Commit a74d70b6 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-2.6.40' of git://linux-nfs.org/~bfields/linux

* 'for-2.6.40' of git://linux-nfs.org/~bfields/linux: (22 commits)
  nfsd: make local functions static
  NFSD: Remove unused variable from nfsd4_decode_bind_conn_to_session()
  NFSD: Check status from nfsd4_map_bcts_dir()
  NFSD: Remove setting unused variable in nfsd_vfs_read()
  nfsd41: error out on repeated RECLAIM_COMPLETE
  nfsd41: compare request's opcnt with session's maxops at nfsd4_sequence
  nfsd v4.1 lOCKT clientid field must be ignored
  nfsd41: add flag checking for create_session
  nfsd41: make sure nfs server process OPEN with EXCLUSIVE4_1 correctly
  nfsd4: fix wrongsec handling for PUTFH + op cases
  nfsd4: make fh_verify responsibility of nfsd_lookup_dentry caller
  nfsd4: introduce OPDESC helper
  nfsd4: allow fh_verify caller to skip pseudoflavor checks
  nfsd: distinguish functions of NFSD_MAY_* flags
  svcrpc: complete svsk processing on cb receive failure
  svcrpc: take advantage of tcp autotuning
  SUNRPC: Don't wait for full record to receive tcp data
  svcrpc: copy cb reply instead of pages
  svcrpc: close connection if client sends short packet
  svcrpc: note network-order types in svc_process_calldir
  ...
parents b11b06d9 c47d832b
...@@ -1354,12 +1354,6 @@ exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp) ...@@ -1354,12 +1354,6 @@ exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
if (IS_ERR(exp)) if (IS_ERR(exp))
return nfserrno(PTR_ERR(exp)); return nfserrno(PTR_ERR(exp));
rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL); rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL);
if (rv)
goto out;
rv = check_nfsd_access(exp, rqstp);
if (rv)
fh_put(fhp);
out:
exp_put(exp); exp_put(exp);
return rv; return rv;
} }
......
...@@ -245,7 +245,7 @@ nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp, ...@@ -245,7 +245,7 @@ nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
} }
/* Now create the file and set attributes */ /* Now create the file and set attributes */
nfserr = nfsd_create_v3(rqstp, dirfhp, argp->name, argp->len, nfserr = do_nfsd_create(rqstp, dirfhp, argp->name, argp->len,
attr, newfhp, attr, newfhp,
argp->createmode, argp->verf, NULL, NULL); argp->createmode, argp->verf, NULL, NULL);
......
...@@ -842,7 +842,7 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp, ...@@ -842,7 +842,7 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp,
return rv; return rv;
} }
__be32 *encode_entryplus_baggage(struct nfsd3_readdirres *cd, __be32 *p, const char *name, int namlen) static __be32 *encode_entryplus_baggage(struct nfsd3_readdirres *cd, __be32 *p, const char *name, int namlen)
{ {
struct svc_fh fh; struct svc_fh fh;
int err; int err;
......
...@@ -196,9 +196,9 @@ do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_o ...@@ -196,9 +196,9 @@ do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_o
/* /*
* Note: create modes (UNCHECKED,GUARDED...) are the same * Note: create modes (UNCHECKED,GUARDED...) are the same
* in NFSv4 as in v3. * in NFSv4 as in v3 except EXCLUSIVE4_1.
*/ */
status = nfsd_create_v3(rqstp, current_fh, open->op_fname.data, status = do_nfsd_create(rqstp, current_fh, open->op_fname.data,
open->op_fname.len, &open->op_iattr, open->op_fname.len, &open->op_iattr,
&resfh, open->op_createmode, &resfh, open->op_createmode,
(u32 *)open->op_verf.data, (u32 *)open->op_verf.data,
...@@ -403,7 +403,7 @@ nfsd4_putfh(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, ...@@ -403,7 +403,7 @@ nfsd4_putfh(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
cstate->current_fh.fh_handle.fh_size = putfh->pf_fhlen; cstate->current_fh.fh_handle.fh_size = putfh->pf_fhlen;
memcpy(&cstate->current_fh.fh_handle.fh_base, putfh->pf_fhval, memcpy(&cstate->current_fh.fh_handle.fh_base, putfh->pf_fhval,
putfh->pf_fhlen); putfh->pf_fhlen);
return fh_verify(rqstp, &cstate->current_fh, 0, NFSD_MAY_NOP); return fh_verify(rqstp, &cstate->current_fh, 0, NFSD_MAY_BYPASS_GSS);
} }
static __be32 static __be32
...@@ -762,6 +762,9 @@ nfsd4_secinfo(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, ...@@ -762,6 +762,9 @@ nfsd4_secinfo(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
__be32 err; __be32 err;
fh_init(&resfh, NFS4_FHSIZE); fh_init(&resfh, NFS4_FHSIZE);
err = fh_verify(rqstp, &cstate->current_fh, S_IFDIR, NFSD_MAY_EXEC);
if (err)
return err;
err = nfsd_lookup_dentry(rqstp, &cstate->current_fh, err = nfsd_lookup_dentry(rqstp, &cstate->current_fh,
secinfo->si_name, secinfo->si_namelen, secinfo->si_name, secinfo->si_namelen,
&exp, &dentry); &exp, &dentry);
...@@ -986,6 +989,9 @@ enum nfsd4_op_flags { ...@@ -986,6 +989,9 @@ enum nfsd4_op_flags {
ALLOWED_WITHOUT_FH = 1 << 0, /* No current filehandle required */ ALLOWED_WITHOUT_FH = 1 << 0, /* No current filehandle required */
ALLOWED_ON_ABSENT_FS = 1 << 1, /* ops processed on absent fs */ ALLOWED_ON_ABSENT_FS = 1 << 1, /* ops processed on absent fs */
ALLOWED_AS_FIRST_OP = 1 << 2, /* ops reqired first in compound */ ALLOWED_AS_FIRST_OP = 1 << 2, /* ops reqired first in compound */
/* For rfc 5661 section 2.6.3.1.1: */
OP_HANDLES_WRONGSEC = 1 << 3,
OP_IS_PUTFH_LIKE = 1 << 4,
}; };
struct nfsd4_operation { struct nfsd4_operation {
...@@ -1031,6 +1037,44 @@ static __be32 nfs41_check_op_ordering(struct nfsd4_compoundargs *args) ...@@ -1031,6 +1037,44 @@ static __be32 nfs41_check_op_ordering(struct nfsd4_compoundargs *args)
return nfs_ok; return nfs_ok;
} }
static inline struct nfsd4_operation *OPDESC(struct nfsd4_op *op)
{
return &nfsd4_ops[op->opnum];
}
static bool need_wrongsec_check(struct svc_rqst *rqstp)
{
struct nfsd4_compoundres *resp = rqstp->rq_resp;
struct nfsd4_compoundargs *argp = rqstp->rq_argp;
struct nfsd4_op *this = &argp->ops[resp->opcnt - 1];
struct nfsd4_op *next = &argp->ops[resp->opcnt];
struct nfsd4_operation *thisd;
struct nfsd4_operation *nextd;
thisd = OPDESC(this);
/*
* Most ops check wronsec on our own; only the putfh-like ops
* have special rules.
*/
if (!(thisd->op_flags & OP_IS_PUTFH_LIKE))
return false;
/*
* rfc 5661 2.6.3.1.1.6: don't bother erroring out a
* put-filehandle operation if we're not going to use the
* result:
*/
if (argp->opcnt == resp->opcnt)
return false;
nextd = OPDESC(next);
/*
* Rest of 2.6.3.1.1: certain operations will return WRONGSEC
* errors themselves as necessary; others should check for them
* now:
*/
return !(nextd->op_flags & OP_HANDLES_WRONGSEC);
}
/* /*
* COMPOUND call. * COMPOUND call.
*/ */
...@@ -1108,7 +1152,7 @@ nfsd4_proc_compound(struct svc_rqst *rqstp, ...@@ -1108,7 +1152,7 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
goto encode_op; goto encode_op;
} }
opdesc = &nfsd4_ops[op->opnum]; opdesc = OPDESC(op);
if (!cstate->current_fh.fh_dentry) { if (!cstate->current_fh.fh_dentry) {
if (!(opdesc->op_flags & ALLOWED_WITHOUT_FH)) { if (!(opdesc->op_flags & ALLOWED_WITHOUT_FH)) {
...@@ -1126,6 +1170,9 @@ nfsd4_proc_compound(struct svc_rqst *rqstp, ...@@ -1126,6 +1170,9 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
else else
BUG_ON(op->status == nfs_ok); BUG_ON(op->status == nfs_ok);
if (!op->status && need_wrongsec_check(rqstp))
op->status = check_nfsd_access(cstate->current_fh.fh_export, rqstp);
encode_op: encode_op:
/* Only from SEQUENCE */ /* Only from SEQUENCE */
if (resp->cstate.status == nfserr_replay_cache) { if (resp->cstate.status == nfserr_replay_cache) {
...@@ -1217,10 +1264,12 @@ static struct nfsd4_operation nfsd4_ops[] = { ...@@ -1217,10 +1264,12 @@ static struct nfsd4_operation nfsd4_ops[] = {
}, },
[OP_LOOKUP] = { [OP_LOOKUP] = {
.op_func = (nfsd4op_func)nfsd4_lookup, .op_func = (nfsd4op_func)nfsd4_lookup,
.op_flags = OP_HANDLES_WRONGSEC,
.op_name = "OP_LOOKUP", .op_name = "OP_LOOKUP",
}, },
[OP_LOOKUPP] = { [OP_LOOKUPP] = {
.op_func = (nfsd4op_func)nfsd4_lookupp, .op_func = (nfsd4op_func)nfsd4_lookupp,
.op_flags = OP_HANDLES_WRONGSEC,
.op_name = "OP_LOOKUPP", .op_name = "OP_LOOKUPP",
}, },
[OP_NVERIFY] = { [OP_NVERIFY] = {
...@@ -1229,6 +1278,7 @@ static struct nfsd4_operation nfsd4_ops[] = { ...@@ -1229,6 +1278,7 @@ static struct nfsd4_operation nfsd4_ops[] = {
}, },
[OP_OPEN] = { [OP_OPEN] = {
.op_func = (nfsd4op_func)nfsd4_open, .op_func = (nfsd4op_func)nfsd4_open,
.op_flags = OP_HANDLES_WRONGSEC,
.op_name = "OP_OPEN", .op_name = "OP_OPEN",
}, },
[OP_OPEN_CONFIRM] = { [OP_OPEN_CONFIRM] = {
...@@ -1241,17 +1291,20 @@ static struct nfsd4_operation nfsd4_ops[] = { ...@@ -1241,17 +1291,20 @@ static struct nfsd4_operation nfsd4_ops[] = {
}, },
[OP_PUTFH] = { [OP_PUTFH] = {
.op_func = (nfsd4op_func)nfsd4_putfh, .op_func = (nfsd4op_func)nfsd4_putfh,
.op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS, .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
| OP_IS_PUTFH_LIKE,
.op_name = "OP_PUTFH", .op_name = "OP_PUTFH",
}, },
[OP_PUTPUBFH] = { [OP_PUTPUBFH] = {
.op_func = (nfsd4op_func)nfsd4_putrootfh, .op_func = (nfsd4op_func)nfsd4_putrootfh,
.op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS, .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
| OP_IS_PUTFH_LIKE,
.op_name = "OP_PUTPUBFH", .op_name = "OP_PUTPUBFH",
}, },
[OP_PUTROOTFH] = { [OP_PUTROOTFH] = {
.op_func = (nfsd4op_func)nfsd4_putrootfh, .op_func = (nfsd4op_func)nfsd4_putrootfh,
.op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS, .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
| OP_IS_PUTFH_LIKE,
.op_name = "OP_PUTROOTFH", .op_name = "OP_PUTROOTFH",
}, },
[OP_READ] = { [OP_READ] = {
...@@ -1281,15 +1334,18 @@ static struct nfsd4_operation nfsd4_ops[] = { ...@@ -1281,15 +1334,18 @@ static struct nfsd4_operation nfsd4_ops[] = {
}, },
[OP_RESTOREFH] = { [OP_RESTOREFH] = {
.op_func = (nfsd4op_func)nfsd4_restorefh, .op_func = (nfsd4op_func)nfsd4_restorefh,
.op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS, .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
| OP_IS_PUTFH_LIKE,
.op_name = "OP_RESTOREFH", .op_name = "OP_RESTOREFH",
}, },
[OP_SAVEFH] = { [OP_SAVEFH] = {
.op_func = (nfsd4op_func)nfsd4_savefh, .op_func = (nfsd4op_func)nfsd4_savefh,
.op_flags = OP_HANDLES_WRONGSEC,
.op_name = "OP_SAVEFH", .op_name = "OP_SAVEFH",
}, },
[OP_SECINFO] = { [OP_SECINFO] = {
.op_func = (nfsd4op_func)nfsd4_secinfo, .op_func = (nfsd4op_func)nfsd4_secinfo,
.op_flags = OP_HANDLES_WRONGSEC,
.op_name = "OP_SECINFO", .op_name = "OP_SECINFO",
}, },
[OP_SETATTR] = { [OP_SETATTR] = {
...@@ -1353,6 +1409,7 @@ static struct nfsd4_operation nfsd4_ops[] = { ...@@ -1353,6 +1409,7 @@ static struct nfsd4_operation nfsd4_ops[] = {
}, },
[OP_SECINFO_NO_NAME] = { [OP_SECINFO_NO_NAME] = {
.op_func = (nfsd4op_func)nfsd4_secinfo_no_name, .op_func = (nfsd4op_func)nfsd4_secinfo_no_name,
.op_flags = OP_HANDLES_WRONGSEC,
.op_name = "OP_SECINFO_NO_NAME", .op_name = "OP_SECINFO_NO_NAME",
}, },
}; };
......
...@@ -1519,6 +1519,9 @@ nfsd4_create_session(struct svc_rqst *rqstp, ...@@ -1519,6 +1519,9 @@ nfsd4_create_session(struct svc_rqst *rqstp,
bool confirm_me = false; bool confirm_me = false;
int status = 0; int status = 0;
if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)
return nfserr_inval;
nfs4_lock_state(); nfs4_lock_state();
unconf = find_unconfirmed_client(&cr_ses->clientid); unconf = find_unconfirmed_client(&cr_ses->clientid);
conf = find_confirmed_client(&cr_ses->clientid); conf = find_confirmed_client(&cr_ses->clientid);
...@@ -1637,8 +1640,9 @@ __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp, ...@@ -1637,8 +1640,9 @@ __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
return nfserr_badsession; return nfserr_badsession;
status = nfsd4_map_bcts_dir(&bcts->dir); status = nfsd4_map_bcts_dir(&bcts->dir);
if (!status)
nfsd4_new_conn(rqstp, cstate->session, bcts->dir); nfsd4_new_conn(rqstp, cstate->session, bcts->dir);
return nfs_ok; return status;
} }
static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid) static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid)
...@@ -1725,6 +1729,13 @@ static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_sessi ...@@ -1725,6 +1729,13 @@ static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_sessi
return; return;
} }
static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)
{
struct nfsd4_compoundargs *args = rqstp->rq_argp;
return args->opcnt > session->se_fchannel.maxops;
}
__be32 __be32
nfsd4_sequence(struct svc_rqst *rqstp, nfsd4_sequence(struct svc_rqst *rqstp,
struct nfsd4_compound_state *cstate, struct nfsd4_compound_state *cstate,
...@@ -1753,6 +1764,10 @@ nfsd4_sequence(struct svc_rqst *rqstp, ...@@ -1753,6 +1764,10 @@ nfsd4_sequence(struct svc_rqst *rqstp,
if (!session) if (!session)
goto out; goto out;
status = nfserr_too_many_ops;
if (nfsd4_session_too_many_ops(rqstp, session))
goto out;
status = nfserr_badslot; status = nfserr_badslot;
if (seq->slotid >= session->se_fchannel.maxreqs) if (seq->slotid >= session->se_fchannel.maxreqs)
goto out; goto out;
...@@ -1808,6 +1823,8 @@ nfsd4_sequence(struct svc_rqst *rqstp, ...@@ -1808,6 +1823,8 @@ nfsd4_sequence(struct svc_rqst *rqstp,
__be32 __be32
nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc) nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc)
{ {
int status = 0;
if (rc->rca_one_fs) { if (rc->rca_one_fs) {
if (!cstate->current_fh.fh_dentry) if (!cstate->current_fh.fh_dentry)
return nfserr_nofilehandle; return nfserr_nofilehandle;
...@@ -1817,9 +1834,14 @@ nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *csta ...@@ -1817,9 +1834,14 @@ nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *csta
*/ */
return nfs_ok; return nfs_ok;
} }
nfs4_lock_state(); nfs4_lock_state();
if (is_client_expired(cstate->session->se_client)) { status = nfserr_complete_already;
nfs4_unlock_state(); if (cstate->session->se_client->cl_firststate)
goto out;
status = nfserr_stale_clientid;
if (is_client_expired(cstate->session->se_client))
/* /*
* The following error isn't really legal. * The following error isn't really legal.
* But we only get here if the client just explicitly * But we only get here if the client just explicitly
...@@ -1827,11 +1849,13 @@ nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *csta ...@@ -1827,11 +1849,13 @@ nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *csta
* error it gets back on an operation for the dead * error it gets back on an operation for the dead
* client. * client.
*/ */
return nfserr_stale_clientid; goto out;
}
status = nfs_ok;
nfsd4_create_clid_dir(cstate->session->se_client); nfsd4_create_clid_dir(cstate->session->se_client);
out:
nfs4_unlock_state(); nfs4_unlock_state();
return nfs_ok; return status;
} }
__be32 __be32
...@@ -2462,7 +2486,7 @@ find_delegation_file(struct nfs4_file *fp, stateid_t *stid) ...@@ -2462,7 +2486,7 @@ find_delegation_file(struct nfs4_file *fp, stateid_t *stid)
return NULL; return NULL;
} }
int share_access_to_flags(u32 share_access) static int share_access_to_flags(u32 share_access)
{ {
share_access &= ~NFS4_SHARE_WANT_MASK; share_access &= ~NFS4_SHARE_WANT_MASK;
...@@ -2882,7 +2906,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, ...@@ -2882,7 +2906,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
return status; return status;
} }
struct lock_manager nfsd4_manager = { static struct lock_manager nfsd4_manager = {
}; };
static void static void
......
...@@ -424,15 +424,12 @@ nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access ...@@ -424,15 +424,12 @@ nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access
static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts) static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
{ {
DECODE_HEAD; DECODE_HEAD;
u32 dummy;
READ_BUF(NFS4_MAX_SESSIONID_LEN + 8); READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN); COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
READ32(bcts->dir); READ32(bcts->dir);
/* XXX: Perhaps Tom Tucker could help us figure out how we /* XXX: skipping ctsa_use_conn_in_rdma_mode. Perhaps Tom Tucker
* should be using ctsa_use_conn_in_rdma_mode: */ * could help us figure out we should be using it. */
READ32(dummy);
DECODE_TAIL; DECODE_TAIL;
} }
...@@ -588,8 +585,6 @@ nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt) ...@@ -588,8 +585,6 @@ nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
READ_BUF(lockt->lt_owner.len); READ_BUF(lockt->lt_owner.len);
READMEM(lockt->lt_owner.data, lockt->lt_owner.len); READMEM(lockt->lt_owner.data, lockt->lt_owner.len);
if (argp->minorversion && !zero_clientid(&lockt->lt_clientid))
return nfserr_inval;
DECODE_TAIL; DECODE_TAIL;
} }
...@@ -3120,7 +3115,7 @@ nfsd4_encode_destroy_session(struct nfsd4_compoundres *resp, int nfserr, ...@@ -3120,7 +3115,7 @@ nfsd4_encode_destroy_session(struct nfsd4_compoundres *resp, int nfserr,
return nfserr; return nfserr;
} }
__be32 static __be32
nfsd4_encode_sequence(struct nfsd4_compoundres *resp, int nfserr, nfsd4_encode_sequence(struct nfsd4_compoundres *resp, int nfserr,
struct nfsd4_sequence *seq) struct nfsd4_sequence *seq)
{ {
......
...@@ -344,7 +344,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access) ...@@ -344,7 +344,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access)
* which clients virtually always use auth_sys for, * which clients virtually always use auth_sys for,
* even while using RPCSEC_GSS for NFS. * even while using RPCSEC_GSS for NFS.
*/ */
if (access & NFSD_MAY_LOCK) if (access & NFSD_MAY_LOCK || access & NFSD_MAY_BYPASS_GSS)
goto skip_pseudoflavor_check; goto skip_pseudoflavor_check;
/* /*
* Clients may expect to be able to use auth_sys during mount, * Clients may expect to be able to use auth_sys during mount,
......
...@@ -181,16 +181,10 @@ nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -181,16 +181,10 @@ nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp,
struct svc_export *exp; struct svc_export *exp;
struct dentry *dparent; struct dentry *dparent;
struct dentry *dentry; struct dentry *dentry;
__be32 err;
int host_err; int host_err;
dprintk("nfsd: nfsd_lookup(fh %s, %.*s)\n", SVCFH_fmt(fhp), len,name); dprintk("nfsd: nfsd_lookup(fh %s, %.*s)\n", SVCFH_fmt(fhp), len,name);
/* Obtain dentry and export. */
err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC);
if (err)
return err;
dparent = fhp->fh_dentry; dparent = fhp->fh_dentry;
exp = fhp->fh_export; exp = fhp->fh_export;
exp_get(exp); exp_get(exp);
...@@ -254,6 +248,9 @@ nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name, ...@@ -254,6 +248,9 @@ nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name,
struct dentry *dentry; struct dentry *dentry;
__be32 err; __be32 err;
err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC);
if (err)
return err;
err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry); err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry);
if (err) if (err)
return err; return err;
...@@ -877,13 +874,11 @@ static __be32 ...@@ -877,13 +874,11 @@ static __be32
nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
loff_t offset, struct kvec *vec, int vlen, unsigned long *count) loff_t offset, struct kvec *vec, int vlen, unsigned long *count)
{ {
struct inode *inode;
mm_segment_t oldfs; mm_segment_t oldfs;
__be32 err; __be32 err;
int host_err; int host_err;
err = nfserr_perm; err = nfserr_perm;
inode = file->f_path.dentry->d_inode;
if (file->f_op->splice_read && rqstp->rq_splice_ok) { if (file->f_op->splice_read && rqstp->rq_splice_ok) {
struct splice_desc sd = { struct splice_desc sd = {
...@@ -1340,11 +1335,18 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -1340,11 +1335,18 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
} }
#ifdef CONFIG_NFSD_V3 #ifdef CONFIG_NFSD_V3
static inline int nfsd_create_is_exclusive(int createmode)
{
return createmode == NFS3_CREATE_EXCLUSIVE
|| createmode == NFS4_CREATE_EXCLUSIVE4_1;
}
/* /*
* NFSv3 version of nfsd_create * NFSv3 and NFSv4 version of nfsd_create
*/ */
__be32 __be32
nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp, do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
char *fname, int flen, struct iattr *iap, char *fname, int flen, struct iattr *iap,
struct svc_fh *resfhp, int createmode, u32 *verifier, struct svc_fh *resfhp, int createmode, u32 *verifier,
int *truncp, int *created) int *truncp, int *created)
...@@ -1396,7 +1398,7 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -1396,7 +1398,7 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp,
if (err) if (err)
goto out; goto out;
if (createmode == NFS3_CREATE_EXCLUSIVE) { if (nfsd_create_is_exclusive(createmode)) {
/* solaris7 gets confused (bugid 4218508) if these have /* solaris7 gets confused (bugid 4218508) if these have
* the high bit set, so just clear the high bits. If this is * the high bit set, so just clear the high bits. If this is
* ever changed to use different attrs for storing the * ever changed to use different attrs for storing the
...@@ -1437,6 +1439,11 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -1437,6 +1439,11 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp,
&& dchild->d_inode->i_atime.tv_sec == v_atime && dchild->d_inode->i_atime.tv_sec == v_atime
&& dchild->d_inode->i_size == 0 ) && dchild->d_inode->i_size == 0 )
break; break;
case NFS4_CREATE_EXCLUSIVE4_1:
if ( dchild->d_inode->i_mtime.tv_sec == v_mtime
&& dchild->d_inode->i_atime.tv_sec == v_atime
&& dchild->d_inode->i_size == 0 )
goto set_attr;
/* fallthru */ /* fallthru */
case NFS3_CREATE_GUARDED: case NFS3_CREATE_GUARDED:
err = nfserr_exist; err = nfserr_exist;
...@@ -1455,7 +1462,7 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -1455,7 +1462,7 @@ nfsd_create_v3(struct svc_rqst *rqstp, struct svc_fh *fhp,
nfsd_check_ignore_resizing(iap); nfsd_check_ignore_resizing(iap);
if (createmode == NFS3_CREATE_EXCLUSIVE) { if (nfsd_create_is_exclusive(createmode)) {
/* Cram the verifier into atime/mtime */ /* Cram the verifier into atime/mtime */
iap->ia_valid = ATTR_MTIME|ATTR_ATIME iap->ia_valid = ATTR_MTIME|ATTR_ATIME
| ATTR_MTIME_SET|ATTR_ATIME_SET; | ATTR_MTIME_SET|ATTR_ATIME_SET;
...@@ -2034,7 +2041,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, ...@@ -2034,7 +2041,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
struct inode *inode = dentry->d_inode; struct inode *inode = dentry->d_inode;
int err; int err;
if (acc == NFSD_MAY_NOP) if ((acc & NFSD_MAY_MASK) == NFSD_MAY_NOP)
return 0; return 0;
#if 0 #if 0
dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n", dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n",
......
...@@ -17,10 +17,14 @@ ...@@ -17,10 +17,14 @@
#define NFSD_MAY_SATTR 8 #define NFSD_MAY_SATTR 8
#define NFSD_MAY_TRUNC 16 #define NFSD_MAY_TRUNC 16
#define NFSD_MAY_LOCK 32 #define NFSD_MAY_LOCK 32
#define NFSD_MAY_MASK 63
/* extra hints to permission and open routines: */
#define NFSD_MAY_OWNER_OVERRIDE 64 #define NFSD_MAY_OWNER_OVERRIDE 64
#define NFSD_MAY_LOCAL_ACCESS 128 /* IRIX doing local access check on device special file*/ #define NFSD_MAY_LOCAL_ACCESS 128 /* IRIX doing local access check on device special file*/
#define NFSD_MAY_BYPASS_GSS_ON_ROOT 256 #define NFSD_MAY_BYPASS_GSS_ON_ROOT 256
#define NFSD_MAY_NOT_BREAK_LEASE 512 #define NFSD_MAY_NOT_BREAK_LEASE 512
#define NFSD_MAY_BYPASS_GSS 1024
#define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE) #define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE)
#define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC) #define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC)
...@@ -54,7 +58,7 @@ __be32 nfsd_create(struct svc_rqst *, struct svc_fh *, ...@@ -54,7 +58,7 @@ __be32 nfsd_create(struct svc_rqst *, struct svc_fh *,
int type, dev_t rdev, struct svc_fh *res); int type, dev_t rdev, struct svc_fh *res);
#ifdef CONFIG_NFSD_V3 #ifdef CONFIG_NFSD_V3
__be32 nfsd_access(struct svc_rqst *, struct svc_fh *, u32 *, u32 *); __be32 nfsd_access(struct svc_rqst *, struct svc_fh *, u32 *, u32 *);
__be32 nfsd_create_v3(struct svc_rqst *, struct svc_fh *, __be32 do_nfsd_create(struct svc_rqst *, struct svc_fh *,
char *name, int len, struct iattr *attrs, char *name, int len, struct iattr *attrs,
struct svc_fh *res, int createmode, struct svc_fh *res, int createmode,
u32 *verifier, int *truncp, int *created); u32 *verifier, int *truncp, int *created);
......
...@@ -574,6 +574,8 @@ struct nfs4_sessionid { ...@@ -574,6 +574,8 @@ struct nfs4_sessionid {
#define SESSION4_BACK_CHAN 0x002 #define SESSION4_BACK_CHAN 0x002
#define SESSION4_RDMA 0x004 #define SESSION4_RDMA 0x004
#define SESSION4_FLAG_MASK_A 0x007
enum state_protect_how4 { enum state_protect_how4 {
SP4_NONE = 0, SP4_NONE = 0,
SP4_MACH_CRED = 1, SP4_MACH_CRED = 1,
......
...@@ -28,6 +28,7 @@ struct svc_sock { ...@@ -28,6 +28,7 @@ struct svc_sock {
/* private TCP part */ /* private TCP part */
u32 sk_reclen; /* length of record */ u32 sk_reclen; /* length of record */
u32 sk_tcplen; /* current read length */ u32 sk_tcplen; /* current read length */
struct page * sk_pages[RPCSVC_MAXPAGES]; /* received data */
}; };
/* /*
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment