1. 08 Sep, 2022 1 commit
    • NeilBrown's avatar
      NFSD: fix regression with setting ACLs. · 00801cd9
      NeilBrown authored
      A recent patch moved ACL setting into nfsd_setattr().
      Unfortunately it didn't work as nfsd_setattr() aborts early if
      iap->ia_valid is 0.
      
      Remove this test, and instead avoid calling notify_change() when
      ia_valid is 0.
      
      This means that nfsd_setattr() will now *always* lock the inode.
      Previously it didn't if only a ATTR_MODE change was requested on a
      symlink (see Commit 15b7a1b8 ("[PATCH] knfsd: fix setattr-on-symlink
      error return")). I don't think this change really matters.
      
      Fixes: c0cbe707 ("NFSD: add posix ACLs to struct nfsd_attrs")
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      00801cd9
  2. 04 Aug, 2022 9 commits
    • Jeff Layton's avatar
      lockd: detect and reject lock arguments that overflow · 6930bcbf
      Jeff Layton authored
      lockd doesn't currently vet the start and length in nlm4 requests like
      it should, and can end up generating lock requests with arguments that
      overflow when passed to the filesystem.
      
      The NLM4 protocol uses unsigned 64-bit arguments for both start and
      length, whereas struct file_lock tracks the start and end as loff_t
      values. By the time we get around to calling nlm4svc_retrieve_args,
      we've lost the information that would allow us to determine if there was
      an overflow.
      
      Start tracking the actual start and len for NLM4 requests in the
      nlm_lock. In nlm4svc_retrieve_args, vet these values to ensure they
      won't cause an overflow, and return NLM4_FBIG if they do.
      
      Link: https://bugzilla.linux-nfs.org/show_bug.cgi?id=392Reported-by: default avatarJan Kasiak <j.kasiak@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Cc: <stable@vger.kernel.org> # 5.14+
      6930bcbf
    • NeilBrown's avatar
      NFSD: discard fh_locked flag and fh_lock/fh_unlock · dd8dd403
      NeilBrown authored
      As all inode locking is now fully balanced, fh_put() does not need to
      call fh_unlock().
      fh_lock() and fh_unlock() are no longer used, so discard them.
      These are the only real users of ->fh_locked, so discard that too.
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      dd8dd403
    • NeilBrown's avatar
      NFSD: use (un)lock_inode instead of fh_(un)lock for file operations · bb4d53d6
      NeilBrown authored
      When locking a file to access ACLs and xattrs etc, use explicit locking
      with inode_lock() instead of fh_lock().  This means that the calls to
      fh_fill_pre/post_attr() are also explicit which improves readability and
      allows us to place them only where they are needed.  Only the xattr
      calls need pre/post information.
      
      When locking a file we don't need I_MUTEX_PARENT as the file is not a
      parent of anything, so we can use inode_lock() directly rather than the
      inode_lock_nested() call that fh_lock() uses.
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      bb4d53d6
    • NeilBrown's avatar
      NFSD: use explicit lock/unlock for directory ops · debf16f0
      NeilBrown authored
      When creating or unlinking a name in a directory use explicit
      inode_lock_nested() instead of fh_lock(), and explicit calls to
      fh_fill_pre_attrs() and fh_fill_post_attrs().  This is already done
      for renames, with lock_rename() as the explicit locking.
      
      Also move the 'fill' calls closer to the operation that might change the
      attributes.  This way they are avoided on some error paths.
      
      For the v2-only code in nfsproc.c, the fill calls are not replaced as
      they aren't needed.
      
      Making the locking explicit will simplify proposed future changes to
      locking for directories.  It also makes it easily visible exactly where
      pre/post attributes are used - not all callers of fh_lock() actually
      need the pre/post attributes.
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      debf16f0
    • NeilBrown's avatar
      NFSD: reduce locking in nfsd_lookup() · 19d008b4
      NeilBrown authored
      nfsd_lookup() takes an exclusive lock on the parent inode, but no
      callers want the lock and it may not be needed at all if the
      result is in the dcache.
      
      Change nfsd_lookup_dentry() to not take the lock, and call
      lookup_one_len_locked() which takes lock only if needed.
      
      nfsd4_open() currently expects the lock to still be held, but that isn't
      necessary as nfsd_validate_delegated_dentry() provides required
      guarantees without the lock.
      
      NOTE: NFSv4 requires directory changeinfo for OPEN even when a create
        wasn't requested and no change happened.  Now that nfsd_lookup()
        doesn't use fh_lock(), we need to explicitly fill the attributes
        when no create happens.  A new fh_fill_both_attrs() is provided
        for that task.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      19d008b4
    • NeilBrown's avatar
      NFSD: only call fh_unlock() once in nfsd_link() · e18bcb33
      NeilBrown authored
      On non-error paths, nfsd_link() calls fh_unlock() twice.  This is safe
      because fh_unlock() records that the unlock has been done and doesn't
      repeat it.
      However it makes the code a little confusing and interferes with changes
      that are planned for directory locking.
      
      So rearrange the code to ensure fh_unlock() is called exactly once if
      fh_lock() was called.
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      e18bcb33
    • NeilBrown's avatar
      NFSD: always drop directory lock in nfsd_unlink() · b677c0c6
      NeilBrown authored
      Some error paths in nfsd_unlink() allow it to exit without unlocking the
      directory.  This is not a problem in practice as the directory will be
      locked with an fh_put(), but it is untidy and potentially confusing.
      
      This allows us to remove all the fh_unlock() calls that are immediately
      after nfsd_unlink() calls.
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      b677c0c6
    • NeilBrown's avatar
      NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. · 927bfc56
      NeilBrown authored
      nfsd_create() usually returns with the directory still locked.
      nfsd_symlink() usually returns with it unlocked.  This is clumsy.
      
      Until recently nfsd_create() needed to keep the directory locked until
      ACLs and security label had been set.  These are now set inside
      nfsd_create() (in nfsd_setattr()) so this need is gone.
      
      So change nfsd_create() and nfsd_symlink() to always unlock, and remove
      any fh_unlock() calls that follow calls to these functions.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      927bfc56
    • NeilBrown's avatar
      NFSD: add posix ACLs to struct nfsd_attrs · c0cbe707
      NeilBrown authored
      pacl and dpacl pointers are added to struct nfsd_attrs, which requires
      that we have an nfsd_attrs_free() function to free them.
      Those nfsv4 functions that can set ACLs now set up these pointers
      based on the passed in NFSv4 ACL.
      
      nfsd_setattr() sets the acls as appropriate.
      
      Errors are handled as with security labels.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      c0cbe707
  3. 30 Jul, 2022 30 commits