diff options
Diffstat (limited to 'fs/namei.c')
-rw-r--r-- | fs/namei.c | 52 |
1 files changed, 49 insertions, 3 deletions
diff --git a/fs/namei.c b/fs/namei.c index b7fad009bbf6..120efc76d3d0 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #include <linux/fcntl.h> | 32 | #include <linux/fcntl.h> |
33 | #include <linux/device_cgroup.h> | 33 | #include <linux/device_cgroup.h> |
34 | #include <linux/fs_struct.h> | 34 | #include <linux/fs_struct.h> |
35 | #include <linux/posix_acl.h> | ||
35 | #include <asm/uaccess.h> | 36 | #include <asm/uaccess.h> |
36 | 37 | ||
37 | #include "internal.h" | 38 | #include "internal.h" |
@@ -173,12 +174,58 @@ void putname(const char *name) | |||
173 | EXPORT_SYMBOL(putname); | 174 | EXPORT_SYMBOL(putname); |
174 | #endif | 175 | #endif |
175 | 176 | ||
177 | static int check_acl(struct inode *inode, int mask) | ||
178 | { | ||
179 | struct posix_acl *acl; | ||
180 | |||
181 | /* | ||
182 | * Under RCU walk, we cannot even do a "get_cached_acl()", | ||
183 | * because that involves locking and getting a refcount on | ||
184 | * a cached ACL. | ||
185 | * | ||
186 | * So the only case we handle during RCU walking is the | ||
187 | * case of a cached "no ACL at all", which needs no locks | ||
188 | * or refcounts. | ||
189 | */ | ||
190 | if (mask & MAY_NOT_BLOCK) { | ||
191 | if (negative_cached_acl(inode, ACL_TYPE_ACCESS)) | ||
192 | return -EAGAIN; | ||
193 | return -ECHILD; | ||
194 | } | ||
195 | |||
196 | acl = get_cached_acl(inode, ACL_TYPE_ACCESS); | ||
197 | |||
198 | /* | ||
199 | * A filesystem can force a ACL callback by just never | ||
200 | * filling the ACL cache. But normally you'd fill the | ||
201 | * cache either at inode instantiation time, or on the | ||
202 | * first ->check_acl call. | ||
203 | * | ||
204 | * If the filesystem doesn't have a check_acl() function | ||
205 | * at all, we'll just create the negative cache entry. | ||
206 | */ | ||
207 | if (acl == ACL_NOT_CACHED) { | ||
208 | if (inode->i_op->check_acl) | ||
209 | return inode->i_op->check_acl(inode, mask); | ||
210 | |||
211 | set_cached_acl(inode, ACL_TYPE_ACCESS, NULL); | ||
212 | return -EAGAIN; | ||
213 | } | ||
214 | |||
215 | if (acl) { | ||
216 | int error = posix_acl_permission(inode, acl, mask); | ||
217 | posix_acl_release(acl); | ||
218 | return error; | ||
219 | } | ||
220 | |||
221 | return -EAGAIN; | ||
222 | } | ||
223 | |||
176 | /* | 224 | /* |
177 | * This does basic POSIX ACL permission checking | 225 | * This does basic POSIX ACL permission checking |
178 | */ | 226 | */ |
179 | static int acl_permission_check(struct inode *inode, int mask) | 227 | static int acl_permission_check(struct inode *inode, int mask) |
180 | { | 228 | { |
181 | int (*check_acl)(struct inode *inode, int mask); | ||
182 | unsigned int mode = inode->i_mode; | 229 | unsigned int mode = inode->i_mode; |
183 | 230 | ||
184 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK; | 231 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK; |
@@ -189,8 +236,7 @@ static int acl_permission_check(struct inode *inode, int mask) | |||
189 | if (current_fsuid() == inode->i_uid) | 236 | if (current_fsuid() == inode->i_uid) |
190 | mode >>= 6; | 237 | mode >>= 6; |
191 | else { | 238 | else { |
192 | check_acl = inode->i_op->check_acl; | 239 | if (IS_POSIXACL(inode) && (mode & S_IRWXG)) { |
193 | if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { | ||
194 | int error = check_acl(inode, mask); | 240 | int error = check_acl(inode, mask); |
195 | if (error != -EAGAIN) | 241 | if (error != -EAGAIN) |
196 | return error; | 242 | return error; |