summaryrefslogtreecommitdiff
path: root/fs/nfsd
AgeCommit message (Collapse)AuthorFilesLines
2012-06-14nfsd4: BUG_ON(!is_spin_locked()) no good on UP kernelsJ. Bruce Fields1-2/+2
Most frequent symptom was a BUG triggering in expire_client, with the server locking up shortly thereafter. Introduced by 508dc6e110c6dbdc0bbe84298ccfe22de7538486 "nfsd41: free_session/free_client must be called under the client_lock". Cc: stable@kernel.org Cc: Benny Halevy <bhalevy@tonian.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01Merge branch 'for-3.5' of git://linux-nfs.org/~bfields/linuxLinus Torvalds12-319/+334
Pull the rest of the nfsd commits from Bruce Fields: "... and then I cherry-picked the remainder of the patches from the head of my previous branch" This is the rest of the original nfsd branch, rebased without the delegation stuff that I thought really needed to be redone. I don't like rebasing things like this in general, but in this situation this was the lesser of two evils. * 'for-3.5' of git://linux-nfs.org/~bfields/linux: (50 commits) nfsd4: fix, consolidate client_has_state nfsd4: don't remove rebooted client record until confirmation nfsd4: remove some dprintk's and a comment nfsd4: return "real" sequence id in confirmed case nfsd4: fix exchange_id to return confirm flag nfsd4: clarify that renewing expired client is a bug nfsd4: simpler ordering of setclientid_confirm checks nfsd4: setclientid: remove pointless assignment nfsd4: fix error return in non-matching-creds case nfsd4: fix setclientid_confirm same_cred check nfsd4: merge 3 setclientid cases to 2 nfsd4: pull out common code from setclientid cases nfsd4: merge last two setclientid cases nfsd4: setclientid/confirm comment cleanup nfsd4: setclientid remove unnecessary terms from a logical expression nfsd4: move rq_flavor into svc_cred nfsd4: stricter cred comparison for setclientid/exchange_id nfsd4: move principal name into svc_cred nfsd4: allow removing clients not holding state nfsd4: rearrange exchange_id logic to simplify ...
2012-06-01Merge branch 'for-3.5-take-2' of git://linux-nfs.org/~bfields/linuxLinus Torvalds9-144/+234
Pull nfsd update from Bruce Fields. * 'for-3.5-take-2' of git://linux-nfs.org/~bfields/linux: (23 commits) nfsd: trivial: use SEEK_SET instead of 0 in vfs_llseek SUNRPC: split upcall function to extract reusable parts nfsd: allocate id-to-name and name-to-id caches in per-net operations. nfsd: make name-to-id cache allocated per network namespace context nfsd: make id-to-name cache allocated per network namespace context nfsd: pass network context to idmap init/exit functions nfsd: allocate export and expkey caches in per-net operations. nfsd: make expkey cache allocated per network namespace context nfsd: make export cache allocated per network namespace context nfsd: pass pointer to export cache down to stack wherever possible. nfsd: pass network context to export caches init/shutdown routines Lockd: pass network namespace to creation and destruction routines NFSd: remove hard-coded dereferences to name-to-id and id-to-name caches nfsd: pass pointer to expkey cache down to stack wherever possible. nfsd: use hash table from cache detail in nfsd export seq ops nfsd: pass svc_export_cache pointer as private data to "exports" seq file ops nfsd: use exp_put() for svc_export_cache put nfsd: use cache detail pointer from svc_export structure on cache put nfsd: add link to owner cache detail to svc_export structure nfsd: use passed cache_detail pointer expkey_parse() ...
2012-06-01nfsd4: fix, consolidate client_has_stateJ. Bruce Fields1-11/+4
Whoops: first, I reimplemented the already-existing has_resources without noticing; second, I got the test backwards. I did pick a better name, though. Combine the two.... Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: don't remove rebooted client record until confirmationJ. Bruce Fields1-4/+9
In the NFSv4.1 client-reboot case we're currently removing the client's previous state in exchange_id. That's wrong--we should be waiting till the confirming create_session. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: remove some dprintk's and a commentJ. Bruce Fields1-8/+0
The comment is redundant, and if we really want dprintk's here they'd probably be better in the common (check-slot_seqid) code. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: return "real" sequence id in confirmed caseJ. Bruce Fields1-1/+1
The client should ignore the returned sequence_id in the case where the CONFIRMED flag is set on an exchange_id reply--and in the unconfirmed case "1" is always the right response. So it shouldn't actually matter what we return here. We could continue returning 1 just to catch clients ignoring the spec here, but I'd rather be generous. Other things equal, returning the existing sequence_id seems more informative. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: fix exchange_id to return confirm flagJ. Bruce Fields1-1/+1
Otherwise nfsd4_set_ex_flags writes over the return flags. Reported-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: clarify that renewing expired client is a bugJ. Bruce Fields1-1/+2
This can't happen: - cl_time is zeroed only by unhash_client_locked, which is only ever called under both the state lock and the client lock. - every caller of renew_client() should have looked up a (non-expired) client and then called renew_client() all without dropping the state lock. - the only other caller of renew_client_locked() is release_session_client(), which first checks under the client_lock that the cl_time is nonzero. So make it clear that this is a bug, not something we handle. I can't quite bring myself to make this a BUG(), though, as there are a lot of renew_client() callers, and returning here is probably safer than a BUG(). We'll consider making it a BUG() after some more cleanup. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: simpler ordering of setclientid_confirm checksJ. Bruce Fields1-13/+11
The cases here divide into two main categories: - if there's an uncomfirmed record with a matching verifier, then this is a "normal", succesful case: we're either creating a new client, or updating an existing one. - otherwise, this is a weird case: a replay, or a server reboot. Reordering to reflect that makes the code a bit more concise and the logic a lot easier to understand. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: setclientid: remove pointless assignmentJ. Bruce Fields1-2/+1
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: fix error return in non-matching-creds caseJ. Bruce Fields1-36/+26
Note CLID_INUSE is for the case where two clients are trying to use the same client-provided long-form client identifiers. But what we're looking at here is the server-returned shorthand client id--if those clash there's a bug somewhere. Fix the error return, pull the check out into common code, and do the check unconditionally in all cases. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: fix setclientid_confirm same_cred checkJ. Bruce Fields1-1/+1
New clients are created only by nfsd4_setclientid(), which always gives any new client a unique clientid. The only exception is in the "callback update" case, in which case it may create an unconfirmed client with the same clientid as a confirmed client. In that case it also checks that the confirmed client has the same credential. Therefore, it is pointless for setclientid_confirm to check whether a confirmed and unconfirmed client with the same clientid have matching credentials--they're guaranteed to. Instead, it should be checking whether the credential on the setclientid_confirm matches either of those. Otherwise, it could be anyone sending the setclientid_confirm. Granted, I can't see why anyone would, but still it's probalby safer to check. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: merge 3 setclientid cases to 2J. Bruce Fields1-7/+2
Boy, is this simpler. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: pull out common code from setclientid casesJ. Bruce Fields1-21/+5
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: merge last two setclientid casesJ. Bruce Fields1-9/+4
The code here is mostly the same. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: setclientid/confirm comment cleanupJ. Bruce Fields1-56/+11
Be a little more concise. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: setclientid remove unnecessary terms from a logical expressionJ. Bruce Fields1-3/+2
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: move rq_flavor into svc_credJ. Bruce Fields4-9/+9
Move the rq_flavor into struct svc_cred, and use it in setclientid and exchange_id comparisons as well. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: stricter cred comparison for setclientid/exchange_idJ. Bruce Fields1-1/+21
The typical setclientid or exchange_id will probably be performed with a credential that maps to either root or nobody, so comparing just uid's is unlikely to be useful. So, use everything else we can get our hands on. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: move principal name into svc_credJ. Bruce Fields3-20/+20
Instead of keeping the principal name associated with a request in a structure that's private to auth_gss and using an accessor function, move it to svc_cred. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: allow removing clients not holding stateJ. Bruce Fields1-2/+19
RFC 5661 actually says we should allow an exchange_id to remove a matching client, even if the exchange_id comes from a different principal, *if* the victim client lacks any state. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: rearrange exchange_id logic to simplifyJ. Bruce Fields1-20/+20
Minor cleanup: it's simpler to have separate code paths for the update and non-update cases. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: exchange_id cleanup: commentsJ. Bruce Fields1-26/+10
Make these comments a bit more concise and uniform. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: exchange_id cleanup: local shorthands for repeated testsJ. Bruce Fields1-6/+10
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: allow an EXCHANGE_ID to kill a 4.0 clientJ. Bruce Fields1-2/+8
Following rfc 5661 section 2.4.1, we can permit a 4.1 client to remove an established 4.0 client's state. (But we don't allow updates.) Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: exchange_id: check creds before killing confirmed clientJ. Bruce Fields1-9/+8
We mustn't allow a client to destroy another client with established state unless it has the right credential. And some minor cleanup. (Note: our comparison of credentials is actually pretty bogus currently; that will need to be fixed in another patch.) Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: exchange_id error cleanupJ. Bruce Fields1-5/+1
There's no point to the dprintk here as the main proc_compound loop already does this. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: exchange_id has a pointless copyJ. Bruce Fields1-1/+0
We just verified above that these two verifiers are already the same. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd: return 0 on reads of fault injection filesWeston Andros Adamson1-0/+1
debugfs read operations were returning the contents of an uninitialized u64. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd: wrap all accesses to st_deny_bmapJeff Layton1-8/+29
Handle the st_deny_bmap in a similar fashion to the st_access_bmap. Add accessor functions and use those instead of bare bitops. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd: wrap accesses to st_access_bmapJeff Layton1-28/+54
Currently, we do this for the most part with "bare" bitops, but eventually we'll need to expand the share mode code to handle access and deny modes on other nodes. In order to facilitate that code in the future, move to some generic accessor functions. For now, these are mostly static inlines, but eventually we'll want to move these to "real" functions that are able to handle multi-node configurations or have a way to "swap in" new operations to be done in lieu of or in conjunction with these atomic bitops. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd: make test_share a bool returnJeff Layton1-3/+3
All of the callers treat the return that way already. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd: consolidate set_access and set_denyJeff Layton1-17/+7
These functions are identical. Also, rename them to bmap_to_share_mode to better reflect what they do, and have them just return the result instead of passing in a pointer to the storage location. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01NFSD: SETCLIENTID_CONFIRM returns NFS4ERR_CLID_INUSE too oftenChuck Lever1-12/+2
According to RFC 3530bis, the only items SETCLIENTID_CONFIRM processing should be concerned with is the clientid, clientid verifier, and principal. The client's IP address is not supposed to be interesting. And, NFS4ERR_CLID_INUSE is meant only for principal mismatches. I triggered this logic with a prototype UCS client -- one that uses the same nfs_client_id4 string for all servers. The client mounted our server via its IPv4, then via its IPv6 address. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01SUNRPC: move per-net operations from svc_destroy()Stanislav Kinsbursky2-3/+23
The idea is to separate service destruction and per-net operations, because these are two different things and the mix looks ugly. Notes: 1) For NFS server this patch looks ugly (sorry for that). But these place will be rewritten soon during NFSd containerization. 2) LockD per-net counter increase int lockd_up() was moved prior to make_socks() to make lockd_down_net() call safe in case of error. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01SUNRPC: new svc_bind() routine introducedStanislav Kinsbursky1-0/+9
This new routine is responsible for service registration in a specified network context. The idea is to separate service creation from per-net operations. Note also: since registering service with svc_bind() can fail, the service will be destroyed and during destruction it will try to unregister itself from rpcbind. In this case unregistration has to be skipped. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd: add IPv6 addr escaping to fs_location hostsWeston Andros Adamson1-7/+33
The fs_location->hosts list is split on colons, but this doesn't work when IPv6 addresses are used (they contain colons). This patch adds the function nfsd4_encode_components_esc() to allow the caller to specify escape characters when splitting on 'sep'. In order to fix referrals, this patch must be used with the mountd patch that similarly fixes IPv6 [] escaping. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: fix change attribute endiannessJ. Bruce Fields1-2/+2
Though actually this doesn't matter much, as NFSv4.0 clients are required to treat the change attribute as opaque. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: fix free_stateid return endiannessJ. Bruce Fields1-2/+2
Cc: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: int/__be32 fixesJ. Bruce Fields3-20/+20
In each of these cases there's a simple unambiguous correct choice, and no actual bug. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: preserve __user annotation on cld downcall msgJ. Bruce Fields1-1/+1
Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd4: fix missing "static"J. Bruce Fields4-4/+4
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-06-01nfsd: state.c should include current_stateid.hJ. Bruce Fields1-0/+1
OK, admittedly I'm mainly just trying to shut sparse up. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-05-24Merge branch 'for-linus' of ↵Linus Torvalds1-2/+3
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull user namespace enhancements from Eric Biederman: "This is a course correction for the user namespace, so that we can reach an inexpensive, maintainable, and reasonably complete implementation. Highlights: - Config guards make it impossible to enable the user namespace and code that has not been converted to be user namespace safe. - Use of the new kuid_t type ensures the if you somehow get past the config guards the kernel will encounter type errors if you enable user namespaces and attempt to compile in code whose permission checks have not been updated to be user namespace safe. - All uids from child user namespaces are mapped into the initial user namespace before they are processed. Removing the need to add an additional check to see if the user namespace of the compared uids remains the same. - With the user namespaces compiled out the performance is as good or better than it is today. - For most operations absolutely nothing changes performance or operationally with the user namespace enabled. - The worst case performance I could come up with was timing 1 billion cache cold stat operations with the user namespace code enabled. This went from 156s to 164s on my laptop (or 156ns to 164ns per stat operation). - (uid_t)-1 and (gid_t)-1 are reserved as an internal error value. Most uid/gid setting system calls treat these value specially anyway so attempting to use -1 as a uid would likely cause entertaining failures in userspace. - If setuid is called with a uid that can not be mapped setuid fails. I have looked at sendmail, login, ssh and every other program I could think of that would call setuid and they all check for and handle the case where setuid fails. - If stat or a similar system call is called from a context in which we can not map a uid we lie and return overflowuid. The LFS experience suggests not lying and returning an error code might be better, but the historical precedent with uids is different and I can not think of anything that would break by lying about a uid we can't map. - Capabilities are localized to the current user namespace making it safe to give the initial user in a user namespace all capabilities. My git tree covers all of the modifications needed to convert the core kernel and enough changes to make a system bootable to runlevel 1." Fix up trivial conflicts due to nearby independent changes in fs/stat.c * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (46 commits) userns: Silence silly gcc warning. cred: use correct cred accessor with regards to rcu read lock userns: Convert the move_pages, and migrate_pages permission checks to use uid_eq userns: Convert cgroup permission checks to use uid_eq userns: Convert tmpfs to use kuid and kgid where appropriate userns: Convert sysfs to use kgid/kuid where appropriate userns: Convert sysctl permission checks to use kuid and kgids. userns: Convert proc to use kuid/kgid where appropriate userns: Convert ext4 to user kuid/kgid where appropriate userns: Convert ext3 to use kuid/kgid where appropriate userns: Convert ext2 to use kuid/kgid where appropriate. userns: Convert devpts to use kuid/kgid where appropriate userns: Convert binary formats to use kuid/kgid where appropriate userns: Add negative depends on entries to avoid building code that is userns unsafe userns: signal remove unnecessary map_cred_ns userns: Teach inode_capable to understand inodes whose uids map to other namespaces. userns: Fail exec for suid and sgid binaries with ids outside our user namespace. userns: Convert stat to return values mapped from kuids and kgids userns: Convert user specfied uids and gids in chown into kuids and kgid userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs ...
2012-05-03userns: Convert group_info values from gid_t to kgid_t.Eric W. Biederman1-2/+3
As a first step to converting struct cred to be all kuid_t and kgid_t values convert the group values stored in group_info to always be kgid_t values. Unless user namespaces are used this change should have no effect. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-30nfsd: fix nfs4recover.c printk format warningRandy Dunlap1-1/+1
Fix printk format warnings -- both items are size_t, so use %zu to print them. fs/nfsd/nfs4recover.c:580:3: warning: format '%lu' expects type 'long unsigned int', but argument 3 has type 'size_t' fs/nfsd/nfs4recover.c:580:3: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'unsigned int' Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: linux-nfs@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-04-25nfsd: trivial: use SEEK_SET instead of 0 in vfs_llseekJeff Layton1-1/+1
They're equivalent, but SEEK_SET is more informative... Cc: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-04-20Merge branch 'for-3.4' of git://linux-nfs.org/~bfields/linuxLinus Torvalds2-5/+5
Pull nfsd bugfixes from J. Bruce Fields: "One bugfix, and one minor header fix from Jeff Layton while we're here" * 'for-3.4' of git://linux-nfs.org/~bfields/linux: nfsd: include cld.h in the headers_install target nfsd: don't fail unchecked creates of non-special files
2012-04-13nfsd: fix compose_entry_fh() failure exitsAl Viro1-14/+8
Restore the original logics ("fail on mountpoints, negatives and in case of fh_compose() failures"). Since commit 8177e (nfsd: clean up readdirplus encoding) that got broken - rv = fh_compose(fhp, exp, dchild, &cd->fh); if (rv) goto out; if (!dchild->d_inode) goto out; rv = 0; out: is equivalent to rv = fh_compose(fhp, exp, dchild, &cd->fh); out: and the second check has no effect whatsoever... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>