Commit 6c0a8c5f authored by Chuck Lever's avatar Chuck Lever Committed by Trond Myklebust

NFS: Have struct nfs_client carry a TLS policy field

The new field is used to match struct nfs_clients that have the same
TLS policy setting.
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
parent 75eb6af7
...@@ -184,6 +184,7 @@ struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_init) ...@@ -184,6 +184,7 @@ struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_init)
clp->cl_net = get_net(cl_init->net); clp->cl_net = get_net(cl_init->net);
clp->cl_principal = "*"; clp->cl_principal = "*";
clp->cl_xprtsec = cl_init->xprtsec;
return clp; return clp;
error_cleanup: error_cleanup:
...@@ -326,6 +327,10 @@ static struct nfs_client *nfs_match_client(const struct nfs_client_initdata *dat ...@@ -326,6 +327,10 @@ static struct nfs_client *nfs_match_client(const struct nfs_client_initdata *dat
sap)) sap))
continue; continue;
/* Match the xprt security policy */
if (clp->cl_xprtsec.policy != data->xprtsec.policy)
continue;
refcount_inc(&clp->cl_count); refcount_inc(&clp->cl_count);
return clp; return clp;
} }
...@@ -675,6 +680,9 @@ static int nfs_init_server(struct nfs_server *server, ...@@ -675,6 +680,9 @@ static int nfs_init_server(struct nfs_server *server,
.cred = server->cred, .cred = server->cred,
.nconnect = ctx->nfs_server.nconnect, .nconnect = ctx->nfs_server.nconnect,
.init_flags = (1UL << NFS_CS_REUSEPORT), .init_flags = (1UL << NFS_CS_REUSEPORT),
.xprtsec = {
.policy = RPC_XPRTSEC_NONE,
},
}; };
struct nfs_client *clp; struct nfs_client *clp;
int error; int error;
......
...@@ -81,6 +81,7 @@ struct nfs_client_initdata { ...@@ -81,6 +81,7 @@ struct nfs_client_initdata {
struct net *net; struct net *net;
const struct rpc_timeout *timeparms; const struct rpc_timeout *timeparms;
const struct cred *cred; const struct cred *cred;
struct xprtsec_parms xprtsec;
}; };
/* /*
......
...@@ -93,6 +93,7 @@ struct nfs_client *nfs3_set_ds_client(struct nfs_server *mds_srv, ...@@ -93,6 +93,7 @@ struct nfs_client *nfs3_set_ds_client(struct nfs_server *mds_srv,
.net = mds_clp->cl_net, .net = mds_clp->cl_net,
.timeparms = &ds_timeout, .timeparms = &ds_timeout,
.cred = mds_srv->cred, .cred = mds_srv->cred,
.xprtsec = mds_clp->cl_xprtsec,
}; };
struct nfs_client *clp; struct nfs_client *clp;
char buf[INET6_ADDRSTRLEN + 1]; char buf[INET6_ADDRSTRLEN + 1];
......
...@@ -896,7 +896,8 @@ static int nfs4_set_client(struct nfs_server *server, ...@@ -896,7 +896,8 @@ static int nfs4_set_client(struct nfs_server *server,
int proto, const struct rpc_timeout *timeparms, int proto, const struct rpc_timeout *timeparms,
u32 minorversion, unsigned int nconnect, u32 minorversion, unsigned int nconnect,
unsigned int max_connect, unsigned int max_connect,
struct net *net) struct net *net,
struct xprtsec_parms *xprtsec)
{ {
struct nfs_client_initdata cl_init = { struct nfs_client_initdata cl_init = {
.hostname = hostname, .hostname = hostname,
...@@ -909,6 +910,7 @@ static int nfs4_set_client(struct nfs_server *server, ...@@ -909,6 +910,7 @@ static int nfs4_set_client(struct nfs_server *server,
.net = net, .net = net,
.timeparms = timeparms, .timeparms = timeparms,
.cred = server->cred, .cred = server->cred,
.xprtsec = *xprtsec,
}; };
struct nfs_client *clp; struct nfs_client *clp;
...@@ -978,6 +980,7 @@ struct nfs_client *nfs4_set_ds_client(struct nfs_server *mds_srv, ...@@ -978,6 +980,7 @@ struct nfs_client *nfs4_set_ds_client(struct nfs_server *mds_srv,
.net = mds_clp->cl_net, .net = mds_clp->cl_net,
.timeparms = &ds_timeout, .timeparms = &ds_timeout,
.cred = mds_srv->cred, .cred = mds_srv->cred,
.xprtsec = mds_srv->nfs_client->cl_xprtsec,
}; };
char buf[INET6_ADDRSTRLEN + 1]; char buf[INET6_ADDRSTRLEN + 1];
...@@ -1127,6 +1130,9 @@ static int nfs4_server_common_setup(struct nfs_server *server, ...@@ -1127,6 +1130,9 @@ static int nfs4_server_common_setup(struct nfs_server *server,
static int nfs4_init_server(struct nfs_server *server, struct fs_context *fc) static int nfs4_init_server(struct nfs_server *server, struct fs_context *fc)
{ {
struct nfs_fs_context *ctx = nfs_fc2context(fc); struct nfs_fs_context *ctx = nfs_fc2context(fc);
struct xprtsec_parms xprtsec = {
.policy = RPC_XPRTSEC_NONE,
};
struct rpc_timeout timeparms; struct rpc_timeout timeparms;
int error; int error;
...@@ -1157,7 +1163,8 @@ static int nfs4_init_server(struct nfs_server *server, struct fs_context *fc) ...@@ -1157,7 +1163,8 @@ static int nfs4_init_server(struct nfs_server *server, struct fs_context *fc)
ctx->minorversion, ctx->minorversion,
ctx->nfs_server.nconnect, ctx->nfs_server.nconnect,
ctx->nfs_server.max_connect, ctx->nfs_server.max_connect,
fc->net_ns); fc->net_ns,
&xprtsec);
if (error < 0) if (error < 0)
return error; return error;
...@@ -1247,7 +1254,8 @@ struct nfs_server *nfs4_create_referral_server(struct fs_context *fc) ...@@ -1247,7 +1254,8 @@ struct nfs_server *nfs4_create_referral_server(struct fs_context *fc)
parent_client->cl_mvops->minor_version, parent_client->cl_mvops->minor_version,
parent_client->cl_nconnect, parent_client->cl_nconnect,
parent_client->cl_max_connect, parent_client->cl_max_connect,
parent_client->cl_net); parent_client->cl_net,
&parent_client->cl_xprtsec);
if (!error) if (!error)
goto init_server; goto init_server;
#endif /* IS_ENABLED(CONFIG_SUNRPC_XPRT_RDMA) */ #endif /* IS_ENABLED(CONFIG_SUNRPC_XPRT_RDMA) */
...@@ -1263,7 +1271,8 @@ struct nfs_server *nfs4_create_referral_server(struct fs_context *fc) ...@@ -1263,7 +1271,8 @@ struct nfs_server *nfs4_create_referral_server(struct fs_context *fc)
parent_client->cl_mvops->minor_version, parent_client->cl_mvops->minor_version,
parent_client->cl_nconnect, parent_client->cl_nconnect,
parent_client->cl_max_connect, parent_client->cl_max_connect,
parent_client->cl_net); parent_client->cl_net,
&parent_client->cl_xprtsec);
if (error < 0) if (error < 0)
goto error; goto error;
...@@ -1336,7 +1345,8 @@ int nfs4_update_server(struct nfs_server *server, const char *hostname, ...@@ -1336,7 +1345,8 @@ int nfs4_update_server(struct nfs_server *server, const char *hostname,
error = nfs4_set_client(server, hostname, sap, salen, buf, error = nfs4_set_client(server, hostname, sap, salen, buf,
clp->cl_proto, clnt->cl_timeout, clp->cl_proto, clnt->cl_timeout,
clp->cl_minorversion, clp->cl_minorversion,
clp->cl_nconnect, clp->cl_max_connect, net); clp->cl_nconnect, clp->cl_max_connect,
net, &clp->cl_xprtsec);
clear_bit(NFS_MIG_TSM_POSSIBLE, &server->mig_status); clear_bit(NFS_MIG_TSM_POSSIBLE, &server->mig_status);
if (error != 0) { if (error != 0) {
nfs_server_insert_lists(server); nfs_server_insert_lists(server);
......
...@@ -64,6 +64,7 @@ struct nfs_client { ...@@ -64,6 +64,7 @@ struct nfs_client {
unsigned int cl_nconnect; /* Number of connections */ unsigned int cl_nconnect; /* Number of connections */
unsigned int cl_max_connect; /* max number of xprts allowed */ unsigned int cl_max_connect; /* max number of xprts allowed */
const char * cl_principal; /* used for machine cred */ const char * cl_principal; /* used for machine cred */
struct xprtsec_parms cl_xprtsec; /* xprt security policy */
#if IS_ENABLED(CONFIG_NFS_V4) #if IS_ENABLED(CONFIG_NFS_V4)
struct list_head cl_ds_clients; /* auth flavor data servers */ struct list_head cl_ds_clients; /* auth flavor data servers */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment