An error occurred fetching the project authors.
  1. 19 Dec, 2018 8 commits
    • NeilBrown's avatar
      NFS/NFSD/SUNRPC: replace generic creds with 'struct cred'. · a52458b4
      NeilBrown authored
      SUNRPC has two sorts of credentials, both of which appear as
      "struct rpc_cred".
      There are "generic credentials" which are supplied by clients
      such as NFS and passed in 'struct rpc_message' to indicate
      which user should be used to authorize the request, and there
      are low-level credentials such as AUTH_NULL, AUTH_UNIX, AUTH_GSS
      which describe the credential to be sent over the wires.
      
      This patch replaces all the generic credentials by 'struct cred'
      pointers - the credential structure used throughout Linux.
      
      For machine credentials, there is a special 'struct cred *' pointer
      which is statically allocated and recognized where needed as
      having a special meaning.  A look-up of a low-level cred will
      map this to a machine credential.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Acked-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      a52458b4
    • NeilBrown's avatar
      NFS: move credential expiry tracking out of SUNRPC into NFS. · ddf529ee
      NeilBrown authored
      NFS needs to know when a credential is about to expire so that
      it can modify write-back behaviour to finish the write inside the
      expiry time.
      It currently uses functions in SUNRPC code which make use of a
      fairly complex callback scheme and flags in the generic credientials.
      
      As I am working to discard the generic credentials, this has to change.
      
      This patch moves the logic into NFS, in part by finding and caching
      the low-level credential in the open_context.  We then make direct
      cred-api calls on that.
      
      This makes the code much simpler and removes a dependency on generic
      rpc credentials.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      ddf529ee
    • NeilBrown's avatar
      SUNRPC: add side channel to use non-generic cred for rpc call. · 1de7eea9
      NeilBrown authored
      The credential passed in rpc_message.rpc_cred is always a
      generic credential except in one instance.
      When gss_destroying_context() calls rpc_call_null(), it passes
      a specific credential that it needs to destroy.
      In this case the RPC acts *on* the credential rather than
      being authorized by it.
      
      This special case deserves explicit support and providing that will
      mean that rpc_message.rpc_cred is *always* generic, allowing
      some optimizations.
      
      So add "tk_op_cred" to rpc_task and "rpc_op_cred" to the setup data.
      Use this to pass the cred down from rpc_call_null(), and have
      rpcauth_bindcred() notice it and bind it in place.
      
      Credit to kernel test robot <fengguang.wu@intel.com> for finding
      a bug in earlier version of this patch.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      1de7eea9
    • NeilBrown's avatar
      SUNRPC: introduce RPC_TASK_NULLCREDS to request auth_none · a68a72e1
      NeilBrown authored
      In almost all cases the credential stored in rpc_message.rpc_cred
      is a "generic" credential.  One of the two expections is when an
      AUTH_NULL credential is used such as for RPC ping requests.
      
      To improve consistency, don't pass an explicit credential in
      these cases, but instead pass NULL and set a task flag,
      similar to RPC_TASK_ROOTCREDS, which requests that NULL credentials
      be used by default.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      a68a72e1
    • NeilBrown's avatar
      NFS/SUNRPC: don't lookup machine credential until rpcauth_bindcred(). · 5e16923b
      NeilBrown authored
      When NFS creates a machine credential, it is a "generic" credential,
      not tied to any auth protocol, and is really just a container for
      the princpal name.
      This doesn't get linked to a genuine credential until rpcauth_bindcred()
      is called.
      The lookup always succeeds, so various places that test if the machine
      credential is NULL, are pointless.
      
      As a step towards getting rid of generic credentials, this patch gets
      rid of generic machine credentials.  The nfs_client and rpc_client
      just hold a pointer to a constant principal name.
      When a machine credential is wanted, a special static 'struct rpc_cred'
      pointer is used. rpcauth_bindcred() recognizes this, finds the
      principal from the client, and binds the correct credential.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      5e16923b
    • NeilBrown's avatar
      SUNRPC: remove uid and gid from struct auth_cred · 8276c902
      NeilBrown authored
      Use cred->fsuid and cred->fsgid instead.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      8276c902
    • NeilBrown's avatar
      SUNRPC: remove groupinfo from struct auth_cred. · fc0664fd
      NeilBrown authored
      We can use cred->groupinfo (from the 'struct cred') instead.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      fc0664fd
    • NeilBrown's avatar
      SUNRPC: add 'struct cred *' to auth_cred and rpc_cred · 97f68c6b
      NeilBrown authored
      The SUNRPC credential framework was put together before
      Linux has 'struct cred'.  Now that we have it, it makes sense to
      use it.
      This first step just includes a suitable 'struct cred *' pointer
      in every 'struct auth_cred' and almost every 'struct rpc_cred'.
      
      The rpc_cred used for auth_null has a NULL 'struct cred *' as nothing
      else really makes sense.
      
      For rpc_cred, the pointer is reference counted.
      For auth_cred it isn't.  struct auth_cred are either allocated on
      the stack, in which case the thread owns a reference to the auth,
      or are part of 'struct generic_cred' in which case gc_base owns the
      reference, and "acred" shares it.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      97f68c6b
  2. 23 Oct, 2018 4 commits
  3. 30 Sep, 2018 2 commits
  4. 31 Jul, 2018 1 commit
  5. 30 Jul, 2018 1 commit
  6. 02 Mar, 2017 1 commit
  7. 08 Feb, 2017 2 commits
  8. 30 Jan, 2017 1 commit
    • NeilBrown's avatar
      SUNRPC: two small improvements to rpcauth shrinker. · 4c3ffd05
      NeilBrown authored
      1/ If we find an entry that is too young to be pruned,
        return SHRINK_STOP to ensure we don't get called again.
        This is more correct, and avoids wasting a little CPU time.
        Prior to 3.12, it can prevent drop_slab() from spinning indefinitely.
      
      2/ Return a precise number from rpcauth_cache_shrink_count(), rather than
        rounding down to a multiple of 100 (of whatever sysctl_vfs_cache_pressure is).
        This ensures that when we "echo 3 > /proc/sys/vm/drop_caches", this cache is
        still purged, even if it has fewer than 100 entires.
      
      Neither of these are really important, they just make behaviour
      more predicatable, which can be helpful when debugging related issues.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      4c3ffd05
  9. 30 Sep, 2016 1 commit
  10. 19 Jul, 2016 2 commits
    • Frank Sorenson's avatar
      sunrpc: Fix bit count when setting hashtable size to power-of-two · 34ae685c
      Frank Sorenson authored
      Author: Frank Sorenson <sorenson@redhat.com>
      Date:   2016-06-27 13:55:48 -0500
      
          sunrpc: Fix bit count when setting hashtable size to power-of-two
      
          The hashtable size is incorrectly calculated as the next higher
          power-of-two when being set to a power-of-two.  fls() returns the
          bit number of the most significant set bit, with the least
          significant bit being numbered '1'.  For a power-of-two, fls()
          will return a bit number which is one higher than the number of bits
          required, leading to a hashtable which is twice the requested size.
      
          In addition, the value of (1 << nbits) will always be at least num,
          so the test will never be true.
      
          Fix the hash table size calculation to correctly set hashtable
          size, and eliminate the unnecessary check.
      Signed-off-by: default avatarFrank Sorenson <sorenson@redhat.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
      34ae685c
    • Scott Mayhew's avatar
      sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags · ce52914e
      Scott Mayhew authored
      A generic_cred can be used to look up a unx_cred or a gss_cred, so it's
      not really safe to use the the generic_cred->acred->ac_flags to store
      the NO_CRKEY_TIMEOUT flag.  A lookup for a unx_cred triggered while the
      KEY_EXPIRE_SOON flag is already set will cause both NO_CRKEY_TIMEOUT and
      KEY_EXPIRE_SOON to be set in the ac_flags, leaving the user associated
      with the auth_cred to be in a state where they're perpetually doing 4K
      NFS_FILE_SYNC writes.
      
      This can be reproduced as follows:
      
      1. Mount two NFS filesystems, one with sec=krb5 and one with sec=sys.
      They do not need to be the same export, nor do they even need to be from
      the same NFS server.  Also, v3 is fine.
      $ sudo mount -o v3,sec=krb5 server1:/export /mnt/krb5
      $ sudo mount -o v3,sec=sys server2:/export /mnt/sys
      
      2. As the normal user, before accessing the kerberized mount, kinit with
      a short lifetime (but not so short that renewing the ticket would leave
      you within the 4-minute window again by the time the original ticket
      expires), e.g.
      $ kinit -l 10m -r 60m
      
      3. Do some I/O to the kerberized mount and verify that the writes are
      wsize, UNSTABLE:
      $ dd if=/dev/zero of=/mnt/krb5/file bs=1M count=1
      
      4. Wait until you're within 4 minutes of key expiry, then do some more
      I/O to the kerberized mount to ensure that RPC_CRED_KEY_EXPIRE_SOON gets
      set.  Verify that the writes are 4K, FILE_SYNC:
      $ dd if=/dev/zero of=/mnt/krb5/file bs=1M count=1
      
      5. Now do some I/O to the sec=sys mount.  This will cause
      RPC_CRED_NO_CRKEY_TIMEOUT to be set:
      $ dd if=/dev/zero of=/mnt/sys/file bs=1M count=1
      
      6. Writes for that user will now be permanently 4K, FILE_SYNC for that
      user, regardless of which mount is being written to, until you reboot
      the client.  Renewing the kerberos ticket (assuming it hasn't already
      expired) will have no effect.  Grabbing a new kerberos ticket at this
      point will have no effect either.
      
      Move the flag to the auth->au_flags field (which is currently unused)
      and rename it slightly to reflect that it's no longer associated with
      the auth_cred->ac_flags.  Add the rpc_auth to the arg list of
      rpcauth_cred_key_to_expire and check the au_flags there too.  Finally,
      add the inode to the arg list of nfs_ctx_key_to_expire so we can
      determine the rpc_auth to pass to rpcauth_cred_key_to_expire.
      Signed-off-by: default avatarScott Mayhew <smayhew@redhat.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
      ce52914e
  11. 17 May, 2016 1 commit
  12. 09 May, 2016 1 commit
  13. 28 May, 2015 1 commit
    • Luis R. Rodriguez's avatar
      kernel/params: constify struct kernel_param_ops uses · 9c27847d
      Luis R. Rodriguez authored
      Most code already uses consts for the struct kernel_param_ops,
      sweep the kernel for the last offending stragglers. Other than
      include/linux/moduleparam.h and kernel/params.c all other changes
      were generated with the following Coccinelle SmPL patch. Merge
      conflicts between trees can be handled with Coccinelle.
      
      In the future git could get Coccinelle merge support to deal with
      patch --> fail --> grammar --> Coccinelle --> new patch conflicts
      automatically for us on patches where the grammar is available and
      the patch is of high confidence. Consider this a feature request.
      
      Test compiled on x86_64 against:
      
      	* allnoconfig
      	* allmodconfig
      	* allyesconfig
      
      @ const_found @
      identifier ops;
      @@
      
      const struct kernel_param_ops ops = {
      };
      
      @ const_not_found depends on !const_found @
      identifier ops;
      @@
      
      -struct kernel_param_ops ops = {
      +const struct kernel_param_ops ops = {
      };
      
      Generated-by: Coccinelle SmPL
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Junio C Hamano <gitster@pobox.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: cocci@systeme.lip6.fr
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: default avatarLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      9c27847d
  14. 24 Nov, 2014 1 commit
  15. 04 Aug, 2014 1 commit
  16. 03 Aug, 2014 2 commits
  17. 12 Jul, 2014 2 commits
  18. 24 Jun, 2014 1 commit
  19. 18 Apr, 2014 1 commit
  20. 10 Sep, 2013 1 commit
    • Dave Chinner's avatar
      shrinker: convert remaining shrinkers to count/scan API · 70534a73
      Dave Chinner authored
      Convert the remaining couple of random shrinkers in the tree to the new
      API.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarGlauber Costa <glommer@openvz.org>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: J. Bruce Fields <bfields@redhat.com>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Cc: "Theodore Ts'o" <tytso@mit.edu>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
      Cc: Arve Hjønnevåg <arve@android.com>
      Cc: Carlos Maiolino <cmaiolino@redhat.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: J. Bruce Fields <bfields@redhat.com>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Kent Overstreet <koverstreet@google.com>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Steven Whitehouse <swhiteho@redhat.com>
      Cc: Thomas Hellstrom <thellstrom@vmware.com>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      70534a73
  21. 03 Sep, 2013 1 commit
    • Andy Adamson's avatar
      SUNRPC new rpc_credops to test credential expiry · 4de6caa2
      Andy Adamson authored
      This patch provides the RPC layer helper functions to allow NFS to manage
      data in the face of expired credentials - such as avoiding buffered WRITEs
      and COMMITs when the gss context will expire before the WRITEs are flushed
      and COMMITs are sent.
      
      These helper functions enable checking the expiration of an underlying
      credential key for a generic rpc credential, e.g. the gss_cred gss context
      gc_expiry which for Kerberos is set to the remaining TGT lifetime.
      
      A new rpc_authops key_timeout is only defined for the generic auth.
      A new rpc_credops crkey_to_expire is only defined for the generic cred.
      A new rpc_credops crkey_timeout is only defined for the gss cred.
      
      Set a credential key expiry watermark, RPC_KEY_EXPIRE_TIMEO set to 240 seconds
      as a default and can be set via a module parameter as we need to ensure there
      is time for any dirty data to be flushed.
      
      If key_timeout is called on a credential with an underlying credential key that
      will expire within watermark seconds, we set the RPC_CRED_KEY_EXPIRE_SOON
      flag in the generic_cred acred so that the NFS layer can clean up prior to
      key expiration.
      
      Checking a generic credential's underlying credential involves a cred lookup.
      To avoid this lookup in the normal case when the underlying credential has
      a key that is valid (before the watermark), a notify flag is set in
      the generic credential the first time the key_timeout is called. The
      generic credential then stops checking the underlying credential key expiry, and
      the underlying credential (gss_cred) match routine then checks the key
      expiration upon each normal use and sets a flag in the associated generic
      credential only when the key expiration is within the watermark.
      This in turn signals the generic credential key_timeout to perform the extra
      credential lookup thereafter.
      Signed-off-by: default avatarAndy Adamson <andros@netapp.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      4de6caa2
  22. 30 Aug, 2013 1 commit
  23. 04 Apr, 2013 1 commit
  24. 29 Mar, 2013 2 commits
    • Chuck Lever's avatar
      SUNRPC: Refactor nfsd4_do_encode_secinfo() · a77c806f
      Chuck Lever authored
      Clean up.  This matches a similar API for the client side, and
      keeps ULP fingers out the of the GSS mech switch.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Acked-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      a77c806f
    • Chuck Lever's avatar
      SUNRPC: Introduce rpcauth_get_pseudoflavor() · 9568c5e9
      Chuck Lever authored
      A SECINFO reply may contain flavors whose kernel module is not
      yet loaded by the client's kernel.  A new RPC client API, called
      rpcauth_get_pseudoflavor(), is introduced to do proper checking
      for support of a security flavor.
      
      When this API is invoked, the RPC client now tries to load the
      module for each flavor first before performing the "is this
      supported?" check.  This means if a module is available on the
      client, but has not been loaded yet, it will be loaded and
      registered automatically when the SECINFO reply is processed.
      
      The new API can take a full GSS tuple (OID, QoP, and service).
      Previously only the OID and service were considered.
      
      nfs_find_best_sec() is updated to verify all flavors requested in a
      SECINFO reply, including AUTH_NULL and AUTH_UNIX.  Previously these
      two flavors were simply assumed to be supported without consulting
      the RPC client.
      
      Note that the replaced version of nfs_find_best_sec() can return
      RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an
      unsupported "service" value.  nfs_find_best_sec() now returns
      RPC_AUTH_UNIX in this case.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      9568c5e9