[Labeled-nfs] [PATCH 08/13] NFS: Introduce lifecycle managment for label attribute.
Matthew N. Dodd
Matthew.Dodd at sparta.com
Mon Nov 19 12:27:25 EST 2007
James Morris wrote:
> On Fri, 16 Nov 2007, David P. Quigley wrote:
>
>
>> +#ifdef CONFIG_SECURITY
>> +#define nfs_fattr_alloc(fattr) \
>> +{ \
>> + (fattr)->label = kmalloc(NFS_MAXLABELLEN, GFP_ATOMIC); \
>> + (fattr)->label_len = NFS_MAXLABELLEN; \
>> + memset((fattr)->label, 0, NFS_MAXLABELLEN); \
>> +}
>
> These should be normal functions, perhaps in their own file which is
> conditionally built (and containing other label-specific code).
>
> You need to check the return of kmalloc().
If kmalloc() returns NULL then any label data returned by the GETATTR
operation will not be used. Labeling would be performed by the policy
in the 'd_instantiate' function.
Alternately we can just panic().
> I suggest passing a gfp_t parameter to the allocation function to allow
> the caller to determine the allocation flags (unless you know it will
> always be GFP_ATOMIC).
Agree.
> Use kzalloc() instead of kmalloc() + memset().
Agree.
> It seems wasteful to always allocate the maximum sized label.
We're allocating space for label data returned by the GETATTR operation.
We can't know ahead of time how large the label will be.
More information about the Labeled-nfs
mailing list