Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...

[pandora-kernel.git] / fs / namei.c

diff --git a/fs/namei.c b/fs/namei.c
index b7fad00..f8c69d3 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -32,6 +32,7 @@
 #include <linux/fcntl.h>
 #include <linux/device_cgroup.h>
 #include <linux/fs_struct.h>
+#include <linux/posix_acl.h>
 #include <asm/uaccess.h>
 
 #include "internal.h"
@@ -173,12 +174,62 @@ void putname(const char *name)
 EXPORT_SYMBOL(putname);
 #endif
 
+static int check_acl(struct inode *inode, int mask)
+{
+#ifdef CONFIG_FS_POSIX_ACL
+       struct posix_acl *acl;
+
+       /*
+        * Under RCU walk, we cannot even do a "get_cached_acl()",
+        * because that involves locking and getting a refcount on
+        * a cached ACL.
+        *
+        * So the only case we handle during RCU walking is the
+        * case of a cached "no ACL at all", which needs no locks
+        * or refcounts.
+        */
+       if (mask & MAY_NOT_BLOCK) {
+               if (negative_cached_acl(inode, ACL_TYPE_ACCESS))
+                       return -EAGAIN;
+               return -ECHILD;
+       }
+
+       acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
+
+       /*
+        * A filesystem can force a ACL callback by just never filling the
+        * ACL cache. But normally you'd fill the cache either at inode
+        * instantiation time, or on the first ->get_acl call.
+        *
+        * If the filesystem doesn't have a get_acl() function at all, we'll
+        * just create the negative cache entry.
+        */
+       if (acl == ACL_NOT_CACHED) {
+               if (inode->i_op->get_acl) {
+                       acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
+                       if (IS_ERR(acl))
+                               return PTR_ERR(acl);
+               } else {
+                       set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
+                       return -EAGAIN;
+               }
+       }
+
+       if (acl) {
+               int error = posix_acl_permission(inode, acl, mask);
+               posix_acl_release(acl);
+               return error;
+       }
+#endif
+
+       return -EAGAIN;
+}
+
 /*
  * This does basic POSIX ACL permission checking
  */
 static int acl_permission_check(struct inode *inode, int mask)
 {
-       int (*check_acl)(struct inode *inode, int mask);
        unsigned int mode = inode->i_mode;
 
        mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
@@ -186,11 +237,10 @@ static int acl_permission_check(struct inode *inode, int mask)
        if (current_user_ns() != inode_userns(inode))
                goto other_perms;
 
-       if (current_fsuid() == inode->i_uid)
+       if (likely(current_fsuid() == inode->i_uid))
                mode >>= 6;
        else {
-               check_acl = inode->i_op->check_acl;
-               if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
+               if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
                        int error = check_acl(inode, mask);
                        if (error != -EAGAIN)
                                return error;