fs: take the ACL checks to common code

Replace the ->check_acl method with a ->get_acl method that simply reads an ACL from disk after having a cache miss. This means we can replace the ACL checking boilerplate code with a single implementation in namei.c. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2026-03-06 15:25:10 -08:00 · 2011-07-23 17:37:31 +02:00
parent edde854e8b
commit 4e34e719e4
52 changed files with 92 additions and 294 deletions
--- a/Documentation/filesystems/Locking
+++ b/Documentation/filesystems/Locking
@@ -52,7 +52,7 @@ ata *);
 	void (*put_link) (struct dentry *, struct nameidata *, void *);
 	void (*truncate) (struct inode *);
 	int (*permission) (struct inode *, int, unsigned int);
-	int (*check_acl)(struct inode *, int);
+	int (*get_acl)(struct inode *, int);
 	int (*setattr) (struct dentry *, struct iattr *);
 	int (*getattr) (struct vfsmount *, struct dentry *, struct kstat *);
 	int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
@@ -80,7 +80,7 @@ put_link:	no
 truncate:	yes		(see below)
 setattr:	yes
 permission:	no (may not block if called in rcu-walk mode)
-check_acl:	no
+get_acl:	no
 getattr:	no
 setxattr:	yes
 getxattr:	no
--- a/Documentation/filesystems/porting
+++ b/Documentation/filesystems/porting
@@ -407,10 +407,11 @@ to some pointer to returning that pointer.  On errors return ERR_PTR(...).

 --
 [mandatory]
-	->permission(), generic_permission() and ->check_acl() have lost flags
+	->permission() and generic_permission()have lost flags
 argument; instead of passing IPERM_FLAG_RCU we add MAY_NOT_BLOCK into mask.
-	generic_permission() has also lost the check_acl argument; if you want
-non-NULL to be used for that inode, put it into ->i_op->check_acl.
+	generic_permission() has also lost the check_acl argument; ACL checking
+has been taken to VFS and filesystems need to provide a non-NULL ->i_op->get_acl
+to read an ACL from disk.

 --
 [mandatory]
--- a/Documentation/filesystems/vfs.txt
+++ b/Documentation/filesystems/vfs.txt
@@ -356,7 +356,7 @@ struct inode_operations {
        void (*put_link) (struct dentry *, struct nameidata *, void *);
 	void (*truncate) (struct inode *);
 	int (*permission) (struct inode *, int);
-	int (*check_acl)(struct inode *, int);
+	int (*get_acl)(struct inode *, int);
 	int (*setattr) (struct dentry *, struct iattr *);
 	int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
 	int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
--- a/fs/9p/acl.c
+++ b/fs/9p/acl.c
@@ -96,7 +96,7 @@ static struct posix_acl *v9fs_get_cached_acl(struct inode *inode, int type)
 	return acl;
 }

-int v9fs_check_acl(struct inode *inode, int mask)
+struct posix_acl *v9fs_iop_get_acl(struct inode *inode, int type)
 {
 	struct posix_acl *acl;
 	struct v9fs_session_info *v9ses;
@@ -108,18 +108,10 @@ int v9fs_check_acl(struct inode *inode, int mask)
 		 * On access = client  and acl = on mode get the acl
 		 * values from the server
 		 */
-		return -EAGAIN;
+		return NULL;
 	}
-	acl = v9fs_get_cached_acl(inode, ACL_TYPE_ACCESS);
+	return v9fs_get_cached_acl(inode, type);

-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-	return -EAGAIN;
 }

 static int v9fs_set_acl(struct dentry *dentry, int type, struct posix_acl *acl)
--- a/fs/9p/acl.h
+++ b/fs/9p/acl.h
@@ -16,14 +16,14 @@

 #ifdef CONFIG_9P_FS_POSIX_ACL
 extern int v9fs_get_acl(struct inode *, struct p9_fid *);
-extern int v9fs_check_acl(struct inode *inode, int mask);
+extern struct posix_acl *v9fs_iop_get_acl(struct inode *inode, int type);
 extern int v9fs_acl_chmod(struct dentry *);
 extern int v9fs_set_create_acl(struct dentry *,
 			       struct posix_acl **, struct posix_acl **);
 extern int v9fs_acl_mode(struct inode *dir, mode_t *modep,
 			 struct posix_acl **dpacl, struct posix_acl **pacl);
 #else
-#define v9fs_check_acl NULL
+#define v9fs_iop_get_acl NULL
 static inline int v9fs_get_acl(struct inode *inode, struct p9_fid *fid)
 {
 	return 0;
--- a/fs/9p/vfs_inode_dotl.c
+++ b/fs/9p/vfs_inode_dotl.c
@@ -872,7 +872,7 @@ const struct inode_operations v9fs_dir_inode_operations_dotl = {
 	.getxattr = generic_getxattr,
 	.removexattr = generic_removexattr,
 	.listxattr = v9fs_listxattr,
-	.check_acl = v9fs_check_acl,
+	.get_acl = v9fs_iop_get_acl,
 };

 const struct inode_operations v9fs_file_inode_operations_dotl = {
@@ -882,7 +882,7 @@ const struct inode_operations v9fs_file_inode_operations_dotl = {
 	.getxattr = generic_getxattr,
 	.removexattr = generic_removexattr,
 	.listxattr = v9fs_listxattr,
-	.check_acl = v9fs_check_acl,
+	.get_acl = v9fs_iop_get_acl,
 };

 const struct inode_operations v9fs_symlink_inode_operations_dotl = {
--- a/fs/btrfs/acl.c
+++ b/fs/btrfs/acl.c
@@ -30,7 +30,7 @@

 #ifdef CONFIG_BTRFS_FS_POSIX_ACL

-static struct posix_acl *btrfs_get_acl(struct inode *inode, int type)
+struct posix_acl *btrfs_get_acl(struct inode *inode, int type)
 {
 	int size;
 	const char *name;
@@ -195,22 +195,6 @@ out:
 	return ret;
 }

-int btrfs_check_acl(struct inode *inode, int mask)
-{
-	int error = -EAGAIN;
-	struct posix_acl *acl;
-
-	acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-	}
-
-	return error;
-}
-
 /*
 * btrfs_init_acl is already generally called under fs_mutex, so the locking
 * stuff has been fixed to work with that.  If the locking stuff changes, we
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -2645,9 +2645,9 @@ do {								\

 /* acl.c */
 #ifdef CONFIG_BTRFS_FS_POSIX_ACL
-int btrfs_check_acl(struct inode *inode, int mask);
+struct posix_acl *btrfs_get_acl(struct inode *inode, int type);
 #else
-#define btrfs_check_acl NULL
+#define btrfs_get_acl NULL
 #endif
 int btrfs_init_acl(struct btrfs_trans_handle *trans,
 		   struct inode *inode, struct inode *dir);
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7351,12 +7351,12 @@ static const struct inode_operations btrfs_dir_inode_operations = {
 	.listxattr	= btrfs_listxattr,
 	.removexattr	= btrfs_removexattr,
 	.permission	= btrfs_permission,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 static const struct inode_operations btrfs_dir_ro_inode_operations = {
 	.lookup		= btrfs_lookup,
 	.permission	= btrfs_permission,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };

 static const struct file_operations btrfs_dir_file_operations = {
@@ -7425,7 +7425,7 @@ static const struct inode_operations btrfs_file_inode_operations = {
 	.removexattr	= btrfs_removexattr,
 	.permission	= btrfs_permission,
 	.fiemap		= btrfs_fiemap,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 static const struct inode_operations btrfs_special_inode_operations = {
 	.getattr	= btrfs_getattr,
@@ -7435,7 +7435,7 @@ static const struct inode_operations btrfs_special_inode_operations = {
 	.getxattr	= btrfs_getxattr,
 	.listxattr	= btrfs_listxattr,
 	.removexattr	= btrfs_removexattr,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 static const struct inode_operations btrfs_symlink_inode_operations = {
 	.readlink	= generic_readlink,
@@ -7447,7 +7447,7 @@ static const struct inode_operations btrfs_symlink_inode_operations = {
 	.getxattr	= btrfs_getxattr,
 	.listxattr	= btrfs_listxattr,
 	.removexattr	= btrfs_removexattr,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };

 const struct dentry_operations btrfs_dentry_operations = {
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -128,7 +128,7 @@ fail:
 /*
 * inode->i_mutex: don't care
 */
-static struct posix_acl *
+struct posix_acl *
 ext2_get_acl(struct inode *inode, int type)
 {
 	int name_index;
@@ -231,23 +231,6 @@ ext2_set_acl(struct inode *inode, int type, struct posix_acl *acl)
 	return error;
 }

-int
-ext2_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = ext2_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
-}
-
 /*
 * Initialize the ACLs of a new inode. Called from ext2_new_inode.
 *
--- a/fs/ext2/acl.h
+++ b/fs/ext2/acl.h
@@ -54,13 +54,13 @@ static inline int ext2_acl_count(size_t size)
 #ifdef CONFIG_EXT2_FS_POSIX_ACL

 /* acl.c */
-extern int ext2_check_acl (struct inode *, int);
+extern struct posix_acl *ext2_get_acl(struct inode *inode, int type);
 extern int ext2_acl_chmod (struct inode *);
 extern int ext2_init_acl (struct inode *, struct inode *);

 #else
 #include <linux/sched.h>
-#define ext2_check_acl	NULL
+#define ext2_get_acl	NULL
 #define ext2_get_acl	NULL
 #define ext2_set_acl	NULL

--- a/fs/ext2/file.c
+++ b/fs/ext2/file.c
@@ -102,6 +102,6 @@ const struct inode_operations ext2_file_inode_operations = {
 	.removexattr	= generic_removexattr,
 #endif
 	.setattr	= ext2_setattr,
-	.check_acl	= ext2_check_acl,
+	.get_acl	= ext2_get_acl,
 	.fiemap		= ext2_fiemap,
 };
--- a/fs/ext2/namei.c
+++ b/fs/ext2/namei.c
@@ -408,7 +408,7 @@ const struct inode_operations ext2_dir_inode_operations = {
 	.removexattr	= generic_removexattr,
 #endif
 	.setattr	= ext2_setattr,
-	.check_acl	= ext2_check_acl,
+	.get_acl	= ext2_get_acl,
 };

 const struct inode_operations ext2_special_inode_operations = {
@@ -419,5 +419,5 @@ const struct inode_operations ext2_special_inode_operations = {
 	.removexattr	= generic_removexattr,
 #endif
 	.setattr	= ext2_setattr,
-	.check_acl	= ext2_check_acl,
+	.get_acl	= ext2_get_acl,
 };
--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -131,7 +131,7 @@ fail:
 *
 * inode->i_mutex: don't care
 */
-static struct posix_acl *
+struct posix_acl *
 ext3_get_acl(struct inode *inode, int type)
 {
 	int name_index;
@@ -239,23 +239,6 @@ ext3_set_acl(handle_t *handle, struct inode *inode, int type,
 	return error;
 }

-int
-ext3_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = ext3_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
-}
-
 /*
 * Initialize the ACLs of a new inode. Called from ext3_new_inode.
 *
--- a/fs/ext3/acl.h
+++ b/fs/ext3/acl.h
@@ -54,13 +54,13 @@ static inline int ext3_acl_count(size_t size)
 #ifdef CONFIG_EXT3_FS_POSIX_ACL

 /* acl.c */
-extern int ext3_check_acl (struct inode *, int);
+extern struct posix_acl *ext3_get_acl(struct inode *inode, int type);
 extern int ext3_acl_chmod (struct inode *);
 extern int ext3_init_acl (handle_t *, struct inode *, struct inode *);

 #else  /* CONFIG_EXT3_FS_POSIX_ACL */
 #include <linux/sched.h>
-#define ext3_check_acl NULL
+#define ext3_get_acl NULL

 static inline int
 ext3_acl_chmod(struct inode *inode)
--- a/fs/ext3/file.c
+++ b/fs/ext3/file.c
@@ -79,7 +79,7 @@ const struct inode_operations ext3_file_inode_operations = {
 	.listxattr	= ext3_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext3_check_acl,
+	.get_acl	= ext3_get_acl,
 	.fiemap		= ext3_fiemap,
 };

--- a/fs/ext3/namei.c
+++ b/fs/ext3/namei.c
@@ -2529,7 +2529,7 @@ const struct inode_operations ext3_dir_inode_operations = {
 	.listxattr	= ext3_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext3_check_acl,
+	.get_acl	= ext3_get_acl,
 };

 const struct inode_operations ext3_special_inode_operations = {
@@ -2540,5 +2540,5 @@ const struct inode_operations ext3_special_inode_operations = {
 	.listxattr	= ext3_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext3_check_acl,
+	.get_acl	= ext3_get_acl,
 };
--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -131,7 +131,7 @@ fail:
 *
 * inode->i_mutex: don't care
 */
-static struct posix_acl *
+struct posix_acl *
 ext4_get_acl(struct inode *inode, int type)
 {
 	int name_index;
@@ -237,23 +237,6 @@ ext4_set_acl(handle_t *handle, struct inode *inode, int type,
 	return error;
 }

-int
-ext4_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = ext4_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
-}
-
 /*
 * Initialize the ACLs of a new inode. Called from ext4_new_inode.
 *
--- a/fs/ext4/acl.h
+++ b/fs/ext4/acl.h
@@ -54,13 +54,13 @@ static inline int ext4_acl_count(size_t size)
 #ifdef CONFIG_EXT4_FS_POSIX_ACL

 /* acl.c */
-extern int ext4_check_acl(struct inode *, int);
+struct posix_acl *ext4_get_acl(struct inode *inode, int type);
 extern int ext4_acl_chmod(struct inode *);
 extern int ext4_init_acl(handle_t *, struct inode *, struct inode *);

 #else  /* CONFIG_EXT4_FS_POSIX_ACL */
 #include <linux/sched.h>
-#define ext4_check_acl NULL
+#define ext4_get_acl NULL

 static inline int
 ext4_acl_chmod(struct inode *inode)
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -301,7 +301,7 @@ const struct inode_operations ext4_file_inode_operations = {
 	.listxattr	= ext4_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext4_check_acl,
+	.get_acl	= ext4_get_acl,
 	.fiemap		= ext4_fiemap,
 };

--- a/Show More
+++ b/Show More