1. 18 6月, 2009 4 次提交
  2. 03 4月, 2009 3 次提交
  3. 31 3月, 2009 1 次提交
    • A
      proc 2/2: remove struct proc_dir_entry::owner · 99b76233
      Alexey Dobriyan 提交于
      Setting ->owner as done currently (pde->owner = THIS_MODULE) is racy
      as correctly noted at bug #12454. Someone can lookup entry with NULL
      ->owner, thus not pinning enything, and release it later resulting
      in module refcount underflow.
      
      We can keep ->owner and supply it at registration time like ->proc_fops
      and ->data.
      
      But this leaves ->owner as easy-manipulative field (just one C assignment)
      and somebody will forget to unpin previous/pin current module when
      switching ->owner. ->proc_fops is declared as "const" which should give
      some thoughts.
      
      ->read_proc/->write_proc were just fixed to not require ->owner for
      protection.
      
      rmmod'ed directories will be empty and return "." and ".." -- no harm.
      And directories with tricky enough readdir and lookup shouldn't be modular.
      We definitely don't want such modular code.
      
      Removing ->owner will also make PDE smaller.
      
      So, let's nuke it.
      
      Kudos to Jeff Layton for reminding about this, let's say, oversight.
      
      http://bugzilla.kernel.org/show_bug.cgi?id=12454Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
      99b76233
  4. 29 3月, 2009 1 次提交
  5. 13 3月, 2009 1 次提交
  6. 11 3月, 2009 1 次提交
  7. 24 12月, 2008 6 次提交
    • T
      NFSv4: Fix up delegation callbacks · 9082a5cc
      Trond Myklebust 提交于
      Currently, the callback server is listening on IPv6 if it is enabled. This
      means that IPv4 addresses will always be mapped.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      9082a5cc
    • T
      NFSv4: Remove nfs_client->cl_sem · 95d35cb4
      Trond Myklebust 提交于
      Now that we're using the flags to indicate state that needs to be
      recovered, as well as having implemented proper refcounting and spinlocking
      on the state and open_owners, we can get rid of nfs_client->cl_sem. The
      only remaining case that was dubious was the file locking, and that case is
      now covered by the nfsi->rwsem.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      95d35cb4
    • C
      NLM: allow lockd requests from an unprivileged port · 0cb2659b
      Chuck Lever 提交于
      If the admin has specified the "noresvport" option for an NFS mount
      point, the kernel's NFS client uses an unprivileged source port for
      the main NFS transport.  The kernel's lockd client should use an
      unprivileged port in this case as well.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      0cb2659b
    • C
      NFS: add "[no]resvport" mount option · d740351b
      Chuck Lever 提交于
      The standard default security setting for NFS is AUTH_SYS.  An NFS
      client connects to NFS servers via a privileged source port and a
      fixed standard destination port (2049).  The client sends raw uid and
      gid numbers to identify users making NFS requests, and the server
      assumes an appropriate authority on the client has vetted these
      values because the source port is privileged.
      
      On Linux, by default in-kernel RPC services use a privileged port in
      the range between 650 and 1023 to avoid using source ports of well-
      known IP services.  Using such a small range limits the number of NFS
      mount points and the number of unique NFS servers to which a client
      can connect concurrently.
      
      An NFS client can use unprivileged source ports to expand the range of
      source port numbers, allowing more concurrent server connections and
      more NFS mount points.  Servers must explicitly allow NFS connections
      from unprivileged ports for this to work.
      
      In the past, bumping the value of the sunrpc.max_resvport sysctl on
      the client would permit the NFS client to use unprivileged ports.
      Bumping this setting also changes the maximum port number used by
      other in-kernel RPC services, some of which still required a port
      number less than 1023.
      
      This is exacerbated by the way source port numbers are chosen by the
      Linux RPC client, which starts at the top of the range and works
      downwards.  It means that bumping the maximum means all RPC services
      requesting a source port will likely get an unprivileged port instead
      of a privileged one.
      
      Changing this setting effects all NFS mount points on a client.  A
      sysadmin could not selectively choose which mount points would use
      non-privileged ports and which could not.
      
      Lastly, this mechanism of expanding the limit on the number of NFS
      mount points was entirely undocumented.
      
      To address the need for the NFS client to use a large range of source
      ports without interfering with the activity of other in-kernel RPC
      services, we introduce a new NFS mount option.  This option explicitly
      tells only the NFS client to use a non-privileged source port when
      communicating with the NFS server for one specific mount point.
      
      This new mount option is called "resvport," like the similar NFS mount
      option on FreeBSD and Mac OS X.  A sister patch for nfs-utils will be
      submitted that documents this new option in nfs(5).
      
      The default setting for this new mount option requires the NFS client
      to use a privileged port, as before.  Explicitly specifying the
      "noresvport" mount option allows the NFS client to use an unprivileged
      source port for this mount point when connecting to the NFS server
      port.
      
      This mount option is supported only for text-based NFS mounts.
      
      [ Sidebar: it is widely known that security mechanisms based on the
        use of privileged source ports are ineffective.  However, the NFS
        client can combine the use of unprivileged ports with the use of
        secure authentication mechanisms, such as Kerberos.  This allows a
        large number of connections and mount points while ensuring a useful
        level of security.
      
        Eventually we may change the default setting for this option
        depending on the security flavor used for the mount.  For example,
        if the mount is using only AUTH_SYS, then the default setting will
        be "resvport;" if the mount is using a strong security flavor such
        as krb5, the default setting will be "noresvport." ]
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      [Trond.Myklebust@netapp.com: Fixed a bug whereby nfs4_init_client()
      was being called with incorrect arguments.]
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      d740351b
    • C
      NFS: move nfs_server flag initialization · 542fcc33
      Chuck Lever 提交于
      Make it possible for the NFSv4 mount set up logic to pass mount option
      flags down the stack to nfs_create_rpc_client().
      
      This is immediately useful if we want NFS mount options to modulate
      settings of the underlying RPC transport, but it may be useful at some
      later point if other parts of the NFSv4 mount initialization logic
      want to know what the mount options are.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      542fcc33
    • C
      NFS: expand flags passed to nfs_create_rpc_client() · 4a01b8a4
      Chuck Lever 提交于
      The nfs_create_rpc_client() function sets up an RPC client for an NFS
      mount point.  Add an option that allows it to set up an RPC transport
      from an unprivileged port.
      
      Instead of having nfs_create_rpc_client()'s callers retain local
      knowledge about how to set up an RPC client, create a couple of flag
      arguments to control the use of RPC_CLNT_CREATE flags.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      4a01b8a4
  8. 08 10月, 2008 1 次提交
  9. 07 10月, 2008 1 次提交
  10. 10 7月, 2008 1 次提交
  11. 17 5月, 2008 1 次提交
  12. 29 4月, 2008 2 次提交
  13. 20 4月, 2008 1 次提交
  14. 20 3月, 2008 2 次提交
    • C
      NFS: Save the values of the "mount*=" mount options · 3f8400d1
      Chuck Lever 提交于
      Save the value of the mountproto= mountport= mountvers= and mountaddr=
      options so that these values can be displayed later via
      nfs_show_options().
      
      This preserves the intent of the original mount options, should the file
      system need to be remounted based on what's displayed in /proc/mounts.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Cc: Miklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      3f8400d1
    • C
      NFS: Save the value of the "port=" mount option · f22d6d79
      Chuck Lever 提交于
      During a remount based on the mount options displayed in /proc/mounts, we
      want to preserve the original behavior of the mount request.  Let's save
      the original setting of the "port=" mount option in the mount's nfs_server
      structure.
      
      This allows us to simplify the default behavior of port setting for NFSv4
      mounts: by default, NFSv2/3 mounts first try an RPC bind to determine the
      NFS server's port, unless the user specified the "port=" mount option;
      Users can force the client to skip the RPC bind by explicitly specifying
      "port=<value>".
      
      NFSv4, by contrast, assumes the NFS server port is 2049 and skips the RPC
      bind, unless the user specifies "port=".  Users can force an RPC bind for
      NFSv4 by explicitly specifying "port=0".
      
      I added a couple of extra comments to clarify this behavior.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Cc: Miklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      f22d6d79
  15. 29 2月, 2008 1 次提交
  16. 30 1月, 2008 13 次提交