Patchwork [v3] fs/ext*,f2fs,jffs2,reiserfs: give comments for acl size and count calculation

login
register
mail settings
Submitter Chen Gang
Date Jan. 4, 2013, 3:26 a.m.
Message ID <50E64BFD.6090000@asianux.com>
Download mbox | patch
Permalink /patch/209361/
State New
Headers show

Comments

Chen Gang - Jan. 4, 2013, 3:26 a.m.
give comments (by Theodore Ts'o)

    ACL_USER_OBJ ACL_USER*[1] ACL_GROUP_OBJ ACL_GROUP*[1] ACL_MASK[2] ACL_OTHER

    [1] Where * is the regexp sense of "0 or more times"
    [2] Only if there is at least one ACL_USER or ACL_GROUP tag;
        otherwise skip ACL_MASK.

  give comments (by Jan Kara)
    posix_acl_valid() makes sure that if there are <= 4 ACL entries, then
    all of them are short. Otherwise exactly 4 entries are short ones and
    other have full length. See comment before that function for exact ACL
    format.

  use macro instead of hard code number (by Chen Gang)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
 fs/ext2/acl.h             |   10 +++++-----
 fs/ext3/acl.h             |   10 +++++-----
 fs/ext4/acl.h             |   10 +++++-----
 fs/f2fs/acl.c             |   12 +++++++-----
 fs/jffs2/acl.c            |   15 +++++++++------
 fs/posix_acl.c            |    8 ++++++++
 fs/reiserfs/acl.h         |   10 +++++-----
 include/linux/posix_acl.h |    8 ++++++++
 8 files changed, 52 insertions(+), 31 deletions(-)
Jan Kara - Jan. 7, 2013, 7:20 p.m.
On Fri 04-01-13 11:26:53, Chen Gang wrote:
> 
>   give comments (by Theodore Ts'o)
> 
>     ACL_USER_OBJ ACL_USER*[1] ACL_GROUP_OBJ ACL_GROUP*[1] ACL_MASK[2] ACL_OTHER
> 
>     [1] Where * is the regexp sense of "0 or more times"
>     [2] Only if there is at least one ACL_USER or ACL_GROUP tag;
>         otherwise skip ACL_MASK.
  Note that I actually updated the entry [2] to be more precise in my
suggested comment. I wrote:
[2] If ACL_USER or ACL_GROUP is present, then ACL_MASK must be present.

  Please use this formulation because the old version suggests ACL_MASK
cannot be present if neither ACL_USER nor ACL_GROUP are present and that's
not true. Otherwise your patch looks fine. Thanks!

								Honza

> 
>   give comments (by Jan Kara)
>     posix_acl_valid() makes sure that if there are <= 4 ACL entries, then
>     all of them are short. Otherwise exactly 4 entries are short ones and
>     other have full length. See comment before that function for exact ACL
>     format.
> 
>   use macro instead of hard code number (by Chen Gang)
> 
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> Signed-off-by: Jan Kara <jack@suse.cz>
> Signed-off-by: Chen Gang <gang.chen@asianux.com>
> ---
>  fs/ext2/acl.h             |   10 +++++-----
>  fs/ext3/acl.h             |   10 +++++-----
>  fs/ext4/acl.h             |   10 +++++-----
>  fs/f2fs/acl.c             |   12 +++++++-----
>  fs/jffs2/acl.c            |   15 +++++++++------
>  fs/posix_acl.c            |    8 ++++++++
>  fs/reiserfs/acl.h         |   10 +++++-----
>  include/linux/posix_acl.h |    8 ++++++++
>  8 files changed, 52 insertions(+), 31 deletions(-)
> 
> diff --git a/fs/ext2/acl.h b/fs/ext2/acl.h
> index 503bfb0..9af79d0 100644
> --- a/fs/ext2/acl.h
> +++ b/fs/ext2/acl.h
> @@ -25,13 +25,13 @@ typedef struct {
>  
>  static inline size_t ext2_acl_size(int count)
>  {
> -	if (count <= 4) {
> +	if (count <= ACL_MAX_SHORT_ENTRY) {
>  		return sizeof(ext2_acl_header) +
>  		       count * sizeof(ext2_acl_entry_short);
>  	} else {
>  		return sizeof(ext2_acl_header) +
> -		       4 * sizeof(ext2_acl_entry_short) +
> -		       (count - 4) * sizeof(ext2_acl_entry);
> +		       ACL_MAX_SHORT_ENTRY * sizeof(ext2_acl_entry_short) +
> +		       (count - ACL_MAX_SHORT_ENTRY) * sizeof(ext2_acl_entry);
>  	}
>  }
>  
> @@ -39,7 +39,7 @@ static inline int ext2_acl_count(size_t size)
>  {
>  	ssize_t s;
>  	size -= sizeof(ext2_acl_header);
> -	s = size - 4 * sizeof(ext2_acl_entry_short);
> +	s = size - ACL_MAX_SHORT_ENTRY * sizeof(ext2_acl_entry_short);
>  	if (s < 0) {
>  		if (size % sizeof(ext2_acl_entry_short))
>  			return -1;
> @@ -47,7 +47,7 @@ static inline int ext2_acl_count(size_t size)
>  	} else {
>  		if (s % sizeof(ext2_acl_entry))
>  			return -1;
> -		return s / sizeof(ext2_acl_entry) + 4;
> +		return s / sizeof(ext2_acl_entry) + ACL_MAX_SHORT_ENTRY;
>  	}
>  }
>  
> diff --git a/fs/ext3/acl.h b/fs/ext3/acl.h
> index dbc921e..b1cf2c0 100644
> --- a/fs/ext3/acl.h
> +++ b/fs/ext3/acl.h
> @@ -25,13 +25,13 @@ typedef struct {
>  
>  static inline size_t ext3_acl_size(int count)
>  {
> -	if (count <= 4) {
> +	if (count <= ACL_MAX_SHORT_ENTRY) {
>  		return sizeof(ext3_acl_header) +
>  		       count * sizeof(ext3_acl_entry_short);
>  	} else {
>  		return sizeof(ext3_acl_header) +
> -		       4 * sizeof(ext3_acl_entry_short) +
> -		       (count - 4) * sizeof(ext3_acl_entry);
> +		       ACL_MAX_SHORT_ENTRY * sizeof(ext3_acl_entry_short) +
> +		       (count - ACL_MAX_SHORT_ENTRY) * sizeof(ext3_acl_entry);
>  	}
>  }
>  
> @@ -39,7 +39,7 @@ static inline int ext3_acl_count(size_t size)
>  {
>  	ssize_t s;
>  	size -= sizeof(ext3_acl_header);
> -	s = size - 4 * sizeof(ext3_acl_entry_short);
> +	s = size - ACL_MAX_SHORT_ENTRY * sizeof(ext3_acl_entry_short);
>  	if (s < 0) {
>  		if (size % sizeof(ext3_acl_entry_short))
>  			return -1;
> @@ -47,7 +47,7 @@ static inline int ext3_acl_count(size_t size)
>  	} else {
>  		if (s % sizeof(ext3_acl_entry))
>  			return -1;
> -		return s / sizeof(ext3_acl_entry) + 4;
> +		return s / sizeof(ext3_acl_entry) + ACL_MAX_SHORT_ENTRY;
>  	}
>  }
>  
> diff --git a/fs/ext4/acl.h b/fs/ext4/acl.h
> index 18cb39e..66d1fa3 100644
> --- a/fs/ext4/acl.h
> +++ b/fs/ext4/acl.h
> @@ -25,13 +25,13 @@ typedef struct {
>  
>  static inline size_t ext4_acl_size(int count)
>  {
> -	if (count <= 4) {
> +	if (count <= ACL_MAX_SHORT_ENTRY) {
>  		return sizeof(ext4_acl_header) +
>  		       count * sizeof(ext4_acl_entry_short);
>  	} else {
>  		return sizeof(ext4_acl_header) +
> -		       4 * sizeof(ext4_acl_entry_short) +
> -		       (count - 4) * sizeof(ext4_acl_entry);
> +		       ACL_MAX_SHORT_ENTRY * sizeof(ext4_acl_entry_short) +
> +		       (count - ACL_MAX_SHORT_ENTRY) * sizeof(ext4_acl_entry);
>  	}
>  }
>  
> @@ -39,7 +39,7 @@ static inline int ext4_acl_count(size_t size)
>  {
>  	ssize_t s;
>  	size -= sizeof(ext4_acl_header);
> -	s = size - 4 * sizeof(ext4_acl_entry_short);
> +	s = size - ACL_MAX_SHORT_ENTRY * sizeof(ext4_acl_entry_short);
>  	if (s < 0) {
>  		if (size % sizeof(ext4_acl_entry_short))
>  			return -1;
> @@ -47,7 +47,7 @@ static inline int ext4_acl_count(size_t size)
>  	} else {
>  		if (s % sizeof(ext4_acl_entry))
>  			return -1;
> -		return s / sizeof(ext4_acl_entry) + 4;
> +		return s / sizeof(ext4_acl_entry) + ACL_MAX_SHORT_ENTRY;
>  	}
>  }
>  
> diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
> index fed74d1..42e0070 100644
> --- a/fs/f2fs/acl.c
> +++ b/fs/f2fs/acl.c
> @@ -22,13 +22,15 @@
>  
>  static inline size_t f2fs_acl_size(int count)
>  {
> -	if (count <= 4) {
> +	if (count <= ACL_MAX_SHORT_ENTRY) {
>  		return sizeof(struct f2fs_acl_header) +
>  			count * sizeof(struct f2fs_acl_entry_short);
>  	} else {
>  		return sizeof(struct f2fs_acl_header) +
> -			4 * sizeof(struct f2fs_acl_entry_short) +
> -			(count - 4) * sizeof(struct f2fs_acl_entry);
> +			ACL_MAX_SHORT_ENTRY
> +			 * sizeof(struct f2fs_acl_entry_short) +
> +			(count - ACL_MAX_SHORT_ENTRY)
> +			 * sizeof(struct f2fs_acl_entry);
>  	}
>  }
>  
> @@ -36,7 +38,7 @@ static inline int f2fs_acl_count(size_t size)
>  {
>  	ssize_t s;
>  	size -= sizeof(struct f2fs_acl_header);
> -	s = size - 4 * sizeof(struct f2fs_acl_entry_short);
> +	s = size - ACL_MAX_SHORT_ENTRY * sizeof(struct f2fs_acl_entry_short);
>  	if (s < 0) {
>  		if (size % sizeof(struct f2fs_acl_entry_short))
>  			return -1;
> @@ -44,7 +46,7 @@ static inline int f2fs_acl_count(size_t size)
>  	} else {
>  		if (s % sizeof(struct f2fs_acl_entry))
>  			return -1;
> -		return s / sizeof(struct f2fs_acl_entry) + 4;
> +		return s / sizeof(struct f2fs_acl_entry) + ACL_MAX_SHORT_ENTRY;
>  	}
>  }
>  
> diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
> index 223283c..48ef4b8 100644
> --- a/fs/jffs2/acl.c
> +++ b/fs/jffs2/acl.c
> @@ -25,13 +25,15 @@
>  
>  static size_t jffs2_acl_size(int count)
>  {
> -	if (count <= 4) {
> +	if (count <= ACL_MAX_SHORT_ENTRY) {
>  		return sizeof(struct jffs2_acl_header)
>  		       + count * sizeof(struct jffs2_acl_entry_short);
>  	} else {
>  		return sizeof(struct jffs2_acl_header)
> -		       + 4 * sizeof(struct jffs2_acl_entry_short)
> -		       + (count - 4) * sizeof(struct jffs2_acl_entry);
> +		       + ACL_MAX_SHORT_ENTRY
> +				 * sizeof(struct jffs2_acl_entry_short)
> +		       + (count - ACL_MAX_SHORT_ENTRY)
> +				 * sizeof(struct jffs2_acl_entry);
>  	}
>  }
>  
> @@ -40,15 +42,16 @@ static int jffs2_acl_count(size_t size)
>  	size_t s;
>  
>  	size -= sizeof(struct jffs2_acl_header);
> -	if (size < 4 * sizeof(struct jffs2_acl_entry_short)) {
> +	if (size < ACL_MAX_SHORT_ENTRY * sizeof(struct jffs2_acl_entry_short)) {
>  		if (size % sizeof(struct jffs2_acl_entry_short))
>  			return -1;
>  		return size / sizeof(struct jffs2_acl_entry_short);
>  	} else {
> -		s = size - 4 * sizeof(struct jffs2_acl_entry_short);
> +		s = size - ACL_MAX_SHORT_ENTRY
> +				 * sizeof(struct jffs2_acl_entry_short);
>  		if (s % sizeof(struct jffs2_acl_entry))
>  			return -1;
> -		return s / sizeof(struct jffs2_acl_entry) + 4;
> +		return s / sizeof(struct jffs2_acl_entry) + ACL_MAX_SHORT_ENTRY;
>  	}
>  }
>  
> diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> index 8bd2135..8cfdebe 100644
> --- a/fs/posix_acl.c
> +++ b/fs/posix_acl.c
> @@ -72,6 +72,14 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
>  
>  /*
>   * Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
> + *
> + * make sure ACL format is the following:
> + *
> + *   ACL_USER_OBJ ACL_USER*[1] ACL_GROUP_OBJ ACL_GROUP*[1] ACL_MASK[2] ACL_OTHER
> + *
> + *   [1] Where * is the regexp sense of "0 or more times"
> + *   [2] Only if there is at least one ACL_USER or ACL_GROUP tag;
> + *       otherwise skip ACL_MASK.
>   */
>  int
>  posix_acl_valid(const struct posix_acl *acl)
> diff --git a/fs/reiserfs/acl.h b/fs/reiserfs/acl.h
> index f096b80..cb967a3 100644
> --- a/fs/reiserfs/acl.h
> +++ b/fs/reiserfs/acl.h
> @@ -20,13 +20,13 @@ typedef struct {
>  
>  static inline size_t reiserfs_acl_size(int count)
>  {
> -	if (count <= 4) {
> +	if (count <= ACL_MAX_SHORT_ENTRY) {
>  		return sizeof(reiserfs_acl_header) +
>  		    count * sizeof(reiserfs_acl_entry_short);
>  	} else {
>  		return sizeof(reiserfs_acl_header) +
> -		    4 * sizeof(reiserfs_acl_entry_short) +
> -		    (count - 4) * sizeof(reiserfs_acl_entry);
> +		    ACL_MAX_SHORT_ENTRY * sizeof(reiserfs_acl_entry_short) +
> +		    (count - ACL_MAX_SHORT_ENTRY) * sizeof(reiserfs_acl_entry);
>  	}
>  }
>  
> @@ -34,7 +34,7 @@ static inline int reiserfs_acl_count(size_t size)
>  {
>  	ssize_t s;
>  	size -= sizeof(reiserfs_acl_header);
> -	s = size - 4 * sizeof(reiserfs_acl_entry_short);
> +	s = size - ACL_MAX_SHORT_ENTRY * sizeof(reiserfs_acl_entry_short);
>  	if (s < 0) {
>  		if (size % sizeof(reiserfs_acl_entry_short))
>  			return -1;
> @@ -42,7 +42,7 @@ static inline int reiserfs_acl_count(size_t size)
>  	} else {
>  		if (s % sizeof(reiserfs_acl_entry))
>  			return -1;
> -		return s / sizeof(reiserfs_acl_entry) + 4;
> +		return s / sizeof(reiserfs_acl_entry) + ACL_MAX_SHORT_ENTRY;
>  	}
>  }
>  
> diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
> index 7931efe..2c5609c 100644
> --- a/include/linux/posix_acl.h
> +++ b/include/linux/posix_acl.h
> @@ -26,6 +26,14 @@
>  #define ACL_MASK		(0x10)
>  #define ACL_OTHER		(0x20)
>  
> +/*
> + * posix_acl_valid() makes sure that if there are <= 4 ACL entries, then
> + * all of them are short. Otherwise exactly 4 entries are short ones and
> + * other have full length. See comment before that function for exact ACL
> + * format.
> + */
> +#define ACL_MAX_SHORT_ENTRY	4
> +
>  /* permissions in the e_perm field */
>  #define ACL_READ		(0x04)
>  #define ACL_WRITE		(0x02)
> -- 
> 1.7.10.4
Chen Gang - Jan. 8, 2013, 2:02 a.m.
于 2013年01月08日 03:20, Jan Kara 写道:
> On Fri 04-01-13 11:26:53, Chen Gang wrote:
>> > 
>> >   give comments (by Theodore Ts'o)
>> > 
>> >     ACL_USER_OBJ ACL_USER*[1] ACL_GROUP_OBJ ACL_GROUP*[1] ACL_MASK[2] ACL_OTHER
>> > 
>> >     [1] Where * is the regexp sense of "0 or more times"
>> >     [2] Only if there is at least one ACL_USER or ACL_GROUP tag;
>> >         otherwise skip ACL_MASK.
>   Note that I actually updated the entry [2] to be more precise in my
> suggested comment. I wrote:
> [2] If ACL_USER or ACL_GROUP is present, then ACL_MASK must be present.
> 
>   Please use this formulation because the old version suggests ACL_MASK
> cannot be present if neither ACL_USER nor ACL_GROUP are present and that's
> not true. Otherwise your patch looks fine. Thanks!

  according to the implementation of posix_acl_valid (contents at bottom).
    new comments are more precise to match the implementation.
    it means:
      if new comments was incorrect, the implementation would be incorrect.
  welcome another members (especially Theodore Ts'o) to giving confirmation or completion. 

  I should wait 2 days, before send patch v4 with new comments.
    no additional reply within 2 days, means new comments is correct.


  Regards

gchen.


 76 int
 77 posix_acl_valid(const struct posix_acl *acl)
 78 {
 79         const struct posix_acl_entry *pa, *pe;
 80         int state = ACL_USER_OBJ;
 81         kuid_t prev_uid = INVALID_UID;
 82         kgid_t prev_gid = INVALID_GID;
 83         int needs_mask = 0;
 84 
 85         FOREACH_ACL_ENTRY(pa, acl, pe) {
 86                 if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE))
 87                         return -EINVAL;
 88                 switch (pa->e_tag) {
 89                         case ACL_USER_OBJ:
 90                                 if (state == ACL_USER_OBJ) {
 91                                         state = ACL_USER;
 92                                         break;
 93                                 }
 94                                 return -EINVAL;
 95 
 96                         case ACL_USER:
 97                                 if (state != ACL_USER)
 98                                         return -EINVAL;
 99                                 if (!uid_valid(pa->e_uid))
100                                         return -EINVAL;
101                                 if (uid_valid(prev_uid) &&
102                                     uid_lte(pa->e_uid, prev_uid))
103                                         return -EINVAL;
104                                 prev_uid = pa->e_uid;
105                                 needs_mask = 1;
106                                 break;
107 
108                         case ACL_GROUP_OBJ:
109                                 if (state == ACL_USER) {
110                                         state = ACL_GROUP;
111                                         break;
112                                 }
113                                 return -EINVAL;
114 
115                         case ACL_GROUP:
116                                 if (state != ACL_GROUP)
117                                         return -EINVAL;
118                                 if (!gid_valid(pa->e_gid))
119                                         return -EINVAL;
120                                 if (gid_valid(prev_gid) &&
121                                     gid_lte(pa->e_gid, prev_gid))
122                                         return -EINVAL;
123                                 prev_gid = pa->e_gid;
124                                 needs_mask = 1;
125                                 break;
126 
127                         case ACL_MASK:
128                                 if (state != ACL_GROUP)
129                                         return -EINVAL;
130                                 state = ACL_OTHER;
131                                 break;
132 
133                         case ACL_OTHER:
134                                 if (state == ACL_OTHER ||
135                                     (state == ACL_GROUP && !needs_mask)) {
136                                         state = 0;
137                                         break;
138                                 }
139                                 return -EINVAL;
140 
141                         default:
142                                 return -EINVAL;
143                 }
144         }
145         if (state == 0)
146                 return 0;
147         return -EINVAL;
148 }

Patch

diff --git a/fs/ext2/acl.h b/fs/ext2/acl.h
index 503bfb0..9af79d0 100644
--- a/fs/ext2/acl.h
+++ b/fs/ext2/acl.h
@@ -25,13 +25,13 @@  typedef struct {
 
 static inline size_t ext2_acl_size(int count)
 {
-	if (count <= 4) {
+	if (count <= ACL_MAX_SHORT_ENTRY) {
 		return sizeof(ext2_acl_header) +
 		       count * sizeof(ext2_acl_entry_short);
 	} else {
 		return sizeof(ext2_acl_header) +
-		       4 * sizeof(ext2_acl_entry_short) +
-		       (count - 4) * sizeof(ext2_acl_entry);
+		       ACL_MAX_SHORT_ENTRY * sizeof(ext2_acl_entry_short) +
+		       (count - ACL_MAX_SHORT_ENTRY) * sizeof(ext2_acl_entry);
 	}
 }
 
@@ -39,7 +39,7 @@  static inline int ext2_acl_count(size_t size)
 {
 	ssize_t s;
 	size -= sizeof(ext2_acl_header);
-	s = size - 4 * sizeof(ext2_acl_entry_short);
+	s = size - ACL_MAX_SHORT_ENTRY * sizeof(ext2_acl_entry_short);
 	if (s < 0) {
 		if (size % sizeof(ext2_acl_entry_short))
 			return -1;
@@ -47,7 +47,7 @@  static inline int ext2_acl_count(size_t size)
 	} else {
 		if (s % sizeof(ext2_acl_entry))
 			return -1;
-		return s / sizeof(ext2_acl_entry) + 4;
+		return s / sizeof(ext2_acl_entry) + ACL_MAX_SHORT_ENTRY;
 	}
 }
 
diff --git a/fs/ext3/acl.h b/fs/ext3/acl.h
index dbc921e..b1cf2c0 100644
--- a/fs/ext3/acl.h
+++ b/fs/ext3/acl.h
@@ -25,13 +25,13 @@  typedef struct {
 
 static inline size_t ext3_acl_size(int count)
 {
-	if (count <= 4) {
+	if (count <= ACL_MAX_SHORT_ENTRY) {
 		return sizeof(ext3_acl_header) +
 		       count * sizeof(ext3_acl_entry_short);
 	} else {
 		return sizeof(ext3_acl_header) +
-		       4 * sizeof(ext3_acl_entry_short) +
-		       (count - 4) * sizeof(ext3_acl_entry);
+		       ACL_MAX_SHORT_ENTRY * sizeof(ext3_acl_entry_short) +
+		       (count - ACL_MAX_SHORT_ENTRY) * sizeof(ext3_acl_entry);
 	}
 }
 
@@ -39,7 +39,7 @@  static inline int ext3_acl_count(size_t size)
 {
 	ssize_t s;
 	size -= sizeof(ext3_acl_header);
-	s = size - 4 * sizeof(ext3_acl_entry_short);
+	s = size - ACL_MAX_SHORT_ENTRY * sizeof(ext3_acl_entry_short);
 	if (s < 0) {
 		if (size % sizeof(ext3_acl_entry_short))
 			return -1;
@@ -47,7 +47,7 @@  static inline int ext3_acl_count(size_t size)
 	} else {
 		if (s % sizeof(ext3_acl_entry))
 			return -1;
-		return s / sizeof(ext3_acl_entry) + 4;
+		return s / sizeof(ext3_acl_entry) + ACL_MAX_SHORT_ENTRY;
 	}
 }
 
diff --git a/fs/ext4/acl.h b/fs/ext4/acl.h
index 18cb39e..66d1fa3 100644
--- a/fs/ext4/acl.h
+++ b/fs/ext4/acl.h
@@ -25,13 +25,13 @@  typedef struct {
 
 static inline size_t ext4_acl_size(int count)
 {
-	if (count <= 4) {
+	if (count <= ACL_MAX_SHORT_ENTRY) {
 		return sizeof(ext4_acl_header) +
 		       count * sizeof(ext4_acl_entry_short);
 	} else {
 		return sizeof(ext4_acl_header) +
-		       4 * sizeof(ext4_acl_entry_short) +
-		       (count - 4) * sizeof(ext4_acl_entry);
+		       ACL_MAX_SHORT_ENTRY * sizeof(ext4_acl_entry_short) +
+		       (count - ACL_MAX_SHORT_ENTRY) * sizeof(ext4_acl_entry);
 	}
 }
 
@@ -39,7 +39,7 @@  static inline int ext4_acl_count(size_t size)
 {
 	ssize_t s;
 	size -= sizeof(ext4_acl_header);
-	s = size - 4 * sizeof(ext4_acl_entry_short);
+	s = size - ACL_MAX_SHORT_ENTRY * sizeof(ext4_acl_entry_short);
 	if (s < 0) {
 		if (size % sizeof(ext4_acl_entry_short))
 			return -1;
@@ -47,7 +47,7 @@  static inline int ext4_acl_count(size_t size)
 	} else {
 		if (s % sizeof(ext4_acl_entry))
 			return -1;
-		return s / sizeof(ext4_acl_entry) + 4;
+		return s / sizeof(ext4_acl_entry) + ACL_MAX_SHORT_ENTRY;
 	}
 }
 
diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
index fed74d1..42e0070 100644
--- a/fs/f2fs/acl.c
+++ b/fs/f2fs/acl.c
@@ -22,13 +22,15 @@ 
 
 static inline size_t f2fs_acl_size(int count)
 {
-	if (count <= 4) {
+	if (count <= ACL_MAX_SHORT_ENTRY) {
 		return sizeof(struct f2fs_acl_header) +
 			count * sizeof(struct f2fs_acl_entry_short);
 	} else {
 		return sizeof(struct f2fs_acl_header) +
-			4 * sizeof(struct f2fs_acl_entry_short) +
-			(count - 4) * sizeof(struct f2fs_acl_entry);
+			ACL_MAX_SHORT_ENTRY
+			 * sizeof(struct f2fs_acl_entry_short) +
+			(count - ACL_MAX_SHORT_ENTRY)
+			 * sizeof(struct f2fs_acl_entry);
 	}
 }
 
@@ -36,7 +38,7 @@  static inline int f2fs_acl_count(size_t size)
 {
 	ssize_t s;
 	size -= sizeof(struct f2fs_acl_header);
-	s = size - 4 * sizeof(struct f2fs_acl_entry_short);
+	s = size - ACL_MAX_SHORT_ENTRY * sizeof(struct f2fs_acl_entry_short);
 	if (s < 0) {
 		if (size % sizeof(struct f2fs_acl_entry_short))
 			return -1;
@@ -44,7 +46,7 @@  static inline int f2fs_acl_count(size_t size)
 	} else {
 		if (s % sizeof(struct f2fs_acl_entry))
 			return -1;
-		return s / sizeof(struct f2fs_acl_entry) + 4;
+		return s / sizeof(struct f2fs_acl_entry) + ACL_MAX_SHORT_ENTRY;
 	}
 }
 
diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
index 223283c..48ef4b8 100644
--- a/fs/jffs2/acl.c
+++ b/fs/jffs2/acl.c
@@ -25,13 +25,15 @@ 
 
 static size_t jffs2_acl_size(int count)
 {
-	if (count <= 4) {
+	if (count <= ACL_MAX_SHORT_ENTRY) {
 		return sizeof(struct jffs2_acl_header)
 		       + count * sizeof(struct jffs2_acl_entry_short);
 	} else {
 		return sizeof(struct jffs2_acl_header)
-		       + 4 * sizeof(struct jffs2_acl_entry_short)
-		       + (count - 4) * sizeof(struct jffs2_acl_entry);
+		       + ACL_MAX_SHORT_ENTRY
+				 * sizeof(struct jffs2_acl_entry_short)
+		       + (count - ACL_MAX_SHORT_ENTRY)
+				 * sizeof(struct jffs2_acl_entry);
 	}
 }
 
@@ -40,15 +42,16 @@  static int jffs2_acl_count(size_t size)
 	size_t s;
 
 	size -= sizeof(struct jffs2_acl_header);
-	if (size < 4 * sizeof(struct jffs2_acl_entry_short)) {
+	if (size < ACL_MAX_SHORT_ENTRY * sizeof(struct jffs2_acl_entry_short)) {
 		if (size % sizeof(struct jffs2_acl_entry_short))
 			return -1;
 		return size / sizeof(struct jffs2_acl_entry_short);
 	} else {
-		s = size - 4 * sizeof(struct jffs2_acl_entry_short);
+		s = size - ACL_MAX_SHORT_ENTRY
+				 * sizeof(struct jffs2_acl_entry_short);
 		if (s % sizeof(struct jffs2_acl_entry))
 			return -1;
-		return s / sizeof(struct jffs2_acl_entry) + 4;
+		return s / sizeof(struct jffs2_acl_entry) + ACL_MAX_SHORT_ENTRY;
 	}
 }
 
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 8bd2135..8cfdebe 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -72,6 +72,14 @@  posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
 
 /*
  * Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
+ *
+ * make sure ACL format is the following:
+ *
+ *   ACL_USER_OBJ ACL_USER*[1] ACL_GROUP_OBJ ACL_GROUP*[1] ACL_MASK[2] ACL_OTHER
+ *
+ *   [1] Where * is the regexp sense of "0 or more times"
+ *   [2] Only if there is at least one ACL_USER or ACL_GROUP tag;
+ *       otherwise skip ACL_MASK.
  */
 int
 posix_acl_valid(const struct posix_acl *acl)
diff --git a/fs/reiserfs/acl.h b/fs/reiserfs/acl.h
index f096b80..cb967a3 100644
--- a/fs/reiserfs/acl.h
+++ b/fs/reiserfs/acl.h
@@ -20,13 +20,13 @@  typedef struct {
 
 static inline size_t reiserfs_acl_size(int count)
 {
-	if (count <= 4) {
+	if (count <= ACL_MAX_SHORT_ENTRY) {
 		return sizeof(reiserfs_acl_header) +
 		    count * sizeof(reiserfs_acl_entry_short);
 	} else {
 		return sizeof(reiserfs_acl_header) +
-		    4 * sizeof(reiserfs_acl_entry_short) +
-		    (count - 4) * sizeof(reiserfs_acl_entry);
+		    ACL_MAX_SHORT_ENTRY * sizeof(reiserfs_acl_entry_short) +
+		    (count - ACL_MAX_SHORT_ENTRY) * sizeof(reiserfs_acl_entry);
 	}
 }
 
@@ -34,7 +34,7 @@  static inline int reiserfs_acl_count(size_t size)
 {
 	ssize_t s;
 	size -= sizeof(reiserfs_acl_header);
-	s = size - 4 * sizeof(reiserfs_acl_entry_short);
+	s = size - ACL_MAX_SHORT_ENTRY * sizeof(reiserfs_acl_entry_short);
 	if (s < 0) {
 		if (size % sizeof(reiserfs_acl_entry_short))
 			return -1;
@@ -42,7 +42,7 @@  static inline int reiserfs_acl_count(size_t size)
 	} else {
 		if (s % sizeof(reiserfs_acl_entry))
 			return -1;
-		return s / sizeof(reiserfs_acl_entry) + 4;
+		return s / sizeof(reiserfs_acl_entry) + ACL_MAX_SHORT_ENTRY;
 	}
 }
 
diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
index 7931efe..2c5609c 100644
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -26,6 +26,14 @@ 
 #define ACL_MASK		(0x10)
 #define ACL_OTHER		(0x20)
 
+/*
+ * posix_acl_valid() makes sure that if there are <= 4 ACL entries, then
+ * all of them are short. Otherwise exactly 4 entries are short ones and
+ * other have full length. See comment before that function for exact ACL
+ * format.
+ */
+#define ACL_MAX_SHORT_ENTRY	4
+
 /* permissions in the e_perm field */
 #define ACL_READ		(0x04)
 #define ACL_WRITE		(0x02)