1. 09 7月, 2013 1 次提交
    • J
      nfsd4: allow destroy_session over destroyed session · f0f51f5c
      J. Bruce Fields 提交于
      RFC 5661 allows a client to destroy a session using a compound
      associated with the destroyed session, as long as the DESTROY_SESSION op
      is the last op of the compound.
      
      We attempt to allow this, but testing against a Solaris client (which
      does destroy sessions in this way) showed that we were failing the
      DESTROY_SESSION with NFS4ERR_DELAY, because we assumed the reference
      count on the session (held by us) represented another rpc in progress
      over this session.
      
      Fix this by noting that in this case the expected reference count is 1,
      not 0.
      
      Also, note as long as the session holds a reference to the compound
      we're destroying, we can't free it here--instead, delay the free till
      the final put in nfs4svc_encode_compoundres.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      f0f51f5c
  2. 02 7月, 2013 11 次提交
    • J
      nfsd4: return delegation immediately if lease fails · d08d32e6
      J. Bruce Fields 提交于
      This case shouldn't happen--the administrator shouldn't really allow
      other applications access to the export until clients have had the
      chance to reclaim their state--but if it does then we should set the
      "return this lease immediately" bit on the reply.  That still leaves
      some small races, but it's the best the protocol allows us to do in the
      case a lease is ripped out from under us....
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      d08d32e6
    • J
      nfsd4: do not throw away 4.1 lock state on last unlock · 0a262ffb
      J. Bruce Fields 提交于
      This reverts commit eb2099f3 "nfsd4:
      release lockowners on last unlock in 4.1 case".  Trond identified
      language in rfc 5661 section 8.2.4 which forbids this behavior:
      
      	Stateids associated with byte-range locks are an exception.
      	They remain valid even if a LOCKU frees all remaining locks, so
      	long as the open file with which they are associated remains
      	open, unless the client frees the stateids via the FREE_STATEID
      	operation.
      
      And bakeathon 2013 testing found a 4.1 freebsd client was getting an
      incorrect BAD_STATEID return from a FREE_STATEID in the above situation
      and then failing.
      
      The spec language honestly was probably a mistake but at this point with
      implementations already following it we're probably stuck with that.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      0a262ffb
    • J
      nfsd4: delegation-based open reclaims should bypass permissions · 89f6c336
      J. Bruce Fields 提交于
      We saw a v4.0 client's create fail as follows:
      
      	- open create succeeds and gets a read delegation
      	- client attempts to set mode on new file, gets DELAY while
      	  server recalls delegation.
      	- client attempts a CLAIM_DELEGATE_CUR open using the
      	  delegation, gets error because of new file mode.
      
      This probably can't happen on a recent kernel since we're no longer
      giving out delegations on create opens.  Nevertheless, it's a
      bug--reclaim opens should bypass permission checks.
      Reported-by: NSteve Dickson <steved@redhat.com>
      Reported-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      89f6c336
    • J
      nfsd4: minor read_buf cleanup · 590b7431
      J. Bruce Fields 提交于
      The code to step to the next page seems reasonably self-contained.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      590b7431
    • J
      nfsd4: fix decoding of compounds across page boundaries · 24750082
      J. Bruce Fields 提交于
      A freebsd NFSv4.0 client was getting rare IO errors expanding a tarball.
      A network trace showed the server returning BAD_XDR on the final getattr
      of a getattr+write+getattr compound.  The final getattr started on a
      page boundary.
      
      I believe the Linux client ignores errors on the post-write getattr, and
      that that's why we haven't seen this before.
      
      Cc: stable@vger.kernel.org
      Reported-by: NRick Macklem <rmacklem@uoguelph.ca>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      24750082
    • J
      nfsd4: clean up nfs4_open_delegation · 99c41515
      J. Bruce Fields 提交于
      The nfs4_open_delegation logic is unecessarily baroque.
      
      Also stop pretending we support write delegations in several places.
      
      Some day we will support write delegations, but when that happens adding
      back in these flag parameters will be the easy part.  For now they're
      just confusing.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      99c41515
    • S
      NFSD: Don't give out read delegations on creates · 9a0590ae
      Steve Dickson 提交于
      When an exclusive create is done with the mode bits
      set (aka open(testfile, O_CREAT | O_EXCL, 0777)) this
      causes a OPEN op followed by a SETATTR op. When a
      read delegation is given in the OPEN, it causes
      the SETATTR to delay with EAGAIN until the
      delegation is recalled.
      
      This patch caused exclusive creates to give out
      a write delegation (which turn into no delegation)
      which allows the SETATTR seamlessly succeed.
      Signed-off-by: NSteve Dickson <steved@redhat.com>
      [bfields: do this for any CREATE, not just exclusive; comment]
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      9a0590ae
    • J
      nfsd4: allow client to send no cb_sec flavors · 57569a70
      J. Bruce Fields 提交于
      In testing I notice that some of the pynfs tests forget to send any
      cb_sec flavors, and that we haven't necessarily errored out in that case
      before.
      
      I'll fix pynfs, but am also inclined to default to trying AUTH_NONE in
      that case in case this is something clients actually do.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      57569a70
    • J
      nfsd4: fail attempts to request gss on the backchannel · b78724b7
      J. Bruce Fields 提交于
      We don't support gss on the backchannel.  We should state that fact up
      front rather than just letting things continue and later making the
      client try to figure out why the backchannel isn't working.
      
      Trond suggested instead returning NFS4ERR_NOENT.  I think it would be
      tricky for the client to distinguish between the case "I don't support
      gss on the backchannel" and "I can't find that in my cache, please
      create another context and try that instead", and I'd prefer something
      that currently doesn't have any other meaning for this operation, hence
      the (somewhat arbitrary) NFS4ERR_ENCR_ALG_UNSUPP.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      b78724b7
    • J
      nfsd4: implement minimal SP4_MACH_CRED · 57266a6e
      J. Bruce Fields 提交于
      Do a minimal SP4_MACH_CRED implementation suggested by Trond, ignoring
      the client-provided spo_must_* arrays and just enforcing credential
      checks for the minimum required operations.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      57266a6e
    • J
      svcrpc: store gss mech in svc_cred · 0dc1531a
      J. Bruce Fields 提交于
      Store a pointer to the gss mechanism used in the rq_cred and cl_cred.
      This will make it easier to enforce SP4_MACH_CRED, which needs to
      compare the mechanism used on the exchange_id with that used on
      protected operations.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      0dc1531a
  3. 21 5月, 2013 1 次提交
  4. 15 5月, 2013 2 次提交
  5. 13 5月, 2013 4 次提交
  6. 10 5月, 2013 1 次提交
    • J
      nfsd: fix oops when legacy_recdir_name_error is passed a -ENOENT error · 7255e716
      Jeff Layton 提交于
      Toralf reported the following oops to the linux-nfs mailing list:
      
          -----------------[snip]------------------
          NFSD: unable to generate recoverydir name (-2).
          NFSD: disabling legacy clientid tracking. Reboot recovery will not function correctly!
          BUG: unable to handle kernel NULL pointer dereference at 000003c8
          IP: [<f90a3d91>] nfsd4_client_tracking_exit+0x11/0x50 [nfsd]
          *pdpt = 000000002ba33001 *pde = 0000000000000000
          Oops: 0000 [#1] SMP
          Modules linked in: loop nfsd auth_rpcgss ipt_MASQUERADE xt_owner xt_multiport ipt_REJECT xt_tcpudp xt_recent xt_conntrack nf_conntrack_ftp xt_limit xt_LOG iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables x_tables af_packet pppoe pppox ppp_generic slhc bridge stp llc tun arc4 iwldvm mac80211 coretemp kvm_intel uvcvideo sdhci_pci sdhci mmc_core videobuf2_vmalloc videobuf2_memops usblp videobuf2_core i915 iwlwifi psmouse videodev cfg80211 kvm fbcon bitblit cfbfillrect acpi_cpufreq mperf evdev softcursor font cfbimgblt i2c_algo_bit cfbcopyarea intel_agp intel_gtt drm_kms_helper snd_hda_codec_conexant drm agpgart fb fbdev tpm_tis thinkpad_acpi tpm nvram e1000e rfkill thermal ptp wmi pps_core tpm_bios 8250_pci processor 8250 ac snd_hda_intel snd_hda_codec snd_pcm battery video i2c_i801 snd_page_alloc snd_timer button serial_core i2c_core snd soundcore thermal_sys hwmon aesni_intel ablk_helper cryp
      td lrw aes_i586 xts gf128mul cbc fuse nfs lockd sunrpc dm_crypt dm_mod hid_monterey hid_microsoft hid_logitech hid_ezkey hid_cypress hid_chicony hid_cherry hid_belkin hid_apple hid_a4tech hid_generic usbhid hid sr_mod cdrom sg [last unloaded: microcode]
          Pid: 6374, comm: nfsd Not tainted 3.9.1 #6 LENOVO 4180F65/4180F65
          EIP: 0060:[<f90a3d91>] EFLAGS: 00010202 CPU: 0
          EIP is at nfsd4_client_tracking_exit+0x11/0x50 [nfsd]
          EAX: 00000000 EBX: fffffffe ECX: 00000007 EDX: 00000007
          ESI: eb9dcb00 EDI: eb2991c0 EBP: eb2bde38 ESP: eb2bde34
          DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
          CR0: 80050033 CR2: 000003c8 CR3: 2ba80000 CR4: 000407f0
          DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
          DR6: ffff0ff0 DR7: 00000400
          Process nfsd (pid: 6374, ti=eb2bc000 task=eb2711c0 task.ti=eb2bc000)
          Stack:
          fffffffe eb2bde4c f90a3e0c f90a7754 fffffffe eb0a9c00 eb2bdea0 f90a41ed
          eb2991c0 1b270000 eb2991c0 eb2bde7c f9099ce9 eb2bde98 0129a020 eb29a020
          eb2bdecc eb2991c0 eb2bdea8 f9099da5 00000000 eb9dcb00 00000001 67822f08
          Call Trace:
          [<f90a3e0c>] legacy_recdir_name_error+0x3c/0x40 [nfsd]
          [<f90a41ed>] nfsd4_create_clid_dir+0x15d/0x1c0 [nfsd]
          [<f9099ce9>] ? nfsd4_lookup_stateid+0x99/0xd0 [nfsd]
          [<f9099da5>] ? nfs4_preprocess_seqid_op+0x85/0x100 [nfsd]
          [<f90a4287>] nfsd4_client_record_create+0x37/0x50 [nfsd]
          [<f909d6ce>] nfsd4_open_confirm+0xfe/0x130 [nfsd]
          [<f90980b1>] ? nfsd4_encode_operation+0x61/0x90 [nfsd]
          [<f909d5d0>] ? nfsd4_free_stateid+0xc0/0xc0 [nfsd]
          [<f908fd0b>] nfsd4_proc_compound+0x41b/0x530 [nfsd]
          [<f9081b7b>] nfsd_dispatch+0x8b/0x1a0 [nfsd]
          [<f857b85d>] svc_process+0x3dd/0x640 [sunrpc]
          [<f908165d>] nfsd+0xad/0x110 [nfsd]
          [<f90815b0>] ? nfsd_destroy+0x70/0x70 [nfsd]
          [<c1054824>] kthread+0x94/0xa0
          [<c1486937>] ret_from_kernel_thread+0x1b/0x28
          [<c1054790>] ? flush_kthread_work+0xd0/0xd0
          Code: 86 b0 00 00 00 90 c5 0a f9 c7 04 24 70 76 0a f9 e8 74 a9 3d c8 eb ba 8d 76 00 55 89 e5 53 66 66 66 66 90 8b 15 68 c7 0a f9 85 d2 <8b> 88 c8 03 00 00 74 2c 3b 11 77 28 8b 5c 91 08 85 db 74 22 8b
          EIP: [<f90a3d91>] nfsd4_client_tracking_exit+0x11/0x50 [nfsd] SS:ESP 0068:eb2bde34
          CR2: 00000000000003c8
          ---[ end trace 09e54015d145c9c6 ]---
      
      The problem appears to be a regression that was introduced in commit
      9a9c6478 "nfsd: make NFSv4 recovery client tracking options per net".
      Prior to that commit, it was safe to pass a NULL net pointer to
      nfsd4_client_tracking_exit in the legacy recdir case, and
      legacy_recdir_name_error did so. After that comit, the net pointer must
      be valid.
      
      This patch just fixes legacy_recdir_name_error to pass in a valid net
      pointer to that function.
      
      Cc: <stable@vger.kernel.org> # v3.8+
      Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>
      Reported-and-tested-by: NToralf Förster <toralf.foerster@gmx.de>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      7255e716
  7. 04 5月, 2013 1 次提交
  8. 01 5月, 2013 4 次提交
    • C
      NFSD: SECINFO doesn't handle unsupported pseudoflavors correctly · 676e4ebd
      Chuck Lever 提交于
      If nfsd4_do_encode_secinfo() can't find GSS info that matches an
      export security flavor, it assumes the flavor is not a GSS
      pseudoflavor, and simply puts it on the wire.
      
      However, if this XDR encoding logic is given a legitimate GSS
      pseudoflavor but the RPC layer says it does not support that
      pseudoflavor for some reason, then the server leaks GSS pseudoflavor
      numbers onto the wire.
      
      I confirmed this happens by blacklisting rpcsec_gss_krb5, then
      attempted a client transition from the pseudo-fs to a Kerberos-only
      share.  The client received a flavor list containing the Kerberos
      pseudoflavor numbers, rather than GSS tuples.
      
      The encoder logic can check that each pseudoflavor in flavs[] is
      less than MAXFLAVOR before writing it into the buffer, to prevent
      this.  But after "nflavs" is written into the XDR buffer, the
      encoder can't skip writing flavor information into the buffer when
      it discovers the RPC layer doesn't support that flavor.
      
      So count the number of valid flavors as they are written into the
      XDR buffer, then write that count into a placeholder in the XDR
      buffer when all recognized flavors have been encoded.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      676e4ebd
    • C
      ed9411a0
    • W
      nfsd: make symbol nfsd_reply_cache_shrinker static · c8c797f9
      Wei Yongjun 提交于
      symbol 'nfsd_reply_cache_shrinker' only used within this file. It should
      be static.
      Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      c8c797f9
    • J
      nfsd4: don't remap EISDIR errors in rename · 2a6cf944
      J. Bruce Fields 提交于
      We're going out of our way here to remap an error to make rfc 3530
      happy--but the rfc itself (nor rfc 1813, which has similar language)
      gives no justification.  And disagrees with local filesystem behavior,
      with Linux and posix man pages, and knfsd's implemented behavior for v2
      and v3.
      
      And the documented behavior seems better, in that it gives a little more
      information--you could implement the 3530 behavior using the posix
      behavior, but not the other way around.
      
      Also, the Linux client makes no attempt to remap this error in the v4
      case, so it can end up just returning EEXIST to the application in a
      case where it should return EISDIR.
      
      So honestly I think the rfc's are just buggy here--or in any case it
      doesn't see worth the trouble to remap this error.
      Reported-by: NFrank S Filz <ffilz@us.ibm.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      2a6cf944
  9. 30 4月, 2013 1 次提交
  10. 27 4月, 2013 2 次提交
    • J
      nfsd4: better error return to indicate SSV non-support · dd30333c
      J. Bruce Fields 提交于
      As 4.1 becomes less experimental and SSV still isn't implemented, we
      have to admit it's not going to be, and return some sensible error
      rather than just saying "our server's broken".  Discussion in the ietf
      group hasn't turned up any objections to using NFS4ERR_ENC_ALG_UNSUPP
      for that purpose.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      dd30333c
    • J
      nfsd: fix EXDEV checking in rename · aa387d6c
      J. Bruce Fields 提交于
      We again check for the EXDEV a little later on, so the first check is
      redundant.  This check is also slightly racier, since a badly timed
      eviction from the export cache could leave us with the two fh_export
      pointers pointing to two different cache entries which each refer to the
      same underlying export.
      
      It's better to compare vfsmounts as the later check does, but that
      leaves a minor security hole in the case where the two exports refer to
      two different directories especially if (for example) they have
      different root-squashing options.
      
      So, compare ex_path.dentry too.
      Reported-by: NJoe Habermann <joe.habermann@gmail.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      aa387d6c
  11. 24 4月, 2013 1 次提交
  12. 17 4月, 2013 2 次提交
  13. 16 4月, 2013 2 次提交
  14. 10 4月, 2013 5 次提交
  15. 09 4月, 2013 2 次提交