[PATCH 257/308] ksmbd: remove select FS_POSIX_ACL in Kconfig

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit 777cad1604d68ed4379ec899d1f7d2f6a29f01f0 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/777cad1604d6

-------------------------------

ksmbd is forcing to turn on FS_POSIX_ACL in Kconfig to use vfs acl functions(posix_acl_alloc, get_acl, set_posix_acl). OpenWRT and other platform doesn't use acl and this config is disable by default in kernel. This patch use IS_ENABLED() to know acl config is enable and use acl function if it is enable.

Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/ksmbd/smb2pdu.c | 9 ++++-- fs/ksmbd/smbacl.c | 80 ++++++++++++++++++++++++++-------------------- fs/ksmbd/vfs.c | 9 ++++++ 3 files changed, 61 insertions(+), 37 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 44f7a219c525..81a56d78fc2d 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2431,11 +2431,14 @@ static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode) fattr->cf_uid = inode->i_uid; fattr->cf_gid = inode->i_gid; fattr->cf_mode = inode->i_mode; + fattr->cf_acls = NULL; fattr->cf_dacls = NULL;

- fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS); - if (S_ISDIR(inode->i_mode)) - fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT); + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS); + if (S_ISDIR(inode->i_mode)) + fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT); + } }

/** diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 40a1e7bc9f16..7d8f9d03fb64 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -545,22 +545,29 @@ static void parse_dacl(struct smb_acl *pdacl, char *end_of_acl,

if (acl_state.users->n || acl_state.groups->n) { acl_state.mask.allow = 0x07; - fattr->cf_acls = posix_acl_alloc(acl_state.users->n + - acl_state.groups->n + 4, GFP_KERNEL); - if (fattr->cf_acls) { - cf_pace = fattr->cf_acls->a_entries; - posix_state_to_acl(&acl_state, cf_pace); + + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + fattr->cf_acls = + posix_acl_alloc(acl_state.users->n + + acl_state.groups->n + 4, GFP_KERNEL); + if (fattr->cf_acls) { + cf_pace = fattr->cf_acls->a_entries; + posix_state_to_acl(&acl_state, cf_pace); + } } }

if (default_acl_state.users->n || default_acl_state.groups->n) { default_acl_state.mask.allow = 0x07; - fattr->cf_dacls = - posix_acl_alloc(default_acl_state.users->n + - default_acl_state.groups->n + 4, GFP_KERNEL); - if (fattr->cf_dacls) { - cf_pdace = fattr->cf_dacls->a_entries; - posix_state_to_acl(&default_acl_state, cf_pdace); + + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + fattr->cf_dacls = + posix_acl_alloc(default_acl_state.users->n + + default_acl_state.groups->n + 4, GFP_KERNEL); + if (fattr->cf_dacls) { + cf_pdace = fattr->cf_dacls->a_entries; + posix_state_to_acl(&default_acl_state, cf_pdace); + } } } free_acl_state(&acl_state); @@ -1222,29 +1229,34 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path, granted = GENERIC_ALL_FLAGS; }

- posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); - if (posix_acls && !found) { - unsigned int id = -1; - - pa_entry = posix_acls->a_entries; - for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { - if (pa_entry->e_tag == ACL_USER) - id = from_kuid(&init_user_ns, pa_entry->e_uid); - else if (pa_entry->e_tag == ACL_GROUP) - id = from_kgid(&init_user_ns, pa_entry->e_gid); - else - continue; - - if (id == uid) { - mode_to_access_flags(pa_entry->e_perm, 0777, &access_bits); - if (!access_bits) - access_bits = SET_MINIMUM_RIGHTS; - goto check_access_bits; + if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { + posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); + if (posix_acls && !found) { + unsigned int id = -1; + + pa_entry = posix_acls->a_entries; + for (i = 0; i < posix_acls->a_count; i++, pa_entry++) { + if (pa_entry->e_tag == ACL_USER) + id = from_kuid(&init_user_ns, pa_entry->e_uid); + else if (pa_entry->e_tag == ACL_GROUP) + id = from_kgid(&init_user_ns, pa_entry->e_gid); + else + continue; + + if (id == uid) { + mode_to_access_flags(pa_entry->e_perm, + 0777, + &access_bits); + if (!access_bits) + access_bits = + SET_MINIMUM_RIGHTS; + goto check_access_bits; + } } } + if (posix_acls) + posix_acl_release(posix_acls); } - if (posix_acls) - posix_acl_release(posix_acls);

if (!found) { if (others_ace) { @@ -1318,9 +1330,9 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,

ksmbd_vfs_remove_acl_xattrs(path->dentry); /* Update posix acls */ - if (fattr.cf_dacls) { - rc = set_posix_acl(inode, ACL_TYPE_ACCESS, - fattr.cf_acls); + if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && fattr.cf_dacls) { + rc = set_posix_acl(inode, + ACL_TYPE_ACCESS, fattr.cf_acls); if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) rc = set_posix_acl(inode, ACL_TYPE_DEFAULT, fattr.cf_dacls); diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c index 7f6a53ddf8a1..fff5f8674ad0 100644 --- a/fs/ksmbd/vfs.c +++ b/fs/ksmbd/vfs.c @@ -1326,6 +1326,9 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct inode *inode, struct xattr_acl_entry *xa_entry; int i;

+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL)) + return NULL; + posix_acls = get_acl(inode, acl_type); if (!posix_acls) return NULL; @@ -1759,6 +1762,9 @@ int ksmbd_vfs_set_init_posix_acl(struct inode *inode) struct posix_acl *acls; int rc;

+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL)) + return -EOPNOTSUPP; + ksmbd_debug(SMB, "Set posix acls\n"); rc = init_acl_state(&acl_state, 1); if (rc) @@ -1805,6 +1811,9 @@ int ksmbd_vfs_inherit_posix_acl(struct inode *inode, struct inode *parent_inode) struct posix_acl_entry *pace; int rc, i;

+ if (!IS_ENABLED(CONFIG_FS_POSIX_ACL)) + return -EOPNOTSUPP; + acls = get_acl(parent_inode, ACL_TYPE_DEFAULT); if (!acls) return -ENOENT;