[mirror_ubuntu-bionic-kernel.git] / fs / afs / security.c

/* AFS security handling
 *
 * Copyright (C) 2007, 2017 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 */

#include <linux/init.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/ctype.h>
#include <linux/sched.h>
#include <linux/hashtable.h>
#include <keys/rxrpc-type.h>
#include "internal.h"

static DEFINE_HASHTABLE(afs_permits_cache, 10);
static DEFINE_SPINLOCK(afs_permits_lock);

/*
 * get a key
 */
struct key *afs_request_key(struct afs_cell *cell)
{
	struct key *key;

	_enter("{%x}", key_serial(cell->anonymous_key));

	_debug("key %s", cell->anonymous_key->description);
	key = request_key(&key_type_rxrpc, cell->anonymous_key->description,
			  NULL);
	if (IS_ERR(key)) {
		if (PTR_ERR(key) != -ENOKEY) {
			_leave(" = %ld", PTR_ERR(key));
			return key;
		}

		/* act as anonymous user */
		_leave(" = {%x} [anon]", key_serial(cell->anonymous_key));
		return key_get(cell->anonymous_key);
	} else {
		/* act as authorised user */
		_leave(" = {%x} [auth]", key_serial(key));
		return key;
	}
}

/*
 * Dispose of a list of permits.
 */
static void afs_permits_rcu(struct rcu_head *rcu)
{
	struct afs_permits *permits =
		container_of(rcu, struct afs_permits, rcu);
	int i;

	for (i = 0; i < permits->nr_permits; i++)
		key_put(permits->permits[i].key);
	kfree(permits);
}

/*
 * Discard a permission cache.
 */
void afs_put_permits(struct afs_permits *permits)
{
	if (permits && refcount_dec_and_test(&permits->usage)) {
		spin_lock(&afs_permits_lock);
		hash_del_rcu(&permits->hash_node);
		spin_unlock(&afs_permits_lock);
		call_rcu(&permits->rcu, afs_permits_rcu);
	}
}

/*
 * Clear a permit cache on callback break.
 */
void afs_clear_permits(struct afs_vnode *vnode)
{
	struct afs_permits *permits;

	spin_lock(&vnode->lock);
	permits = rcu_dereference_protected(vnode->permit_cache,
					    lockdep_is_held(&vnode->lock));
	RCU_INIT_POINTER(vnode->permit_cache, NULL);
	vnode->cb_break++;
	spin_unlock(&vnode->lock);

	if (permits)
		afs_put_permits(permits);
}

/*
 * Hash a list of permits.  Use simple addition to make it easy to add an extra
 * one at an as-yet indeterminate position in the list.
 */
static void afs_hash_permits(struct afs_permits *permits)
{
	unsigned long h = permits->nr_permits;
	int i;

	for (i = 0; i < permits->nr_permits; i++) {
		h += (unsigned long)permits->permits[i].key / sizeof(void *);
		h += permits->permits[i].access;
	}

	permits->h = h;
}

/*
 * Cache the CallerAccess result obtained from doing a fileserver operation
 * that returned a vnode status for a particular key.  If a callback break
 * occurs whilst the operation was in progress then we have to ditch the cache
 * as the ACL *may* have changed.
 */
void afs_cache_permit(struct afs_vnode *vnode, struct key *key,
		      unsigned int cb_break)
{
	struct afs_permits *permits, *xpermits, *replacement, *zap, *new = NULL;
	afs_access_t caller_access = READ_ONCE(vnode->status.caller_access);
	size_t size = 0;
	bool changed = false;
	int i, j;

	_enter("{%x:%u},%x,%x",
	       vnode->fid.vid, vnode->fid.vnode, key_serial(key), caller_access);

	rcu_read_lock();

	/* Check for the common case first: We got back the same access as last
	 * time we tried and already have it recorded.
	 */
	permits = rcu_dereference(vnode->permit_cache);
	if (permits) {
		if (!permits->invalidated) {
			for (i = 0; i < permits->nr_permits; i++) {
				if (permits->permits[i].key < key)
					continue;
				if (permits->permits[i].key > key)
					break;
				if (permits->permits[i].access != caller_access) {
					changed = true;
					break;
				}

				if (cb_break != (vnode->cb_break +
						 vnode->cb_interest->server->cb_s_break)) {
					changed = true;
					break;
				}

				/* The cache is still good. */
				rcu_read_unlock();
				return;
			}
		}

		changed |= permits->invalidated;
		size = permits->nr_permits;

		/* If this set of permits is now wrong, clear the permits
		 * pointer so that no one tries to use the stale information.
		 */
		if (changed) {
			spin_lock(&vnode->lock);
			if (permits != rcu_access_pointer(vnode->permit_cache))
				goto someone_else_changed_it_unlock;
			RCU_INIT_POINTER(vnode->permit_cache, NULL);
			spin_unlock(&vnode->lock);

			afs_put_permits(permits);
			permits = NULL;
			size = 0;
		}
	}

	if (cb_break != (vnode->cb_break + vnode->cb_interest->server->cb_s_break)) {
		rcu_read_unlock();
		goto someone_else_changed_it;
	}

	/* We need a ref on any permits list we want to copy as we'll have to
	 * drop the lock to do memory allocation.
	 */
	if (permits && !refcount_inc_not_zero(&permits->usage)) {
		rcu_read_unlock();
		goto someone_else_changed_it;
	}

	rcu_read_unlock();

	/* Speculatively create a new list with the revised permission set.  We
	 * discard this if we find an extant match already in the hash, but
	 * it's easier to compare with memcmp this way.
	 *
	 * We fill in the key pointers at this time, but we don't get the refs
	 * yet.
	 */
	size++;
	new = kzalloc(sizeof(struct afs_permits) +
		      sizeof(struct afs_permit) * size, GFP_NOFS);
	if (!new)
		goto out_put;

	refcount_set(&new->usage, 1);
	new->nr_permits = size;
	i = j = 0;
	if (permits) {
		for (i = 0; i < permits->nr_permits; i++) {
			if (j == i && permits->permits[i].key > key) {
				new->permits[j].key = key;
				new->permits[j].access = caller_access;
				j++;
			}
			new->permits[j].key = permits->permits[i].key;
			new->permits[j].access = permits->permits[i].access;
			j++;
		}
	}

	if (j == i) {
		new->permits[j].key = key;
		new->permits[j].access = caller_access;
	}

	afs_hash_permits(new);

	/* Now see if the permit list we want is actually already available */
	spin_lock(&afs_permits_lock);

	hash_for_each_possible(afs_permits_cache, xpermits, hash_node, new->h) {
		if (xpermits->h != new->h ||
		    xpermits->invalidated ||
		    xpermits->nr_permits != new->nr_permits ||
		    memcmp(xpermits->permits, new->permits,
			   new->nr_permits * sizeof(struct afs_permit)) != 0)
			continue;

		if (refcount_inc_not_zero(&xpermits->usage)) {
			replacement = xpermits;
			goto found;
		}

		break;
	}

	for (i = 0; i < new->nr_permits; i++)
		key_get(new->permits[i].key);
	hash_add_rcu(afs_permits_cache, &new->hash_node, new->h);
	replacement = new;
	new = NULL;

found:
	spin_unlock(&afs_permits_lock);

	kfree(new);

	spin_lock(&vnode->lock);
	zap = rcu_access_pointer(vnode->permit_cache);
	if (cb_break == (vnode->cb_break + vnode->cb_interest->server->cb_s_break) &&
	    zap == permits)
		rcu_assign_pointer(vnode->permit_cache, replacement);
	else
		zap = replacement;
	spin_unlock(&vnode->lock);
	afs_put_permits(zap);
out_put:
	afs_put_permits(permits);
	return;

someone_else_changed_it_unlock:
	spin_unlock(&vnode->lock);
someone_else_changed_it:
	/* Someone else changed the cache under us - don't recheck at this
	 * time.
	 */
	return;
}

/*
 * check with the fileserver to see if the directory or parent directory is
 * permitted to be accessed with this authorisation, and if so, what access it
 * is granted
 */
int afs_check_permit(struct afs_vnode *vnode, struct key *key,
		     afs_access_t *_access)
{
	struct afs_permits *permits;
	bool valid = false;
	int i, ret;

	_enter("{%x:%u},%x",
	       vnode->fid.vid, vnode->fid.vnode, key_serial(key));

	permits = vnode->permit_cache;

	/* check the permits to see if we've got one yet */
	if (key == vnode->volume->cell->anonymous_key) {
		_debug("anon");
		*_access = vnode->status.anon_access;
		valid = true;
	} else {
		rcu_read_lock();
		permits = rcu_dereference(vnode->permit_cache);
		if (permits) {
			for (i = 0; i < permits->nr_permits; i++) {
				if (permits->permits[i].key < key)
					continue;
				if (permits->permits[i].key > key)
					break;

				*_access = permits->permits[i].access;
				valid = !permits->invalidated;
				break;
			}
		}
		rcu_read_unlock();
	}

	if (!valid) {
		/* Check the status on the file we're actually interested in
		 * (the post-processing will cache the result).
		 */
		_debug("no valid permit");

		ret = afs_fetch_status(vnode, key);
		if (ret < 0) {
			*_access = 0;
			_leave(" = %d", ret);
			return ret;
		}
		*_access = vnode->status.caller_access;
	}

	_leave(" = 0 [access %x]", *_access);
	return 0;
}

/*
 * check the permissions on an AFS file
 * - AFS ACLs are attached to directories only, and a file is controlled by its
 *   parent directory's ACL
 */
int afs_permission(struct inode *inode, int mask)
{
	struct afs_vnode *vnode = AFS_FS_I(inode);
	afs_access_t uninitialized_var(access);
	struct key *key;
	int ret;

	if (mask & MAY_NOT_BLOCK)
		return -ECHILD;

	_enter("{{%x:%u},%lx},%x,",
	       vnode->fid.vid, vnode->fid.vnode, vnode->flags, mask);

	key = afs_request_key(vnode->volume->cell);
	if (IS_ERR(key)) {
		_leave(" = %ld [key]", PTR_ERR(key));
		return PTR_ERR(key);
	}

	ret = afs_validate(vnode, key);
	if (ret < 0)
		goto error;

	/* check the permits to see if we've got one yet */
	ret = afs_check_permit(vnode, key, &access);
	if (ret < 0)
		goto error;

	/* interpret the access mask */
	_debug("REQ %x ACC %x on %s",
	       mask, access, S_ISDIR(inode->i_mode) ? "dir" : "file");

	if (S_ISDIR(inode->i_mode)) {
		if (mask & MAY_EXEC) {
			if (!(access & AFS_ACE_LOOKUP))
				goto permission_denied;
		} else if (mask & MAY_READ) {
			if (!(access & AFS_ACE_LOOKUP))
				goto permission_denied;
		} else if (mask & MAY_WRITE) {
			if (!(access & (AFS_ACE_DELETE | /* rmdir, unlink, rename from */
					AFS_ACE_INSERT))) /* create, mkdir, symlink, rename to */
				goto permission_denied;
		} else {
			BUG();
		}
	} else {
		if (!(access & AFS_ACE_LOOKUP))
			goto permission_denied;
		if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR))
			goto permission_denied;
		if (mask & (MAY_EXEC | MAY_READ)) {
			if (!(access & AFS_ACE_READ))
				goto permission_denied;
			if (!(inode->i_mode & S_IRUSR))
				goto permission_denied;
		} else if (mask & MAY_WRITE) {
			if (!(access & AFS_ACE_WRITE))
				goto permission_denied;
			if (!(inode->i_mode & S_IWUSR))
				goto permission_denied;
		}
	}

	key_put(key);
	_leave(" = %d", ret);
	return ret;

permission_denied:
	ret = -EACCES;
error:
	key_put(key);
	_leave(" = %d", ret);
	return ret;
}

void __exit afs_clean_up_permit_cache(void)
{
	int i;

	for (i = 0; i < HASH_SIZE(afs_permits_cache); i++)
		WARN_ON_ONCE(!hlist_empty(&afs_permits_cache[i]));

}
Commit	Line	Data
00d3b7a4 DH	1	/* AFS security handling
00d3b7a4 DH	2	*
be080a6f	3	* Copyright (C) 2007, 2017 Red Hat, Inc. All Rights Reserved.
00d3b7a4 DH	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public License
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the License, or (at your option) any later version.
	10	*/
	11
	12	#include <linux/init.h>
	13	#include <linux/slab.h>
	14	#include <linux/fs.h>
	15	#include <linux/ctype.h>
e8edc6e0	16	#include <linux/sched.h>
be080a6f	17	#include <linux/hashtable.h>
00d3b7a4 DH	18	#include <keys/rxrpc-type.h>
	19	#include "internal.h"
	20
be080a6f DH	21	static DEFINE_HASHTABLE(afs_permits_cache, 10);
	22	static DEFINE_SPINLOCK(afs_permits_lock);
	23
00d3b7a4 DH	24	/*
	25	* get a key
	26	*/
	27	struct key afs_request_key(struct afs_cell cell)
	28	{
	29	struct key *key;
	30
	31	_enter("{%x}", key_serial(cell->anonymous_key));
	32
	33	_debug("key %s", cell->anonymous_key->description);
	34	key = request_key(&key_type_rxrpc, cell->anonymous_key->description,
	35	NULL);
	36	if (IS_ERR(key)) {
	37	if (PTR_ERR(key) != -ENOKEY) {
	38	_leave(" = %ld", PTR_ERR(key));
	39	return key;
	40	}
	41
	42	/* act as anonymous user */
	43	_leave(" = {%x} [anon]", key_serial(cell->anonymous_key));
	44	return key_get(cell->anonymous_key);
	45	} else {
	46	/* act as authorised user */
	47	_leave(" = {%x} [auth]", key_serial(key));
	48	return key;
	49	}
	50	}
	51
	52	/*
be080a6f	53	* Dispose of a list of permits.
00d3b7a4	54	*/
be080a6f	55	static void afs_permits_rcu(struct rcu_head *rcu)
00d3b7a4 DH	56	{
	57	struct afs_permits *permits =
	58	container_of(rcu, struct afs_permits, rcu);
be080a6f	59	int i;
00d3b7a4	60
be080a6f DH	61	for (i = 0; i < permits->nr_permits; i++)
be080a6f DH	62	key_put(permits->permits[i].key);
00d3b7a4 DH	63	kfree(permits);
	64	}
	65
	66	/*
be080a6f	67	* Discard a permission cache.
00d3b7a4	68	*/
be080a6f	69	void afs_put_permits(struct afs_permits *permits)
00d3b7a4	70	{
be080a6f DH	71	if (permits && refcount_dec_and_test(&permits->usage)) {
	72	spin_lock(&afs_permits_lock);
	73	hash_del_rcu(&permits->hash_node);
	74	spin_unlock(&afs_permits_lock);
	75	call_rcu(&permits->rcu, afs_permits_rcu);
	76	}
00d3b7a4 DH	77	}
	78
	79	/*
be080a6f	80	* Clear a permit cache on callback break.
00d3b7a4	81	*/
be080a6f	82	void afs_clear_permits(struct afs_vnode *vnode)
00d3b7a4	83	{
be080a6f	84	struct afs_permits *permits;
00d3b7a4	85
be080a6f DH	86	spin_lock(&vnode->lock);
	87	permits = rcu_dereference_protected(vnode->permit_cache,
	88	lockdep_is_held(&vnode->lock));
	89	RCU_INIT_POINTER(vnode->permit_cache, NULL);
	90	vnode->cb_break++;
	91	spin_unlock(&vnode->lock);
00d3b7a4	92
be080a6f DH	93	if (permits)
be080a6f DH	94	afs_put_permits(permits);
00d3b7a4 DH	95	}
	96
	97	/*
be080a6f DH	98	* Hash a list of permits. Use simple addition to make it easy to add an extra
be080a6f DH	99	* one at an as-yet indeterminate position in the list.
00d3b7a4	100	*/
be080a6f	101	static void afs_hash_permits(struct afs_permits *permits)
00d3b7a4	102	{
be080a6f DH	103	unsigned long h = permits->nr_permits;
be080a6f DH	104	int i;
00d3b7a4	105
be080a6f DH	106	for (i = 0; i < permits->nr_permits; i++) {
	107	h += (unsigned long)permits->permits[i].key / sizeof(void *);
	108	h += permits->permits[i].access;
	109	}
00d3b7a4	110
be080a6f	111	permits->h = h;
00d3b7a4 DH	112	}
	113
	114	/*
be080a6f DH	115	* Cache the CallerAccess result obtained from doing a fileserver operation
	116	* that returned a vnode status for a particular key. If a callback break
	117	* occurs whilst the operation was in progress then we have to ditch the cache
	118	* as the ACL may have changed.
00d3b7a4	119	*/
be080a6f DH	120	void afs_cache_permit(struct afs_vnode vnode, struct key key,
be080a6f DH	121	unsigned int cb_break)
00d3b7a4	122	{
1bcab125	123	struct afs_permits permits, xpermits, replacement, zap, *new = NULL;
be080a6f DH	124	afs_access_t caller_access = READ_ONCE(vnode->status.caller_access);
	125	size_t size = 0;
	126	bool changed = false;
	127	int i, j;
	128
	129	_enter("{%x:%u},%x,%x",
	130	vnode->fid.vid, vnode->fid.vnode, key_serial(key), caller_access);
	131
	132	rcu_read_lock();
	133
	134	/* Check for the common case first: We got back the same access as last
	135	* time we tried and already have it recorded.
	136	*/
	137	permits = rcu_dereference(vnode->permit_cache);
	138	if (permits) {
	139	if (!permits->invalidated) {
	140	for (i = 0; i < permits->nr_permits; i++) {
	141	if (permits->permits[i].key < key)
	142	continue;
	143	if (permits->permits[i].key > key)
	144	break;
	145	if (permits->permits[i].access != caller_access) {
	146	changed = true;
	147	break;
	148	}
00d3b7a4	149
be080a6f DH	150	if (cb_break != (vnode->cb_break +
	151	vnode->cb_interest->server->cb_s_break)) {
	152	changed = true;
	153	break;
	154	}
00d3b7a4	155
be080a6f DH	156	/* The cache is still good. */
	157	rcu_read_unlock();
	158	return;
	159	}
	160	}
00d3b7a4	161
be080a6f DH	162	changed \|= permits->invalidated;
be080a6f DH	163	size = permits->nr_permits;
00d3b7a4	164
be080a6f DH	165	/* If this set of permits is now wrong, clear the permits
	166	* pointer so that no one tries to use the stale information.
	167	*/
	168	if (changed) {
	169	spin_lock(&vnode->lock);
	170	if (permits != rcu_access_pointer(vnode->permit_cache))
	171	goto someone_else_changed_it_unlock;
	172	RCU_INIT_POINTER(vnode->permit_cache, NULL);
	173	spin_unlock(&vnode->lock);
	174
	175	afs_put_permits(permits);
	176	permits = NULL;
	177	size = 0;
	178	}
00d3b7a4 DH	179	}
00d3b7a4 DH	180
be080a6f DH	181	if (cb_break != (vnode->cb_break + vnode->cb_interest->server->cb_s_break)) {
	182	rcu_read_unlock();
	183	goto someone_else_changed_it;
00d3b7a4 DH	184	}
00d3b7a4 DH	185
be080a6f DH	186	/* We need a ref on any permits list we want to copy as we'll have to
	187	* drop the lock to do memory allocation.
	188	*/
	189	if (permits && !refcount_inc_not_zero(&permits->usage)) {
	190	rcu_read_unlock();
	191	goto someone_else_changed_it;
	192	}
	193
	194	rcu_read_unlock();
	195
	196	/* Speculatively create a new list with the revised permission set. We
	197	* discard this if we find an extant match already in the hash, but
	198	* it's easier to compare with memcmp this way.
	199	*
	200	* We fill in the key pointers at this time, but we don't get the refs
	201	* yet.
	202	*/
	203	size++;
	204	new = kzalloc(sizeof(struct afs_permits) +
	205	sizeof(struct afs_permit) * size, GFP_NOFS);
	206	if (!new)
1bcab125	207	goto out_put;
be080a6f DH	208
	209	refcount_set(&new->usage, 1);
	210	new->nr_permits = size;
	211	i = j = 0;
	212	if (permits) {
	213	for (i = 0; i < permits->nr_permits; i++) {
	214	if (j == i && permits->permits[i].key > key) {
	215	new->permits[j].key = key;
	216	new->permits[j].access = caller_access;
	217	j++;
00d3b7a4	218	}
be080a6f DH	219	new->permits[j].key = permits->permits[i].key;
	220	new->permits[j].access = permits->permits[i].access;
	221	j++;
00d3b7a4 DH	222	}
	223	}
	224
be080a6f DH	225	if (j == i) {
	226	new->permits[j].key = key;
	227	new->permits[j].access = caller_access;
	228	}
	229
	230	afs_hash_permits(new);
	231
be080a6f DH	232	/* Now see if the permit list we want is actually already available */
	233	spin_lock(&afs_permits_lock);
	234
	235	hash_for_each_possible(afs_permits_cache, xpermits, hash_node, new->h) {
	236	if (xpermits->h != new->h \|\|
	237	xpermits->invalidated \|\|
	238	xpermits->nr_permits != new->nr_permits \|\|
	239	memcmp(xpermits->permits, new->permits,
	240	new->nr_permits * sizeof(struct afs_permit)) != 0)
	241	continue;
	242
	243	if (refcount_inc_not_zero(&xpermits->usage)) {
	244	replacement = xpermits;
	245	goto found;
	246	}
	247
	248	break;
	249	}
	250
	251	for (i = 0; i < new->nr_permits; i++)
	252	key_get(new->permits[i].key);
	253	hash_add_rcu(afs_permits_cache, &new->hash_node, new->h);
	254	replacement = new;
	255	new = NULL;
	256
	257	found:
	258	spin_unlock(&afs_permits_lock);
	259
	260	kfree(new);
	261
	262	spin_lock(&vnode->lock);
1bcab125 DH	263	zap = rcu_access_pointer(vnode->permit_cache);
	264	if (cb_break == (vnode->cb_break + vnode->cb_interest->server->cb_s_break) &&
	265	zap == permits)
	266	rcu_assign_pointer(vnode->permit_cache, replacement);
	267	else
	268	zap = replacement;
be080a6f	269	spin_unlock(&vnode->lock);
1bcab125 DH	270	afs_put_permits(zap);
1bcab125 DH	271	out_put:
be080a6f DH	272	afs_put_permits(permits);
	273	return;
	274
	275	someone_else_changed_it_unlock:
	276	spin_unlock(&vnode->lock);
	277	someone_else_changed_it:
	278	/* Someone else changed the cache under us - don't recheck at this
	279	* time.
	280	*/
	281	return;
00d3b7a4 DH	282	}
	283
	284	/*
	285	* check with the fileserver to see if the directory or parent directory is
	286	* permitted to be accessed with this authorisation, and if so, what access it
	287	* is granted
	288	*/
0fafdc9f DH	289	int afs_check_permit(struct afs_vnode vnode, struct key key,
0fafdc9f DH	290	afs_access_t *_access)
00d3b7a4 DH	291	{
00d3b7a4 DH	292	struct afs_permits *permits;
be080a6f DH	293	bool valid = false;
be080a6f DH	294	int i, ret;
00d3b7a4	295
416351f2 DH	296	_enter("{%x:%u},%x",
416351f2 DH	297	vnode->fid.vid, vnode->fid.vnode, key_serial(key));
00d3b7a4	298
be080a6f	299	permits = vnode->permit_cache;
00d3b7a4 DH	300
00d3b7a4 DH	301	/* check the permits to see if we've got one yet */
be080a6f	302	if (key == vnode->volume->cell->anonymous_key) {
00d3b7a4	303	_debug("anon");
be080a6f	304	*_access = vnode->status.anon_access;
00d3b7a4 DH	305	valid = true;
00d3b7a4 DH	306	} else {
00d3b7a4	307	rcu_read_lock();
be080a6f	308	permits = rcu_dereference(vnode->permit_cache);
00d3b7a4	309	if (permits) {
be080a6f DH	310	for (i = 0; i < permits->nr_permits; i++) {
	311	if (permits->permits[i].key < key)
	312	continue;
	313	if (permits->permits[i].key > key)
00d3b7a4	314	break;
be080a6f DH	315
	316	*_access = permits->permits[i].access;
	317	valid = !permits->invalidated;
	318	break;
00d3b7a4 DH	319	}
	320	}
	321	rcu_read_unlock();
	322	}
	323
	324	if (!valid) {
be080a6f DH	325	/* Check the status on the file we're actually interested in
	326	* (the post-processing will cache the result).
	327	*/
00d3b7a4 DH	328	_debug("no valid permit");
00d3b7a4 DH	329
d2ddc776	330	ret = afs_fetch_status(vnode, key);
00d3b7a4	331	if (ret < 0) {
00d3b7a4 DH	332	*_access = 0;
	333	_leave(" = %d", ret);
	334	return ret;
	335	}
416351f2	336	*_access = vnode->status.caller_access;
00d3b7a4 DH	337	}
00d3b7a4 DH	338
00d3b7a4 DH	339	_leave(" = 0 [access %x]", *_access);
	340	return 0;
	341	}
	342
	343	/*
	344	* check the permissions on an AFS file
	345	* - AFS ACLs are attached to directories only, and a file is controlled by its
	346	* parent directory's ACL
	347	*/
10556cb2	348	int afs_permission(struct inode *inode, int mask)
00d3b7a4 DH	349	{
00d3b7a4 DH	350	struct afs_vnode *vnode = AFS_FS_I(inode);
69759454	351	afs_access_t uninitialized_var(access);
00d3b7a4 DH	352	struct key *key;
	353	int ret;
	354
10556cb2	355	if (mask & MAY_NOT_BLOCK)
b74c79e9 NP	356	return -ECHILD;
b74c79e9 NP	357
416351f2	358	_enter("{{%x:%u},%lx},%x,",
260a9803	359	vnode->fid.vid, vnode->fid.vnode, vnode->flags, mask);
00d3b7a4 DH	360
	361	key = afs_request_key(vnode->volume->cell);
	362	if (IS_ERR(key)) {
	363	_leave(" = %ld [key]", PTR_ERR(key));
	364	return PTR_ERR(key);
	365	}
	366
c435ee34 DH	367	ret = afs_validate(vnode, key);
	368	if (ret < 0)
	369	goto error;
260a9803	370
00d3b7a4 DH	371	/* check the permits to see if we've got one yet */
00d3b7a4 DH	372	ret = afs_check_permit(vnode, key, &access);
260a9803 DH	373	if (ret < 0)
260a9803 DH	374	goto error;
00d3b7a4 DH	375
	376	/* interpret the access mask */
	377	_debug("REQ %x ACC %x on %s",
	378	mask, access, S_ISDIR(inode->i_mode) ? "dir" : "file");
	379
	380	if (S_ISDIR(inode->i_mode)) {
	381	if (mask & MAY_EXEC) {
	382	if (!(access & AFS_ACE_LOOKUP))
	383	goto permission_denied;
	384	} else if (mask & MAY_READ) {
fd249821	385	if (!(access & AFS_ACE_LOOKUP))
00d3b7a4 DH	386	goto permission_denied;
	387	} else if (mask & MAY_WRITE) {
	388	if (!(access & (AFS_ACE_DELETE \| /* rmdir, unlink, rename from */
fd249821	389	AFS_ACE_INSERT))) /* create, mkdir, symlink, rename to */
00d3b7a4 DH	390	goto permission_denied;
	391	} else {
	392	BUG();
	393	}
	394	} else {
	395	if (!(access & AFS_ACE_LOOKUP))
	396	goto permission_denied;
627f4694 MD	397	if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR))
627f4694 MD	398	goto permission_denied;
00d3b7a4 DH	399	if (mask & (MAY_EXEC \| MAY_READ)) {
	400	if (!(access & AFS_ACE_READ))
	401	goto permission_denied;
627f4694 MD	402	if (!(inode->i_mode & S_IRUSR))
627f4694 MD	403	goto permission_denied;
00d3b7a4 DH	404	} else if (mask & MAY_WRITE) {
	405	if (!(access & AFS_ACE_WRITE))
	406	goto permission_denied;
627f4694 MD	407	if (!(inode->i_mode & S_IWUSR))
627f4694 MD	408	goto permission_denied;
00d3b7a4 DH	409	}
	410	}
	411
	412	key_put(key);
260a9803 DH	413	_leave(" = %d", ret);
260a9803 DH	414	return ret;
00d3b7a4 DH	415
00d3b7a4 DH	416	permission_denied:
260a9803 DH	417	ret = -EACCES;
260a9803 DH	418	error:
00d3b7a4	419	key_put(key);
260a9803 DH	420	_leave(" = %d", ret);
260a9803 DH	421	return ret;
00d3b7a4	422	}
be080a6f DH	423
	424	void __exit afs_clean_up_permit_cache(void)
	425	{
	426	int i;
	427
	428	for (i = 0; i < HASH_SIZE(afs_permits_cache); i++)
	429	WARN_ON_ONCE(!hlist_empty(&afs_permits_cache[i]));
	430
	431	}