1. 29 Mar, 2013 12 commits
    • Chuck Lever's avatar
      NFS: Avoid PUTROOTFH when managing leases · 83ca7f5a
      Chuck Lever authored
      Currently, the compound operation the Linux NFS client sends to the
      server to confirm a client ID looks like this:
      
      	{ SETCLIENTID_CONFIRM; PUTROOTFH; GETATTR(lease_time) }
      
      Once the lease is confirmed, it makes sense to know how long before
      the client will have to renew it.  And, performing these operations
      in the same compound saves a round trip.
      
      Unfortunately, this arrangement assumes that the security flavor
      used for establishing a client ID can also be used to access the
      server's pseudo-fs.
      
      If the server requires a different security flavor to access its
      pseudo-fs than it allowed for the client's SETCLIENTID operation,
      the PUTROOTFH in this compound fails with NFS4ERR_WRONGSEC.  Even
      though the SETCLIENTID_CONFIRM succeeded, our client's trunking
      detection logic interprets the failure of the compound as a failure
      by the server to confirm the client ID.
      
      As part of server trunking detection, the client then begins another
      SETCLIENTID pass with the same nfs4_client_id.  This fails with
      NFS4ERR_CLID_INUSE because the first SETCLIENTID/SETCLIENTID_CONFIRM
      already succeeded in confirming that client ID -- it was the
      PUTROOTFH operation that caused the SETCLIENTID_CONFIRM compound to
      fail.
      
      To address this issue, separate the "establish client ID" step from
      the "accessing the server's pseudo-fs root" step.  The first access
      of the server's pseudo-fs may require retrying the PUTROOTFH
      operation with different security flavors.  This access is done in
      nfs4_proc_get_rootfh().
      
      That leaves the matter of how to retrieve the server's lease time.
      nfs4_proc_fsinfo() already retrieves the lease time value, though
      none of its callers do anything with the retrieved value (nor do
      they mark the lease as "renewed").
      
      Note that NFSv4.1 state recovery invokes nfs4_proc_get_lease_time()
      using the lease management security flavor.  This may cause some
      heartburn if that security flavor isn't the same as the security
      flavor the server requires for accessing the pseudo-fs.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Cc: Bryan Schumaker <bjschuma@netapp.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      83ca7f5a
    • Chuck Lever's avatar
      NFS: Clean up nfs4_proc_get_rootfh · 2ed4b95b
      Chuck Lever authored
      The long lines with no vertical white space make this function
      difficult for humans to read.  Add a proper documenting comment
      while we're here.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Cc: Bryan Schumaker <bjschuma@netapp.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      2ed4b95b
    • Chuck Lever's avatar
      NFS: Handle missing rpc.gssd when looking up root FH · 75bc8821
      Chuck Lever authored
      When rpc.gssd is not running, any NFS operation that needs to use a
      GSS security flavor of course does not work.
      
      If looking up a server's root file handle results in an
      NFS4ERR_WRONGSEC, nfs4_find_root_sec() is called to try a bunch of
      security flavors until one works or all reasonable flavors have
      been tried.  When rpc.gssd isn't running, this loop seems to fail
      immediately after rpcauth_create() craps out on the first GSS
      flavor.
      
      When the rpcauth_create() call in nfs4_lookup_root_sec() fails
      because rpc.gssd is not available, nfs4_lookup_root_sec()
      unconditionally returns -EIO.  This prevents nfs4_find_root_sec()
      from retrying any other flavors; it drops out of its loop and fails
      immediately.
      
      Having nfs4_lookup_root_sec() return -EACCES instead allows
      nfs4_find_root_sec() to try all flavors in its list.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Cc: Bryan Schumaker <bjschuma@netapp.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      75bc8821
    • Chuck Lever's avatar
      SUNRPC: Remove EXPORT_SYMBOL_GPL() from GSS mech switch · 5007220b
      Chuck Lever authored
      Clean up: Reduce the symbol table footprint for auth_rpcgss.ko by
      removing exported symbols for functions that are no longer used
      outside of auth_rpcgss.ko.
      
      The remaining two EXPORTs in gss_mech_switch.c get documenting
      comments.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      5007220b
    • Chuck Lever's avatar
      SUNRPC: Make gss_mech_get() static · 6599c0ac
      Chuck Lever authored
      gss_mech_get() is no longer used outside of gss_mech_switch.c.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      6599c0ac
    • Chuck Lever's avatar
      SUNRPC: Refactor nfsd4_do_encode_secinfo() · a77c806f
      Chuck Lever authored
      Clean up.  This matches a similar API for the client side, and
      keeps ULP fingers out the of the GSS mech switch.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Acked-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      a77c806f
    • Chuck Lever's avatar
      SUNRPC: Consider qop when looking up pseudoflavors · 83523d08
      Chuck Lever authored
      The NFSv4 SECINFO operation returns a list of security flavors that
      the server supports for a particular share.  An NFSv4 client is
      supposed to pick a pseudoflavor it supports that corresponds to one
      of the flavors returned by the server.
      
      GSS flavors in this list have a GSS tuple that identify a specific
      GSS pseudoflavor.
      
      Currently our client ignores the GSS tuple's "qop" value.  A
      matching pseudoflavor is chosen based only on the OID and service
      value.
      
      So far this omission has not had much effect on Linux.  The NFSv4
      protocol currently supports only one qop value: GSS_C_QOP_DEFAULT,
      also known as zero.
      
      However, if an NFSv4 server happens to return something other than
      zero in the qop field, our client won't notice.  This could cause
      the client to behave in incorrect ways that could have security
      implications.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      83523d08
    • Chuck Lever's avatar
      SUNRPC: Load GSS kernel module by OID · f783288f
      Chuck Lever authored
      The current GSS mech switch can find and load GSS pseudoflavor
      modules by name ("krb5") or pseudoflavor number ("390003"), but
      cannot find GSS modules by GSS tuple:
      
        [ "1.2.840.113554.1.2.2", GSS_C_QOP_DEFAULT, RPC_GSS_SVC_NONE ]
      
      This is important when dealing with a SECINFO request.  A SECINFO
      reply contains a list of flavors the server supports for the
      requested export, but GSS flavors also have a GSS tuple that maps
      to a pseudoflavor (like 390003 for krb5).
      
      If the GSS module that supports the OID in the tuple is not loaded,
      our client is not able to load that module dynamically to support
      that pseudoflavor.
      
      Add a way for the GSS mech switch to load GSS pseudoflavor support
      by OID before searching for the pseudoflavor that matches the OID
      and service.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      f783288f
    • Chuck Lever's avatar
      SUNRPC: Introduce rpcauth_get_pseudoflavor() · 9568c5e9
      Chuck Lever authored
      A SECINFO reply may contain flavors whose kernel module is not
      yet loaded by the client's kernel.  A new RPC client API, called
      rpcauth_get_pseudoflavor(), is introduced to do proper checking
      for support of a security flavor.
      
      When this API is invoked, the RPC client now tries to load the
      module for each flavor first before performing the "is this
      supported?" check.  This means if a module is available on the
      client, but has not been loaded yet, it will be loaded and
      registered automatically when the SECINFO reply is processed.
      
      The new API can take a full GSS tuple (OID, QoP, and service).
      Previously only the OID and service were considered.
      
      nfs_find_best_sec() is updated to verify all flavors requested in a
      SECINFO reply, including AUTH_NULL and AUTH_UNIX.  Previously these
      two flavors were simply assumed to be supported without consulting
      the RPC client.
      
      Note that the replaced version of nfs_find_best_sec() can return
      RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an
      unsupported "service" value.  nfs_find_best_sec() now returns
      RPC_AUTH_UNIX in this case.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      9568c5e9
    • Chuck Lever's avatar
      SUNRPC: Define rpcsec_gss_info structure · fb15b26f
      Chuck Lever authored
      The NFSv4 SECINFO procedure returns a list of security flavors.  Any
      GSS flavor also has a GSS tuple containing an OID, a quality-of-
      protection value, and a service value, which specifies a particular
      GSS pseudoflavor.
      
      For simplicity and efficiency, I'd like to return each GSS tuple
      from the NFSv4 SECINFO XDR decoder and pass it straight into the RPC
      client.
      
      Define a data structure that is visible to both the NFS client and
      the RPC client.  Take structure and field names from the relevant
      standards to avoid confusion.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      fb15b26f
    • Chuck Lever's avatar
      NFS: Remove unneeded forward declaration · 72f4dc11
      Chuck Lever authored
      I've built with NFSv4 enabled and disabled.  This forward
      declaration does not seem to be required.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      72f4dc11
    • Chuck Lever's avatar
      SUNRPC: Missing module alias for auth_rpcgss.ko · 71afa85e
      Chuck Lever authored
      Commit f344f6df "SUNRPC: Auto-load RPC authentication kernel
      modules", Mon Mar 20 13:44:08 2006, adds a request_module() call
      in rpcauth_create() to auto-load RPC security modules when a ULP
      tries to create a credential of that flavor.
      
      In rpcauth_create(), the name of the module to load is built like
      this:
      
      	request_module("rpc-auth-%u", flavor);
      
      This means that for, say, RPC_AUTH_GSS, request_module() is looking
      for a module or alias called "rpc-auth-6".
      
      The GSS module is named "auth_rpcgss", and commit f344f6df does not
      add any new module aliases.  There is also no such alias provided in
      /etc/modprobe.d on my system (Fedora 16).  Without this alias, the
      GSS module is not loaded on demand.
      
      This is used by rpcauth_create().  The pseudoflavor_to_flavor() call
      can return RPC_AUTH_GSS, which is passed to request_module().
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      71afa85e
  2. 28 Mar, 2013 2 commits
    • Trond Myklebust's avatar
      NFSv4: Fix Oopses in the fs_locations code · 809b426c
      Trond Myklebust authored
      If the server sends us a pathname with more components than the client
      limit of NFS4_PATHNAME_MAXCOMPONENTS, more server entries than the client
      limit of NFS4_FS_LOCATION_MAXSERVERS, or sends a total number of
      fs_locations entries than the client limit of NFS4_FS_LOCATIONS_MAXENTRIES
      then we will currently Oops because the limit checks are done _after_ we've
      decoded the data into the arrays.
      
      Reported-by: fanchaoting<fanchaoting@cn.fujitsu.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      809b426c
    • Trond Myklebust's avatar
      NFSv4: Fix another reboot recovery race · 91876b13
      Trond Myklebust authored
      If the open_context for the file is not yet fully initialised,
      then open recovery cannot succeed, and since nfs4_state_find_open_context
      returns an ENOENT, we end up treating the file as being irrecoverable.
      
      What we really want to do, is just defer the recovery until later.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      91876b13
  3. 27 Mar, 2013 1 commit
  4. 25 Mar, 2013 13 commits
  5. 21 Mar, 2013 4 commits
  6. 20 Mar, 2013 1 commit
  7. 03 Mar, 2013 7 commits
    • Linus Torvalds's avatar
      Linux 3.9-rc1 · 6dbe51c2
      Linus Torvalds authored
      6dbe51c2
    • Linus Torvalds's avatar
      Merge tag 'disintegrate-fbdev-20121220' of git://git.infradead.org/users/dhowells/linux-headers · ea882c2e
      Linus Torvalds authored
      Pull fbdev UAPI disintegration from David Howells:
       "You'll be glad to here that the end is nigh for the UAPI patches.
        Only the fbdev/framebuffer piece remains now that the SCSI stuff has
        gone in.
      
        Here are the UAPI disintegration bits for the fbdev drivers.  It
        appears that Florian hasn't had time to deal with my patch, but back
        in December he did say he didn't mind if I pushed it forward."
      
      Yay.  No more uapi movement.  And hopefully no more big header file
      cleanups coming up either, it just tends to be very painful.
      
      * tag 'disintegrate-fbdev-20121220' of git://git.infradead.org/users/dhowells/linux-headers:
        UAPI: (Scripted) Disintegrate include/video
      ea882c2e
    • Linus Torvalds's avatar
      Merge tag 'stable/for-linus-3.9-rc1-tag' of... · 8e8b180a
      Linus Torvalds authored
      Merge tag 'stable/for-linus-3.9-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
      
      Pull Xen bug-fixes from Konrad Rzeszutek Wilk:
       - Update the Xen ACPI memory and CPU hotplug locking mechanism.
       - Fix PAT issues wherein various applications would not start
       - Fix handling of multiple MSI as AHCI now does it.
       - Fix ARM compile failures.
      
      * tag 'stable/for-linus-3.9-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
        xenbus: fix compile failure on ARM with Xen enabled
        xen/pci: We don't do multiple MSI's.
        xen/pat: Disable PAT using pat_enabled value.
        xen/acpi: xen cpu hotplug minor updates
        xen/acpi: xen memory hotplug minor updates
      8e8b180a
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 56a79b7b
      Linus Torvalds authored
      Pull  more VFS bits from Al Viro:
       "Unfortunately, it looks like xattr series will have to wait until the
        next cycle ;-/
      
        This pile contains 9p cleanups and fixes (races in v9fs_fid_add()
        etc), fixup for nommu breakage in shmem.c, several cleanups and a bit
        more file_inode() work"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        constify path_get/path_put and fs_struct.c stuff
        fix nommu breakage in shmem.c
        cache the value of file_inode() in struct file
        9p: if v9fs_fid_lookup() gets to asking server, it'd better have hashed dentry
        9p: make sure ->lookup() adds fid to the right dentry
        9p: untangle ->lookup() a bit
        9p: double iput() in ->lookup() if d_materialise_unique() fails
        9p: v9fs_fid_add() can't fail now
        v9fs: get rid of v9fs_dentry
        9p: turn fid->dlist into hlist
        9p: don't bother with private lock in ->d_fsdata; dentry->d_lock will do just fine
        more file_inode() open-coded instances
        selinux: opened file can't have NULL or negative ->f_path.dentry
      
      (In the meantime, the hlist traversal macros have changed, so this
      required a semantic conflict fixup for the newly hlistified fid->dlist)
      56a79b7b
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 1c82315a
      Linus Torvalds authored
      Pull btrfs fixup from Chris Mason:
       "Geert and James both sent this one in, sorry guys"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        btrfs/raid56: Add missing #include <linux/vmalloc.h>
      1c82315a
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 530ede14
      Linus Torvalds authored
      Pull second set of s390 patches from Martin Schwidefsky:
       "The main part of this merge are Heikos uaccess patches.  Together with
        commit 09884964 ("mm: do not grow the stack vma just because of an
        overrun on preceding vma") the user string access is hopefully fixed
        for good.
      
        In addition some bug fixes and two cleanup patches."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/module: fix compile warning
        qdio: remove unused parameters
        s390/uaccess: fix kernel ds access for page table walk
        s390/uaccess: fix strncpy_from_user string length check
        input: disable i8042 PC Keyboard controller for s390
        s390/dis: Fix invalid array size
        s390/uaccess: remove pointless access_ok() checks
        s390/uaccess: fix strncpy_from_user/strnlen_user zero maxlen case
        s390/uaccess: shorten strncpy_from_user/strnlen_user
        s390/dasd: fix unresponsive device after all channel paths were lost
        s390/mm: ignore change bit for vmemmap
        s390/page table dumper: add support for change-recording override bit
      530ede14
    • Linus Torvalds's avatar
      Merge branch 'fixes-for-3.9-latest' of... · 6977c6fc
      Linus Torvalds authored
      Merge branch 'fixes-for-3.9-latest' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
      
      Pull second round of PARISC updates from Helge Deller:
       "The most important fix in this branch is the switch of io_setup,
        io_getevents and io_submit syscalls to use the available compat
        syscalls when running 32bit userspace on 64bit kernel.  Other than
        that it's mostly removal of compile warnings."
      
      * 'fixes-for-3.9-latest' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: fix redefinition of SET_PERSONALITY
        parisc: do not install modules when installing kernel
        parisc: fix compile warnings triggered by atomic_sub(sizeof(),v)
        parisc: check return value of down_interruptible() in hp_sdc_rtc.c
        parisc: avoid unitialized variable warning in pa_memcpy()
        parisc: remove unused variable 'compat_val'
        parisc: switch to compat_functions of io_setup, io_getevents and io_submit
        parisc: select ARCH_WANT_FRAME_POINTERS
      6977c6fc