[PATCH 0/4] more ACL updates

[PATCH 0/4] more ACL updates

[Christoph Hellwig]

This is a followup to the ACL change in #untested.  Fix up lose ends
in a few filesystems, and take the core ACL checking into the VFS instead
of duplicating code in all filesystems.

[PATCH 1/4] 9p: do no return 0 from ->check_acl without actually checking

[Christoph Hellwig]

If we do not want to use ACLs we at least need to perform normal Unix
permission checks.  From the comment I'm not quite sure that's what
is intended, but if 0p wants to do permission checks entirely on the
server it needs to do so in ->permission, not in ->check_acl.

Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: linux-2.6/fs/9p/acl.c
===================================================================
--- linux-2.6.orig/fs/9p/acl.c	2011-07-23 16:39:19.200749795 +0200
+++ linux-2.6/fs/9p/acl.c	2011-07-23 16:39:24.690749763 +0200
@@ -108,7 +108,7 @@ int v9fs_check_acl(struct inode *inode,
 		 * On access = client  and acl = on mode get the acl
 		 * values from the server
 		 */
-		return 0;
+		return -EAGAIN;
 	}
 	acl = v9fs_get_cached_acl(inode, ACL_TYPE_ACCESS);
 

[PATCH 2/4] xfs: cache negative ACLs if there is no attribute fork

[Christoph Hellwig]

Always set up a negative ACL cache entry if the inode doesn't have an
attribute fork.  That behaves much better than doing this check inside
->check_acl.

Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: linux-2.6/fs/xfs/linux-2.6/xfs_acl.c
===================================================================
--- linux-2.6.orig/fs/xfs/linux-2.6/xfs_acl.c	2011-07-23 15:53:07.267433023 +0200
+++ linux-2.6/fs/xfs/linux-2.6/xfs_acl.c	2011-07-23 15:54:03.474099354 +0200
@@ -221,21 +221,10 @@ xfs_set_acl(struct inode *inode, int typ
 int
 xfs_check_acl(struct inode *inode, int mask)
 {
-	struct xfs_inode *ip;
 	struct posix_acl *acl;
 	int error = -EAGAIN;
 
-	ip = XFS_I(inode);
-	trace_xfs_check_acl(ip);
-
-	/*
-	 * If there is no attribute fork no ACL exists on this inode and
-	 * we can skip the whole exercise.
-	 *
-	 * FIXME! Fill the cache! Locking?
-	 */
-	if (!XFS_IFORK_Q(ip))
-		return -EAGAIN;
+	trace_xfs_check_acl(XFS_I(inode));
 
 	acl = xfs_get_acl(inode, ACL_TYPE_ACCESS);
 	if (IS_ERR(acl))
Index: linux-2.6/fs/xfs/linux-2.6/xfs_iops.c
===================================================================
--- linux-2.6.orig/fs/xfs/linux-2.6/xfs_iops.c	2011-07-23 15:54:59.134099020 +0200
+++ linux-2.6/fs/xfs/linux-2.6/xfs_iops.c	2011-07-23 15:56:58.634098306 +0200
@@ -1194,6 +1194,10 @@ xfs_setup_inode(
 		break;
 	}
 
+	/* if there is no attribute fork no ACL can exist on this inode */
+	if (!XFS_IFORK_Q(ip))
+		cache_no_acl(inode);
+
 	xfs_iflags_clear(ip, XFS_INEW);
 	barrier();
 

[PATCH 3/4] reiserfs: cache negative ACLs for v1 stat format

[Christoph Hellwig]

Always set up a negative ACL cache entry if the inode can't have ACLs.
That behaves much better than doing this check inside ->check_acl.

Also remove the left over MAY_NOT_BLOCK check.

Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: linux-2.6/fs/reiserfs/inode.c
===================================================================
--- linux-2.6.orig/fs/reiserfs/inode.c	2011-07-23 16:39:07.214083201 +0200
+++ linux-2.6/fs/reiserfs/inode.c	2011-07-23 16:39:41.154082998 +0200
@@ -1475,6 +1475,11 @@ void reiserfs_read_locked_inode(struct i
 
 	reiserfs_check_path(&path_to_sd);	/* init inode should be relsing */
 
+	/*
+	 * Stat data v1 doesn't support ACLs.
+	 */
+	if (get_inode_sd_version(inode) == STAT_DATA_V1)
+		cache_no_acl(inode);
 }
 
 /**
Index: linux-2.6/fs/reiserfs/xattr.c
===================================================================
--- linux-2.6.orig/fs/reiserfs/xattr.c	2011-07-23 16:39:07.230749867 +0200
+++ linux-2.6/fs/reiserfs/xattr.c	2011-07-23 16:39:41.157416331 +0200
@@ -872,15 +872,6 @@ int reiserfs_check_acl(struct inode *ino
 	struct posix_acl *acl;
 	int error = -EAGAIN; /* do regular unix permission checks by default */
 
-	/*
-	 * Stat data v1 doesn't support ACLs.
-	 */
-	if (get_inode_sd_version(inode) == STAT_DATA_V1)
-		return -EAGAIN;
-
-	if (mask & MAY_NOT_BLOCK)
-		return -ECHILD;
-
 	acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS);
 
 	if (acl) {

[PATCH 4/4] fs: take the ACL checks to common code

[Christoph Hellwig]

Replace the ->check_acl method with a ->get_acl method that simply reads an
ACL from disk after having a cache miss.  This means we can replace the ACL
checking boilerplate code with a single implementation in namei.c.

Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: linux-2.6/Documentation/filesystems/Locking
===================================================================
--- linux-2.6.orig/Documentation/filesystems/Locking	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/Documentation/filesystems/Locking	2011-07-23 16:40:31.834082695 +0200
@@ -52,7 +52,7 @@ ata *);
 	void (*put_link) (struct dentry *, struct nameidata *, void *);
 	void (*truncate) (struct inode *);
 	int (*permission) (struct inode *, int, unsigned int);
-	int (*check_acl)(struct inode *, int);
+	int (*get_acl)(struct inode *, int);
 	int (*setattr) (struct dentry *, struct iattr *);
 	int (*getattr) (struct vfsmount *, struct dentry *, struct kstat *);
 	int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
@@ -80,7 +80,7 @@ put_link:	no
 truncate:	yes		(see below)
 setattr:	yes
 permission:	no (may not block if called in rcu-walk mode)
-check_acl:	no
+get_acl:	no
 getattr:	no
 setxattr:	yes
 getxattr:	no
Index: linux-2.6/Documentation/filesystems/vfs.txt
===================================================================
--- linux-2.6.orig/Documentation/filesystems/vfs.txt	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/Documentation/filesystems/vfs.txt	2011-07-23 16:40:31.837416028 +0200
@@ -356,7 +356,7 @@ struct inode_operations {
         void (*put_link) (struct dentry *, struct nameidata *, void *);
 	void (*truncate) (struct inode *);
 	int (*permission) (struct inode *, int);
-	int (*check_acl)(struct inode *, int);
+	int (*get_acl)(struct inode *, int);
 	int (*setattr) (struct dentry *, struct iattr *);
 	int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
 	int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
Index: linux-2.6/fs/9p/acl.c
===================================================================
--- linux-2.6.orig/fs/9p/acl.c	2011-07-23 16:39:24.000000000 +0200
+++ linux-2.6/fs/9p/acl.c	2011-07-23 16:40:31.837416028 +0200
@@ -96,7 +96,7 @@ static struct posix_acl *v9fs_get_cached
 	return acl;
 }
 
-int v9fs_check_acl(struct inode *inode, int mask)
+struct posix_acl *v9fs_iop_get_acl(struct inode *inode, int type)
 {
 	struct posix_acl *acl;
 	struct v9fs_session_info *v9ses;
@@ -108,18 +108,10 @@ int v9fs_check_acl(struct inode *inode,
 		 * On access = client  and acl = on mode get the acl
 		 * values from the server
 		 */
-		return -EAGAIN;
+		return NULL;
 	}
-	acl = v9fs_get_cached_acl(inode, ACL_TYPE_ACCESS);
+	return v9fs_get_cached_acl(inode, type);
 
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-	return -EAGAIN;
 }
 
 static int v9fs_set_acl(struct dentry *dentry, int type, struct posix_acl *acl)
Index: linux-2.6/fs/9p/acl.h
===================================================================
--- linux-2.6.orig/fs/9p/acl.h	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/9p/acl.h	2011-07-23 16:40:31.840749361 +0200
@@ -16,14 +16,14 @@
 
 #ifdef CONFIG_9P_FS_POSIX_ACL
 extern int v9fs_get_acl(struct inode *, struct p9_fid *);
-extern int v9fs_check_acl(struct inode *inode, int mask);
+extern struct posix_acl *v9fs_iop_get_acl(struct inode *inode, int type);
 extern int v9fs_acl_chmod(struct dentry *);
 extern int v9fs_set_create_acl(struct dentry *,
 			       struct posix_acl **, struct posix_acl **);
 extern int v9fs_acl_mode(struct inode *dir, mode_t *modep,
 			 struct posix_acl **dpacl, struct posix_acl **pacl);
 #else
-#define v9fs_check_acl NULL
+#define v9fs_iop_get_acl NULL
 static inline int v9fs_get_acl(struct inode *inode, struct p9_fid *fid)
 {
 	return 0;
Index: linux-2.6/fs/9p/vfs_inode_dotl.c
===================================================================
--- linux-2.6.orig/fs/9p/vfs_inode_dotl.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/9p/vfs_inode_dotl.c	2011-07-23 16:40:31.840749361 +0200
@@ -872,7 +872,7 @@ const struct inode_operations v9fs_dir_i
 	.getxattr = generic_getxattr,
 	.removexattr = generic_removexattr,
 	.listxattr = v9fs_listxattr,
-	.check_acl = v9fs_check_acl,
+	.get_acl = v9fs_iop_get_acl,
 };
 
 const struct inode_operations v9fs_file_inode_operations_dotl = {
@@ -882,7 +882,7 @@ const struct inode_operations v9fs_file_
 	.getxattr = generic_getxattr,
 	.removexattr = generic_removexattr,
 	.listxattr = v9fs_listxattr,
-	.check_acl = v9fs_check_acl,
+	.get_acl = v9fs_iop_get_acl,
 };
 
 const struct inode_operations v9fs_symlink_inode_operations_dotl = {
Index: linux-2.6/fs/btrfs/acl.c
===================================================================
--- linux-2.6.orig/fs/btrfs/acl.c	2011-07-23 16:38:20.777416812 +0200
+++ linux-2.6/fs/btrfs/acl.c	2011-07-23 16:40:31.844082695 +0200
@@ -30,7 +30,7 @@
 
 #ifdef CONFIG_BTRFS_FS_POSIX_ACL
 
-static struct posix_acl *btrfs_get_acl(struct inode *inode, int type)
+struct posix_acl *btrfs_get_acl(struct inode *inode, int type)
 {
 	int size;
 	const char *name;
@@ -195,22 +195,6 @@ out:
 	return ret;
 }
 
-int btrfs_check_acl(struct inode *inode, int mask)
-{
-	int error = -EAGAIN;
-	struct posix_acl *acl;
-
-	acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-	}
-
-	return error;
-}
-
 /*
  * btrfs_init_acl is already generally called under fs_mutex, so the locking
  * stuff has been fixed to work with that.  If the locking stuff changes, we
Index: linux-2.6/fs/btrfs/ctree.h
===================================================================
--- linux-2.6.orig/fs/btrfs/ctree.h	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/btrfs/ctree.h	2011-07-23 16:40:31.844082695 +0200
@@ -2645,9 +2645,9 @@ do {								\
 
 /* acl.c */
 #ifdef CONFIG_BTRFS_FS_POSIX_ACL
-int btrfs_check_acl(struct inode *inode, int mask);
+struct posix_acl *btrfs_get_acl(struct inode *inode, int type);
 #else
-#define btrfs_check_acl NULL
+#define btrfs_get_acl NULL
 #endif
 int btrfs_init_acl(struct btrfs_trans_handle *trans,
 		   struct inode *inode, struct inode *dir);
Index: linux-2.6/fs/btrfs/inode.c
===================================================================
--- linux-2.6.orig/fs/btrfs/inode.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/btrfs/inode.c	2011-07-23 16:40:31.847416028 +0200
@@ -7351,12 +7351,12 @@ static const struct inode_operations btr
 	.listxattr	= btrfs_listxattr,
 	.removexattr	= btrfs_removexattr,
 	.permission	= btrfs_permission,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 static const struct inode_operations btrfs_dir_ro_inode_operations = {
 	.lookup		= btrfs_lookup,
 	.permission	= btrfs_permission,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 
 static const struct file_operations btrfs_dir_file_operations = {
@@ -7425,7 +7425,7 @@ static const struct inode_operations btr
 	.removexattr	= btrfs_removexattr,
 	.permission	= btrfs_permission,
 	.fiemap		= btrfs_fiemap,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 static const struct inode_operations btrfs_special_inode_operations = {
 	.getattr	= btrfs_getattr,
@@ -7435,7 +7435,7 @@ static const struct inode_operations btr
 	.getxattr	= btrfs_getxattr,
 	.listxattr	= btrfs_listxattr,
 	.removexattr	= btrfs_removexattr,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 static const struct inode_operations btrfs_symlink_inode_operations = {
 	.readlink	= generic_readlink,
@@ -7447,7 +7447,7 @@ static const struct inode_operations btr
 	.getxattr	= btrfs_getxattr,
 	.listxattr	= btrfs_listxattr,
 	.removexattr	= btrfs_removexattr,
-	.check_acl	= btrfs_check_acl,
+	.get_acl	= btrfs_get_acl,
 };
 
 const struct dentry_operations btrfs_dentry_operations = {
Index: linux-2.6/fs/ext2/acl.c
===================================================================
--- linux-2.6.orig/fs/ext2/acl.c	2011-07-23 16:38:20.814083477 +0200
+++ linux-2.6/fs/ext2/acl.c	2011-07-23 16:40:31.850749361 +0200
@@ -128,7 +128,7 @@ fail:
 /*
  * inode->i_mutex: don't care
  */
-static struct posix_acl *
+struct posix_acl *
 ext2_get_acl(struct inode *inode, int type)
 {
 	int name_index;
@@ -231,23 +231,6 @@ ext2_set_acl(struct inode *inode, int ty
 	return error;
 }
 
-int
-ext2_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = ext2_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
-}
-
 /*
  * Initialize the ACLs of a new inode. Called from ext2_new_inode.
  *
Index: linux-2.6/fs/ext2/acl.h
===================================================================
--- linux-2.6.orig/fs/ext2/acl.h	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext2/acl.h	2011-07-23 16:40:31.850749361 +0200
@@ -54,13 +54,13 @@ static inline int ext2_acl_count(size_t
 #ifdef CONFIG_EXT2_FS_POSIX_ACL
 
 /* acl.c */
-extern int ext2_check_acl (struct inode *, int);
+extern struct posix_acl *ext2_get_acl(struct inode *inode, int type);
 extern int ext2_acl_chmod (struct inode *);
 extern int ext2_init_acl (struct inode *, struct inode *);
 
 #else
 #include <linux/sched.h>
-#define ext2_check_acl	NULL
+#define ext2_get_acl	NULL
 #define ext2_get_acl	NULL
 #define ext2_set_acl	NULL
 
Index: linux-2.6/fs/ext2/file.c
===================================================================
--- linux-2.6.orig/fs/ext2/file.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext2/file.c	2011-07-23 16:40:31.850749361 +0200
@@ -102,6 +102,6 @@ const struct inode_operations ext2_file_
 	.removexattr	= generic_removexattr,
 #endif
 	.setattr	= ext2_setattr,
-	.check_acl	= ext2_check_acl,
+	.get_acl	= ext2_get_acl,
 	.fiemap		= ext2_fiemap,
 };
Index: linux-2.6/fs/ext2/namei.c
===================================================================
--- linux-2.6.orig/fs/ext2/namei.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext2/namei.c	2011-07-23 16:40:31.850749361 +0200
@@ -408,7 +408,7 @@ const struct inode_operations ext2_dir_i
 	.removexattr	= generic_removexattr,
 #endif
 	.setattr	= ext2_setattr,
-	.check_acl	= ext2_check_acl,
+	.get_acl	= ext2_get_acl,
 };
 
 const struct inode_operations ext2_special_inode_operations = {
@@ -419,5 +419,5 @@ const struct inode_operations ext2_speci
 	.removexattr	= generic_removexattr,
 #endif
 	.setattr	= ext2_setattr,
-	.check_acl	= ext2_check_acl,
+	.get_acl	= ext2_get_acl,
 };
Index: linux-2.6/fs/ext3/acl.c
===================================================================
--- linux-2.6.orig/fs/ext3/acl.c	2011-07-23 16:38:20.860750145 +0200
+++ linux-2.6/fs/ext3/acl.c	2011-07-23 16:40:31.854082695 +0200
@@ -131,7 +131,7 @@ fail:
  *
  * inode->i_mutex: don't care
  */
-static struct posix_acl *
+struct posix_acl *
 ext3_get_acl(struct inode *inode, int type)
 {
 	int name_index;
@@ -239,23 +239,6 @@ ext3_set_acl(handle_t *handle, struct in
 	return error;
 }
 
-int
-ext3_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = ext3_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
-}
-
 /*
  * Initialize the ACLs of a new inode. Called from ext3_new_inode.
  *
Index: linux-2.6/fs/ext3/acl.h
===================================================================
--- linux-2.6.orig/fs/ext3/acl.h	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext3/acl.h	2011-07-23 16:40:31.854082695 +0200
@@ -54,13 +54,13 @@ static inline int ext3_acl_count(size_t
 #ifdef CONFIG_EXT3_FS_POSIX_ACL
 
 /* acl.c */
-extern int ext3_check_acl (struct inode *, int);
+extern struct posix_acl *ext3_get_acl(struct inode *inode, int type);
 extern int ext3_acl_chmod (struct inode *);
 extern int ext3_init_acl (handle_t *, struct inode *, struct inode *);
 
 #else  /* CONFIG_EXT3_FS_POSIX_ACL */
 #include <linux/sched.h>
-#define ext3_check_acl NULL
+#define ext3_get_acl NULL
 
 static inline int
 ext3_acl_chmod(struct inode *inode)
Index: linux-2.6/fs/ext3/file.c
===================================================================
--- linux-2.6.orig/fs/ext3/file.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext3/file.c	2011-07-23 16:40:31.854082695 +0200
@@ -79,7 +79,7 @@ const struct inode_operations ext3_file_
 	.listxattr	= ext3_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext3_check_acl,
+	.get_acl	= ext3_get_acl,
 	.fiemap		= ext3_fiemap,
 };
 
Index: linux-2.6/fs/ext3/namei.c
===================================================================
--- linux-2.6.orig/fs/ext3/namei.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext3/namei.c	2011-07-23 16:40:31.854082695 +0200
@@ -2529,7 +2529,7 @@ const struct inode_operations ext3_dir_i
 	.listxattr	= ext3_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext3_check_acl,
+	.get_acl	= ext3_get_acl,
 };
 
 const struct inode_operations ext3_special_inode_operations = {
@@ -2540,5 +2540,5 @@ const struct inode_operations ext3_speci
 	.listxattr	= ext3_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext3_check_acl,
+	.get_acl	= ext3_get_acl,
 };
Index: linux-2.6/fs/ext4/acl.c
===================================================================
--- linux-2.6.orig/fs/ext4/acl.c	2011-07-23 16:38:20.907416811 +0200
+++ linux-2.6/fs/ext4/acl.c	2011-07-23 16:40:31.857416028 +0200
@@ -131,7 +131,7 @@ fail:
  *
  * inode->i_mutex: don't care
  */
-static struct posix_acl *
+struct posix_acl *
 ext4_get_acl(struct inode *inode, int type)
 {
 	int name_index;
@@ -237,23 +237,6 @@ ext4_set_acl(handle_t *handle, struct in
 	return error;
 }
 
-int
-ext4_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = ext4_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
-}
-
 /*
  * Initialize the ACLs of a new inode. Called from ext4_new_inode.
  *
Index: linux-2.6/fs/ext4/acl.h
===================================================================
--- linux-2.6.orig/fs/ext4/acl.h	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext4/acl.h	2011-07-23 16:40:31.857416028 +0200
@@ -54,13 +54,13 @@ static inline int ext4_acl_count(size_t
 #ifdef CONFIG_EXT4_FS_POSIX_ACL
 
 /* acl.c */
-extern int ext4_check_acl(struct inode *, int);
+struct posix_acl *ext4_get_acl(struct inode *inode, int type);
 extern int ext4_acl_chmod(struct inode *);
 extern int ext4_init_acl(handle_t *, struct inode *, struct inode *);
 
 #else  /* CONFIG_EXT4_FS_POSIX_ACL */
 #include <linux/sched.h>
-#define ext4_check_acl NULL
+#define ext4_get_acl NULL
 
 static inline int
 ext4_acl_chmod(struct inode *inode)
Index: linux-2.6/fs/ext4/file.c
===================================================================
--- linux-2.6.orig/fs/ext4/file.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext4/file.c	2011-07-23 16:40:31.857416028 +0200
@@ -301,7 +301,7 @@ const struct inode_operations ext4_file_
 	.listxattr	= ext4_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext4_check_acl,
+	.get_acl	= ext4_get_acl,
 	.fiemap		= ext4_fiemap,
 };
 
Index: linux-2.6/fs/ext4/namei.c
===================================================================
--- linux-2.6.orig/fs/ext4/namei.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/ext4/namei.c	2011-07-23 16:40:31.857416028 +0200
@@ -2590,7 +2590,7 @@ const struct inode_operations ext4_dir_i
 	.listxattr	= ext4_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext4_check_acl,
+	.get_acl	= ext4_get_acl,
 	.fiemap         = ext4_fiemap,
 };
 
@@ -2602,5 +2602,5 @@ const struct inode_operations ext4_speci
 	.listxattr	= ext4_listxattr,
 	.removexattr	= generic_removexattr,
 #endif
-	.check_acl	= ext4_check_acl,
+	.get_acl	= ext4_get_acl,
 };
Index: linux-2.6/fs/generic_acl.c
===================================================================
--- linux-2.6.orig/fs/generic_acl.c	2011-07-23 16:38:20.954083477 +0200
+++ linux-2.6/fs/generic_acl.c	2011-07-23 16:40:31.860749361 +0200
@@ -173,20 +173,6 @@ generic_acl_chmod(struct inode *inode)
 	return error;
 }
 
-int
-generic_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-	return -EAGAIN;
-}
-
 const struct xattr_handler generic_acl_access_handler = {
 	.prefix = POSIX_ACL_XATTR_ACCESS,
 	.flags	= ACL_TYPE_ACCESS,
Index: linux-2.6/fs/gfs2/acl.c
===================================================================
--- linux-2.6.orig/fs/gfs2/acl.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/gfs2/acl.c	2011-07-23 16:40:31.860749361 +0200
@@ -67,30 +67,9 @@ static struct posix_acl *gfs2_acl_get(st
 	return acl;
 }
 
-/**
- * gfs2_check_acl - Check an ACL to see if we're allowed to do something
- * @inode: the file we want to do something to
- * @mask: what we want to do
- *
- * Returns: errno
- */
-
-int gfs2_check_acl(struct inode *inode, int mask)
+struct posix_acl *gfs2_get_acl(struct inode *inode, int type)
 {
-	struct posix_acl *acl;
-	int error;
-
-	acl = gfs2_acl_get(GFS2_I(inode), ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-
-	if (acl) {
-		error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
+	return gfs2_acl_get(GFS2_I(inode), type);
 }
 
 static int gfs2_set_mode(struct inode *inode, mode_t mode)
Index: linux-2.6/fs/gfs2/acl.h
===================================================================
--- linux-2.6.orig/fs/gfs2/acl.h	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/gfs2/acl.h	2011-07-23 16:55:07.950744127 +0200
@@ -16,7 +16,7 @@
 #define GFS2_POSIX_ACL_DEFAULT		"posix_acl_default"
 #define GFS2_ACL_MAX_ENTRIES		25
 
-extern int gfs2_check_acl(struct inode *inode, int mask);
+extern struct posix_acl *gfs2_get_acl(struct inode *inode, int type);
 extern int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode);
 extern int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr);
 extern const struct xattr_handler gfs2_xattr_system_handler;
Index: linux-2.6/fs/gfs2/inode.c
===================================================================
--- linux-2.6.orig/fs/gfs2/inode.c	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/fs/gfs2/inode.c	2011-07-23 16:40:31.860749361 +0200
@@ -1846,7 +1846,7 @@ const struct inode_operations gfs2_file_
 	.listxattr = gfs2_listxattr,
 	.removexattr = gfs2_removexattr,
 	.fiemap = gfs2_fiemap,
-	.check_acl = gfs2_check_acl,
+	.get_acl = gfs2_get_acl,
 };
 
 const struct inode_operations gfs2_dir_iops = {
@@ -1867,7 +1867,7 @@ const struct inode_operations gfs2_dir_i
 	.listxattr = gfs2_listxattr,
 	.removexattr = gfs2_removexattr,
 	.fiemap = gfs2_fiemap,
-	.check_acl = gfs2_check_acl,
+	.get_acl = gfs2_get_acl,
 };
 
 const struct inode_operations gfs2_symlink_iops = {
@@ -1882,6 +1882,6 @@ const struct inode_operations gfs2_symli
 	.listxattr = gfs2_listxattr,
 	.removexattr = gfs2_removexattr,
 	.fiemap = gfs2_fiemap,
-	.check_acl = gfs2_check_acl,
+	.get_acl = gfs2_get_acl,
 };
 
Index: linux-2.6/fs/jffs2/acl.c
===================================================================
--- linux-2.6.orig/fs/jffs2/acl.c	2011-07-23 16:38:21.000750144 +0200
+++ linux-2.6/fs/jffs2/acl.c	2011-07-23 16:40:31.864082694 +0200
@@ -156,7 +156,7 @@ static void *jffs2_acl_to_medium(const s
 	return ERR_PTR(-EINVAL);
 }
 
-static struct posix_acl *jffs2_get_acl(struct inode *inode, int type)
+struct posix_acl *jffs2_get_acl(struct inode *inode, int type)
 {
 	struct posix_acl *acl;
 	char *value = NULL;
@@ -259,22 +259,6 @@ static int jffs2_set_acl(struct inode *i
 	return rc;
 }
 
-int jffs2_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-	int rc;
-
-	acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		rc = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return rc;
-	}
-	return -EAGAIN;
-}
-
 int jffs2_init_acl_pre(struct inode *dir_i, struct inode *inode, int *i_mode)
 {
 	struct posix_acl *acl;
Index: linux-2.6/fs/jffs2/acl.h
===================================================================
--- linux-2.6.orig/fs/jffs2/acl.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/jffs2/acl.h	2011-07-23 16:40:31.864082694 +0200
@@ -26,7 +26,7 @@ struct jffs2_acl_header {
 
 #ifdef CONFIG_JFFS2_FS_POSIX_ACL
 
-extern int jffs2_check_acl(struct inode *, int);
+struct posix_acl *jffs2_get_acl(struct inode *inode, int type);
 extern int jffs2_acl_chmod(struct inode *);
 extern int jffs2_init_acl_pre(struct inode *, struct inode *, int *);
 extern int jffs2_init_acl_post(struct inode *);
@@ -36,7 +36,7 @@ extern const struct xattr_handler jffs2_
 
 #else
 
-#define jffs2_check_acl				(NULL)
+#define jffs2_get_acl				(NULL)
 #define jffs2_acl_chmod(inode)			(0)
 #define jffs2_init_acl_pre(dir_i,inode,mode)	(0)
 #define jffs2_init_acl_post(inode)		(0)
Index: linux-2.6/fs/jffs2/dir.c
===================================================================
--- linux-2.6.orig/fs/jffs2/dir.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/jffs2/dir.c	2011-07-23 16:40:31.864082694 +0200
@@ -56,7 +56,7 @@ const struct inode_operations jffs2_dir_
 	.rmdir =	jffs2_rmdir,
 	.mknod =	jffs2_mknod,
 	.rename =	jffs2_rename,
-	.check_acl =	jffs2_check_acl,
+	.get_acl =	jffs2_get_acl,
 	.setattr =	jffs2_setattr,
 	.setxattr =	jffs2_setxattr,
 	.getxattr =	jffs2_getxattr,
Index: linux-2.6/fs/jffs2/file.c
===================================================================
--- linux-2.6.orig/fs/jffs2/file.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/jffs2/file.c	2011-07-23 16:40:31.864082694 +0200
@@ -63,7 +63,7 @@ const struct file_operations jffs2_file_
 
 const struct inode_operations jffs2_file_inode_operations =
 {
-	.check_acl =	jffs2_check_acl,
+	.get_acl =	jffs2_get_acl,
 	.setattr =	jffs2_setattr,
 	.setxattr =	jffs2_setxattr,
 	.getxattr =	jffs2_getxattr,
Index: linux-2.6/fs/jffs2/symlink.c
===================================================================
--- linux-2.6.orig/fs/jffs2/symlink.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/jffs2/symlink.c	2011-07-23 16:40:31.864082694 +0200
@@ -20,7 +20,7 @@ const struct inode_operations jffs2_syml
 {
 	.readlink =	generic_readlink,
 	.follow_link =	jffs2_follow_link,
-	.check_acl =	jffs2_check_acl,
+	.get_acl =	jffs2_get_acl,
 	.setattr =	jffs2_setattr,
 	.setxattr =	jffs2_setxattr,
 	.getxattr =	jffs2_getxattr,
Index: linux-2.6/fs/jfs/acl.c
===================================================================
--- linux-2.6.orig/fs/jfs/acl.c	2011-07-23 16:38:21.057416809 +0200
+++ linux-2.6/fs/jfs/acl.c	2011-07-23 16:40:31.867416028 +0200
@@ -27,7 +27,7 @@
 #include "jfs_xattr.h"
 #include "jfs_acl.h"
 
-static struct posix_acl *jfs_get_acl(struct inode *inode, int type)
+struct posix_acl *jfs_get_acl(struct inode *inode, int type)
 {
 	struct posix_acl *acl;
 	char *ea_name;
@@ -114,22 +114,6 @@ out:
 	return rc;
 }
 
-int jfs_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-
-	acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		int error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return error;
-	}
-
-	return -EAGAIN;
-}
-
 int jfs_init_acl(tid_t tid, struct inode *inode, struct inode *dir)
 {
 	struct posix_acl *acl = NULL;
Index: linux-2.6/fs/jfs/file.c
===================================================================
--- linux-2.6.orig/fs/jfs/file.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/jfs/file.c	2011-07-23 16:40:31.867416028 +0200
@@ -140,7 +140,7 @@ const struct inode_operations jfs_file_i
 	.removexattr	= jfs_removexattr,
 	.setattr	= jfs_setattr,
 #ifdef CONFIG_JFS_POSIX_ACL
-	.check_acl	= jfs_check_acl,
+	.get_acl	= jfs_get_acl,
 #endif
 };
 
Index: linux-2.6/fs/jfs/jfs_acl.h
===================================================================
--- linux-2.6.orig/fs/jfs/jfs_acl.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/jfs/jfs_acl.h	2011-07-23 16:40:31.867416028 +0200
@@ -20,7 +20,7 @@
 
 #ifdef CONFIG_JFS_POSIX_ACL
 
-int jfs_check_acl(struct inode *, int);
+struct posix_acl *jfs_get_acl(struct inode *inode, int type);
 int jfs_init_acl(tid_t, struct inode *, struct inode *);
 int jfs_acl_chmod(struct inode *inode);
 
Index: linux-2.6/fs/jfs/namei.c
===================================================================
--- linux-2.6.orig/fs/jfs/namei.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/jfs/namei.c	2011-07-23 16:40:31.867416028 +0200
@@ -1537,7 +1537,7 @@ const struct inode_operations jfs_dir_in
 	.removexattr	= jfs_removexattr,
 	.setattr	= jfs_setattr,
 #ifdef CONFIG_JFS_POSIX_ACL
-	.check_acl	= jfs_check_acl,
+	.get_acl	= jfs_get_acl,
 #endif
 };
 
Index: linux-2.6/fs/namei.c
===================================================================
--- linux-2.6.orig/fs/namei.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/namei.c	2011-07-23 16:40:31.867416028 +0200
@@ -196,20 +196,22 @@ static int check_acl(struct inode *inode
 	acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
 
 	/*
-	 * A filesystem can force a ACL callback by just never
-	 * filling the ACL cache. But normally you'd fill the
-	 * cache either at inode instantiation time, or on the
-	 * first ->check_acl call.
+	 * A filesystem can force a ACL callback by just never filling the
+	 * ACL cache. But normally you'd fill the cache either at inode
+	 * instantiation time, or on the first ->get_acl call.
 	 *
-	 * If the filesystem doesn't have a check_acl() function
-	 * at all, we'll just create the negative cache entry.
+	 * If the filesystem doesn't have a get_acl() function at all, we'll
+	 * just create the negative cache entry.
 	 */
 	if (acl == ACL_NOT_CACHED) {
-	        if (inode->i_op->check_acl)
-	                return inode->i_op->check_acl(inode, mask);
-
-	        set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
-	        return -EAGAIN;
+	        if (inode->i_op->get_acl) {
+			acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
+			if (IS_ERR(acl))
+				return PTR_ERR(acl);
+		} else {
+		        set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
+		        return -EAGAIN;
+		}
 	}
 
 	if (acl) {
Index: linux-2.6/fs/ocfs2/acl.c
===================================================================
--- linux-2.6.orig/fs/ocfs2/acl.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/ocfs2/acl.c	2011-07-23 16:40:31.867416028 +0200
@@ -290,7 +290,7 @@ static int ocfs2_set_acl(handle_t *handl
 	return ret;
 }
 
-int ocfs2_check_acl(struct inode *inode, int mask)
+struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type)
 {
 	struct ocfs2_super *osb;
 	struct buffer_head *di_bh = NULL;
@@ -299,29 +299,17 @@ int ocfs2_check_acl(struct inode *inode,
 
 	osb = OCFS2_SB(inode->i_sb);
 	if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
-		return ret;
+		return NULL;
 
 	ret = ocfs2_read_inode_block(inode, &di_bh);
-	if (ret < 0) {
-		mlog_errno(ret);
-		return ret;
-	}
+	if (ret < 0)
+		return ERR_PTR(ret);
 
-	acl = ocfs2_get_acl_nolock(inode, ACL_TYPE_ACCESS, di_bh);
+	acl = ocfs2_get_acl_nolock(inode, type, di_bh);
 
 	brelse(di_bh);
 
-	if (IS_ERR(acl)) {
-		mlog_errno(PTR_ERR(acl));
-		return PTR_ERR(acl);
-	}
-	if (acl) {
-		ret = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-		return ret;
-	}
-
-	return -EAGAIN;
+	return acl;
 }
 
 int ocfs2_acl_chmod(struct inode *inode)
Index: linux-2.6/fs/ocfs2/acl.h
===================================================================
--- linux-2.6.orig/fs/ocfs2/acl.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/ocfs2/acl.h	2011-07-23 16:40:31.870749362 +0200
@@ -26,7 +26,7 @@ struct ocfs2_acl_entry {
 	__le32 e_id;
 };
 
-extern int ocfs2_check_acl(struct inode *, int);
+struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type);
 extern int ocfs2_acl_chmod(struct inode *);
 extern int ocfs2_init_acl(handle_t *, struct inode *, struct inode *,
 			  struct buffer_head *, struct buffer_head *,
Index: linux-2.6/fs/ocfs2/file.c
===================================================================
--- linux-2.6.orig/fs/ocfs2/file.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/ocfs2/file.c	2011-07-23 16:59:31.230742555 +0200
@@ -2600,14 +2600,14 @@ const struct inode_operations ocfs2_file
 	.listxattr	= ocfs2_listxattr,
 	.removexattr	= generic_removexattr,
 	.fiemap		= ocfs2_fiemap,
-	.check_acl	= ocfs2_check_acl,
+	.get_acl	= ocfs2_iop_get_acl,
 };
 
 const struct inode_operations ocfs2_special_file_iops = {
 	.setattr	= ocfs2_setattr,
 	.getattr	= ocfs2_getattr,
 	.permission	= ocfs2_permission,
-	.check_acl	= ocfs2_check_acl,
+	.get_acl	= ocfs2_iop_get_acl,
 };
 
 /*
Index: linux-2.6/fs/ocfs2/namei.c
===================================================================
--- linux-2.6.orig/fs/ocfs2/namei.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/ocfs2/namei.c	2011-07-23 16:59:39.900742503 +0200
@@ -2498,5 +2498,5 @@ const struct inode_operations ocfs2_dir_
 	.listxattr	= ocfs2_listxattr,
 	.removexattr	= generic_removexattr,
 	.fiemap         = ocfs2_fiemap,
-	.check_acl	= ocfs2_check_acl,
+	.get_acl	= ocfs2_iop_get_acl,
 };
Index: linux-2.6/fs/reiserfs/file.c
===================================================================
--- linux-2.6.orig/fs/reiserfs/file.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/reiserfs/file.c	2011-07-23 16:40:31.870749362 +0200
@@ -319,5 +319,5 @@ const struct inode_operations reiserfs_f
 	.listxattr = reiserfs_listxattr,
 	.removexattr = reiserfs_removexattr,
 	.permission = reiserfs_permission,
-	.check_acl = reiserfs_check_acl,
+	.get_acl = reiserfs_get_acl,
 };
Index: linux-2.6/fs/reiserfs/namei.c
===================================================================
--- linux-2.6.orig/fs/reiserfs/namei.c	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/reiserfs/namei.c	2011-07-23 16:40:31.870749362 +0200
@@ -1529,7 +1529,7 @@ const struct inode_operations reiserfs_d
 	.listxattr = reiserfs_listxattr,
 	.removexattr = reiserfs_removexattr,
 	.permission = reiserfs_permission,
-	.check_acl = reiserfs_check_acl,
+	.get_acl = reiserfs_get_acl,
 };
 
 /*
@@ -1546,7 +1546,7 @@ const struct inode_operations reiserfs_s
 	.listxattr = reiserfs_listxattr,
 	.removexattr = reiserfs_removexattr,
 	.permission = reiserfs_permission,
-	.check_acl = reiserfs_check_acl,
+	.get_acl = reiserfs_get_acl,
 
 };
 
@@ -1560,5 +1560,5 @@ const struct inode_operations reiserfs_s
 	.listxattr = reiserfs_listxattr,
 	.removexattr = reiserfs_removexattr,
 	.permission = reiserfs_permission,
-	.check_acl = reiserfs_check_acl,
+	.get_acl = reiserfs_get_acl,
 };
Index: linux-2.6/fs/xfs/linux-2.6/xfs_acl.c
===================================================================
--- linux-2.6.orig/fs/xfs/linux-2.6/xfs_acl.c	2011-07-23 16:39:40.724083000 +0200
+++ linux-2.6/fs/xfs/linux-2.6/xfs_acl.c	2011-07-23 16:40:31.874082696 +0200
@@ -114,6 +114,8 @@ xfs_get_acl(struct inode *inode, int typ
 	if (acl != ACL_NOT_CACHED)
 		return acl;
 
+	trace_xfs_get_acl(ip);
+
 	switch (type) {
 	case ACL_TYPE_ACCESS:
 		ea_name = SGI_ACL_FILE;
@@ -218,25 +220,6 @@ xfs_set_acl(struct inode *inode, int typ
 	return error;
 }
 
-int
-xfs_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-	int error = -EAGAIN;
-
-	trace_xfs_check_acl(XFS_I(inode));
-
-	acl = xfs_get_acl(inode, ACL_TYPE_ACCESS);
-	if (IS_ERR(acl))
-		return PTR_ERR(acl);
-	if (acl) {
-		error = posix_acl_permission(inode, acl, mask);
-		posix_acl_release(acl);
-	}
-
-	return error;
-}
-
 static int
 xfs_set_mode(struct inode *inode, mode_t mode)
 {
Index: linux-2.6/fs/xfs/linux-2.6/xfs_iops.c
===================================================================
--- linux-2.6.orig/fs/xfs/linux-2.6/xfs_iops.c	2011-07-23 16:39:40.000000000 +0200
+++ linux-2.6/fs/xfs/linux-2.6/xfs_iops.c	2011-07-23 16:40:31.874082696 +0200
@@ -1022,7 +1022,7 @@ xfs_vn_fiemap(
 }
 
 static const struct inode_operations xfs_inode_operations = {
-	.check_acl		= xfs_check_acl,
+	.get_acl		= xfs_get_acl,
 	.getattr		= xfs_vn_getattr,
 	.setattr		= xfs_vn_setattr,
 	.setxattr		= generic_setxattr,
@@ -1048,7 +1048,7 @@ static const struct inode_operations xfs
 	.rmdir			= xfs_vn_unlink,
 	.mknod			= xfs_vn_mknod,
 	.rename			= xfs_vn_rename,
-	.check_acl		= xfs_check_acl,
+	.get_acl		= xfs_get_acl,
 	.getattr		= xfs_vn_getattr,
 	.setattr		= xfs_vn_setattr,
 	.setxattr		= generic_setxattr,
@@ -1073,7 +1073,7 @@ static const struct inode_operations xfs
 	.rmdir			= xfs_vn_unlink,
 	.mknod			= xfs_vn_mknod,
 	.rename			= xfs_vn_rename,
-	.check_acl		= xfs_check_acl,
+	.get_acl		= xfs_get_acl,
 	.getattr		= xfs_vn_getattr,
 	.setattr		= xfs_vn_setattr,
 	.setxattr		= generic_setxattr,
@@ -1086,7 +1086,7 @@ static const struct inode_operations xfs
 	.readlink		= generic_readlink,
 	.follow_link		= xfs_vn_follow_link,
 	.put_link		= xfs_vn_put_link,
-	.check_acl		= xfs_check_acl,
+	.get_acl		= xfs_get_acl,
 	.getattr		= xfs_vn_getattr,
 	.setattr		= xfs_vn_setattr,
 	.setxattr		= generic_setxattr,
Index: linux-2.6/fs/xfs/linux-2.6/xfs_trace.h
===================================================================
--- linux-2.6.orig/fs/xfs/linux-2.6/xfs_trace.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/xfs/linux-2.6/xfs_trace.h	2011-07-23 16:40:31.874082696 +0200
@@ -571,7 +571,7 @@ DEFINE_INODE_EVENT(xfs_alloc_file_space)
 DEFINE_INODE_EVENT(xfs_free_file_space);
 DEFINE_INODE_EVENT(xfs_readdir);
 #ifdef CONFIG_XFS_POSIX_ACL
-DEFINE_INODE_EVENT(xfs_check_acl);
+DEFINE_INODE_EVENT(xfs_get_acl);
 #endif
 DEFINE_INODE_EVENT(xfs_vm_bmap);
 DEFINE_INODE_EVENT(xfs_file_ioctl);
Index: linux-2.6/fs/xfs/xfs_acl.h
===================================================================
--- linux-2.6.orig/fs/xfs/xfs_acl.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/fs/xfs/xfs_acl.h	2011-07-23 16:40:31.874082696 +0200
@@ -42,7 +42,6 @@ struct xfs_acl {
 #define SGI_ACL_DEFAULT_SIZE	(sizeof(SGI_ACL_DEFAULT)-1)
 
 #ifdef CONFIG_XFS_POSIX_ACL
-extern int xfs_check_acl(struct inode *inode, int mask);
 extern struct posix_acl *xfs_get_acl(struct inode *inode, int type);
 extern int xfs_inherit_acl(struct inode *inode, struct posix_acl *default_acl);
 extern int xfs_acl_chmod(struct inode *inode);
@@ -52,7 +51,6 @@ extern int posix_acl_default_exists(stru
 extern const struct xattr_handler xfs_xattr_acl_access_handler;
 extern const struct xattr_handler xfs_xattr_acl_default_handler;
 #else
-# define xfs_check_acl					NULL
 # define xfs_get_acl(inode, type)			NULL
 # define xfs_inherit_acl(inode, default_acl)		0
 # define xfs_acl_chmod(inode)				0
Index: linux-2.6/include/linux/fs.h
===================================================================
--- linux-2.6.orig/include/linux/fs.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/include/linux/fs.h	2011-07-23 16:50:13.087412554 +0200
@@ -1586,7 +1586,7 @@ struct inode_operations {
 	struct dentry * (*lookup) (struct inode *,struct dentry *, struct nameidata *);
 	void * (*follow_link) (struct dentry *, struct nameidata *);
 	int (*permission) (struct inode *, int);
-	int (*check_acl)(struct inode *, int);
+	struct posix_acl * (*get_acl)(struct inode *, int);
 
 	int (*readlink) (struct dentry *, char __user *,int);
 	void (*put_link) (struct dentry *, struct nameidata *, void *);
Index: linux-2.6/include/linux/generic_acl.h
===================================================================
--- linux-2.6.orig/include/linux/generic_acl.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/include/linux/generic_acl.h	2011-07-23 16:40:31.874082696 +0200
@@ -10,6 +10,5 @@ extern const struct xattr_handler generi
 
 int generic_acl_init(struct inode *, struct inode *);
 int generic_acl_chmod(struct inode *);
-int generic_check_acl(struct inode *inode, int mask);
 
 #endif /* LINUX_GENERIC_ACL_H */
Index: linux-2.6/include/linux/reiserfs_xattr.h
===================================================================
--- linux-2.6.orig/include/linux/reiserfs_xattr.h	2011-07-23 16:38:21.000000000 +0200
+++ linux-2.6/include/linux/reiserfs_xattr.h	2011-07-23 17:01:14.584075270 +0200
@@ -45,7 +45,6 @@ int reiserfs_permission(struct inode *in
 
 #ifdef CONFIG_REISERFS_FS_XATTR
 #define has_xattr_dir(inode) (REISERFS_I(inode)->i_flags & i_has_xattr_dir)
-int reiserfs_check_acl(struct inode *inode, int mask);
 ssize_t reiserfs_getxattr(struct dentry *dentry, const char *name,
 			  void *buffer, size_t size);
 int reiserfs_setxattr(struct dentry *dentry, const char *name,
@@ -123,7 +122,6 @@ static inline void reiserfs_init_xattr_r
 #define reiserfs_setxattr NULL
 #define reiserfs_listxattr NULL
 #define reiserfs_removexattr NULL
-#define reiserfs_check_acl NULL
 
 static inline void reiserfs_init_xattr_rwsem(struct inode *inode)
 {
Index: linux-2.6/mm/shmem.c
===================================================================
--- linux-2.6.orig/mm/shmem.c	2011-07-23 16:38:21.290750141 +0200
+++ linux-2.6/mm/shmem.c	2011-07-23 16:40:31.877416029 +0200
@@ -2715,10 +2715,6 @@ static const struct inode_operations shm
 	.listxattr	= shmem_listxattr,
 	.removexattr	= shmem_removexattr,
 #endif
-#ifdef CONFIG_TMPFS_POSIX_ACL
-	.check_acl	= generic_check_acl,
-#endif
-
 };
 
 static const struct inode_operations shmem_dir_inode_operations = {
@@ -2741,7 +2737,6 @@ static const struct inode_operations shm
 #endif
 #ifdef CONFIG_TMPFS_POSIX_ACL
 	.setattr	= shmem_setattr,
-	.check_acl	= generic_check_acl,
 #endif
 };
 
@@ -2754,7 +2749,6 @@ static const struct inode_operations shm
 #endif
 #ifdef CONFIG_TMPFS_POSIX_ACL
 	.setattr	= shmem_setattr,
-	.check_acl	= generic_check_acl,
 #endif
 };
 
Index: linux-2.6/fs/reiserfs/xattr.c
===================================================================
--- linux-2.6.orig/fs/reiserfs/xattr.c	2011-07-23 16:39:41.157416331 +0200
+++ linux-2.6/fs/reiserfs/xattr.c	2011-07-23 16:40:31.877416029 +0200
@@ -867,24 +867,6 @@ out:
 	return err;
 }
 
-int reiserfs_check_acl(struct inode *inode, int mask)
-{
-	struct posix_acl *acl;
-	int error = -EAGAIN; /* do regular unix permission checks by default */
-
-	acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS);
-
-	if (acl) {
-		if (!IS_ERR(acl)) {
-			error = posix_acl_permission(inode, acl, mask);
-			posix_acl_release(acl);
-		} else if (PTR_ERR(acl) != -ENODATA)
-			error = PTR_ERR(acl);
-	}
-
-	return error;
-}
-
 static int create_privroot(struct dentry *dentry)
 {
 	int err;
Index: linux-2.6/Documentation/filesystems/porting
===================================================================
--- linux-2.6.orig/Documentation/filesystems/porting	2011-07-23 16:38:20.000000000 +0200
+++ linux-2.6/Documentation/filesystems/porting	2011-07-23 16:40:31.877416029 +0200
@@ -407,10 +407,11 @@ to some pointer to returning that pointe
 
 --
 [mandatory]
-	->permission(), generic_permission() and ->check_acl() have lost flags
+	->permission() and generic_permission()have lost flags
 argument; instead of passing IPERM_FLAG_RCU we add MAY_NOT_BLOCK into mask.
-	generic_permission() has also lost the check_acl argument; if you want
-non-NULL to be used for that inode, put it into ->i_op->check_acl.
+	generic_permission() has also lost the check_acl argument; ACL checking
+has been taken to VFS and filesystems need to provide a non-NULL ->i_op->get_acl
+to read an ACL from disk.
 
 --
 [mandatory]
Index: linux-2.6/fs/posix_acl.c
===================================================================
--- linux-2.6.orig/fs/posix_acl.c	2011-07-23 16:41:06.264082489 +0200
+++ linux-2.6/fs/posix_acl.c	2011-07-23 16:41:22.787415724 +0200
@@ -27,7 +27,6 @@ EXPORT_SYMBOL(posix_acl_alloc);
 EXPORT_SYMBOL(posix_acl_valid);
 EXPORT_SYMBOL(posix_acl_equiv_mode);
 EXPORT_SYMBOL(posix_acl_from_mode);
-EXPORT_SYMBOL(posix_acl_permission);
 
 /*
  * Init a fresh posix_acl
Index: linux-2.6/include/linux/reiserfs_acl.h
===================================================================
--- linux-2.6.orig/include/linux/reiserfs_acl.h	2011-07-23 17:01:20.730741901 +0200
+++ linux-2.6/include/linux/reiserfs_acl.h	2011-07-23 17:01:54.330741700 +0200
@@ -59,11 +59,7 @@ extern const struct xattr_handler reiser
 #else
 
 #define reiserfs_cache_default_acl(inode) 0
-
-static inline struct posix_acl *reiserfs_get_acl(struct inode *inode, int type)
-{
-	return NULL;
-}
+#define reiserfs_get_acl NULL
 
 static inline int reiserfs_acl_chmod(struct inode *inode)
 {

Re: [PATCH 1/4] 9p: do no return 0 from ->check_acl without actually checking

[Al Viro]

On Sat, Jul 23, 2011 at 05:36:38PM +0200, Christoph Hellwig wrote:
> If we do not want to use ACLs we at least need to perform normal Unix
> permission checks.  From the comment I'm not quite sure that's what
> is intended, but if 0p wants to do permission checks entirely on the
> server it needs to do so in ->permission, not in ->check_acl.

I'd like ACK and comments on that from 9p folks...

Re: [PATCH 4/4] fs: take the ACL checks to common code

[Linus Torvalds]

On Sat, Jul 23, 2011 at 8:37 AM, Christoph Hellwig <hch@lst.de> wrote:
>
> Replace the ->check_acl method with a ->get_acl method that simply reads an
> ACL from disk after having a cache miss.  This means we can replace the ACL
> checking boilerplate code with a single implementation in namei.c.

Hmm. If we just had a rule for locking (i_mutex?), we could make the
cache update be in namei.c too..

Things that want to use timeouts etc to make for more complicated
permissions rules than the straightforward acl cache have to use
->permission anyway, so it would make sense to make the ->get_acl
method as trivial as possible for filesystems.

But regardless: your patch series looks fine as-is (as does Al's), I'm
just pointing out a possible further step.

So Ack.

                     Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/4] fs: take the ACL checks to common code

[Christoph Hellwig]

On Sat, Jul 23, 2011 at 08:56:12AM -0700, Linus Torvalds wrote:
> On Sat, Jul 23, 2011 at 8:37 AM, Christoph Hellwig <hch@lst.de> wrote:
> >
> > Replace the ->check_acl method with a ->get_acl method that simply reads an
> > ACL from disk after having a cache miss. ?This means we can replace the ACL
> > checking boilerplate code with a single implementation in namei.c.
> 
> Hmm. If we just had a rule for locking (i_mutex?), we could make the
> cache update be in namei.c too..

Yes, and if we add a ->set_acl we can take most of the existing boilerplate
code completely into posix_acl.c.  I'll see if I can do something like that
for v3.2.

> Things that want to use timeouts etc to make for more complicated
> permissions rules than the straightforward acl cache have to use
> ->permission anyway, so it would make sense to make the ->get_acl
> method as trivial as possible for filesystems.

At this point no one does that anyway, the only real complications
are the cluster filesystems having remote cache invalidations.

Re: [PATCH 4/4] fs: take the ACL checks to common code

[Al Viro]

On Sat, Jul 23, 2011 at 06:00:00PM +0200, Christoph Hellwig wrote:
> On Sat, Jul 23, 2011 at 08:56:12AM -0700, Linus Torvalds wrote:
> > On Sat, Jul 23, 2011 at 8:37 AM, Christoph Hellwig <hch@lst.de> wrote:
> > >
> > > Replace the ->check_acl method with a ->get_acl method that simply reads an
> > > ACL from disk after having a cache miss. ?This means we can replace the ACL
> > > checking boilerplate code with a single implementation in namei.c.
> > 
> > Hmm. If we just had a rule for locking (i_mutex?), we could make the
> > cache update be in namei.c too..
> 
> Yes, and if we add a ->set_acl we can take most of the existing boilerplate
> code completely into posix_acl.c.  I'll see if I can do something like that
> for v3.2.
 
As for ->set_acl(), how are you going to deal with things like ext3_init_acl(),
where we get transaction handle as argument and pass it down to ext3_set_acl()?
Or the things like e.g. gfs2_set_mode()...

Re: [PATCH 4/4] fs: take the ACL checks to common code

[Christoph Hellwig]

On Sat, Jul 23, 2011 at 05:15:16PM +0100, Al Viro wrote:
> > Yes, and if we add a ->set_acl we can take most of the existing boilerplate
> > code completely into posix_acl.c.  I'll see if I can do something like that
> > for v3.2.
>  
> As for ->set_acl(), how are you going to deal with things like ext3_init_acl(),
> where we get transaction handle as argument and pass it down to ext3_set_acl()?
> Or the things like e.g. gfs2_set_mode()...

ext3/4 already store the handle_t (what an awfully misleading name, btw)
in current->journal_info for similar cases where they want to keep to access
it when doing detours through common code.  Similar for gfs2 and gfs2_trans.

I'll have to look into it in more details.  So far my plan is:

 - add a generic xattr method for reading ACLs, we already have can do
   that just based on ->get_acl
 - add a generic xattr method (and thus set of xattr ops) for writing
   ACLs, and add ->set_acl for it.
 - then look into how we can sanely factor the more complicated operations

Re: [PATCH 1/4] 9p: do no return 0 from ->check_acl without actually checking

[Aneesh Kumar K.V]

On Sat, 23 Jul 2011 17:36:38 +0200, Christoph Hellwig <hch@lst.de> wrote:
> If we do not want to use ACLs we at least need to perform normal Unix
> permission checks.  From the comment I'm not quite sure that's what
> is intended, but if 0p wants to do permission checks entirely on the
> server it needs to do so in ->permission, not in ->check_acl.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> 
> Index: linux-2.6/fs/9p/acl.c
> ===================================================================
> --- linux-2.6.orig/fs/9p/acl.c	2011-07-23 16:39:19.200749795 +0200
> +++ linux-2.6/fs/9p/acl.c	2011-07-23 16:39:24.690749763 +0200
> @@ -108,7 +108,7 @@ int v9fs_check_acl(struct inode *inode,
>  		 * On access = client  and acl = on mode get the acl
>  		 * values from the server
>  		 */
> -		return 0;
> +		return -EAGAIN;
>  	}
>  	acl = v9fs_get_cached_acl(inode, ACL_TYPE_ACCESS);
> 

Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>

-aneesh