From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Subject: [PATCH v27 19/21] vfs: Move check_posix_acl and check_richacl out of fs/namei.c
Date: Tue, 11 Oct 2016 14:50:54 +0200 [thread overview]
Message-ID: <1476190256-1677-20-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1476190256-1677-1-git-send-email-agruenba@redhat.com>
By moving those functions into fs/posix_acl.c and fs/richacl.c, the
ifdefs can be moved into include/linux/posix_acl.h and
include/linux/richacl.h. This may be seen as a small improvement.
Suggested-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
fs/namei.c | 72 ++++-------------------------------------------
fs/posix_acl.c | 28 ++++++++++++++++++
fs/richacl.c | 28 ++++++++++++++++++
include/linux/posix_acl.h | 5 ++++
include/linux/richacl.h | 8 ++++++
5 files changed, 74 insertions(+), 67 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 9808154c..4e20b87 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -258,73 +258,6 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_richacl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_RICHACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- goto no_acl;
- /* no ->get_richacl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return richacl_permission(inode, richacl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct richacl *acl;
-
- acl = get_richacl(inode);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = richacl_permission(inode, acl, mask);
- richacl_put(acl);
- return error;
- }
- }
-no_acl:
-#endif
- if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
- MAY_CHMOD | MAY_SET_TIMES)) {
- /* File permission bits cannot grant this. */
- return -EACCES;
- }
- return -EAGAIN;
-}
-
-static int check_posix_acl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_POSIX_ACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- return -EAGAIN;
- /* no ->get_acl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return posix_acl_permission(inode, posix_acl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct posix_acl *acl;
-
- acl = get_acl(inode, ACL_TYPE_ACCESS);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = posix_acl_permission(inode, acl, mask);
- posix_acl_release(acl);
- return error;
- }
- }
-#endif
-
- return -EAGAIN;
-}
-
/*
* This does the basic permission checking
*/
@@ -344,6 +277,11 @@ static int acl_permission_check(struct inode *inode, int mask)
int error = check_richacl(inode, mask);
if (error != -EAGAIN)
return error;
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
}
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 0bf1dc0..b373d87 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -374,6 +374,34 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
return -EACCES;
}
+int check_posix_acl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_acl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return posix_acl_permission(inode, posix_acl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct posix_acl *acl;
+
+ acl = get_acl(inode, ACL_TYPE_ACCESS);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = posix_acl_permission(inode, acl, mask);
+ posix_acl_release(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Modify acl when creating a new inode. The caller must ensure the acl is
* only referenced once.
diff --git a/fs/richacl.c b/fs/richacl.c
index 1945691..ece9d0b 100644
--- a/fs/richacl.c
+++ b/fs/richacl.c
@@ -385,6 +385,34 @@ richacl_permission(struct inode *inode, const struct richacl *acl,
}
EXPORT_SYMBOL_GPL(richacl_permission);
+int check_richacl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(),
* and richacl_compute_max_masks() iterate through the entire acl in reverse
diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
index abfb786..5c65dc9 100644
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -74,6 +74,7 @@ extern struct posix_acl *get_posix_acl(struct inode *, int);
extern int set_posix_acl(struct inode *, int, struct posix_acl *);
#ifdef CONFIG_FS_POSIX_ACL
+extern int check_posix_acl(struct inode *, int);
extern int posix_acl_chmod(struct inode *, umode_t);
extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **,
struct posix_acl **);
@@ -93,6 +94,10 @@ static inline void cache_no_acl(struct inode *inode)
inode->i_default_acl = NULL;
}
#else
+static inline int check_posix_acl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+
static inline int posix_acl_chmod(struct inode *inode, umode_t mode)
{
return 0;
diff --git a/include/linux/richacl.h b/include/linux/richacl.h
index 7530920..368e918 100644
--- a/include/linux/richacl.h
+++ b/include/linux/richacl.h
@@ -207,4 +207,12 @@ extern struct richacl *richacl_inherit(const struct richacl *, int);
extern struct richacl *richacl_create(umode_t *, struct inode *);
extern int set_richacl(struct inode *, struct richacl *);
+#ifdef CONFIG_FS_RICHACL
+extern int check_richacl(struct inode *, int);
+#else
+static inline int check_richacl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+#endif /* CONFIG_FS_RICHACL */
+
#endif /* __RICHACL_H */
--
2.7.4
next prev parent reply other threads:[~2016-10-11 12:53 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-11 12:50 [PATCH v27 00/21] Richacls (Core and Ext4) Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 01/21] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 02/21] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-12-02 9:22 ` Miklos Szeredi
2017-02-13 15:34 ` Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 03/21] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-12-02 9:57 ` Miklos Szeredi
2016-12-06 20:15 ` J. Bruce Fields
2016-12-06 21:13 ` Jeremy Allison
2016-12-06 21:25 ` Miklos Szeredi
2016-12-06 21:36 ` Jeremy Allison
2017-02-13 15:40 ` Andreas Gruenbacher
2017-02-13 15:42 ` Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 04/21] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 05/21] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 06/21] richacl: Permission mapping functions Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 07/21] richacl: Permission check algorithm Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 08/21] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 09/21] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 10/21] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 11/21] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 12/21] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 13/21] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 14/21] richacl: Create-time inheritance Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 15/21] richacl: Automatic Inheritance Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 16/21] richacl: xattr mapping functions Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 17/21] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 18/21] vfs: Add richacl permission checking Andreas Gruenbacher
2016-10-11 12:50 ` Andreas Gruenbacher [this message]
2016-10-11 12:50 ` [PATCH v27 20/21] ext4: Add richacl support Andreas Gruenbacher
2016-10-11 12:50 ` [PATCH v27 21/21] ext4: Add richacl feature flag Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1476190256-1677-20-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=jlayton@poochiereds.net \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).