316 static int check_acl(struct mnt_idmap *idmap,  in check_acl()  argument
329 	        return posix_acl_permission(idmap, inode, acl, mask);  in check_acl()
336 	        int error = posix_acl_permission(idmap, inode, acl, mask);  in check_acl()
380 static int acl_permission_check(struct mnt_idmap *idmap,  in acl_permission_check()  argument
409 	vfsuid = i_uid_into_vfsuid(idmap, inode);  in acl_permission_check()
418 		int error = check_acl(idmap, inode, mask);  in acl_permission_check()
432 		vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);  in acl_permission_check()
463 int generic_permission(struct mnt_idmap *idmap, struct inode *inode,  in generic_permission()  argument
471 	ret = acl_permission_check(idmap, inode, mask);  in generic_permission()
478 			if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
481 		if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
492 		if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
501 		if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
520 static inline int do_inode_permission(struct mnt_idmap *idmap,  in do_inode_permission()  argument
525 			return inode->i_op->permission(idmap, inode, mask);  in do_inode_permission()
532 	return generic_permission(idmap, inode, mask);  in do_inode_permission()
567 int inode_permission(struct mnt_idmap *idmap,  in inode_permission()  argument
588 		if (HAS_UNMAPPED_ID(idmap, inode))  in inode_permission()
592 	retval = do_inode_permission(idmap, inode, mask);  in inode_permission()
1169 	struct mnt_idmap *idmap;  in may_follow_link()  local
1175 	idmap = mnt_idmap(nd->path.mnt);  in may_follow_link()
1176 	vfsuid = i_uid_into_vfsuid(idmap, inode);  in may_follow_link()
1210 static bool safe_hardlink_source(struct mnt_idmap *idmap,  in safe_hardlink_source()  argument
1228 	if (inode_permission(idmap, inode, MAY_READ | MAY_WRITE))  in safe_hardlink_source()
1253 int may_linkat(struct mnt_idmap *idmap, const struct path *link)  in may_linkat()  argument
1258 	if (!vfsuid_valid(i_uid_into_vfsuid(idmap, inode)) ||  in may_linkat()
1259 	    !vfsgid_valid(i_gid_into_vfsgid(idmap, inode)))  in may_linkat()
1268 	if (safe_hardlink_source(idmap, inode) ||  in may_linkat()
1269 	    inode_owner_or_capable(idmap, inode))  in may_linkat()
1303 static int may_create_in_sticky(struct mnt_idmap *idmap, struct nameidata *nd,  in may_create_in_sticky()  argument
1318 	i_vfsuid = i_uid_into_vfsuid(idmap, inode);  in may_create_in_sticky()
1815 static inline int may_lookup(struct mnt_idmap *idmap,  in may_lookup()  argument
1821 	err = inode_permission(idmap, nd->inode, mask | MAY_EXEC);  in may_lookup()
1836 	return inode_permission(idmap, nd->inode, MAY_EXEC);  in may_lookup()
2422 		struct mnt_idmap *idmap;  in link_path_walk()  local
2426 		idmap = mnt_idmap(nd->path.mnt);  in link_path_walk()
2427 		err = may_lookup(idmap, nd);  in link_path_walk()
2469 				nd->dir_vfsuid = i_uid_into_vfsuid(idmap, nd->inode);  in link_path_walk()
2823 static int lookup_one_common(struct mnt_idmap *idmap,  in lookup_one_common()  argument
2851 	return inode_permission(idmap, base->d_inode, MAY_EXEC);  in lookup_one_common()
2923 struct dentry *lookup_one(struct mnt_idmap *idmap, const char *name,  in lookup_one()  argument
2932 	err = lookup_one_common(idmap, name, base, len, &this);  in lookup_one()
2954 struct dentry *lookup_one_unlocked(struct mnt_idmap *idmap,  in lookup_one_unlocked()  argument
2962 	err = lookup_one_common(idmap, name, base, len, &this);  in lookup_one_unlocked()
2993 struct dentry *lookup_one_positive_unlocked(struct mnt_idmap *idmap,  in lookup_one_positive_unlocked()  argument
2997 	struct dentry *ret = lookup_one_unlocked(idmap, name, base, len);  in lookup_one_positive_unlocked()
3079 int __check_sticky(struct mnt_idmap *idmap, struct inode *dir,  in __check_sticky()  argument
3084 	if (vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, inode), fsuid))  in __check_sticky()
3086 	if (vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, dir), fsuid))  in __check_sticky()
3088 	return !capable_wrt_inode_uidgid(idmap, inode, CAP_FOWNER);  in __check_sticky()
3112 static int may_delete(struct mnt_idmap *idmap, struct inode *dir,  in may_delete()  argument
3125 	if (!vfsuid_valid(i_uid_into_vfsuid(idmap, inode)) ||  in may_delete()
3126 	    !vfsgid_valid(i_gid_into_vfsgid(idmap, inode)))  in may_delete()
3131 	error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);  in may_delete()
3137 	if (check_sticky(idmap, dir, inode) || IS_APPEND(inode) ||  in may_delete()
3139 	    HAS_UNMAPPED_ID(idmap, inode))  in may_delete()
3164 static inline int may_create(struct mnt_idmap *idmap,  in may_create()  argument
3172 	if (!fsuidgid_has_mapping(dir->i_sb, idmap))  in may_create()
3175 	return inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);  in may_create()
3301 static inline umode_t vfs_prepare_mode(struct mnt_idmap *idmap,  in vfs_prepare_mode()  argument
3305 	mode = mode_strip_sgid(idmap, dir, mode);  in vfs_prepare_mode()
3334 int vfs_create(struct mnt_idmap *idmap, struct inode *dir,  in vfs_create()  argument
3339 	error = may_create(idmap, dir, dentry);  in vfs_create()
3346 	mode = vfs_prepare_mode(idmap, dir, mode, S_IALLUGO, S_IFREG);  in vfs_create()
3350 	error = dir->i_op->create(idmap, dir, dentry, mode, want_excl);  in vfs_create()
3384 static int may_open(struct mnt_idmap *idmap, const struct path *path,  in may_open()  argument
3420 	error = inode_permission(idmap, inode, MAY_OPEN | acc_mode);  in may_open()
3435 	if (flag & O_NOATIME && !inode_owner_or_capable(idmap, inode))  in may_open()
3441 static int handle_truncate(struct mnt_idmap *idmap, struct file *filp)  in handle_truncate()  argument
3451 		error = do_truncate(idmap, path->dentry, 0,  in handle_truncate()
3466 static int may_o_create(struct mnt_idmap *idmap,  in may_o_create()  argument
3474 	if (!fsuidgid_has_mapping(dir->dentry->d_sb, idmap))  in may_o_create()
3477 	error = inode_permission(idmap, dir->dentry->d_inode,  in may_o_create()
3557 	struct mnt_idmap *idmap;  in lookup_open()  local
3608 	idmap = mnt_idmap(nd->path.mnt);  in lookup_open()
3612 		mode = vfs_prepare_mode(idmap, dir->d_inode, mode, mode, mode);  in lookup_open()
3614 			create_error = may_o_create(idmap, &nd->path,  in lookup_open()
3651 		error = dir_inode->i_op->create(idmap, dir_inode, dentry,  in lookup_open()
3789 	struct mnt_idmap *idmap;  in do_open()  local
3802 	idmap = mnt_idmap(nd->path.mnt);  in do_open()
3808 		error = may_create_in_sticky(idmap, nd,  in do_open()
3828 	error = may_open(idmap, &nd->path, acc_mode, open_flag);  in do_open()
3834 		error = handle_truncate(idmap, file);  in do_open()
3859 int vfs_tmpfile(struct mnt_idmap *idmap,  in vfs_tmpfile()  argument
3870 	error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);  in vfs_tmpfile()
3880 	mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);  in vfs_tmpfile()
3881 	error = dir->i_op->tmpfile(idmap, dir, file, mode);  in vfs_tmpfile()
3888 	error = may_open(idmap, &file->f_path, 0, file->f_flags);  in vfs_tmpfile()
3897 	security_inode_post_create_tmpfile(idmap, inode);  in vfs_tmpfile()
3913 struct file *kernel_tmpfile_open(struct mnt_idmap *idmap,  in kernel_tmpfile_open()  argument
3925 	error = vfs_tmpfile(idmap, parentpath, file, mode);  in kernel_tmpfile_open()
4166 int vfs_mknod(struct mnt_idmap *idmap, struct inode *dir,  in vfs_mknod()  argument
4170 	int error = may_create(idmap, dir, dentry);  in vfs_mknod()
4182 	mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);  in vfs_mknod()
4191 	error = dir->i_op->mknod(idmap, dir, dentry, mode, dev);  in vfs_mknod()
4218 	struct mnt_idmap *idmap;  in do_mknodat()  local
4238 	idmap = mnt_idmap(path.mnt);  in do_mknodat()
4241 			error = vfs_create(idmap, path.dentry->d_inode,  in do_mknodat()
4244 				security_path_post_mknod(idmap, dentry);  in do_mknodat()
4247 			error = vfs_mknod(idmap, path.dentry->d_inode,  in do_mknodat()
4251 			error = vfs_mknod(idmap, path.dentry->d_inode,  in do_mknodat()
4292 int vfs_mkdir(struct mnt_idmap *idmap, struct inode *dir,  in vfs_mkdir()  argument
4298 	error = may_create(idmap, dir, dentry);  in vfs_mkdir()
4305 	mode = vfs_prepare_mode(idmap, dir, mode, S_IRWXUGO | S_ISVTX, 0);  in vfs_mkdir()
4313 	error = dir->i_op->mkdir(idmap, dir, dentry, mode);  in vfs_mkdir()
4373 int vfs_rmdir(struct mnt_idmap *idmap, struct inode *dir,  in vfs_rmdir()  argument
4376 	int error = may_delete(idmap, dir, dentry, 1);  in vfs_rmdir()
4502 int vfs_unlink(struct mnt_idmap *idmap, struct inode *dir,  in vfs_unlink()  argument
4506 	int error = may_delete(idmap, dir, dentry, 0);  in vfs_unlink()
4655 int vfs_symlink(struct mnt_idmap *idmap, struct inode *dir,  in vfs_symlink()  argument
4660 	error = may_create(idmap, dir, dentry);  in vfs_symlink()
4671 	error = dir->i_op->symlink(idmap, dir, dentry, oldname);  in vfs_symlink()
4747 int vfs_link(struct dentry *old_dentry, struct mnt_idmap *idmap,  in vfs_link()  argument
4758 	error = may_create(idmap, dir, new_dentry);  in vfs_link()
4775 	if (HAS_UNMAPPED_ID(idmap, inode))  in vfs_link()
4822 	struct mnt_idmap *idmap;  in do_linkat()  local
4858 	idmap = mnt_idmap(new_path.mnt);  in do_linkat()
4859 	error = may_linkat(idmap, &old_path);  in do_linkat()
4865 	error = vfs_link(old_path.dentry, idmap, new_path.dentry->d_inode,  in do_linkat()