1. 31 Jan, 2017 1 commit
    • J. Bruce Fields's avatar
      nfsd: opt in to labeled nfs per export · 32ddd944
      J. Bruce Fields authored
      
      
      Currently turning on NFSv4.2 results in 4.2 clients suddenly seeing the
      individual file labels as they're set on the server.  This is not what
      they've previously seen, and not appropriate in may cases.  (In
      particular, if clients have heterogenous security policies then one
      client's labels may not even make sense to another.)  Labeled NFS should
      be opted in only in those cases when the administrator knows it makes
      sense.
      
      It's helpful to be able to turn 4.2 on by default, and otherwise the
      protocol upgrade seems free of regressions.  So, default labeled NFS to
      off and provide an export flag to reenable it.
      
      Users wanting labeled NFS support on an export will henceforth need to:
      
      	- make sure 4.2 support is enabled on client and server (as
      	  before), and
      	- upgrade the server nfs-utils to a version supporting the new
      	  "security_label" export flag.
      	- set that "security_label" flag on the export.
      
      This is commit may be seen as a regression to anyone currently depending
      on security labels.  We believe those cases are currently rare.
      
      Reported-by: tibbs@math.uh.edu
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      32ddd944
  2. 15 Jul, 2016 1 commit
  3. 13 Jul, 2016 1 commit
    • Andrew Elble's avatar
      nfsd: implement machine credential support for some operations · ed941643
      Andrew Elble authored
      
      
      This addresses the conundrum referenced in RFC5661 18.35.3,
      and will allow clients to return state to the server using the
      machine credentials.
      
      The biggest part of the problem is that we need to allow the client
      to send a compound op with integrity/privacy on mounts that don't
      have it enabled.
      
      Add server support for properly decoding and using spo_must_enforce
      and spo_must_allow bits. Add support for machine credentials to be
      used for CLOSE, OPEN_DOWNGRADE, LOCKU, DELEGRETURN,
      and TEST/FREE STATEID.
      Implement a check so as to not throw WRONGSEC errors when these
      operations are used if integrity/privacy isn't turned on.
      
      Without this, Linux clients with credentials that expired while holding
      delegations were getting stuck in an endless loop.
      Signed-off-by: default avatarAndrew Elble <aweits@rit.edu>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      ed941643
  4. 13 Aug, 2015 1 commit
  5. 15 Apr, 2015 1 commit
  6. 03 Apr, 2015 1 commit
  7. 31 Mar, 2015 1 commit
  8. 02 Feb, 2015 1 commit
    • Christoph Hellwig's avatar
      nfsd: implement pNFS operations · 9cf514cc
      Christoph Hellwig authored
      
      
      Add support for the GETDEVICEINFO, LAYOUTGET, LAYOUTCOMMIT and
      LAYOUTRETURN NFSv4.1 operations, as well as backing code to manage
      outstanding layouts and devices.
      
      Layout management is very straight forward, with a nfs4_layout_stateid
      structure that extends nfs4_stid to manage layout stateids as the
      top-level structure.  It is linked into the nfs4_file and nfs4_client
      structures like the other stateids, and contains a linked list of
      layouts that hang of the stateid.  The actual layout operations are
      implemented in layout drivers that are not part of this commit, but
      will be added later.
      
      The worst part of this commit is the management of the pNFS device IDs,
      which suffers from a specification that is not sanely implementable due
      to the fact that the device-IDs are global and not bound to an export,
      and have a small enough size so that we can't store the fsid portion of
      a file handle, and must never be reused.  As we still do need perform all
      export authentication and validation checks on a device ID passed to
      GETDEVICEINFO we are caught between a rock and a hard place.  To work
      around this issue we add a new hash that maps from a 64-bit integer to a
      fsid so that we can look up the export to authenticate against it,
      a 32-bit integer as a generation that we can bump when changing the device,
      and a currently unused 32-bit integer that could be used in the future
      to handle more than a single device per export.  Entries in this hash
      table are never deleted as we can't reuse the ids anyway, and would have
      a severe lifetime problem anyway as Linux export structures are temporary
      structures that can go away under load.
      
      Parts of the XDR data, structures and marshaling/unmarshaling code, as
      well as many concepts are derived from the old pNFS server implementation
      from Andy Adamson, Benny Halevy, Dean Hildebrand, Marc Eshel, Fred Isaman,
      Mike Sager, Ricardo Labiaga and many others.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      9cf514cc
  9. 18 Aug, 2014 1 commit
    • Rajesh Ghanekar's avatar
      nfsd: allow turning off nfsv3 readdir_plus · 18c01ab3
      Rajesh Ghanekar authored
      
      
      One of our customer's application only needs file names, not file
      attributes. With directories having 10K+ inodes (assuming buffer cache
      has directory blocks cached having file names, but inode cache is
      limited and hence need eviction of older cached inodes), older inodes
      are evicted periodically. So if they keep on doing readdir(2) from NSF
      client on multiple directories, some directory's files are periodically
      removed from inode cache and hence new readdir(2) on same directory
      requires disk access to bring back inodes again to inode cache.
      
      As READDIRPLUS request fetches attributes also, doing getattr on each
      file on server, it causes unnecessary disk accesses. If READDIRPLUS on
      NFS client is returned with -ENOTSUPP, NFS client uses READDIR request
      which just gets the names of the files in a directory, not attributes,
      hence avoiding disk accesses on server.
      
      There's already a corresponding client-side mount option, but an export
      option reduces the need for configuration across multiple clients.
      
      This flag affects NFSv3 only.  If it turns out it's needed for NFSv4 as
      well then we may have to figure out how to extend the behavior to NFSv4,
      but it's not currently obvious how to do that.
      Signed-off-by: default avatarRajesh Ghanekar <rajesh_ghanekar@symantec.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      18c01ab3
  10. 23 Jun, 2014 2 commits
  11. 30 May, 2014 8 commits
  12. 29 Oct, 2013 2 commits
    • J. Bruce Fields's avatar
      nfsd: -EINVAL on invalid anonuid/gid instead of silent failure · 6f6cc320
      J. Bruce Fields authored
      
      
      If we're going to refuse to accept these it would be polite of us to at
      least say so....
      
      This introduces a slight complication since we need to grandfather in
      exportfs's ill-advised use of -1 uid and gid on its test_export.
      
      If it turns out there are other users passing down -1 we may need to
      do something else.
      
      Best might be to drop the checks entirely, but I'm not sure if other
      parts of the kernel might assume that a task can't run as uid or gid -1.
      
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      6f6cc320
    • J. Bruce Fields's avatar
      nfsd: return better errors to exportfs · 427d6c66
      J. Bruce Fields authored
      Someone noticed exportfs happily accepted exports that would later be
      rejected when mountd tried to give them to the kernel.  Fix this.
      
      This is a regression from 4c1e1b34
      
      
      "nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids".
      
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: stable@vger.kernel.org
      Reported-by: default avatarYin.JianHong <jiyin@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      427d6c66
  13. 15 Feb, 2013 2 commits
  14. 13 Feb, 2013 1 commit
  15. 04 Feb, 2013 1 commit
    • Jeff Layton's avatar
      nfsd: initialize the exp->ex_uuid field in svc_export_init · 2eeb9b2a
      Jeff Layton authored
      commit 885c91f7
      
       in Bruce's tree was causing oopses for me:
      
      general protection fault: 0000 [#1] SMP
      Modules linked in: nfsd(OF) nfs_acl(OF) auth_rpcgss(OF) lockd(OF) sunrpc(OF) kvm_amd kvm microcode i2c_piix4 virtio_net virtio_balloon cirrus drm_kms_helper ttm drm virtio_blk i2c_core
      CPU 0
      Pid: 564, comm: exportfs Tainted: GF          O 3.8.0-0.rc5.git2.1.fc19.x86_64 #1 Bochs Bochs
      RIP: 0010:[<ffffffff811b1509>]  [<ffffffff811b1509>] kfree+0x49/0x280
      RSP: 0018:ffff88007a3d7c50  EFLAGS: 00010203
      RAX: 01adaf8dadadad80 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000000000001
      RDX: ffffffff7fffffff RSI: 0000000000000000 RDI: 6b6b6b6b6b6b6b6b
      RBP: ffff88007a3d7c80 R08: 6b6b6b6b6b6b6b6b R09: 0000000000000000
      R10: 0000000000000018 R11: 0000000000000000 R12: ffff88006a117b50
      R13: ffffffffa01a589c R14: ffff8800631b0f50 R15: 01ad998dadadad80
      FS:  00007fcaa3616740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: 00007f5d84b6fdd8 CR3: 0000000064db4000 CR4: 00000000000006f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process exportfs (pid: 564, threadinfo ffff88007a3d6000, task ffff88006af28000)
      Stack:
       ffff88007a3d7c80 ffff88006a117b68 ffff88006a117b50 0000000000000000
       ffff8800631b0f50 ffff88006a117b50 ffff88007a3d7ca0 ffffffffa01a589c
       ffff880036be1148 ffff88007a3d7cf8 ffff88007a3d7e28 ffffffffa01a6a98
      Call Trace:
       [<ffffffffa01a589c>] svc_export_put+0x5c/0x70 [nfsd]
       [<ffffffffa01a6a98>] svc_export_parse+0x328/0x7e0 [nfsd]
       [<ffffffffa016f1c7>] cache_do_downcall+0x57/0x70 [sunrpc]
       [<ffffffffa016f25e>] cache_downcall+0x7e/0x100 [sunrpc]
       [<ffffffffa016f338>] cache_write_procfs+0x58/0x90 [sunrpc]
       [<ffffffffa016f2e0>] ? cache_downcall+0x100/0x100 [sunrpc]
       [<ffffffff8123b0e5>] proc_reg_write+0x75/0xb0
       [<ffffffff811ccecf>] vfs_write+0x9f/0x170
       [<ffffffff811cd089>] sys_write+0x49/0xa0
       [<ffffffff816e0919>] system_call_fastpath+0x16/0x1b
      Code: 66 66 66 90 48 83 fb 10 0f 86 c3 00 00 00 48 89 df 49 bf 00 00 00 00 00 ea ff ff e8 f2 12 ea ff 48 c1 e8 0c 48 c1 e0 06 49 01 c7 <49> 8b 07 f6 c4 80 0f 85 1d 02 00 00 49 8b 07 a8 80 0f 84 ee 01
      RIP  [<ffffffff811b1509>] kfree+0x49/0x280
       RSP <ffff88007a3d7c50>
      
      I think Majianpeng's patch is correct, but incomplete. In order for it
      to be safe to free the ex_uuid unconditionally in svc_export_put, we
      need to make sure it's initialized to NULL in the init routine.
      
      Cc: majianpeng <majianpeng@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      2eeb9b2a
  16. 29 Jan, 2013 1 commit
  17. 27 Jul, 2012 1 commit
  18. 25 Jul, 2012 1 commit
  19. 01 Jun, 2012 2 commits
  20. 12 Apr, 2012 3 commits
  21. 11 Apr, 2012 7 commits