[linux.git] / fs / afs / security.c

// SPDX-License-Identifier: GPL-2.0-or-later
/* AFS security handling
 *
 * Copyright (C) 2007, 2017 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells ([email protected])
 */

#include <linux/init.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/ctype.h>
#include <linux/sched.h>
#include <linux/hashtable.h>
#include <keys/rxrpc-type.h>
#include "internal.h"

static DEFINE_HASHTABLE(afs_permits_cache, 10);
static DEFINE_SPINLOCK(afs_permits_lock);

/*
 * get a key
 */
struct key *afs_request_key(struct afs_cell *cell)
{
	struct key *key;

	_enter("{%x}", key_serial(cell->anonymous_key));

	_debug("key %s", cell->anonymous_key->description);
	key = request_key_net(&key_type_rxrpc, cell->anonymous_key->description,
			      cell->net->net, NULL);
	if (IS_ERR(key)) {
		if (PTR_ERR(key) != -ENOKEY) {
			_leave(" = %ld", PTR_ERR(key));
			return key;
		}

		/* act as anonymous user */
		_leave(" = {%x} [anon]", key_serial(cell->anonymous_key));
		return key_get(cell->anonymous_key);
	} else {
		/* act as authorised user */
		_leave(" = {%x} [auth]", key_serial(key));
		return key;
	}
}

/*
 * Get a key when pathwalk is in rcuwalk mode.
 */
struct key *afs_request_key_rcu(struct afs_cell *cell)
{
	struct key *key;

	_enter("{%x}", key_serial(cell->anonymous_key));

	_debug("key %s", cell->anonymous_key->description);
	key = request_key_net_rcu(&key_type_rxrpc,
				  cell->anonymous_key->description,
				  cell->net->net);
	if (IS_ERR(key)) {
		if (PTR_ERR(key) != -ENOKEY) {
			_leave(" = %ld", PTR_ERR(key));
			return key;
		}

		/* act as anonymous user */
		_leave(" = {%x} [anon]", key_serial(cell->anonymous_key));
		return key_get(cell->anonymous_key);
	} else {
		/* act as authorised user */
		_leave(" = {%x} [auth]", key_serial(key));
		return key;
	}
}

/*
 * Dispose of a list of permits.
 */
static void afs_permits_rcu(struct rcu_head *rcu)
{
	struct afs_permits *permits =
		container_of(rcu, struct afs_permits, rcu);
	int i;

	for (i = 0; i < permits->nr_permits; i++)
		key_put(permits->permits[i].key);
	kfree(permits);
}

/*
 * Discard a permission cache.
 */
void afs_put_permits(struct afs_permits *permits)
{
	if (permits && refcount_dec_and_test(&permits->usage)) {
		spin_lock(&afs_permits_lock);
		hash_del_rcu(&permits->hash_node);
		spin_unlock(&afs_permits_lock);
		call_rcu(&permits->rcu, afs_permits_rcu);
	}
}

/*
 * Clear a permit cache on callback break.
 */
void afs_clear_permits(struct afs_vnode *vnode)
{
	struct afs_permits *permits;

	spin_lock(&vnode->lock);
	permits = rcu_dereference_protected(vnode->permit_cache,
					    lockdep_is_held(&vnode->lock));
	RCU_INIT_POINTER(vnode->permit_cache, NULL);
	spin_unlock(&vnode->lock);

	afs_put_permits(permits);
}

/*
 * Hash a list of permits.  Use simple addition to make it easy to add an extra
 * one at an as-yet indeterminate position in the list.
 */
static void afs_hash_permits(struct afs_permits *permits)
{
	unsigned long h = permits->nr_permits;
	int i;

	for (i = 0; i < permits->nr_permits; i++) {
		h += (unsigned long)permits->permits[i].key / sizeof(void *);
		h += permits->permits[i].access;
	}

	permits->h = h;
}

/*
 * Cache the CallerAccess result obtained from doing a fileserver operation
 * that returned a vnode status for a particular key.  If a callback break
 * occurs whilst the operation was in progress then we have to ditch the cache
 * as the ACL *may* have changed.
 */
void afs_cache_permit(struct afs_vnode *vnode, struct key *key,
		      unsigned int cb_break, struct afs_status_cb *scb)
{
	struct afs_permits *permits, *xpermits, *replacement, *zap, *new = NULL;
	afs_access_t caller_access = scb->status.caller_access;
	size_t size = 0;
	bool changed = false;
	int i, j;

	_enter("{%llx:%llu},%x,%x",
	       vnode->fid.vid, vnode->fid.vnode, key_serial(key), caller_access);

	rcu_read_lock();

	/* Check for the common case first: We got back the same access as last
	 * time we tried and already have it recorded.
	 */
	permits = rcu_dereference(vnode->permit_cache);
	if (permits) {
		if (!permits->invalidated) {
			for (i = 0; i < permits->nr_permits; i++) {
				if (permits->permits[i].key < key)
					continue;
				if (permits->permits[i].key > key)
					break;
				if (permits->permits[i].access != caller_access) {
					changed = true;
					break;
				}

				if (afs_cb_is_broken(cb_break, vnode)) {
					changed = true;
					break;
				}

				/* The cache is still good. */
				rcu_read_unlock();
				return;
			}
		}

		changed |= permits->invalidated;
		size = permits->nr_permits;

		/* If this set of permits is now wrong, clear the permits
		 * pointer so that no one tries to use the stale information.
		 */
		if (changed) {
			spin_lock(&vnode->lock);
			if (permits != rcu_access_pointer(vnode->permit_cache))
				goto someone_else_changed_it_unlock;
			RCU_INIT_POINTER(vnode->permit_cache, NULL);
			spin_unlock(&vnode->lock);

			afs_put_permits(permits);
			permits = NULL;
			size = 0;
		}
	}

	if (afs_cb_is_broken(cb_break, vnode))
		goto someone_else_changed_it;

	/* We need a ref on any permits list we want to copy as we'll have to
	 * drop the lock to do memory allocation.
	 */
	if (permits && !refcount_inc_not_zero(&permits->usage))
		goto someone_else_changed_it;

	rcu_read_unlock();

	/* Speculatively create a new list with the revised permission set.  We
	 * discard this if we find an extant match already in the hash, but
	 * it's easier to compare with memcmp this way.
	 *
	 * We fill in the key pointers at this time, but we don't get the refs
	 * yet.
	 */
	size++;
	new = kzalloc(sizeof(struct afs_permits) +
		      sizeof(struct afs_permit) * size, GFP_NOFS);
	if (!new)
		goto out_put;

	refcount_set(&new->usage, 1);
	new->nr_permits = size;
	i = j = 0;
	if (permits) {
		for (i = 0; i < permits->nr_permits; i++) {
			if (j == i && permits->permits[i].key > key) {
				new->permits[j].key = key;
				new->permits[j].access = caller_access;
				j++;
			}
			new->permits[j].key = permits->permits[i].key;
			new->permits[j].access = permits->permits[i].access;
			j++;
		}
	}

	if (j == i) {
		new->permits[j].key = key;
		new->permits[j].access = caller_access;
	}

	afs_hash_permits(new);

	/* Now see if the permit list we want is actually already available */
	spin_lock(&afs_permits_lock);

	hash_for_each_possible(afs_permits_cache, xpermits, hash_node, new->h) {
		if (xpermits->h != new->h ||
		    xpermits->invalidated ||
		    xpermits->nr_permits != new->nr_permits ||
		    memcmp(xpermits->permits, new->permits,
			   new->nr_permits * sizeof(struct afs_permit)) != 0)
			continue;

		if (refcount_inc_not_zero(&xpermits->usage)) {
			replacement = xpermits;
			goto found;
		}

		break;
	}

	for (i = 0; i < new->nr_permits; i++)
		key_get(new->permits[i].key);
	hash_add_rcu(afs_permits_cache, &new->hash_node, new->h);
	replacement = new;
	new = NULL;

found:
	spin_unlock(&afs_permits_lock);

	kfree(new);

	rcu_read_lock();
	spin_lock(&vnode->lock);
	zap = rcu_access_pointer(vnode->permit_cache);
	if (!afs_cb_is_broken(cb_break, vnode) && zap == permits)
		rcu_assign_pointer(vnode->permit_cache, replacement);
	else
		zap = replacement;
	spin_unlock(&vnode->lock);
	rcu_read_unlock();
	afs_put_permits(zap);
out_put:
	afs_put_permits(permits);
	return;

someone_else_changed_it_unlock:
	spin_unlock(&vnode->lock);
someone_else_changed_it:
	/* Someone else changed the cache under us - don't recheck at this
	 * time.
	 */
	rcu_read_unlock();
	return;
}

static bool afs_check_permit_rcu(struct afs_vnode *vnode, struct key *key,
				 afs_access_t *_access)
{
	const struct afs_permits *permits;
	int i;

	_enter("{%llx:%llu},%x",
	       vnode->fid.vid, vnode->fid.vnode, key_serial(key));

	/* check the permits to see if we've got one yet */
	if (key == vnode->volume->cell->anonymous_key) {
		*_access = vnode->status.anon_access;
		_leave(" = t [anon %x]", *_access);
		return true;
	}

	permits = rcu_dereference(vnode->permit_cache);
	if (permits) {
		for (i = 0; i < permits->nr_permits; i++) {
			if (permits->permits[i].key < key)
				continue;
			if (permits->permits[i].key > key)
				break;

			*_access = permits->permits[i].access;
			_leave(" = %u [perm %x]", !permits->invalidated, *_access);
			return !permits->invalidated;
		}
	}

	_leave(" = f");
	return false;
}

/*
 * check with the fileserver to see if the directory or parent directory is
 * permitted to be accessed with this authorisation, and if so, what access it
 * is granted
 */
int afs_check_permit(struct afs_vnode *vnode, struct key *key,
		     afs_access_t *_access)
{
	struct afs_permits *permits;
	bool valid = false;
	int i, ret;

	_enter("{%llx:%llu},%x",
	       vnode->fid.vid, vnode->fid.vnode, key_serial(key));

	/* check the permits to see if we've got one yet */
	if (key == vnode->volume->cell->anonymous_key) {
		_debug("anon");
		*_access = vnode->status.anon_access;
		valid = true;
	} else {
		rcu_read_lock();
		permits = rcu_dereference(vnode->permit_cache);
		if (permits) {
			for (i = 0; i < permits->nr_permits; i++) {
				if (permits->permits[i].key < key)
					continue;
				if (permits->permits[i].key > key)
					break;

				*_access = permits->permits[i].access;
				valid = !permits->invalidated;
				break;
			}
		}
		rcu_read_unlock();
	}

	if (!valid) {
		/* Check the status on the file we're actually interested in
		 * (the post-processing will cache the result).
		 */
		_debug("no valid permit");

		ret = afs_fetch_status(vnode, key, false, _access);
		if (ret < 0) {
			*_access = 0;
			_leave(" = %d", ret);
			return ret;
		}
	}

	_leave(" = 0 [access %x]", *_access);
	return 0;
}

/*
 * check the permissions on an AFS file
 * - AFS ACLs are attached to directories only, and a file is controlled by its
 *   parent directory's ACL
 */
int afs_permission(struct inode *inode, int mask)
{
	struct afs_vnode *vnode = AFS_FS_I(inode);
	afs_access_t access;
	struct key *key;
	int ret = 0;

	_enter("{{%llx:%llu},%lx},%x,",
	       vnode->fid.vid, vnode->fid.vnode, vnode->flags, mask);

	if (mask & MAY_NOT_BLOCK) {
		key = afs_request_key_rcu(vnode->volume->cell);
		if (IS_ERR(key))
			return -ECHILD;

		ret = -ECHILD;
		if (!afs_check_validity(vnode) ||
		    !afs_check_permit_rcu(vnode, key, &access))
			goto error;
	} else {
		key = afs_request_key(vnode->volume->cell);
		if (IS_ERR(key)) {
			_leave(" = %ld [key]", PTR_ERR(key));
			return PTR_ERR(key);
		}

		ret = afs_validate(vnode, key);
		if (ret < 0)
			goto error;

		/* check the permits to see if we've got one yet */
		ret = afs_check_permit(vnode, key, &access);
		if (ret < 0)
			goto error;
	}

	/* interpret the access mask */
	_debug("REQ %x ACC %x on %s",
	       mask, access, S_ISDIR(inode->i_mode) ? "dir" : "file");

	ret = 0;
	if (S_ISDIR(inode->i_mode)) {
		if (mask & (MAY_EXEC | MAY_READ | MAY_CHDIR)) {
			if (!(access & AFS_ACE_LOOKUP))
				goto permission_denied;
		}
		if (mask & MAY_WRITE) {
			if (!(access & (AFS_ACE_DELETE | /* rmdir, unlink, rename from */
					AFS_ACE_INSERT))) /* create, mkdir, symlink, rename to */
				goto permission_denied;
		}
	} else {
		if (!(access & AFS_ACE_LOOKUP))
			goto permission_denied;
		if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR))
			goto permission_denied;
		if (mask & (MAY_EXEC | MAY_READ)) {
			if (!(access & AFS_ACE_READ))
				goto permission_denied;
			if (!(inode->i_mode & S_IRUSR))
				goto permission_denied;
		} else if (mask & MAY_WRITE) {
			if (!(access & AFS_ACE_WRITE))
				goto permission_denied;
			if (!(inode->i_mode & S_IWUSR))
				goto permission_denied;
		}
	}

	key_put(key);
	_leave(" = %d", ret);
	return ret;

permission_denied:
	ret = -EACCES;
error:
	key_put(key);
	_leave(" = %d", ret);
	return ret;
}

void __exit afs_clean_up_permit_cache(void)
{
	int i;

	for (i = 0; i < HASH_SIZE(afs_permits_cache); i++)
		WARN_ON_ONCE(!hlist_empty(&afs_permits_cache[i]));

}
Commit	Line	Data
2874c5fd	1	// SPDX-License-Identifier: GPL-2.0-or-later
00d3b7a4 DH	2	/* AFS security handling
00d3b7a4 DH	3	*
be080a6f	4	* Copyright (C) 2007, 2017 Red Hat, Inc. All Rights Reserved.
00d3b7a4	5	* Written by David Howells ([email protected])
00d3b7a4 DH	6	*/
	7
	8	#include <linux/init.h>
	9	#include <linux/slab.h>
	10	#include <linux/fs.h>
	11	#include <linux/ctype.h>
e8edc6e0	12	#include <linux/sched.h>
be080a6f	13	#include <linux/hashtable.h>
00d3b7a4 DH	14	#include <keys/rxrpc-type.h>
	15	#include "internal.h"
	16
be080a6f DH	17	static DEFINE_HASHTABLE(afs_permits_cache, 10);
	18	static DEFINE_SPINLOCK(afs_permits_lock);
	19
00d3b7a4 DH	20	/*
	21	* get a key
	22	*/
	23	struct key afs_request_key(struct afs_cell cell)
	24	{
	25	struct key *key;
	26
	27	_enter("{%x}", key_serial(cell->anonymous_key));
	28
	29	_debug("key %s", cell->anonymous_key->description);
8b6a666a DH	30	key = request_key_net(&key_type_rxrpc, cell->anonymous_key->description,
	31	cell->net->net, NULL);
	32	if (IS_ERR(key)) {
	33	if (PTR_ERR(key) != -ENOKEY) {
	34	_leave(" = %ld", PTR_ERR(key));
	35	return key;
	36	}
	37
	38	/* act as anonymous user */
	39	_leave(" = {%x} [anon]", key_serial(cell->anonymous_key));
	40	return key_get(cell->anonymous_key);
	41	} else {
	42	/* act as authorised user */
	43	_leave(" = {%x} [auth]", key_serial(key));
	44	return key;
	45	}
	46	}
	47
	48	/*
	49	* Get a key when pathwalk is in rcuwalk mode.
	50	*/
	51	struct key afs_request_key_rcu(struct afs_cell cell)
	52	{
	53	struct key *key;
	54
	55	_enter("{%x}", key_serial(cell->anonymous_key));
	56
	57	_debug("key %s", cell->anonymous_key->description);
	58	key = request_key_net_rcu(&key_type_rxrpc,
	59	cell->anonymous_key->description,
	60	cell->net->net);
00d3b7a4 DH	61	if (IS_ERR(key)) {
	62	if (PTR_ERR(key) != -ENOKEY) {
	63	_leave(" = %ld", PTR_ERR(key));
	64	return key;
	65	}
	66
	67	/* act as anonymous user */
	68	_leave(" = {%x} [anon]", key_serial(cell->anonymous_key));
	69	return key_get(cell->anonymous_key);
	70	} else {
	71	/* act as authorised user */
	72	_leave(" = {%x} [auth]", key_serial(key));
	73	return key;
	74	}
	75	}
	76
	77	/*
be080a6f	78	* Dispose of a list of permits.
00d3b7a4	79	*/
be080a6f	80	static void afs_permits_rcu(struct rcu_head *rcu)
00d3b7a4 DH	81	{
	82	struct afs_permits *permits =
	83	container_of(rcu, struct afs_permits, rcu);
be080a6f	84	int i;
00d3b7a4	85
be080a6f DH	86	for (i = 0; i < permits->nr_permits; i++)
be080a6f DH	87	key_put(permits->permits[i].key);
00d3b7a4 DH	88	kfree(permits);
	89	}
	90
	91	/*
be080a6f	92	* Discard a permission cache.
00d3b7a4	93	*/
be080a6f	94	void afs_put_permits(struct afs_permits *permits)
00d3b7a4	95	{
be080a6f DH	96	if (permits && refcount_dec_and_test(&permits->usage)) {
	97	spin_lock(&afs_permits_lock);
	98	hash_del_rcu(&permits->hash_node);
	99	spin_unlock(&afs_permits_lock);
	100	call_rcu(&permits->rcu, afs_permits_rcu);
	101	}
00d3b7a4 DH	102	}
	103
	104	/*
be080a6f	105	* Clear a permit cache on callback break.
00d3b7a4	106	*/
be080a6f	107	void afs_clear_permits(struct afs_vnode *vnode)
00d3b7a4	108	{
be080a6f	109	struct afs_permits *permits;
00d3b7a4	110
be080a6f DH	111	spin_lock(&vnode->lock);
	112	permits = rcu_dereference_protected(vnode->permit_cache,
	113	lockdep_is_held(&vnode->lock));
	114	RCU_INIT_POINTER(vnode->permit_cache, NULL);
be080a6f	115	spin_unlock(&vnode->lock);
00d3b7a4	116
fd711586	117	afs_put_permits(permits);
00d3b7a4 DH	118	}
	119
	120	/*
be080a6f DH	121	* Hash a list of permits. Use simple addition to make it easy to add an extra
be080a6f DH	122	* one at an as-yet indeterminate position in the list.
00d3b7a4	123	*/
be080a6f	124	static void afs_hash_permits(struct afs_permits *permits)
00d3b7a4	125	{
be080a6f DH	126	unsigned long h = permits->nr_permits;
be080a6f DH	127	int i;
00d3b7a4	128
be080a6f DH	129	for (i = 0; i < permits->nr_permits; i++) {
	130	h += (unsigned long)permits->permits[i].key / sizeof(void *);
	131	h += permits->permits[i].access;
	132	}
00d3b7a4	133
be080a6f	134	permits->h = h;
00d3b7a4 DH	135	}
	136
	137	/*
be080a6f DH	138	* Cache the CallerAccess result obtained from doing a fileserver operation
	139	* that returned a vnode status for a particular key. If a callback break
	140	* occurs whilst the operation was in progress then we have to ditch the cache
	141	* as the ACL may have changed.
00d3b7a4	142	*/
be080a6f	143	void afs_cache_permit(struct afs_vnode vnode, struct key key,
a58823ac	144	unsigned int cb_break, struct afs_status_cb *scb)
00d3b7a4	145	{
1bcab125	146	struct afs_permits permits, xpermits, replacement, zap, *new = NULL;
a58823ac	147	afs_access_t caller_access = scb->status.caller_access;
be080a6f DH	148	size_t size = 0;
	149	bool changed = false;
	150	int i, j;
	151
3b6492df	152	_enter("{%llx:%llu},%x,%x",
be080a6f DH	153	vnode->fid.vid, vnode->fid.vnode, key_serial(key), caller_access);
	154
	155	rcu_read_lock();
	156
	157	/* Check for the common case first: We got back the same access as last
	158	* time we tried and already have it recorded.
	159	*/
	160	permits = rcu_dereference(vnode->permit_cache);
	161	if (permits) {
	162	if (!permits->invalidated) {
	163	for (i = 0; i < permits->nr_permits; i++) {
	164	if (permits->permits[i].key < key)
	165	continue;
	166	if (permits->permits[i].key > key)
	167	break;
	168	if (permits->permits[i].access != caller_access) {
	169	changed = true;
	170	break;
	171	}
00d3b7a4	172
20325960	173	if (afs_cb_is_broken(cb_break, vnode)) {
be080a6f DH	174	changed = true;
	175	break;
	176	}
00d3b7a4	177
be080a6f DH	178	/* The cache is still good. */
	179	rcu_read_unlock();
	180	return;
	181	}
	182	}
00d3b7a4	183
be080a6f DH	184	changed \|= permits->invalidated;
be080a6f DH	185	size = permits->nr_permits;
00d3b7a4	186
be080a6f DH	187	/* If this set of permits is now wrong, clear the permits
	188	* pointer so that no one tries to use the stale information.
	189	*/
	190	if (changed) {
	191	spin_lock(&vnode->lock);
	192	if (permits != rcu_access_pointer(vnode->permit_cache))
	193	goto someone_else_changed_it_unlock;
	194	RCU_INIT_POINTER(vnode->permit_cache, NULL);
	195	spin_unlock(&vnode->lock);
	196
	197	afs_put_permits(permits);
	198	permits = NULL;
	199	size = 0;
	200	}
00d3b7a4 DH	201	}
00d3b7a4 DH	202
20325960	203	if (afs_cb_is_broken(cb_break, vnode))
be080a6f	204	goto someone_else_changed_it;
00d3b7a4	205
be080a6f DH	206	/* We need a ref on any permits list we want to copy as we'll have to
	207	* drop the lock to do memory allocation.
	208	*/
fe342cf7	209	if (permits && !refcount_inc_not_zero(&permits->usage))
be080a6f	210	goto someone_else_changed_it;
be080a6f DH	211
	212	rcu_read_unlock();
	213
	214	/* Speculatively create a new list with the revised permission set. We
	215	* discard this if we find an extant match already in the hash, but
	216	* it's easier to compare with memcmp this way.
	217	*
	218	* We fill in the key pointers at this time, but we don't get the refs
	219	* yet.
	220	*/
	221	size++;
	222	new = kzalloc(sizeof(struct afs_permits) +
	223	sizeof(struct afs_permit) * size, GFP_NOFS);
	224	if (!new)
1bcab125	225	goto out_put;
be080a6f DH	226
	227	refcount_set(&new->usage, 1);
	228	new->nr_permits = size;
	229	i = j = 0;
	230	if (permits) {
	231	for (i = 0; i < permits->nr_permits; i++) {
	232	if (j == i && permits->permits[i].key > key) {
	233	new->permits[j].key = key;
	234	new->permits[j].access = caller_access;
	235	j++;
00d3b7a4	236	}
be080a6f DH	237	new->permits[j].key = permits->permits[i].key;
	238	new->permits[j].access = permits->permits[i].access;
	239	j++;
00d3b7a4 DH	240	}
	241	}
	242
be080a6f DH	243	if (j == i) {
	244	new->permits[j].key = key;
	245	new->permits[j].access = caller_access;
	246	}
	247
	248	afs_hash_permits(new);
	249
be080a6f DH	250	/* Now see if the permit list we want is actually already available */
	251	spin_lock(&afs_permits_lock);
	252
	253	hash_for_each_possible(afs_permits_cache, xpermits, hash_node, new->h) {
	254	if (xpermits->h != new->h \|\|
	255	xpermits->invalidated \|\|
	256	xpermits->nr_permits != new->nr_permits \|\|
	257	memcmp(xpermits->permits, new->permits,
	258	new->nr_permits * sizeof(struct afs_permit)) != 0)
	259	continue;
	260
	261	if (refcount_inc_not_zero(&xpermits->usage)) {
	262	replacement = xpermits;
	263	goto found;
	264	}
	265
	266	break;
	267	}
	268
	269	for (i = 0; i < new->nr_permits; i++)
	270	key_get(new->permits[i].key);
	271	hash_add_rcu(afs_permits_cache, &new->hash_node, new->h);
	272	replacement = new;
	273	new = NULL;
	274
	275	found:
	276	spin_unlock(&afs_permits_lock);
	277
	278	kfree(new);
	279
f642404a	280	rcu_read_lock();
be080a6f	281	spin_lock(&vnode->lock);
1bcab125	282	zap = rcu_access_pointer(vnode->permit_cache);
20325960	283	if (!afs_cb_is_broken(cb_break, vnode) && zap == permits)
1bcab125 DH	284	rcu_assign_pointer(vnode->permit_cache, replacement);
	285	else
	286	zap = replacement;
be080a6f	287	spin_unlock(&vnode->lock);
f642404a	288	rcu_read_unlock();
1bcab125 DH	289	afs_put_permits(zap);
1bcab125 DH	290	out_put:
be080a6f DH	291	afs_put_permits(permits);
	292	return;
	293
	294	someone_else_changed_it_unlock:
	295	spin_unlock(&vnode->lock);
	296	someone_else_changed_it:
	297	/* Someone else changed the cache under us - don't recheck at this
	298	* time.
	299	*/
fe342cf7	300	rcu_read_unlock();
be080a6f	301	return;
00d3b7a4 DH	302	}
00d3b7a4 DH	303
a0753c29 DH	304	static bool afs_check_permit_rcu(struct afs_vnode vnode, struct key key,
	305	afs_access_t *_access)
	306	{
	307	const struct afs_permits *permits;
	308	int i;
	309
	310	_enter("{%llx:%llu},%x",
	311	vnode->fid.vid, vnode->fid.vnode, key_serial(key));
	312
	313	/* check the permits to see if we've got one yet */
	314	if (key == vnode->volume->cell->anonymous_key) {
	315	*_access = vnode->status.anon_access;
	316	_leave(" = t [anon %x]", *_access);
	317	return true;
	318	}
	319
	320	permits = rcu_dereference(vnode->permit_cache);
	321	if (permits) {
	322	for (i = 0; i < permits->nr_permits; i++) {
	323	if (permits->permits[i].key < key)
	324	continue;
	325	if (permits->permits[i].key > key)
	326	break;
	327
	328	*_access = permits->permits[i].access;
	329	_leave(" = %u [perm %x]", !permits->invalidated, *_access);
	330	return !permits->invalidated;
	331	}
	332	}
	333
	334	_leave(" = f");
	335	return false;
	336	}
	337
00d3b7a4 DH	338	/*
	339	* check with the fileserver to see if the directory or parent directory is
	340	* permitted to be accessed with this authorisation, and if so, what access it
	341	* is granted
	342	*/
0fafdc9f DH	343	int afs_check_permit(struct afs_vnode vnode, struct key key,
0fafdc9f DH	344	afs_access_t *_access)
00d3b7a4 DH	345	{
00d3b7a4 DH	346	struct afs_permits *permits;
be080a6f DH	347	bool valid = false;
be080a6f DH	348	int i, ret;
00d3b7a4	349
3b6492df	350	_enter("{%llx:%llu},%x",
416351f2	351	vnode->fid.vid, vnode->fid.vnode, key_serial(key));
00d3b7a4	352
00d3b7a4	353	/* check the permits to see if we've got one yet */
be080a6f	354	if (key == vnode->volume->cell->anonymous_key) {
00d3b7a4	355	_debug("anon");
be080a6f	356	*_access = vnode->status.anon_access;
00d3b7a4 DH	357	valid = true;
00d3b7a4 DH	358	} else {
00d3b7a4	359	rcu_read_lock();
be080a6f	360	permits = rcu_dereference(vnode->permit_cache);
00d3b7a4	361	if (permits) {
be080a6f DH	362	for (i = 0; i < permits->nr_permits; i++) {
	363	if (permits->permits[i].key < key)
	364	continue;
	365	if (permits->permits[i].key > key)
00d3b7a4	366	break;
be080a6f DH	367
	368	*_access = permits->permits[i].access;
	369	valid = !permits->invalidated;
	370	break;
00d3b7a4 DH	371	}
	372	}
	373	rcu_read_unlock();
	374	}
	375
	376	if (!valid) {
be080a6f DH	377	/* Check the status on the file we're actually interested in
	378	* (the post-processing will cache the result).
	379	*/
00d3b7a4 DH	380	_debug("no valid permit");
00d3b7a4 DH	381
a58823ac	382	ret = afs_fetch_status(vnode, key, false, _access);
00d3b7a4	383	if (ret < 0) {
00d3b7a4 DH	384	*_access = 0;
	385	_leave(" = %d", ret);
	386	return ret;
	387	}
	388	}
	389
00d3b7a4 DH	390	_leave(" = 0 [access %x]", *_access);
	391	return 0;
	392	}
	393
	394	/*
	395	* check the permissions on an AFS file
	396	* - AFS ACLs are attached to directories only, and a file is controlled by its
	397	* parent directory's ACL
	398	*/
10556cb2	399	int afs_permission(struct inode *inode, int mask)
00d3b7a4 DH	400	{
00d3b7a4 DH	401	struct afs_vnode *vnode = AFS_FS_I(inode);
3f649ab7	402	afs_access_t access;
00d3b7a4	403	struct key *key;
a0753c29	404	int ret = 0;
b74c79e9	405
3b6492df	406	_enter("{{%llx:%llu},%lx},%x,",
260a9803	407	vnode->fid.vid, vnode->fid.vnode, vnode->flags, mask);
00d3b7a4	408
a0753c29 DH	409	if (mask & MAY_NOT_BLOCK) {
	410	key = afs_request_key_rcu(vnode->volume->cell);
	411	if (IS_ERR(key))
	412	return -ECHILD;
00d3b7a4	413
a0753c29 DH	414	ret = -ECHILD;
	415	if (!afs_check_validity(vnode) \|\|
	416	!afs_check_permit_rcu(vnode, key, &access))
	417	goto error;
	418	} else {
	419	key = afs_request_key(vnode->volume->cell);
	420	if (IS_ERR(key)) {
	421	_leave(" = %ld [key]", PTR_ERR(key));
	422	return PTR_ERR(key);
	423	}
260a9803	424
a0753c29 DH	425	ret = afs_validate(vnode, key);
	426	if (ret < 0)
	427	goto error;
	428
	429	/* check the permits to see if we've got one yet */
	430	ret = afs_check_permit(vnode, key, &access);
	431	if (ret < 0)
	432	goto error;
	433	}
00d3b7a4 DH	434
	435	/* interpret the access mask */
	436	_debug("REQ %x ACC %x on %s",
	437	mask, access, S_ISDIR(inode->i_mode) ? "dir" : "file");
	438
a0753c29	439	ret = 0;
00d3b7a4	440	if (S_ISDIR(inode->i_mode)) {
378831e4	441	if (mask & (MAY_EXEC \| MAY_READ \| MAY_CHDIR)) {
00d3b7a4 DH	442	if (!(access & AFS_ACE_LOOKUP))
00d3b7a4 DH	443	goto permission_denied;
378831e4 DH	444	}
378831e4 DH	445	if (mask & MAY_WRITE) {
00d3b7a4	446	if (!(access & (AFS_ACE_DELETE \| /* rmdir, unlink, rename from */
fd249821	447	AFS_ACE_INSERT))) /* create, mkdir, symlink, rename to */
00d3b7a4	448	goto permission_denied;
00d3b7a4 DH	449	}
	450	} else {
	451	if (!(access & AFS_ACE_LOOKUP))
	452	goto permission_denied;
627f4694 MD	453	if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR))
627f4694 MD	454	goto permission_denied;
00d3b7a4 DH	455	if (mask & (MAY_EXEC \| MAY_READ)) {
	456	if (!(access & AFS_ACE_READ))
	457	goto permission_denied;
627f4694 MD	458	if (!(inode->i_mode & S_IRUSR))
627f4694 MD	459	goto permission_denied;
00d3b7a4 DH	460	} else if (mask & MAY_WRITE) {
	461	if (!(access & AFS_ACE_WRITE))
	462	goto permission_denied;
627f4694 MD	463	if (!(inode->i_mode & S_IWUSR))
627f4694 MD	464	goto permission_denied;
00d3b7a4 DH	465	}
	466	}
	467
	468	key_put(key);
260a9803 DH	469	_leave(" = %d", ret);
260a9803 DH	470	return ret;
00d3b7a4 DH	471
00d3b7a4 DH	472	permission_denied:
260a9803 DH	473	ret = -EACCES;
260a9803 DH	474	error:
00d3b7a4	475	key_put(key);
260a9803 DH	476	_leave(" = %d", ret);
260a9803 DH	477	return ret;
00d3b7a4	478	}
be080a6f DH	479
	480	void __exit afs_clean_up_permit_cache(void)
	481	{
	482	int i;
	483
	484	for (i = 0; i < HASH_SIZE(afs_permits_cache); i++)
	485	WARN_ON_ONCE(!hlist_empty(&afs_permits_cache[i]));
	486
	487	}