mirror of
https://github.com/torvalds/linux.git
synced 2024-11-22 04:02:20 +00:00
vfs: move ACL cache lookup into generic code
This moves logic for checking the cached ACL values from low-level filesystems into generic code. The end result is a streamlined ACL check that doesn't need to load the inode->i_op->check_acl pointer at all for the common cached case. The filesystems also don't need to check for a non-blocking RCU walk case in their acl_check() functions, because that is all handled at a VFS layer. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
3ca30d40a9
commit
e77819e57f
@ -101,9 +101,6 @@ int v9fs_check_acl(struct inode *inode, int mask)
|
||||
struct posix_acl *acl;
|
||||
struct v9fs_session_info *v9ses;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
v9ses = v9fs_inode2v9ses(inode);
|
||||
if (((v9ses->flags & V9FS_ACCESS_MASK) != V9FS_ACCESS_CLIENT) ||
|
||||
((v9ses->flags & V9FS_ACL_MASK) != V9FS_POSIX_ACL)) {
|
||||
|
@ -198,19 +198,14 @@ out:
|
||||
int btrfs_check_acl(struct inode *inode, int mask)
|
||||
{
|
||||
int error = -EAGAIN;
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
error = -ECHILD;
|
||||
} else {
|
||||
struct posix_acl *acl;
|
||||
acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
if (acl) {
|
||||
error = posix_acl_permission(inode, acl, mask);
|
||||
posix_acl_release(acl);
|
||||
}
|
||||
acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
if (acl) {
|
||||
error = posix_acl_permission(inode, acl, mask);
|
||||
posix_acl_release(acl);
|
||||
}
|
||||
|
||||
return error;
|
||||
|
@ -236,12 +236,6 @@ ext2_check_acl(struct inode *inode, int mask)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
acl = ext2_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
|
@ -244,12 +244,6 @@ ext3_check_acl(struct inode *inode, int mask)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
acl = ext3_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
|
@ -242,12 +242,6 @@ ext4_check_acl(struct inode *inode, int mask)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
acl = ext4_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
|
@ -192,18 +192,13 @@ generic_acl_chmod(struct inode *inode)
|
||||
int
|
||||
generic_check_acl(struct inode *inode, int mask)
|
||||
{
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
} else {
|
||||
struct posix_acl *acl;
|
||||
struct posix_acl *acl;
|
||||
|
||||
acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (acl) {
|
||||
int error = posix_acl_permission(inode, acl, mask);
|
||||
posix_acl_release(acl);
|
||||
return error;
|
||||
}
|
||||
acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (acl) {
|
||||
int error = posix_acl_permission(inode, acl, mask);
|
||||
posix_acl_release(acl);
|
||||
return error;
|
||||
}
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
@ -80,12 +80,6 @@ int gfs2_check_acl(struct inode *inode, int mask)
|
||||
struct posix_acl *acl;
|
||||
int error;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
acl = gfs2_acl_get(GFS2_I(inode), ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
|
@ -264,9 +264,6 @@ int jffs2_check_acl(struct inode *inode, int mask)
|
||||
struct posix_acl *acl;
|
||||
int rc;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
|
@ -118,9 +118,6 @@ int jfs_check_acl(struct inode *inode, int mask)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
|
52
fs/namei.c
52
fs/namei.c
@ -32,6 +32,7 @@
|
||||
#include <linux/fcntl.h>
|
||||
#include <linux/device_cgroup.h>
|
||||
#include <linux/fs_struct.h>
|
||||
#include <linux/posix_acl.h>
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
#include "internal.h"
|
||||
@ -173,12 +174,58 @@ void putname(const char *name)
|
||||
EXPORT_SYMBOL(putname);
|
||||
#endif
|
||||
|
||||
static int check_acl(struct inode *inode, int mask)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
/*
|
||||
* Under RCU walk, we cannot even do a "get_cached_acl()",
|
||||
* because that involves locking and getting a refcount on
|
||||
* a cached ACL.
|
||||
*
|
||||
* So the only case we handle during RCU walking is the
|
||||
* case of a cached "no ACL at all", which needs no locks
|
||||
* or refcounts.
|
||||
*/
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -EAGAIN;
|
||||
return -ECHILD;
|
||||
}
|
||||
|
||||
acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
|
||||
|
||||
/*
|
||||
* A filesystem can force a ACL callback by just never
|
||||
* filling the ACL cache. But normally you'd fill the
|
||||
* cache either at inode instantiation time, or on the
|
||||
* first ->check_acl call.
|
||||
*
|
||||
* If the filesystem doesn't have a check_acl() function
|
||||
* at all, we'll just create the negative cache entry.
|
||||
*/
|
||||
if (acl == ACL_NOT_CACHED) {
|
||||
if (inode->i_op->check_acl)
|
||||
return inode->i_op->check_acl(inode, mask);
|
||||
|
||||
set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
if (acl) {
|
||||
int error = posix_acl_permission(inode, acl, mask);
|
||||
posix_acl_release(acl);
|
||||
return error;
|
||||
}
|
||||
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
/*
|
||||
* This does basic POSIX ACL permission checking
|
||||
*/
|
||||
static int acl_permission_check(struct inode *inode, int mask)
|
||||
{
|
||||
int (*check_acl)(struct inode *inode, int mask);
|
||||
unsigned int mode = inode->i_mode;
|
||||
|
||||
mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
|
||||
@ -189,8 +236,7 @@ static int acl_permission_check(struct inode *inode, int mask)
|
||||
if (current_fsuid() == inode->i_uid)
|
||||
mode >>= 6;
|
||||
else {
|
||||
check_acl = inode->i_op->check_acl;
|
||||
if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
|
||||
if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
|
||||
int error = check_acl(inode, mask);
|
||||
if (error != -EAGAIN)
|
||||
return error;
|
||||
|
@ -297,9 +297,6 @@ int ocfs2_check_acl(struct inode *inode, int mask)
|
||||
struct posix_acl *acl;
|
||||
int ret = -EAGAIN;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
osb = OCFS2_SB(inode->i_sb);
|
||||
if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
|
||||
return ret;
|
||||
|
@ -231,16 +231,12 @@ xfs_check_acl(struct inode *inode, int mask)
|
||||
/*
|
||||
* If there is no attribute fork no ACL exists on this inode and
|
||||
* we can skip the whole exercise.
|
||||
*
|
||||
* FIXME! Fill the cache! Locking?
|
||||
*/
|
||||
if (!XFS_IFORK_Q(ip))
|
||||
return -EAGAIN;
|
||||
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
acl = xfs_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
if (IS_ERR(acl))
|
||||
return PTR_ERR(acl);
|
||||
|
Loading…
Reference in New Issue
Block a user