From patchwork Mon Feb 18 18:47:48 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Dickson X-Patchwork-Id: 2159981 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 37804DF25A for ; Mon, 18 Feb 2013 18:50:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754854Ab3BRSuW (ORCPT ); Mon, 18 Feb 2013 13:50:22 -0500 Received: from mx1.redhat.com ([209.132.183.28]:47055 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754304Ab3BRSsN (ORCPT ); Mon, 18 Feb 2013 13:48:13 -0500 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r1IImAmR020839 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 18 Feb 2013 13:48:11 -0500 Received: from bighat.boston.devel.redhat.com ([10.16.60.55]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id r1IIlu7Q018337; Mon, 18 Feb 2013 13:48:09 -0500 From: Steve Dickson To: Trond Myklebust , "J. Bruce Fields" , "David P. Quigley" Cc: Linux NFS list , Linux FS devel list , Linux Security List , SELinux List Subject: [PATCH 06/14] NFSv4: Introduce new label structure Date: Mon, 18 Feb 2013 13:47:48 -0500 Message-Id: <1361213276-17962-7-git-send-email-SteveD@redhat.com> In-Reply-To: <1361213276-17962-1-git-send-email-SteveD@redhat.com> References: <1361213276-17962-1-git-send-email-SteveD@redhat.com> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.12 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: David Quigley In order to mimic the way that NFSv4 ACLs are implemented we have created a structure to be used to pass label data up and down the call chain. This patch adds the new structure and new members to the required NFSv4 call structures. Signed-off-by: Matthew N. Dodd Signed-off-by: Miguel Rodel Felipe Signed-off-by: Phua Eu Gene Signed-off-by: Khin Mi Mi Aung --- fs/nfs/inode.c | 24 ++++++++++++++++++++++++ include/linux/nfs4.h | 7 +++++++ include/linux/nfs_fs.h | 18 ++++++++++++++++++ include/linux/nfs_xdr.h | 21 +++++++++++++++++++++ include/uapi/linux/nfs4.h | 2 +- 5 files changed, 71 insertions(+), 1 deletion(-) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index ebeb94c..2a61eba 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -255,6 +255,30 @@ nfs_init_locked(struct inode *inode, void *opaque) return 0; } +#ifdef CONFIG_NFS_V4_SECURITY_LABEL +struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags) +{ + struct nfs4_label *label = NULL; + + if (!(server->caps & NFS_CAP_SECURITY_LABEL)) + return label; + + label = kzalloc(sizeof(struct nfs4_label), flags); + if (label == NULL) + return ERR_PTR(-ENOMEM); + + label->label = kzalloc(NFS4_MAXLABELLEN, flags); + if (label->label == NULL) { + kfree(label); + return ERR_PTR(-ENOMEM); + } + label->len = NFS4_MAXLABELLEN; + + return label; +} +EXPORT_SYMBOL_GPL(nfs4_label_alloc); +#endif + /* * This is our front-end to iget that looks up inodes by file handle * instead of inode number. diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h index f9235b4..aab8bd8 100644 --- a/include/linux/nfs4.h +++ b/include/linux/nfs4.h @@ -28,6 +28,13 @@ struct nfs4_acl { struct nfs4_ace aces[0]; }; +struct nfs4_label { + uint32_t lfs; + uint32_t pi; + u32 len; + char *label; +}; + typedef struct { char data[NFS4_VERIFIER_SIZE]; } nfs4_verifier; struct nfs_stateid4 { diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h index 1cc2568..e0e1806 100644 --- a/include/linux/nfs_fs.h +++ b/include/linux/nfs_fs.h @@ -489,6 +489,24 @@ extern int nfs_mountpoint_expiry_timeout; extern void nfs_release_automount_timer(void); /* + * linux/fs/nfs/nfs4proc.c + */ +#ifdef CONFIG_NFS_V4_SECURITY_LABEL +extern struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags); +static inline void nfs4_label_free(struct nfs4_label *label) +{ + if (label) { + kfree(label->label); + kfree(label); + } + return; +} +#else +static inline struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags) { return NULL; } +static inline void nfs4_label_free(void *label) {} +#endif + +/* * linux/fs/nfs/unlink.c */ extern void nfs_complete_unlink(struct dentry *dentry, struct inode *); diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index ac9ba69..7e86290 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h @@ -350,6 +350,7 @@ struct nfs_openargs { const u32 * bitmask; const u32 * open_bitmap; __u32 claim; + const struct nfs4_label *label; }; struct nfs_openres { @@ -359,6 +360,7 @@ struct nfs_openres { struct nfs4_change_info cinfo; __u32 rflags; struct nfs_fattr * f_attr; + struct nfs4_label *f_label; struct nfs_seqid * seqid; const struct nfs_server *server; fmode_t delegation_type; @@ -403,6 +405,7 @@ struct nfs_closeres { struct nfs4_sequence_res seq_res; nfs4_stateid stateid; struct nfs_fattr * fattr; + struct nfs4_label *label; struct nfs_seqid * seqid; const struct nfs_server *server; }; @@ -476,6 +479,7 @@ struct nfs4_delegreturnargs { struct nfs4_delegreturnres { struct nfs4_sequence_res seq_res; struct nfs_fattr * fattr; + struct nfs4_label *label; const struct nfs_server *server; }; @@ -496,6 +500,7 @@ struct nfs_readargs { struct nfs_readres { struct nfs4_sequence_res seq_res; struct nfs_fattr * fattr; + struct nfs4_label *label; __u32 count; int eof; }; @@ -564,6 +569,7 @@ struct nfs_removeres { struct nfs4_sequence_res seq_res; const struct nfs_server *server; struct nfs_fattr *dir_attr; + struct nfs4_label *dir_label; struct nfs4_change_info cinfo; }; @@ -576,6 +582,8 @@ struct nfs_renameargs { const struct nfs_fh *new_dir; const struct qstr *old_name; const struct qstr *new_name; + const struct nfs4_label *old_label; + const struct nfs4_label *new_label; }; struct nfs_renameres { @@ -583,8 +591,10 @@ struct nfs_renameres { const struct nfs_server *server; struct nfs4_change_info old_cinfo; struct nfs_fattr *old_fattr; + struct nfs4_label *old_label; struct nfs4_change_info new_cinfo; struct nfs_fattr *new_fattr; + struct nfs4_label *new_label; }; /* @@ -599,6 +609,7 @@ struct nfs_entry { int eof; struct nfs_fh * fh; struct nfs_fattr * fattr; + struct nfs4_label *label; unsigned char d_type; struct nfs_server * server; }; @@ -631,6 +642,7 @@ struct nfs_setattrargs { struct iattr * iap; const struct nfs_server * server; /* Needed for name mapping */ const u32 * bitmask; + const struct nfs4_label *label; }; struct nfs_setaclargs { @@ -666,6 +678,7 @@ struct nfs_getaclres { struct nfs_setattrres { struct nfs4_sequence_res seq_res; struct nfs_fattr * fattr; + struct nfs4_label *label; const struct nfs_server * server; }; @@ -711,6 +724,7 @@ struct nfs3_setaclargs { struct nfs_diropok { struct nfs_fh * fh; struct nfs_fattr * fattr; + struct nfs4_label *label; }; struct nfs_readlinkargs { @@ -841,6 +855,7 @@ struct nfs4_accessres { struct nfs4_sequence_res seq_res; const struct nfs_server * server; struct nfs_fattr * fattr; + struct nfs4_label *label; u32 supported; u32 access; }; @@ -863,6 +878,7 @@ struct nfs4_create_arg { const struct iattr * attrs; const struct nfs_fh * dir_fh; const u32 * bitmask; + const struct nfs4_label *label; }; struct nfs4_create_res { @@ -870,6 +886,7 @@ struct nfs4_create_res { const struct nfs_server * server; struct nfs_fh * fh; struct nfs_fattr * fattr; + struct nfs4_label *label; struct nfs4_change_info dir_cinfo; }; @@ -894,6 +911,7 @@ struct nfs4_getattr_res { struct nfs4_sequence_res seq_res; const struct nfs_server * server; struct nfs_fattr * fattr; + struct nfs4_label *label; }; struct nfs4_link_arg { @@ -908,8 +926,10 @@ struct nfs4_link_res { struct nfs4_sequence_res seq_res; const struct nfs_server * server; struct nfs_fattr * fattr; + struct nfs4_label *label; struct nfs4_change_info cinfo; struct nfs_fattr * dir_attr; + struct nfs4_label *dir_label; }; @@ -925,6 +945,7 @@ struct nfs4_lookup_res { const struct nfs_server * server; struct nfs_fattr * fattr; struct nfs_fh * fh; + struct nfs4_label *label; }; struct nfs4_lookup_root_arg { diff --git a/include/uapi/linux/nfs4.h b/include/uapi/linux/nfs4.h index 788128e..19a7b6d 100644 --- a/include/uapi/linux/nfs4.h +++ b/include/uapi/linux/nfs4.h @@ -25,7 +25,7 @@ #define NFS4_MAXNAMLEN NAME_MAX #define NFS4_OPAQUE_LIMIT 1024 #define NFS4_MAX_SESSIONID_LEN 16 - +#define NFS4_MAXLABELLEN 128 #define NFS4_ACCESS_READ 0x0001 #define NFS4_ACCESS_LOOKUP 0x0002 #define NFS4_ACCESS_MODIFY 0x0004