From: Darrick J. Wong <djwong@xxxxxxxxxx>
Propagate the default and file access ACLs to new children when creating
them, just like the other kernel filesystems.
Signed-off-by: "Darrick J. Wong" <djwong@xxxxxxxxxx>
---
fs/fuse/fuse_i.h | 4 ++
fs/fuse/acl.c | 65 ++++++++++++++++++++++++++++++++++++++
fs/fuse/dir.c | 92 +++++++++++++++++++++++++++++++++++++++++-------------
3 files changed, 138 insertions(+), 23 deletions(-)
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 3058d02cd65cc7..a8caee5e896871 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -1539,6 +1539,10 @@ struct posix_acl *fuse_get_acl(struct mnt_idmap *idmap,
struct dentry *dentry, int type);
int fuse_set_acl(struct mnt_idmap *, struct dentry *dentry,
struct posix_acl *acl, int type);
+int fuse_acl_create(struct inode *dir, umode_t *mode,
+ struct posix_acl **default_acl, struct posix_acl **acl);
+int fuse_init_acls(struct inode *inode, const struct posix_acl *default_acl,
+ const struct posix_acl *acl);
/* readdir.c */
int fuse_readdir(struct file *file, struct dir_context *ctx);
diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c
index b892976d9e284c..26776e7a0b88fa 100644
--- a/fs/fuse/acl.c
+++ b/fs/fuse/acl.c
@@ -193,3 +193,68 @@ int fuse_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
return ret;
}
+
+int fuse_acl_create(struct inode *dir, umode_t *mode,
+ struct posix_acl **default_acl, struct posix_acl **acl)
+{
+ struct fuse_conn *fc = get_fuse_conn(dir);
+
+ if (fuse_is_bad(dir))
+ return -EIO;
+
+ if (fuse_has_iomap(dir) && IS_POSIXACL(dir))
+ return posix_acl_create(dir, mode, default_acl, acl);
+
+ if (!fc->dont_mask)
+ *mode &= ~current_umask();
+
+ *default_acl = NULL;
+ *acl = NULL;
+ return 0;
+}
+
+static int __fuse_set_acl(struct inode *inode, const char *name,
+ const struct posix_acl *acl)
+{
+ struct fuse_conn *fc = get_fuse_conn(inode);
+ size_t size = posix_acl_xattr_size(acl->a_count);
+ void *value;
+ int ret;
+
+ if (size > PAGE_SIZE)
+ return -E2BIG;
+
+ value = kmalloc(size, GFP_KERNEL);
+ if (!value)
+ return -ENOMEM;
+
+ ret = posix_acl_to_xattr(fc->user_ns, acl, value, size);
+ if (ret < 0)
+ goto out_value;
+
+ ret = fuse_setxattr(inode, name, value, size, 0, 0);
+out_value:
+ kfree(value);
+ return ret;
+}
+
+int fuse_init_acls(struct inode *inode, const struct posix_acl *default_acl,
+ const struct posix_acl *acl)
+{
+ int ret;
+
+ if (default_acl) {
+ ret = __fuse_set_acl(inode, XATTR_NAME_POSIX_ACL_DEFAULT,
+ default_acl);
+ if (ret)
+ return ret;
+ }
+
+ if (acl) {
+ ret = __fuse_set_acl(inode, XATTR_NAME_POSIX_ACL_ACCESS, acl);
+ if (ret)
+ return ret;
+ }
+
+ return 0;
+}
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 33a375a21b2da1..4cdd3ef0793379 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -635,26 +635,28 @@ static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir,
struct fuse_entry_out outentry;
struct fuse_inode *fi;
struct fuse_file *ff;
+ struct posix_acl *default_acl = NULL, *acl = NULL;
int epoch, err;
bool trunc = flags & O_TRUNC;
/* Userspace expects S_IFREG in create mode */
BUG_ON((mode & S_IFMT) != S_IFREG);
+ err = fuse_acl_create(dir, &mode, &default_acl, &acl);
+ if (err)
+ return err;
+
epoch = atomic_read(&fm->fc->epoch);
forget = fuse_alloc_forget();
err = -ENOMEM;
if (!forget)
- goto out_err;
+ goto out_acl_release;
err = -ENOMEM;
ff = fuse_file_alloc(fm, true);
if (!ff)
goto out_put_forget_req;
- if (!fm->fc->dont_mask)
- mode &= ~current_umask();
-
flags &= ~O_NOCTTY;
memset(&inarg, 0, sizeof(inarg));
memset(&outentry, 0, sizeof(outentry));
@@ -706,12 +708,16 @@ static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir,
fuse_sync_release(NULL, ff, flags);
fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
err = -ENOMEM;
- goto out_err;
+ goto out_acl_release;
}
kfree(forget);
d_instantiate(entry, inode);
entry->d_time = epoch;
fuse_change_entry_timeout(entry, &outentry);
+
+ err = fuse_init_acls(inode, default_acl, acl);
+ if (err)
+ goto out_acl_release;
fuse_dir_changed(dir);
if (fuse_has_iomap(inode))
@@ -737,7 +743,9 @@ static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir,
fuse_file_free(ff);
out_put_forget_req:
kfree(forget);
-out_err:
+out_acl_release:
+ posix_acl_release(default_acl);
+ posix_acl_release(acl);
return err;
}
@@ -796,7 +804,9 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
*/
static struct dentry *create_new_entry(struct mnt_idmap *idmap, struct fuse_mount *fm,
struct fuse_args *args, struct inode *dir,
- struct dentry *entry, umode_t mode)
+ struct dentry *entry, umode_t mode,
+ struct posix_acl *default_acl,
+ struct posix_acl *acl)
{
struct fuse_entry_out outarg;
struct inode *inode;
@@ -804,14 +814,18 @@ static struct dentry *create_new_entry(struct mnt_idmap *idmap, struct fuse_moun
struct fuse_forget_link *forget;
int epoch, err;
- if (fuse_is_bad(dir))
- return ERR_PTR(-EIO);
+ if (fuse_is_bad(dir)) {
+ err = -EIO;
+ goto out_acl_release;
+ }
epoch = atomic_read(&fm->fc->epoch);
forget = fuse_alloc_forget();
- if (!forget)
- return ERR_PTR(-ENOMEM);
+ if (!forget) {
+ err = -ENOMEM;
+ goto out_acl_release;
+ }
memset(&outarg, 0, sizeof(outarg));
args->nodeid = get_node_id(dir);
@@ -841,7 +855,8 @@ static struct dentry *create_new_entry(struct mnt_idmap *idmap, struct fuse_moun
&outarg.attr, ATTR_TIMEOUT(&outarg), 0, 0);
if (!inode) {
fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
- return ERR_PTR(-ENOMEM);
+ err = -ENOMEM;
+ goto out_acl_release;
}
kfree(forget);
@@ -857,19 +872,31 @@ static struct dentry *create_new_entry(struct mnt_idmap *idmap, struct fuse_moun
entry->d_time = epoch;
fuse_change_entry_timeout(entry, &outarg);
}
+
+ err = fuse_init_acls(inode, default_acl, acl);
+ if (err)
+ goto out_acl_release;
fuse_dir_changed(dir);
+
+ posix_acl_release(default_acl);
+ posix_acl_release(acl);
return d;
out_put_forget_req:
if (err == -EEXIST)
fuse_invalidate_entry(entry);
kfree(forget);
+ out_acl_release:
+ posix_acl_release(default_acl);
+ posix_acl_release(acl);
return ERR_PTR(err);
}
static int create_new_nondir(struct mnt_idmap *idmap, struct fuse_mount *fm,
struct fuse_args *args, struct inode *dir,
- struct dentry *entry, umode_t mode)
+ struct dentry *entry, umode_t mode,
+ struct posix_acl *default_acl,
+ struct posix_acl *acl)
{
/*
* Note that when creating anything other than a directory we
@@ -880,7 +907,8 @@ static int create_new_nondir(struct mnt_idmap *idmap, struct fuse_mount *fm,
*/
WARN_ON_ONCE(S_ISDIR(mode));
- return PTR_ERR(create_new_entry(idmap, fm, args, dir, entry, mode));
+ return PTR_ERR(create_new_entry(idmap, fm, args, dir, entry, mode,
+ default_acl, acl));
}
static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
@@ -888,10 +916,13 @@ static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
{
struct fuse_mknod_in inarg;
struct fuse_mount *fm = get_fuse_mount(dir);
+ struct posix_acl *default_acl, *acl;
FUSE_ARGS(args);
+ int err;
- if (!fm->fc->dont_mask)
- mode &= ~current_umask();
+ err = fuse_acl_create(dir, &mode, &default_acl, &acl);
+ if (err)
+ return err;
memset(&inarg, 0, sizeof(inarg));
inarg.mode = mode;
@@ -903,7 +934,8 @@ static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
args.in_args[0].value = &inarg;
args.in_args[1].size = entry->d_name.len + 1;
args.in_args[1].value = entry->d_name.name;
- return create_new_nondir(idmap, fm, &args, dir, entry, mode);
+ return create_new_nondir(idmap, fm, &args, dir, entry, mode,
+ default_acl, acl);
}
static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
@@ -935,13 +967,17 @@ static struct dentry *fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
{
struct fuse_mkdir_in inarg;
struct fuse_mount *fm = get_fuse_mount(dir);
+ struct posix_acl *default_acl, *acl;
FUSE_ARGS(args);
+ int err;
- if (!fm->fc->dont_mask)
- mode &= ~current_umask();
+ mode |= S_IFDIR; /* vfs doesn't set S_IFDIR for us */
+ err = fuse_acl_create(dir, &mode, &default_acl, &acl);
+ if (err)
+ return ERR_PTR(err);
memset(&inarg, 0, sizeof(inarg));
- inarg.mode = mode;
+ inarg.mode = mode & ~S_IFDIR;
inarg.umask = current_umask();
args.opcode = FUSE_MKDIR;
args.in_numargs = 2;
@@ -949,7 +985,8 @@ static struct dentry *fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
args.in_args[0].value = &inarg;
args.in_args[1].size = entry->d_name.len + 1;
args.in_args[1].value = entry->d_name.name;
- return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR);
+ return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR,
+ default_acl, acl);
}
static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
@@ -957,7 +994,14 @@ static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
{
struct fuse_mount *fm = get_fuse_mount(dir);
unsigned len = strlen(link) + 1;
+ struct posix_acl *default_acl, *acl;
+ umode_t mode = S_IFLNK | 0777;
FUSE_ARGS(args);
+ int err;
+
+ err = fuse_acl_create(dir, &mode, &default_acl, &acl);
+ if (err)
+ return err;
args.opcode = FUSE_SYMLINK;
args.in_numargs = 3;
@@ -966,7 +1010,8 @@ static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
args.in_args[1].value = entry->d_name.name;
args.in_args[2].size = len;
args.in_args[2].value = link;
- return create_new_nondir(idmap, fm, &args, dir, entry, S_IFLNK);
+ return create_new_nondir(idmap, fm, &args, dir, entry, S_IFLNK,
+ default_acl, acl);
}
void fuse_flush_time_update(struct inode *inode)
@@ -1166,7 +1211,8 @@ static int fuse_link(struct dentry *entry, struct inode *newdir,
args.in_args[0].value = &inarg;
args.in_args[1].size = newent->d_name.len + 1;
args.in_args[1].value = newent->d_name.name;
- err = create_new_nondir(&invalid_mnt_idmap, fm, &args, newdir, newent, inode->i_mode);
+ err = create_new_nondir(&invalid_mnt_idmap, fm, &args, newdir, newent,
+ inode->i_mode, NULL, NULL);
if (!err)
fuse_update_ctime_in_cache(inode);
else if (err == -EINTR)
