20 Dec, 2017
1 commit
-
commit bdcf0a423ea1c40bbb40e7ee483b50fc8aa3d758 upstream.
In testing, we found that nfsd threads may call set_groups in parallel
for the same entry cached in auth.unix.gid, racing in the call of
groups_sort, corrupting the groups for that entry and leading to
permission denials for the client.This patch:
- Make groups_sort globally visible.
- Move the call to groups_sort to the modifiers of group_info
- Remove the call to groups_sort from set_groupsLink: http://lkml.kernel.org/r/20171211151420.18655-1-thiago.becker@gmail.com
Signed-off-by: Thiago Rafael Becker
Reviewed-by: Matthew Wilcox
Reviewed-by: NeilBrown
Acked-by: "J. Bruce Fields"
Cc: Al Viro
Cc: Martin Schwidefsky
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
09 Feb, 2017
1 commit
-
NFS_NGROUPS has been move to sunrpc, rename to UNX_NGROUPS.
Signed-off-by: Kinglong Mee
Signed-off-by: Anna Schumaker
08 Oct, 2016
1 commit
-
Current supplementary groups code can massively overallocate memory and
is implemented in a way so that access to individual gid is done via 2D
array.If number of gids is
Cc: Vasily Kulikov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
25 Nov, 2015
1 commit
-
Minor cleanup, no change in behavior.
Signed-off-by: J. Bruce Fields
09 Jul, 2013
1 commit
-
As of f025adf191924e3a75ce80e130afcd2485b53bb8 "sunrpc: Properly decode
kuids and kgids in RPC_AUTH_UNIX credentials" any rpc containing a -1
(0xffff) uid or gid would fail with a badcred error.Commit afe3c3fd5392b2f0066930abc5dbd3f4b14a0f13 "svcrpc: fix failures to
handle -1 uid's and gid's" fixed part of the problem, but overlooked the
gid upcall--the kernel can request supplementary gid's for the -1 uid,
but mountd's attempt write a response will get -EINVAL.Symptoms were nfsd failing to reply to the first attempt to use a newly
negotiated krb5 context.Reported-by: Sven Geggus
Tested-by: Sven Geggus
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields
02 Jul, 2013
1 commit
-
commit d202cce8963d9268ff355a386e20243e8332b308
sunrpc: never return expired entries in sunrpc_cache_lookupmoved the 'entry is expired' test from cache_check to
sunrpc_cache_lookup, so that it happened early and some races could
safely be ignored.However the ip_map (in svcauth_unix.c) has a separate single-item
cache which allows quick lookup without locking. An entry in this
case would not be subject to the expiry test and so could be used
well after it has expired.This is not normally a big problem because the first time it is used
after it is expired an up-call will be scheduled to refresh the entry
(if it hasn't been scheduled already) and the old entry will then
be invalidated. So on the second attempt to use it after it has
expired, ip_map_cached_get will discard it.However that is subtle and not ideal, so replace the "!cache_valid"
test with "cache_is_expired".
In doing this we drop the test on the "CACHE_VALID" bit. This is
unnecessary as the bit is never cleared, and an entry will only
be cached if the bit is set.Reported-by: Bodo Stroesser
Signed-off-by: NeilBrown
Signed-off-by: J. Bruce Fields
29 May, 2013
1 commit
-
As of f025adf191924e3a75ce80e130afcd2485b53bb8 "sunrpc: Properly decode
kuids and kgids in RPC_AUTH_UNIX credentials" any rpc containing a -1
(0xffff) uid or gid would fail with a badcred error.Reported symptoms were xmbc clients failing on upgrade of the NFS
server; examination of the network trace showed them sending -1 as the
gid.Reported-by: Julian Sikorski
Tested-by: Julian Sikorski
Cc: "Eric W. Biederman"
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields
01 Mar, 2013
1 commit
-
Pull nfsd changes from J Bruce Fields:
"Miscellaneous bugfixes, plus:- An overhaul of the DRC cache by Jeff Layton. The main effect is
just to make it larger. This decreases the chances of intermittent
errors especially in the UDP case. But we'll need to watch for any
reports of performance regressions.- Containerized nfsd: with some limitations, we now support
per-container nfs-service, thanks to extensive work from Stanislav
Kinsbursky over the last year."Some notes about conflicts, since there were *two* non-data semantic
conflicts here:- idr_remove_all() had been added by a memory leak fix, but has since
become deprecated since idr_destroy() does it for us now.- xs_local_connect() had been added by this branch to make AF_LOCAL
connections be synchronous, but in the meantime Trond had changed the
calling convention in order to avoid a RCU dereference.There were a couple of more obvious actual source-level conflicts due to
the hlist traversal changes and one just due to code changes next to
each other, but those were trivial.* 'for-3.9' of git://linux-nfs.org/~bfields/linux: (49 commits)
SUNRPC: make AF_LOCAL connect synchronous
nfsd: fix compiler warning about ambiguous types in nfsd_cache_csum
svcrpc: fix rpc server shutdown races
svcrpc: make svc_age_temp_xprts enqueue under sv_lock
lockd: nlmclnt_reclaim(): avoid stack overflow
nfsd: enable NFSv4 state in containers
nfsd: disable usermode helper client tracker in container
nfsd: use proper net while reading "exports" file
nfsd: containerize NFSd filesystem
nfsd: fix comments on nfsd_cache_lookup
SUNRPC: move cache_detail->cache_request callback call to cache_read()
SUNRPC: remove "cache_request" argument in sunrpc_cache_pipe_upcall() function
SUNRPC: rework cache upcall logic
SUNRPC: introduce cache_detail->cache_request callback
NFS: simplify and clean cache library
NFS: use SUNRPC cache creation and destruction helper for DNS cache
nfsd4: free_stid can be static
nfsd: keep a checksum of the first 256 bytes of request
sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer
sunrpc: fix comment in struct xdr_buf definition
...
15 Feb, 2013
2 commits
-
For most of SUNRPC caches (except NFS DNS cache) cache_detail->cache_upcall is
redundant since all that it's implementations are doing is calling
sunrpc_cache_pipe_upcall() with proper function address argument.
Cache request function address is now stored on cache_detail structure and
thus all the code can be simplified.
Now, for those cache details, which doesn't have cache_upcall callback (the
only one, which still has is nfs_dns_resolve_template)
sunrpc_cache_pipe_upcall will be called instead.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields -
This callback will allow to simplify upcalls in further patches in this
series.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields
13 Feb, 2013
6 commits
-
When reading kuids from the wire map them into the initial user
namespace, and validate the mapping succeded.When reading kgids from the wire map them into the initial user
namespace, and validate the mapping succeded.Cc: "J. Bruce Fields"
Cc: Trond Myklebust
Signed-off-by: "Eric W. Biederman" -
When a new rpc connection is established with an in-kernel server, the
traffic passes through svc_process_common, and svc_set_client and down
into svcauth_unix_set_client if it is of type RPC_AUTH_NULL or
RPC_AUTH_UNIX.svcauth_unix_set_client then looks at the uid of the credential we
have assigned to the incomming client and if we don't have the groups
already cached makes an upcall to get a list of groups that the client
can use.The upcall encodes send a rpc message to user space encoding the uid
of the user whose groups we want to know. Encode the kuid of the user
in the initial user namespace as nfs mounts can only happen today in
the initial user namespace.When a reply to an upcall comes in convert interpret the uid and gid values
from the rpc pipe as uids and gids in the initial user namespace and convert
them into kuids and kgids before processing them further.When reading proc files listing the uid to gid list cache convert the
kuids and kgids from into uids and gids the initial user namespace. As we are
displaying server internal details it makes sense to display these values
from the servers perspective.Cc: "J. Bruce Fields"
Cc: Trond Myklebust
Signed-off-by: "Eric W. Biederman" -
In svcauth_unix introduce a helper unix_gid_hash as otherwise the
expresion to generate the hash value is just too long.Cc: "J. Bruce Fields"
Cc: Trond Myklebust
Signed-off-by: "Eric W. Biederman" -
When comparing uids use uid_eq instead of ==.
When comparing gids use gid_eq instead of ==.And unfortunate cost of type safety.
Cc: "J. Bruce Fields"
Cc: Trond Myklebust
Signed-off-by: "Eric W. Biederman" -
Convert variables that store uids and gids to be of type
kuid_t and kgid_t instead of type uid_t and gid_t.Cc: "J. Bruce Fields"
Cc: Trond Myklebust
Signed-off-by: "Eric W. Biederman" -
Instead of (uid_t)0 use GLOBAL_ROOT_UID.
Instead of (gid_t)0 use GLOBAL_ROOT_GID.
Instead of (uid_t)-1 use INVALID_UID
Instead of (gid_t)-1 use INVALID_GID.
Instead of NOGROUP use INVALID_GID.Cc: "J. Bruce Fields"
Cc: Trond Myklebust
Signed-off-by: "Eric W. Biederman"
05 Feb, 2013
1 commit
-
These routines are used by server and client code, so having them in a
separate header would be best.Signed-off-by: Jeff Layton
Acked-by: Trond Myklebust
Signed-off-by: J. Bruce Fields
19 Jul, 2012
1 commit
-
Introduce ipv6_addr_hash() helper doing a XOR on all bits
of an IPv6 address, with an optimized x86_64 version.Use it in flow dissector, as suggested by Andrew McGregor,
to reduce hash collision probabilities in fq_codel (and other
users of flow dissector)Use it in ip6_tunnel.c and use more bit shuffling, as suggested
by David Laight, as existing hash was ignoring most of them.Use it in sunrpc and use more bit shuffling, using hash_32().
Use it in net/ipv6/addrconf.c, using hash_32() as well.
As a cleanup, use it in net/ipv4/tcp_metrics.c
Signed-off-by: Eric Dumazet
Reported-by: Andrew McGregor
Cc: Dave Taht
Cc: Tom Herbert
Cc: David Laight
Cc: Joe Perches
Signed-off-by: David S. Miller
01 Jun, 2012
4 commits
-
Pull the rest of the nfsd commits from Bruce Fields:
"... and then I cherry-picked the remainder of the patches from the
head of my previous branch"This is the rest of the original nfsd branch, rebased without the
delegation stuff that I thought really needed to be redone.I don't like rebasing things like this in general, but in this situation
this was the lesser of two evils.* 'for-3.5' of git://linux-nfs.org/~bfields/linux: (50 commits)
nfsd4: fix, consolidate client_has_state
nfsd4: don't remove rebooted client record until confirmation
nfsd4: remove some dprintk's and a comment
nfsd4: return "real" sequence id in confirmed case
nfsd4: fix exchange_id to return confirm flag
nfsd4: clarify that renewing expired client is a bug
nfsd4: simpler ordering of setclientid_confirm checks
nfsd4: setclientid: remove pointless assignment
nfsd4: fix error return in non-matching-creds case
nfsd4: fix setclientid_confirm same_cred check
nfsd4: merge 3 setclientid cases to 2
nfsd4: pull out common code from setclientid cases
nfsd4: merge last two setclientid cases
nfsd4: setclientid/confirm comment cleanup
nfsd4: setclientid remove unnecessary terms from a logical expression
nfsd4: move rq_flavor into svc_cred
nfsd4: stricter cred comparison for setclientid/exchange_id
nfsd4: move principal name into svc_cred
nfsd4: allow removing clients not holding state
nfsd4: rearrange exchange_id logic to simplify
... -
Pull nfsd update from Bruce Fields.
* 'for-3.5-take-2' of git://linux-nfs.org/~bfields/linux: (23 commits)
nfsd: trivial: use SEEK_SET instead of 0 in vfs_llseek
SUNRPC: split upcall function to extract reusable parts
nfsd: allocate id-to-name and name-to-id caches in per-net operations.
nfsd: make name-to-id cache allocated per network namespace context
nfsd: make id-to-name cache allocated per network namespace context
nfsd: pass network context to idmap init/exit functions
nfsd: allocate export and expkey caches in per-net operations.
nfsd: make expkey cache allocated per network namespace context
nfsd: make export cache allocated per network namespace context
nfsd: pass pointer to export cache down to stack wherever possible.
nfsd: pass network context to export caches init/shutdown routines
Lockd: pass network namespace to creation and destruction routines
NFSd: remove hard-coded dereferences to name-to-id and id-to-name caches
nfsd: pass pointer to expkey cache down to stack wherever possible.
nfsd: use hash table from cache detail in nfsd export seq ops
nfsd: pass svc_export_cache pointer as private data to "exports" seq file ops
nfsd: use exp_put() for svc_export_cache put
nfsd: use cache detail pointer from svc_export structure on cache put
nfsd: add link to owner cache detail to svc_export structure
nfsd: use passed cache_detail pointer expkey_parse()
... -
Move the rq_flavor into struct svc_cred, and use it in setclientid and
exchange_id comparisons as well.Signed-off-by: J. Bruce Fields
-
Instead of keeping the principal name associated with a request in a
structure that's private to auth_gss and using an accessor function,
move it to svc_cred.Signed-off-by: J. Bruce Fields
03 May, 2012
1 commit
-
As a first step to converting struct cred to be all kuid_t and kgid_t
values convert the group values stored in group_info to always be
kgid_t values. Unless user namespaces are used this change should
have no effect.Acked-by: Serge Hallyn
Signed-off-by: Eric W. Biederman
12 Apr, 2012
1 commit
-
This patch also changes svcauth_unix_purge() function: added network namespace
as a parameter and thus loop over all networks was replaced by only one call
for ip map cache purge.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: J. Bruce Fields
26 Mar, 2012
1 commit
-
The nfs containerization work is a prerequisite for Jeff Layton's reboot
recovery rework.
04 Feb, 2012
1 commit
-
We check for zero length strings in the caller now, so these aren't
needed.Signed-off-by: Dan Carpenter
Signed-off-by: J. Bruce Fields
01 Feb, 2012
3 commits
-
This patch converts ip_map_cache per network namespace implemenetation to the
same view, as other caches done in the series.
Besides generalization, code becomes shorter with this patch.Signed-off-by: Stanislav Kinsbursky
Signed-off-by: Trond Myklebust
Acked-by: J. Bruce Fields -
v2:
1) fixed silly usage of template cache as a real one (this code left from
static global cache for all)This patch makes unix_gid_cache cache detail allocated and registered per
network namespace context.
Thus with this patch unix_gid_cache contents for network namespace "X" are
controlled from proc file system mount for the same network namespace "X".Signed-off-by: Stanislav Kinsbursky
Signed-off-by: Trond Myklebust
Acked-by: J. Bruce Fields -
Parametrize rpc_pton() by network context and thus force it's callers to pass
in network context instead of using hard-coded "init_net".Signed-off-by: Stanislav Kinsbursky
Signed-off-by: Trond Myklebust
12 Dec, 2011
1 commit
-
Instead of testing defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
23 Nov, 2011
1 commit
-
C assignment can handle struct in6_addr copying.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
16 Jul, 2011
2 commits
-
Like svcauth_unix, the symbol svcauth_null is used external from this
file. Declare it as extern to quiet the following sparse noise:warning: symbol 'svcauth_null' was not declared. Should it be static?
Signed-off-by: H Hartley Sweeten
Cc: Trond Myklebust
Cc: "J. Bruce Fields"
Cc: Neil Brown
Cc: "David S. Miller"
Signed-off-by: J. Bruce Fields -
As promised in feature-removal-schedule.txt it is time to
remove the nfsctl system call.Userspace has perferred to not use this call throughout 2.6 and it has been
excluded in the default configuration since 2.6.36 (9 months ago).So this patch removes all the code that was being compiled out.
There are still references to sys_nfsctl in various arch systemcall tables
and related code. These should be cleaned out too, probably in the next
merge window.Signed-off-by: NeilBrown
Signed-off-by: J. Bruce Fields
10 Mar, 2011
1 commit
-
"After merging the nfsd tree, today's linux-next build (powerpc
ppc64_defconfig) produced this warning:net/sunrpc/svcauth_unix.c: In function 'unix_domain_find':
net/sunrpc/svcauth_unix.c:58: warning: passing argument 1 of
+'svcauth_unix_domain_release' from incompatible pointer type
net/sunrpc/svcauth_unix.c:41: note: expected 'struct auth_domain *' but
argument
+is of type 'struct unix_domain *'Introduced by commit 8b3e07ac908d ("svcrpc: fix rare race on unix_domain
creation")."Reported-by: Stephen Rothwell
Signed-off-by: J. Bruce Fields
09 Mar, 2011
1 commit
-
Note that "new" here is not yet fully initialized; auth_domain_put
should be called only on auth_domains that have actually been added to
the hash.Before this fix, two attempts to add the same domain at once could
cause the hlist_del in auth_domain_put to fail.Signed-off-by: J. Bruce Fields
05 Jan, 2011
2 commits
-
Signed-off-by: NeilBrown
[bfields@redhat.com: moved svcauth_unix_purge outside ifdef's.]
Signed-off-by: J. Bruce Fields -
Once a sunrpc cache entry is VALID, we should be replacing it (and
allowing any concurrent users to destroy it on last put) instead of
trying to update it in place.Otherwise someone referencing the ip_map we're modifying here could try
to use the m_client just as we're putting the last reference.The bug should only be seen by users of the legacy nfsd interfaces.
(Thanks to Neil for suggestion to use sunrpc_invalidate.)
Reviewed-by: NeilBrown
Signed-off-by: J. Bruce Fields
18 Dec, 2010
1 commit
-
These macros never be used for several years.
Signed-off-by: Shan Wei
Signed-off-by: J. Bruce Fields
12 Oct, 2010
1 commit
-
Signed-off-by: Pavel Emelyanov
Signed-off-by: J. Bruce Fields
27 Sep, 2010
1 commit
-
Everything that is required for that already exists:
* the per-net cache registration with respective proc entries
* the context (struct net) is available in all the usersSigned-off-by: Pavel Emelyanov
Signed-off-by: J. Bruce Fields