History log of /net/sunrpc/auth_gss/auth_gss.c
Revision Date Author Comments
b3ecba096729f521312d1863ad22530695527aed 13-Nov-2014 Jeff Layton <jlayton@primarydata.com> sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor

Bruce reported that he was seeing the following BUG pop:

BUG: sleeping function called from invalid context at mm/slab.c:2846
in_atomic(): 0, irqs_disabled(): 0, pid: 4539, name: mount.nfs
2 locks held by mount.nfs/4539:
#0: (nfs_clid_init_mutex){+.+.+.}, at: [<ffffffffa01c0a9a>] nfs4_discover_server_trunking+0x4a/0x2f0 [nfsv4]
#1: (rcu_read_lock){......}, at: [<ffffffffa00e3185>] gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
Preemption disabled at:[<ffffffff81a4f082>] printk+0x4d/0x4f

CPU: 3 PID: 4539 Comm: mount.nfs Not tainted 3.18.0-rc1-00013-g5b095e9 #3393
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
ffff880021499390 ffff8800381476a8 ffffffff81a534cf 0000000000000001
0000000000000000 ffff8800381476c8 ffffffff81097854 00000000000000d0
0000000000000018 ffff880038147718 ffffffff8118e4f3 0000000020479f00
Call Trace:
[<ffffffff81a534cf>] dump_stack+0x4f/0x7c
[<ffffffff81097854>] __might_sleep+0x114/0x180
[<ffffffff8118e4f3>] __kmalloc+0x1a3/0x280
[<ffffffffa00e31d8>] gss_stringify_acceptor+0x58/0xb0 [auth_rpcgss]
[<ffffffffa00e3185>] ? gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
[<ffffffffa006b438>] rpcauth_stringify_acceptor+0x18/0x30 [sunrpc]
[<ffffffffa01b0469>] nfs4_proc_setclientid+0x199/0x380 [nfsv4]
[<ffffffffa01b04d0>] ? nfs4_proc_setclientid+0x200/0x380 [nfsv4]
[<ffffffffa01bdf1a>] nfs40_discover_server_trunking+0xda/0x150 [nfsv4]
[<ffffffffa01bde45>] ? nfs40_discover_server_trunking+0x5/0x150 [nfsv4]
[<ffffffffa01c0acf>] nfs4_discover_server_trunking+0x7f/0x2f0 [nfsv4]
[<ffffffffa01c8e24>] nfs4_init_client+0x104/0x2f0 [nfsv4]
[<ffffffffa01539b4>] nfs_get_client+0x314/0x3f0 [nfs]
[<ffffffffa0153780>] ? nfs_get_client+0xe0/0x3f0 [nfs]
[<ffffffffa01c83aa>] nfs4_set_client+0x8a/0x110 [nfsv4]
[<ffffffffa0069708>] ? __rpc_init_priority_wait_queue+0xa8/0xf0 [sunrpc]
[<ffffffffa01c9b2f>] nfs4_create_server+0x12f/0x390 [nfsv4]
[<ffffffffa01c1472>] nfs4_remote_mount+0x32/0x60 [nfsv4]
[<ffffffff81196489>] mount_fs+0x39/0x1b0
[<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
[<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
[<ffffffffa01c1396>] nfs_do_root_mount+0x86/0xc0 [nfsv4]
[<ffffffffa01c1784>] nfs4_try_mount+0x44/0xc0 [nfsv4]
[<ffffffffa01549b7>] ? get_nfs_version+0x27/0x90 [nfs]
[<ffffffffa0161a2d>] nfs_fs_mount+0x47d/0xd60 [nfs]
[<ffffffff81a59c5e>] ? mutex_unlock+0xe/0x10
[<ffffffffa01606a0>] ? nfs_remount+0x430/0x430 [nfs]
[<ffffffffa01609c0>] ? nfs_clone_super+0x140/0x140 [nfs]
[<ffffffff81196489>] mount_fs+0x39/0x1b0
[<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
[<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
[<ffffffff811b5830>] do_mount+0x210/0xbe0
[<ffffffff811b54ca>] ? copy_mount_options+0x3a/0x160
[<ffffffff811b651f>] SyS_mount+0x6f/0xb0
[<ffffffff81a5c852>] system_call_fastpath+0x12/0x17

Sleeping under the rcu_read_lock is bad. This patch fixes it by dropping
the rcu_read_lock before doing the allocation and then reacquiring it
and redoing the dereference before doing the copy. If we find that the
string has somehow grown in the meantime, we'll reallocate and try again.

Cc: <stable@vger.kernel.org> # v3.17+
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
c5e6aecd034e70e73af4d7a2b8a115239e3568b5 16-Jul-2014 Jeff Layton <jlayton@primarydata.com> sunrpc: fix RCU handling of gc_ctx field

The handling of the gc_ctx pointer only seems to be partially RCU-safe.
The assignment and freeing are done using RCU, but many places in the
code seem to dereference that pointer without proper RCU safeguards.

Fix them to use rcu_dereference and to rcu_read_lock/unlock, and to
properly handle the case where the pointer is NULL.

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
a0337d1ddb5a4bd609e3ff0955551cb240340340 22-Jun-2014 Jeff Layton <jlayton@poochiereds.net> sunrpc: add a new "stringify_acceptor" rpc_credop

...and add an new rpc_auth function to call it when it exists. This
is only applicable for AUTH_GSS mechanisms, so we only specify this
for those sorts of credentials.

Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2004c726b9d9a9670b7f837190be9c8dfa7a0e9d 22-Jun-2014 Jeff Layton <jlayton@poochiereds.net> auth_gss: fetch the acceptor name out of the downcall

If rpc.gssd sends us an acceptor name string trailing the context token,
stash it as part of the context.

Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
4e857c58efeb99393cba5a5d0d8ec7117183137c 17-Mar-2014 Peter Zijlstra <peterz@infradead.org> arch: Mass conversion of smp_mb__*()

Mostly scripted conversion of the smp_mb__* barriers.

Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Link: http://lkml.kernel.org/n/tip-55dhyhocezdw1dg7u19hmh1u@git.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-arch@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
e9776d0f4adee8877145672f6416b06b57f2dc27 16-Feb-2014 Trond Myklebust <trond.myklebust@primarydata.com> SUNRPC: Fix a pipe_version reference leak

In gss_alloc_msg(), if the call to gss_encode_v1_msg() fails, we
want to release the reference to the pipe_version that was obtained
earlier in the function.

Fixes: 9d3a2260f0f4b (SUNRPC: Fix buffer overflow checking in...)
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
9eb2ddb48ce3a7bd745c14a933112994647fa3cd 16-Feb-2014 Trond Myklebust <trond.myklebust@primarydata.com> SUNRPC: Ensure that gss_auth isn't freed before its upcall messages

Fix a race in which the RPC client is shutting down while the
gss daemon is processing a downcall. If the RPC client manages to
shut down before the gss daemon is done, then the struct gss_auth
used in gss_release_msg() may have already been freed.

Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com
Reported-by: John <da_audiophile@yahoo.com>
Reported-by: Borislav Petkov <bp@alien8.de>
Cc: stable@vger.kernel.org # 3.12+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
a699d65ec4ff82245d2c4fdfb8ed1d64776d756e 10-Feb-2014 Trond Myklebust <trond.myklebust@primarydata.com> SUNRPC: Don't create a gss auth cache unless rpc.gssd is running

An infinite loop is caused when nfs4_establish_lease() fails
with -EACCES. This causes nfs4_handle_reclaim_lease_error()
to sleep a bit and resets the NFS4CLNT_LEASE_EXPIRED bit.
This in turn causes nfs4_state_manager() to try and
reestablished the lease, again, again, again...

The problem is a valid RPCSEC_GSS client is being created when
rpc.gssd is not running.

Link: http://lkml.kernel.org/r/1392066375-16502-1-git-send-email-steved@redhat.com
Fixes: 0ea9de0ea6a4 (sunrpc: turn warn_gssd() log message into a dprintk())
Reported-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
0ea9de0ea6a4e4a1d343130b2a159b4f986e288e 27-Jan-2014 Jeff Layton <jlayton@redhat.com> sunrpc: turn warn_gssd() log message into a dprintk()

The original printk() made sense when the GSSAPI codepaths were called
only when sec=krb5* was explicitly requested. Now however, in many cases
the nfs client will try to acquire GSSAPI credentials by default, even
when it's not requested.

Since we don't have a great mechanism to distinguish between the two
cases, just turn the pr_warn into a dprintk instead. With this change we
can also get rid of the ratelimiting.

We do need to keep the EXPORT_SYMBOL(gssd_running) in place since
auth_gss.ko needs it and sunrpc.ko provides it. We can however,
eliminate the gssd_running call in the nfs code since that's a bit of a
layering violation.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
89f842435c630f8426f414e6030bc2ffea0d6f81 14-Nov-2013 Jeff Layton <jlayton@redhat.com> sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check

Now that we have a more reliable method to tell if gssd is running, we
can replace the sn->gssd_running flag with a function that will query to
see if it's up and running.

There's also no need to attempt an upcall that we know will fail, so
just return -EACCES if gssd isn't running. Finally, fix the warn_gss()
message not to claim that that the upcall timed out since we don't
necesarily perform one now when gssd isn't running, and remove the
extraneous newline from the message.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
c297c8b99b07f496ff69a719cfb8e8fe852832ed 20-Nov-2013 Andy Adamson <andros@netapp.com> SUNRPC: do not fail gss proc NULL calls with EACCES

Otherwise RPCSEC_GSS_DESTROY messages are not sent.

Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
9d3a2260f0f4bd6379b0a0f131c743fff25b0029 28-Oct-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix buffer overflow checking in gss_encode_v0_msg/gss_encode_v1_msg

In gss_encode_v1_msg, it is pointless to BUG() after the overflow has
happened. Replace the existing sprintf()-based code with scnprintf(),
and warn if an overflow is ever triggered.

In gss_encode_v0_msg, replace the runtime BUG_ON() with an appropriate
compile-time BUILD_BUG_ON.

Reported-by: Bruce Fields <bfields@fieldses.org>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
5fccc5b52ee07d07a74ce53c6f174bff81e26a16 28-Oct-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: gss_alloc_msg - choose _either_ a v0 message or a v1 message

Add the missing 'break' to ensure that we don't corrupt a legacy 'v0' type
message by appending the 'v1'.

Cc: Bruce Fields <bfields@fieldses.org>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a0f6ed8ebe4f6d494ef70f67d4c0c153cbf59577 18-Sep-2013 J. Bruce Fields <bfields@redhat.com> RPCSEC_GSS: fix crash on destroying gss auth

This fixes a regression since eb6dc19d8e72ce3a957af5511d20c0db0a8bd007
"RPCSEC_GSS: Share all credential caches on a per-transport basis" which
could cause an occasional oops in the nfsd code (see below).

The problem was that an auth was left referencing a client that had been
freed. To avoid this we need to ensure that auths are shared only
between descendants of a common client; the fact that a clone of an
rpc_client takes a reference on its parent then ensures that the parent
client will last as long as the auth.

Also add a comment explaining what I think was the intention of this
code.

general protection fault: 0000 [#1] PREEMPT SMP
Modules linked in: rpcsec_gss_krb5 nfsd auth_rpcgss oid_registry nfs_acl lockd sunrpc
CPU: 3 PID: 4071 Comm: kworker/u8:2 Not tainted 3.11.0-rc2-00182-g025145f #1665
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: nfsd4_callbacks nfsd4_do_callback_rpc [nfsd]
task: ffff88003e206080 ti: ffff88003c384000 task.ti: ffff88003c384000
RIP: 0010:[<ffffffffa00001f3>] [<ffffffffa00001f3>] rpc_net_ns+0x53/0x70 [sunrpc]
RSP: 0000:ffff88003c385ab8 EFLAGS: 00010246
RAX: 6b6b6b6b6b6b6b6b RBX: ffff88003af9a800 RCX: 0000000000000002
RDX: ffffffffa00001a5 RSI: 0000000000000001 RDI: ffffffff81e284e0
RBP: ffff88003c385ad8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000015 R12: ffff88003c990840
R13: ffff88003c990878 R14: ffff88003c385ba8 R15: ffff88003e206080
FS: 0000000000000000(0000) GS:ffff88003fd80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fcdf737e000 CR3: 000000003ad2b000 CR4: 00000000000006e0
Stack:
ffffffffa00001a5 0000000000000006 0000000000000006 ffff88003af9a800
ffff88003c385b08 ffffffffa00d52a4 ffff88003c385ba8 ffff88003c751bd8
ffff88003c751bc0 ffff88003e113600 ffff88003c385b18 ffffffffa00d530c
Call Trace:
[<ffffffffa00001a5>] ? rpc_net_ns+0x5/0x70 [sunrpc]
[<ffffffffa00d52a4>] __gss_pipe_release+0x54/0x90 [auth_rpcgss]
[<ffffffffa00d530c>] gss_pipe_free+0x2c/0x30 [auth_rpcgss]
[<ffffffffa00d678b>] gss_destroy+0x9b/0xf0 [auth_rpcgss]
[<ffffffffa000de63>] rpcauth_release+0x23/0x30 [sunrpc]
[<ffffffffa0001e81>] rpc_release_client+0x51/0xb0 [sunrpc]
[<ffffffffa00020d5>] rpc_shutdown_client+0xe5/0x170 [sunrpc]
[<ffffffff81098a14>] ? cpuacct_charge+0xa4/0xb0
[<ffffffff81098975>] ? cpuacct_charge+0x5/0xb0
[<ffffffffa019556f>] nfsd4_process_cb_update.isra.17+0x2f/0x210 [nfsd]
[<ffffffff819a4ac0>] ? _raw_spin_unlock_irq+0x30/0x60
[<ffffffff819a4acb>] ? _raw_spin_unlock_irq+0x3b/0x60
[<ffffffff810703ab>] ? process_one_work+0x15b/0x510
[<ffffffffa01957dd>] nfsd4_do_callback_rpc+0x8d/0xa0 [nfsd]
[<ffffffff8107041e>] process_one_work+0x1ce/0x510
[<ffffffff810703ab>] ? process_one_work+0x15b/0x510
[<ffffffff810712ab>] worker_thread+0x11b/0x370
[<ffffffff81071190>] ? manage_workers.isra.24+0x2b0/0x2b0
[<ffffffff8107854b>] kthread+0xdb/0xe0
[<ffffffff819a4ac0>] ? _raw_spin_unlock_irq+0x30/0x60
[<ffffffff81078470>] ? __init_kthread_worker+0x70/0x70
[<ffffffff819ac7dc>] ret_from_fork+0x7c/0xb0
[<ffffffff81078470>] ? __init_kthread_worker+0x70/0x70
Code: a5 01 00 a0 31 d2 31 f6 48 c7 c7 e0 84 e2 81 e8 f4 91 0a e1 48 8b 43 60 48 c7 c2 a5 01 00 a0 be 01 00 00 00 48 c7 c7 e0 84 e2 81 <48> 8b 98 10 07 00 00 e8 91 8f 0a e1 e8
+3c 4e 07 e1 48 83 c4 18
RIP [<ffffffffa00001f3>] rpc_net_ns+0x53/0x70 [sunrpc]
RSP <ffff88003c385ab8>

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
23c323af0375a7f63732bed0386aba5935b8de69 12-Sep-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: No, I did not intend to create a 256KiB hashtable

Fix the declaration of the gss_auth_hash_table so that it creates
a 16 bucket hashtable, as I had intended.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
35fa5f7b35ca2076d594b2670a32d66dd3ae9eec 14-Aug-2013 Andy Adamson <andros@netapp.com> SUNRPC refactor rpcauth_checkverf error returns

Most of the time an error from the credops crvalidate function means the
server has sent us a garbage verifier. The gss_validate function is the
exception where there is an -EACCES case if the user GSS_context on the client
has expired.

Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
4de6caa270afaa381dd3373e9e6d148b1090e0ec 14-Aug-2013 Andy Adamson <andros@netapp.com> SUNRPC new rpc_credops to test credential expiry

This patch provides the RPC layer helper functions to allow NFS to manage
data in the face of expired credentials - such as avoiding buffered WRITEs
and COMMITs when the gss context will expire before the WRITEs are flushed
and COMMITs are sent.

These helper functions enable checking the expiration of an underlying
credential key for a generic rpc credential, e.g. the gss_cred gss context
gc_expiry which for Kerberos is set to the remaining TGT lifetime.

A new rpc_authops key_timeout is only defined for the generic auth.
A new rpc_credops crkey_to_expire is only defined for the generic cred.
A new rpc_credops crkey_timeout is only defined for the gss cred.

Set a credential key expiry watermark, RPC_KEY_EXPIRE_TIMEO set to 240 seconds
as a default and can be set via a module parameter as we need to ensure there
is time for any dirty data to be flushed.

If key_timeout is called on a credential with an underlying credential key that
will expire within watermark seconds, we set the RPC_CRED_KEY_EXPIRE_SOON
flag in the generic_cred acred so that the NFS layer can clean up prior to
key expiration.

Checking a generic credential's underlying credential involves a cred lookup.
To avoid this lookup in the normal case when the underlying credential has
a key that is valid (before the watermark), a notify flag is set in
the generic credential the first time the key_timeout is called. The
generic credential then stops checking the underlying credential key expiry, and
the underlying credential (gss_cred) match routine then checks the key
expiration upon each normal use and sets a flag in the associated generic
credential only when the key expiration is within the watermark.
This in turn signals the generic credential key_timeout to perform the extra
credential lookup thereafter.

Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
eb6dc19d8e72ce3a957af5511d20c0db0a8bd007 28-Aug-2013 Trond Myklebust <Trond.Myklebust@netapp.com> RPCSEC_GSS: Share all credential caches on a per-transport basis

Ensure that all struct rpc_clnt for any given socket/rdma channel
share the same RPCSEC_GSS/krb5,krb5i,krb5p caches.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
414a629598409497c05f2387c22c77dee143b4ff 27-Aug-2013 Trond Myklebust <Trond.Myklebust@netapp.com> RPCSEC_GSS: Share rpc_pipes when an rpc_clnt owns multiple rpcsec auth caches

Ensure that if an rpc_clnt owns more than one RPCSEC_GSS-based authentication
mechanism, then those caches will share the same 'gssd' upcall pipe.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
1917228435eebdf4e3267fa95cace694b2fb4efd 26-Aug-2013 Trond Myklebust <Trond.Myklebust@netapp.com> RPCSEC_GSS: Switch auth_gss to use the new framework for pipefs dentries

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
6b2fddd3e7f7cd437fb234407d7504fd22caf064 26-Aug-2013 Trond Myklebust <Trond.Myklebust@netapp.com> RPCSEC_GSS: Fix an Oopsable condition when creating/destroying pipefs objects

If an error condition occurs on rpc_pipefs creation, or the user mounts
rpc_pipefs and then unmounts it, then the dentries in struct gss_auth
need to be reset to NULL so that a second call to gss_pipes_dentries_destroy
doesn't try to free them again.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
e726340ac9cf6bb5b3f92a064664e10cd2b748de 23-Aug-2013 Trond Myklebust <Trond.Myklebust@netapp.com> RPCSEC_GSS: Further cleanups

Don't pass the rpc_client as a parameter, when what we really want is
the net namespace.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
c2190661039b3817b4cc1cbfea620b3f7dbe5cd8 27-Aug-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Replace clnt->cl_principal

The clnt->cl_principal is being used exclusively to store the service
target name for RPCSEC_GSS/krb5 callbacks. Replace it with something that
is stored only in the RPCSEC_GSS-specific code.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
bd4a3eb15bb42296e61d0fd16f2c7f8cc171b681 23-Aug-2013 Trond Myklebust <Trond.Myklebust@netapp.com> RPCSEC_GSS: Clean up upcall message allocation

Optimise away gss_encode_msg: we don't need to look up the pipe
version a second time.

Save the gss target name in struct gss_auth. It is a property of the
auth cache itself, and doesn't really belong in the rpc_client.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2aed8b476f3478be140df92bbfb182978e835504 15-May-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Convert auth_gss pipe detection to work in namespaces

This seems to have been overlooked when we did the namespace
conversion. If a container is running a legacy version of rpc.gssd
then it will be disrupted if the global 'pipe_version' is set by a
container running the new version of rpc.gssd.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
abfdbd53a4e28844ad953b313f017f55edbb85b7 15-May-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Faster detection if gssd is actually running

Recent changes to the NFS security flavour negotiation mean that
we have a stronger dependency on rpc.gssd. If the latter is not
running, because the user failed to start it, then we time out
and mark the container as not having an instance. We then
use that information to time out faster the next time.

If, on the other hand, the rpc.gssd successfully binds to an rpc_pipe,
then we mark the container as having an rpc.gssd instance.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
d36ccb9cec22a09a12d9ef8234d634f840d7ae4b 15-May-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix a bug in gss_create_upcall

If wait_event_interruptible_timeout() is successful, it returns
the number of seconds remaining until the timeout. In that
case, we should be retrying the upcall.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
9b1d75b75505cff4468ceba0da51a1ba47e15ea2 01-May-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Don't spam syslog with "Pseudoflavor not found" messages

Just convert those messages to dprintk()s so that they can be used
when debugging.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
400f26b542e86995662a0cc5483656b7b1f42af6 26-May-2012 Simo Sorce <simo@redhat.com> SUNRPC: conditionally return endtime from import_sec_context

We expose this parameter for a future caller.
It will be used to extract the endtime from the gss-proxy upcall mechanism,
in order to set the rsc cache expiration time.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
a77c806fb9d097bb7733b64207cf52fc2c6438bb 16-Mar-2013 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Refactor nfsd4_do_encode_secinfo()

Clean up. This matches a similar API for the client side, and
keeps ULP fingers out the of the GSS mech switch.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
9568c5e9a61de49f67f524404a27a1014a8d7f1e 16-Mar-2013 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Introduce rpcauth_get_pseudoflavor()

A SECINFO reply may contain flavors whose kernel module is not
yet loaded by the client's kernel. A new RPC client API, called
rpcauth_get_pseudoflavor(), is introduced to do proper checking
for support of a security flavor.

When this API is invoked, the RPC client now tries to load the
module for each flavor first before performing the "is this
supported?" check. This means if a module is available on the
client, but has not been loaded yet, it will be loaded and
registered automatically when the SECINFO reply is processed.

The new API can take a full GSS tuple (OID, QoP, and service).
Previously only the OID and service were considered.

nfs_find_best_sec() is updated to verify all flavors requested in a
SECINFO reply, including AUTH_NULL and AUTH_UNIX. Previously these
two flavors were simply assumed to be supported without consulting
the RPC client.

Note that the replaced version of nfs_find_best_sec() can return
RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an
unsupported "service" value. nfs_find_best_sec() now returns
RPC_AUTH_UNIX in this case.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
71afa85e798ebc81054164c947b189d163c92b30 16-Mar-2013 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Missing module alias for auth_rpcgss.ko

Commit f344f6df "SUNRPC: Auto-load RPC authentication kernel
modules", Mon Mar 20 13:44:08 2006, adds a request_module() call
in rpcauth_create() to auto-load RPC security modules when a ULP
tries to create a credential of that flavor.

In rpcauth_create(), the name of the module to load is built like
this:

request_module("rpc-auth-%u", flavor);

This means that for, say, RPC_AUTH_GSS, request_module() is looking
for a module or alias called "rpc-auth-6".

The GSS module is named "auth_rpcgss", and commit f344f6df does not
add any new module aliases. There is also no such alias provided in
/etc/modprobe.d on my system (Fedora 16). Without this alias, the
GSS module is not loaded on demand.

This is used by rpcauth_create(). The pseudoflavor_to_flavor() call
can return RPC_AUTH_GSS, which is passed to request_module().

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
496ad9aa8ef448058e36ca7a787c61f2e63f0f54 23-Jan-2013 Al Viro <viro@zeniv.linux.org.uk> new helper: file_inode(file)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
173db3093474e7691f2c2f3136313565bd366f6c 07-Feb-2013 Jeff Layton <jlayton@redhat.com> sunrpc: silence build warning in gss_fill_context

Since commit 620038f6d23, gcc is throwing the following warning:

CC [M] net/sunrpc/auth_gss/auth_gss.o
In file included from include/linux/sunrpc/types.h:14:0,
from include/linux/sunrpc/sched.h:14,
from include/linux/sunrpc/clnt.h:18,
from net/sunrpc/auth_gss/auth_gss.c:45:
net/sunrpc/auth_gss/auth_gss.c: In function ‘gss_pipe_downcall’:
include/linux/sunrpc/debug.h:45:10: warning: ‘timeout’ may be used
uninitialized in this function [-Wmaybe-uninitialized]
printk(KERN_DEFAULT args); \
^
net/sunrpc/auth_gss/auth_gss.c:194:15: note: ‘timeout’ was declared here
unsigned int timeout;
^
If simple_get_bytes returns an error, then we'll end up calling printk
with an uninitialized timeout value. Reasonably harmless, but fairly
simple to fix by removing the printout of the uninitialised parameters.

Cc: Andy Adamson <andros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
[Trond: just remove the parameters rather than initialising timeout]
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
90602c7b192fdd3e6b7c7623479f4bc86ed7ee34 02-Feb-2013 Eric W. Biederman <ebiederm@xmission.com> sunrpc: Update gss uid to security context mapping.

- Use from_kuid when generating the on the wire uid values.
- Use make_kuid when reading on the wire values.

In gss_encode_v0_msg, since the uid in gss_upcall_msg is now a kuid_t
generate the necessary uid_t value on the stack copy it into
gss_msg->databuf where it can safely live until the message is no
longer needed.

Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
cdba321e291f0fbf5abda4d88340292b858e3d4d 02-Feb-2013 Eric W. Biederman <ebiederm@xmission.com> sunrpc: Convert kuids and kgids to uids and gids for printing

When printing kuids and kgids for debugging purpropses convert them
to ordinary integers so their values can be fed to the oridnary
print functions.

Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
0b4d51b02a2e941beec6f02a6c7a32c5a28c5b43 02-Feb-2013 Eric W. Biederman <ebiederm@xmission.com> sunrpc: Use uid_eq and gid_eq where appropriate

When comparing uids use uid_eq instead of ==.
When comparing gids use gid_eq instead of ==.

And unfortunate cost of type safety.

Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
7eaf040b720bc8c0ce5cd49151ca194ca2d56842 02-Feb-2013 Eric W. Biederman <ebiederm@xmission.com> sunrpc: Use kuid_t and kgid_t where appropriate

Convert variables that store uids and gids to be of type
kuid_t and kgid_t instead of type uid_t and gid_t.

Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
a4f0835c604f80f945ab3e72ffd00547145c4b2b 08-Jan-2013 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Eliminate task->tk_xprt accesses that bypass rcu_dereference()

tk_xprt is just a shortcut for tk_client->cl_xprt, however cl_xprt is
defined as an __rcu variable. Replace dereferences of tk_xprt with
non-rcu dereferences where it is safe to do so.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
620038f6d2304475dce800dc5c75fc335a19613a 27-Nov-2012 Andy Adamson <andros@netapp.com> SUNRPC set gss gc_expiry to full lifetime

Only use the default GSSD_MIN_TIMEOUT if the gss downcall timeout is zero.
Store the full lifetime in gc_expiry (not 3/4 of the lifetime) as subsequent
patches will use the gc_expiry to determine buffered WRITE behavior in the
face of expired or soon to be expired gss credentials.

Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
632f0d0503accb8ab749a1165af99d344579c37b 14-Sep-2012 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Use __func__ in dprintk() in auth_gss.c

Clean up: Some function names have changed, but debugging messages
were never updated. Automate the construction of the function name
in debugging messages.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
6a1a1e34dc55f17e7bd260809207442dbb7a0296 11-Jul-2012 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Add rpcauth_list_flavors()

The gss_mech_list_pseudoflavors() function provides a list of
currently registered GSS pseudoflavors. This list does not include
any non-GSS flavors that have been registered with the RPC client.
nfs4_find_root_sec() currently adds these extra flavors by hand.

Instead, nfs4_find_root_sec() should be looking at the set of flavors
that have been explicitly registered via rpcauth_register(). And,
other areas of code will soon need the same kind of list that
contains all flavors the kernel currently knows about (see below).

Rather than cloning the open-coded logic in nfs4_find_root_sec() to
those new places, introduce a generic RPC function that generates a
full list of registered auth flavors and pseudoflavors.

A new rpc_authops method is added that lists a flavor's
pseudoflavors, if it has any. I encountered an interesting module
loader loop when I tried to get the RPC client to invoke
gss_mech_list_pseudoflavors() by name.

This patch is a pre-requisite for server trunking discovery, and a
pre-requisite for fixing up the in-kernel mount client to do better
automatic security flavor selection.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2446ab6070861aba2dd9229463ffbc40016a9f33 01-Mar-2012 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Use RCU to dereference the rpc_clnt.cl_xprt field

A migration event will replace the rpc_xprt used by an rpc_clnt. To
ensure this can be done safely, all references to cl_xprt must now use
a form of rcu_dereference().

Special care is taken with rpc_peeraddr2str(), which returns a pointer
to memory whose lifetime is the same as the rpc_xprt.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
[ cel: fix lockdep splats and layering violations ]
[ cel: forward ported to 3.4 ]
[ cel: remove rpc_max_reqs(), add rpc_net_ns() ]
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a1db410d0bbadc49943f0fcddb21702ceb429396 19-Jan-2012 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: create GSS auth cache per network namespace

This patch makes GSS auth cache details allocated and registered per network
namespace context.
Thus with this patch rsi_cache and rsc_cache contents for network namespace "X"
are controlled from proc file system mount for the same network namespace "X".

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@redhat.com>
30507f58ce11e7664512059c708347d7a7d75271 11-Jan-2012 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: remove RPC PipeFS mount point reference from RPC client

This is a cleanup patch. We don't need this reference anymore.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
80df9d202255071c8ec610a6a3fdca5cac69f7bd 11-Jan-2012 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: subscribe RPC clients to pipefs notifications

This patch subscribes RPC clients to RPC pipefs notifications. RPC clients
notifier block is registering with pipefs initialization during SUNRPC module
init.
This notifier callback is responsible for RPC client PipeFS directory and GSS
pipes creation. For pipes creation and destruction two additional callbacks
were added to struct rpc_authops.
Note that no locking required in notifier callback because PipeFS superblock
pointer is passed as an argument from it's creation or destruction routine and
thus we can be sure about it's validity.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
ccdc28f81c91f7ef2dc6c28d27f50264b19e4dd5 11-Jan-2012 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: handle GSS AUTH pipes by network namespace aware routines

This patch makes RPC GSS PipeFs pipes allocated in it's RPC client owner
network namespace context.
Pipes creation and destruction now done in separated functions, which takes
care about PipeFS superblock locking.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
c239d83b9921b8a8005a3bcd23000cfe18acf5c2 26-Dec-2011 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: split SUNPRC PipeFS dentry and private pipe data creation

This patch is a final step towards to removing PipeFS inode references from
kernel code other than PipeFS itself. It makes all kernel SUNRPC PipeFS users
depends on pipe private data, which state depend on their specific operations,
etc.
This patch completes SUNRPC PipeFS preparations and allows to create pipe
private data and PipeFS dentries independently.
Next step will be making SUNPRC PipeFS dentries allocated by SUNRPC PipeFS
network namespace aware routines.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
9beae4677de76cfa4ce8899dc8cd1a1cf8cd8332 26-Dec-2011 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: cleanup GSS pipes usage

Currently gss auth holds RPC inode pointer which is now redundant since it
requires only pipes operations which takes private pipe data as an argument.
Thus this code can be cleaned and all references to RPC inode can be replaced
with privtae pipe data references.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
d706ed1f50d3f7fae61a177183562179abe8e4bb 26-Dec-2011 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNPRC: cleanup RPC PipeFS pipes upcall interface

RPC pipe upcall doesn't requires only private pipe data. Thus RPC inode
references in this code can be removed.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
ba9e097593f371ebd102580a0c5b1b2cf55636a0 26-Dec-2011 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: split SUNPRC PipeFS pipe data and inode creation

Generally, pipe data is used only for pipes, and thus allocating space for it
on every RPC inode allocation is redundant. This patch splits private SUNRPC
PipeFS pipe data and inode, makes pipe data allocated only for pipe inodes.
This patch is also is a next step towards to to removing PipeFS inode
references from kernel code other than PipeFS itself.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
766347bec3490111e1c4482af7c7394868c2aed1 26-Dec-2011 Stanislav Kinsbursky <skinsbursky@parallels.com> SUNRPC: replace inode lock with pipe lock for RPC PipeFS operations

Currenly, inode i_lock is used to provide concurrent access to SUNPRC PipeFS
pipes. It looks redundant, since now other use of inode is present in most of
these places and thus can be easely replaced, which will allow to remove most
of inode references from PipeFS code. This is a first step towards to removing
PipeFS inode references from kernel code other than PipeFS itself.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
cf778b00e96df6d64f8e21b8395d1f8a859ecdc7 12-Jan-2012 Eric Dumazet <eric.dumazet@gmail.com> net: reintroduce missing rcu_assign_pointer() calls

commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to
RCU_INIT_POINTER) did a lot of incorrect changes, since it did a
complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x,
y).

We miss needed barriers, even on x86, when y is not NULL.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Stephen Hemminger <shemminger@vyatta.com>
CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
68c97153fb7f2877f98aa6c29546381d9cad2fed 03-Jan-2012 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Clean up the RPCSEC_GSS service ticket requests

Instead of hacking specific service names into gss_encode_v1_msg, we should
just allow the caller to specify the service name explicitly.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@redhat.com>
c1225158a8dad9e9d5eee8a17dbbd9c7cda05ab9 23-Sep-2011 Peng Tao <bergwolf@gmail.com> SUNRPC/NFS: make rpc pipe upcall generic

The same function is used by idmap, gss and blocklayout code. Make it
generic.

Signed-off-by: Peng Tao <peng_tao@emc.com>
Signed-off-by: Jim Rees <rees@umich.edu>
Cc: stable@kernel.org [3.0]
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a9b3cd7f323b2e57593e7215362a7b02fc933e3a 01-Aug-2011 Stephen Hemminger <shemminger@vyatta.com> rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER

When assigning a NULL value to an RCU protected pointer, no barrier
is needed. The rcu_assign_pointer, used to handle that but will soon
change to not handle the special case.

Convert all rcu_assign_pointer of NULL value.

//smpl
@@ expression P; @@

- rcu_assign_pointer(P, NULL)
+ RCU_INIT_POINTER(P, NULL)

// </smpl>

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
89f0e4feafb64643b0f0aba9d89984362bac9739 01-Jul-2011 Joe Perches <joe@perches.com> sunrpc: Reduce switch/case indent

Make the case labels the same indent as the switch.

git diff -w shows 80 column line reflowing.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5afa9133cfe67f1bfead6049a9640c9262a7101c 17-Jun-2011 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Ensure the RPC client only quits on fatal signals

Fix a couple of instances where we were exiting the RPC client on
arbitrary signals. We should only do so on fatal signals.

Cc: stable@kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
d1a8016a2d1e75021ecc8715e3c81442d7218eb6 13-Apr-2011 Bryan Schumaker <bjschuma@netapp.com> NFS: Fix infinite loop in gss_create_upcall()

There can be an infinite loop if gss_create_upcall() is called without
the userspace program running. To prevent this, we return -EACCES if
we notice that pipe_version hasn't changed (indicating that the pipe
has not been opened).

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
f8628220bb395104697be9c447c1085846dfc97c 03-Mar-2011 Kevin Coffman <kwc@citi.umich.edu> gss:krb5 only include enctype numbers in gm_upcall_enctypes

Make the value in gm_upcall_enctypes just the enctype values.
This allows the values to be used more easily elsewhere.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
540c8cb6a576f34a9a0b04467f46bb6e67a1f852 03-Mar-2011 Kevin Coffman <kwc@citi.umich.edu> gss:krb5 only include enctype numbers in gm_upcall_enctypes

Make the value in gm_upcall_enctypes just the enctype values.
This allows the values to be used more easily elsewhere.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
bf2695516db982e90a22fc94f93491b481796bb1 14-Dec-2010 Chuck Lever <chuck.lever@oracle.com> SUNRPC: New xdr_streams XDR decoder API

Now that all client-side XDR decoder routines use xdr_streams, there
should be no need to support the legacy calling sequence [rpc_rqst *,
__be32 *, RPC res *] anywhere. We can construct an xdr_stream in the
generic RPC code, instead of in each decoder function.

This is a refactoring change. It should not cause different behavior.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Tested-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
9f06c719f474be7003763284a990bed6377bb0d4 14-Dec-2010 Chuck Lever <chuck.lever@oracle.com> SUNRPC: New xdr_streams XDR encoder API

Now that all client-side XDR encoder routines use xdr_streams, there
should be no need to support the legacy calling sequence [rpc_rqst *,
__be32 *, RPC arg *] anywhere. We can construct an xdr_stream in the
generic RPC code, instead of in each encoder function.

Also, all the client-side encoder functions return 0 now, making a
return value superfluous. Take this opportunity to convert them to
return void instead.

This is a refactoring change. It should not cause different behavior.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Tested-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a02cec2155fbea457eca8881870fd2de1a4c4c76 22-Sep-2010 Eric Dumazet <eric.dumazet@gmail.com> net: return operator cleanup

Change "return (EXPR);" to "return EXPR;"

return is not a function, parentheses are not required.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5a67657a2e90c9e4a48518f95d4ba7777aa20fbb 13-Sep-2010 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix race corrupting rpc upcall

If rpc_queue_upcall() adds a new upcall to the rpci->pipe list just
after rpc_pipe_release calls rpc_purge_list(), but before it calls
gss_pipe_release (as rpci->ops->release_pipe(inode)), then the latter
will free a message without deleting it from the rpci->pipe list.

We will be left with a freed object on the rpc->pipe list. Most
frequent symptoms are kernel crashes in rpc.gssd system calls on the
pipe in question.

Reported-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@kernel.org
0d8a374673c9bc62bc78a2d8fe64553a51542cb4 02-Aug-2010 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Defer deleting the security context until gss_do_free_ctx()

There is no need to delete the gss context separately from the rest
of the security context information, and doing so gives rise to a
an rcu_dereference_check() warning.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a17c2153d2e271b0cbacae9bed83b0eaa41db7e1 31-Jul-2010 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Move the bound cred to struct rpc_rqst

This will allow us to save the original generic cred in rpc_message, so
that if we migrate from one server to another, we can generate a new bound
cred without having to punt back to the NFS layer.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
126e216a8730532dfb685205309275f87e3d133e 13-May-2010 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Don't spam gssd with upcall requests when the kerberos key expired

Now that the rpc.gssd daemon can explicitly tell us that the key expired,
we should cache that information to avoid spamming gssd.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
1f4c86c0be9064ab4eebd9e67c84606c1cfeec4b 13-May-2010 Trond Myklebust <Trond.Myklebust@netapp.com> NFS: Don't use GFP_KERNEL in rpcsec_gss downcalls

Again, we can deadlock if the memory reclaim triggers a writeback that
requires a rpcsec_gss credential lookup.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
683ac6656cb05b6e83593770ffc049eee4a4d119 08-Apr-2010 Trond Myklebust <Trond.Myklebust@netapp.com> gss_krb5: Add upcall info indicating supported kerberos enctypes

The text based upcall now indicates which Kerberos encryption types are
supported by the kernel rpcsecgss code. This is used by gssd to
determine which encryption types it should attempt to negotiate
when creating a context with a server.

The server principal's database and keytab encryption types are
what limits what it should negotiate. Therefore, its keytab
should be created with only the enctypes listed by this file.

Currently we support des-cbc-crc, des-cbc-md4 and des-cbc-md5

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
7561042fb7870be0b4ee57efddce68bda8968abf 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: Added and improved code comments

Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
725f2865d4df31ac0768b13ae763beadc4bb8ce9 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: Introduce encryption type framework

Make the client and server code consistent regarding the extra buffer
space made available for the auth code when wrapping data.

Add some comments/documentation about the available buffer space
in the xdr_buf head and tail when gss_wrap is called.

Add a compile-time check to make sure we are not exceeding the available
buffer space.

Add a central function to shift head data.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
cdead7cf12896c0e50a8be2e52de52c364603095 19-Mar-2010 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix a potential memory leak in auth_gss

The function alloc_enc_pages() currently fails to release the pointer
rqstp->rq_enc_pages in the error path.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: stable@kernel.org
dc5ddce956660247e004a4b20a26b7d137ab1644 07-Jan-2010 Jeff Layton <jlayton@redhat.com> sunrpc: parse and return errors reported by gssd

The kernel currently ignores any error code sent by gssd and always
considers it to be -EACCES. In order to better handle the situation of
an expired KRB5 TGT, the kernel needs to be able to parse and deal with
the errors that gssd sends. Aside from -EACCES the only error we care
about is -EKEYEXPIRED, which we're using to indicate that the upper
layers should retry the call a little later.

To maintain backward compatibility with older gssd's, any error other
than -EKEYEXPIRED is interpreted as -EACCES.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
6c8530993e1fdf1d6af0403e796fe14d80b4b097 06-Jan-2010 Randy Dunlap <randy.dunlap@oracle.com> sunrpc: fix build-time warning

Fix auth_gss printk format warning:

net/sunrpc/auth_gss/auth_gss.c:660: warning: format '%ld' expects type 'long int', but argument 3 has type 'ssize_t'

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
486bad2e40e938cd68fd853b7a9fa3115a9d3a4a 18-Dec-2009 Jeff Layton <jlayton@redhat.com> sunrpc: on successful gss error pipe write, don't return error

When handling the gssd downcall, the kernel should distinguish between a
successful downcall that contains an error code and a failed downcall
(i.e. where the parsing failed or some other sort of problem occurred).

In the former case, gss_pipe_downcall should be returning the number of
bytes written to the pipe instead of an error. In the event of other
errors, we generally want the initiating task to retry the upcall so
we set msg.errno to -EAGAIN. An unexpected error code here is a bug
however, so BUG() in that case.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
053e324f67b9921fe7de0c4cbc720d29cb4bf207 09-Dec-2009 Suresh Jayaraman <sjayaraman@suse.de> rpc: remove unneeded function parameter in gss_add_msg()

The pointer to struct gss_auth parameter in gss_add_msg is not really needed
after commit 5b7ddd4a. Zap it.

Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
480e3243df156e39eea6c91057e2ae612a6bbe19 08-Dec-2009 Roel Kluin <roel.kluin@gmail.com> SUNRPC: IS_ERR/PTR_ERR confusion

IS_ERR returns 1 or 0, PTR_ERR returns the error value.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
7d217caca5d704e48aa5e59aba0b3ad4c7af4fd2 09-Aug-2009 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Replace rpc_client->cl_dentry and cl_mnt, with a cl_path

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
b693ba4a338da15db1db4b5ebaa36e4ab9781c82 09-Aug-2009 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Constify rpc_pipe_ops...

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
bf12691d846b48fa6e3289810a822687457036cf 08-Jun-2009 Jesper Dangaard Brouer <hawk@comx.dk> sunrpc/auth_gss: Call rcu_barrier() on module unload.

As the module uses rcu_call() we should make sure that all
rcu callback has been completed before removing the code.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2efef7080f471d312a9c4feb3dc5ee038039c7ed 23-Dec-2008 Olga Kornievskaia <aglo@citi.umich.edu> rpc: add service field to new upcall

This patch extends the new upcall with a "service" field that currently
can have 2 values: "*" or "nfs". These values specify matching rules for
principals in the keytab file. The "*" means that gssd is allowed to use
"root", "nfs", or "host" keytab entries while the other option requires
"nfs".

Restricting gssd to use the "nfs" principal is needed for when the
server performs a callback to the client. The server in this case has
to authenticate itself as an "nfs" principal.

We also need "service" field to distiguish between two client-side cases
both currently using a uid of 0: the case of regular file access by the
root user, and the case of state-management calls (such as setclientid)
which should use a keytab for authentication. (And the upcall should
fail if an appropriate principal can't be found.)

Signed-off: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
8b1c7bf5b624c9bc91b41ae577b9fc5c21641705 23-Dec-2008 Olga Kornievskaia <aglo@citi.umich.edu> rpc: add target field to new upcall

This patch extends the new upcall by adding a "target" field
communicating who we want to authenticate to (equivalently, the service
principal that we want to acquire a ticket for).

Signed-off: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
34769fc488b463cb753fc632f8f5ba56c918b7cb 23-Dec-2008 \"J. Bruce Fields\ <bfields@citi.umich.edu> rpc: implement new upcall

Implement the new upcall. We decide which version of the upcall gssd
will use (new or old), by creating both pipes (the new one named "gssd",
the old one named after the mechanism (e.g., "krb5")), and then waiting
to see which version gssd actually opens.

We don't permit pipes of the two different types to be opened at once.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
5b7ddd4a7b19f913901140ef7807dbf5e2b301cd 23-Dec-2008 \"J. Bruce Fields\ <bfields@citi.umich.edu> rpc: store pointer to pipe inode in gss upcall message

Keep a pointer to the inode that the message is queued on in the struct
gss_upcall_msg. This will be convenient, especially after we have a
choice of two pipes that an upcall could be queued on.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
79a3f20b641f9f93787ada49d1d7cfa98ee5a11e 23-Dec-2008 \"J. Bruce Fields\ <bfields@citi.umich.edu> rpc: use count of pipe openers to wait for first open

Introduce a global variable pipe_version which will eventually be used
to keep track of which version of the upcall gssd is using.

For now, though, it only keeps track of whether any pipe is open or not;
it is negative if not, zero if one is opened. We use this to wait for
the first gssd to open a pipe.

(Minor digression: note this waits only for the very first open of any
pipe, not for the first open of a pipe for a given auth; thus we still
need the RPC_PIPE_WAIT_FOR_OPEN behavior to wait for gssd to open new
pipes that pop up on subsequent mounts.)

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
cf81939d6fcdf381fcb069d780c29eceb516bccd 23-Dec-2008 \"J. Bruce Fields\ <bfields@citi.umich.edu> rpc: track number of users of the gss upcall pipe

Keep a count of the number of pipes open plus the number of messages on
a pipe. This count isn't used yet.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
db75b3d6b5b0dad29860370618ea94d2726641b4 23-Dec-2008 \"J. Bruce Fields\ <bfields@citi.umich.edu> rpc: minor gss_alloc_msg cleanup

I want to add a little more code here, so it'll be convenient to have
this flatter.

Also, I'll want to add another error condition, so it'll be more
convenient to return -ENOMEM than NULL in the error case. The only
caller is already converting NULL to -ENOMEM anyway.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
b03568c32226163cb3588ea8993adb268ed497a5 23-Dec-2008 \"J. Bruce Fields\ <bfields@citi.umich.edu> rpc: factor out warning code from gss_pipe_destroy_msg

We'll want to call this from elsewhere soon. And this is a bit nicer
anyway.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
99db35636842ede13bf3b6bf1a8d8f4f1c4c93bf 23-Dec-2008 \"J. Bruce Fields\ <bfields@citi.umich.edu> rpc: remove unnecessary assignment

We're just about to kfree() gss_auth, so there's no point to setting any
of its fields.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
6dcd3926b214a1fb081df18305921dedae269977 23-Dec-2008 Jeff Layton <jlayton@redhat.com> sunrpc: fix code that makes auth_gss send destroy_cred message (try #2)

There's a bit of a chicken and egg problem when it comes to destroying
auth_gss credentials. When we destroy the last instance of a GSSAPI RPC
credential, we should send a NULL RPC call with a GSS procedure of
RPCSEC_GSS_DESTROY to hint to the server that it can destroy those
creds.

This isn't happening because we're setting clearing the uptodate bit on
the credentials and then setting the operations to the gss_nullops. When
we go to do the RPC call, we try to refresh the creds. That fails with
-EACCES and the call fails.

Fix this by not clearing the UPTODATE bit for the credentials and adding
a new crdestroy op for gss_nullops that just tears down the cred without
trying to destroy the context.

The only difference between this patch and the first one is the removal
of some minor formatting deltas.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
88a9fe8cae3bb52e82489447f45e8d7ba1409ca8 23-Dec-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Remove the last remnant of the BKL...

Somehow, this escaped the previous purge. There should be no need to keep
any extra locks in the XDR callbacks.

The NFS client XDR code only writes into private objects, whereas all reads
of shared objects are confined to fields that do not change, such as
filehandles...

Ditto for lockd, the NFSv2/v3 client mount code, and rpcbind.

The nfsd XDR code may require the BKL, but since it does a synchronous RPC
call from a thread that already holds the lock, that issue is moot.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
d25a03cf966f2cf9990dc0bf2a921a554919ea34 09-Jun-2008 \\\"J. Bruce Fields\\\ <bfields@citi.umich.edu> rpc: remove some unused macros

There used to be a print_hexl() function that used isprint(), now gone.
I don't know why NFS_NGROUPS and CA_RUN_AS_MACHINE were here.

I also don't know why another #define that's actually used was marked
"unused".

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
720b8f2d6f7de9e16f1217448cc7396e1604e175 09-Jun-2008 \\\"J. Bruce Fields\\\ <bfields@citi.umich.edu> rpc: eliminate unused variable in auth_gss upcall code

Also, a minor comment grammar fix in the same file.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
0f38b873aeaae698c3693748438547c8493165fb 11-Jun-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Use GFP_NOFS when allocating credentials

Since the credentials may be allocated during the call to rpc_new_task(),
which again may be called by a memory allocator...

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
0b040829952d84bf2a62526f0e24b624e0699447 11-Jun-2008 Adrian Bunk <bunk@kernel.org> net: remove CVS keywords

This patch removes CVS keywords that weren't updated for a long time
from comments.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
cd019f7517206a74d8cdb64d5c82b1f76be608cc 17-Apr-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Don't change the RPCSEC_GSS context on a credential that is in use

When a server rejects our credential with an AUTH_REJECTEDCRED or similar,
we need to refresh the credential and then retry the request.
However, we do want to allow any requests that are in flight to finish
executing, so that we can at least attempt to process the replies that
depend on this instance of the credential.

The solution is to ensure that gss_refresh() looks up an entirely new
RPCSEC_GSS credential instead of attempting to create a context for the
existing invalid credential.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
7b6962b0a6000df48c8a5fd967d262f77704101b 17-Apr-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix a race in gss_refresh_upcall()

If the downcall completes before we get the spin_lock then we currently
fail to refresh the credential.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
7c67db3a8a98045744f06fcd6d8f476d9df0ba5c 08-Apr-2008 Trond Myklebust <Trond.Myklebust@netapp.com> NFSv4: Reintroduce machine creds

We need to try to ensure that we always use the same credentials whenever
we re-establish the clientid on the server. If not, the server won't
recognise that we're the same client, and so may not allow us to recover
state.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
78ea323be6380a9313e87fe241809e912e8ae401 08-Apr-2008 Trond Myklebust <Trond.Myklebust@netapp.com> NFSv4: Don't use cred->cr_ops->cr_name in nfs4_proc_setclientid()

With the recent change to generic creds, we can no longer use
cred->cr_ops->cr_name to distinguish between RPCSEC_GSS principals and
AUTH_SYS/AUTH_NULL identities. Replace it with the rpc_authops->au_name
instead...

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
080a1f148df0615f7a610e4776dd8f3fb706f54f 19-Apr-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Don't attempt to destroy expired RPCSEC_GSS credentials..

..and always destroy using a 'soft' RPC call. Destroying GSS credentials
isn't mandatory; the server can always cope with a few credentials not
getting destroyed in a timely fashion.

This actually fixes a hang situation. Basically, some servers will decide
that the client is crazy if it tries to destroy an RPC context for which
they have sent an RPCSEC_GSS_CREDPROBLEM, and so will refuse to talk to it
for a while.
The regression therefor probably was introduced by commit
0df7fb74fbb709591301871a38aac7735a1d6583.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
5c691044ecbca04dd558fca4c754121689fe1b34 12-Mar-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Add an rpc_credop callback for binding a credential to an rpc_task

We need the ability to treat 'generic' creds specially, since they want to
bind instances of the auth cred instead of binding themselves.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
0dc47877a3de00ceadea0005189656ae8dc52669 06-Mar-2008 Harvey Harrison <harvey.harrison@gmail.com> net: replace remaining __FUNCTION__ occurrences

__FUNCTION__ is gcc-specific, use __func__

Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
f6a1cc89309f0ae847a9b6fe418d1c4215e5bc55 22-Feb-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Add a (empty for the moment) destructor for rpc_wait_queues

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
5d00837b90340af9106dcd93af75fd664c8eb87f 22-Feb-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Run rpc timeout functions as callbacks instead of in softirqs

An audit of the current RPC timeout functions shows that they don't really
ever need to run in the softirq context. As long as the softirq is
able to signal that the wakeup is due to a timeout (which it can do by
setting task->tk_status to -ETIMEDOUT) then the callback functions can just
run as standard task->tk_callback functions (in the rpciod/process
context).

The only possible border-line case would be xprt_timer() for the case of
UDP, when the callback is used to reduce the size of the transport
congestion window. In testing, however, the effect of moving that update
to a callback would appear to be minor.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
7df089952fca41cb336733e1167c0a25e5a025d8 20-Dec-2007 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Fix use of copy_to_user() in gss_pipe_upcall()

The gss_pipe_upcall() function expects the copy_to_user() function to
return a negative error value if the call fails, but copy_to_user()
returns an unsigned long number of bytes that couldn't be copied.

Can rpc_pipefs actually retry a partially completed upcall read? If
not, then gss_pipe_upcall() should punt any partial read, just like the
upcall logic in net/sunrpc/cache.c.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
3392c34922130d1dca9ad436c358330daa85e94e 26-Dec-2007 James Morris <jmorris@namei.org> NFS: add newline to kernel warning message in auth_gss code

Add newline to kernel warning message in gss_create().

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
014313a9d66272ed37b9ebd64c3f30b596a4c8e1 20-Nov-2007 Joe Perches <joe@perches.com> SUNRPC: Add missing "space" to net/sunrpc/auth_gss.c

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
c3c9d45828255dcb63d695a3229a25cba97a9bdf 20-Nov-2007 Joe Perches <joe@perches.com> [SUNRPC]: Add missing "space"

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ffc40f569272b6be60c66441aeae79a686ff54d9 10-Nov-2007 Kevin Coffman <kwc@citi.umich.edu> sunrpc: gss_pipe_downcall(), don't assume all errors are transient

Instead of mapping all errors except EACCES to EAGAIN, map all errors
except EAGAIN to EACCES.

An example is user-land negotiating a Kerberos context with an encryption
type that is not supported by the kernel code. (This can happen due to
mis-configuration or a bug in the Kerberos code that does not honor our
request to limit the encryption types negotiated.) This failure is not
transient, and returning EAGAIN causes mount to continuously retry rather
than giving up.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a4deb81ba8ece75af5560d40d9bb8d242c48a111 06-Aug-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Don't call gss_delete_sec_context() from an rcu context

Doing so may not be safe...

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
be879c4e249a8875d7129f3b0c1bb62584dafbd8 12-Jul-2007 J. Bruce Fields <bfields@citi.umich.edu> SUNRPC: move bkl locking and xdr proc invocation into a common helper

Since every invocation of xdr encode or decode functions takes the BKL now,
there's a lot of redundant lock_kernel/unlock_kernel pairs that we can pull
out into a common function.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
09561f44c75bc462ae86590b9c089d01c4e94a74 16-Jul-2007 Andrew Morton <akpm@linux-foundation.org> authgss build fix

Recent breakage..

net/sunrpc/auth_gss/auth_gss.c:1002: warning: implicit declaration of function 'lock_kernel'
net/sunrpc/auth_gss/auth_gss.c:1004: warning: implicit declaration of function 'unlock_kernel'

Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
d8558f99fbc5ef5d4ae76b893784005056450f82 10-Jul-2007 J. Bruce Fields <bfields@fieldses.org> sunrpc: drop BKL around wrap and unwrap

We don't need the BKL when wrapping and unwrapping; and experiments by Avishay
Traeger have found that permitting multiple encryption and decryption
operations to proceed in parallel can provide significant performance
improvements.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Avishay Traeger <atraeger@cs.sunysb.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
0df7fb74fbb709591301871a38aac7735a1d6583 26-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Ensure RPCSEC_GSS destroys the security context when freeing a cred

Do so by set the gc_proc field to RPC_GSS_PROC_DESTROY, and then sending a
NULL RPC call.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
0285ed1f12298e5304f0f2642e2cf31a5f302e61 27-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Ensure that the struct gss_auth lifetime exceeds the credential's

Add a refcount in order to ensure that the gss_auth doesn't disappear from
underneath us while we're freeing up GSS contexts.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
1be27f36601973815171db684c711d30557cf50c 27-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Remove the tk_auth macro...

We should almost always be deferencing the rpc_auth struct by means of the
credential's cr_auth field instead of the rpc_clnt->cl_auth anyway. Fix up
that historical mistake, and remove the macro that propagated it.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
5d28dc82074f1e64b22c9424b161abc1f5d6bcdb 27-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Convert gss_ctx_lock to an RCU lock

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
f5c2187cfef628784d8a09b6d0f77888246d0c0f 25-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Convert the credential garbage collector into a shrinker callback

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
31be5bf15f3dafffce110eb1afadccbf2e3067b4 24-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Convert the credcache lookup code to use RCU

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fc432dd90760a629c57026e57f65ff80a1a31d2f 25-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Enforce atomic updates of rpc_cred->cr_flags

Convert to the use of atomic bitops...

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
5fe4755e2526a2aa82b7ed8daeb3aed74a236925 24-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Clean up rpc credential initialisation

Add a helper rpc_cred_init()

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
f1c0a8615090359d57e096157feb9f900cbb233c 24-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Mark auth and cred operation tables as constant.

Also do the same for gss_api operation tables.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
07a2bf1da4765d987ffd1d8045e92ba032e0ad78 09-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix a memory leak in gss_create()

Fix a memory leak in gss_create() whereby the rpc credcache was not being
freed if the rpc_mkpipe() call failed.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
3ab9bb7243489f9db3abf3d05521ddfc6b184c0a 09-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix a memory leak in the auth credcache code

The leak only affects the RPCSEC_GSS caches, since they are the only ones
that are dynamically allocated...
Rename the existing rpcauth_free_credcache() to rpcauth_clear_credcache()
in order to better describe its role, then add a new function
rpcauth_destroy_credcache() that actually frees the cache in addition to
clearing it out.

Also move the call to destroy the credcache in gss_destroy() to come before
the rpc upcall pipe is unlinked.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
6e84c7b66a0aa0be16a7728d1e687c57978dac2c 07-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Add a downcall queue to struct rpc_inode

Currently, the downcall queue is tied to the struct gss_auth, which means
that different RPCSEC_GSS pseudoflavours must use different upcall pipes.
Add a list to struct rpc_inode that can be used instead.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
3b68aaeaf54065e5c44583a1d33ffb7793953ba4 07-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Always match an upcall message in gss_pipe_downcall()

It used to be possible for an rpc.gssd daemon to stuff the RPC credential
cache for any rpc client simply by creating RPCSEC_GSS contexts and then
doing downcalls. In practice, no daemons ever made use of this feature.

Remove this feature now, since it will be impossible to figure out which
mechanism a given context actually matches if we enable more
than one gss mechanism to use the same upcall pipe.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
b185f835e243e654047ae85f42346827d3894171 07-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Remove the gss_auth spinlock

We're just as well off using the inode spinlock instead.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
4a8c1344dccb848dbcf0edabc8b5c51a8ecf2808 07-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Add a backpointer from the struct rpc_cred to the rpc_auth

Cleans up an issue whereby rpcsec_gss uses the rpc_clnt->cl_auth. If we want
to be able to add several rpc_auths to a single rpc_clnt, then this abuse
must go.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
cca5172a7ec10dfdb0b787cd8e9d5b0b8f179793 10-Feb-2007 YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> [NET] SUNRPC: Fix whitespace errors.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8885cb367f86ce02bed3bf18192d74a53ac3b81f 31-Jan-2007 Chuck Lever <chuck.lever@oracle.com> SUNRPC: fix print format for tk_pid in auth_gss support

The tk_pid field is an unsigned short. The proper print format specifier for
that type is %5u, not %4d.

Also clean up some miscellaneous print formatting nits.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
303b46bb77a4b1679fd39d7ab5597630743e0ff5 08-Dec-2006 Josef Sipek <jsipek@fsl.cs.sunysb.edu> [PATCH] struct path: convert sunrpc

Signed-off-by: Josef Sipek <jsipek@fsl.cs.sunysb.edu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
adeb8133dd57f380e70a389a89a2ea3ae227f9e2 05-Dec-2006 Olga Kornievskaia <aglo@citi.umich.edu> rpc: spkm3 update

This updates the spkm3 code to bring it up to date with our current
understanding of the spkm3 spec.

In doing so, we're changing the downcall format used by gssd in the spkm3 case,
which will cause an incompatilibity with old userland spkm3 support. Since the
old code a) didn't implement the protocol correctly, and b) was never
distributed except in the form of some experimental patches from the citi web
site, we're assuming this is OK.

We do detect the old downcall format and print warning (and fail). We also
include a version number in the new downcall format, to be used in the
future in case any further change is required.

In some more detail:

- fix integrity support
- removed dependency on NIDs. instead OIDs are used
- known OID values for algorithms added.
- fixed some context fields and types

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
8fc7500bb8ea3b5c909869d00628635e964ae882 05-Dec-2006 J. Bruce Fields <bfields@citi.umich.edu> rpc: gss: eliminate print_hexl()'s

Dumping all this data to the logs is wasteful (even when debugging is turned
off), and creates too much output to be useful when it's turned on.

Fix a minor style bug or two while we're at it.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
e69062b4f728dca01ec1a9eb4ed55b73a374f164 21-Nov-2006 Arnaldo Carvalho de Melo <acme@mandriva.com> [SUNRPC]: Use k{mem,str}dup where applicable

Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
f30c2269544bffc7bf1b0d7c0abe5be1be83b8cb 03-Oct-2006 Uwe Zeisberger <Uwe_Zeisberger@digi.com> fix file specification in comments

Many files include the filename at the beginning, serveral used a wrong one.

Signed-off-by: Uwe Zeisberger <Uwe_Zeisberger@digi.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
d8ed029d6000ba2e2908d9286409e4833c091b4c 27-Sep-2006 Alexey Dobriyan <adobriyan@gmail.com> [SUNRPC]: trivial endianness annotations

pure s/u32/__be32/

[AV: large part based on Alexey's patches]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
158998b6fe36f6acef087f574c96d44713499cc9 24-Aug-2006 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Make rpc_mkpipe() take the parent dentry as an argument

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
8f8e7a50f450fcb86a5b2ffb94543c57a14f8260 14-Aug-2006 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix dentry refcounting issues with users of rpc_pipefs

rpc_unlink() and rpc_rmdir() will dput the dentry reference for you.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from a05a57effa71a1f67ccbfc52335c10c8b85f3f6a commit)
5d67476fff2df6ff12f60b540fd0e74cf2a668f9 31-Jul-2006 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: make rpc_unlink() take a dentry argument instead of a path

Signe-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 88bf6d811b01a4be7fd507d18bf5f1c527989089 commit)
0da974f4f303a6842516b764507e3c0a03f41e5a 21-Jul-2006 Panagiotis Issaris <takis@issaris.org> [NET]: Conversions from kmalloc+memset to k(z|c)alloc.

Signed-off-by: Panagiotis Issaris <takis@issaris.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
a5f9145bc9c340bda743ad51e09bdea60fa3ddfa 19-Apr-2006 Eric Sesterhenn <snakebyte@gmx.de> SUNRPC: Dead code in net/sunrpc/auth_gss/auth_gss.c

Hi,

the coverity checker spotted that cred is always NULL
when we jump to out_err ( there is just one case, when
we fail to allocate the memory for cred )
This is Coverity ID #79

Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
12de3b35ea549c5819f287508d7afab0bf3ac44d 20-Mar-2006 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Ensure that rpc_mkpipe returns a refcounted dentry

If not, we cannot guarantee that idmap->idmap_dentry, gss_auth->dentry and
clnt->cl_dentry are valid dentries.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fba3bad488a2eec2d76c067edb7a5ff92ef42431 01-Feb-2006 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Move upcall out of auth->au_ops->crcreate()

This fixes a bug whereby if two processes try to look up the same auth_gss
credential, they may end up creating two creds, and triggering two upcalls
because the upcall is performed before the credential is added to the
credcache.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
8a3177604b729ec3b80e43790ee978863ac7551b 01-Feb-2006 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix a lock recursion in the auth_gss downcall

When we look up a new cred in the auth_gss downcall so that we can stuff
the credcache, we do not want that lookup to queue up an upcall in order
to initialise it. To do an upcall here not only redundant, but since we
are already holding the inode->i_mutex, it will trigger a lock recursion.

This patch allows rpcauth cache searches to indicate that they can cope
with uninitialised credentials.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
48e49187753ec3b4fa84a7165c9b7a59f3875b56 19-Dec-2005 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix "EPIPE" error on mount of rpcsec_gss-protected partitions

gss_create_upcall() should not error just because rpc.gssd closed the
pipe on its end. Instead, it should requeue the pending requests and then
retry.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
00fd6e14255fe7a249315746386d640bc4e9e758 13-Oct-2005 J. Bruce Fields <bfields@fieldses.org> RPCSEC_GSS remove all qop parameters

Not only are the qop parameters that are passed around throughout the gssapi
unused by any currently implemented mechanism, but there appears to be some
doubt as to whether they will ever be used. Let's just kill them off for now.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2d2da60c63b67174add32f06e8d54c3a0c5cd9cf 13-Oct-2005 J. Bruce Fields <bfields@fieldses.org> RPCSEC_GSS: client-side privacy support

Add the code to the client side to handle privacy. This is dead code until
we actually add privacy support to krb5.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
24b2605becc10ca63c4c30808fa59a8abbf68727 13-Oct-2005 J. Bruce Fields <bfields@fieldses.org> RPCSEC_GSS: cleanup au_rslack calculation

Various xdr encode routines use au_rslack to guess where the reply argument
will end up, so we can set up the xdr_buf to recieve data into the right place
for zero copy.

Currently we calculate the au_rslack estimate when we check the verifier.
Normally this only depends on the verifier size. In the integrity case we add
a few bytes to allow for a length and sequence number.

It's a bit simpler to calculate only the verifier size when we check the
verifier, and delay the full calculation till we unwrap.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
f134585a7343d71f9be7f0cf97e2145f21dd10c6 23-Sep-2005 Trond Myklebust <Trond.Myklebust@netapp.com> Revert "[PATCH] RPC,NFS: new rpc_pipefs patch"

This reverts 17f4e6febca160a9f9dd4bdece9784577a2f4524 commit.
278c995c8a153bb2a9bc427e931cfb9c8034c9d7 25-Jul-2005 Christoph Hellwig <hch@infradead.org> [PATCH] RPC,NFS: new rpc_pipefs patch

Currently rpc_mkdir/rpc_rmdir and rpc_mkpipe/mk_unlink have an API that's
a little unfortunate. They take a path relative to the rpc_pipefs root and
thus need to perform a full lookup. If you look at debugfs or usbfs they
always store the dentry for directories they created and thus can pass in
a dentry + single pathname component pair into their equivalents of the
above functions.

And in fact rpc_pipefs actually stores a dentry for all but one component so
this change not only simplifies the core rpc_pipe code but also the callers.

Unfortuntately this code path is only used by the NFS4 idmapper and
AUTH_GSSAPI for which I don't have a test enviroment. Could someone give
it a spin? It's the last bit needed before we can rework the
lookup_hash API

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
808012fbb23a52ec59352445d2076d175ad4ab26 26-Aug-2005 Chuck Lever <cel@netapp.com> [PATCH] RPC: skip over transport-specific heads automatically

Add a generic mechanism for skipping over transport-specific headers
when constructing an RPC request. This removes another "xprt->stream"
dependency.

Test-plan:
Write-intensive workload on a single mount point (try both UDP and
TCP).

Signed-off-by: Chuck Lever <cel@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
86b9f57dfdf455763d2be73a742a9a88bb664173 11-Aug-2005 Chuck Lever <cel@citi.umich.edu> [PATCH] RPC: Eliminate socket.h includes in RPC client

Clean-up: get rid of unnecessary socket.h and in.h includes in the generic
parts of the RPC client.

Test-plan:
Compile kernel with CONFIG_NFS enabled.

Version: Thu, 11 Aug 2005 16:06:23 -0400

Signed-off-by: Chuck Lever <cel@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
6a19275ada9137435da58990c8f8d3f58e170bf1 22-Jun-2005 J. Bruce Fields <bfields@citi.umich.edu> [PATCH] RPC: [PATCH] improve rpcauthauth_create error returns

Currently we return -ENOMEM for every single failure to create a new auth.
This is actually accurate for auth_null and auth_unix, but for auth_gss it's a
bit confusing.

Allow rpcauth_create (and the ->create methods) to return errors. With this
patch, the user may sometimes see an EINVAL instead. Whee.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
438b6fdebf2a2e8573e7290bc176feb4d4475f43 22-Jun-2005 J. Bruce Fields <bfields@citi.umich.edu> [PATCH] RPC: Don't fall back from krb5p to krb5i

We shouldn't be silently falling back from krb5p to krb5i.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 17-Apr-2005 Linus Torvalds <torvalds@ppc970.osdl.org> Linux-2.6.12-rc2

Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!