summaryrefslogtreecommitdiff
path: root/fs/ntfs3/xattr.c
AgeCommit message (Collapse)AuthorFilesLines
2024-01-29fs/ntfs3: Fix oob in ntfs_listxattrEdward Adam Davis1-0/+3
The length of name cannot exceed the space occupied by ea. Reported-and-tested-by: syzbot+65e940cfb8f99a97aca7@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-12-06fs/ntfs3: Implement super_operations::shutdownKonstantin Komarov1-0/+3
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-10-30Merge tag 'vfs-6.7.xattr' of ↵Linus Torvalds1-1/+1
gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs Pull vfs xattr updates from Christian Brauner: "The 's_xattr' field of 'struct super_block' currently requires a mutable table of 'struct xattr_handler' entries (although each handler itself is const). However, no code in vfs actually modifies the tables. This changes the type of 's_xattr' to allow const tables, and modifies existing file systems to move their tables to .rodata. This is desirable because these tables contain entries with function pointers in them; moving them to .rodata makes it considerably less likely to be modified accidentally or maliciously at runtime" * tag 'vfs-6.7.xattr' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs: (30 commits) const_structs.checkpatch: add xattr_handler net: move sockfs_xattr_handlers to .rodata shmem: move shmem_xattr_handlers to .rodata overlayfs: move xattr tables to .rodata xfs: move xfs_xattr_handlers to .rodata ubifs: move ubifs_xattr_handlers to .rodata squashfs: move squashfs_xattr_handlers to .rodata smb: move cifs_xattr_handlers to .rodata reiserfs: move reiserfs_xattr_handlers to .rodata orangefs: move orangefs_xattr_handlers to .rodata ocfs2: move ocfs2_xattr_handlers and ocfs2_xattr_handler_map to .rodata ntfs3: move ntfs_xattr_handlers to .rodata nfs: move nfs4_xattr_handlers to .rodata kernfs: move kernfs_xattr_handlers to .rodata jfs: move jfs_xattr_handlers to .rodata jffs2: move jffs2_xattr_handlers to .rodata hfsplus: move hfsplus_xattr_handlers to .rodata hfs: move hfs_xattr_handlers to .rodata gfs2: move gfs2_xattr_handlers_max to .rodata fuse: move fuse_xattr_handlers to .rodata ...
2023-10-09ntfs3: move ntfs_xattr_handlers to .rodataWedson Almeida Filho1-1/+1
This makes it harder for accidental or malicious changes to ntfs_xattr_handlers at runtime. Cc: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> Cc: ntfs3@lists.linux.dev Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com> Link: https://lore.kernel.org/r/20230930050033.41174-20-wedsonaf@gmail.com Signed-off-by: Christian Brauner <brauner@kernel.org>
2023-09-28fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea()Zeng Heng1-1/+6
Here is a BUG report about linux-6.1 from syzbot, but it still remains within upstream: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: kasan_report+0x139/0x170 mm/kasan/report.c:495 ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804 path_listxattr fs/xattr.c:828 [inline] __do_sys_llistxattr fs/xattr.c:846 [inline] Before derefering field members of `ea` in unpacked_ea_size(), we need to check whether the EA_FULL struct is located in access validate range. Similarly, when derefering `ea->name` field member, we need to check whethe the ea->name is located in access validate range, too. Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Reported-by: syzbot+9fcea5ef6dc4dc72d334@syzkaller.appspotmail.com Signed-off-by: Zeng Heng <zengheng4@huawei.com> [almaz.alexandrovich@paragon-software.com: took the ret variable out of the loop block] Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-07-24ntfs3: convert to ctime accessor functionsJeff Layton1-2/+2
In later patches, we're going to change how the inode's ctime field is used. Switch to using accessor functions instead of raw accesses of inode->i_ctime. Signed-off-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: Jan Kara <jack@suse.cz> Message-Id: <20230705190309.579783-59-jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>
2023-07-02fs/ntfs3: Code formattingKonstantin Komarov1-9/+7
clang-format-15 was used to format code according kernel's .clang-format. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-07-02fs/ntfs3: Return error for inconsistent extended attributesEdward Lo1-0/+1
ntfs_read_ea is called when we want to read extended attributes. There are some sanity checks for the validity of the EAs. However, it fails to return a proper error code for the inconsistent attributes, which might lead to unpredicted memory accesses after return. [ 138.916927] BUG: KASAN: use-after-free in ntfs_set_ea+0x453/0xbf0 [ 138.923876] Write of size 4 at addr ffff88800205cfac by task poc/199 [ 138.931132] [ 138.933016] CPU: 0 PID: 199 Comm: poc Not tainted 6.2.0-rc1+ #4 [ 138.938070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 138.947327] Call Trace: [ 138.949557] <TASK> [ 138.951539] dump_stack_lvl+0x4d/0x67 [ 138.956834] print_report+0x16f/0x4a6 [ 138.960798] ? ntfs_set_ea+0x453/0xbf0 [ 138.964437] ? kasan_complete_mode_report_info+0x7d/0x200 [ 138.969793] ? ntfs_set_ea+0x453/0xbf0 [ 138.973523] kasan_report+0xb8/0x140 [ 138.976740] ? ntfs_set_ea+0x453/0xbf0 [ 138.980578] __asan_store4+0x76/0xa0 [ 138.984669] ntfs_set_ea+0x453/0xbf0 [ 138.988115] ? __pfx_ntfs_set_ea+0x10/0x10 [ 138.993390] ? kernel_text_address+0xd3/0xe0 [ 138.998270] ? __kernel_text_address+0x16/0x50 [ 139.002121] ? unwind_get_return_address+0x3e/0x60 [ 139.005659] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 139.010177] ? arch_stack_walk+0xa2/0x100 [ 139.013657] ? filter_irq_stacks+0x27/0x80 [ 139.017018] ntfs_setxattr+0x405/0x440 [ 139.022151] ? __pfx_ntfs_setxattr+0x10/0x10 [ 139.026569] ? kvmalloc_node+0x2d/0x120 [ 139.030329] ? kasan_save_stack+0x41/0x60 [ 139.033883] ? kasan_save_stack+0x2a/0x60 [ 139.037338] ? kasan_set_track+0x29/0x40 [ 139.040163] ? kasan_save_alloc_info+0x1f/0x30 [ 139.043588] ? __kasan_kmalloc+0x8b/0xa0 [ 139.047255] ? __kmalloc_node+0x68/0x150 [ 139.051264] ? kvmalloc_node+0x2d/0x120 [ 139.055301] ? vmemdup_user+0x2b/0xa0 [ 139.058584] __vfs_setxattr+0x121/0x170 [ 139.062617] ? __pfx___vfs_setxattr+0x10/0x10 [ 139.066282] __vfs_setxattr_noperm+0x97/0x300 [ 139.070061] __vfs_setxattr_locked+0x145/0x170 [ 139.073580] vfs_setxattr+0x137/0x2a0 [ 139.076641] ? __pfx_vfs_setxattr+0x10/0x10 [ 139.080223] ? __kasan_check_write+0x18/0x20 [ 139.084234] do_setxattr+0xce/0x150 [ 139.087768] setxattr+0x126/0x140 [ 139.091250] ? __pfx_setxattr+0x10/0x10 [ 139.094948] ? __virt_addr_valid+0xcb/0x140 [ 139.097838] ? __call_rcu_common.constprop.0+0x1c7/0x330 [ 139.102688] ? debug_smp_processor_id+0x1b/0x30 [ 139.105985] ? kasan_quarantine_put+0x5b/0x190 [ 139.109980] ? putname+0x84/0xa0 [ 139.113886] ? __kasan_slab_free+0x11e/0x1b0 [ 139.117961] ? putname+0x84/0xa0 [ 139.121316] ? preempt_count_sub+0x1c/0xd0 [ 139.124427] ? __mnt_want_write+0xae/0x100 [ 139.127836] ? mnt_want_write+0x8f/0x150 [ 139.130954] path_setxattr+0x164/0x180 [ 139.133998] ? __pfx_path_setxattr+0x10/0x10 [ 139.137853] ? __pfx_ksys_pwrite64+0x10/0x10 [ 139.141299] ? debug_smp_processor_id+0x1b/0x30 [ 139.145714] ? fpregs_assert_state_consistent+0x6b/0x80 [ 139.150796] __x64_sys_setxattr+0x71/0x90 [ 139.155407] do_syscall_64+0x3f/0x90 [ 139.159035] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 139.163843] RIP: 0033:0x7f108cae4469 [ 139.166481] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088 [ 139.183764] RSP: 002b:00007fff87588388 EFLAGS: 00000286 ORIG_RAX: 00000000000000bc [ 139.190657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f108cae4469 [ 139.196586] RDX: 00007fff875883b0 RSI: 00007fff875883d1 RDI: 00007fff875883b6 [ 139.201716] RBP: 00007fff8758c530 R08: 0000000000000001 R09: 00007fff8758c618 [ 139.207940] R10: 0000000000000006 R11: 0000000000000286 R12: 00000000004004c0 [ 139.214007] R13: 00007fff8758c610 R14: 0000000000000000 R15: 0000000000000000 Signed-off-by: Edward Lo <loyuantsung@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-07-02ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()Zeng Heng1-0/+3
Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804 Fix the logic of ea_all iteration. When the ea->name_len is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop. Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Reported-by: syzbot+9fcea5ef6dc4dc72d334@syzkaller.appspotmail.com Signed-off-by: Zeng Heng <zengheng4@huawei.com> [almaz.alexandrovich@paragon-software.com: lines of the patch have changed] Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-04-29Merge tag 'ntfs3_for_6.4' of ↵Linus Torvalds1-44/+26
https://github.com/Paragon-Software-Group/linux-ntfs3 Pull ntfs3 updates from Konstantin Komarov: "New code: - add missed "nocase" in ntfs_show_options - extend information on failures/errors - small optimizations Fixes: - some logic errors - some dead code was removed - code is refactored and reformatted according to the new version of clang-format Code removal: - 'noacsrules' option. Currently, this option does not work properly, and its use leads to unstable results. If we figure out how to implement it without errors, we will add it later - writepage" * tag 'ntfs3_for_6.4' of https://github.com/Paragon-Software-Group/linux-ntfs3: (30 commits) fs/ntfs3: Fix root inode checking fs/ntfs3: Print details about mount fails fs/ntfs3: Add missed "nocase" in ntfs_show_options fs/ntfs3: Code formatting and refactoring fs/ntfs3: Changed ntfs_get_acl() to use dentry fs/ntfs3: Remove field sbi->used.bitmap.set_tail fs/ntfs3: Undo critial modificatins to keep directory consistency fs/ntfs3: Undo endian changes fs/ntfs3: Optimization in ntfs_set_state() fs/ntfs3: Fix ntfs_create_inode() fs/ntfs3: Remove noacsrules fs/ntfs3: Use bh_read to simplify code fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() fs/ntfs3: Refactoring of various minor issues fs/ntfs3: Restore overflow checking for attr size in mi_enum_attr fs/ntfs3: Check for extremely large size of $AttrDef fs/ntfs3: Improved checking of attribute's name length fs/ntfs3: Add null pointer checks fs/ntfs3: fix spelling mistake "attibute" -> "attribute" fs/ntfs3: Add length check in indx_get_root ...
2023-03-27fs/ntfs3: Code formatting and refactoringKonstantin Komarov1-2/+2
Added minor refactoring. Added and fixed some comments. In some places, the code has been reformatted to fit into 80 columns. clang-format-12 was used to format code according kernel's .clang-format. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-03-27fs/ntfs3: Changed ntfs_get_acl() to use dentryKonstantin Komarov1-17/+9
ntfs_get_acl changed to match new interface in struct inode_operations. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-03-27fs/ntfs3: Fix ntfs_create_inode()Konstantin Komarov1-8/+12
Previous variant creates an inode that requires update the parent directory (ea_packed_size). Operations in ntfs_create_inode have been rearranged so we insert new directory entry with correct ea_packed_size and new created inode does not require update it's parent directory. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-03-27fs/ntfs3: Remove noacsrulesKonstantin Komarov1-14/+0
Currently, this option does not work properly. Its use leads to unstable results. If we figure out how to implement it without errors, we will add it later. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-03-27fs/ntfs3: fix spelling mistake "attibute" -> "attribute"Yu Zhe1-1/+1
There is a spelling mistake in comment. Fix it. Signed-off-by: Yu Zhe <yuzhe@nfschina.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-03-27fs/ntfs3: Fix wrong cast in xattr.cDaniel Pinto1-2/+2
cpu_to_be32 and be32_to_cpu respectively return and receive __be32, change the cast to the correct types. Fixes the following sparse warnings: fs/ntfs3/xattr.c:811:48: sparse: sparse: incorrect type in assignment (different base types) fs/ntfs3/xattr.c:901:34: sparse: sparse: cast to restricted __be32 Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Daniel Pinto <danielpinto52@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-03-06fs: drop unused posix acl handlersChristian Brauner1-4/+0
Remove struct posix_acl_{access,default}_handler for all filesystems that don't depend on the xattr handler in their inode->i_op->listxattr() method in any way. There's nothing more to do than to simply remove the handler. It's been effectively unused ever since we introduced the new posix acl api. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2023-01-19fs: port acl to mnt_idmapChristian Brauner1-8/+6
Convert to struct mnt_idmap. Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2023-01-19fs: port xattr to mnt_idmapChristian Brauner1-1/+1
Convert to struct mnt_idmap. Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2023-01-19fs: port ->permission() to pass mnt_idmapChristian Brauner1-2/+2
Convert to struct mnt_idmap. Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2023-01-19fs: port ->set_acl() to pass mnt_idmapChristian Brauner1-3/+5
Convert to struct mnt_idmap. Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-12-21Merge tag 'ntfs3_for_6.2' of ↵Linus Torvalds1-63/+95
https://github.com/Paragon-Software-Group/linux-ntfs3 Pull ntfs3 updates from Konstantin Komarov: - added mount options 'hidedotfiles', 'nocase' and 'windows_names' - fixed xfstests (tested on x86_64): generic/083 generic/263 generic/307 generic/465 - fix some logic errors - code refactoring and dead code removal * tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3: (61 commits) fs/ntfs3: Make if more readable fs/ntfs3: Improve checking of bad clusters fs/ntfs3: Fix wrong if in hdr_first_de fs/ntfs3: Use ALIGN kernel macro fs/ntfs3: Fix incorrect if in ntfs_set_acl_ex fs/ntfs3: Check fields while reading fs/ntfs3: Correct ntfs_check_for_free_space fs/ntfs3: Restore correct state after ENOSPC in attr_data_get_block fs/ntfs3: Changing locking in ntfs_rename fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate fs/ntfs3: atomic_open implementation fs/ntfs3: Fix wrong indentations fs/ntfs3: Change new sparse cluster processing fs/ntfs3: Fixing work with sparse clusters fs/ntfs3: Simplify ntfs_update_mftmirr function fs/ntfs3: Remove unused functions fs/ntfs3: Fix sparse problems fs/ntfs3: Add ntfs_bitmap_weight_le function and refactoring fs/ntfs3: Use _le variants of bitops functions fs/ntfs3: Add functions to modify LE bitmaps ...
2022-11-14fs/ntfs3: Fix incorrect if in ntfs_set_acl_exKonstantin Komarov1-4/+3
We need to update ctime too with mode. Fixes xfstest generic/307 Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-11-14fs/ntfs3: Check fields while readingKonstantin Komarov1-38/+71
Added new functions index_hdr_check and index_buf_check. Now we check all stuff for correctness while reading from disk. Also fixed bug with stale nfs data. Reported-by: van fantasy <g1042620637@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-11-12fs/ntfs3: Add system.ntfs_attrib_be extended attributeDaniel Pinto1-6/+14
NTFS-3G provides the system.ntfs_attrib_be extended attribute, which has the same value as system.ntfs_attrib but represented in big-endian. Some utilities rely on the existence of this extended attribute. Improves compatibility with NTFS-3G by adding the system.ntfs_attrib_be extended attribute. Signed-off-by: Daniel Pinto <danielpinto52@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-10-19fs: pass dentry to set acl methodChristian Brauner1-4/+5
The current way of setting and getting posix acls through the generic xattr interface is error prone and type unsafe. The vfs needs to interpret and fixup posix acls before storing or reporting it to userspace. Various hacks exist to make this work. The code is hard to understand and difficult to maintain in it's current form. Instead of making this work by hacking posix acls through xattr handlers we are building a dedicated posix acl api around the get and set inode operations. This removes a lot of hackiness and makes the codepaths easier to maintain. A lot of background can be found in [1]. Since some filesystem rely on the dentry being available to them when setting posix acls (e.g., 9p and cifs) they cannot rely on set acl inode operation. But since ->set_acl() is required in order to use the generic posix acl xattr handlers filesystems that do not implement this inode operation cannot use the handler and need to implement their own dedicated posix acl handlers. Update the ->set_acl() inode method to take a dentry argument. This allows all filesystems to rely on ->set_acl(). As far as I can tell all codepaths can be switched to rely on the dentry instead of just the inode. Note that the original motivation for passing the dentry separate from the inode instead of just the dentry in the xattr handlers was because of security modules that call security_d_instantiate(). This hook is called during d_instantiate_new(), d_add(), __d_instantiate_anon(), and d_splice_alias() to initialize the inode's security context and possibly to set security.* xattrs. Since this only affects security.* xattrs this is completely irrelevant for posix acls. Link: https://lore.kernel.org/all/20220801145520.1532837-1-brauner@kernel.org [1] Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-09-30fs/ntfs3: Use strcmp to determine attribute typeYuan Can1-30/+14
The way of determin attribute type is just matching name with the predefined string, do this with strcmp to simplify the code. Signed-off-by: Yuan Can <yuancan@huawei.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-09-30fs/ntfs3: Harden against integer overflowsDan Carpenter1-1/+1
Smatch complains that the "add_bytes" is not to be trusted. Use size_add() to prevent an integer overflow. Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-08-31ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpersChristian Brauner1-96/+6
The xattr code in ntfs3 is currently a bit confused. For example, it defines a POSIX ACL i_op->set_acl() method but instead of relying on the generic POSIX ACL VFS helpers it defines its own set of xattr helpers with the consequence that i_op->set_acl() is currently dead code. Switch ntfs3 to rely on the VFS POSIX ACL xattr handlers. Also remove i_op->{g,s}et_acl() methods from symlink inode operations. Symlinks don't support xattrs. This is a preliminary change for the following patches which move handling idmapped mounts directly in posix_acl_xattr_set(). This survives POSIX ACL xfstests. Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org> Reviewed-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>>
2022-08-22Merge tag 'fs.idmapped.fixes.v6.0-rc3' of ↵Linus Torvalds1-9/+7
git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping Pull idmapping fixes from Christian Brauner: - Since Seth joined as co-maintainer for idmapped mounts we decided to use a shared git tree. Konstantin suggested we use vfs/idmapping.git on kernel.org under the vfs/ namespace. So this updates the tree in the maintainers file. - Ensure that POSIX ACLs checking, getting, and setting works correctly for filesystems mountable with a filesystem idmapping that want to support idmapped mounts. Since no filesystems mountable with an fs_idmapping do yet support idmapped mounts there is no problem. But this could change in the future, so add a check to refuse to create idmapped mounts when the mounter is not privileged over the mount's idmapping. - Check that caller is privileged over the idmapping that will be attached to a mount. Currently no FS_USERNS_MOUNT filesystems support idmapped mounts, thus this is not a problem as only CAP_SYS_ADMIN in init_user_ns is allowed to set up idmapped mounts. But this could change in the future, so add a check to refuse to create idmapped mounts when the mounter is not privileged over the mount's idmapping. - Fix POSIX ACLs for ntfs3. While looking at our current POSIX ACL handling in the context of some overlayfs work I went through a range of other filesystems checking how they handle them currently and encountered a few bugs in ntfs3. I've sent this some time ago and the fixes haven't been picked up even though the pull request for other ntfs3 fixes got sent after. This should really be fixed as right now POSIX ACLs are broken in certain circumstances for ntfs3. * tag 'fs.idmapped.fixes.v6.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping: ntfs: fix acl handling fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts MAINTAINERS: update idmapping tree acl: handle idmapped mounts for idmapped filesystems
2022-08-22ntfs: fix acl handlingChristian Brauner1-9/+7
While looking at our current POSIX ACL handling in the context of some overlayfs work I went through a range of other filesystems checking how they handle them currently and encountered ntfs3. The posic_acl_{from,to}_xattr() helpers always need to operate on the filesystem idmapping. Since ntfs3 can only be mounted in the initial user namespace the relevant idmapping is init_user_ns. The posix_acl_{from,to}_xattr() helpers are concerned with translating between the kernel internal struct posix_acl{_entry} and the uapi struct posix_acl_xattr_{header,entry} and the kernel internal data structure is cached filesystem wide. Additional idmappings such as the caller's idmapping or the mount's idmapping are handled higher up in the VFS. Individual filesystems usually do not need to concern themselves with these. The posix_acl_valid() helper is concerned with checking whether the values in the kernel internal struct posix_acl can be represented in the filesystem's idmapping. IOW, if they can be written to disk. So this helper too needs to take the filesystem's idmapping. Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Cc: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> Cc: ntfs3@lists.linux.dev Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-08-10fs/ntfs3: uninitialized variable in ntfs_set_acl_ex()Dan Carpenter1-1/+1
The goto out calls kfree(value) on an uninitialized pointer. Just return directly as the other error paths do. Fixes: 460bbf2990b3 ("fs/ntfs3: Do not change mode if ntfs_set_ea failed") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-08-03fs/ntfs3: Fix work with fragmented xattrKonstantin Komarov1-1/+6
In some cases xattr is too fragmented, so we need to load it before writing. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-08-03fs/ntfs3: Do not change mode if ntfs_set_ea failedKonstantin Komarov1-10/+10
ntfs_set_ea can fail with NOSPC, so we don't need to change mode in this situation. Fixes xfstest generic/449 Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2022-06-09fs/ntfs3: Use the same order for acl pointer check in ntfs_init_aclYang Xu1-3/+3
For the readability and unity of the code, adjust the order Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com> Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-11-24fs/ntfs3: In function ntfs_set_acl_ex do not change inode->i_mode if called ↵Konstantin Komarov1-6/+7
from function ntfs_init_acl ntfs_init_acl sets mode. ntfs_init_acl calls ntfs_set_acl_ex. ntfs_set_acl_ex must not change this mode. Fixes xfstest generic/444 Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Reviewed-by: Joe Perches <joe@perches.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-11-23fs/ntfs3: Optimize locking in ntfs_save_wsl_permKonstantin Komarov1-10/+14
Right now in ntfs_save_wsl_perm we lock/unlock 4 times. This commit fixes this situation. We add "locked" argument to ntfs_set_ea. Suggested-by: Kari Argillander <kari.argillander@gmail.com> Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-11-23fs/ntfs3: Update i_ctime when xattr is addedKonstantin Komarov1-0/+3
Ctime wasn't updated after setfacl command. This commit fixes xfstest generic/307 Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations") Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-11-23fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl functionsKonstantin Komarov1-1/+95
Apparently we need to maintain these functions with ntfs_get_acl_ex and ntfs_set_acl_ex. This commit fixes xfstest generic/099 Fixes: 95dd8b2c1ed0 ("fs/ntfs3: Remove unnecessary functions") Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-10-15Merge tag 'ntfs3_for_5.15' of ↵Linus Torvalds1-188/+61
git://github.com/Paragon-Software-Group/linux-ntfs3 Pull ntfs3 fixes from Konstantin Komarov: "Use the new api for mounting as requested by Christoph. Also fixed: - some memory leaks and panic - xfstests (tested on x86_64) generic/016 generic/021 generic/022 generic/041 generic/274 generic/423 - some typos, wrong returned error codes, dead code, etc" * tag 'ntfs3_for_5.15' of git://github.com/Paragon-Software-Group/linux-ntfs3: (70 commits) fs/ntfs3: Check for NULL pointers in ni_try_remove_attr_list fs/ntfs3: Refactor ntfs_read_mft fs/ntfs3: Refactor ni_parse_reparse fs/ntfs3: Refactor ntfs_create_inode fs/ntfs3: Refactor ntfs_readlink_hlp fs/ntfs3: Rework ntfs_utf16_to_nls fs/ntfs3: Fix memory leak if fill_super failed fs/ntfs3: Keep prealloc for all types of files fs/ntfs3: Remove unnecessary functions fs/ntfs3: Forbid FALLOC_FL_PUNCH_HOLE for normal files fs/ntfs3: Refactoring of ntfs_set_ea fs/ntfs3: Remove locked argument in ntfs_set_ea fs/ntfs3: Use available posix_acl_release instead of ntfs_posix_acl_release fs/ntfs3: Check for NULL if ATTR_EA_INFO is incorrect fs/ntfs3: Refactoring of ntfs_init_from_boot fs/ntfs3: Reject mount if boot's cluster size < media sector size fs/ntfs3: Refactoring lock in ntfs_init_acl fs/ntfs3: Change posix_acl_equiv_mode to posix_acl_update_mode fs/ntfs3: Pass flags to ntfs_set_ea in ntfs_set_acl_ex fs/ntfs3: Refactor ntfs_get_acl_ex for better readability ...
2021-10-05fs/ntfs3: Remove unnecessary functionsKonstantin Komarov1-94/+0
We don't need ntfs_xattr_get_acl and ntfs_xattr_set_acl. There are ntfs_get_acl_ex and ntfs_set_acl_ex. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-10-05fs/ntfs3: Refactoring of ntfs_set_eaKonstantin Komarov1-14/+17
Make code more readable. Don't try to read zero bytes. Add warning when size of exteneded attribute exceeds limit. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-10-05fs/ntfs3: Remove locked argument in ntfs_set_eaKonstantin Komarov1-15/+14
We always need to lock now, because locks became smaller (see d562e901f25d "fs/ntfs3: Move ni_lock_dir and ni_unlock into ntfs_create_inode"). Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-10-05fs/ntfs3: Use available posix_acl_release instead of ntfs_posix_acl_releaseKonstantin Komarov1-8/+2
We don't need to maintain ntfs_posix_acl_release. Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-09-24fs/ntfs3: Refactoring lock in ntfs_init_aclKonstantin Komarov1-41/+14
This is possible because of moving lock into ntfs_create_inode. Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-09-24fs/ntfs3: Change posix_acl_equiv_mode to posix_acl_update_modeKonstantin Komarov1-11/+4
Right now ntfs3 uses posix_acl_equiv_mode instead of posix_acl_update_mode like all other fs. Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-09-24fs/ntfs3: Pass flags to ntfs_set_ea in ntfs_set_acl_exKonstantin Komarov1-2/+7
In case of removing of xattr there must be XATTR_REPLACE flag and zero length. We already check XATTR_REPLACE in ntfs_set_ea, so now we pass XATTR_REPLACE to ntfs_set_ea. Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-09-24fs/ntfs3: Refactor ntfs_get_acl_ex for better readabilityKonstantin Komarov1-3/+6
We can safely move set_cached_acl because it works with NULL acl too. Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-09-21fs/ntfs3: Add sync flag to ntfs_sb_write_run and al_updateKonstantin Komarov1-1/+1
This allows to wait only when it's requested. It speeds up creation of hardlinks. Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2021-09-13fs/ntfs3: Remove unneeded header files from c filesKari Argillander1-3/+0
We have lot of unnecessary headers in these files. Remove them so that we help compiler a little bit. Signed-off-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>