- 13 1月, 2012 1 次提交
-
-
由 Eric Dumazet 提交于
commit a9b3cd7f (rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER) did a lot of incorrect changes, since it did a complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x, y). We miss needed barriers, even on x86, when y is not NULL. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 19 10月, 2011 1 次提交
-
-
由 Peng Tao 提交于
The same function is used by idmap, gss and blocklayout code. Make it generic. Signed-off-by: NPeng Tao <peng_tao@emc.com> Signed-off-by: NJim Rees <rees@umich.edu> Cc: stable@kernel.org [3.0] Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 02 8月, 2011 1 次提交
-
-
由 Stephen Hemminger 提交于
When assigning a NULL value to an RCU protected pointer, no barrier is needed. The rcu_assign_pointer, used to handle that but will soon change to not handle the special case. Convert all rcu_assign_pointer of NULL value. //smpl @@ expression P; @@ - rcu_assign_pointer(P, NULL) + RCU_INIT_POINTER(P, NULL) // </smpl> Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Acked-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 16 7月, 2011 1 次提交
-
-
由 J. Bruce Fields 提交于
Remove the need for an explicit modprobe of rpcsec_gss_krb5. Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
- 02 7月, 2011 1 次提交
-
-
由 Joe Perches 提交于
Make the case labels the same indent as the switch. git diff -w shows 80 column line reflowing. Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 17 6月, 2011 1 次提交
-
-
由 Trond Myklebust 提交于
Fix a couple of instances where we were exiting the RPC client on arbitrary signals. We should only do so on fatal signals. Cc: stable@kernel.org Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 07 6月, 2011 1 次提交
-
-
由 J. Bruce Fields 提交于
Commit b0b0c0a2 "nfsd: add proc file listing kernel's gss_krb5 enctypes" added an nunnecessary dependency of nfsd on the auth_rpcgss module. It's a little ad hoc, but since the only piece of information nfsd needs from rpcsec_gss_krb5 is a single static string, one solution is just to share it with an include file. Cc: stable@kernel.org Reported-by: NMichael Guntsche <mike@it-loops.com> Cc: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
- 14 4月, 2011 1 次提交
-
-
由 Bryan Schumaker 提交于
There can be an infinite loop if gss_create_upcall() is called without the userspace program running. To prevent this, we return -EACCES if we notice that pipe_version hasn't changed (indicating that the pipe has not been opened). Signed-off-by: NBryan Schumaker <bjschuma@netapp.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 07 4月, 2011 1 次提交
-
-
由 Trond Myklebust 提交于
This reverts commit 411b5e05. Olga Kornievskaia reports: Problem: linux client mounting linux server using rc4-hmac-md5 enctype. gssd fails with create a context after receiving a reply from the server. Diagnose: putting printout statements in the server kernel and kerberos libraries revealed that client and server derived different integrity keys. Server kernel code was at fault due the the commit [aglo@skydive linux-pnfs]$ git show 411b5e05 Trond: The problem is that since it relies on virt_to_page(), you cannot call sg_set_buf() for data in the const section. Reported-by: NOlga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org [2.6.36+]
-
- 31 3月, 2011 1 次提交
-
-
由 Lucas De Marchi 提交于
Fixes generated by 'codespell' and manually reviewed. Signed-off-by: NLucas De Marchi <lucas.demarchi@profusion.mobi>
-
- 25 3月, 2011 2 次提交
-
-
由 Bryan Schumaker 提交于
When sec=<something> is not presented as a mount option, we should attempt to determine what security flavor the server is using. Signed-off-by: NBryan Schumaker <bjschuma@netapp.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Bryan Schumaker 提交于
A submount may use different security than the parent mount does. We should figure out what sec flavor the submount uses at mount time. Signed-off-by: NBryan Schumaker <bjschuma@netapp.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 12 3月, 2011 1 次提交
-
-
由 Kevin Coffman 提交于
Make the value in gm_upcall_enctypes just the enctype values. This allows the values to be used more easily elsewhere. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 08 3月, 2011 1 次提交
-
-
由 Kevin Coffman 提交于
Make the value in gm_upcall_enctypes just the enctype values. This allows the values to be used more easily elsewhere. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
- 18 12月, 2010 2 次提交
-
-
由 Joe Perches 提交于
And remove unnecessary double semicolon too. No effect to code, as test is != 0. Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
由 Shan Wei 提交于
These macros never be used for several years. Signed-off-by: NShan Wei <shanwei@cn.fujitsu.com> Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
- 17 12月, 2010 2 次提交
-
-
由 Chuck Lever 提交于
Now that all client-side XDR decoder routines use xdr_streams, there should be no need to support the legacy calling sequence [rpc_rqst *, __be32 *, RPC res *] anywhere. We can construct an xdr_stream in the generic RPC code, instead of in each decoder function. This is a refactoring change. It should not cause different behavior. Signed-off-by: NChuck Lever <chuck.lever@oracle.com> Tested-by: NJ. Bruce Fields <bfields@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Chuck Lever 提交于
Now that all client-side XDR encoder routines use xdr_streams, there should be no need to support the legacy calling sequence [rpc_rqst *, __be32 *, RPC arg *] anywhere. We can construct an xdr_stream in the generic RPC code, instead of in each encoder function. Also, all the client-side encoder functions return 0 now, making a return value superfluous. Take this opportunity to convert them to return void instead. This is a refactoring change. It should not cause different behavior. Signed-off-by: NChuck Lever <chuck.lever@oracle.com> Tested-by: NJ. Bruce Fields <bfields@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 23 11月, 2010 1 次提交
-
-
由 Tracey Dent 提交于
Changed Makefile to use <modules>-y instead of <modules>-objs because -objs is deprecated and not mentioned in Documentation/kbuild/makefiles.txt. Signed-off-by: NTracey Dent <tdent48227@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 26 10月, 2010 1 次提交
-
-
由 Joe Perches 提交于
Signed-off-by: NJoe Perches <joe@perches.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 02 10月, 2010 1 次提交
-
-
由 J. Bruce Fields 提交于
Unfortunately, spkm3 never got very far; while interoperability with one other implementation was demonstrated at some point, problems were found with the spec that were deemed not worth fixing. The kernel code is useless on its own without nfs-utils patches which were never merged into nfs-utils, and were only ever available from citi.umich.edu. They appear not to have been updated since 2005. Therefore it seems safe to assume that this code has no users, and never will. Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
- 24 9月, 2010 1 次提交
-
-
由 Eric Dumazet 提交于
Change "return (EXPR);" to "return EXPR;" return is not a function, parentheses are not required. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 22 9月, 2010 2 次提交
-
-
由 NeilBrown 提交于
Code like: switch(xxx) { case -error1: case -error2: .. return; case 0: stuff; } can more naturally be written: if (xxx < 0) return; stuff; Signed-off-by: NNeilBrown <neilb@suse.de> Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
由 NeilBrown 提交于
If we drop a request in the sunrpc layer, either due kmalloc failure, or due to a cache miss when we could not queue the request for later replay, then close the connection to encourage the client to retry sooner. Note that if the drop happens in the NFS layer, NFSERR_JUKEBOX (aka NFS4ERR_DELAY) is returned to guide the client concerning replay. Signed-off-by: NNeilBrown <neilb@suse.de> Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
-
- 13 9月, 2010 3 次提交
-
-
由 Bian Naimeng 提交于
spkm3 miss returning error to up layer when import security context, it may be return ok though it has failed to import security context. Signed-off-by: NBian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Bian Naimeng 提交于
krb5 miss returning error to up layer when import security context, it may be return ok though it has failed to import security context. Signed-off-by: NBian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Trond Myklebust 提交于
If rpc_queue_upcall() adds a new upcall to the rpci->pipe list just after rpc_pipe_release calls rpc_purge_list(), but before it calls gss_pipe_release (as rpci->ops->release_pipe(inode)), then the latter will free a message without deleting it from the rpci->pipe list. We will be left with a freed object on the rpc->pipe list. Most frequent symptoms are kernel crashes in rpc.gssd system calls on the pipe in question. Reported-by: NJ. Bruce Fields <bfields@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org
-
- 04 8月, 2010 2 次提交
-
-
由 Trond Myklebust 提交于
There is no need to delete the gss context separately from the rest of the security context information, and doing so gives rise to a an rcu_dereference_check() warning. Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Trond Myklebust 提交于
This will allow us to save the original generic cred in rpc_message, so that if we migrate from one server to another, we can generate a new bound cred without having to punt back to the NFS layer. Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
- 15 5月, 2010 11 次提交
-
-
由 Trond Myklebust 提交于
Now that the rpc.gssd daemon can explicitly tell us that the key expired, we should cache that information to avoid spamming gssd. Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Trond Myklebust 提交于
Again, we can deadlock if the memory reclaim triggers a writeback that requires a rpcsec_gss credential lookup. Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Trond Myklebust 提交于
Update the upcall info indicating which Kerberos enctypes the kernel supports Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Kevin Coffman 提交于
Add necessary changes to add kernel support for the rc4-hmac Kerberos encryption type used by Microsoft and described in rfc4757. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NSteve Dickson <steved@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Kevin Coffman 提交于
All encryption types use a confounder at the beginning of the wrap token. In all encryption types except arcfour-hmac, the confounder is the same as the blocksize. arcfour-hmac has a blocksize of one, but uses an eight byte confounder. Add an entry to the crypto framework definitions for the confounder length and change the wrap/unwrap code to use the confounder length rather than assuming it is always the blocksize. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NSteve Dickson <steved@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Kevin Coffman 提交于
For the arcfour-hmac support, the make_seq_num and get_seq_num functions need access to the kerberos context structure. This will be used in a later patch. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NSteve Dickson <steved@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Kevin Coffman 提交于
This is needed for deriving arcfour-hmac keys "on the fly" using the sequence number or checksu Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NSteve Dickson <steved@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Kevin Coffman 提交于
For arcfour-hmac support, the make_checksum function needs a usage field to correctly calculate the checksum differently for MIC and WRAP tokens. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NSteve Dickson <steved@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Trond Myklebust 提交于
Update upcall info indicating which Kerberos enctypes the kernel supports Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Kevin Coffman 提交于
Add the remaining pieces to enable support for Kerberos AES encryption types. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> Signed-off-by: NSteve Dickson <steved@redhat.com> Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Kevin Coffman 提交于
This is a step toward support for AES encryption types which are required to use the new token formats defined in rfc4121. Signed-off-by: NKevin Coffman <kwc@citi.umich.edu> [SteveD: Fixed a typo in gss_verify_mic_v2()] Signed-off-by: NSteve Dickson <steved@redhat.com> [Trond: Got rid of the TEST_ROTATE/TEST_EXTRA_COUNT crap] Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-