +} + +int +ext4_richacl_chmod(struct inode *inode) +{ + struct richacl *acl; + int retval; + + if (S_ISLNK(inode->i_mode)) + return -EOPNOTSUPP; + acl = ext4_get_richacl(inode); + if (IS_ERR_OR_NULL(acl)) + return PTR_ERR(acl); + acl = richacl_chmod(acl, inode->i_mode); + if (IS_ERR(acl)) + return PTR_ERR(acl); + retval = ext4_set_richacl(NULL, inode, acl); + richacl_put(acl); + + return retval; +} + +static size_t +ext4_xattr_list_richacl(struct dentry *dentry, char *list, size_t list_len, + const char *name, size_t name_len, int type) +{ + const size_t size = sizeof(RICHACL_XATTR); + if (!IS_RICHACL(dentry->d_inode)) + return 0; + if (list && size <= list_len) + memcpy(list, RICHACL_XATTR, size); + return size; +} + +static int +ext4_xattr_get_richacl(struct dentry *dentry, const char *name, void *buffer, + size_t buffer_size, int type) +{ + struct richacl *acl; + size_t size; + + if (strcmp(name, "") != 0) + return -EINVAL; + acl = ext4_get_richacl(dentry->d_inode); + if (IS_ERR(acl)) + return PTR_ERR(acl); + if (acl == NULL) + return -ENODATA; + size = richacl_xattr_size(acl); + if (buffer) { + if (size > buffer_size) + return -ERANGE; + richacl_to_xattr(acl, buffer); + } + richacl_put(acl); + + return size; +} + +static int +ext4_xattr_set_richacl(struct dentry *dentry, const char *name, + const void *value, size_t size, int flags, int type) +{ + handle_t *handle; + struct richacl *acl = NULL; + int retval, retries = 0; + struct inode *inode = dentry->d_inode; + + if (!IS_RICHACL(dentry->d_inode)) + return -EOPNOTSUPP; + if (S_ISLNK(inode->i_mode)) + return -EOPNOTSUPP; + if (strcmp(name, "") != 0) + return -EINVAL; + if (current_fsuid() != inode->i_uid && + ext4_richacl_permission(inode, ACE4_WRITE_ACL) && + !capable(CAP_FOWNER)) + return -EPERM; + if (value) { + acl = richacl_from_xattr(value, size); + if (IS_ERR(acl)) + return PTR_ERR(acl); + + inode->i_mode &= ~S_IRWXUGO; + inode->i_mode |= richacl_masks_to_mode(acl); + } + +retry: + handle = ext4_journal_start(inode, EXT4_DATA_TRANS_BLOCKS(inode->i_sb)); + if (IS_ERR(handle)) + return PTR_ERR(handle); + ext4_mark_inode_dirty(handle, inode); + retval = ext4_set_richacl(handle, inode, acl); + ext4_journal_stop(handle); + if (retval == ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) + goto retry; + richacl_put(acl); + return retval; +} + +const struct xattr_handler ext4_richacl_xattr_handler = { + .prefix = RICHACL_XATTR, + .list = ext4_xattr_list_richacl, + .get = ext4_xattr_get_richacl, + .set = ext4_xattr_set_richacl, +}; --- /dev/null +++ b/fs/ext4/richacl.h @@ -0,0 +1,56 @@ +/* + * Copyright IBM Corporation, 2010 + * Author Aneesh Kumar K.V + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#ifndef __FS_EXT4_RICHACL_H +#define __FS_EXT4_RICHACL_H + +#include + +#ifdef CONFIG_EXT4_FS_RICHACL + +# define EXT4_IS_RICHACL(inode) IS_RICHACL(inode) + +/* Value for i_richacl if RICHACL has not been cached */ +# define EXT4_RICHACL_NOT_CACHED ((void *)-1) + +extern int ext4_permission(struct inode *, int); +extern int ext4_richacl_permission(struct inode *, unsigned int); +extern int ext4_may_create(struct inode *, int); +extern int ext4_may_delete(struct inode *, struct inode *, int); +extern int ext4_init_richacl(handle_t *, struct inode *, struct inode *); +extern int ext4_richacl_chmod(struct inode *); + +#else /* CONFIG_FS_EXT4_RICHACL */ + +# define EXT4_IS_RICHACL(inode) (0) + +# define ext4_permission NULL +# define ext4_may_create NULL +# define ext4_may_delete NULL +# define ext4_richacl_permission NULL + +static inline int +ext4_init_richacl(handle_t *handle, struct inode *inode, struct inode *dir) +{ + return 0; +} + +static inline int +ext4_richacl_chmod(struct inode *inode) +{ + return 0; +} + +#endif /* CONFIG_FS_EXT4_RICHACL */ +#endif /* __FS_EXT4_RICHACL_H */ --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -46,6 +46,7 @@ #include "xattr.h" #include "acl.h" #include "mballoc.h" +#include "richacl.h" #define CREATE_TRACE_POINTS #include @@ -795,7 +796,9 @@ static struct inode *ext4_alloc_inode(st ei = kmem_cache_alloc(ext4_inode_cachep, GFP_NOFS); if (!ei) return NULL; - +#ifdef CONFIG_EXT4_FS_RICHACL + ei->i_richacl = EXT4_RICHACL_NOT_CACHED; +#endif ei->vfs_inode.i_version = 1; ei->vfs_inode.i_data.writeback_index = 0; memset(&ei->i_cached_extent, 0, sizeof(struct ext4_ext_cache)); @@ -873,6 +876,13 @@ void ext4_clear_inode(struct inode *inod invalidate_inode_buffers(inode); end_writeback(inode); dquot_drop(inode); +#ifdef CONFIG_EXT4_FS_RICHACL + if (EXT4_I(inode)->i_richacl && + EXT4_I(inode)->i_richacl != EXT4_RICHACL_NOT_CACHED) { + richacl_put(EXT4_I(inode)->i_richacl); + EXT4_I(inode)->i_richacl = EXT4_RICHACL_NOT_CACHED; + } +#endif ext4_discard_preallocations(inode); if (EXT4_I(inode)->jinode) { jbd2_journal_release_jbd_inode(EXT4_JOURNAL(inode), @@ -973,10 +983,13 @@ static int ext4_show_options(struct seq_ seq_puts(seq, ",nouser_xattr"); } #endif -#ifdef CONFIG_EXT4_FS_POSIX_ACL - if ((sb->s_flags & MS_POSIXACL) && !(def_mount_opts & EXT4_DEFM_ACL)) - seq_puts(seq, ",acl"); - if (!(sb->s_flags & MS_POSIXACL) && (def_mount_opts & EXT4_DEFM_ACL)) +#if defined(CONFIG_EXT4_FS_POSIX_ACL) || defined(CONFIG_EXT4_FS_RICHACL) + if (sb->s_flags & MS_POSIXACL) { + if (!(def_mount_opts & EXT4_DEFM_ACL)) + seq_puts(seq, ",acl"); + } else if (sb->s_flags & MS_RICHACL) + seq_puts(seq, ",richacl"); + else if (def_mount_opts & EXT4_DEFM_ACL) seq_puts(seq, ",noacl"); #endif if (sbi->s_commit_interval != JBD2_DEFAULT_MAX_COMMIT_AGE*HZ) { @@ -1203,7 +1216,7 @@ enum { Opt_bsd_df, Opt_minix_df, Opt_grpid, Opt_nogrpid, Opt_resgid, Opt_resuid, Opt_sb, Opt_err_cont, Opt_err_panic, Opt_err_ro, Opt_nouid32, Opt_debug, Opt_oldalloc, Opt_orlov, - Opt_user_xattr, Opt_nouser_xattr, Opt_acl, Opt_noacl, + Opt_user_xattr, Opt_nouser_xattr, Opt_acl, Opt_richacl, Opt_noacl, Opt_auto_da_alloc, Opt_noauto_da_alloc, Opt_noload, Opt_nobh, Opt_bh, Opt_commit, Opt_min_batch_time, Opt_max_batch_time, Opt_journal_update, Opt_journal_dev, @@ -1241,6 +1254,7 @@ static const match_table_t tokens = { {Opt_user_xattr, "user_xattr"}, {Opt_nouser_xattr, "nouser_xattr"}, {Opt_acl, "acl"}, + {Opt_richacl, "richacl"}, {Opt_noacl, "noacl"}, {Opt_noload, "noload"}, {Opt_noload, "norecovery"}, @@ -1479,17 +1493,26 @@ static int parse_options(char *options, ext4_msg(sb, KERN_ERR, "(no)user_xattr options not supported"); break; #endif -#ifdef CONFIG_EXT4_FS_POSIX_ACL +#if defined(CONFIG_EXT4_FS_POSIX_ACL) || defined(CONFIG_EXT4_FS_RICHACL) +# ifdef CONFIG_EXT4_FS_POSIX_ACL case Opt_acl: - sb->s_flags |= MS_POSIXACL; + if (!(sb->s_flags & MS_RICHACL)) + sb->s_flags |= MS_POSIXACL; break; - case Opt_noacl: +# endif +# ifdef CONFIG_EXT4_FS_RICHACL + case Opt_richacl: sb->s_flags &= ~MS_POSIXACL; + sb->s_flags |= MS_RICHACL; + break; +# endif + case Opt_noacl: + sb->s_flags &= ~(MS_POSIXACL | MS_RICHACL); break; #else case Opt_acl: case Opt_noacl: - ext4_msg(sb, KERN_ERR, "(no)acl options not supported"); + ext4_msg(sb, KERN_ERR, "(no)acl/richacl options not supported"); break; #endif case Opt_journal_update: @@ -2642,7 +2665,7 @@ static int ext4_fill_super(struct super_ if (def_mount_opts & EXT4_DEFM_XATTR_USER) set_opt(sb, XATTR_USER); #endif -#ifdef CONFIG_EXT4_FS_POSIX_ACL +#if defined(CONFIG_EXT4_FS_POSIX_ACL) if (def_mount_opts & EXT4_DEFM_ACL) sb->s_flags |= MS_POSIXACL; #endif --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -107,6 +107,9 @@ static const struct xattr_handler *ext4_ #ifdef CONFIG_EXT4_FS_SECURITY [EXT4_XATTR_INDEX_SECURITY] = &ext4_xattr_security_handler, #endif +#ifdef CONFIG_EXT4_FS_RICHACL + [EXT4_XATTR_INDEX_RICHACL] = &ext4_richacl_xattr_handler, +#endif }; const struct xattr_handler *ext4_xattr_handlers[] = { @@ -119,6 +122,9 @@ const struct xattr_handler *ext4_xattr_h #ifdef CONFIG_EXT4_FS_SECURITY &ext4_xattr_security_handler, #endif +#ifdef CONFIG_EXT4_FS_RICHACL + &ext4_richacl_xattr_handler, +#endif NULL }; --- a/fs/ext4/xattr.h +++ b/fs/ext4/xattr.h @@ -21,6 +21,7 @@ #define EXT4_XATTR_INDEX_TRUSTED 4 #define EXT4_XATTR_INDEX_LUSTRE 5 #define EXT4_XATTR_INDEX_SECURITY 6 +#define EXT4_XATTR_INDEX_RICHACL 7 struct ext4_xattr_header { __le32 h_magic; /* magic number for identification */ @@ -70,6 +71,10 @@ extern const struct xattr_handler ext4_x extern const struct xattr_handler ext4_xattr_acl_access_handler; extern const struct xattr_handler ext4_xattr_acl_default_handler; extern const struct xattr_handler ext4_xattr_security_handler; +extern const struct xattr_handler ext4_xattr_acl_access_handler; +extern const struct xattr_handler ext4_xattr_acl_default_handler; +extern const struct xattr_handler ext4_xattr_security_handler; +extern const struct xattr_handler ext4_richacl_xattr_handler; extern ssize_t ext4_listxattr(struct dentry *, char *, size_t);