On Thu, 2008-02-28 at 12:04 +1100, James Morris wrote: > On Wed, 27 Feb 2008, David P. Quigley wrote: > > > +#ifdef CONFIG_SECURITY > > +static inline void nfs_fattr_alloc(struct nfs_fattr *fattr, gfp_t flags) > > +{ > > + fattr->label = kzalloc(NFS4_MAXLABELLEN, flags); > > + if (fattr->label == NULL) > > + panic("Can't allocate security label."); > > + fattr->label_len = NFS4_MAXLABELLEN; > > +} > > A panic here seems like overkill, and also possibly a DoS vector. I > suggest having the calling code handle the allocation failure gracefully. > Good point, I'll put this on the list. I think I remember you mentioned something about this before but it must have slipped through the cracks. > > + > > +#define nfs_fattr_fini(fattr) _nfs_fattr_fini(fattr, __FILE__, __LINE__, __func__) > > +static inline void _nfs_fattr_fini(struct nfs_fattr *fattr, > > + const char *file, int line, const char *func) > > +{ > > + if ((fattr)->label == NULL) { > > + if (fattr->label_len != 0) { > > + printk(KERN_WARNING > > + "%s:%d %s() nfs_fattr label available (%d)\n", > > + file, line, func, > > + fattr->label_len); > > + } > > + } else { > > + if (fattr->label_len == NFS4_MAXLABELLEN) > > + printk(KERN_WARNING > > + "%s:%d %s() nfs_fattr label unused\n", > > + file, line, func); > > + else if (fattr->label_len != (strlen(fattr->label) + 1)) > > + printk(KERN_WARNING > > + "%s:%d %s() nfs_fattr label size mismatch (label_len %d, strlen %d)\n", > > + file, line, func, > > + fattr->label_len, strlen(fattr->label) + 1); > > + > > + kfree(fattr->label); > > + fattr->label = NULL; > > + fattr->label_len = 0; > > + } > > +} > > +#else > > +#define nfs_fattr_alloc(fattr, flags) > > +#define nfs_fattr_fini(fattr) > > +#endif > > Perhaps introduce a debug configuration option for this code. In what way? We can change them to respond to the NFS/NFSD debug variables that are set through proc, or did you have something else in mind? > > > - James - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html