aboutsummaryrefslogtreecommitdiffstats
path: root/fs/namei.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/namei.c')
-rw-r--r--fs/namei.c52
1 files changed, 49 insertions, 3 deletions
diff --git a/fs/namei.c b/fs/namei.c
index b7fad009bbf6..120efc76d3d0 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -32,6 +32,7 @@
32#include <linux/fcntl.h> 32#include <linux/fcntl.h>
33#include <linux/device_cgroup.h> 33#include <linux/device_cgroup.h>
34#include <linux/fs_struct.h> 34#include <linux/fs_struct.h>
35#include <linux/posix_acl.h>
35#include <asm/uaccess.h> 36#include <asm/uaccess.h>
36 37
37#include "internal.h" 38#include "internal.h"
@@ -173,12 +174,58 @@ void putname(const char *name)
173EXPORT_SYMBOL(putname); 174EXPORT_SYMBOL(putname);
174#endif 175#endif
175 176
177static int check_acl(struct inode *inode, int mask)
178{
179 struct posix_acl *acl;
180
181 /*
182 * Under RCU walk, we cannot even do a "get_cached_acl()",
183 * because that involves locking and getting a refcount on
184 * a cached ACL.
185 *
186 * So the only case we handle during RCU walking is the
187 * case of a cached "no ACL at all", which needs no locks
188 * or refcounts.
189 */
190 if (mask & MAY_NOT_BLOCK) {
191 if (negative_cached_acl(inode, ACL_TYPE_ACCESS))
192 return -EAGAIN;
193 return -ECHILD;
194 }
195
196 acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
197
198 /*
199 * A filesystem can force a ACL callback by just never
200 * filling the ACL cache. But normally you'd fill the
201 * cache either at inode instantiation time, or on the
202 * first ->check_acl call.
203 *
204 * If the filesystem doesn't have a check_acl() function
205 * at all, we'll just create the negative cache entry.
206 */
207 if (acl == ACL_NOT_CACHED) {
208 if (inode->i_op->check_acl)
209 return inode->i_op->check_acl(inode, mask);
210
211 set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
212 return -EAGAIN;
213 }
214
215 if (acl) {
216 int error = posix_acl_permission(inode, acl, mask);
217 posix_acl_release(acl);
218 return error;
219 }
220
221 return -EAGAIN;
222}
223
176/* 224/*
177 * This does basic POSIX ACL permission checking 225 * This does basic POSIX ACL permission checking
178 */ 226 */
179static int acl_permission_check(struct inode *inode, int mask) 227static int acl_permission_check(struct inode *inode, int mask)
180{ 228{
181 int (*check_acl)(struct inode *inode, int mask);
182 unsigned int mode = inode->i_mode; 229 unsigned int mode = inode->i_mode;
183 230
184 mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK; 231 mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
@@ -189,8 +236,7 @@ static int acl_permission_check(struct inode *inode, int mask)
189 if (current_fsuid() == inode->i_uid) 236 if (current_fsuid() == inode->i_uid)
190 mode >>= 6; 237 mode >>= 6;
191 else { 238 else {
192 check_acl = inode->i_op->check_acl; 239 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
193 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
194 int error = check_acl(inode, mask); 240 int error = check_acl(inode, mask);
195 if (error != -EAGAIN) 241 if (error != -EAGAIN)
196 return error; 242 return error;