ocfs2: use generic posix ACL infrastructure
authorChristoph Hellwig <hch@infradead.org>
Fri, 20 Dec 2013 13:16:48 +0000 (05:16 -0800)
committerAl Viro <viro@zeniv.linux.org.uk>
Sun, 26 Jan 2014 04:58:21 +0000 (23:58 -0500)
This contains some major refactoring for the create path so that
inodes are created with the right mode to start with instead of
fixing it up later.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/ocfs2/acl.c
fs/ocfs2/acl.h
fs/ocfs2/file.c
fs/ocfs2/namei.c
fs/ocfs2/refcounttree.c
fs/ocfs2/xattr.c
fs/ocfs2/xattr.h

index c0f9d2fe134ffbefa33a1b8eb2f141dd8a1b25a9..555f4cddefe3a913d7c1d05fba89a1ea36fdd3c1 100644 (file)
@@ -160,36 +160,6 @@ static struct posix_acl *ocfs2_get_acl_nolock(struct inode *inode,
        return acl;
 }
 
-
-/*
- * Get posix acl.
- */
-static struct posix_acl *ocfs2_get_acl(struct inode *inode, int type)
-{
-       struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
-       struct buffer_head *di_bh = NULL;
-       struct posix_acl *acl;
-       int ret;
-
-       if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
-               return NULL;
-
-       ret = ocfs2_inode_lock(inode, &di_bh, 0);
-       if (ret < 0) {
-               mlog_errno(ret);
-               acl = ERR_PTR(ret);
-               return acl;
-       }
-
-       acl = ocfs2_get_acl_nolock(inode, type, di_bh);
-
-       ocfs2_inode_unlock(inode, 0);
-
-       brelse(di_bh);
-
-       return acl;
-}
-
 /*
  * Helper function to set i_mode in memory and disk. Some call paths
  * will not have di_bh or a journal handle to pass, in which case it
@@ -250,7 +220,7 @@ out:
 /*
  * Set the access or default ACL of an inode.
  */
-static int ocfs2_set_acl(handle_t *handle,
+int ocfs2_set_acl(handle_t *handle,
                         struct inode *inode,
                         struct buffer_head *di_bh,
                         int type,
@@ -313,6 +283,11 @@ static int ocfs2_set_acl(handle_t *handle,
        return ret;
 }
 
+int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+{
+       return ocfs2_set_acl(NULL, inode, NULL, type, acl, NULL, NULL);
+}
+
 struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type)
 {
        struct ocfs2_super *osb;
@@ -334,200 +309,3 @@ struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type)
 
        return acl;
 }
-
-int ocfs2_acl_chmod(struct inode *inode)
-{
-       struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
-       struct posix_acl *acl;
-       int ret;
-
-       if (S_ISLNK(inode->i_mode))
-               return -EOPNOTSUPP;
-
-       if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
-               return 0;
-
-       acl = ocfs2_get_acl(inode, ACL_TYPE_ACCESS);
-       if (IS_ERR(acl) || !acl)
-               return PTR_ERR(acl);
-       ret = __posix_acl_chmod(&acl, GFP_KERNEL, inode->i_mode);
-       if (ret)
-               return ret;
-       ret = ocfs2_set_acl(NULL, inode, NULL, ACL_TYPE_ACCESS,
-                           acl, NULL, NULL);
-       posix_acl_release(acl);
-       return ret;
-}
-
-/*
- * Initialize the ACLs of a new inode. If parent directory has default ACL,
- * then clone to new inode. Called from ocfs2_mknod.
- */
-int ocfs2_init_acl(handle_t *handle,
-                  struct inode *inode,
-                  struct inode *dir,
-                  struct buffer_head *di_bh,
-                  struct buffer_head *dir_bh,
-                  struct ocfs2_alloc_context *meta_ac,
-                  struct ocfs2_alloc_context *data_ac)
-{
-       struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
-       struct posix_acl *acl = NULL;
-       int ret = 0, ret2;
-       umode_t mode;
-
-       if (!S_ISLNK(inode->i_mode)) {
-               if (osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) {
-                       acl = ocfs2_get_acl_nolock(dir, ACL_TYPE_DEFAULT,
-                                                  dir_bh);
-                       if (IS_ERR(acl))
-                               return PTR_ERR(acl);
-               }
-               if (!acl) {
-                       mode = inode->i_mode & ~current_umask();
-                       ret = ocfs2_acl_set_mode(inode, di_bh, handle, mode);
-                       if (ret) {
-                               mlog_errno(ret);
-                               goto cleanup;
-                       }
-               }
-       }
-       if ((osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) && acl) {
-               if (S_ISDIR(inode->i_mode)) {
-                       ret = ocfs2_set_acl(handle, inode, di_bh,
-                                           ACL_TYPE_DEFAULT, acl,
-                                           meta_ac, data_ac);
-                       if (ret)
-                               goto cleanup;
-               }
-               mode = inode->i_mode;
-               ret = __posix_acl_create(&acl, GFP_NOFS, &mode);
-               if (ret < 0)
-                       return ret;
-
-               ret2 = ocfs2_acl_set_mode(inode, di_bh, handle, mode);
-               if (ret2) {
-                       mlog_errno(ret2);
-                       ret = ret2;
-                       goto cleanup;
-               }
-               if (ret > 0) {
-                       ret = ocfs2_set_acl(handle, inode,
-                                           di_bh, ACL_TYPE_ACCESS,
-                                           acl, meta_ac, data_ac);
-               }
-       }
-cleanup:
-       posix_acl_release(acl);
-       return ret;
-}
-
-static size_t ocfs2_xattr_list_acl_access(struct dentry *dentry,
-                                         char *list,
-                                         size_t list_len,
-                                         const char *name,
-                                         size_t name_len,
-                                         int type)
-{
-       struct ocfs2_super *osb = OCFS2_SB(dentry->d_sb);
-       const size_t size = sizeof(POSIX_ACL_XATTR_ACCESS);
-
-       if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
-               return 0;
-
-       if (list && size <= list_len)
-               memcpy(list, POSIX_ACL_XATTR_ACCESS, size);
-       return size;
-}
-
-static size_t ocfs2_xattr_list_acl_default(struct dentry *dentry,
-                                          char *list,
-                                          size_t list_len,
-                                          const char *name,
-                                          size_t name_len,
-                                          int type)
-{
-       struct ocfs2_super *osb = OCFS2_SB(dentry->d_sb);
-       const size_t size = sizeof(POSIX_ACL_XATTR_DEFAULT);
-
-       if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
-               return 0;
-
-       if (list && size <= list_len)
-               memcpy(list, POSIX_ACL_XATTR_DEFAULT, size);
-       return size;
-}
-
-static int ocfs2_xattr_get_acl(struct dentry *dentry, const char *name,
-               void *buffer, size_t size, int type)
-{
-       struct ocfs2_super *osb = OCFS2_SB(dentry->d_sb);
-       struct posix_acl *acl;
-       int ret;
-
-       if (strcmp(name, "") != 0)
-               return -EINVAL;
-       if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
-               return -EOPNOTSUPP;
-
-       acl = ocfs2_get_acl(dentry->d_inode, type);
-       if (IS_ERR(acl))
-               return PTR_ERR(acl);
-       if (acl == NULL)
-               return -ENODATA;
-       ret = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
-       posix_acl_release(acl);
-
-       return ret;
-}
-
-static int ocfs2_xattr_set_acl(struct dentry *dentry, const char *name,
-               const void *value, size_t size, int flags, int type)
-{
-       struct inode *inode = dentry->d_inode;
-       struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
-       struct posix_acl *acl;
-       int ret = 0;
-
-       if (strcmp(name, "") != 0)
-               return -EINVAL;
-       if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
-               return -EOPNOTSUPP;
-
-       if (!inode_owner_or_capable(inode))
-               return -EPERM;
-
-       if (value) {
-               acl = posix_acl_from_xattr(&init_user_ns, value, size);
-               if (IS_ERR(acl))
-                       return PTR_ERR(acl);
-               else if (acl) {
-                       ret = posix_acl_valid(acl);
-                       if (ret)
-                               goto cleanup;
-               }
-       } else
-               acl = NULL;
-
-       ret = ocfs2_set_acl(NULL, inode, NULL, type, acl, NULL, NULL);
-
-cleanup:
-       posix_acl_release(acl);
-       return ret;
-}
-
-const struct xattr_handler ocfs2_xattr_acl_access_handler = {
-       .prefix = POSIX_ACL_XATTR_ACCESS,
-       .flags  = ACL_TYPE_ACCESS,
-       .list   = ocfs2_xattr_list_acl_access,
-       .get    = ocfs2_xattr_get_acl,
-       .set    = ocfs2_xattr_set_acl,
-};
-
-const struct xattr_handler ocfs2_xattr_acl_default_handler = {
-       .prefix = POSIX_ACL_XATTR_DEFAULT,
-       .flags  = ACL_TYPE_DEFAULT,
-       .list   = ocfs2_xattr_list_acl_default,
-       .get    = ocfs2_xattr_get_acl,
-       .set    = ocfs2_xattr_set_acl,
-};
index 071fbd380f2f52889fe4ddc459df3bf603d7629e..3fce68d086251a6e26ea9805361e3a1ccb351d46 100644 (file)
@@ -27,10 +27,13 @@ struct ocfs2_acl_entry {
 };
 
 struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type);
-extern int ocfs2_acl_chmod(struct inode *);
-extern int ocfs2_init_acl(handle_t *, struct inode *, struct inode *,
-                         struct buffer_head *, struct buffer_head *,
-                         struct ocfs2_alloc_context *,
-                         struct ocfs2_alloc_context *);
+int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, int type);
+int ocfs2_set_acl(handle_t *handle,
+                        struct inode *inode,
+                        struct buffer_head *di_bh,
+                        int type,
+                        struct posix_acl *acl,
+                        struct ocfs2_alloc_context *meta_ac,
+                        struct ocfs2_alloc_context *data_ac);
 
 #endif /* OCFS2_ACL_H */
index 6fff128cad16164e0f10ca614db618e0af60768f..014a38e9006b34d370daa55c9a3590bc1dae0f6f 100644 (file)
@@ -1236,7 +1236,7 @@ bail:
                dqput(transfer_to[qtype]);
 
        if (!status && attr->ia_valid & ATTR_MODE) {
-               status = ocfs2_acl_chmod(inode);
+               status = posix_acl_chmod(inode, inode->i_mode);
                if (status < 0)
                        mlog_errno(status);
        }
@@ -2661,6 +2661,7 @@ const struct inode_operations ocfs2_file_iops = {
        .removexattr    = generic_removexattr,
        .fiemap         = ocfs2_fiemap,
        .get_acl        = ocfs2_iop_get_acl,
+       .set_acl        = ocfs2_iop_set_acl,
 };
 
 const struct inode_operations ocfs2_special_file_iops = {
@@ -2668,6 +2669,7 @@ const struct inode_operations ocfs2_special_file_iops = {
        .getattr        = ocfs2_getattr,
        .permission     = ocfs2_permission,
        .get_acl        = ocfs2_iop_get_acl,
+       .set_acl        = ocfs2_iop_set_acl,
 };
 
 /*
index 4f791f6d27d0463f8bef77dc20a5f5274df8ddea..c975eed2e713f1f3562fc541154ab0f74a170858 100644 (file)
@@ -230,6 +230,7 @@ static int ocfs2_mknod(struct inode *dir,
        struct ocfs2_dir_lookup_result lookup = { NULL, };
        sigset_t oldset;
        int did_block_signals = 0;
+       struct posix_acl *default_acl = NULL, *acl = NULL;
 
        trace_ocfs2_mknod(dir, dentry, dentry->d_name.len, dentry->d_name.name,
                          (unsigned long long)OCFS2_I(dir)->ip_blkno,
@@ -331,6 +332,12 @@ static int ocfs2_mknod(struct inode *dir,
                goto leave;
        }
 
+       status = posix_acl_create(dir, &mode, &default_acl, &acl);
+       if (status) {
+               mlog_errno(status);
+               goto leave;
+       }
+
        handle = ocfs2_start_trans(osb, ocfs2_mknod_credits(osb->sb,
                                                            S_ISDIR(mode),
                                                            xattr_credits));
@@ -379,8 +386,17 @@ static int ocfs2_mknod(struct inode *dir,
                inc_nlink(dir);
        }
 
-       status = ocfs2_init_acl(handle, inode, dir, new_fe_bh, parent_fe_bh,
-                               meta_ac, data_ac);
+       if (default_acl) {
+               status = ocfs2_set_acl(handle, inode, new_fe_bh,
+                                      ACL_TYPE_DEFAULT, default_acl,
+                                      meta_ac, data_ac);
+       }
+       if (!status && acl) {
+               status = ocfs2_set_acl(handle, inode, new_fe_bh,
+                                      ACL_TYPE_ACCESS, acl,
+                                      meta_ac, data_ac);
+       }
+
        if (status < 0) {
                mlog_errno(status);
                goto leave;
@@ -419,6 +435,10 @@ static int ocfs2_mknod(struct inode *dir,
        d_instantiate(dentry, inode);
        status = 0;
 leave:
+       if (default_acl)
+               posix_acl_release(default_acl);
+       if (acl)
+               posix_acl_release(acl);
        if (status < 0 && did_quota_inode)
                dquot_free_inode(inode);
        if (handle)
@@ -2504,4 +2524,5 @@ const struct inode_operations ocfs2_dir_iops = {
        .removexattr    = generic_removexattr,
        .fiemap         = ocfs2_fiemap,
        .get_acl        = ocfs2_iop_get_acl,
+       .set_acl        = ocfs2_iop_set_acl,
 };
index 55767e1ba72492431dcb3ae9fe204526d93f28d2..6ba4bcbc479601bcad6a98ba7a73ccc80dc40710 100644 (file)
@@ -46,6 +46,7 @@
 #include <linux/quotaops.h>
 #include <linux/namei.h>
 #include <linux/mount.h>
+#include <linux/posix_acl.h>
 
 struct ocfs2_cow_context {
        struct inode *inode;
@@ -4268,11 +4269,20 @@ static int ocfs2_reflink(struct dentry *old_dentry, struct inode *dir,
        struct inode *inode = old_dentry->d_inode;
        struct buffer_head *old_bh = NULL;
        struct inode *new_orphan_inode = NULL;
+       struct posix_acl *default_acl, *acl;
+       umode_t mode;
 
        if (!ocfs2_refcount_tree(OCFS2_SB(inode->i_sb)))
                return -EOPNOTSUPP;
 
-       error = ocfs2_create_inode_in_orphan(dir, inode->i_mode,
+       mode = inode->i_mode;
+       error = posix_acl_create(dir, &mode, &default_acl, &acl);
+       if (error) {
+               mlog_errno(error);
+               goto out;
+       }
+
+       error = ocfs2_create_inode_in_orphan(dir, mode,
                                             &new_orphan_inode);
        if (error) {
                mlog_errno(error);
@@ -4303,11 +4313,16 @@ static int ocfs2_reflink(struct dentry *old_dentry, struct inode *dir,
        /* If the security isn't preserved, we need to re-initialize them. */
        if (!preserve) {
                error = ocfs2_init_security_and_acl(dir, new_orphan_inode,
-                                                   &new_dentry->d_name);
+                                                   &new_dentry->d_name,
+                                                   default_acl, acl);
                if (error)
                        mlog_errno(error);
        }
 out:
+       if (default_acl)
+               posix_acl_release(default_acl);
+       if (acl)
+               posix_acl_release(acl);
        if (!error) {
                error = ocfs2_mv_orphaned_inode_to_new(dir, new_orphan_inode,
                                                       new_dentry);
index f0a1326d9bba89812f5ae736938ca3cfbee1284d..185fa3b7f962a482f06f9926cca946185672c7d6 100644 (file)
@@ -99,8 +99,8 @@ static struct ocfs2_xattr_def_value_root def_xv = {
 
 const struct xattr_handler *ocfs2_xattr_handlers[] = {
        &ocfs2_xattr_user_handler,
-       &ocfs2_xattr_acl_access_handler,
-       &ocfs2_xattr_acl_default_handler,
+       &posix_acl_access_xattr_handler,
+       &posix_acl_default_xattr_handler,
        &ocfs2_xattr_trusted_handler,
        &ocfs2_xattr_security_handler,
        NULL
@@ -109,9 +109,9 @@ const struct xattr_handler *ocfs2_xattr_handlers[] = {
 static const struct xattr_handler *ocfs2_xattr_handler_map[OCFS2_XATTR_MAX] = {
        [OCFS2_XATTR_INDEX_USER]        = &ocfs2_xattr_user_handler,
        [OCFS2_XATTR_INDEX_POSIX_ACL_ACCESS]
-                                       = &ocfs2_xattr_acl_access_handler,
+                                       = &posix_acl_access_xattr_handler,
        [OCFS2_XATTR_INDEX_POSIX_ACL_DEFAULT]
-                                       = &ocfs2_xattr_acl_default_handler,
+                                       = &posix_acl_default_xattr_handler,
        [OCFS2_XATTR_INDEX_TRUSTED]     = &ocfs2_xattr_trusted_handler,
        [OCFS2_XATTR_INDEX_SECURITY]    = &ocfs2_xattr_security_handler,
 };
@@ -7190,10 +7190,12 @@ out:
  */
 int ocfs2_init_security_and_acl(struct inode *dir,
                                struct inode *inode,
-                               const struct qstr *qstr)
+                               const struct qstr *qstr,
+                               struct posix_acl *default_acl,
+                               struct posix_acl *acl)
 {
-       int ret = 0;
        struct buffer_head *dir_bh = NULL;
+       int ret = 0;
 
        ret = ocfs2_init_security_get(inode, dir, qstr, NULL);
        if (ret) {
@@ -7207,9 +7209,10 @@ int ocfs2_init_security_and_acl(struct inode *dir,
                goto leave;
        }
 
-       ret = ocfs2_init_acl(NULL, inode, dir, NULL, dir_bh, NULL, NULL);
-       if (ret)
-               mlog_errno(ret);
+       if (!ret && default_acl)
+               ret = ocfs2_iop_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
+       if (!ret && acl)
+               ret = ocfs2_iop_set_acl(inode, acl, ACL_TYPE_ACCESS);
 
        ocfs2_inode_unlock(dir, 0);
        brelse(dir_bh);
index 19f134e896a9a8bdd69a387015819e4ebc3c2705..f10d5b93c366c8a7d12ddc1c90766ea88ed3dc56 100644 (file)
@@ -40,8 +40,6 @@ struct ocfs2_security_xattr_info {
 extern const struct xattr_handler ocfs2_xattr_user_handler;
 extern const struct xattr_handler ocfs2_xattr_trusted_handler;
 extern const struct xattr_handler ocfs2_xattr_security_handler;
-extern const struct xattr_handler ocfs2_xattr_acl_access_handler;
-extern const struct xattr_handler ocfs2_xattr_acl_default_handler;
 extern const struct xattr_handler *ocfs2_xattr_handlers[];
 
 ssize_t ocfs2_listxattr(struct dentry *, char *, size_t);
@@ -96,5 +94,7 @@ int ocfs2_reflink_xattrs(struct inode *old_inode,
                         bool preserve_security);
 int ocfs2_init_security_and_acl(struct inode *dir,
                                struct inode *inode,
-                               const struct qstr *qstr);
+                               const struct qstr *qstr,
+                               struct posix_acl *default_acl,
+                               struct posix_acl *acl);
 #endif /* OCFS2_XATTR_H */