From nobody Sun Feb 8 23:58:36 2026 Received: from szxga06-in.huawei.com (szxga06-in.huawei.com [45.249.212.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D5C483A02 for ; Tue, 19 Mar 2024 16:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865021; cv=none; b=K0PBXeHrvcUzVTjO8sbX4khqjsd1GMnCerv15g+6JmPUpUlMNE0NWLg4NhjNqpvn8if0h+bh3MELP+GaWMYkgQChKgmZpqF/XqsNkdVArum0Lge3AyaHTpLUsmzElLqGSI7e20RfFBSnENtaflukYVQ61VeJOqHy97kFh8AIErU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865021; c=relaxed/simple; bh=mpCI3oCjVwl2nFUvst8LdRaWyCFJGjR1hr3Sv0nZaHg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=O30DRs+QboF081VmAdf7YDtrj4AEnz88nHk3C7QBkgec3xSSDTPvCiEiumCkC0NTlpni34gRNBQ8H44RP1lNxyANTR0B1aS/xRXrR0x9wGjasWPrrPXuygok9iplyWGBEQjcYR3EMVu7maFXmvGCdrQd8jux1eC0DQFfmG27krE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.88.214]) by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4TzcKP4vPTz1vx43; Wed, 20 Mar 2024 00:16:09 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id 9B0931A016C; Wed, 20 Mar 2024 00:16:55 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 20 Mar 2024 00:16:55 +0800 From: Li Zetao To: , CC: , , Subject: [RFC PATCH 1/5] ubifs: Implement POSIX Access Control Lists (ACLs) Date: Wed, 20 Mar 2024 00:16:42 +0800 Message-ID: <20240319161646.2153867-2-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240319161646.2153867-1-lizetao1@huawei.com> References: <20240319161646.2153867-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Implement the ACLs feature for ubifs based on vfs Posix ACLs, details as follows: * Initialize acl for newly created inode. * Provides get/set interface to access ACLs. ACLs feature relies on xattr implementation which using specific key names "system.posix_acl_default" and "system.posix_acl_access". Now Only the v2 version of POSIX ACLs is supported, and ubifs does not need to customize the storage format, which can simplify the implementation. Signed-off-by: Li Zetao --- fs/ubifs/acl.c | 140 +++++++++++++++++++++++++++++++++++++++++++++++ fs/ubifs/ubifs.h | 13 +++++ fs/ubifs/xattr.c | 1 - 3 files changed, 153 insertions(+), 1 deletion(-) create mode 100644 fs/ubifs/acl.c diff --git a/fs/ubifs/acl.c b/fs/ubifs/acl.c new file mode 100644 index 000000000000..253568baf097 --- /dev/null +++ b/fs/ubifs/acl.c @@ -0,0 +1,140 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This file is part of UBIFS. + * + * Copyright (C) 2024 Huawei Tech. Co., Ltd. + * + * Authors: Li Zetao + */ + +/* This file implements POSIX Access Control Lists (ACLs) */ + +#include "ubifs.h" + +#include + +struct posix_acl *ubifs_get_inode_acl(struct inode *inode, int type, bool = rcu) +{ + char *xattr_value =3D NULL; + const char *xattr_name; + struct posix_acl *acl; + ssize_t size; + + if (rcu) + return ERR_PTR(-ECHILD); + + xattr_name =3D posix_acl_xattr_name(type); + if (unlikely(!strcmp(xattr_name, ""))) + return ERR_PTR(-EINVAL); + + size =3D ubifs_xattr_get(inode, xattr_name, NULL, 0); + if (size > 0) { + xattr_value =3D kzalloc(size, GFP_KERNEL); + if (unlikely(!xattr_value)) + return ERR_PTR(-ENOMEM); + + size =3D ubifs_xattr_get(inode, xattr_name, xattr_value, size); + } + + if (size > 0) + acl =3D posix_acl_from_xattr(&init_user_ns, xattr_value, size); + else if (size =3D=3D -ENODATA || size =3D=3D 0) + acl =3D NULL; + else + acl =3D ERR_PTR(size); + + kfree(xattr_value); + + return acl; +} + +static int __ubifs_set_acl(struct inode *inode, int type, struct posix_acl= *acl, int flags) +{ + void *xattr_value =3D NULL; + const char *xattr_name; + size_t size =3D 0; + int error; + + xattr_name =3D posix_acl_xattr_name(type); + if (unlikely(!strcmp(xattr_name, ""))) + return -EINVAL; + + if (unlikely(!strcmp(xattr_name, XATTR_NAME_POSIX_ACL_DEFAULT) && !S_ISDI= R(inode->i_mode))) + return acl ? -EACCES : 0; + + if (acl) { + size =3D posix_acl_xattr_size(acl->a_count); + xattr_value =3D kmalloc(size, GFP_KERNEL); + if (unlikely(!xattr_value)) + return -ENOMEM; + + error =3D posix_acl_to_xattr(&init_user_ns, acl, xattr_value, size); + if (unlikely(error < 0)) + goto out; + } + + error =3D ubifs_xattr_set(inode, xattr_name, xattr_value, size, flags, fa= lse); + if (likely(!error)) + set_cached_acl(inode, type, acl); +out: + kfree(xattr_value); + return error; +} + +int ubifs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, struct p= osix_acl *acl, int type) +{ + struct inode *inode =3D d_inode(dentry); + umode_t old_mode =3D inode->i_mode; + int error; + + if (type =3D=3D ACL_TYPE_ACCESS && acl) { + error =3D posix_acl_update_mode(idmap, inode, &inode->i_mode, &acl); + if (unlikely(error)) + return error; + } + + error =3D __ubifs_set_acl(inode, type, acl, 0); + if (unlikely(error)) + inode->i_mode =3D old_mode; + + return error; + +} + +/** + * ubifs_init_acl - initialize the ACLs for a new inode. + * @inode: newly created inode + * @dir: parent directory inode + * + * This function initialize ACLs, including inheriting the + * default ACLs of parent directory or modifying the default + * ACLs according to the mode parameter in open() / creat() + * system calls. + */ +int ubifs_init_acl(struct inode *inode, struct inode *dir) +{ + struct posix_acl *default_acl; + struct posix_acl *acl; + int error; + + error =3D posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); + if (unlikely(error)) + return error; + + if (default_acl) { + error =3D __ubifs_set_acl(inode, ACL_TYPE_DEFAULT, default_acl, XATTR_CR= EATE); + posix_acl_release(default_acl); + } else { + inode->i_default_acl =3D NULL; + } + + if (acl) { + if (likely(!error)) + error =3D __ubifs_set_acl(inode, ACL_TYPE_ACCESS, acl, XATTR_CREATE); + posix_acl_release(acl); + } else { + inode->i_acl =3D NULL; + } + + return error; +} diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index 3916dc4f30ca..b0d3b076290d 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -2069,6 +2069,19 @@ static inline int ubifs_init_security(struct inode *= dentry, } #endif =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL +struct posix_acl *ubifs_get_inode_acl(struct inode *inode, int type, bool = rcu); +int ubifs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, struct p= osix_acl *acl, int type); +int ubifs_init_acl(struct inode *inode, struct inode *dir); + +#else /* CONFIG_UBIFS_FS_POSIX_ACL */ +#define ubifs_get_inode_acl NULL +#define ubifs_set_acl NULL +static inline int ubifs_init_acl(struct inode *inode, struct inode *dir) +{ + return 0; +} +#endif /* CONFIG_UBIFS_FS_POSIX_ACL */ =20 /* super.c */ struct inode *ubifs_iget(struct super_block *sb, unsigned long inum); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 0847db521984..eb1c1f5d10df 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -40,7 +40,6 @@ * in the VFS inode cache. The xentries are cached in the LNC cache (see * tnc.c). * - * ACL support is not implemented. */ =20 #include "ubifs.h" --=20 2.34.1 From nobody Sun Feb 8 23:58:36 2026 Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A862A83A07 for ; Tue, 19 Mar 2024 16:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.191 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865023; cv=none; b=P9fki/TiIAprg6C01AKWLbOXuf9eCXAWncgCDFArQfrSy2rfUzxwiIfSWUSlEckJJo++jLgd49KQHP5r19zBNNNFtO3eN1cLBk5WewMOV9jj1InP0jlWj7i1gtKHDsxRRPgJfjKSYzhHmUpCSt/V/bglwaq7XxFca5DW3/QDvds= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865023; c=relaxed/simple; bh=B7BXQFgnL28XJ6Ra29639VrkAH7LwpeP5+Qa7GUzfbE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ObCAPmKcrylnldKr+73C+z0s6U+Q+BfjnxAyq2O5F6olSkEqTnU6yFTaGimye8YhKeGLfTJg4Osgkx912+S9neNBY0XGfkTpF4GHpse69yuO81IByt/LmClZFd2sL66txsxXg60sapfXSBQJFNhHefmPBszT2z80soPuYVwANno= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.191 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.17]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4TzcHM2TsWz1h30K; Wed, 20 Mar 2024 00:14:23 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id DD1011A0172; Wed, 20 Mar 2024 00:16:55 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 20 Mar 2024 00:16:55 +0800 From: Li Zetao To: , CC: , , Subject: [RFC PATCH 2/5] ubifs: Initialize or update ACLs for inode Date: Wed, 20 Mar 2024 00:16:43 +0800 Message-ID: <20240319161646.2153867-3-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240319161646.2153867-1-lizetao1@huawei.com> References: <20240319161646.2153867-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" There are two scenarios where ACL needs to be updated, the first one is when creating the inode, and the second one is in the chmod process. When creating directories/files/device node/tmpfile, ACLs needs to be initialized, but symlink do not. Signed-off-by: Li Zetao --- fs/ubifs/dir.c | 16 ++++++++++++++++ fs/ubifs/file.c | 4 ++++ 2 files changed, 20 insertions(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 551148de66cd..dfb6823cc953 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -316,6 +316,10 @@ static int ubifs_create(struct mnt_idmap *idmap, struc= t inode *dir, goto out_fname; } =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; @@ -466,6 +470,10 @@ static int ubifs_tmpfile(struct mnt_idmap *idmap, stru= ct inode *dir, } ui =3D ubifs_inode(inode); =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; @@ -1013,6 +1021,10 @@ static int ubifs_mkdir(struct mnt_idmap *idmap, stru= ct inode *dir, goto out_fname; } =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; @@ -1108,6 +1120,10 @@ static int ubifs_mknod(struct mnt_idmap *idmap, stru= ct inode *dir, ui->data =3D dev; ui->data_len =3D devlen; =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index 5029eb3390a5..8f964f8b0f96 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -41,6 +41,7 @@ #include #include #include +#include =20 static int read_block(struct inode *inode, void *addr, unsigned int block, struct ubifs_data_node *dn) @@ -1298,6 +1299,9 @@ int ubifs_setattr(struct mnt_idmap *idmap, struct den= try *dentry, else err =3D do_setattr(c, inode, attr); =20 + if (!err && (attr->ia_valid & ATTR_MODE)) + err =3D posix_acl_chmod(idmap, dentry, inode->i_mode); + return err; } =20 --=20 2.34.1 From nobody Sun Feb 8 23:58:36 2026 Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD970111A1 for ; Tue, 19 Mar 2024 16:34:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.255 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710866099; cv=none; b=jwNXvcJzyLx+5ClCXL9P2ifV3nivl+FOm8E3l0DEmMVU52fteqnyVOl5hgVzp068L6mcDkvtnw73/ClzLtJe1e4jd1xja8Bek/CBTxtT/xvkYVkjVNIV1RWRDGd/6zDE/xcA9O7hcQGvxEGqZOJbbEuGAcSp0zZX9xYl6dt66G0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710866099; c=relaxed/simple; bh=0/4QRrWBcVmnwDDUbZA1MxL5kl40PY4/kO7kvJvx2JE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rlHPJgw4YE7VkQE63KBJsbvASgIU/k49jhMfm3/+OoDpY3QIoeOHqSmBmmhIGvgEhmvTnCl9iY/H9gSRMYicKhS4dVscermz63fyEcOOYGbMLz1XFKXLVKcvIOGOBb5n6dMgNJplHR1lbNL7uiY0o0jtnPIeF5rHOTDO8nr8Fpc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.255 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.174]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4TzcHj1RB5z1Q9nB; Wed, 20 Mar 2024 00:14:41 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id 3AC8A14040D; Wed, 20 Mar 2024 00:16:56 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 20 Mar 2024 00:16:55 +0800 From: Li Zetao To: , CC: , , Subject: [RFC PATCH 3/5] ubifs: Support accessing ACLs through inode_operations Date: Wed, 20 Mar 2024 00:16:44 +0800 Message-ID: <20240319161646.2153867-4-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240319161646.2153867-1-lizetao1@huawei.com> References: <20240319161646.2153867-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Register the get/set interfaces to the inode operations whilch allows access to the ACL through the vfs layer. Signed-off-by: Li Zetao --- fs/ubifs/dir.c | 2 ++ fs/ubifs/file.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index dfb6823cc953..59784349ba21 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1724,6 +1724,8 @@ const struct inode_operations ubifs_dir_inode_operati= ons =3D { .setattr =3D ubifs_setattr, .getattr =3D ubifs_getattr, .listxattr =3D ubifs_listxattr, + .get_inode_acl =3D ubifs_get_inode_acl, + .set_acl =3D ubifs_set_acl, .update_time =3D ubifs_update_time, .tmpfile =3D ubifs_tmpfile, .fileattr_get =3D ubifs_fileattr_get, diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index 8f964f8b0f96..80def8734b13 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1665,6 +1665,8 @@ const struct inode_operations ubifs_file_inode_operat= ions =3D { .setattr =3D ubifs_setattr, .getattr =3D ubifs_getattr, .listxattr =3D ubifs_listxattr, + .get_inode_acl =3D ubifs_get_inode_acl, + .set_acl =3D ubifs_set_acl, .update_time =3D ubifs_update_time, .fileattr_get =3D ubifs_fileattr_get, .fileattr_set =3D ubifs_fileattr_set, --=20 2.34.1 From nobody Sun Feb 8 23:58:36 2026 Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14A5983A11 for ; Tue, 19 Mar 2024 16:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.190 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865021; cv=none; b=Hf7sPowV3U6Qwa+FeuIfx+KN/QgmT/hTz0aV4IqxoWAfcVuT5OHHMDeeuwbSj4fcDEK1l3IKQfSWR17k+sZ+2XhJMtG52Ikf2+zbbxnzb68t4UaMilww2yKjJpPScTrkJpgJ0+VQzza2a7hTN8O9rrhKLQ4zftvqkaQPLSy8+98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865021; c=relaxed/simple; bh=emJA4rgmgnd/+JcRUIlMPIJB8sezta6Apcgb/jZWgu4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SYKP6+mRbG6E5TEYteF9o9eaIg1B2pfSUzS0Qm/jWtFnnGFzXqZPgZdiuucGoBkZRIU1cvci9EC28Nr/FzIsTxIFrrku1oBqp51IWdJGSshEp6qetpr87adJcA8qOMjVV/c3dPzn2HGpEoWIfcDCYUkMvGggd3sXmIBZz7HJoyA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.190 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.44]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4TzcHM5Q6dz2Bgb9; Wed, 20 Mar 2024 00:14:23 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id 7D3A514013B; Wed, 20 Mar 2024 00:16:56 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 20 Mar 2024 00:16:56 +0800 From: Li Zetao To: , CC: , , Subject: [RFC PATCH 4/5] ubifs: Introduce ACLs mount options Date: Wed, 20 Mar 2024 00:16:45 +0800 Message-ID: <20240319161646.2153867-5-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240319161646.2153867-1-lizetao1@huawei.com> References: <20240319161646.2153867-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Implement the ability to enable or disable the ACLs feature through mount options. "-o acl" option means enable and "-o noacl" means disable and it is enable by default. Signed-off-by: Li Zetao --- fs/ubifs/super.c | 40 ++++++++++++++++++++++++++++++++++++++++ fs/ubifs/ubifs.h | 2 ++ 2 files changed, 42 insertions(+) diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index 7f4031a15f4d..ed03bf11e51d 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -457,6 +457,13 @@ static int ubifs_show_options(struct seq_file *s, stru= ct dentry *root) seq_printf(s, ",assert=3D%s", ubifs_assert_action_name(c)); seq_printf(s, ",ubi=3D%d,vol=3D%d", c->vi.ubi_num, c->vi.vol_id); =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + if (c->mount_opts.acl =3D=3D 2) + seq_puts(s, ",acl"); + else if (c->mount_opts.acl =3D=3D 1) + seq_puts(s, ",noacl"); +#endif + return 0; } =20 @@ -967,6 +974,8 @@ static int check_volume_empty(struct ubifs_info *c) * Opt_assert: set ubifs_assert() action * Opt_auth_key: The key name used for authentication * Opt_auth_hash_name: The hash type used for authentication + * Opt_acl: enable posix acl + * Opt_noacl: disable posix acl * Opt_err: just end of array marker */ enum { @@ -981,6 +990,8 @@ enum { Opt_auth_key, Opt_auth_hash_name, Opt_ignore, + Opt_acl, + Opt_noacl, Opt_err, }; =20 @@ -997,6 +1008,8 @@ static const match_table_t tokens =3D { {Opt_ignore, "ubi=3D%s"}, {Opt_ignore, "vol=3D%s"}, {Opt_assert, "assert=3D%s"}, + {Opt_acl, "acl"}, + {Opt_noacl, "noacl"}, {Opt_err, NULL}, }; =20 @@ -1137,6 +1150,23 @@ static int ubifs_parse_options(struct ubifs_info *c,= char *options, break; case Opt_ignore: break; +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + case Opt_acl: + c->mount_opts.acl =3D 2; + c->vfs_sb->s_flags |=3D SB_POSIXACL; + break; + case Opt_noacl: + c->mount_opts.acl =3D 1; + c->vfs_sb->s_flags &=3D ~SB_POSIXACL; + break; +#else + case Opt_acl: + ubifs_err(c, "acl options not supported"); + return -EINVAL; + case Opt_noacl: + ubifs_err(c, "noacl options not supported"); + return -EINVAL; +#endif default: { unsigned long flag; @@ -2011,12 +2041,17 @@ static int ubifs_remount_fs(struct super_block *sb,= int *flags, char *data) sync_filesystem(sb); dbg_gen("old flags %#lx, new flags %#x", sb->s_flags, *flags); =20 + c->mount_opts.acl =3D 0; err =3D ubifs_parse_options(c, data, 1); if (err) { ubifs_err(c, "invalid or unknown remount parameter"); return err; } =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + if (!c->mount_opts.acl) + c->vfs_sb->s_flags |=3D SB_POSIXACL; +#endif if (c->ro_mount && !(*flags & SB_RDONLY)) { if (c->ro_error) { ubifs_msg(c, "cannot re-mount R/W due to prior errors"); @@ -2197,6 +2232,11 @@ static int ubifs_fill_super(struct super_block *sb, = void *data, int silent) if (err) goto out_close; =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + if (!c->mount_opts.acl) + c->vfs_sb->s_flags |=3D SB_POSIXACL; +#endif + /* * UBIFS provides 'backing_dev_info' in order to disable read-ahead. For * UBIFS, I/O is not deferred, it is done immediately in read_folio, diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index b0d3b076290d..4a6078cbb2f5 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -956,6 +956,7 @@ struct ubifs_orphan { * specified in @compr_type) * @compr_type: compressor type to override the superblock compressor with * (%UBIFS_COMPR_NONE, etc) + * @acl: enable/disable posix acl (%0 default, %1 disable, %2 enable) */ struct ubifs_mount_opts { unsigned int unmount_mode:2; @@ -963,6 +964,7 @@ struct ubifs_mount_opts { unsigned int chk_data_crc:2; unsigned int override_compr:1; unsigned int compr_type:2; + unsigned int acl:2; }; =20 /** --=20 2.34.1 From nobody Sun Feb 8 23:58:36 2026 Received: from szxga07-in.huawei.com (szxga07-in.huawei.com [45.249.212.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 52CAA83A12 for ; Tue, 19 Mar 2024 16:16:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.35 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865022; cv=none; b=ecTlcKbVafLpwNHcahkKCENAQmjSt7SCjb2AnsHl1jAGwzIwtfqo3bQ39dTEQ9vjh7DZoDqG1GgLk3VYupNBdjLf3ciEILmJnPI4z+6Se2/SoO4lCItPQ6aKiAw3saU0TOFjGE1OCii01eSupyLj3/IbcStna98Lgq9KmPSD/qg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710865022; c=relaxed/simple; bh=kHPe25315jm6MEoKSd8sEDMfbyuoVewOhJ62IUt1SqE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ENvckGz0wnA0Tu8WzRD2k0x1U4ROiVOATRYuvVd8PiLbqdJqcWQuOzLCYxu7YAsQRSubt0e1kn8nWRy1wzM2a3v5yjWb7roBZXAYxCkGV2tiGMOWW6dHRAGjPALetjaeznfpKJZ2LVxcGbxArJRvVEjirms7mXddNxszjw81i4c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.35 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.88.234]) by szxga07-in.huawei.com (SkyGuard) with ESMTP id 4TzcHM57mDz1R7QS; Wed, 20 Mar 2024 00:14:23 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id C42E71400CA; Wed, 20 Mar 2024 00:16:56 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 20 Mar 2024 00:16:56 +0800 From: Li Zetao To: , CC: , , Subject: [RFC PATCH 5/5] ubifs: Add ACLs config option Date: Wed, 20 Mar 2024 00:16:46 +0800 Message-ID: <20240319161646.2153867-6-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240319161646.2153867-1-lizetao1@huawei.com> References: <20240319161646.2153867-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Add CONFIG_UBIFS_FS_POSIX_ACL to select ACL for UBIFS, but it should be noted that this config option depends on UBIFS_FS_XATTR. Signed-off-by: Li Zetao --- fs/ubifs/Kconfig | 14 ++++++++++++++ fs/ubifs/Makefile | 1 + 2 files changed, 15 insertions(+) diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig index 45d3d207fb99..9ac5ddd5ded3 100644 --- a/fs/ubifs/Kconfig +++ b/fs/ubifs/Kconfig @@ -98,4 +98,18 @@ config UBIFS_FS_AUTHENTICATION sha256, these are not selected automatically since there are many different options. =20 +config UBIFS_FS_POSIX_ACL + bool "UBIFS POSIX Access Control Lists" + depends on UBIFS_FS_XATTR + select FS_POSIX_ACL + default y + help + Posix Access Control Lists (ACLs) support permissions for users and + groups beyond the owner/group/world scheme. + + To learn more about Access Control Lists, visit the Posix ACLs for + Linux website . + + If you don't know what Access Control Lists are, say N + endif # UBIFS_FS diff --git a/fs/ubifs/Makefile b/fs/ubifs/Makefile index 314c80b24a76..1e0733a647d5 100644 --- a/fs/ubifs/Makefile +++ b/fs/ubifs/Makefile @@ -9,3 +9,4 @@ ubifs-y +=3D misc.o sysfs.o ubifs-$(CONFIG_FS_ENCRYPTION) +=3D crypto.o ubifs-$(CONFIG_UBIFS_FS_XATTR) +=3D xattr.o ubifs-$(CONFIG_UBIFS_FS_AUTHENTICATION) +=3D auth.o +ubifs-$(CONFIG_UBIFS_FS_POSIX_ACL) +=3D acl.o \ No newline at end of file --=20 2.34.1