14 Jul, 2016
1 commit
-
This addresses the conundrum referenced in RFC5661 18.35.3,
and will allow clients to return state to the server using the
machine credentials.The biggest part of the problem is that we need to allow the client
to send a compound op with integrity/privacy on mounts that don't
have it enabled.Add server support for properly decoding and using spo_must_enforce
and spo_must_allow bits. Add support for machine credentials to be
used for CLOSE, OPEN_DOWNGRADE, LOCKU, DELEGRETURN,
and TEST/FREE STATEID.
Implement a check so as to not throw WRONGSEC errors when these
operations are used if integrity/privacy isn't turned on.Without this, Linux clients with credentials that expired while holding
delegations were getting stuck in an endless loop.Signed-off-by: Andrew Elble
Reviewed-by: Jeff Layton
Signed-off-by: J. Bruce Fields
22 Apr, 2015
1 commit
-
Commit f895b252d4edf ("sunrpc: eliminate RPC_DEBUG") introduced
use of IS_ENABLED() in a uapi header which leads to a build
failure for userspace apps trying to use :linux/nfsd/debug.h:18:15: error: missing binary operator before token "("
#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
^Since this was only used to define NFSD_DEBUG if CONFIG_SUNRPC_DEBUG
is enabled, replace instances of NFSD_DEBUG with CONFIG_SUNRPC_DEBUG.Cc: stable@vger.kernel.org
Fixes: f895b252d4edf "sunrpc: eliminate RPC_DEBUG"
Signed-off-by: Mark Salter
Reviewed-by: Jeff Layton
Signed-off-by: J. Bruce Fields
03 Feb, 2015
1 commit
-
Add support for the GETDEVICEINFO, LAYOUTGET, LAYOUTCOMMIT and
LAYOUTRETURN NFSv4.1 operations, as well as backing code to manage
outstanding layouts and devices.Layout management is very straight forward, with a nfs4_layout_stateid
structure that extends nfs4_stid to manage layout stateids as the
top-level structure. It is linked into the nfs4_file and nfs4_client
structures like the other stateids, and contains a linked list of
layouts that hang of the stateid. The actual layout operations are
implemented in layout drivers that are not part of this commit, but
will be added later.The worst part of this commit is the management of the pNFS device IDs,
which suffers from a specification that is not sanely implementable due
to the fact that the device-IDs are global and not bound to an export,
and have a small enough size so that we can't store the fsid portion of
a file handle, and must never be reused. As we still do need perform all
export authentication and validation checks on a device ID passed to
GETDEVICEINFO we are caught between a rock and a hard place. To work
around this issue we add a new hash that maps from a 64-bit integer to a
fsid so that we can look up the export to authenticate against it,
a 32-bit integer as a generation that we can bump when changing the device,
and a currently unused 32-bit integer that could be used in the future
to handle more than a single device per export. Entries in this hash
table are never deleted as we can't reuse the ids anyway, and would have
a severe lifetime problem anyway as Linux export structures are temporary
structures that can go away under load.Parts of the XDR data, structures and marshaling/unmarshaling code, as
well as many concepts are derived from the old pNFS server implementation
from Andy Adamson, Benny Halevy, Dean Hildebrand, Marc Eshel, Fred Isaman,
Mike Sager, Ricardo Labiaga and many others.Signed-off-by: Christoph Hellwig
20 Nov, 2014
1 commit
-
Even when security labels are disabled we support at least the same
attributes as v4.1.Signed-off-by: Christoph Hellwig
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields
29 Aug, 2014
1 commit
-
Recent NFS v4.2 drafts have removed NFS4ERR_METADATA_NOTSUPP and
reassigned the error code to NFS4ERR_UNION_NOTSUPP.I also add in the NFS4ERR_OFFLOAD_NO_REQS error code.
We're not using any of these yet, so there's no harm done.
Signed-off-by: Anna Schumaker
Signed-off-by: J. Bruce Fields
09 May, 2014
1 commit
-
Signed-off-by: Kinglong Mee
Signed-off-by: J. Bruce Fields
07 May, 2014
4 commits
-
There is almost nothing left it in, just merge it into the only file
that includes it.Signed-off-by: Christoph Hellwig
Signed-off-by: J. Bruce Fields -
There are no legitimate users outside of fs/nfsd, so move it there.
Signed-off-by: Christoph Hellwig
Signed-off-by: J. Bruce Fields -
There are no legitimate users outside of fs/nfsd, so move it there.
Signed-off-by: Christoph Hellwig
Signed-off-by: J. Bruce Fields -
The only real user of this header is fs/nfsd/nfsfh.h, so merge the
two. Various lockѕ source files used it to indirectly get other
sunrpc or nfs headers, so fix those up.Signed-off-by: Christoph Hellwig
Signed-off-by: J. Bruce Fields
28 Mar, 2014
1 commit
-
This fixes an ommission from 18032ca062e621e15683cb61c066ef3dc5414a7b
"NFSD: Server implementation of MAC Labeling", which increased the size
of the setattr error reply without increasing COMPOUND_ERR_SLACK_SPACE.Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields
13 Jul, 2013
1 commit
-
You can turn on or off support for minorversions using e.g.
echo "-4.2" >/proc/fs/nfsd/versions
However, the current implementation is a little wonky. For example, the
above will turn off 4.2 support, but it will also turn *on* 4.1 support.This didn't matter as long as we only had 2 minorversions, which was
true till very recently.And do a little cleanup here.
Signed-off-by: J. Bruce Fields
15 May, 2013
1 commit
-
Implement labeled NFS on the server: encoding and decoding, and writing
and reading, of file labels.Enabled with CONFIG_NFSD_V4_SECURITY_LABEL.
Signed-off-by: Matthew N. Dodd
Signed-off-by: Miguel Rodel Felipe
Signed-off-by: Phua Eu Gene
Signed-off-by: Khin Mi Mi Aung
Signed-off-by: J. Bruce Fields
13 May, 2013
2 commits
-
This enables NFSv4.2 support for the server. To enable this
code do the following:
echo "+4.2" >/proc/fs/nfsd/versionsafter the nfsd kernel module is loaded.
On its own this does nothing except allow the server to respond to
compounds with minorversion set to 2. All the new NFSv4.2 features are
optional, so this is perfectly legal.Signed-off-by: Steve Dickson
Signed-off-by: J. Bruce Fields -
Signed-off-by: Matthew N. Dodd
Signed-off-by: Miguel Rodel Felipe
Signed-off-by: Phua Eu Gene
Signed-off-by: Khin Mi Mi Aung
Signed-off-by: Steve Dickson
Signed-off-by: J. Bruce Fields
24 Feb, 2013
1 commit
-
The three variables are calculated from nr_free_buffer_pages so change
their types to unsigned long in case of overflow.Signed-off-by: Zhang Yanfei
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Dec, 2012
5 commits
-
This patch makes main step in NFSd containerisation.
There could be different approaches to how to make NFSd able to handle
incoming RPC request from different network namespaces. The two main
options are:1) Share NFSd kthreads betwween all network namespaces.
2) Create separated pool of threads for each namespace.While first approach looks more flexible, second one is simpler and
non-racy. This patch implements the second option.To make it possible to allocate separate pools of threads, we have to
make it possible to allocate separate NFSd service structures per net.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
This is simple: an NFSd service can be started at different times in
different network environments. So, its "boot time" has to be assigned
per net.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
Precursor patch. Hard-coded "init_net" will be replaced by proper one in
future.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
Precursor patch. Hard-coded "init_net" will be replaced by proper one in
future.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
Precursor patch. Hard-coded "init_net" will be replaced by proper one in
future.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields
28 Nov, 2012
3 commits
-
Grace time is a part of NFSv4 state engine, which is constructed per network
namespace.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
Lease time is a part of NFSv4 state engine, which is constructed per network
namespace.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
Split NFSv4 state init and shutdown into two different calls: per-net one and
generic one.
Per-net cwinit/shutdown pair have to be called for any namespace, generic pair
- only once on NSFd kthreads start and shutdown respectively.Refresh of diff-nfsd-call-state-init-twice
Signed-off-by: J. Bruce Fields
22 Aug, 2012
1 commit
-
"port" in all these functions is always NFS_PORT.
nfsd can already be run on a nonstandard port using the "nfsd/portlist"
interface.Signed-off-by: J. Bruce Fields
21 Aug, 2012
1 commit
-
Signed-off-by: J. Bruce Fields
25 Jul, 2012
2 commits
-
In nfsd_destroy():
if (destroy)
svc_shutdown_net(nfsd_serv, net);
svc_destroy(nfsd_server);svc_shutdown_net(nfsd_serv, net) calls nfsd_last_thread(), which sets
nfsd_serv to NULL, causing a NULL dereference on the following line.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields
11 Jul, 2012
1 commit
-
Signed-off-by: J. Bruce Fields
29 Mar, 2012
1 commit
-
Otherwise, we get a warning or error similar to this when building with
CONFIG_NFSD_V4 disabled:ERROR: "nfsd4_cld_block" [fs/nfsd/nfsd.ko] undefined!
Fix this by wrapping the calls to rpc_pipefs_notifier_register and
..._unregister in another function and providing no-op replacements
when CONFIG_NFSD_V4 is disabled.Reported-by: Paul Gortmaker
Signed-off-by: Jeff Layton
Signed-off-by: J. Bruce Fields
08 Nov, 2011
2 commits
-
The close parenthesis was hard to find with it spaced so far over.
Signed-off-by: Bryan Schumaker
[bfields@redhat.com: get all these lines under 80 chars while we're here]
Signed-off-by: J. Bruce Fields -
init_nfsd() was calling free_slabs() during cleanup code, but the call
to init_slabs() was hidden in nfsd4_state_init(). This could be
confusing to people unfamiliar with the code.Signed-off-by: Bryan Schumaker
Signed-off-by: J. Bruce Fields
14 Sep, 2011
1 commit
-
Signed-off-by: Trond Myklebust
[ cel: since this is server-side, use nfsd4_ prefix instead of nfs4_ prefix. ]
[ cel: implement S_ISVTX filter in bfields-normal form ]
Signed-off-by: Chuck Lever
Reviewed-by: Jeff Layton
Signed-off-by: J. Bruce Fields
27 Aug, 2011
1 commit
-
Userspace shouldn't have a use for these constants. Nothing here is
used outside fs/nfsd.Signed-off-by: J. Bruce Fields
05 Jan, 2011
1 commit
-
According to rfc 3530 BADNAME is for strings that represent paths;
BADOWNER is for user/group names that don't map.And the too-long name should probably be BADOWNER as well; it's
effectively the same as if we couldn't map it.Cc: stable@kernel.org
Reported-by: Trond Myklebust
Reported-by: Simon Kirby
Signed-off-by: J. Bruce Fields
12 Oct, 2010
1 commit
-
Expire clients more promptly, at the expense of possibly running the
laundromat thread more frequently.Though it's not the default, I'd like it to be feasible to run with a
lease time of just a few seconds, at which point a minimum 10 second
wait between laundromat runs seems a little much.Signed-off-by: J. Bruce Fields
30 Jul, 2010
1 commit
-
The vfs doesn't really allow us to "upgrade" a file descriptor from
read-only to read-write, and our attempt to do so in nfs4_upgrade_open
is ugly and incomplete.Move to a different scheme where we keep multiple opens, shared between
open stateid's, in the nfs4_file struct. Each file will be opened at
most 3 times (for read, write, and read-write), and those opens will be
shared between all clients and openers. On upgrade we will do another
open if necessary instead of attempting to upgrade an existing open.
We keep count of the number of readers and writers so we know when to
close the shared files.Signed-off-by: J. Bruce Fields
07 Mar, 2010
2 commits
-
Allow explicit configuration of the grace period time as well as the
lease period time.Signed-off-by: J. Bruce Fields
-
Instead of accessing the lease time directly, some users call
nfs4_lease_time(), and some a macro, NFSD_LEASE_TIME, defined as
nfs4_lease_time(). Neither layer of indirection serves any purpose.Signed-off-by: J. Bruce Fields
16 Dec, 2009
1 commit
-
The new .h files have paths at the top that are now out of date. While
we're here, just remove all of those from fs/nfsd; they never served any
purpose.Signed-off-by: J. Bruce Fields