| Message ID | 1368719808-14584-8-git-send-email-SteveD@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, 2013-05-16 at 11:56 -0400, Steve Dickson wrote: > From: David Quigley <dpquigl@davequigley.com> > > In order to mimic the way that NFSv4 ACLs are implemented we have created a > structure to be used to pass label data up and down the call chain. This patch > adds the new structure and new members to the required NFSv4 call structures. > > Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> > Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> > Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> > Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> > --- > fs/nfs/inode.c | 28 ++++++++++++++++++++++++++++ > include/linux/nfs4.h | 7 +++++++ > include/linux/nfs_fs.h | 18 ++++++++++++++++++ > include/linux/nfs_xdr.h | 21 +++++++++++++++++++++ > include/uapi/linux/nfs4.h | 2 +- > 5 files changed, 75 insertions(+), 1 deletion(-) > > diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c > index c1c7a9d..07fcf0b 100644 > --- a/fs/nfs/inode.c > +++ b/fs/nfs/inode.c > @@ -257,6 +257,34 @@ nfs_init_locked(struct inode *inode, void *opaque) > return 0; > } > > +#ifdef CONFIG_NFS_V4_SECURITY_LABEL > +struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags) > +{ > + struct nfs4_label *label = NULL; > + int minor_version = server->nfs_client->cl_minorversion; > + > + if (minor_version < 2) > + return label; > + > + if (!(server->caps & NFS_CAP_SECURITY_LABEL)) > + return label; > + > + label = kzalloc(sizeof(struct nfs4_label), flags); > + if (label == NULL) > + return ERR_PTR(-ENOMEM); > + > + label->label = kzalloc(NFS4_MAXLABELLEN, flags); > + if (label->label == NULL) { > + kfree(label); > + return ERR_PTR(-ENOMEM); > + } > + label->len = NFS4_MAXLABELLEN; > + > + return label; > +} > +EXPORT_SYMBOL_GPL(nfs4_label_alloc); > +#endif > + > /* > * This is our front-end to iget that looks up inodes by file handle > * instead of inode number. > diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h > index 4204600..e3698cd 100644 > --- a/include/linux/nfs4.h > +++ b/include/linux/nfs4.h > @@ -32,6 +32,13 @@ struct nfs4_acl { > struct nfs4_ace aces[0]; > }; > > +struct nfs4_label { > + uint32_t lfs; > + uint32_t pi; > + u32 len; > + char *label; > +}; > + > typedef struct { char data[NFS4_VERIFIER_SIZE]; } nfs4_verifier; > > struct nfs_stateid4 { > diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h > index fc01d5c..39b2404 100644 > --- a/include/linux/nfs_fs.h > +++ b/include/linux/nfs_fs.h > @@ -497,6 +497,24 @@ extern int nfs_mountpoint_expiry_timeout; > extern void nfs_release_automount_timer(void); > > /* > + * linux/fs/nfs/nfs4proc.c > + */ > +#ifdef CONFIG_NFS_V4_SECURITY_LABEL > +extern struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags); > +static inline void nfs4_label_free(struct nfs4_label *label) > +{ > + if (label) { > + kfree(label->label); > + kfree(label); > + } > + return; > +} > +#else > +static inline struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags) { return NULL; } > +static inline void nfs4_label_free(void *label) {} > +#endif > + > +/* > * linux/fs/nfs/unlink.c > */ > extern void nfs_complete_unlink(struct dentry *dentry, struct inode *); > diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h > index bfdf6e0..2c13d43 100644 > --- a/include/linux/nfs_xdr.h > +++ b/include/linux/nfs_xdr.h > @@ -349,6 +349,7 @@ struct nfs_openargs { > const u32 * open_bitmap; > __u32 claim; > enum createmode4 createmode; > + const struct nfs4_label *label; > }; > > struct nfs_openres { > @@ -358,6 +359,7 @@ struct nfs_openres { > struct nfs4_change_info cinfo; > __u32 rflags; > struct nfs_fattr * f_attr; > + struct nfs4_label *f_label; > struct nfs_seqid * seqid; > const struct nfs_server *server; > fmode_t delegation_type; > @@ -402,6 +404,7 @@ struct nfs_closeres { > struct nfs4_sequence_res seq_res; > nfs4_stateid stateid; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > struct nfs_seqid * seqid; > const struct nfs_server *server; > }; > @@ -475,6 +478,7 @@ struct nfs4_delegreturnargs { > struct nfs4_delegreturnres { > struct nfs4_sequence_res seq_res; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > const struct nfs_server *server; > }; > > @@ -496,6 +500,7 @@ struct nfs_readargs { > struct nfs_readres { > struct nfs4_sequence_res seq_res; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > __u32 count; > int eof; > }; > @@ -565,6 +570,7 @@ struct nfs_removeres { > struct nfs4_sequence_res seq_res; > const struct nfs_server *server; > struct nfs_fattr *dir_attr; > + struct nfs4_label *dir_label; > struct nfs4_change_info cinfo; > }; > > @@ -577,6 +583,8 @@ struct nfs_renameargs { > const struct nfs_fh *new_dir; > const struct qstr *old_name; > const struct qstr *new_name; > + const struct nfs4_label *old_label; > + const struct nfs4_label *new_label; > }; > > struct nfs_renameres { > @@ -584,8 +592,10 @@ struct nfs_renameres { > const struct nfs_server *server; > struct nfs4_change_info old_cinfo; > struct nfs_fattr *old_fattr; > + struct nfs4_label *old_label; > struct nfs4_change_info new_cinfo; > struct nfs_fattr *new_fattr; > + struct nfs4_label *new_label; > }; > > /* > @@ -600,6 +610,7 @@ struct nfs_entry { > int eof; > struct nfs_fh * fh; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > unsigned char d_type; > struct nfs_server * server; > }; > @@ -632,6 +643,7 @@ struct nfs_setattrargs { > struct iattr * iap; > const struct nfs_server * server; /* Needed for name mapping */ > const u32 * bitmask; > + const struct nfs4_label *label; > }; > > struct nfs_setaclargs { > @@ -667,6 +679,7 @@ struct nfs_getaclres { > struct nfs_setattrres { > struct nfs4_sequence_res seq_res; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > const struct nfs_server * server; > }; > > @@ -712,6 +725,7 @@ struct nfs3_setaclargs { > struct nfs_diropok { > struct nfs_fh * fh; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > }; > > struct nfs_readlinkargs { > @@ -842,6 +856,7 @@ struct nfs4_accessres { > struct nfs4_sequence_res seq_res; > const struct nfs_server * server; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > u32 supported; > u32 access; > }; > @@ -864,6 +879,7 @@ struct nfs4_create_arg { > const struct iattr * attrs; > const struct nfs_fh * dir_fh; > const u32 * bitmask; > + const struct nfs4_label *label; > }; > > struct nfs4_create_res { > @@ -871,6 +887,7 @@ struct nfs4_create_res { > const struct nfs_server * server; > struct nfs_fh * fh; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > struct nfs4_change_info dir_cinfo; > }; > > @@ -895,6 +912,7 @@ struct nfs4_getattr_res { > struct nfs4_sequence_res seq_res; > const struct nfs_server * server; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > }; > > struct nfs4_link_arg { > @@ -909,8 +927,10 @@ struct nfs4_link_res { > struct nfs4_sequence_res seq_res; > const struct nfs_server * server; > struct nfs_fattr * fattr; > + struct nfs4_label *label; > struct nfs4_change_info cinfo; > struct nfs_fattr * dir_attr; > + struct nfs4_label *dir_label; I thought we were getting rid of all these unnecessary dir_labels etc.? We agreed that we don't need to read labels on link, remove, readlink etc. > }; > > > @@ -926,6 +946,7 @@ struct nfs4_lookup_res { > const struct nfs_server * server; > struct nfs_fattr * fattr; > struct nfs_fh * fh; > + struct nfs4_label *label; > }; > > struct nfs4_lookup_root_arg { > diff --git a/include/uapi/linux/nfs4.h b/include/uapi/linux/nfs4.h > index 788128e..78d25b5 100644 > --- a/include/uapi/linux/nfs4.h > +++ b/include/uapi/linux/nfs4.h > @@ -25,7 +25,7 @@ > #define NFS4_MAXNAMLEN NAME_MAX > #define NFS4_OPAQUE_LIMIT 1024 > #define NFS4_MAX_SESSIONID_LEN 16 > - > +#define NFS4_MAXLABELLEN 2048 Why does this belong in the uapi? > #define NFS4_ACCESS_READ 0x0001 > #define NFS4_ACCESS_LOOKUP 0x0002 > #define NFS4_ACCESS_MODIFY 0x0004
On 20/05/13 15:12, Myklebust, Trond wrote: >> diff --git a/include/uapi/linux/nfs4.h b/include/uapi/linux/nfs4.h >> > index 788128e..78d25b5 100644 >> > --- a/include/uapi/linux/nfs4.h >> > +++ b/include/uapi/linux/nfs4.h >> > @@ -25,7 +25,7 @@ >> > #define NFS4_MAXNAMLEN NAME_MAX >> > #define NFS4_OPAQUE_LIMIT 1024 >> > #define NFS4_MAX_SESSIONID_LEN 16 >> > - >> > +#define NFS4_MAXLABELLEN 2048 > Why does this belong in the uapi? > Where do you want it? steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> -----Original Message----- > From: Steve Dickson [mailto:SteveD@redhat.com] > Sent: Tuesday, May 21, 2013 2:53 PM > To: Myklebust, Trond > Cc: David P. Quigley; Linux NFS list; Linux FS devel list; Linux Security List; > SELinux List > Subject: Re: [PATCH 07/13] NFSv4: Introduce new label structure > > > > On 20/05/13 15:12, Myklebust, Trond wrote: > >> diff --git a/include/uapi/linux/nfs4.h b/include/uapi/linux/nfs4.h > >> > index 788128e..78d25b5 100644 > >> > --- a/include/uapi/linux/nfs4.h > >> > +++ b/include/uapi/linux/nfs4.h > >> > @@ -25,7 +25,7 @@ > >> > #define NFS4_MAXNAMLEN NAME_MAX > >> > #define NFS4_OPAQUE_LIMIT 1024 > >> > #define NFS4_MAX_SESSIONID_LEN 16 > >> > - > >> > +#define NFS4_MAXLABELLEN 2048 > > Why does this belong in the uapi? > > > Where do you want it? Just put it in the kernel-only include/linux/nfs4.h Thanks Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index c1c7a9d..07fcf0b 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -257,6 +257,34 @@ nfs_init_locked(struct inode *inode, void *opaque) return 0; } +#ifdef CONFIG_NFS_V4_SECURITY_LABEL +struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags) +{ + struct nfs4_label *label = NULL; + int minor_version = server->nfs_client->cl_minorversion; + + if (minor_version < 2) + return label; + + if (!(server->caps & NFS_CAP_SECURITY_LABEL)) + return label; + + label = kzalloc(sizeof(struct nfs4_label), flags); + if (label == NULL) + return ERR_PTR(-ENOMEM); + + label->label = kzalloc(NFS4_MAXLABELLEN, flags); + if (label->label == NULL) { + kfree(label); + return ERR_PTR(-ENOMEM); + } + label->len = NFS4_MAXLABELLEN; + + return label; +} +EXPORT_SYMBOL_GPL(nfs4_label_alloc); +#endif + /* * This is our front-end to iget that looks up inodes by file handle * instead of inode number. diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h index 4204600..e3698cd 100644 --- a/include/linux/nfs4.h +++ b/include/linux/nfs4.h @@ -32,6 +32,13 @@ struct nfs4_acl { struct nfs4_ace aces[0]; }; +struct nfs4_label { + uint32_t lfs; + uint32_t pi; + u32 len; + char *label; +}; + typedef struct { char data[NFS4_VERIFIER_SIZE]; } nfs4_verifier; struct nfs_stateid4 { diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h index fc01d5c..39b2404 100644 --- a/include/linux/nfs_fs.h +++ b/include/linux/nfs_fs.h @@ -497,6 +497,24 @@ extern int nfs_mountpoint_expiry_timeout; extern void nfs_release_automount_timer(void); /* + * linux/fs/nfs/nfs4proc.c + */ +#ifdef CONFIG_NFS_V4_SECURITY_LABEL +extern struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags); +static inline void nfs4_label_free(struct nfs4_label *label) +{ + if (label) { + kfree(label->label); + kfree(label); + } + return; +} +#else +static inline struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags) { return NULL; } +static inline void nfs4_label_free(void *label) {} +#endif + +/* * linux/fs/nfs/unlink.c */ extern void nfs_complete_unlink(struct dentry *dentry, struct inode *); diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index bfdf6e0..2c13d43 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h @@ -349,6 +349,7 @@ struct nfs_openargs { const u32 * open_bitmap; __u32 claim; enum createmode4 createmode; + const struct nfs4_label *label; }; struct nfs_openres { @@ -358,6 +359,7 @@ struct nfs_openres { struct nfs4_change_info cinfo; __u32 rflags; struct nfs_fattr * f_attr; + struct nfs4_label *f_label; struct nfs_seqid * seqid; const struct nfs_server *server; fmode_t delegation_type; @@ -402,6 +404,7 @@ struct nfs_closeres { struct nfs4_sequence_res seq_res; nfs4_stateid stateid; struct nfs_fattr * fattr; + struct nfs4_label *label; struct nfs_seqid * seqid; const struct nfs_server *server; }; @@ -475,6 +478,7 @@ struct nfs4_delegreturnargs { struct nfs4_delegreturnres { struct nfs4_sequence_res seq_res; struct nfs_fattr * fattr; + struct nfs4_label *label; const struct nfs_server *server; }; @@ -496,6 +500,7 @@ struct nfs_readargs { struct nfs_readres { struct nfs4_sequence_res seq_res; struct nfs_fattr * fattr; + struct nfs4_label *label; __u32 count; int eof; }; @@ -565,6 +570,7 @@ struct nfs_removeres { struct nfs4_sequence_res seq_res; const struct nfs_server *server; struct nfs_fattr *dir_attr; + struct nfs4_label *dir_label; struct nfs4_change_info cinfo; }; @@ -577,6 +583,8 @@ struct nfs_renameargs { const struct nfs_fh *new_dir; const struct qstr *old_name; const struct qstr *new_name; + const struct nfs4_label *old_label; + const struct nfs4_label *new_label; }; struct nfs_renameres { @@ -584,8 +592,10 @@ struct nfs_renameres { const struct nfs_server *server; struct nfs4_change_info old_cinfo; struct nfs_fattr *old_fattr; + struct nfs4_label *old_label; struct nfs4_change_info new_cinfo; struct nfs_fattr *new_fattr; + struct nfs4_label *new_label; }; /* @@ -600,6 +610,7 @@ struct nfs_entry { int eof; struct nfs_fh * fh; struct nfs_fattr * fattr; + struct nfs4_label *label; unsigned char d_type; struct nfs_server * server; }; @@ -632,6 +643,7 @@ struct nfs_setattrargs { struct iattr * iap; const struct nfs_server * server; /* Needed for name mapping */ const u32 * bitmask; + const struct nfs4_label *label; }; struct nfs_setaclargs { @@ -667,6 +679,7 @@ struct nfs_getaclres { struct nfs_setattrres { struct nfs4_sequence_res seq_res; struct nfs_fattr * fattr; + struct nfs4_label *label; const struct nfs_server * server; }; @@ -712,6 +725,7 @@ struct nfs3_setaclargs { struct nfs_diropok { struct nfs_fh * fh; struct nfs_fattr * fattr; + struct nfs4_label *label; }; struct nfs_readlinkargs { @@ -842,6 +856,7 @@ struct nfs4_accessres { struct nfs4_sequence_res seq_res; const struct nfs_server * server; struct nfs_fattr * fattr; + struct nfs4_label *label; u32 supported; u32 access; }; @@ -864,6 +879,7 @@ struct nfs4_create_arg { const struct iattr * attrs; const struct nfs_fh * dir_fh; const u32 * bitmask; + const struct nfs4_label *label; }; struct nfs4_create_res { @@ -871,6 +887,7 @@ struct nfs4_create_res { const struct nfs_server * server; struct nfs_fh * fh; struct nfs_fattr * fattr; + struct nfs4_label *label; struct nfs4_change_info dir_cinfo; }; @@ -895,6 +912,7 @@ struct nfs4_getattr_res { struct nfs4_sequence_res seq_res; const struct nfs_server * server; struct nfs_fattr * fattr; + struct nfs4_label *label; }; struct nfs4_link_arg { @@ -909,8 +927,10 @@ struct nfs4_link_res { struct nfs4_sequence_res seq_res; const struct nfs_server * server; struct nfs_fattr * fattr; + struct nfs4_label *label; struct nfs4_change_info cinfo; struct nfs_fattr * dir_attr; + struct nfs4_label *dir_label; }; @@ -926,6 +946,7 @@ struct nfs4_lookup_res { const struct nfs_server * server; struct nfs_fattr * fattr; struct nfs_fh * fh; + struct nfs4_label *label; }; struct nfs4_lookup_root_arg { diff --git a/include/uapi/linux/nfs4.h b/include/uapi/linux/nfs4.h index 788128e..78d25b5 100644 --- a/include/uapi/linux/nfs4.h +++ b/include/uapi/linux/nfs4.h @@ -25,7 +25,7 @@ #define NFS4_MAXNAMLEN NAME_MAX #define NFS4_OPAQUE_LIMIT 1024 #define NFS4_MAX_SESSIONID_LEN 16 - +#define NFS4_MAXLABELLEN 2048 #define NFS4_ACCESS_READ 0x0001 #define NFS4_ACCESS_LOOKUP 0x0002 #define NFS4_ACCESS_MODIFY 0x0004