From: Scott Mayhew <smayhew@redhat.com>
To: anna.schumaker@netapp.com, trond.myklebust@hammerspace.com
Cc: dhowells@redhat.com, viro@zeniv.linux.org.uk,
linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 15/26] nfs: get rid of ->set_security()
Date: Fri, 13 Sep 2019 08:17:37 -0400 [thread overview]
Message-ID: <20190913121748.25391-16-smayhew@redhat.com> (raw)
In-Reply-To: <20190913121748.25391-1-smayhew@redhat.com>
From: Al Viro <viro@zeniv.linux.org.uk>
it's always either nfs_set_sb_security() or nfs_clone_sb_security(),
the choice being controlled by mount_info->cloned != NULL. No need
to add methods, especially when both instances live right next to
the caller and are never accessed anywhere else.
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/nfs/internal.h | 3 --
fs/nfs/namespace.c | 1 -
fs/nfs/nfs4super.c | 3 --
fs/nfs/super.c | 69 ++++++++++++++--------------------------------
4 files changed, 21 insertions(+), 55 deletions(-)
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index fa737e37f7c9..d512ec394559 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -145,7 +145,6 @@ struct nfs_mount_request {
struct nfs_mount_info {
unsigned int inherited_bsize;
- int (*set_security)(struct super_block *, struct dentry *, struct nfs_mount_info *);
struct nfs_parsed_mount_data *parsed;
struct nfs_clone_mount *cloned;
struct nfs_server *server;
@@ -399,8 +398,6 @@ extern struct file_system_type nfs4_referral_fs_type;
#endif
bool nfs_auth_info_match(const struct nfs_auth_info *, rpc_authflavor_t);
struct dentry *nfs_try_mount(int, const char *, struct nfs_mount_info *);
-int nfs_set_sb_security(struct super_block *, struct dentry *, struct nfs_mount_info *);
-int nfs_clone_sb_security(struct super_block *, struct dentry *, struct nfs_mount_info *);
struct dentry *nfs_fs_mount(struct file_system_type *, int, const char *, void *);
void nfs_kill_super(struct super_block *);
diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c
index 7bc5b9b8f5ea..72a99f9c7390 100644
--- a/fs/nfs/namespace.c
+++ b/fs/nfs/namespace.c
@@ -230,7 +230,6 @@ struct vfsmount *nfs_do_submount(struct dentry *dentry, struct nfs_fh *fh,
};
struct nfs_mount_info mount_info = {
.inherited_bsize = sb->s_blocksize_bits,
- .set_security = nfs_clone_sb_security,
.cloned = &mountdata,
.mntfh = fh,
.nfs_mod = NFS_SB(sb)->nfs_client->cl_nfs_mod,
diff --git a/fs/nfs/nfs4super.c b/fs/nfs/nfs4super.c
index d387c3c3b600..38f2eec7e1ad 100644
--- a/fs/nfs/nfs4super.c
+++ b/fs/nfs/nfs4super.c
@@ -201,8 +201,6 @@ struct dentry *nfs4_try_mount(int flags, const char *dev_name,
struct nfs_parsed_mount_data *data = mount_info->parsed;
struct dentry *res;
- mount_info->set_security = nfs_set_sb_security;
-
dfprintk(MOUNT, "--> nfs4_try_mount()\n");
res = do_nfs4_mount(nfs4_create_server(mount_info),
@@ -224,7 +222,6 @@ static struct dentry *nfs4_referral_mount(struct file_system_type *fs_type,
{
struct nfs_clone_mount *data = raw_data;
struct nfs_mount_info mount_info = {
- .set_security = nfs_clone_sb_security,
.cloned = data,
.nfs_mod = &nfs_v4,
};
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 6f4983fc3937..d8702e57f7fc 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -2541,52 +2541,6 @@ static void nfs_get_cache_cookie(struct super_block *sb,
}
#endif
-int nfs_set_sb_security(struct super_block *s, struct dentry *mntroot,
- struct nfs_mount_info *mount_info)
-{
- int error;
- unsigned long kflags = 0, kflags_out = 0;
- if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL)
- kflags |= SECURITY_LSM_NATIVE_LABELS;
-
- error = security_sb_set_mnt_opts(s, mount_info->parsed->lsm_opts,
- kflags, &kflags_out);
- if (error)
- goto err;
-
- if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL &&
- !(kflags_out & SECURITY_LSM_NATIVE_LABELS))
- NFS_SB(s)->caps &= ~NFS_CAP_SECURITY_LABEL;
-err:
- return error;
-}
-EXPORT_SYMBOL_GPL(nfs_set_sb_security);
-
-int nfs_clone_sb_security(struct super_block *s, struct dentry *mntroot,
- struct nfs_mount_info *mount_info)
-{
- int error;
- unsigned long kflags = 0, kflags_out = 0;
-
- /* clone any lsm security options from the parent to the new sb */
- if (d_inode(mntroot)->i_fop != &nfs_dir_operations)
- return -ESTALE;
-
- if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL)
- kflags |= SECURITY_LSM_NATIVE_LABELS;
-
- error = security_sb_clone_mnt_opts(mount_info->cloned->sb, s, kflags,
- &kflags_out);
- if (error)
- return error;
-
- if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL &&
- !(kflags_out & SECURITY_LSM_NATIVE_LABELS))
- NFS_SB(s)->caps &= ~NFS_CAP_SECURITY_LABEL;
- return 0;
-}
-EXPORT_SYMBOL_GPL(nfs_clone_sb_security);
-
static struct dentry *nfs_fs_mount_common(int flags, const char *dev_name,
struct nfs_mount_info *mount_info)
{
@@ -2594,6 +2548,7 @@ static struct dentry *nfs_fs_mount_common(int flags, const char *dev_name,
struct dentry *mntroot = ERR_PTR(-ENOMEM);
int (*compare_super)(struct super_block *, void *) = nfs_compare_super;
struct nfs_server *server = mount_info->server;
+ unsigned long kflags = 0, kflags_out = 0;
struct nfs_sb_mountdata sb_mntdata = {
.mntflags = flags,
.server = server,
@@ -2654,7 +2609,26 @@ static struct dentry *nfs_fs_mount_common(int flags, const char *dev_name,
if (IS_ERR(mntroot))
goto error_splat_super;
- error = mount_info->set_security(s, mntroot, mount_info);
+
+ if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL)
+ kflags |= SECURITY_LSM_NATIVE_LABELS;
+ if (mount_info->cloned) {
+ if (d_inode(mntroot)->i_fop != &nfs_dir_operations) {
+ error = -ESTALE;
+ goto error_splat_root;
+ }
+ /* clone any lsm security options from the parent to the new sb */
+ error = security_sb_clone_mnt_opts(mount_info->cloned->sb, s, kflags,
+ &kflags_out);
+ } else {
+ error = security_sb_set_mnt_opts(s, mount_info->parsed->lsm_opts,
+ kflags, &kflags_out);
+ }
+ if (error)
+ goto error_splat_root;
+ if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL &&
+ !(kflags_out & SECURITY_LSM_NATIVE_LABELS))
+ NFS_SB(s)->caps &= ~NFS_CAP_SECURITY_LABEL;
if (error)
goto error_splat_root;
@@ -2679,7 +2653,6 @@ struct dentry *nfs_fs_mount(struct file_system_type *fs_type,
int flags, const char *dev_name, void *raw_data)
{
struct nfs_mount_info mount_info = {
- .set_security = nfs_set_sb_security,
};
struct dentry *mntroot = ERR_PTR(-ENOMEM);
struct nfs_subversion *nfs_mod;
--
2.17.2
next prev parent reply other threads:[~2019-09-13 12:18 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-13 12:17 [PATCH v4 00/26] nfs: Mount API conversion Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 01/26] saner calling conventions for nfs_fs_mount_common() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 02/26] nfs: stash server into struct nfs_mount_info Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 03/26] nfs: lift setting mount_info from nfs4_remote{,_referral}_mount Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 04/26] nfs: fold nfs4_remote_fs_type and nfs4_remote_referral_fs_type Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 05/26] nfs: don't bother setting/restoring export_path around do_nfs_root_mount() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 06/26] nfs4: fold nfs_do_root_mount/nfs_follow_remote_path Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 07/26] nfs: lift setting mount_info from nfs_xdev_mount() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 08/26] nfs: stash nfs_subversion reference into nfs_mount_info Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 09/26] nfs: don't bother passing nfs_subversion to ->try_mount() and nfs_fs_mount_common() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 10/26] nfs: merge xdev and remote file_system_type Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 11/26] nfs: unexport nfs_fs_mount_common() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 12/26] nfs: don't pass nfs_subversion to ->create_server() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 13/26] nfs: get rid of mount_info ->fill_super() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 14/26] nfs_clone_sb_security(): simplify the check for server bogosity Scott Mayhew
2019-09-13 12:17 ` Scott Mayhew [this message]
2019-09-13 12:17 ` [PATCH v4 16/26] NFS: Move mount parameterisation bits into their own file Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 17/26] NFS: Constify mount argument match tables Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 18/26] NFS: Rename struct nfs_parsed_mount_data to struct nfs_fs_context Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 19/26] NFS: Split nfs_parse_mount_options() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 20/26] NFS: Deindent nfs_fs_context_parse_option() Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 21/26] NFS: Add a small buffer in nfs_fs_context to avoid string dup Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 22/26] NFS: Do some tidying of the parsing code Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 23/26] NFS: rename nfs_fs_context pointer arg in a few functions Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 24/26] NFS: Convert mount option parsing to use functionality from fs_parser.h Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 25/26] NFS: Add fs_context support Scott Mayhew
2019-09-13 12:17 ` [PATCH v4 26/26] NFS: Attach supplementary error information to fs_context Scott Mayhew
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190913121748.25391-16-smayhew@redhat.com \
--to=smayhew@redhat.com \
--cc=anna.schumaker@netapp.com \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.