On Mon, Nov 12, 2012 at 10:32:56AM -0500, David P. Quigley wrote: > On 11/12/2012 10:13 AM, J. Bruce Fields wrote: > >On Mon, Nov 12, 2012 at 01:15:41AM -0500, David Quigley wrote: > >>From: David Quigley<dpquigl@xxxxxxxxxxxxxxx> > >> > >>In order to mimic the way that NFSv4 ACLs are implemented we have created a > >>structure to be used to pass label data up and down the call chain. This patch > >>adds the new structure and new members to the required NFSv4 call structures. > >> > >>Signed-off-by: Matthew N. Dodd<Matthew.Dodd@xxxxxxxxxx> > >>Signed-off-by: Miguel Rodel Felipe<Rodel_FM@xxxxxxxxxxxxxxxxx> > >>Signed-off-by: Phua Eu Gene<PHUA_Eu_Gene@xxxxxxxxxxxxxxxxx> > >>Signed-off-by: Khin Mi Mi Aung<Mi_Mi_AUNG@xxxxxxxxxxxxxxxxx> > >>Signed-off-by: David Quigley<dpquigl@xxxxxxxxxxxxxxx> > >>--- > >> fs/nfs/inode.c | 40 ++++++++++++++++++++++++++++++++++++++++ > >> fs/nfsd/xdr4.h | 3 +++ > >> include/linux/nfs4.h | 8 ++++++++ > >> include/linux/nfs_fs.h | 14 ++++++++++++++ > >> include/linux/nfs_xdr.h | 20 ++++++++++++++++++++ > >> 5 files changed, 85 insertions(+) > >> > >>diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c > >>index 5c7325c..0963ad9 100644 > >>--- a/fs/nfs/inode.c > >>+++ b/fs/nfs/inode.c > >>@@ -246,6 +246,46 @@ nfs_init_locked(struct inode *inode, void *opaque) > >> return 0; > >> } > >> > >>+#ifdef CONFIG_NFS_V4_SECURITY_LABEL > >>+struct nfs4_label *nfs4_label_alloc(gfp_t flags) > >>+{ > >>+ struct nfs4_label *label = NULL; > >>+ > >>+ label = kzalloc(sizeof(struct nfs4_label) + NFS4_MAXLABELLEN, flags); > >NFS4_MAXLABELLEN is 4096, but we usually try to avoid allocating more > >than that in a single allocation. > > Should we make this smaller? I figured a page would be a good upper bound. If we could make it small enough so that the above fits in 4096 bytes that would be easier. (What does the protocol say? On a quick glance it doesn't seem to impose a limit.) > >>+ label->label = (void *)(label + 1); > >>+ label->len = NFS4_MAXLABELLEN; > >>+ /* 0 is the null format meaning that the data is not to be translated */ > >>+ label->lfs = 0; > >>+ label->pi = 0; > >What's "pi"? > > > >--b. > > In the LFS document we talk about how a policy identifier is a > recommended field. It isn't implemented yet as we're setting both > the LFS and the PI to 0 but I added it for when we put the LFS > mapping daemon in next. The idea is that even though we have a label > and we specify the format with the LFS we need to identify what > version of policy it is so we can ensure that the actual meaning of > a value is correct. And, my bad, this is in the spec--sorry, I need to go study it. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html