From patchwork Fri Mar 27 16:50:31 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Andreas_Gr=C3=BCnbacher?= X-Patchwork-Id: 6109931 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 7B7D89F2A9 for ; Fri, 27 Mar 2015 16:56:09 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 859F2203AD for ; Fri, 27 Mar 2015 16:56:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 70824203F3 for ; Fri, 27 Mar 2015 16:56:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753088AbbC0QzI (ORCPT ); Fri, 27 Mar 2015 12:55:08 -0400 Received: from mail-wi0-f180.google.com ([209.85.212.180]:35334 "EHLO mail-wi0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752903AbbC0Qw0 (ORCPT ); Fri, 27 Mar 2015 12:52:26 -0400 Received: by wibbg6 with SMTP id bg6so33651907wib.0; Fri, 27 Mar 2015 09:52:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to :references; bh=aYA8ynaq63ZpAiuC/m+X6c8PDxfKc8l1wrMm74vC83g=; b=h3FfYEwUa1sZSAUfDJHPdUzeJKJOk4giY69qnEkci85XOg/9p9ZxhBpEud8hK/sSqQ AkgujRwtNKIsttYP9aub4QmuNOl1IceItt+UmLSEy4b2Q9aYP5OpeTJGMky5ESssQ4Kz egYfrN7kn53EJM8+sGRi0RdE8wKEHzvakF6Y97iWf8oAIL8nyf4dbGdpyc3lTIhA4bD5 3NQGH3VYQxLi/IXIlQtgyymaSMxVHCiQddaO7htUm9x3cbcnRd4F0Dtb4Hm3i/eU261c RBUDf0ei5JzWxASUa2LrRVzkRrqsb35d4e30L6w8RxWalBNmLbdATE2Uz9Ep+gQCv5Ea 4XeQ== X-Received: by 10.180.87.165 with SMTP id az5mr48730494wib.29.1427475145288; Fri, 27 Mar 2015 09:52:25 -0700 (PDT) Received: from nuc.home.com (80-110-94-70.cgn.dynamic.surfer.at. [80.110.94.70]) by mx.google.com with ESMTPSA id j7sm3592306wix.4.2015.03.27.09.52.24 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Mar 2015 09:52:24 -0700 (PDT) From: Andreas Gruenbacher X-Google-Original-From: Andreas Gruenbacher To: "J. Bruce Fields" , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [RFC 33/39] nfsd: Add richacl support Date: Fri, 27 Mar 2015 17:50:31 +0100 Message-Id: <5c9f7d23399017c28314596d53e08f0218be7bee.1427471526.git.agruenba@redhat.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: References: In-Reply-To: References: Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On file systems with richacls enabled, get and set richacls directly instead of converting from / to posix acls. Signed-off-by: Andreas Gruenbacher --- fs/nfsd/nfs4acl.c | 89 ++++++++++++++++++++++++++++++++++++++++++++---------- fs/nfsd/nfs4proc.c | 2 +- fs/nfsd/nfs4xdr.c | 21 ++++++++++--- 3 files changed, 91 insertions(+), 21 deletions(-) diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c index 9e65a19..8e0cea1 100644 --- a/fs/nfsd/nfs4acl.c +++ b/fs/nfsd/nfs4acl.c @@ -38,6 +38,8 @@ #include #include #include +#include +#include #include "nfsfh.h" #include "nfsd.h" #include "idmap.h" @@ -127,8 +129,8 @@ static short ace2type(struct richace *); static void _posix_to_richacl_one(struct posix_acl *, struct richacl_alloc *, unsigned int); -int -nfsd4_get_acl(struct svc_rqst *rqstp, struct dentry *dentry, struct richacl **acl) +static int +nfsd4_get_posix_acl(struct svc_rqst *rqstp, struct dentry *dentry, struct richacl **acl) { struct inode *inode = dentry->d_inode; int error = 0; @@ -144,7 +146,8 @@ nfsd4_get_acl(struct svc_rqst *rqstp, struct dentry *dentry, struct richacl **ac if (IS_ERR(pacl)) return PTR_ERR(pacl); - /* allocate for worst case: one (deny, allow) pair each: */ + /* Allocate for worst case: one (deny, allow) pair each. The resulting + acl will be released shortly and won't be cached. */ count = 2 * pacl->a_count; if (S_ISDIR(inode->i_mode)) { @@ -178,6 +181,38 @@ rel_pacl: return error; } +static int +nfsd4_get_richacl(struct svc_rqst *rqstp, struct dentry *dentry, struct richacl **acl) +{ + struct inode *inode = dentry->d_inode; + struct richacl *acl2; + int error; + + acl2 = get_richacl(inode); + if (!acl2) + acl2 = richacl_from_mode(inode->i_mode); + + if (IS_ERR(acl2)) + return PTR_ERR(acl2); + error = richacl_apply_masks(&acl2); + if (error) + richacl_put(acl2); + else + *acl = acl2; + return error; +} + +int +nfsd4_get_acl(struct svc_rqst *rqstp, struct dentry *dentry, struct richacl **acl) +{ + struct inode *inode = dentry->d_inode; + + if (IS_RICHACL(inode)) + return nfsd4_get_richacl(rqstp, dentry, acl); + else + return nfsd4_get_posix_acl(rqstp, dentry, acl); +} + struct posix_acl_summary { unsigned short owner; unsigned short users; @@ -788,24 +823,14 @@ out_estate: return ret; } -__be32 -nfsd4_set_acl(struct svc_rqst *rqstp, struct svc_fh *fhp, struct richacl *acl) +static __be32 +nfsd4_set_posix_acl(struct svc_rqst *rqstp, struct dentry *dentry, struct richacl *acl) { - __be32 error; int host_error; - struct dentry *dentry; - struct inode *inode; + struct inode *inode = dentry->d_inode; struct posix_acl *pacl = NULL, *dpacl = NULL; unsigned int flags = 0; - /* Get inode */ - error = fh_verify(rqstp, fhp, 0, NFSD_MAY_SATTR); - if (error) - return error; - - dentry = fhp->fh_dentry; - inode = dentry->d_inode; - if (!inode->i_op->set_acl || !IS_POSIXACL(inode)) return nfserr_attrnotsupp; @@ -837,6 +862,38 @@ out_nfserr: return nfserrno(host_error); } +static __be32 +nfsd4_set_richacl(struct svc_rqst *rqstp, struct dentry *dentry, struct richacl *acl) +{ + size_t size = richacl_xattr_size(acl); + char *buffer; + int error; + + buffer = kmalloc(size, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + richacl_to_xattr(&init_user_ns, acl, buffer, size); + error = vfs_setxattr(dentry, RICHACL_XATTR, buffer, size, 0); + kfree(buffer); + return error; +} + +__be32 +nfsd4_set_acl(struct svc_rqst *rqstp, struct svc_fh *fhp, struct richacl *acl) +{ + struct dentry *dentry; + __be32 error; + + error = fh_verify(rqstp, fhp, 0, NFSD_MAY_SATTR); + if (error) + return error; + dentry = fhp->fh_dentry; + + if (IS_RICHACL(dentry->d_inode)) + return nfsd4_set_richacl(rqstp, dentry, acl); + else + return nfsd4_set_posix_acl(rqstp, dentry, acl); +} static short ace2type(struct richace *ace) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 687726c..a477477c 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -110,7 +110,7 @@ check_attr_support(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, * in current environment or not. */ if (bmval[0] & FATTR4_WORD0_ACL) { - if (!IS_POSIXACL(dentry->d_inode)) + if (!IS_ACL(dentry->d_inode)) return nfserr_attrnotsupp; } diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index a882a86..d33335e 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -339,11 +339,24 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, richacl_for_each_entry(ace, *acl) { READ_BUF(16); len += 16; - ace->e_type = be32_to_cpup(p++); - ace->e_flags = be32_to_cpup(p++); - ace->e_mask = be32_to_cpup(p++); - if (ace->e_flags & RICHACE_SPECIAL_WHO) + + dummy32 = be32_to_cpup(p++); + if (dummy32 > RICHACE_ACCESS_DENIED_ACE_TYPE) + return nfserr_inval; + ace->e_type = dummy32; + + dummy32 = be32_to_cpup(p++); + if (dummy32 & (~RICHACE_VALID_FLAGS | + RICHACE_INHERITED_ACE | + RICHACE_SPECIAL_WHO)) return nfserr_inval; + ace->e_flags = dummy32; + + dummy32 = be32_to_cpup(p++); + if (dummy32 & ~RICHACE_VALID_MASK) + return nfserr_inval; + ace->e_mask = dummy32; + dummy32 = be32_to_cpup(p++); READ_BUF(dummy32); len += XDR_QUADLEN(dummy32) << 2;