From nobody Sun Feb 8 21:41:35 2026 Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0F2153811; Fri, 22 Mar 2024 15:48:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.190 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122505; cv=none; b=mBPyuyIPvFYCdYv6iNA6bL2kUMwMFfi+O/XFFPyRz8yEh1TL6RtOR8DNFwhNRKi7xLkZlF7mCNL8lAOq4ZMMWSvj3v2+uyrEd7oSMINSPAI+DsDTvYF9abA5aSfDPb0Ca8jAkHLZAWZAMiv2JAO5hEI9o8dk0JFBWXL+FOMOxjo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122505; c=relaxed/simple; bh=XHECZqNFfXYbkWZS+VFqR2nCwONd95UHFkfpDhF+1u0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qckDquzAbhQmX1MLywpwAnFc8+XuhAGZCHW+g1Q4u125IddKDm9zRc03gL/uYYAFry+5G0X0dCAlNsBpmhkkfhmSYupIqBR0YfbaIRTKaTZYBa5ZRB5atPQYt67D63E2MalsOQtbHSZPEL522kBsEX8/XNCldt+qPgxjF8nf4AY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.190 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.17]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4V1RWh3GpJz1xsQg; Fri, 22 Mar 2024 23:46:24 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id AC31B1A0188; Fri, 22 Mar 2024 23:48:19 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 22 Mar 2024 23:48:19 +0800 From: Li Zetao To: , , , , CC: , , , Subject: [RFC PATCH v2 1/5] ubifs: Add ACLs config option Date: Fri, 22 Mar 2024 23:48:08 +0800 Message-ID: <20240322154812.215369-2-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240322154812.215369-1-lizetao1@huawei.com> References: <20240322154812.215369-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Add CONFIG_UBIFS_FS_POSIX_ACL to select ACL for UBIFS, but it should be noted that this config option depends on UBIFS_FS_XATTR. Signed-off-by: Li Zetao --- v1 -> v2: Put this patch first. v1: https://lore.kernel.org/all/20240319161646.2153867-6-lizetao1@huawei.co= m/ fs/ubifs/Kconfig | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig index 45d3d207fb99..9ac5ddd5ded3 100644 --- a/fs/ubifs/Kconfig +++ b/fs/ubifs/Kconfig @@ -98,4 +98,18 @@ config UBIFS_FS_AUTHENTICATION sha256, these are not selected automatically since there are many different options. =20 +config UBIFS_FS_POSIX_ACL + bool "UBIFS POSIX Access Control Lists" + depends on UBIFS_FS_XATTR + select FS_POSIX_ACL + default y + help + Posix Access Control Lists (ACLs) support permissions for users and + groups beyond the owner/group/world scheme. + + To learn more about Access Control Lists, visit the Posix ACLs for + Linux website . + + If you don't know what Access Control Lists are, say N + endif # UBIFS_FS --=20 2.34.1 From nobody Sun Feb 8 21:41:35 2026 Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0ED7200AE; Fri, 22 Mar 2024 15:48:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.190 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122506; cv=none; b=Nws9nWeO8Aq8tYt2mir20M0iKJWz2ni8fCVU3pdPwbCQ/OJayIirK1/w+HjkKYiwCbWvh0lFm4VTVB2xKhh3NK89Wtg0LiKFEDhQtiYFikbh3WgKUH3tlZNCV4EobqL6fTInHtInrLsaAjCjuY4/lFbsV3sef9PZJx+ppLw1pEM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122506; c=relaxed/simple; bh=xM8FItCAOA4E3ykBAQf3WrkJlRDOl6PcjeF34CMuCRY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LyN3bWS8SSej31g5WQwp5Dsm4eg8gN/3jD+qzJoPz7DOtn5/yG8gDaFGr5Me4DBcViZkqnn5GJ/ay+pOYVYoV4UXs27qHLQKD2HGz9WHtgKdNT9Qp4wKZJI2W7KUan1/+bVKBOZHuxFbjmNevxItWIc/JYDKUY+sCOx4ZT8LbjE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.190 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.88.214]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4V1RWh5dH2z1xsQp; Fri, 22 Mar 2024 23:46:24 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id 0CBA91A016C; Fri, 22 Mar 2024 23:48:20 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 22 Mar 2024 23:48:19 +0800 From: Li Zetao To: , , , , CC: , , , Subject: [RFC PATCH v2 2/5] ubifs: Implement POSIX Access Control Lists (ACLs) Date: Fri, 22 Mar 2024 23:48:09 +0800 Message-ID: <20240322154812.215369-3-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240322154812.215369-1-lizetao1@huawei.com> References: <20240322154812.215369-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Implement the ACLs feature for ubifs based on vfs Posix ACLs, details as follows: * Initialize acl for newly created inode. * Provides get/set interface to access ACLs. ACLs feature relies on xattr implementation which using specific key names "system.posix_acl_default" and "system.posix_acl_access". Now Only the v2 version of POSIX ACLs is supported, and ubifs does not need to customize the storage format, which can simplify the implementation. It should be noted that Linux supports updating the file mode through ACLs. However the acl may not exist, so ubifs_xattr_remove() returns -ENODATA. Such a scenario needs to be specially handled. At the same time, it needs to ensure that the updated inode is written to flash. Signed-off-by: Li Zetao --- v1 -> v2: * Get xattr_name by direct expansion instead of posix_acl_xattr_name(). * Modify ubifs_xattr_remove to an external function to remove the xattr o= f ACL. * Remove redundant likely() and unlikely(). * Fix updating file mode via ACL and support writing to flash. v1: https://lore.kernel.org/all/20240319161646.2153867-2-lizetao1@huawei.co= m/ fs/ubifs/Makefile | 1 + fs/ubifs/acl.c | 192 ++++++++++++++++++++++++++++++++++++++++++++++ fs/ubifs/ubifs.h | 14 ++++ fs/ubifs/xattr.c | 3 +- 4 files changed, 208 insertions(+), 2 deletions(-) create mode 100644 fs/ubifs/acl.c diff --git a/fs/ubifs/Makefile b/fs/ubifs/Makefile index 314c80b24a76..b615fbb73908 100644 --- a/fs/ubifs/Makefile +++ b/fs/ubifs/Makefile @@ -9,3 +9,4 @@ ubifs-y +=3D misc.o sysfs.o ubifs-$(CONFIG_FS_ENCRYPTION) +=3D crypto.o ubifs-$(CONFIG_UBIFS_FS_XATTR) +=3D xattr.o ubifs-$(CONFIG_UBIFS_FS_AUTHENTICATION) +=3D auth.o +ubifs-$(CONFIG_UBIFS_FS_POSIX_ACL) +=3D acl.o diff --git a/fs/ubifs/acl.c b/fs/ubifs/acl.c new file mode 100644 index 000000000000..8ac5bd86f32d --- /dev/null +++ b/fs/ubifs/acl.c @@ -0,0 +1,192 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * This file is part of UBIFS. + * + * Copyright (C) 2024 Huawei Tech. Co., Ltd. + * + * Authors: Li Zetao + */ + +/* This file implements POSIX Access Control Lists (ACLs) */ + +#include "ubifs.h" + +#include + +struct posix_acl *ubifs_get_inode_acl(struct inode *inode, int type, bool = rcu) +{ + char *xattr_value =3D NULL; + const char *xattr_name; + struct posix_acl *acl; + ssize_t size; + + if (rcu) + return ERR_PTR(-ECHILD); + + switch (type) { + case ACL_TYPE_ACCESS: + xattr_name =3D XATTR_NAME_POSIX_ACL_ACCESS; + break; + case ACL_TYPE_DEFAULT: + xattr_name =3D XATTR_NAME_POSIX_ACL_DEFAULT; + break; + default: + return ERR_PTR(-EINVAL); + } + + size =3D ubifs_xattr_get(inode, xattr_name, NULL, 0); + if (size > 0) { + xattr_value =3D kzalloc(size, GFP_KERNEL); + if (unlikely(!xattr_value)) + return ERR_PTR(-ENOMEM); + + size =3D ubifs_xattr_get(inode, xattr_name, xattr_value, size); + } + + if (size > 0) + acl =3D posix_acl_from_xattr(&init_user_ns, xattr_value, size); + else if (size =3D=3D -ENODATA || size =3D=3D 0) + acl =3D NULL; + else + acl =3D ERR_PTR(size); + + kfree(xattr_value); + + return acl; +} + +static int __ubifs_set_acl(struct inode *inode, int type, struct posix_acl= *acl, int flags) +{ + void *xattr_value =3D NULL; + const char *xattr_name; + size_t size =3D 0; + int error; + + switch (type) { + case ACL_TYPE_ACCESS: + xattr_name =3D XATTR_NAME_POSIX_ACL_ACCESS; + break; + + case ACL_TYPE_DEFAULT: + xattr_name =3D XATTR_NAME_POSIX_ACL_DEFAULT; + if (!S_ISDIR(inode->i_mode)) + return acl ? -EACCES : 0; + break; + + default: + return -EINVAL; + } + + if (acl) { + size =3D posix_acl_xattr_size(acl->a_count); + xattr_value =3D kmalloc(size, GFP_KERNEL); + if (unlikely(!xattr_value)) + return -ENOMEM; + + error =3D posix_acl_to_xattr(&init_user_ns, acl, xattr_value, size); + if (unlikely(error < 0)) + goto out; + + error =3D ubifs_xattr_set(inode, xattr_name, xattr_value, size, flags, f= alse); + } else { + error =3D ubifs_xattr_remove(inode, xattr_name); + if (error =3D=3D -ENODATA) + return 0; + } + + if (!error) + set_cached_acl(inode, type, acl); +out: + kfree(xattr_value); + return error; +} + +static int ubifs_update_mode(struct inode *inode, umode_t mode) +{ + struct ubifs_inode *ui =3D ubifs_inode(inode); + struct ubifs_info *c =3D inode->i_sb->s_fs_info; + struct ubifs_budget_req req =3D { .dirtied_ino =3D 1, + .dirtied_ino_d =3D ALIGN(ui->data_len, 8) }; + int release; + int err; + + err =3D ubifs_budget_space(c, &req); + if (err) + return err; + + mutex_lock(&ui->ui_mutex); + release =3D ui->dirty; + inode->i_mode =3D mode; + inode_set_ctime_current(inode); + mark_inode_dirty_sync(inode); + mutex_unlock(&ui->ui_mutex); + + if (release) + ubifs_release_budget(c, &req); + if (IS_SYNC(inode)) + err =3D inode->i_sb->s_op->write_inode(inode, NULL); + + return err; +} + +int ubifs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, struct p= osix_acl *acl, int type) +{ + struct inode *inode =3D d_inode(dentry); + umode_t mode =3D inode->i_mode; + bool update_mode =3D false; + int error; + + if (type =3D=3D ACL_TYPE_ACCESS && acl) { + error =3D posix_acl_update_mode(idmap, inode, &mode, &acl); + if (unlikely(error)) + return error; + + if (inode->i_mode !=3D mode) + update_mode =3D true; + } + + error =3D __ubifs_set_acl(inode, type, acl, 0); + if (!error && update_mode) + error =3D ubifs_update_mode(inode, mode); + + return error; + +} + +/** + * ubifs_init_acl - initialize the ACLs for a new inode. + * @inode: newly created inode + * @dir: parent directory inode + * + * This function initializes ACLs, including inheriting the + * default ACLs of parent directory or modifying the default + * ACLs according to the mode parameter in open() / creat() + * system calls. + */ +int ubifs_init_acl(struct inode *inode, struct inode *dir) +{ + struct posix_acl *default_acl; + struct posix_acl *acl; + int error; + + error =3D posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); + if (unlikely(error)) + return error; + + if (default_acl) { + error =3D __ubifs_set_acl(inode, ACL_TYPE_DEFAULT, default_acl, XATTR_CR= EATE); + posix_acl_release(default_acl); + } else { + inode->i_default_acl =3D NULL; + } + + if (acl) { + if (!error) + error =3D __ubifs_set_acl(inode, ACL_TYPE_ACCESS, acl, XATTR_CREATE); + posix_acl_release(acl); + } else { + inode->i_acl =3D NULL; + } + + return error; +} diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index 1f3ea879d93a..b96c2462237a 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -2046,6 +2046,7 @@ int ubifs_xattr_set(struct inode *host, const char *n= ame, const void *value, size_t size, int flags, bool check_lock); ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf, size_t size); +int ubifs_xattr_remove(struct inode *host, const char *name); =20 #ifdef CONFIG_UBIFS_FS_XATTR extern const struct xattr_handler * const ubifs_xattr_handlers[]; @@ -2074,6 +2075,19 @@ static inline int ubifs_init_security(struct inode *= dentry, } #endif =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL +struct posix_acl *ubifs_get_inode_acl(struct inode *inode, int type, bool = rcu); +int ubifs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, struct p= osix_acl *acl, int type); +int ubifs_init_acl(struct inode *inode, struct inode *dir); + +#else /* CONFIG_UBIFS_FS_POSIX_ACL */ +#define ubifs_get_inode_acl NULL +#define ubifs_set_acl NULL +static inline int ubifs_init_acl(struct inode *inode, struct inode *dir) +{ + return 0; +} +#endif /* CONFIG_UBIFS_FS_POSIX_ACL */ =20 /* super.c */ struct inode *ubifs_iget(struct super_block *sb, unsigned long inum); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 0847db521984..87350b15f2c2 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -40,7 +40,6 @@ * in the VFS inode cache. The xentries are cached in the LNC cache (see * tnc.c). * - * ACL support is not implemented. */ =20 #include "ubifs.h" @@ -592,7 +591,7 @@ void ubifs_evict_xattr_inode(struct ubifs_info *c, ino_= t xattr_inum) } } =20 -static int ubifs_xattr_remove(struct inode *host, const char *name) +int ubifs_xattr_remove(struct inode *host, const char *name) { struct inode *inode; struct ubifs_info *c =3D host->i_sb->s_fs_info; --=20 2.34.1 From nobody Sun Feb 8 21:41:35 2026 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7645453E33; Fri, 22 Mar 2024 15:48:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.187 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122507; cv=none; b=OWemclt5LykBR9+TuC8UWq8SSWQlbuy6FZDAAvREZhgqVsj4uZbD2FwK0qyu5fm6e7qF2x6Voacjo8fBJGUIjUcMxaPMcnsnIZfiY37u/EKdm2pIUdxsfDCj9RQNNKt4zqHEVDWt6nIuFrXcNplzz7vxMdUv1bS40/Jv8hu5HSw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122507; c=relaxed/simple; bh=acFs/MQ+m3wH/w6F9F25EZh7RH06LQFjK8XjUdS9LF4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IVm27xP6bE5Yz+bjF8/Zr75Rk00YvV/ku4eZGeR/vIF51m7bLcJK6NY82d1ZSvIlzxMW54JNzCq0dyQNVGckeYUqGEfVs+NbnY4taVT6Lgtxc3vY14bmllTf5LLAbIXQj2Vnlzos+9ujpmndONMueccDy0uskUPOEJvkkUomV0A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.187 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.174]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4V1RWF35WJztQVr; Fri, 22 Mar 2024 23:46:01 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id 7663D140157; Fri, 22 Mar 2024 23:48:20 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 22 Mar 2024 23:48:19 +0800 From: Li Zetao To: , , , , CC: , , , Subject: [RFC PATCH v2 3/5] ubifs: Initialize or update ACLs for inode Date: Fri, 22 Mar 2024 23:48:10 +0800 Message-ID: <20240322154812.215369-4-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240322154812.215369-1-lizetao1@huawei.com> References: <20240322154812.215369-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" There are two scenarios where ACL needs to be updated, the first one is when creating the inode, and the second one is in the chmod process. When creating directories/files/device node/tmpfile, ACLs needs to be initialized, but symlink do not. Signed-off-by: Li Zetao --- v1 -> v2: Add initialization ACL in create_whiteout() v1: https://lore.kernel.org/all/20240319161646.2153867-3-lizetao1@huawei.co= m/ fs/ubifs/dir.c | 20 ++++++++++++++++++++ fs/ubifs/file.c | 4 ++++ 2 files changed, 24 insertions(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index eac0fef801f1..243dfb478984 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -316,6 +316,10 @@ static int ubifs_create(struct mnt_idmap *idmap, struc= t inode *dir, goto out_fname; } =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; @@ -376,6 +380,10 @@ static struct inode *create_whiteout(struct inode *dir= , struct dentry *dentry) init_special_inode(inode, inode->i_mode, WHITEOUT_DEV); ubifs_assert(c, inode->i_op =3D=3D &ubifs_file_inode_operations); =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; @@ -466,6 +474,10 @@ static int ubifs_tmpfile(struct mnt_idmap *idmap, stru= ct inode *dir, } ui =3D ubifs_inode(inode); =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; @@ -1013,6 +1025,10 @@ static int ubifs_mkdir(struct mnt_idmap *idmap, stru= ct inode *dir, goto out_fname; } =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; @@ -1108,6 +1124,10 @@ static int ubifs_mknod(struct mnt_idmap *idmap, stru= ct inode *dir, ui->data =3D dev; ui->data_len =3D devlen; =20 + err =3D ubifs_init_acl(inode, dir); + if (err) + goto out_inode; + err =3D ubifs_init_security(dir, inode, &dentry->d_name); if (err) goto out_inode; diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index a1f46919934c..808a2ded4f8c 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -41,6 +41,7 @@ #include #include #include +#include =20 static int read_block(struct inode *inode, void *addr, unsigned int block, struct ubifs_data_node *dn) @@ -1297,6 +1298,9 @@ int ubifs_setattr(struct mnt_idmap *idmap, struct den= try *dentry, else err =3D do_setattr(c, inode, attr); =20 + if (!err && (attr->ia_valid & ATTR_MODE)) + err =3D posix_acl_chmod(idmap, dentry, inode->i_mode); + return err; } =20 --=20 2.34.1 From nobody Sun Feb 8 21:41:35 2026 Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B065C53E35; Fri, 22 Mar 2024 15:48:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.191 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122508; cv=none; b=m+UMU7n1SLHgYKIS0tsTZqznQI4y/aEQ95Hre66DHCS231sxDaMENAxyGesabGWG7p27850BOzyYwLXc31FIQriicxmT4XV1bcJXj8wXl37ERtenfoA06F+LaU5gKF4oitGO5rlIHizmRo23b77iXulXNbRlgdHYkwXvVsKugHY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122508; c=relaxed/simple; bh=jAV3wG65mVIM9sN+DM5zCoOHpnvAHQ0i29dSaE4H518=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LKcZ578kJKVxOHkjETjniWDvtbHODZw/mNGqc8uIEuep0VT0Jez7hcK5J9j9HjGnvtjg3swBXHDBvmbA/Y4AVqyNgNFSSy0rvfSWR93g+FqmlMgvb5/SEEHfvF9BfrPaOzmQV7AlilOrXcHDhoA8LJ171VPnA3JoA4qhb9V/YEg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.191 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.88.234]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4V1RYR1YfSz1GClV; Fri, 22 Mar 2024 23:47:55 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id D7F271400CF; Fri, 22 Mar 2024 23:48:20 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 22 Mar 2024 23:48:20 +0800 From: Li Zetao To: , , , , CC: , , , Subject: [RFC PATCH v2 4/5] ubifs: Support accessing ACLs through inode_operations Date: Fri, 22 Mar 2024 23:48:11 +0800 Message-ID: <20240322154812.215369-5-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240322154812.215369-1-lizetao1@huawei.com> References: <20240322154812.215369-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Register the get/set interfaces to the inode operations whilch allows access to the ACL through the vfs layer. Signed-off-by: Li Zetao --- v1 -> v2: There are no changes to this patch. v1: https://lore.kernel.org/all/20240319161646.2153867-4-lizetao1@huawei.co= m/ fs/ubifs/dir.c | 2 ++ fs/ubifs/file.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 243dfb478984..145ada316a46 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1730,6 +1730,8 @@ const struct inode_operations ubifs_dir_inode_operati= ons =3D { .setattr =3D ubifs_setattr, .getattr =3D ubifs_getattr, .listxattr =3D ubifs_listxattr, + .get_inode_acl =3D ubifs_get_inode_acl, + .set_acl =3D ubifs_set_acl, .update_time =3D ubifs_update_time, .tmpfile =3D ubifs_tmpfile, .fileattr_get =3D ubifs_fileattr_get, diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index 808a2ded4f8c..ba428af0a235 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1664,6 +1664,8 @@ const struct inode_operations ubifs_file_inode_operat= ions =3D { .setattr =3D ubifs_setattr, .getattr =3D ubifs_getattr, .listxattr =3D ubifs_listxattr, + .get_inode_acl =3D ubifs_get_inode_acl, + .set_acl =3D ubifs_set_acl, .update_time =3D ubifs_update_time, .fileattr_get =3D ubifs_fileattr_get, .fileattr_set =3D ubifs_fileattr_set, --=20 2.34.1 From nobody Sun Feb 8 21:41:35 2026 Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F6F953E2E; Fri, 22 Mar 2024 15:48:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.190 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122506; cv=none; b=L82Px5+yuMqpBUvYWZYSdBUxYquSdBBortTJI9xAMSVZS2UlQmk7uFOn6YziV18QsSEWJaKzlpq0D65rkb3hAdA2O1a3bUn+2WJf8IsLhV8piw8juqYp5+orkCsF38KymgiTmMJ0K4qIo6XVHqvzA3mjzkZcHPW1JDxKm3Dp3go= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711122506; c=relaxed/simple; bh=DdDcIrubg/hyr2/B2kcB4NRchW4qrW7wa41j8k7WttI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fB3ASkDWVUNVWEohxbMeKlbs8pl2mNdEjcj3WZCOts+7q9BG6o6lpy11ZmHRJrxxOECLfddvdbdtF5jtyEa3AwnQBtwdeCJvdLOlioA3/7WgruywPjX847X40kY1TH/uqxrnOybmqSpHLyJuaZWxRFE0jjZWEheMIqrz+IgLoZA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.190 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.88.214]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4V1RWk0GKhz1xsQj; Fri, 22 Mar 2024 23:46:26 +0800 (CST) Received: from kwepemd500012.china.huawei.com (unknown [7.221.188.25]) by mail.maildlp.com (Postfix) with ESMTPS id 490B81A016C; Fri, 22 Mar 2024 23:48:21 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemd500012.china.huawei.com (7.221.188.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 22 Mar 2024 23:48:20 +0800 From: Li Zetao To: , , , , CC: , , , Subject: [RFC PATCH v2 5/5] ubifs: Introduce ACLs mount options Date: Fri, 22 Mar 2024 23:48:12 +0800 Message-ID: <20240322154812.215369-6-lizetao1@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240322154812.215369-1-lizetao1@huawei.com> References: <20240322154812.215369-1-lizetao1@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemd500012.china.huawei.com (7.221.188.25) Content-Type: text/plain; charset="utf-8" Implement the ability to enable or disable the ACLs feature through mount options. "-o acl" option means enable and "-o noacl" means disable and it is enable by default. Signed-off-by: Li Zetao --- v1 -> v2: * Remove redundant assignments to mount.acl. * Added the description of acl mount options in ubifs.rst. v1: https://lore.kernel.org/all/20240319161646.2153867-5-lizetao1@huawei.co= m/ Documentation/filesystems/ubifs.rst | 4 +++ fs/ubifs/super.c | 41 +++++++++++++++++++++++++++++ fs/ubifs/ubifs.h | 2 ++ 3 files changed, 47 insertions(+) diff --git a/Documentation/filesystems/ubifs.rst b/Documentation/filesystem= s/ubifs.rst index ced2f7679ddb..f9615104d7a3 100644 --- a/Documentation/filesystems/ubifs.rst +++ b/Documentation/filesystems/ubifs.rst @@ -105,6 +105,10 @@ auth_key=3D specify the key used for authenticating t= he filesystem. auth_hash_name=3D The hash algorithm used for authentication. Used for both hashing and for creating HMACs. Typical values include "sha256" or "sha512" +noacl This option disables POSIX Access Control List support. If ACL sup= port + is enabled in the kernel configuration (CONFIG_EXT4_FS_POSIX_ACL), ACL + is enabled by default on mount. See the acl(5) manual page for more + information about acl. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D =20 =20 diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index 291583005dd1..53ea58ab83f5 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -457,6 +457,13 @@ static int ubifs_show_options(struct seq_file *s, stru= ct dentry *root) seq_printf(s, ",assert=3D%s", ubifs_assert_action_name(c)); seq_printf(s, ",ubi=3D%d,vol=3D%d", c->vi.ubi_num, c->vi.vol_id); =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + if (c->mount_opts.acl =3D=3D 2) + seq_puts(s, ",acl"); + else if (c->mount_opts.acl =3D=3D 1) + seq_puts(s, ",noacl"); +#endif + return 0; } =20 @@ -967,6 +974,8 @@ static int check_volume_empty(struct ubifs_info *c) * Opt_assert: set ubifs_assert() action * Opt_auth_key: The key name used for authentication * Opt_auth_hash_name: The hash type used for authentication + * Opt_acl: enable posix acl + * Opt_noacl: disable posix acl * Opt_err: just end of array marker */ enum { @@ -981,6 +990,8 @@ enum { Opt_auth_key, Opt_auth_hash_name, Opt_ignore, + Opt_acl, + Opt_noacl, Opt_err, }; =20 @@ -997,6 +1008,8 @@ static const match_table_t tokens =3D { {Opt_ignore, "ubi=3D%s"}, {Opt_ignore, "vol=3D%s"}, {Opt_assert, "assert=3D%s"}, + {Opt_acl, "acl"}, + {Opt_noacl, "noacl"}, {Opt_err, NULL}, }; =20 @@ -1137,6 +1150,21 @@ static int ubifs_parse_options(struct ubifs_info *c,= char *options, break; case Opt_ignore: break; +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + case Opt_acl: + c->mount_opts.acl =3D 2; + break; + case Opt_noacl: + c->mount_opts.acl =3D 1; + break; +#else + case Opt_acl: + ubifs_err(c, "acl options not supported"); + return -EINVAL; + case Opt_noacl: + ubifs_err(c, "noacl options not supported"); + return -EINVAL; +#endif default: { unsigned long flag; @@ -2017,6 +2045,12 @@ static int ubifs_remount_fs(struct super_block *sb, = int *flags, char *data) return err; } =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + if (c->mount_opts.acl =3D=3D 1) + c->vfs_sb->s_flags &=3D ~SB_POSIXACL; + else + c->vfs_sb->s_flags |=3D SB_POSIXACL; +#endif if (c->ro_mount && !(*flags & SB_RDONLY)) { if (c->ro_error) { ubifs_msg(c, "cannot re-mount R/W due to prior errors"); @@ -2199,6 +2233,13 @@ static int ubifs_fill_super(struct super_block *sb, = void *data, int silent) if (err) goto out_close; =20 +#ifdef CONFIG_UBIFS_FS_POSIX_ACL + if (c->mount_opts.acl =3D=3D 1) + c->vfs_sb->s_flags &=3D ~SB_POSIXACL; + else + c->vfs_sb->s_flags |=3D SB_POSIXACL; +#endif + /* * UBIFS provides 'backing_dev_info' in order to disable read-ahead. For * UBIFS, I/O is not deferred, it is done immediately in read_folio, diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index b96c2462237a..731f433ded68 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -956,6 +956,7 @@ struct ubifs_orphan { * specified in @compr_type) * @compr_type: compressor type to override the superblock compressor with * (%UBIFS_COMPR_NONE, etc) + * @acl: enable/disable posix acl (%0 default, %1 disable, %2 enable) */ struct ubifs_mount_opts { unsigned int unmount_mode:2; @@ -963,6 +964,7 @@ struct ubifs_mount_opts { unsigned int chk_data_crc:2; unsigned int override_compr:1; unsigned int compr_type:2; + unsigned int acl:2; }; =20 /** --=20 2.34.1