[Labeled-nfs] OP_PUTFILELABEL and label change detection.

[Matthew N. Dodd]

So as a test I added label verification to vfs_write() and the NFSv4 
"WRITE" procedure.  For purproses of the exercise "verification" will 
consist of shipping a copy of the client's inode label back to the 
server inside a compound operation for verification against the server's 
label.

The server code requires no real changes of significance as the presence 
of a file label in a compound operation only requires verification 
against the label of the current file handle.

The client code requires each procedure using a labeled file to be 
altered to add encode/decode of the OP_PUTFILELABEL in its XDR routines.
A failed verification via this operation will result in the server 
returning 'NFS4ERR_STALE_LABEL', which the client will translate to 
'ENFSRETRY'.  Code must be added to all procedure completion routines to 
detect 'ENFSRETRY' errors and set the NFS_INO_INVALID_LABEL 
cache_validity flag for the nfs inode.

Meanwhile, back in the VFS layer, code must be added to detect a new 
error 'ENFSRETRY' and issue an operation to refresh the label (I'm using 
  file_permission() because it was convenient and ended up resulting in 
the appropriate 'getattr' NFS call), and then retry the command after 
submitting to security mediation with the new label.  See the changes to 
vfs_write() for the details.

This sort of change is required for every single VFS operation that 
might encounter a "stale" label.

Attached patch is excerpted from my current changes and contains mostly 
the bits pertaining to the above.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: label-verify.patch
Url: http://linux-nfs.org/pipermail/labeled-nfs/attachments/20071228/45369f2c/attachment.txt