roybabayov@gmail.com has uploaded this change for review.

View Change

add read_access_check_policy param

Control when to run permission check for read.
The default value is "pre" to maintain the existing behavior.

This allows to optimize performance for failure flow by always
checking access before sending the read, or to optimize performance
for success path by storing access check result in the FSAL cache
during the read and perform the access check after the read (requires
the FSAL implementation to support it, so should only be used with
supported FSALs). It also allow to optimize for security by running
permission check both before and after.

Change-Id: I67d78d10bed31ba37089a45f9d250ce587a17016
Signed-off-by: Roy Babayov <roybabayov@google.com>
---
M src/Protocols/NFS/nfs4_op_read.c
M src/doc/man/ganesha-export-config.rst
M src/include/export_mgr.h
M src/include/nfs_exports.h
M src/support/exports.c
5 files changed, 85 insertions(+), 13 deletions(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/11/1206911/1

To view, visit change 1206911. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I67d78d10bed31ba37089a45f9d250ce587a17016
Gerrit-Change-Number: 1206911
Gerrit-PatchSet: 1
Gerrit-Owner: roybabayov@gmail.com