Currently, we fetch the security label when revalidating an inode's
attributes, but don't apply it. This is in contrast to the readdir()
codepath where we do apply label changes.
Cc: Dave Quigley <[email protected]>
Signed-off-by: Jeff Layton <[email protected]>
---
fs/nfs/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index 4bc7538..6ae6160 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -923,6 +923,8 @@ __nfs_revalidate_inode(struct nfs_server *server, struct inode *inode)
if (nfsi->cache_validity & NFS_INO_INVALID_ACL)
nfs_zap_acl_cache(inode);
+ nfs_setsecurity(inode, fattr, label);
+
dfprintk(PAGECACHE, "NFS: (%s/%Ld) revalidation complete\n",
inode->i_sb->s_id,
(long long)NFS_FILEID(inode));
--
1.8.3.1
On Sun, 3 Nov 2013 05:14:38 -0500
Jeff Layton <[email protected]> wrote:
> On Sun, 3 Nov 2013 02:23:29 +0000
> "Myklebust, Trond" <[email protected]> wrote:
>
> >
> > On Nov 2, 2013, at 6:57, Jeff Layton <[email protected]> wrote:
> >
> > > Currently, we fetch the security label when revalidating an inode's
> > > attributes, but don't apply it. This is in contrast to the readdir()
> > > codepath where we do apply label changes.
> >
> > OK. Why should we not just throw out the code that fetches the security label here?
> >
> > IOW: what is the caching model that is being implemented in this patch; is it just ?fetch label at random intervals? or is there real method to the madness?
> >
> > Trond
>
> I think that we should apply the new security label as soon as we
> realize that it has changed. Why should we treat the security label
> differently from any other inode attribute (e.g. ownership or mode)?
>
Ok, I think I understand what you're getting at now that I've had a cup
of coffee ;)
I guess you're pointing out a problem with the overall model, given that
the current implementation doesn't send anything in the RPC to denote
the security context of the client's task?
It's a fair point, and not one I have a great answer for. I think that
you're correct that for the most part that they won't change. But when
they do, what's to be gained by ignoring that?
They'll never be permanent anyway...as soon as the inode gets tossed
out of the cache or the client reboots then you'll see the change on
the next access of it.
--
Jeff Layton <[email protected]>
On Sun, 3 Nov 2013 02:23:29 +0000
"Myklebust, Trond" <[email protected]> wrote:
>
> On Nov 2, 2013, at 6:57, Jeff Layton <[email protected]> wrote:
>
> > Currently, we fetch the security label when revalidating an inode's
> > attributes, but don't apply it. This is in contrast to the readdir()
> > codepath where we do apply label changes.
>
> OK. Why should we not just throw out the code that fetches the security label here?
>
> IOW: what is the caching model that is being implemented in this patch; is it just ?fetch label at random intervals? or is there real method to the madness?
>
> Trond
I think that we should apply the new security label as soon as we
realize that it has changed. Why should we treat the security label
differently from any other inode attribute (e.g. ownership or mode)?
--
Jeff Layton <[email protected]>
On Mon, 4 Nov 2013 19:20:09 +0000
"Myklebust, Trond" <[email protected]> wrote:
> AFAICS from draft-ietf-nfsv4-minorversion2-20.txt, the ?sec_label? attribute has Id == 80.
>
> Shouldn?t that mean that FATTR4_WORD2_SECURITY_LABEL should take the value (1 << (80-64))?
>
> i.e.
>
> #define FATTR4_WORD2_SECURITY_LABEL (1UL << 16)
>
> instead of the current value of (1UL << 17)?
>
> Trond
>
Yeah, that does look wrong. Well spotted!
Just to sanity check, the mdsthreshold bit is listed as bit 68 in
RFC5661:
#define FATTR4_WORD2_MDSTHRESHOLD (1UL << 4)
...so if we assume that that's correct, then
FATTR4_WORD2_SECURITY_LABEL is really set to the value for
change_sec_label...
--
Jeff Layton <[email protected]>
On 11/2/2013 6:57 AM, Jeff Layton wrote:
> Currently, we fetch the security label when revalidating an inode's
> attributes, but don't apply it. This is in contrast to the readdir()
> codepath where we do apply label changes.
>
> Cc: Dave Quigley <[email protected]>
> Signed-off-by: Jeff Layton <[email protected]>
> ---
> fs/nfs/inode.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
> index 4bc7538..6ae6160 100644
> --- a/fs/nfs/inode.c
> +++ b/fs/nfs/inode.c
> @@ -923,6 +923,8 @@ __nfs_revalidate_inode(struct nfs_server *server, struct inode *inode)
> if (nfsi->cache_validity & NFS_INO_INVALID_ACL)
> nfs_zap_acl_cache(inode);
>
> + nfs_setsecurity(inode, fattr, label);
> +
> dfprintk(PAGECACHE, "NFS: (%s/%Ld) revalidation complete\n",
> inode->i_sb->s_id,
> (long long)NFS_FILEID(inode));
>
I'm pretty sure (almost 100000%) that this was originally in the patch
set and it got lost somewhere. So You have an ACK from me on it.
Dave
On Nov 2, 2013, at 6:57, Jeff Layton <[email protected]> wrote:
> Currently, we fetch the security label when revalidating an inode's
> attributes, but don't apply it. This is in contrast to the readdir()
> codepath where we do apply label changes.
OK. Why should we not just throw out the code that fetches the security label here?
IOW: what is the caching model that is being implemented in this patch; is it just ?fetch label at random intervals? or is there real method to the madness?
Trond
On 02/11/13 22:23, Myklebust, Trond wrote:
>
> On Nov 2, 2013, at 6:57, Jeff Layton <[email protected]> wrote:
>
>> Currently, we fetch the security label when revalidating an inode's
>> attributes, but don't apply it. This is in contrast to the readdir()
>> codepath where we do apply label changes.
>
> OK. Why should we not just throw out the code that fetches the security label here?
Looking back at the original code (aka David's tree), the label was being set
in nfs_refresh_inode() after the nfs_refresh_inode_locked() call:
int nfs_refresh_inode(struct inode *inode, struct nfs_fattr *fattr, struct nfs4_label *label)
{
int status;
if ((fattr->valid & NFS_ATTR_FATTR) == 0)
return 0;
spin_lock(&inode->i_lock);
status = nfs_refresh_inode_locked(inode, fattr, label);
spin_unlock(&inode->i_lock);
if (nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL)) {
if (label && !status)
nfs_setsecurity(inode, fattr, label);
}
return status;
}
This code chunk got remove when I removed the setting of labels from
all the original places they were being set (aka access, commits, etc).
There is an outstanding bug on how the client is not recognizing the
changing of a label.. So this patch will probably fix that bug...
>
> IOW: what is the caching model that is being implemented in this patch;
> is it just ?fetch label at random intervals? or is there real method to the madness?
There is no caching model per say... I really don't think there needs to be
one... Labels are a client only thing meaning the server is not expect to
change the label and an application is expect to set them... So if there
is any caching to be done it should be done by the application, not the
filesystem... IMHO...
steved.
On 04/11/13 11:03, Myklebust, Trond wrote:
>
> On Nov 4, 2013, at 10:19, Steve Dickson <[email protected]> wrote:
>
>>
>>
>> On 02/11/13 22:23, Myklebust, Trond wrote:
>>>
>>> On Nov 2, 2013, at 6:57, Jeff Layton <[email protected]> wrote:
>>>
>>>> Currently, we fetch the security label when revalidating an inode's
>>>> attributes, but don't apply it. This is in contrast to the readdir()
>>>> codepath where we do apply label changes.
>>>
>>> OK. Why should we not just throw out the code that fetches the security label here?
>> Looking back at the original code (aka David's tree), the label was being set
>> in nfs_refresh_inode() after the nfs_refresh_inode_locked() call:
>>
>> int nfs_refresh_inode(struct inode *inode, struct nfs_fattr *fattr, struct nfs4_label *label)
>> {
>> int status;
>>
>> if ((fattr->valid & NFS_ATTR_FATTR) == 0)
>> return 0;
>> spin_lock(&inode->i_lock);
>> status = nfs_refresh_inode_locked(inode, fattr, label);
>> spin_unlock(&inode->i_lock);
>> if (nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL)) {
>> if (label && !status)
>> nfs_setsecurity(inode, fattr, label);
>> }
>>
>> return status;
>> }
>>
>> This code chunk got remove when I removed the setting of labels from
>> all the original places they were being set (aka access, commits, etc).
>
>> There is an outstanding bug on how the client is not recognizing the
>> changing of a label.. So this patch will probably fix that bug?
>
> I understood the question to be about why the client isn?t recognising changes
> that are made on the server. Are you saying that we?re failing to set the label
> correctly when the client itself changes it? That would be a bug under the
> existing caching rules.
Yes... On app changes the label via nfs4_xattr_set_nfs4_label()
but another app won't see the change since the label was not updated
by the getattr... Now would the label eventually get updated?
Probably... through a lookup or open or something...
Basically this is a bug in my forward port of Dave's code.
Now I think you are questioning does the label even need
to be part of the getattr... As I just explained, I think
so... How else will change be noticed?
steved.
>
>>>
>>> IOW: what is the caching model that is being implemented in this patch;
>>> is it just ?fetch label at random intervals? or is there real method to the madness?
>> There is no caching model per say... I really don't think there needs to be
>> one... Labels are a client only thing meaning the server is not expect to
>> change the label and an application is expect to set them... So if there
>> is any caching to be done it should be done by the application, not the
>> filesystem... IMHO...
>
> Right, but this argues against the need for polling.
>
> Cheers,
> Trond
>
>
> --
> Trond Myklebust
> Linux NFS client maintainer
>
> NetApp
> [email protected]
> http://www.netapp.com
>
On Nov 4, 2013, at 10:19, Steve Dickson <[email protected]> wrote:
>
>
> On 02/11/13 22:23, Myklebust, Trond wrote:
>>
>> On Nov 2, 2013, at 6:57, Jeff Layton <[email protected]> wrote:
>>
>>> Currently, we fetch the security label when revalidating an inode's
>>> attributes, but don't apply it. This is in contrast to the readdir()
>>> codepath where we do apply label changes.
>>
>> OK. Why should we not just throw out the code that fetches the security label here?
> Looking back at the original code (aka David's tree), the label was being set
> in nfs_refresh_inode() after the nfs_refresh_inode_locked() call:
>
> int nfs_refresh_inode(struct inode *inode, struct nfs_fattr *fattr, struct nfs4_label *label)
> {
> int status;
>
> if ((fattr->valid & NFS_ATTR_FATTR) == 0)
> return 0;
> spin_lock(&inode->i_lock);
> status = nfs_refresh_inode_locked(inode, fattr, label);
> spin_unlock(&inode->i_lock);
> if (nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL)) {
> if (label && !status)
> nfs_setsecurity(inode, fattr, label);
> }
>
> return status;
> }
>
> This code chunk got remove when I removed the setting of labels from
> all the original places they were being set (aka access, commits, etc).
> There is an outstanding bug on how the client is not recognizing the
> changing of a label.. So this patch will probably fix that bug?
I understood the question to be about why the client isn?t recognising changes that are made on the server. Are you saying that we?re failing to set the label correctly when the client itself changes it? That would be a bug under the existing caching rules.
>>
>> IOW: what is the caching model that is being implemented in this patch;
>> is it just ?fetch label at random intervals? or is there real method to the madness?
> There is no caching model per say... I really don't think there needs to be
> one... Labels are a client only thing meaning the server is not expect to
> change the label and an application is expect to set them... So if there
> is any caching to be done it should be done by the application, not the
> filesystem... IMHO...
Right, but this argues against the need for polling.
Cheers,
Trond
--
Trond Myklebust
Linux NFS client maintainer
NetApp
[email protected]
http://www.netapp.com
AFAICS from draft-ietf-nfsv4-minorversion2-20.txt, the ?sec_label? attribute has Id == 80.
Shouldn?t that mean that FATTR4_WORD2_SECURITY_LABEL should take the value (1 << (80-64))?
i.e.
#define FATTR4_WORD2_SECURITY_LABEL (1UL << 16)
instead of the current value of (1UL << 17)?
Trond
--
Trond Myklebust
Linux NFS client maintainer
NetApp
[email protected]
http://www.netapp.com