Commit a00b6151 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-3.5-take-2' of git://linux-nfs.org/~bfields/linux

Pull nfsd update from Bruce Fields.

* 'for-3.5-take-2' of git://linux-nfs.org/~bfields/linux: (23 commits)
  nfsd: trivial: use SEEK_SET instead of 0 in vfs_llseek
  SUNRPC: split upcall function to extract reusable parts
  nfsd: allocate id-to-name and name-to-id caches in per-net operations.
  nfsd: make name-to-id cache allocated per network namespace context
  nfsd: make id-to-name cache allocated per network namespace context
  nfsd: pass network context to idmap init/exit functions
  nfsd: allocate export and expkey caches in per-net operations.
  nfsd: make expkey cache allocated per network namespace context
  nfsd: make export cache allocated per network namespace context
  nfsd: pass pointer to export cache down to stack wherever possible.
  nfsd: pass network context to export caches init/shutdown routines
  Lockd: pass network namespace to creation and destruction routines
  NFSd: remove hard-coded dereferences to name-to-id and id-to-name caches
  nfsd: pass pointer to expkey cache down to stack wherever possible.
  nfsd: use hash table from cache detail in nfsd export seq ops
  nfsd: pass svc_export_cache pointer as private data to "exports" seq file ops
  nfsd: use exp_put() for svc_export_cache put
  nfsd: use cache detail pointer from svc_export structure on cache put
  nfsd: add link to owner cache detail to svc_export structure
  nfsd: use passed cache_detail pointer expkey_parse()
  ...
parents 08615d7d b108fe6b
......@@ -56,7 +56,7 @@ struct nlm_host *nlmclnt_init(const struct nlmclnt_initdata *nlm_init)
u32 nlm_version = (nlm_init->nfs_version == 2) ? 1 : 4;
int status;
status = lockd_up();
status = lockd_up(nlm_init->net);
if (status < 0)
return ERR_PTR(status);
......@@ -65,7 +65,7 @@ struct nlm_host *nlmclnt_init(const struct nlmclnt_initdata *nlm_init)
nlm_init->hostname, nlm_init->noresvport,
nlm_init->net);
if (host == NULL) {
lockd_down();
lockd_down(nlm_init->net);
return ERR_PTR(-ENOLCK);
}
......@@ -80,8 +80,10 @@ EXPORT_SYMBOL_GPL(nlmclnt_init);
*/
void nlmclnt_done(struct nlm_host *host)
{
struct net *net = host->net;
nlmclnt_release_host(host);
lockd_down();
lockd_down(net);
}
EXPORT_SYMBOL_GPL(nlmclnt_done);
......@@ -220,11 +222,12 @@ reclaimer(void *ptr)
struct nlm_wait *block;
struct file_lock *fl, *next;
u32 nsmstate;
struct net *net = host->net;
allow_signal(SIGKILL);
down_write(&host->h_rwsem);
lockd_up(); /* note: this cannot fail as lockd is already running */
lockd_up(net); /* note: this cannot fail as lockd is already running */
dprintk("lockd: reclaiming locks for host %s\n", host->h_name);
......@@ -275,6 +278,6 @@ reclaimer(void *ptr)
/* Release host handle after use */
nlmclnt_release_host(host);
lockd_down();
lockd_down(net);
return 0;
}
......@@ -295,11 +295,10 @@ static void lockd_down_net(struct net *net)
/*
* Bring up the lockd process if it's not already up.
*/
int lockd_up(void)
int lockd_up(struct net *net)
{
struct svc_serv *serv;
int error = 0;
struct net *net = current->nsproxy->net_ns;
mutex_lock(&nlmsvc_mutex);
/*
......@@ -378,12 +377,12 @@ EXPORT_SYMBOL_GPL(lockd_up);
* Decrement the user count and bring down lockd if we're the last.
*/
void
lockd_down(void)
lockd_down(struct net *net)
{
mutex_lock(&nlmsvc_mutex);
if (nlmsvc_users) {
if (--nlmsvc_users) {
lockd_down_net(current->nsproxy->net_ns);
lockd_down_net(net);
goto out;
}
} else {
......
This diff is collapsed.
......@@ -42,14 +42,14 @@
#define IDMAP_NAMESZ 128
#ifdef CONFIG_NFSD_V4
int nfsd_idmap_init(void);
void nfsd_idmap_shutdown(void);
int nfsd_idmap_init(struct net *);
void nfsd_idmap_shutdown(struct net *);
#else
static inline int nfsd_idmap_init(void)
static inline int nfsd_idmap_init(struct net *net)
{
return 0;
}
static inline void nfsd_idmap_shutdown(void)
static inline void nfsd_idmap_shutdown(struct net *net)
{
}
#endif
......
......@@ -28,6 +28,12 @@ struct cld_net;
struct nfsd_net {
struct cld_net *cld_net;
struct cache_detail *svc_expkey_cache;
struct cache_detail *svc_export_cache;
struct cache_detail *idtoname_cache;
struct cache_detail *nametoid_cache;
};
extern int nfsd_net_id;
......
......@@ -36,9 +36,11 @@
#include <linux/seq_file.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/sunrpc/svc_xprt.h>
#include <net/net_namespace.h>
#include "idmap.h"
#include "nfsd.h"
#include "netns.h"
/*
* Turn off idmapping when using AUTH_SYS.
......@@ -107,8 +109,6 @@ ent_alloc(void)
* ID -> Name cache
*/
static struct cache_head *idtoname_table[ENT_HASHMAX];
static uint32_t
idtoname_hash(struct ent *ent)
{
......@@ -183,13 +183,13 @@ warn_no_idmapd(struct cache_detail *detail, int has_died)
static int idtoname_parse(struct cache_detail *, char *, int);
static struct ent *idtoname_lookup(struct ent *);
static struct ent *idtoname_update(struct ent *, struct ent *);
static struct ent *idtoname_lookup(struct cache_detail *, struct ent *);
static struct ent *idtoname_update(struct cache_detail *, struct ent *,
struct ent *);
static struct cache_detail idtoname_cache = {
static struct cache_detail idtoname_cache_template = {
.owner = THIS_MODULE,
.hash_size = ENT_HASHMAX,
.hash_table = idtoname_table,
.name = "nfs4.idtoname",
.cache_put = ent_put,
.cache_upcall = idtoname_upcall,
......@@ -244,7 +244,7 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
goto out;
error = -ENOMEM;
res = idtoname_lookup(&ent);
res = idtoname_lookup(cd, &ent);
if (!res)
goto out;
......@@ -260,11 +260,11 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
else
memcpy(ent.name, buf1, sizeof(ent.name));
error = -ENOMEM;
res = idtoname_update(&ent, res);
res = idtoname_update(cd, &ent, res);
if (res == NULL)
goto out;
cache_put(&res->h, &idtoname_cache);
cache_put(&res->h, cd);
error = 0;
out:
......@@ -275,10 +275,9 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
static struct ent *
idtoname_lookup(struct ent *item)
idtoname_lookup(struct cache_detail *cd, struct ent *item)
{
struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache,
&item->h,
struct cache_head *ch = sunrpc_cache_lookup(cd, &item->h,
idtoname_hash(item));
if (ch)
return container_of(ch, struct ent, h);
......@@ -287,10 +286,9 @@ idtoname_lookup(struct ent *item)
}
static struct ent *
idtoname_update(struct ent *new, struct ent *old)
idtoname_update(struct cache_detail *cd, struct ent *new, struct ent *old)
{
struct cache_head *ch = sunrpc_cache_update(&idtoname_cache,
&new->h, &old->h,
struct cache_head *ch = sunrpc_cache_update(cd, &new->h, &old->h,
idtoname_hash(new));
if (ch)
return container_of(ch, struct ent, h);
......@@ -303,8 +301,6 @@ idtoname_update(struct ent *new, struct ent *old)
* Name -> ID cache
*/
static struct cache_head *nametoid_table[ENT_HASHMAX];
static inline int
nametoid_hash(struct ent *ent)
{
......@@ -359,14 +355,14 @@ nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
return 0;
}
static struct ent *nametoid_lookup(struct ent *);
static struct ent *nametoid_update(struct ent *, struct ent *);
static struct ent *nametoid_lookup(struct cache_detail *, struct ent *);
static struct ent *nametoid_update(struct cache_detail *, struct ent *,
struct ent *);
static int nametoid_parse(struct cache_detail *, char *, int);
static struct cache_detail nametoid_cache = {
static struct cache_detail nametoid_cache_template = {
.owner = THIS_MODULE,
.hash_size = ENT_HASHMAX,
.hash_table = nametoid_table,
.name = "nfs4.nametoid",
.cache_put = ent_put,
.cache_upcall = nametoid_upcall,
......@@ -426,14 +422,14 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
set_bit(CACHE_NEGATIVE, &ent.h.flags);
error = -ENOMEM;
res = nametoid_lookup(&ent);
res = nametoid_lookup(cd, &ent);
if (res == NULL)
goto out;
res = nametoid_update(&ent, res);
res = nametoid_update(cd, &ent, res);
if (res == NULL)
goto out;
cache_put(&res->h, &nametoid_cache);
cache_put(&res->h, cd);
error = 0;
out:
kfree(buf1);
......@@ -443,10 +439,9 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
static struct ent *
nametoid_lookup(struct ent *item)
nametoid_lookup(struct cache_detail *cd, struct ent *item)
{
struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache,
&item->h,
struct cache_head *ch = sunrpc_cache_lookup(cd, &item->h,
nametoid_hash(item));
if (ch)
return container_of(ch, struct ent, h);
......@@ -455,10 +450,9 @@ nametoid_lookup(struct ent *item)
}
static struct ent *
nametoid_update(struct ent *new, struct ent *old)
nametoid_update(struct cache_detail *cd, struct ent *new, struct ent *old)
{
struct cache_head *ch = sunrpc_cache_update(&nametoid_cache,
&new->h, &old->h,
struct cache_head *ch = sunrpc_cache_update(cd, &new->h, &old->h,
nametoid_hash(new));
if (ch)
return container_of(ch, struct ent, h);
......@@ -471,34 +465,55 @@ nametoid_update(struct ent *new, struct ent *old)
*/
int
nfsd_idmap_init(void)
nfsd_idmap_init(struct net *net)
{
int rv;
struct nfsd_net *nn = net_generic(net, nfsd_net_id);
rv = cache_register_net(&idtoname_cache, &init_net);
nn->idtoname_cache = cache_create_net(&idtoname_cache_template, net);
if (IS_ERR(nn->idtoname_cache))
return PTR_ERR(nn->idtoname_cache);
rv = cache_register_net(nn->idtoname_cache, net);
if (rv)
return rv;
rv = cache_register_net(&nametoid_cache, &init_net);
goto destroy_idtoname_cache;
nn->nametoid_cache = cache_create_net(&nametoid_cache_template, net);
if (IS_ERR(nn->nametoid_cache)) {
rv = PTR_ERR(nn->idtoname_cache);
goto unregister_idtoname_cache;
}
rv = cache_register_net(nn->nametoid_cache, net);
if (rv)
cache_unregister_net(&idtoname_cache, &init_net);
goto destroy_nametoid_cache;
return 0;
destroy_nametoid_cache:
cache_destroy_net(nn->nametoid_cache, net);
unregister_idtoname_cache:
cache_unregister_net(nn->idtoname_cache, net);
destroy_idtoname_cache:
cache_destroy_net(nn->idtoname_cache, net);
return rv;
}
void
nfsd_idmap_shutdown(void)
nfsd_idmap_shutdown(struct net *net)
{
cache_unregister_net(&idtoname_cache, &init_net);
cache_unregister_net(&nametoid_cache, &init_net);
struct nfsd_net *nn = net_generic(net, nfsd_net_id);
cache_unregister_net(nn->idtoname_cache, net);
cache_unregister_net(nn->nametoid_cache, net);
cache_destroy_net(nn->idtoname_cache, net);
cache_destroy_net(nn->nametoid_cache, net);
}
static int
idmap_lookup(struct svc_rqst *rqstp,
struct ent *(*lookup_fn)(struct ent *), struct ent *key,
struct cache_detail *detail, struct ent **item)
struct ent *(*lookup_fn)(struct cache_detail *, struct ent *),
struct ent *key, struct cache_detail *detail, struct ent **item)
{
int ret;
*item = lookup_fn(key);
*item = lookup_fn(detail, key);
if (!*item)
return -ENOMEM;
retry:
......@@ -506,7 +521,7 @@ idmap_lookup(struct svc_rqst *rqstp,
if (ret == -ETIMEDOUT) {
struct ent *prev_item = *item;
*item = lookup_fn(key);
*item = lookup_fn(detail, key);
if (*item != prev_item)
goto retry;
cache_put(&(*item)->h, detail);
......@@ -531,19 +546,20 @@ idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen
.type = type,
};
int ret;
struct nfsd_net *nn = net_generic(rqstp->rq_xprt->xpt_net, nfsd_net_id);
if (namelen + 1 > sizeof(key.name))
return nfserr_badowner;
memcpy(key.name, name, namelen);
key.name[namelen] = '\0';
strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item);
ret = idmap_lookup(rqstp, nametoid_lookup, &key, nn->nametoid_cache, &item);
if (ret == -ENOENT)
return nfserr_badowner;
if (ret)
return nfserrno(ret);
*id = item->id;
cache_put(&item->h, &nametoid_cache);
cache_put(&item->h, nn->nametoid_cache);
return 0;
}
......@@ -555,9 +571,10 @@ idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
.type = type,
};
int ret;
struct nfsd_net *nn = net_generic(rqstp->rq_xprt->xpt_net, nfsd_net_id);
strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item);
ret = idmap_lookup(rqstp, idtoname_lookup, &key, nn->idtoname_cache, &item);
if (ret == -ENOENT)
return sprintf(name, "%u", id);
if (ret)
......@@ -565,7 +582,7 @@ idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
ret = strlen(item->name);
BUG_ON(ret > IDMAP_NAMESZ);
memcpy(name, item->name, ret);
cache_put(&item->h, &idtoname_cache);
cache_put(&item->h, nn->idtoname_cache);
return ret;
}
......
......@@ -3155,10 +3155,17 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
static struct lock_manager nfsd4_manager = {
};
static bool grace_ended;
static void
nfsd4_end_grace(void)
{
/* do nothing if grace period already ended */
if (grace_ended)
return;
dprintk("NFSD: end of grace period\n");
grace_ended = true;
nfsd4_record_grace_done(&init_net, boot_time);
locks_end_grace(&nfsd4_manager);
/*
......@@ -3183,7 +3190,6 @@ nfs4_laundromat(void)
nfs4_lock_state();
dprintk("NFSD: laundromat service - starting\n");
if (locks_in_grace())
nfsd4_end_grace();
INIT_LIST_HEAD(&reaplist);
spin_lock(&client_lock);
......@@ -4055,7 +4061,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
struct nfs4_openowner *open_sop = NULL;
struct nfs4_lockowner *lock_sop = NULL;
struct nfs4_ol_stateid *lock_stp;
struct nfs4_file *fp;
struct file *filp = NULL;
struct file_lock file_lock;
struct file_lock conflock;
......@@ -4123,7 +4128,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
goto out;
}
lock_sop = lockowner(lock_stp->st_stateowner);
fp = lock_stp->st_file;
lkflg = setlkflg(lock->lk_type);
status = nfs4_check_openmode(lock_stp, lkflg);
......@@ -4715,6 +4719,7 @@ nfs4_state_start(void)
nfsd4_client_tracking_init(&init_net);
boot_time = get_seconds();
locks_start_grace(&nfsd4_manager);
grace_ended = false;
printk(KERN_INFO "NFSD: starting %ld-second grace period\n",
nfsd4_grace);
ret = set_callback_cred();
......
......@@ -127,7 +127,17 @@ static const struct file_operations transaction_ops = {
static int exports_open(struct inode *inode, struct file *file)
{
return seq_open(file, &nfs_exports_op);
int err;
struct seq_file *seq;
struct nfsd_net *nn = net_generic(&init_net, nfsd_net_id);
err = seq_open(file, &nfs_exports_op);
if (err)
return err;
seq = file->private_data;
seq->private = nn->svc_export_cache;
return 0;
}
static const struct file_operations exports_operations = {
......@@ -345,7 +355,7 @@ static ssize_t write_filehandle(struct file *file, char *buf, size_t size)
if (!dom)
return -ENOMEM;
len = exp_rootfh(dom, path, &fh, maxsize);
len = exp_rootfh(&init_net, dom, path, &fh, maxsize);
auth_domain_put(dom);
if (len)
return len;
......@@ -1127,7 +1137,34 @@ static int create_proc_exports_entry(void)
#endif
int nfsd_net_id;
static __net_init int nfsd_init_net(struct net *net)
{
int retval;
retval = nfsd_export_init(net);
if (retval)
goto out_export_error;
retval = nfsd_idmap_init(net);
if (retval)
goto out_idmap_error;
return 0;
out_idmap_error:
nfsd_export_shutdown(net);
out_export_error:
return retval;
}
static __net_exit void nfsd_exit_net(struct net *net)
{
nfsd_idmap_shutdown(net);
nfsd_export_shutdown(net);
}
static struct pernet_operations nfsd_net_ops = {
.init = nfsd_init_net,
.exit = nfsd_exit_net,
.id = &nfsd_net_id,
.size = sizeof(struct nfsd_net),
};
......@@ -1154,16 +1191,10 @@ static int __init init_nfsd(void)
retval = nfsd_reply_cache_init();
if (retval)
goto out_free_stat;
retval = nfsd_export_init();
if (retval)
goto out_free_cache;
nfsd_lockd_init(); /* lockd->nfsd callbacks */
retval = nfsd_idmap_init();
if (retval)
goto out_free_lockd;
retval = create_proc_exports_entry();
if (retval)
goto out_free_idmap;
goto out_free_lockd;
retval = register_filesystem(&nfsd_fs_type);
if (retval)
goto out_free_all;
......@@ -1171,12 +1202,8 @@ static int __init init_nfsd(void)
out_free_all:
remove_proc_entry("fs/nfs/exports", NULL);
remove_proc_entry("fs/nfs", NULL);
out_free_idmap:
nfsd_idmap_shutdown();
out_free_lockd:
nfsd_lockd_shutdown();
nfsd_export_shutdown();
out_free_cache:
nfsd_reply_cache_shutdown();
out_free_stat:
nfsd_stat_shutdown();
......@@ -1192,13 +1219,11 @@ static int __init init_nfsd(void)
static void __exit exit_nfsd(void)
{
nfsd_export_shutdown();
nfsd_reply_cache_shutdown();
remove_proc_entry("fs/nfs/exports", NULL);
remove_proc_entry("fs/nfs", NULL);
nfsd_stat_shutdown();
nfsd_lockd_shutdown();
nfsd_idmap_shutdown();
nfsd4_free_slabs();
nfsd_fault_inject_cleanup();
unregister_filesystem(&nfsd_fs_type);
......
......@@ -636,7 +636,7 @@ fh_put(struct svc_fh *fhp)
#endif
}
if (exp) {
cache_put(&exp->h, &svc_export_cache);
exp_put(exp);
fhp->fh_export = NULL;
}
return;
......
......@@ -220,7 +220,7 @@ static int nfsd_startup(unsigned short port, int nrservs)
ret = nfsd_init_socks(port);
if (ret)
goto out_racache;
ret = lockd_up();
ret = lockd_up(&init_net);
if (ret)
goto out_racache;
ret = nfs4_state_start();
......@@ -229,7 +229,7 @@ static int nfsd_startup(unsigned short port, int nrservs)
nfsd_up = true;
return 0;
out_lockd:
lockd_down();
lockd_down(&init_net);
out_racache:
nfsd_racache_shutdown();
return ret;
......@@ -246,7 +246,7 @@ static void nfsd_shutdown(void)
if (!nfsd_up)
return;
nfs4_state_shutdown();
lockd_down();
lockd_down(&init_net);
nfsd_racache_shutdown();
nfsd_up = false;
}
......@@ -261,7 +261,7 @@ static void nfsd_last_thread(struct svc_serv *serv, struct net *net)
printk(KERN_WARNING "nfsd: last server has exited, flushing export "
"cache\n");
nfsd_export_flush();
nfsd_export_flush(net);
}
void nfsd_reset_versions(void)
......
......@@ -2039,7 +2039,7 @@ nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp,
if (err)
goto out;
offset = vfs_llseek(file, offset, 0);
offset = vfs_llseek(file, offset, SEEK_SET);
if (offset < 0) {
err = nfserrno((int)offset);
goto out_close;
......
......@@ -54,7 +54,7 @@ extern void nlmclnt_done(struct nlm_host *host);
extern int nlmclnt_proc(struct nlm_host *host, int cmd,
struct file_lock *fl);
extern int lockd_up(void);
extern void lockd_down(void);
extern int lockd_up(struct net *net);
extern void lockd_down(struct net *net);
#endif /* LINUX_LOCKD_BIND_H */
......@@ -103,6 +103,7 @@ struct svc_export {
struct nfsd4_fs_locations ex_fslocs;
int ex_nflavors;
struct exp_flavor_info ex_flavors[MAX_SECINFO_LIST];
struct cache_detail *cd;
};
/* an "export key" (expkey) maps a filehandlefragement to an
......@@ -129,24 +130,22 @@ __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp);
/*
* Function declarations
*/
int nfsd_export_init(void);
void nfsd_export_shutdown(void);
void nfsd_export_flush(void);
int nfsd_export_init(struct net *);
void nfsd_export_shutdown(struct net *);
void nfsd_export_flush(struct net *);
struct svc_export * rqst_exp_get_by_name(struct svc_rqst *,
struct path *);
struct svc_export * rqst_exp_parent(struct svc_rqst *,
struct path *);
struct svc_export * rqst_find_fsidzero_export(struct svc_rqst *);
int exp_rootfh(struct auth_domain *,
int exp_rootfh(struct net *, struct auth_domain *,
char *path, struct knfsd_fh *, int maxsize);
__be32 exp_pseudoroot(struct svc_rqst *, struct svc_fh *);
__be32 nfserrno(int errno);
extern struct cache_detail svc_export_cache;
static inline void exp_put(struct svc_export *exp)
{
cache_put(&exp->h, &svc_export_cache);
cache_put(&exp->h, exp->cd);
}
static inline void exp_get(struct svc_export *exp)
......
......@@ -16,7 +16,6 @@
#include <linux/sunrpc/cache.h>
#include <linux/hash.h>
#define SVC_CRED_NGROUPS 32
struct svc_cred {
uid_t cr_uid;
gid_t cr_gid;
......@@ -131,7 +130,7 @@ extern struct auth_domain *auth_domain_lookup(char *name, struct auth_domain *ne
extern struct auth_domain *auth_domain_find(char *name);
extern struct auth_domain *auth_unix_lookup(struct net *net, struct in6_addr *addr);
extern int auth_unix_forget_old(struct auth_domain *dom);
extern void svcauth_unix_purge(void);
extern void svcauth_unix_purge(struct net *net);
extern void svcauth_unix_info_release(struct svc_xprt *xpt);
extern int svcauth_unix_set_client(struct svc_rqst *rqstp);
......
......@@ -969,16 +969,17 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
}
static inline int
gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp, struct rsi *rsip)
gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,
struct xdr_netobj *out_handle, int *major_status)
{
struct rsc *rsci;
int rc;
if (rsip->major_status != GSS_S_COMPLETE)
if (*major_status != GSS_S_COMPLETE)
return gss_write_null_verf(rqstp);
rsci = gss_svc_searchbyctx(cd, &rsip->out_handle);
rsci = gss_svc_searchbyctx(cd, out_handle);
if (rsci == NULL) {
rsip->major_status = GSS_S_NO_CONTEXT;
*major_status = GSS_S_NO_CONTEXT;
return gss_write_null_verf(rqstp);
}
rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);
......@@ -986,22 +987,13 @@ gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp, struct rsi
return rc;
}
/*
* Having read the cred already and found we're in the context
* initiation case, read the verifier and initiate (or check the results
* of) upcalls to userspace for help with context initiation. If
* the upcall results are available, write the verifier and result.
* Otherwise, drop the request pending an answer to the upcall.
*/
static int svcauth_gss_handle_init(struct svc_rqst *rqstp,
struct rpc_gss_wire_cred *gc, __be32 *authp)
static inline int
gss_read_verf(struct rpc_gss_wire_cred *gc,
struct kvec *argv, __be32 *authp,
struct xdr_netobj *in_handle,
struct xdr_netobj *in_token)
{
struct kvec *argv = &rqstp->rq_arg.head[0];
struct kvec *resv = &rqstp->rq_res.head[0];
struct xdr_netobj tmpobj;
struct rsi *rsip, rsikey;
int ret;
struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
/* Read the verifier; should be NULL: */
*authp = rpc_autherr_badverf;
......@@ -1011,24 +1003,67 @@ static int svcauth_gss_handle_init(struct svc_rqst *rqstp,
return SVC_DENIED;
if (svc_getnl(argv) != 0)
return SVC_DENIED;
/* Martial context handle and token for upcall: */
*authp = rpc_autherr_badcred;
if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != 0)
return SVC_DENIED;
memset(&rsikey, 0, sizeof(rsikey));
if (dup_netobj(&rsikey.in_handle, &gc->gc_ctx))
if (dup_netobj(in_handle, &gc->gc_ctx))
return SVC_CLOSE;
*authp = rpc_autherr_badverf;
if (svc_safe_getnetobj(argv, &tmpobj)) {
kfree(rsikey.in_handle.data);
kfree(in_handle->data);
return SVC_DENIED;
}
if (dup_netobj(&rsikey.in_token, &tmpobj)) {
kfree(rsikey.in_handle.data);
if (dup_netobj(in_token, &tmpobj)) {
kfree(in_handle->data);
return SVC_CLOSE;
}
return 0;
}
static inline int
gss_write_resv(struct kvec *resv, size_t size_limit,
struct xdr_netobj *out_handle, struct xdr_netobj *out_token,
int major_status, int minor_status)
{
if (resv->iov_len + 4 > size_limit)
return -1;
svc_putnl(resv, RPC_SUCCESS);
if (svc_safe_putnetobj(resv, out_handle))
return -1;
if (resv->iov_len + 3 * 4 > size_limit)
return -1;
svc_putnl(resv, major_status);
svc_putnl(resv, minor_status);
svc_putnl(resv, GSS_SEQ_WIN);
if (svc_safe_putnetobj(resv, out_token))
return -1;
return 0;
}
/*
* Having read the cred already and found we're in the context
* initiation case, read the verifier and initiate (or check the results
* of) upcalls to userspace for help with context initiation. If
* the upcall results are available, write the verifier and result.
* Otherwise, drop the request pending an answer to the upcall.
*/
static int svcauth_gss_handle_init(struct svc_rqst *rqstp,
struct rpc_gss_wire_cred *gc, __be32 *authp)
{
struct kvec *argv = &rqstp->rq_arg.head[0];
struct kvec *resv = &rqstp->rq_res.head[0];
struct rsi *rsip, rsikey;
int ret;
struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
memset(&rsikey, 0, sizeof(rsikey));
ret = gss_read_verf(gc, argv, authp,
&rsikey.in_handle, &rsikey.in_token);
if (ret)
return ret;
/* Perform upcall, or find upcall result: */
rsip = rsi_lookup(sn->rsi_cache, &rsikey);
rsi_free(&rsikey);
......@@ -1040,19 +1075,12 @@ static int svcauth_gss_handle_init(struct svc_rqst *rqstp,
ret = SVC_CLOSE;
/* Got an answer to the upcall; use it: */
if (gss_write_init_verf(sn->rsc_cache, rqstp, rsip))
goto out;
if (resv->iov_len + 4 > PAGE_SIZE)
if (gss_write_init_verf(sn->rsc_cache, rqstp,
&rsip->out_handle, &rsip->major_status))
goto out;
svc_putnl(resv, RPC_SUCCESS);
if (svc_safe_putnetobj(resv, &rsip->out_handle))
goto out;
if (resv->iov_len + 3 * 4 > PAGE_SIZE)
goto out;
svc_putnl(resv, rsip->major_status);
svc_putnl(resv, rsip->minor_status);
svc_putnl(resv, GSS_SEQ_WIN);
if (svc_safe_putnetobj(resv, &rsip->out_token))
if (gss_write_resv(resv, PAGE_SIZE,
&rsip->out_handle, &rsip->out_token,
rsip->major_status, rsip->minor_status))
goto out;
ret = SVC_COMPLETE;
......
......@@ -347,17 +347,12 @@ static inline int ip_map_update(struct net *net, struct ip_map *ipm,
return __ip_map_update(sn->ip_map_cache, ipm, udom, expiry);
}
void svcauth_unix_purge(void)
void svcauth_unix_purge(struct net *net)
{
struct net *net;
for_each_net(net) {
struct sunrpc_net *sn;
sn = net_generic(net, sunrpc_net_id);
cache_purge(sn->ip_map_cache);
}
}
EXPORT_SYMBOL_GPL(svcauth_unix_purge);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment