Ensure that Lockd and the NSM (statd) clients always use privileged

ports. Remove the existing code to temporarily raise privileges in fs/lockd/host.c, and use the new code in net/sunrpc/xprt.c There should no longer be a need to temporarily change the fsuid. Remove this feature.

Ensure that Lockd and the NSM (statd) clients always use privileged
ports. Remove the existing code to temporarily raise privileges in fs/lockd/host.c, and use the new code in net/sunrpc/xprt.c There should no longer be a need to temporarily change the fsuid. Remove this feature.
15b425e3 · Trond Myklebust · a71546be · 15b425e3 · 15b425e3 · 15b425e3
Commit 15b425e3 authored May 07, 2003 by Trond Myklebust
5 changed files
--- a/fs/lockd/host.c
+++ b/fs/lockd/host.c
@@ -187,15 +187,7 @@ nlm_bind_host(struct nlm_host *host)
 					host->h_nextrebind - jiffies);
 		}
 	} else {
-		uid_t saved_fsuid = current->fsuid;
-		kernel_cap_t saved_cap = current->cap_effective;
-
-		/* Create RPC socket as root user so we get a priv port */
-		current->fsuid = 0;
-		cap_raise (current->cap_effective, CAP_NET_BIND_SERVICE);
 		xprt = xprt_create_proto(host->h_proto, &host->h_addr, NULL);
-		current->fsuid = saved_fsuid;
-		current->cap_effective = saved_cap;
 		if (xprt == NULL)
 			goto forgetit;

@@ -209,6 +201,7 @@ nlm_bind_host(struct nlm_host *host)
 		}
 		clnt->cl_autobind = 1;	/* turn on pmap queries */
 		xprt->nocong = 1;	/* No congestion control for NLM */
+		xprt->resvport = 1;	/* NLM requires a reserved port */

 		host->h_rpcclnt = clnt;
 	}
@@ -276,7 +269,7 @@ nlm_shutdown_hosts(void)
 	dprintk("lockd: nuking all hosts...\n");
 	for (i = 0; i < NLM_HOST_NRHASH; i++) {
 		for (host = nlm_hosts[i]; host; host = host->h_next)
-			host->h_expires = 0;
+			host->h_expires = jiffies - 1;
 	}

 	/* Then, perform a garbage collection pass */
@@ -323,6 +316,9 @@ nlm_gc_hosts(void)
 		while ((host = *q) != NULL) {
 			if (host->h_count || host->h_inuse
 			 || time_before(jiffies, host->h_expires)) {
+				dprintk("nlm_gc_hosts skipping %s (cnt %d use %d exp %ld)\n",
+					host->h_name, host->h_count,
+					host->h_inuse, host->h_expires);
 				q = &host->h_next;
 				continue;
 			}

--- a/fs/lockd/mon.c
+++ b/fs/lockd/mon.c
@@ -123,6 +123,7 @@ nsm_create(void)
 	clnt->cl_softrtry = 1;
 	clnt->cl_chatty   = 1;
 	clnt->cl_oneshot  = 1;
+	xprt->resvport = 1;	/* NSM requires a reserved port */
 out:
 	return clnt;


--- a/include/linux/sunrpc/xprt.h
+++ b/include/linux/sunrpc/xprt.h
@@ -198,7 +198,7 @@ void			xprt_sock_setbufsize(struct rpc_xprt *);

 #define XPRT_CONNECT	0

-#define xprt_connected(xp)		(!(xp)->stream || test_bit(XPRT_CONNECT, &(xp)->sockstate))
+#define xprt_connected(xp)		(test_bit(XPRT_CONNECT, &(xp)->sockstate))
 #define xprt_set_connected(xp)		(set_bit(XPRT_CONNECT, &(xp)->sockstate))
 #define xprt_test_and_set_connected(xp)	(test_and_set_bit(XPRT_CONNECT, &(xp)->sockstate))
 #define xprt_clear_connected(xp)	(clear_bit(XPRT_CONNECT, &(xp)->sockstate))

--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -605,7 +605,7 @@ call_connect(struct rpc_task *task)
 	dprintk("RPC: %4d call_connect status %d\n",
 				task->tk_pid, task->tk_status);

-	if (!clnt->cl_xprt->stream) {
+	if (xprt_connected(clnt->cl_xprt)) {
 		task->tk_action = call_transmit;
 		return;
 	}

--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -446,6 +446,10 @@ xprt_connect(struct rpc_task *task)
 		goto out_write;
 	}
 	xprt_bind_socket(xprt, sock);
+
+	if (!xprt->stream)
+		goto out_write;
+
 	inet = sock->sk;

 	/*
@@ -1563,15 +1567,6 @@ xprt_create_proto(int proto, struct sockaddr_in *sap, struct rpc_timeout *to)
 	if (!xprt)
 		goto out_bad;

-	if (!xprt->stream) {
-		struct socket *sock;
-
-		sock = xprt_create_socket(proto, to, xprt->resvport);
-		if (!sock)
-			goto out_bad;
-		xprt_bind_socket(xprt, sock);
-	}
-
 	dprintk("RPC:      xprt_create_proto created xprt %p\n", xprt);
 	return xprt;
 out_bad: