Commit 47e1bf64 authored by Andreas Gruenbacher's avatar Andreas Gruenbacher Committed by Dave Chinner

xfs: invalidate cached acl if set via ioctl

Setting or removing the "SGI_ACL_[FILE|DEFAULT]" attributes via the
XFS_IOC_ATTRMULTI_BY_HANDLE ioctl completely bypasses the POSIX ACL
infrastructure, like setting the "trusted.SGI_ACL_[FILE|DEFAULT]" xattrs
did until commit 6caa1056.  Similar to that commit, invalidate cached
acls when setting/removing them via the ioctl as well.
Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
parent 09cb22d2
...@@ -36,4 +36,7 @@ static inline struct posix_acl *xfs_get_acl(struct inode *inode, int type) ...@@ -36,4 +36,7 @@ static inline struct posix_acl *xfs_get_acl(struct inode *inode, int type)
# define posix_acl_access_exists(inode) 0 # define posix_acl_access_exists(inode) 0
# define posix_acl_default_exists(inode) 0 # define posix_acl_default_exists(inode) 0
#endif /* CONFIG_XFS_POSIX_ACL */ #endif /* CONFIG_XFS_POSIX_ACL */
extern void xfs_forget_acl(struct inode *inode, const char *name, int xflags);
#endif /* __XFS_ACL_H__ */ #endif /* __XFS_ACL_H__ */
...@@ -40,6 +40,7 @@ ...@@ -40,6 +40,7 @@
#include "xfs_symlink.h" #include "xfs_symlink.h"
#include "xfs_trans.h" #include "xfs_trans.h"
#include "xfs_pnfs.h" #include "xfs_pnfs.h"
#include "xfs_acl.h"
#include <linux/capability.h> #include <linux/capability.h>
#include <linux/dcache.h> #include <linux/dcache.h>
...@@ -494,6 +495,8 @@ xfs_attrmulti_attr_set( ...@@ -494,6 +495,8 @@ xfs_attrmulti_attr_set(
return PTR_ERR(kbuf); return PTR_ERR(kbuf);
error = xfs_attr_set(XFS_I(inode), name, kbuf, len, flags); error = xfs_attr_set(XFS_I(inode), name, kbuf, len, flags);
if (!error)
xfs_forget_acl(inode, name, flags);
kfree(kbuf); kfree(kbuf);
return error; return error;
} }
...@@ -504,9 +507,14 @@ xfs_attrmulti_attr_remove( ...@@ -504,9 +507,14 @@ xfs_attrmulti_attr_remove(
unsigned char *name, unsigned char *name,
__uint32_t flags) __uint32_t flags)
{ {
int error;
if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
return -EPERM; return -EPERM;
return xfs_attr_remove(XFS_I(inode), name, flags); error = xfs_attr_remove(XFS_I(inode), name, flags);
if (!error)
xfs_forget_acl(inode, name, flags);
return error;
} }
STATIC int STATIC int
......
...@@ -53,6 +53,28 @@ xfs_xattr_get(struct dentry *dentry, const char *name, ...@@ -53,6 +53,28 @@ xfs_xattr_get(struct dentry *dentry, const char *name,
return asize; return asize;
} }
void
xfs_forget_acl(
struct inode *inode,
const char *name,
int xflags)
{
/*
* Invalidate any cached ACLs if the user has bypassed the ACL
* interface. We don't validate the content whatsoever so it is caller
* responsibility to provide data in valid format and ensure i_mode is
* consistent.
*/
if (xflags & ATTR_ROOT) {
#ifdef CONFIG_XFS_POSIX_ACL
if (!strcmp(name, SGI_ACL_FILE))
forget_cached_acl(inode, ACL_TYPE_ACCESS);
else if (!strcmp(name, SGI_ACL_DEFAULT))
forget_cached_acl(inode, ACL_TYPE_DEFAULT);
#endif
}
}
static int static int
xfs_xattr_set(struct dentry *dentry, const char *name, const void *value, xfs_xattr_set(struct dentry *dentry, const char *name, const void *value,
size_t size, int flags, int xflags) size_t size, int flags, int xflags)
...@@ -73,20 +95,8 @@ xfs_xattr_set(struct dentry *dentry, const char *name, const void *value, ...@@ -73,20 +95,8 @@ xfs_xattr_set(struct dentry *dentry, const char *name, const void *value,
return xfs_attr_remove(ip, (unsigned char *)name, xflags); return xfs_attr_remove(ip, (unsigned char *)name, xflags);
error = xfs_attr_set(ip, (unsigned char *)name, error = xfs_attr_set(ip, (unsigned char *)name,
(void *)value, size, xflags); (void *)value, size, xflags);
/* if (!error)
* Invalidate any cached ACLs if the user has bypassed the ACL xfs_forget_acl(d_inode(dentry), name, xflags);
* interface. We don't validate the content whatsoever so it is caller
* responsibility to provide data in valid format and ensure i_mode is
* consistent.
*/
#ifdef CONFIG_XFS_POSIX_ACL
if (!error && (xflags & ATTR_ROOT)) {
if (!strcmp(name, SGI_ACL_FILE))
forget_cached_acl(VFS_I(ip), ACL_TYPE_ACCESS);
else if (!strcmp(name, SGI_ACL_DEFAULT))
forget_cached_acl(VFS_I(ip), ACL_TYPE_DEFAULT);
}
#endif
return error; return error;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment