1. 18 5月, 2016 31 次提交
  2. 09 5月, 2016 9 次提交
    • J
      nfs: don't share mounts between network namespaces · 7e3fcf61
      J. Bruce Fields 提交于
      There's no guarantee that an IP address in a different network namespace
      actually represents the same endpoint.
      
      Also, if we allow unprivileged nfs mounts some day then this might allow
      an unprivileged user in another network namespace to misdirect somebody
      else's nfs mounts.
      
      If sharing between containers is really what's wanted then that could
      still be arranged explicitly, for example with bind mounts.
      Reported-by: N"Eric W. Biederman" <ebiederm@redhat.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      7e3fcf61
    • C
      NFS: Fix an LOCK/OPEN race when unlinking an open file · 11476e9d
      Chuck Lever 提交于
      At Connectathon 2016, we found that recent upstream Linux clients
      would occasionally send a LOCK operation with a zero stateid. This
      appeared to happen in close proximity to another thread returning
      a delegation before unlinking the same file while it remained open.
      
      Earlier, the client received a write delegation on this file and
      returned the open stateid. Now, as it is getting ready to unlink the
      file, it returns the write delegation. But there is still an open
      file descriptor on that file, so the client must OPEN the file
      again before it returns the delegation.
      
      Since commit 24311f88 ('NFSv4: Recovery of recalled read
      delegations is broken'), nfs_open_delegation_recall() clears the
      NFS_DELEGATED_STATE flag _before_ it sends the OPEN. This allows a
      racing LOCK on the same inode to be put on the wire before the OPEN
      operation has returned a valid open stateid.
      
      To eliminate this race, serialize delegation return with the
      acquisition of a file lock on the same file. Adopt the same approach
      as is used in the unlock path.
      
      This patch also eliminates a similar race seen when sending a LOCK
      operation at the same time as returning a delegation on the same file.
      
      Fixes: 24311f88 ('NFSv4: Recovery of recalled read ... ')
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      [Anna: Add sentence about LOCK / delegation race]
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      11476e9d
    • J
      nfs: have flexfiles mirror keep creds for both ro and rw layouts · 3064b686
      Jeff Layton 提交于
      A mirror can be shared between multiple layouts, even with different
      iomodes. That makes stats gathering simpler, but it causes a problem
      when we get different creds in READ vs. RW layouts.
      
      The current code drops the newer credentials onto the floor when this
      occurs. That's problematic when you fetch a READ layout first, and then
      a RW. If the READ layout doesn't have the correct creds to do a write,
      then writes will fail.
      
      We could just overwrite the READ credentials with the RW ones, but that
      would break the ability for the server to fence the layout for reads if
      things go awry. We need to be able to revert to the earlier READ creds
      if the RW layout is returned afterward.
      
      The simplest fix is to just keep two sets of creds per mirror. One for
      READ layouts and one for RW, and then use the appropriate set depending
      on the iomode of the layout segment.
      
      Also fix up some RCU nits that sparse found.
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      3064b686
    • J
      nfs: get a reference to the credential in ff_layout_alloc_lseg · 90a0be00
      Jeff Layton 提交于
      We're just as likely to have allocation problems here as we would if we
      delay looking up the credential like we currently do. Fix the code to
      get a rpc_cred reference early, as soon as the mirror is set up.
      
      This allows us to eliminate the mirror early if there is a problem
      getting an rpc credential. This also allows us to drop the uid/gid
      from the layout_mirror struct as well.
      
      In the event that we find an existing mirror where this one would go, we
      swap in the new creds unconditionally, and drop the reference to the old
      one.
      
      Note that the old ff_layout_update_mirror_cred function wouldn't set
      this pointer unless the DS version was 3, but we don't know what the DS
      version is at this point. I'm a little unclear on why it did that as you
      still need creds to talk to v4 servers as well. I have the code set
      it regardless of the DS version here.
      
      Also note the change to using generic creds instead of calling
      lookup_cred directly. With that change, we also need to populate the
      group_info pointer in the acred as some functions expect that to never
      be NULL. Instead of allocating one every time however, we can allocate
      one when the module is loaded and share it since the group_info is
      refcounted.
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      90a0be00
    • J
      nfs: have ff_layout_get_ds_cred take a reference to the cred · 57f3f4c0
      Jeff Layton 提交于
      In later patches, we're going to want to allow the creds to be updated
      when we get a new layout with updated creds. Have this function take
      a reference to the cred that is later put once the call has been
      dispatched.
      
      Also, prepare for this change by ensuring we follow RCU rules when
      getting a reference to the cred as well.
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      57f3f4c0
    • J
      nfs: don't call nfs4_ff_layout_prepare_ds from ff_layout_get_ds_cred · 547a6376
      Jeff Layton 提交于
      All the callers already call that function before calling into here,
      so it ends up being a no-op anyway.
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      547a6376
    • J
      sunrpc: add a get_rpccred_rcu inline · 62dbef2a
      Jeff Layton 提交于
      Sometimes we might have a RCU managed credential pointer and don't want
      to use locking to handle it. Add a function that will take a reference
      to the cred iff the refcount is not already zero. Callers can dereference
      the pointer under the rcu_read_lock and use that function to take a
      reference only if the cred is not on its way to destruction.
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      62dbef2a
    • W
      sunrpc: add rpc_lookup_generic_cred · c065d229
      Weston Andros Adamson 提交于
      Add function rpc_lookup_generic_cred, which allows lookups of a generic
      credential that's not current_cred().
      
      [jlayton: add gfp_t parm]
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      c065d229
    • J
      sunrpc: plumb gfp_t parm into crcreate operation · 3c6e0bc8
      Jeff Layton 提交于
      We need to be able to call the generic_cred creator from different
      contexts. Add a gfp_t parm to the crcreate operation and to
      rpcauth_lookup_credcache. For now, we just push the gfp_t parms up
      one level to the *_lookup_cred functions.
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      3c6e0bc8