similar to: [PATCH] ocfs2/security: Check xattr support in security_init.

On Thu, 2022-12-01 at 11:41 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu at huawei.com> > > In preparation for removing security_old_inode_init_security(), switch to > security_inode_init_security(). > > Extend the existing ocfs2_initxattrs() to take the > ocfs2_security_xattr_info structure from fs_info, and populate the > name/value/len triple

From: Roberto Sassu <roberto.sassu at huawei.com> In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Extend the existing ocfs2_initxattrs() to take the ocfs2_security_xattr_info structure from fs_info, and populate the name/value/len triple with the first xattr provided by LSMs. As fs_info was not used before, ocfs2_initxattrs() can

On Tue, 2023-02-21 at 14:45 +0800, Joseph Qi wrote: > Hi, > > Sorry for the late reply. > > I don't have much background on this thread. It seems that we have to > check EOPNOTSUPP since ocfs2_init_security_get() may return EOPNOTSUPP > if it doesn't support extended attribute feature for backward > compatibility. Hi Joseph yes, I already reintroduced the check.

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

From: Roberto Sassu <roberto.sassu at huawei.com> One of the major goals of LSM stacking is to run multiple LSMs side by side without interfering with each other. The ultimate decision will depend on individual LSM decision. Several changes need to be made to the LSM infrastructure to be able to support that. This patch set tackles one of them: gives to each LSM the ability to specify one

Hi, These three patches fix the problems in the version two. And them base on the Tao's patches: ocfs2/xattr: xattr improvement The first patch fix some problem in xattr code. The second patch add security EA support. The third patch add ACL support. Best regards, tiger

This email is also sent to cluster-devel at redhat.com. Since this issue is about both dlm and ocfs2, I send the email here to look for help from upstream. This is an already known issue. on ocfs2 with user space cluster stack, run the test script from http://people.redhat.com/~teigland/make_panic on the mounted ocfs2 volume from 2 nodes simultaneously, the access to ocfs2 volume on both nodes

Mark and Joel, I found two serious bugs about xattr and inline-data. the first bug: in ocfs2_mknod(), we check and found the ACL or security xattr entry could be set into inode in ocfs2_calc_xattr_init(), then don't reserve block for them. But in ocfs2_mknod_locked(), if we found ocfs2 support inline-data, then set id_count with the max_inline_data. After that, we set acl/security xattr

Hi, I've been playing lately with lockdep annotations of OCFS2. I seem to have most of the false positives sorted out and currently I hit the report below. I've analyzed that ocfs2_extend_dir() does first lock local alloc inode in ocfs2_reserve_clusters() and then acquires ip_alloc_sem from the directory. The usual ordering e.g. in ocfs2_write_begin() is to first acquire ip_alloc_sem

The message from this sender included one or more files which could not be scanned for virus detection; do not open these files unless you are certain of the sender's intent. ---------------------------------------------------------------------- Hi, I'm seeing the crash below on 6.1 and 6.2 kernels when trying to copy a directory to OCFS2 filesystem. The problem seems to be that

The following patches implement indexed directory support in Ocfs2, mostly according to the design doc I wrote up a while ago: http://oss.oracle.com/osswiki/OCFS2/DesignDocs/IndexedDirectories The patches have been rebased on top of 2.6.29-rc2. It should be trivial to put them into merge_window. Things are what I'd call complete now. I'd like to get these into the merge_window branch

Hi, I split the previous support security EA patch into four patches for review. Them besed on joel's xattr-28 branch and tao's patch "Merge xattr set transaction". 1: move new_inode out of the transaction. 2: add ocfs2_xattr_set_handle. 3: add security xattr APIs 4: add init_security in mknod. Best regards, tiger

Hi all, I have 2 servers connected between 10gig fiber network (dedicated for only ocfs2 cluster). My disks on the FC storage. There is no any error msg at the storage side but I sometimes get the "ocfs2_check_dir_for_entry:2119 ERROR: status = -17" error. Some example lines below: Dec 7 23:08:03 www1 kernel: [15383.267996] (imap,*20060*,0):ocfs2_check_dir_for_entry:2119 ERROR:

Hello again, We have hit some performance problem today in one of our clusters. The performance suddenly drop from the normal performance (about 30Mbytes/s), read/write, to a few Kbytes/s (about 200Kbytes/s), read only, for a while, and as sudden as it started, it backs to the normal read/write performance, cycling randomly. When the "read only" occurs on one node, the other shows only

This patch remove the redundant "i_nlink >= OCFS2_LINK_MAX" check and add an unlinked directory check. Singed-off-by: mfasheh diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index 0673862..719a8d2 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c @@ -643,11 +643,6 @@ static int ocfs2_link(struct dentry *old goto bail; } - if (inode->i_nlink

From: "Xiaowei.Hu" <xiaowei.hu at oracle.com> ocfs2_block_group_alloc_discontig() disables chain relink by setting ac->ac_allow_chain_relink = 0 because it grabs clusters from multiple cluster groups. It doesn't keep the credits for all chain relink,but ocfs2_claim_suballoc_bits overrides this in this call trace:

Hi, The following patches comprise the bulk of Ocfs2 updates for the 2.6.30 merge window. Aside from larger, more involved fixes, we're adding the following features, which I will describe in the order their patches are mailed. Sunil's exported some more state to our debugfs files, and consolidated some other aspects of our debugfs infrastructure. This will further aid us in debugging

From: Roberto Sassu <roberto.sassu at huawei.com> In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Commit 572302af1258 ("reiserfs: Add missing calls to reiserfs_security_free()") fixed possible memory leaks and another issue related to adding an xattr at inode creation time. Define the initxattrs callback

From: Roberto Sassu <roberto.sassu at huawei.com> As the remaining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at

From: Roberto Sassu <roberto.sassu at huawei.com> As the remaining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com> Reviewed-by: Casey Schaufler <casey at