The following set of patches fix known issues with the 2.6.11 NFS client code, and significantly enhance the support for NFSv4.
NFS: Clean up nfs_permission().
Fix a bug whereby we are failing to test for permissions on opendir(). Optimize away permissions checks that request MAY_WRITE on directories. Ensure that VFS sets LOOKUP_CONTINUE before calling permission().
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Fix refcount leakage in nfs4_proc_create()
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Don't kill timers when calling rpc_restart_call() after rpc_delay()
Currently, if we restart an RPC call after having set an RPC delay (for instance in the case where an NFS EJUKEBOX error has occurred) the call to rpc_delete_timer() at the top of the rpc_execute() loop will kill off our timer.
This patch causes rpc_delete_timer() to detect if the rpc_task is still queued on a wait queue, and refuse to delete the timer if this is the case.
Problem diagnosed by Jan Sanislo and Olaf Kirch.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Use sizeof() instead of strlen() on string constants.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Fix return value of rpc_call_async()
RPC call async is supposed to return an error if and only if it failed to run the rpc_task.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Some portmappers expect AUTH_UNIX authentication
Sun's RPC library portmap client therefore defaults to AUTH_UNIX. Change our in-kernel client to follow that convention.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Remove unnecessary module refcounting
The sunrpc module itself is referenced by other sources, so only the auth_gss credcaches need to increment their module refcount.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Remove unnecessary reference counting in gss downcall code.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: struct rpc_auth initialization and destruction code cleanup
Move the initialization of auth->au_count into the flavour-specific code. Move the kfree(auth) into the flavour-specific code.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Move credcache-specific code out of put_rpccred()
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Make rpc_auth credential cache optional.
Some RPC authentication flavours are not related to the uid (AUTH_NULL springs to mind). This patch moves control over the caching mechanism into the auth-specific code.
Also ensure that expired creds are removed from the cache.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: kill cr_auth
The cr_auth field is currently used only in order to figure out the name of the credential's flavour in debugging printks. Replace with a dedicated pointer in the statically allocated rpc_credops instead.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Convert RPC credcache to use hlists
This will make initialization of statically allocated caches simpler.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Unify AUTH_NULL credentials
There is only one AUTH_NULL "credential".
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Unify the AUTH_UNIX credential cache.
AUTH_UNIX credentials really only depend on the process uid/gid/groups information. In particular there is no dependency on any strict rpc_client specific information. Might as well share them all between all RPC clients.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Shrink struct rpc_auth for those flavours that don't use the cache
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
VFS: Fix structure initialization in locks_remove_flock()
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Add emulation of BSD flock() in terms of POSIX locks on the server
This makes for an interesting situation in which programs compiled to use flock() and running on the server will not see the locks that are set by the clients. The clients will, however, see both POSIX and flock() locks set by other clients.
It is the best you can do, given the limitations of the protocol.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NLM: Always use AUTH_UNIX authentication for NLM locking.
Most existing servers do not implement RPCSEC_GSS for either the lockd or statd daemons.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: clean up the RPCSEC_GSS kerberos and spkm3 context import functions
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Document the format of the gssd downcalls
- Document the format of the gssd downcalls
- Separate out "uid" field from rest of GSS context data struct since it will not be needed for the keyring-based contexts.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPCSEC_GSS: cleanup gss_cred.
gc_flavor is used only for looking up the security service, which is an integer value that never changes. Store the latter instead of the former.
Fix up a couple of dodgy casts between gss_cred and rpc_cred. Replace them with the appropriate container_of().
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPCSEC_GSS: Misc little cleanups.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Save the name of the principal in the gss_cred
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPCSEC_GSS: Enable expiring of credentials
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Remove dependency of RPCSEC_GSS upcalls on the credential cache
Ensure that credentials that are referenced by an RPC task, but that have been booted out of the credcache may still be refreshed.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Initialize the GSS context upon RPC credential creation.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: make rpcauth_lookupcred() return error codes.
So we can distinguish between ENOMEM and EACCES errors.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Clean up of rpcauth_lookupcred() and rpcauth_bindcred()
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: This patch makes some needlessly global code static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
[NLM] fs/lockd/clntproc.c: make 2 functions static
This patch makes two needlessly global functions static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: remove broken_suid mount option
Remove broken_suid mount option (retry RPC after dropping privileges upon EACCES): no longer used and questionable w.r.t. security.
Signed-off-by: Frank van Maarseveen <frankvm@frankvm.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS,RPC: RPC client now advertises maximum payload size
The RPC client now reports the maximum payload size supported by the chosen transport method. This is something a little less than 64KB for RPC over UDP, and about 2GB - 1 for RPC over TCP. The effective rsize and wsize values are not allowed to exceed the reported maximum RPC payload size.
Signed-off-by: Chuck Lever <cel@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
VFS: Retry pathname resolution after encountering ESTALE
Add a mechanism for the VFS layer to retry pathname resolution if a file system returns ESTALE at any point during the resolution process. Pathname resolution is retried once from the first component, using all real lookup requests.
This provides effective recovery for most cases where files or directories have been replaced by other remote file system clients. It also provides a foundation to build a mechanism by which file system clients can fail over transparently to a replicated server.
Test-plan: Combinations of rsync and "ls -l" on multiple clients. No stale file handles should be after directory trees are replaced. Standard performance tests; little or no loss of performance is expected.
Created: Fri, 11 Feb 2005 16:46:19 -0500
Signed-off-by: Chuck Lever <cel@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: catch a few extra ESTALE errors that we are currently discarding.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Handle the NFS4ERR_CLID_INUSE error in SETCLIENTID
Encode the AUTH flavour in the clientid, since AUTH_UNIX and AUTH_GSS credentials will always conflict.
Then, strategy is to first retry after sleeping for a lease period. If the server then still refuses our clientid, assume we have a conflicting client, out there, and try bumping a "uniquifier" variable.
Give up if we're signalled, or if we've gone through the entire range of uniquifiers...
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Exit without Oopsing from close when servers send us crazy errors.
If retrying the request is not an option, we should just set state->state and be done with it.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: NFSv4 errors in nfs4_init_client() must not leak to userland
Fixes a potential Oops at mount time.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Fix access mode checking when opening a delegated file.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Cleanups for the network partition reclaim code
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Add nfs4_state_recovery_ops
We want to reuse the same code to recover the NFSv4 state after a server reboot, a network partition, or a failover situation.
Add a structure to contain those operations will that depend on the recovery scenario under consideration.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Allow recovery from network partitions
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: in readdir, use MOUNTED_ON_FILEID, rather than true fileid
Some servers return an error if the READDIR call attempts to read the fileid of a mountpoint.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: mknod() cleanup
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: mkdir() cleanup
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: cleanup create()
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Ensure "mount" is always interruptible and soft
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Header file cleanup...
- Move NFSv4 state definitions into a private header file.
- Clean up gunk in nfs_fs.h
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Allow NFS versions to support different sets of inode operations.
ACL support will require supporting additional inode operations in v4 (getxattr, setxattr, listxattr). This patch allows different protocol versions to support different inode operations by adding a file_inode_ops to the nfs_rpc_ops (to match the existing dir_inode_ops).
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Add {get,set,list}xattr methods for nfs4
Add {get,set,list}xattr methods for nfs4. The new methods are no-ops, to be used by subsequent ACL patch.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: fix fattr size calculations
Make nfs4 fattr size calculations more explicit, revising them downward a bit in the process.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Client-side xdr for reading NFSv4 acls
Client-side support for NFSv4 acls: xdr encoding and decoding routines for reading acls
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: ACL support for the NFSv4 client: read
Client-side support for NFSv4 ACLs. Exports the raw xdr code via the system.nfs4_acl extended attribute. It is up to userspace to decode the acl (and to provide correctly xdr'd acls on setxattr), and to convert to/from POSIX ACLs if desired.
This patch provides only the read support.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Client-side xdr for writing NFSv4 acls
Client-side support for NFSv4 acls: xdr encoding and decoding routines for writing acls
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: ACL support for the NFSv4 client: write
Client-side write support for NFSv4 ACLs.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: client-side caching NFSv4 ACLs
Add nfs4_acl field to the nfs_inode, and use it to cache acls. Only cache acls of size up to a page. Also prepare for up to a page of acl data even when the user doesn't pass in a buffer, as when they want to get the acl length to decide what size buffer to allocate.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Return -ENOSYS for RPC programs that are unavailable The issuer of an RPC call should be able to tell the difference between an I/O error and program unavailable / program version unavailable / procedure unavailable. Return -ENOSYS for unavailable RPC programs, and -EOPNOTSUPP for unavailable procedures.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Allow multiple NFS client programs to share the same transport Allow a clone of an RPC client (created with rpc_clone_client()) to change to another program. This allows the NFS and NFSACL programs to share the same transport.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Acked-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Lazy RPC receive buffer allocation Allow to allocate pages in the receive buffer lazily. Used for the GETACL RPC, which has a big maximum reply size, but a small average reply size.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Encode and decode arbitrary XDR arrays Add xdr_encode_array2 and xdr_decode_array2 functions for encoding end decoding arrays with arbitrary entries, such as acl entries. The goal here is to do this without allocating a contiguous temporary buffer.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Acked-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Support the KEYRING model for AUTH_GSS credentials
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Store the file system "fsid" value in the NFS super block.
This should enable us to detect if we are crossing a mountpoint in the case where the server is exporting "nohide" mounts.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
VFS: Add GPL_EXPORTED function vfs_kern_mount()
do_kern_mount() does not allow the kernel to use private mount interfaces without exposing the same interfaces to userland. The problem is that the filesystem is referenced by name, thus meaning that it and its mount interface must be registered in the global filesystem list.
vfs_kern_mount() passes the struct file_system_type as an explicit parameter in order to overcome this limitation.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Ensure the client submounts, when it crosses a server mountpoint.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Add timeout to submounts
Make automounted partitions expire using the mark_mounts_for_expiry() function. The timeout is controlled via a sysctl.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFS: Attempt to recover when migrating to a replicated filesystem.
If the replica does not preserve filehandles and/or inode numbers, then we can try to walk the path in order to recover. This is definitely a case of walking on eggshells, though.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Support for failover to a new transport struct
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
RPC: Allow struc xdr_stream to read the page section of an xdr_buf
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
NFSv4: Implement the fs_locations function call
NFSv4 allows for the fact that filesystems may be replicated across several servers or that they may be migrated to a backup server in case of failure of the primary server. fs_locations is an NFSv4 operation for retrieving information about the location of migrated and/or replicated filesystems.
Based on an initial implementation by Jiaying Zhang <jiayingz@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
VFS: Make link_path_walk set LOOKUP_CONTINUE before calling permission().
This will allow nfs_permission() to perform additional optimizations when walking the path, by folding the ACCESS(MAY_EXEC) call on the directory into the lookup revalidation.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
All of the above
![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}