From: Christoph Hellwig <hch@lst.de>
To: Christian Brauner <brauner@kernel.org>
Cc: linux-fsdevel@vger.kernel.org, Seth Forshee <sforshee@kernel.org>,
Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 23/29] xattr: use posix acl api
Date: Thu, 29 Sep 2022 10:25:35 +0200 [thread overview]
Message-ID: <20220929082535.GC3699@lst.de> (raw)
In-Reply-To: <20220928160843.382601-24-brauner@kernel.org>
On Wed, Sep 28, 2022 at 06:08:37PM +0200, Christian Brauner wrote:
> +static int setxattr_convert(struct user_namespace *mnt_userns, struct dentry *d,
> + struct xattr_ctx *ctx)
> {
> - if (ctx->size && is_posix_acl_xattr(ctx->kname->name))
> - posix_acl_fix_xattr_from_user(ctx->kvalue, ctx->size);
> + struct posix_acl *acl;
> +
> + if (!ctx->size || !is_posix_acl_xattr(ctx->kname->name))
> + return 0;
> +
> + /*
> + * Note that posix_acl_from_xattr() uses GFP_NOFS when it probably
> + * doesn't need to here.
> + */
> + acl = posix_acl_from_xattr(current_user_ns(), ctx->kvalue, ctx->size);
> + if (IS_ERR(acl))
> + return PTR_ERR(acl);
> +
> + ctx->acl = acl;
> + return 0;
why is this called setxattr_convert when it is clearly about ACLs only?
> +
> + error = setxattr_convert(mnt_userns, dentry, ctx);
> + if (error)
> + return error;
> +
> + if (is_posix_acl_xattr(ctx->kname->name))
> + return vfs_set_acl(mnt_userns, dentry,
> + ctx->kname->name, ctx->acl);
Also instead of doing two checks for ACLs why not do just one? And then
have a comment helper to convert and set which can live in posix_acl.c.
No need to store anything in a context with that either.
> @@ -610,6 +642,7 @@ setxattr(struct user_namespace *mnt_userns, struct dentry *d,
> error = do_setxattr(mnt_userns, d, &ctx);
>
> kvfree(ctx.kvalue);
> + posix_acl_release(ctx.acl);
> return error;
And I don't think there is any good reason to not release the ACL
right after the call to vfs_set_acl. Which means there is no need to
store anything in the ctx.
> + if (is_posix_acl_xattr(ctx->kname->name)) {
> + ctx->acl = vfs_get_acl(mnt_userns, d, ctx->kname->name);
> + if (IS_ERR(ctx->acl))
> + return PTR_ERR(ctx->acl);
> +
> + error = vfs_posix_acl_to_xattr(mnt_userns, d_inode(d), ctx->acl,
> + ctx->kvalue, ctx->size);
> + posix_acl_release(ctx->acl);
An while this is just a small function body I still think splitting it
into a helper and moving it to posix_acl.c would be a bit cleaner.
next prev parent reply other threads:[~2022-09-29 8:25 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-28 16:08 [PATCH v3 00/29] acl: add vfs posix acl api Christian Brauner
2022-09-28 16:08 ` [PATCH v3 01/29] orangefs: rework posix acl handling when creating new filesystem objects Christian Brauner
2022-09-29 7:50 ` Christoph Hellwig
2022-09-28 16:08 ` [PATCH v3 02/29] fs: pass dentry to set acl method Christian Brauner
2022-09-29 7:51 ` Christoph Hellwig
2022-09-29 7:57 ` Christian Brauner
2022-09-28 16:08 ` [PATCH v3 03/29] fs: rename current get " Christian Brauner
2022-09-29 8:12 ` Christoph Hellwig
2022-09-29 9:16 ` Christian Brauner
2022-09-28 16:08 ` [PATCH v3 04/29] fs: add new " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 05/29] cifs: implement " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 06/29] cifs: implement set " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 07/29] 9p: implement get " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 08/29] 9p: implement set " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 09/29] security: add get, remove and set acl hook Christian Brauner
2022-09-28 16:08 ` [PATCH v3 10/29] selinux: implement get, set and remove " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 11/29] smack: " Christian Brauner
2022-09-28 16:34 ` Casey Schaufler
2022-09-28 16:08 ` [PATCH v3 12/29] integrity: implement get and set " Christian Brauner
2022-09-29 23:25 ` Mimi Zohar
2022-09-30 8:35 ` Christian Brauner
2022-09-28 16:08 ` [PATCH v3 13/29] evm: add post " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 14/29] acl: add vfs_set_acl() Christian Brauner
2022-09-29 8:17 ` Christoph Hellwig
2022-09-29 8:25 ` Christian Brauner
2022-09-29 9:01 ` Christian Brauner
2022-09-28 16:08 ` [PATCH v3 15/29] acl: add vfs_get_acl() Christian Brauner
2022-09-28 16:08 ` [PATCH v3 16/29] acl: add vfs_remove_acl() Christian Brauner
2022-09-28 16:08 ` [PATCH v3 17/29] ksmbd: use vfs_remove_acl() Christian Brauner
2022-09-28 16:08 ` [PATCH v3 18/29] ecryptfs: implement get acl method Christian Brauner
2022-09-28 16:08 ` [PATCH v3 19/29] ecryptfs: implement set " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 20/29] ovl: implement get " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 21/29] ovl: implement set " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 22/29] ovl: use posix acl api Christian Brauner
2022-09-28 16:08 ` [PATCH v3 23/29] xattr: " Christian Brauner
2022-09-29 8:25 ` Christoph Hellwig [this message]
2022-09-29 9:10 ` Christian Brauner
2022-09-29 9:46 ` Christian Brauner
2022-09-29 10:51 ` Christoph Hellwig
2022-09-29 11:39 ` Christian Brauner
2022-09-28 16:08 ` [PATCH v3 24/29] evm: remove evm_xattr_acl_change() Christian Brauner
2022-09-28 16:08 ` [PATCH v3 25/29] ecryptfs: use stub posix acl handlers Christian Brauner
2022-09-28 16:08 ` [PATCH v3 26/29] ovl: " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 27/29] cifs: " Christian Brauner
2022-09-29 7:56 ` Christian Brauner
2022-09-28 16:08 ` [PATCH v3 28/29] 9p: " Christian Brauner
2022-09-28 16:08 ` [PATCH v3 29/29] acl: remove a slew of now unused helpers Christian Brauner
2022-09-29 8:25 ` Christoph Hellwig
2022-09-29 8:28 ` Christian Brauner
2022-09-29 11:40 ` Christoph Hellwig
2022-09-29 13:10 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220929082535.GC3699@lst.de \
--to=hch@lst.de \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sforshee@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).