Re: [PATCH v13 10/51] vfs: Cache base_acl objects in inodes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Nov 3, 2015, at 8:16 AM, Andreas Gruenbacher <agruenba@xxxxxxxxxx> wrote:
> 
> POSIX ACLs and richacls are both objects allocated by kmalloc() with a
> reference count which are freed by kfree_rcu().  An inode can either
> cache an access and a default POSIX ACL, or a richacl (richacls do not
> have default acls).  To allow an inode to cache either of the two kinds
> of acls, introduce a new base_acl type and convert i_acl and
> i_default_acl to that type. In most cases, the vfs then doesn't have to
> care which kind of acl an inode caches (if any).

For new wrapper functions like this better to name them as "NOUN_VERB" so
rather than "VERB_NOUN" so that related functions sort together, like
base_acl_init(), base_acl_get(), base_acl_put(), base_acl_refcount(), etc.

> Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
> ---
> drivers/staging/lustre/lustre/llite/llite_lib.c |  2 +-
> fs/f2fs/acl.c                                   |  4 ++--
> fs/inode.c                                      |  4 ++--
> fs/jffs2/acl.c                                  |  6 ++++--
> fs/posix_acl.c                                  | 18 +++++++++---------
> include/linux/fs.h                              | 25 ++++++++++++++++++++++---
> include/linux/posix_acl.h                       | 12 ++++--------
> include/linux/richacl.h                         |  2 +-
> 8 files changed, 45 insertions(+), 28 deletions(-)
> 
> diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c b/drivers/staging/lustre/lustre/llite/llite_lib.c
> index b4ed6c8..5766f69 100644
> --- a/drivers/staging/lustre/lustre/llite/llite_lib.c
> +++ b/drivers/staging/lustre/lustre/llite/llite_lib.c
> @@ -1118,7 +1118,7 @@ void ll_clear_inode(struct inode *inode)
> 	}
> #ifdef CONFIG_FS_POSIX_ACL
> 	else if (lli->lli_posix_acl) {
> -		LASSERT(atomic_read(&lli->lli_posix_acl->a_refcount) == 1);
> +		LASSERT(atomic_read(&lli->lli_posix_acl->a_base.ba_refcount) == 1);

It probably makes sense to have a wrapper for this, like base_acl_refcount()
so that the details are similarly abstracted from the callers, or there
isn't much benefit to having get_base_acl() and put_base_acl() at all.

> 		LASSERT(lli->lli_remote_perms == NULL);
> 		posix_acl_release(lli->lli_posix_acl);
> 		lli->lli_posix_acl = NULL;
> diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
> index c8f25f7..a4207de 100644
> --- a/fs/f2fs/acl.c
> +++ b/fs/f2fs/acl.c
> @@ -270,7 +270,7 @@ static struct posix_acl *f2fs_acl_clone(const struct posix_acl *acl,
> 				sizeof(struct posix_acl_entry);
> 		clone = kmemdup(acl, size, flags);
> 		if (clone)
> -			atomic_set(&clone->a_refcount, 1);
> +			atomic_set(&clone->a_base.ba_refcount, 1);

This should be base_acl_init() since this should also reset the RCU state
if it was just copied from "acl" above.  That wouldn't be quite correct if
there are other fields added to struct base_acl that don't need to be
initialized when it is copied, so possibly base_acl_reinit() would be better
here and below if that will be the case in the near future (I haven't looked
through the whole patch series yet).

> 	}
> 	return clone;
> }
> @@ -282,7 +282,7 @@ static int f2fs_acl_create_masq(struct posix_acl *acl, umode_t *mode_p)
> 	umode_t mode = *mode_p;
> 	int not_equiv = 0;
> 
> -	/* assert(atomic_read(acl->a_refcount) == 1); */
> +	/* assert(atomic_read(acl->a_base.ba_refcount) == 1); */

May as well make the comment use the base_acl_refcount() wrapper function too.

> 
> 	FOREACH_ACL_ENTRY(pa, acl, pe) {
> 		switch(pa->e_tag) {
> diff --git a/fs/inode.c b/fs/inode.c
> index 78a17b8..2a387f4 100644
> --- a/fs/inode.c
> +++ b/fs/inode.c
> @@ -233,9 +233,9 @@ void __destroy_inode(struct inode *inode)
> 
> #ifdef CONFIG_FS_POSIX_ACL
> 	if (inode->i_acl && inode->i_acl != ACL_NOT_CACHED)
> -		posix_acl_release(inode->i_acl);
> +		put_base_acl(inode->i_acl);
> 	if (inode->i_default_acl && inode->i_default_acl != ACL_NOT_CACHED)
> -		posix_acl_release(inode->i_default_acl);
> +		put_base_acl(inode->i_default_acl);
> #endif
> 	this_cpu_dec(nr_inodes);
> }
> diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
> index 2f7a3c0..04a5836 100644
> --- a/fs/jffs2/acl.c
> +++ b/fs/jffs2/acl.c
> @@ -294,13 +294,15 @@ int jffs2_init_acl_post(struct inode *inode)
> 	int rc;
> 
> 	if (inode->i_default_acl) {
> -		rc = __jffs2_set_acl(inode, JFFS2_XPREFIX_ACL_DEFAULT, inode->i_default_acl);
> +		rc = __jffs2_set_acl(inode, JFFS2_XPREFIX_ACL_DEFAULT,
> +				     *acl_by_type(inode, ACL_TYPE_DEFAULT));
> 		if (rc)
> 			return rc;
> 	}
> 
> 	if (inode->i_acl) {
> -		rc = __jffs2_set_acl(inode, JFFS2_XPREFIX_ACL_ACCESS, inode->i_acl);
> +		rc = __jffs2_set_acl(inode, JFFS2_XPREFIX_ACL_ACCESS,
> +				     *acl_by_type(inode, ACL_TYPE_ACCESS));
> 		if (rc)
> 			return rc;
> 	}
> diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> index 4fb17de..b3b2265 100644
> --- a/fs/posix_acl.c
> +++ b/fs/posix_acl.c
> @@ -25,9 +25,9 @@ struct posix_acl **acl_by_type(struct inode *inode, int type)
> {
> 	switch (type) {
> 	case ACL_TYPE_ACCESS:
> -		return &inode->i_acl;
> +		return (struct posix_acl **)&inode->i_acl;
> 	case ACL_TYPE_DEFAULT:
> -		return &inode->i_default_acl;
> +		return (struct posix_acl **)&inode->i_default_acl;

This would be better to use container_of() to unwrap struct base_acl from
struct posix_acl.  That avoids the hard requirement (which isn't documented
anywhere) that base_acl needs to be the first member of struct posix_acl.

I was originally going to write that you should add a comment that base_acl
needs to be the first member of both richacl and posix_acl, but container_of()
is both cleaner and safer.

Looking further down, that IS actually needed due to the way kfree is used on
the base_acl pointer, but using container_of() is still cleaner and safer
than directly casting double pointers (which some compilers and static
analysis tools will be unhappy with).

> 	default:
> 		BUG();
> 	}
> @@ -83,16 +83,16 @@ EXPORT_SYMBOL(forget_cached_acl);
> 
> void forget_all_cached_acls(struct inode *inode)
> {
> -	struct posix_acl *old_access, *old_default;
> +	struct base_acl *old_access, *old_default;
> 	spin_lock(&inode->i_lock);
> 	old_access = inode->i_acl;
> 	old_default = inode->i_default_acl;
> 	inode->i_acl = inode->i_default_acl = ACL_NOT_CACHED;
> 	spin_unlock(&inode->i_lock);
> 	if (old_access != ACL_NOT_CACHED)
> -		posix_acl_release(old_access);
> +		put_base_acl(old_access);
> 	if (old_default != ACL_NOT_CACHED)
> -		posix_acl_release(old_default);
> +		put_base_acl(old_default);
> }
> EXPORT_SYMBOL(forget_all_cached_acls);
> 
> @@ -129,7 +129,7 @@ EXPORT_SYMBOL(get_acl);
> void
> posix_acl_init(struct posix_acl *acl, int count)
> {
> -	atomic_set(&acl->a_refcount, 1);
> +	atomic_set(&acl->a_base.ba_refcount, 1);

This should be base_acl_init().

> 	acl->a_count = count;
> }
> EXPORT_SYMBOL(posix_acl_init);
> @@ -162,7 +162,7 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
> 		           sizeof(struct posix_acl_entry);
> 		clone = kmemdup(acl, size, flags);
> 		if (clone)
> -			atomic_set(&clone->a_refcount, 1);
> +			atomic_set(&clone->a_base.ba_refcount, 1);

Also base_acl_init() or base_acl_reinit().

> 	}
> 	return clone;
> }
> @@ -384,7 +384,7 @@ static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p)
> 	umode_t mode = *mode_p;
> 	int not_equiv = 0;
> 
> -	/* assert(atomic_read(acl->a_refcount) == 1); */
> +	/* assert(atomic_read(acl->a_base.ba_refcount) == 1); */

base_acl_refcount().

> 	FOREACH_ACL_ENTRY(pa, acl, pe) {
>                 switch(pa->e_tag) {
> @@ -439,7 +439,7 @@ static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode)
> 	struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL;
> 	struct posix_acl_entry *pa, *pe;
> 
> -	/* assert(atomic_read(acl->a_refcount) == 1); */
> +	/* assert(atomic_read(acl->a_base.ba_refcount) == 1); */

...

> 	FOREACH_ACL_ENTRY(pa, acl, pe) {
> 		switch(pa->e_tag) {
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index ba91a89..3c22c92 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -576,6 +576,12 @@ static inline void mapping_allow_writable(struct address_space *mapping)
> #define i_size_ordered_init(inode) do { } while (0)
> #endif
> 
> +struct base_acl {
> +	union {
> +		atomic_t ba_refcount;
> +		struct rcu_head ba_rcu;
> +	};
> +};
> struct posix_acl;

Is this forward declaration of struct posix_acl even needed anymore after
the change below?  There shouldn't be references to the struct in the common
code anymore (at least not by the end of the patch series.

> #define ACL_NOT_CACHED ((void *)(-1))
> 
> @@ -595,9 +601,9 @@ struct inode {
> 	kgid_t			i_gid;
> 	unsigned int		i_flags;
> 
> -#ifdef CONFIG_FS_POSIX_ACL
> -	struct posix_acl	*i_acl;
> -	struct posix_acl	*i_default_acl;
> +#if defined(CONFIG_FS_POSIX_ACL)
> +	struct base_acl		*i_acl;
> +	struct base_acl		*i_default_acl;
> #endif
> 
> 	const struct inode_operations	*i_op;
> @@ -3059,4 +3065,17 @@ static inline bool dir_relax(struct inode *inode)
> 
> extern bool path_noexec(const struct path *path);
> 
> +static inline struct base_acl *get_base_acl(struct base_acl *acl)

> +{
> +	if (acl)
> +		atomic_inc(&acl->ba_refcount);
> +	return acl;
> +}
> +
> +static inline void put_base_acl(struct base_acl *acl)
> +{
> +	if (acl && atomic_dec_and_test(&acl->ba_refcount))
> +		kfree_rcu(acl, ba_rcu);

Hmm, using the base_acl pointer as the pointer to kfree means that the
base_acl structure DOES need to be the first one in both struct posix_acl
and struct richacl, so that needs to be commented at each structure so
it doesn't accidentally break in the future.

> +}
> +
> #endif /* _LINUX_FS_H */
> diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
> index 3e96a6a..2c46441 100644
> --- a/include/linux/posix_acl.h
> +++ b/include/linux/posix_acl.h
> @@ -43,10 +43,7 @@ struct posix_acl_entry {
> };
> 
> struct posix_acl {
> -	union {
> -		atomic_t		a_refcount;
> -		struct rcu_head		a_rcu;
> -	};
> +	struct base_acl		a_base;

	struct base_acl		a_base;	/* must be first, see base_acl_put() */

> 	unsigned int		a_count;
> 	struct posix_acl_entry	a_entries[0];
> };
> @@ -61,8 +58,7 @@ struct posix_acl {
> static inline struct posix_acl *
> posix_acl_dup(struct posix_acl *acl)
> {
> -	if (acl)
> -		atomic_inc(&acl->a_refcount);
> +	get_base_acl(&acl->a_base);
> 	return acl;
> }
> 
> @@ -72,8 +68,8 @@ posix_acl_dup(struct posix_acl *acl)
> static inline void
> posix_acl_release(struct posix_acl *acl)
> {
> -	if (acl && atomic_dec_and_test(&acl->a_refcount))
> -		kfree_rcu(acl, a_rcu);
> +	BUILD_BUG_ON(offsetof(struct posix_acl, a_base) != 0);
> +	put_base_acl(&acl->a_base);
> }
> 
> 
> diff --git a/include/linux/richacl.h b/include/linux/richacl.h
> index 1d9f5f7..2baef35 100644
> --- a/include/linux/richacl.h
> +++ b/include/linux/richacl.h
> @@ -57,7 +57,7 @@ static inline struct richacl *
> richacl_get(struct richacl *acl)
> {
> 	if (acl)
> -		atomic_inc(&acl->a_refcount);
> +		atomic_inc(&acl->a_base.ba_refcount);
> 	return acl;

This should also use base_acl_get() for consistency.  That said, where is
the call to base_acl_put() in the richacl code?

Also, where is the change to struct richacl?  It looks like this patch would
not be able to compile by itself.  I was going to say that struct richacl
also needs a comment like struct posix_acl that struct base_acl needs to be
first.

Cheers, Andreas





Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux