From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
linux-nfs@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
Andreas Gruenbacher <agruenba@redhat.com>,
linux-cifs@vger.kernel.org, linux-api@vger.kernel.org,
Trond Myklebust <trond.myklebust@primarydata.com>,
linux-kernel@vger.kernel.org, xfs@oss.sgi.com,
Christoph Hellwig <hch@infradead.org>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-fsdevel@vger.kernel.org,
Jeff Layton <jlayton@poochiereds.net>,
linux-ext4@vger.kernel.org,
Anna Schumaker <anna.schumaker@netapp.com>
Subject: [PATCH v25 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c
Date: Tue, 16 Aug 2016 13:03:01 +0200 [thread overview]
Message-ID: <1471345383-15334-21-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1471345383-15334-1-git-send-email-agruenba@redhat.com>
By moving those functions into fs/posix_acl.c and fs/richacl.c, the
ifdefs can be moved into include/linux/posix_acl.h and
include/linux/richacl.h. This may be seen as a small improvement.
Suggested-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
fs/namei.c | 72 ++++-------------------------------------------
fs/posix_acl.c | 28 ++++++++++++++++++
fs/richacl.c | 28 ++++++++++++++++++
include/linux/posix_acl.h | 5 ++++
include/linux/richacl.h | 8 ++++++
5 files changed, 74 insertions(+), 67 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 63feb3c..3830ef1 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -258,73 +258,6 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_richacl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_RICHACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- goto no_acl;
- /* no ->get_richacl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return richacl_permission(inode, richacl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct richacl *acl;
-
- acl = get_richacl(inode);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = richacl_permission(inode, acl, mask);
- richacl_put(acl);
- return error;
- }
- }
-no_acl:
-#endif
- if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
- MAY_CHMOD | MAY_SET_TIMES)) {
- /* File permission bits cannot grant this. */
- return -EACCES;
- }
- return -EAGAIN;
-}
-
-static int check_posix_acl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_POSIX_ACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- return -EAGAIN;
- /* no ->get_acl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return posix_acl_permission(inode, posix_acl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct posix_acl *acl;
-
- acl = get_acl(inode, ACL_TYPE_ACCESS);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = posix_acl_permission(inode, acl, mask);
- posix_acl_release(acl);
- return error;
- }
- }
-#endif
-
- return -EAGAIN;
-}
-
/*
* This does the basic permission checking
*/
@@ -344,6 +277,11 @@ static int acl_permission_check(struct inode *inode, int mask)
int error = check_richacl(inode, mask);
if (error != -EAGAIN)
return error;
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
}
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index f7e1a29..6415675 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -374,6 +374,34 @@ check_perm:
return -EACCES;
}
+int check_posix_acl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_acl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return posix_acl_permission(inode, posix_acl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct posix_acl *acl;
+
+ acl = get_acl(inode, ACL_TYPE_ACCESS);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = posix_acl_permission(inode, acl, mask);
+ posix_acl_release(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Modify acl when creating a new inode. The caller must ensure the acl is
* only referenced once.
diff --git a/fs/richacl.c b/fs/richacl.c
index 1945691..ece9d0b 100644
--- a/fs/richacl.c
+++ b/fs/richacl.c
@@ -385,6 +385,34 @@ out:
}
EXPORT_SYMBOL_GPL(richacl_permission);
+int check_richacl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(),
* and richacl_compute_max_masks() iterate through the entire acl in reverse
diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
index eafb358..07225c1 100644
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -94,6 +94,7 @@ extern struct posix_acl *get_posix_acl(struct inode *, int);
extern int set_posix_acl(struct inode *, int, struct posix_acl *);
#ifdef CONFIG_FS_POSIX_ACL
+extern int check_posix_acl(struct inode *, int);
extern int posix_acl_chmod(struct inode *, umode_t);
extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **,
struct posix_acl **);
@@ -112,6 +113,10 @@ static inline void cache_no_acl(struct inode *inode)
inode->i_default_acl = NULL;
}
#else
+static inline int check_posix_acl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+
static inline int posix_acl_chmod(struct inode *inode, umode_t mode)
{
return 0;
diff --git a/include/linux/richacl.h b/include/linux/richacl.h
index 7530920..368e918 100644
--- a/include/linux/richacl.h
+++ b/include/linux/richacl.h
@@ -207,4 +207,12 @@ extern struct richacl *richacl_inherit(const struct richacl *, int);
extern struct richacl *richacl_create(umode_t *, struct inode *);
extern int set_richacl(struct inode *, struct richacl *);
+#ifdef CONFIG_FS_RICHACL
+extern int check_richacl(struct inode *, int);
+#else
+static inline int check_richacl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+#endif /* CONFIG_FS_RICHACL */
+
#endif /* __RICHACL_H */
--
2.7.4
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Subject: [PATCH v25 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c
Date: Tue, 16 Aug 2016 13:03:01 +0200 [thread overview]
Message-ID: <1471345383-15334-21-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1471345383-15334-1-git-send-email-agruenba@redhat.com>
By moving those functions into fs/posix_acl.c and fs/richacl.c, the
ifdefs can be moved into include/linux/posix_acl.h and
include/linux/richacl.h. This may be seen as a small improvement.
Suggested-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
fs/namei.c | 72 ++++-------------------------------------------
fs/posix_acl.c | 28 ++++++++++++++++++
fs/richacl.c | 28 ++++++++++++++++++
include/linux/posix_acl.h | 5 ++++
include/linux/richacl.h | 8 ++++++
5 files changed, 74 insertions(+), 67 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 63feb3c..3830ef1 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -258,73 +258,6 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_richacl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_RICHACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- goto no_acl;
- /* no ->get_richacl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return richacl_permission(inode, richacl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct richacl *acl;
-
- acl = get_richacl(inode);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = richacl_permission(inode, acl, mask);
- richacl_put(acl);
- return error;
- }
- }
-no_acl:
-#endif
- if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
- MAY_CHMOD | MAY_SET_TIMES)) {
- /* File permission bits cannot grant this. */
- return -EACCES;
- }
- return -EAGAIN;
-}
-
-static int check_posix_acl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_POSIX_ACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- return -EAGAIN;
- /* no ->get_acl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return posix_acl_permission(inode, posix_acl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct posix_acl *acl;
-
- acl = get_acl(inode, ACL_TYPE_ACCESS);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = posix_acl_permission(inode, acl, mask);
- posix_acl_release(acl);
- return error;
- }
- }
-#endif
-
- return -EAGAIN;
-}
-
/*
* This does the basic permission checking
*/
@@ -344,6 +277,11 @@ static int acl_permission_check(struct inode *inode, int mask)
int error = check_richacl(inode, mask);
if (error != -EAGAIN)
return error;
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
}
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index f7e1a29..6415675 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -374,6 +374,34 @@ check_perm:
return -EACCES;
}
+int check_posix_acl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_acl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return posix_acl_permission(inode, posix_acl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct posix_acl *acl;
+
+ acl = get_acl(inode, ACL_TYPE_ACCESS);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = posix_acl_permission(inode, acl, mask);
+ posix_acl_release(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Modify acl when creating a new inode. The caller must ensure the acl is
* only referenced once.
diff --git a/fs/richacl.c b/fs/richacl.c
index 1945691..ece9d0b 100644
--- a/fs/richacl.c
+++ b/fs/richacl.c
@@ -385,6 +385,34 @@ out:
}
EXPORT_SYMBOL_GPL(richacl_permission);
+int check_richacl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(),
* and richacl_compute_max_masks() iterate through the entire acl in reverse
diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
index eafb358..07225c1 100644
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -94,6 +94,7 @@ extern struct posix_acl *get_posix_acl(struct inode *, int);
extern int set_posix_acl(struct inode *, int, struct posix_acl *);
#ifdef CONFIG_FS_POSIX_ACL
+extern int check_posix_acl(struct inode *, int);
extern int posix_acl_chmod(struct inode *, umode_t);
extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **,
struct posix_acl **);
@@ -112,6 +113,10 @@ static inline void cache_no_acl(struct inode *inode)
inode->i_default_acl = NULL;
}
#else
+static inline int check_posix_acl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+
static inline int posix_acl_chmod(struct inode *inode, umode_t mode)
{
return 0;
diff --git a/include/linux/richacl.h b/include/linux/richacl.h
index 7530920..368e918 100644
--- a/include/linux/richacl.h
+++ b/include/linux/richacl.h
@@ -207,4 +207,12 @@ extern struct richacl *richacl_inherit(const struct richacl *, int);
extern struct richacl *richacl_create(umode_t *, struct inode *);
extern int set_richacl(struct inode *, struct richacl *);
+#ifdef CONFIG_FS_RICHACL
+extern int check_richacl(struct inode *, int);
+#else
+static inline int check_richacl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+#endif /* CONFIG_FS_RICHACL */
+
#endif /* __RICHACL_H */
--
2.7.4
next prev parent reply other threads:[~2016-08-16 11:03 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 11:02 [PATCH v25 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 08/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 09/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 10/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 11/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 12/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 13/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 14/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 15/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 16/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 17/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 18/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:03 ` [PATCH v25 19/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher [this message]
2016-08-16 11:03 ` [PATCH v25 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c Andreas Gruenbacher
2016-08-16 11:03 ` [PATCH v25 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher
2016-08-16 11:03 ` [PATCH v25 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471345383-15334-21-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=hch@infradead.org \
--cc=jlayton@poochiereds.net \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.