From: Andreas Gruenbacher <agruenba@redhat.com> To: Alexander Viro <viro@zeniv.linux.org.uk> Cc: "J. Bruce Fields" <bfields@fieldses.org>, linux-nfs@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>, Andreas Gruenbacher <agruenba@redhat.com>, linux-cifs@vger.kernel.org, linux-api@vger.kernel.org, Trond Myklebust <trond.myklebust@primarydata.com>, linux-kernel@vger.kernel.org, xfs@oss.sgi.com, Christoph Hellwig <hch@infradead.org>, Andreas Dilger <adilger.kernel@dilger.ca>, linux-fsdevel@vger.kernel.org, Jeff Layton <jlayton@poochiereds.net>, linux-ext4@vger.kernel.org, Anna Schumaker <anna.schumaker@netapp.com> Subject: [PATCH v25 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c Date: Tue, 16 Aug 2016 13:03:01 +0200 [thread overview] Message-ID: <1471345383-15334-21-git-send-email-agruenba@redhat.com> (raw) In-Reply-To: <1471345383-15334-1-git-send-email-agruenba@redhat.com> By moving those functions into fs/posix_acl.c and fs/richacl.c, the ifdefs can be moved into include/linux/posix_acl.h and include/linux/richacl.h. This may be seen as a small improvement. Suggested-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> --- fs/namei.c | 72 ++++------------------------------------------- fs/posix_acl.c | 28 ++++++++++++++++++ fs/richacl.c | 28 ++++++++++++++++++ include/linux/posix_acl.h | 5 ++++ include/linux/richacl.h | 8 ++++++ 5 files changed, 74 insertions(+), 67 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 63feb3c..3830ef1 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -258,73 +258,6 @@ void putname(struct filename *name) __putname(name); } -static int check_richacl(struct inode *inode, int mask) -{ -#ifdef CONFIG_FS_RICHACL - if (mask & MAY_NOT_BLOCK) { - struct base_acl *base_acl; - - base_acl = rcu_dereference(inode->i_acl); - if (!base_acl) - goto no_acl; - /* no ->get_richacl() calls in RCU mode... */ - if (is_uncached_acl(base_acl)) - return -ECHILD; - return richacl_permission(inode, richacl(base_acl), - mask & ~MAY_NOT_BLOCK); - } else { - struct richacl *acl; - - acl = get_richacl(inode); - if (IS_ERR(acl)) - return PTR_ERR(acl); - if (acl) { - int error = richacl_permission(inode, acl, mask); - richacl_put(acl); - return error; - } - } -no_acl: -#endif - if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP | - MAY_CHMOD | MAY_SET_TIMES)) { - /* File permission bits cannot grant this. */ - return -EACCES; - } - return -EAGAIN; -} - -static int check_posix_acl(struct inode *inode, int mask) -{ -#ifdef CONFIG_FS_POSIX_ACL - if (mask & MAY_NOT_BLOCK) { - struct base_acl *base_acl; - - base_acl = rcu_dereference(inode->i_acl); - if (!base_acl) - return -EAGAIN; - /* no ->get_acl() calls in RCU mode... */ - if (is_uncached_acl(base_acl)) - return -ECHILD; - return posix_acl_permission(inode, posix_acl(base_acl), - mask & ~MAY_NOT_BLOCK); - } else { - struct posix_acl *acl; - - acl = get_acl(inode, ACL_TYPE_ACCESS); - if (IS_ERR(acl)) - return PTR_ERR(acl); - if (acl) { - int error = posix_acl_permission(inode, acl, mask); - posix_acl_release(acl); - return error; - } - } -#endif - - return -EAGAIN; -} - /* * This does the basic permission checking */ @@ -344,6 +277,11 @@ static int acl_permission_check(struct inode *inode, int mask) int error = check_richacl(inode, mask); if (error != -EAGAIN) return error; + if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP | + MAY_CHMOD | MAY_SET_TIMES)) { + /* File permission bits cannot grant this. */ + return -EACCES; + } } if (likely(uid_eq(current_fsuid(), inode->i_uid))) mode >>= 6; diff --git a/fs/posix_acl.c b/fs/posix_acl.c index f7e1a29..6415675 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -374,6 +374,34 @@ check_perm: return -EACCES; } +int check_posix_acl(struct inode *inode, int mask) +{ + if (mask & MAY_NOT_BLOCK) { + struct base_acl *base_acl; + + base_acl = rcu_dereference(inode->i_acl); + if (!base_acl) + return -EAGAIN; + /* no ->get_acl() calls in RCU mode... */ + if (is_uncached_acl(base_acl)) + return -ECHILD; + return posix_acl_permission(inode, posix_acl(base_acl), + mask & ~MAY_NOT_BLOCK); + } else { + struct posix_acl *acl; + + acl = get_acl(inode, ACL_TYPE_ACCESS); + if (IS_ERR(acl)) + return PTR_ERR(acl); + if (acl) { + int error = posix_acl_permission(inode, acl, mask); + posix_acl_release(acl); + return error; + } + } + return -EAGAIN; +} + /* * Modify acl when creating a new inode. The caller must ensure the acl is * only referenced once. diff --git a/fs/richacl.c b/fs/richacl.c index 1945691..ece9d0b 100644 --- a/fs/richacl.c +++ b/fs/richacl.c @@ -385,6 +385,34 @@ out: } EXPORT_SYMBOL_GPL(richacl_permission); +int check_richacl(struct inode *inode, int mask) +{ + if (mask & MAY_NOT_BLOCK) { + struct base_acl *base_acl; + + base_acl = rcu_dereference(inode->i_acl); + if (!base_acl) + return -EAGAIN; + /* no ->get_richacl() calls in RCU mode... */ + if (is_uncached_acl(base_acl)) + return -ECHILD; + return richacl_permission(inode, richacl(base_acl), + mask & ~MAY_NOT_BLOCK); + } else { + struct richacl *acl; + + acl = get_richacl(inode); + if (IS_ERR(acl)) + return PTR_ERR(acl); + if (acl) { + int error = richacl_permission(inode, acl, mask); + richacl_put(acl); + return error; + } + } + return -EAGAIN; +} + /* * Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(), * and richacl_compute_max_masks() iterate through the entire acl in reverse diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h index eafb358..07225c1 100644 --- a/include/linux/posix_acl.h +++ b/include/linux/posix_acl.h @@ -94,6 +94,7 @@ extern struct posix_acl *get_posix_acl(struct inode *, int); extern int set_posix_acl(struct inode *, int, struct posix_acl *); #ifdef CONFIG_FS_POSIX_ACL +extern int check_posix_acl(struct inode *, int); extern int posix_acl_chmod(struct inode *, umode_t); extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **, struct posix_acl **); @@ -112,6 +113,10 @@ static inline void cache_no_acl(struct inode *inode) inode->i_default_acl = NULL; } #else +static inline int check_posix_acl(struct inode *inode, int mask) { + return -EAGAIN; +} + static inline int posix_acl_chmod(struct inode *inode, umode_t mode) { return 0; diff --git a/include/linux/richacl.h b/include/linux/richacl.h index 7530920..368e918 100644 --- a/include/linux/richacl.h +++ b/include/linux/richacl.h @@ -207,4 +207,12 @@ extern struct richacl *richacl_inherit(const struct richacl *, int); extern struct richacl *richacl_create(umode_t *, struct inode *); extern int set_richacl(struct inode *, struct richacl *); +#ifdef CONFIG_FS_RICHACL +extern int check_richacl(struct inode *, int); +#else +static inline int check_richacl(struct inode *inode, int mask) { + return -EAGAIN; +} +#endif /* CONFIG_FS_RICHACL */ + #endif /* __RICHACL_H */ -- 2.7.4 _______________________________________________ xfs mailing list xfs@oss.sgi.com http://oss.sgi.com/mailman/listinfo/xfs
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <agruenba@redhat.com> To: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Andreas Gruenbacher <agruenba@redhat.com>, Christoph Hellwig <hch@infradead.org>, "Theodore Ts'o" <tytso@mit.edu>, Andreas Dilger <adilger.kernel@dilger.ca>, "J. Bruce Fields" <bfields@fieldses.org>, Jeff Layton <jlayton@poochiereds.net>, Trond Myklebust <trond.myklebust@primarydata.com>, Anna Schumaker <anna.schumaker@netapp.com>, Dave Chinner <david@fromorbit.com>, linux-ext4@vger.kernel.org, xfs@oss.sgi.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-api@vger.kernel.org Subject: [PATCH v25 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c Date: Tue, 16 Aug 2016 13:03:01 +0200 [thread overview] Message-ID: <1471345383-15334-21-git-send-email-agruenba@redhat.com> (raw) In-Reply-To: <1471345383-15334-1-git-send-email-agruenba@redhat.com> By moving those functions into fs/posix_acl.c and fs/richacl.c, the ifdefs can be moved into include/linux/posix_acl.h and include/linux/richacl.h. This may be seen as a small improvement. Suggested-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> --- fs/namei.c | 72 ++++------------------------------------------- fs/posix_acl.c | 28 ++++++++++++++++++ fs/richacl.c | 28 ++++++++++++++++++ include/linux/posix_acl.h | 5 ++++ include/linux/richacl.h | 8 ++++++ 5 files changed, 74 insertions(+), 67 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 63feb3c..3830ef1 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -258,73 +258,6 @@ void putname(struct filename *name) __putname(name); } -static int check_richacl(struct inode *inode, int mask) -{ -#ifdef CONFIG_FS_RICHACL - if (mask & MAY_NOT_BLOCK) { - struct base_acl *base_acl; - - base_acl = rcu_dereference(inode->i_acl); - if (!base_acl) - goto no_acl; - /* no ->get_richacl() calls in RCU mode... */ - if (is_uncached_acl(base_acl)) - return -ECHILD; - return richacl_permission(inode, richacl(base_acl), - mask & ~MAY_NOT_BLOCK); - } else { - struct richacl *acl; - - acl = get_richacl(inode); - if (IS_ERR(acl)) - return PTR_ERR(acl); - if (acl) { - int error = richacl_permission(inode, acl, mask); - richacl_put(acl); - return error; - } - } -no_acl: -#endif - if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP | - MAY_CHMOD | MAY_SET_TIMES)) { - /* File permission bits cannot grant this. */ - return -EACCES; - } - return -EAGAIN; -} - -static int check_posix_acl(struct inode *inode, int mask) -{ -#ifdef CONFIG_FS_POSIX_ACL - if (mask & MAY_NOT_BLOCK) { - struct base_acl *base_acl; - - base_acl = rcu_dereference(inode->i_acl); - if (!base_acl) - return -EAGAIN; - /* no ->get_acl() calls in RCU mode... */ - if (is_uncached_acl(base_acl)) - return -ECHILD; - return posix_acl_permission(inode, posix_acl(base_acl), - mask & ~MAY_NOT_BLOCK); - } else { - struct posix_acl *acl; - - acl = get_acl(inode, ACL_TYPE_ACCESS); - if (IS_ERR(acl)) - return PTR_ERR(acl); - if (acl) { - int error = posix_acl_permission(inode, acl, mask); - posix_acl_release(acl); - return error; - } - } -#endif - - return -EAGAIN; -} - /* * This does the basic permission checking */ @@ -344,6 +277,11 @@ static int acl_permission_check(struct inode *inode, int mask) int error = check_richacl(inode, mask); if (error != -EAGAIN) return error; + if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP | + MAY_CHMOD | MAY_SET_TIMES)) { + /* File permission bits cannot grant this. */ + return -EACCES; + } } if (likely(uid_eq(current_fsuid(), inode->i_uid))) mode >>= 6; diff --git a/fs/posix_acl.c b/fs/posix_acl.c index f7e1a29..6415675 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -374,6 +374,34 @@ check_perm: return -EACCES; } +int check_posix_acl(struct inode *inode, int mask) +{ + if (mask & MAY_NOT_BLOCK) { + struct base_acl *base_acl; + + base_acl = rcu_dereference(inode->i_acl); + if (!base_acl) + return -EAGAIN; + /* no ->get_acl() calls in RCU mode... */ + if (is_uncached_acl(base_acl)) + return -ECHILD; + return posix_acl_permission(inode, posix_acl(base_acl), + mask & ~MAY_NOT_BLOCK); + } else { + struct posix_acl *acl; + + acl = get_acl(inode, ACL_TYPE_ACCESS); + if (IS_ERR(acl)) + return PTR_ERR(acl); + if (acl) { + int error = posix_acl_permission(inode, acl, mask); + posix_acl_release(acl); + return error; + } + } + return -EAGAIN; +} + /* * Modify acl when creating a new inode. The caller must ensure the acl is * only referenced once. diff --git a/fs/richacl.c b/fs/richacl.c index 1945691..ece9d0b 100644 --- a/fs/richacl.c +++ b/fs/richacl.c @@ -385,6 +385,34 @@ out: } EXPORT_SYMBOL_GPL(richacl_permission); +int check_richacl(struct inode *inode, int mask) +{ + if (mask & MAY_NOT_BLOCK) { + struct base_acl *base_acl; + + base_acl = rcu_dereference(inode->i_acl); + if (!base_acl) + return -EAGAIN; + /* no ->get_richacl() calls in RCU mode... */ + if (is_uncached_acl(base_acl)) + return -ECHILD; + return richacl_permission(inode, richacl(base_acl), + mask & ~MAY_NOT_BLOCK); + } else { + struct richacl *acl; + + acl = get_richacl(inode); + if (IS_ERR(acl)) + return PTR_ERR(acl); + if (acl) { + int error = richacl_permission(inode, acl, mask); + richacl_put(acl); + return error; + } + } + return -EAGAIN; +} + /* * Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(), * and richacl_compute_max_masks() iterate through the entire acl in reverse diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h index eafb358..07225c1 100644 --- a/include/linux/posix_acl.h +++ b/include/linux/posix_acl.h @@ -94,6 +94,7 @@ extern struct posix_acl *get_posix_acl(struct inode *, int); extern int set_posix_acl(struct inode *, int, struct posix_acl *); #ifdef CONFIG_FS_POSIX_ACL +extern int check_posix_acl(struct inode *, int); extern int posix_acl_chmod(struct inode *, umode_t); extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **, struct posix_acl **); @@ -112,6 +113,10 @@ static inline void cache_no_acl(struct inode *inode) inode->i_default_acl = NULL; } #else +static inline int check_posix_acl(struct inode *inode, int mask) { + return -EAGAIN; +} + static inline int posix_acl_chmod(struct inode *inode, umode_t mode) { return 0; diff --git a/include/linux/richacl.h b/include/linux/richacl.h index 7530920..368e918 100644 --- a/include/linux/richacl.h +++ b/include/linux/richacl.h @@ -207,4 +207,12 @@ extern struct richacl *richacl_inherit(const struct richacl *, int); extern struct richacl *richacl_create(umode_t *, struct inode *); extern int set_richacl(struct inode *, struct richacl *); +#ifdef CONFIG_FS_RICHACL +extern int check_richacl(struct inode *, int); +#else +static inline int check_richacl(struct inode *inode, int mask) { + return -EAGAIN; +} +#endif /* CONFIG_FS_RICHACL */ + #endif /* __RICHACL_H */ -- 2.7.4
next prev parent reply other threads:[~2016-08-16 11:03 UTC|newest] Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-08-16 11:02 [PATCH v25 00/22] Richacls (Core and Ext4) Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 07/22] richacl: Permission mapping functions Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 08/22] richacl: Permission check algorithm Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 09/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 10/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 11/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 12/22] vfs: Cache richacl in struct inode Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 13/22] richacl: Update the file masks in chmod() Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 14/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 15/22] richacl: Create-time inheritance Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 16/22] richacl: Automatic Inheritance Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 17/22] richacl: xattr mapping functions Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:02 ` [PATCH v25 18/22] richacl: Add richacl xattr handler Andreas Gruenbacher 2016-08-16 11:02 ` Andreas Gruenbacher 2016-08-16 11:03 ` [PATCH v25 19/22] vfs: Add richacl permission checking Andreas Gruenbacher 2016-08-16 11:03 ` Andreas Gruenbacher 2016-08-16 11:03 ` Andreas Gruenbacher [this message] 2016-08-16 11:03 ` [PATCH v25 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c Andreas Gruenbacher 2016-08-16 11:03 ` [PATCH v25 21/22] ext4: Add richacl support Andreas Gruenbacher 2016-08-16 11:03 ` Andreas Gruenbacher 2016-08-16 11:03 ` [PATCH v25 22/22] ext4: Add richacl feature flag Andreas Gruenbacher 2016-08-16 11:03 ` Andreas Gruenbacher
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1471345383-15334-21-git-send-email-agruenba@redhat.com \ --to=agruenba@redhat.com \ --cc=adilger.kernel@dilger.ca \ --cc=anna.schumaker@netapp.com \ --cc=bfields@fieldses.org \ --cc=hch@infradead.org \ --cc=jlayton@poochiereds.net \ --cc=linux-api@vger.kernel.org \ --cc=linux-cifs@vger.kernel.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-nfs@vger.kernel.org \ --cc=trond.myklebust@primarydata.com \ --cc=tytso@mit.edu \ --cc=viro@zeniv.linux.org.uk \ --cc=xfs@oss.sgi.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.