On Mon, Nov 12, 2012 at 10:32:56AM -0500, David P. Quigley wrote:
> On 11/12/2012 10:13 AM, J. Bruce Fields wrote:
> >On Mon, Nov 12, 2012 at 01:15:41AM -0500, David Quigley wrote:
> >>From: David Quigley<dpquigl@xxxxxxxxxxxxxxx>
> >>
> >>In order to mimic the way that NFSv4 ACLs are implemented we have created a
> >>structure to be used to pass label data up and down the call chain. This patch
> >>adds the new structure and new members to the required NFSv4 call structures.
> >>
> >>Signed-off-by: Matthew N. Dodd<Matthew.Dodd@xxxxxxxxxx>
> >>Signed-off-by: Miguel Rodel Felipe<Rodel_FM@xxxxxxxxxxxxxxxxx>
> >>Signed-off-by: Phua Eu Gene<PHUA_Eu_Gene@xxxxxxxxxxxxxxxxx>
> >>Signed-off-by: Khin Mi Mi Aung<Mi_Mi_AUNG@xxxxxxxxxxxxxxxxx>
> >>Signed-off-by: David Quigley<dpquigl@xxxxxxxxxxxxxxx>
> >>---
> >> fs/nfs/inode.c | 40 ++++++++++++++++++++++++++++++++++++++++
> >> fs/nfsd/xdr4.h | 3 +++
> >> include/linux/nfs4.h | 8 ++++++++
> >> include/linux/nfs_fs.h | 14 ++++++++++++++
> >> include/linux/nfs_xdr.h | 20 ++++++++++++++++++++
> >> 5 files changed, 85 insertions(+)
> >>
> >>diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
> >>index 5c7325c..0963ad9 100644
> >>--- a/fs/nfs/inode.c
> >>+++ b/fs/nfs/inode.c
> >>@@ -246,6 +246,46 @@ nfs_init_locked(struct inode *inode, void *opaque)
> >> return 0;
> >> }
> >>
> >>+#ifdef CONFIG_NFS_V4_SECURITY_LABEL
> >>+struct nfs4_label *nfs4_label_alloc(gfp_t flags)
> >>+{
> >>+ struct nfs4_label *label = NULL;
> >>+
> >>+ label = kzalloc(sizeof(struct nfs4_label) + NFS4_MAXLABELLEN, flags);
> >NFS4_MAXLABELLEN is 4096, but we usually try to avoid allocating more
> >than that in a single allocation.
>
> Should we make this smaller? I figured a page would be a good upper bound.
If we could make it small enough so that the above fits in 4096 bytes
that would be easier.
(What does the protocol say? On a quick glance it doesn't seem to
impose a limit.)
> >>+ label->label = (void *)(label + 1);
> >>+ label->len = NFS4_MAXLABELLEN;
> >>+ /* 0 is the null format meaning that the data is not to be translated */
> >>+ label->lfs = 0;
> >>+ label->pi = 0;
> >What's "pi"?
> >
> >--b.
>
> In the LFS document we talk about how a policy identifier is a
> recommended field. It isn't implemented yet as we're setting both
> the LFS and the PI to 0 but I added it for when we put the LFS
> mapping daemon in next. The idea is that even though we have a label
> and we specify the format with the LFS we need to identify what
> version of policy it is so we can ensure that the actual meaning of
> a value is correct.
And, my bad, this is in the spec--sorry, I need to go study it.
--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
