On Mon, Feb 03, 2014 at 01:03:32PM -0800, Linus Torvalds wrote: > Now, to be honest, pushing it down one more level (to > generic_permission()) will actually start causing some trouble. In > particular, gfs2_permission() fundamentally does not have a dentry for > several of the callers. Looking over the gfs2 code the problem seems to be that it duplicates permissions checks from the may_{lookup,create,linkat,delete}, most likely because it needs cluster locking in place for them. The right fix seems to be to optionally call the filesystem from those. That being said I wonder how ocfs2 or network filesystems get away without that. > What do you think? I guess this patch could be split up into two: one > that does the "vfs_xyz()" helper functions, and another that does the > inode_permission() change. I tied them together mainly because I > started with the inode_permission() change, and that required the > vfs_xyz() change. The changes look good to me, and yes I think they should be split. I'll see if I can take this further, but doing something non-hacky in GFS2 would be the first step here. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html