Commit de8d4f5d authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6

* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
  SUNRPC: Fix the NFSv4 and RPCSEC_GSS Kconfig dependencies
  statfs() gives ESTALE error
  NFS: Fix a typo in nfs_sockaddr_match_ipaddr6
  sunrpc: increase MAX_HASHTABLE_BITS to 14
  gss:spkm3 miss returning error to caller when import security context
  gss:krb5 miss returning error to caller when import security context
  Remove incorrect do_vfs_lock message
  SUNRPC: cleanup state-machine ordering
  SUNRPC: Fix a race in rpc_info_open
  SUNRPC: Fix race corrupting rpc upcall
  Fix null dereference in call_allocate
parents 75e1c70f 827e3457
...@@ -63,6 +63,7 @@ config NFS_V3_ACL ...@@ -63,6 +63,7 @@ config NFS_V3_ACL
config NFS_V4 config NFS_V4
bool "NFS client support for NFS version 4" bool "NFS client support for NFS version 4"
depends on NFS_FS depends on NFS_FS
select SUNRPC_GSS
help help
This option enables support for version 4 of the NFS protocol This option enables support for version 4 of the NFS protocol
(RFC 3530) in the kernel's NFS client. (RFC 3530) in the kernel's NFS client.
......
...@@ -275,7 +275,7 @@ static int nfs_sockaddr_match_ipaddr6(const struct sockaddr *sa1, ...@@ -275,7 +275,7 @@ static int nfs_sockaddr_match_ipaddr6(const struct sockaddr *sa1,
sin1->sin6_scope_id != sin2->sin6_scope_id) sin1->sin6_scope_id != sin2->sin6_scope_id)
return 0; return 0;
return ipv6_addr_equal(&sin1->sin6_addr, &sin1->sin6_addr); return ipv6_addr_equal(&sin1->sin6_addr, &sin2->sin6_addr);
} }
#else /* !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE) */ #else /* !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE) */
static int nfs_sockaddr_match_ipaddr6(const struct sockaddr *sa1, static int nfs_sockaddr_match_ipaddr6(const struct sockaddr *sa1,
......
...@@ -723,10 +723,6 @@ static int do_vfs_lock(struct file *file, struct file_lock *fl) ...@@ -723,10 +723,6 @@ static int do_vfs_lock(struct file *file, struct file_lock *fl)
default: default:
BUG(); BUG();
} }
if (res < 0)
dprintk(KERN_WARNING "%s: VFS is out of sync with lock manager"
" - error %d!\n",
__func__, res);
return res; return res;
} }
......
...@@ -431,7 +431,15 @@ static int nfs_statfs(struct dentry *dentry, struct kstatfs *buf) ...@@ -431,7 +431,15 @@ static int nfs_statfs(struct dentry *dentry, struct kstatfs *buf)
goto out_err; goto out_err;
error = server->nfs_client->rpc_ops->statfs(server, fh, &res); error = server->nfs_client->rpc_ops->statfs(server, fh, &res);
if (unlikely(error == -ESTALE)) {
struct dentry *pd_dentry;
pd_dentry = dget_parent(dentry);
if (pd_dentry != NULL) {
nfs_zap_caches(pd_dentry->d_inode);
dput(pd_dentry);
}
}
nfs_free_fattr(res.fattr); nfs_free_fattr(res.fattr);
if (error < 0) if (error < 0)
goto out_err; goto out_err;
......
...@@ -69,6 +69,7 @@ config NFSD_V4 ...@@ -69,6 +69,7 @@ config NFSD_V4
depends on NFSD && PROC_FS && EXPERIMENTAL depends on NFSD && PROC_FS && EXPERIMENTAL
select NFSD_V3 select NFSD_V3
select FS_POSIX_ACL select FS_POSIX_ACL
select SUNRPC_GSS
help help
This option enables support in your system's NFS server for This option enables support in your system's NFS server for
version 4 of the NFS protocol (RFC 3530). version 4 of the NFS protocol (RFC 3530).
......
...@@ -30,7 +30,7 @@ struct rpc_inode; ...@@ -30,7 +30,7 @@ struct rpc_inode;
* The high-level client handle * The high-level client handle
*/ */
struct rpc_clnt { struct rpc_clnt {
struct kref cl_kref; /* Number of references */ atomic_t cl_count; /* Number of references */
struct list_head cl_clients; /* Global list of clients */ struct list_head cl_clients; /* Global list of clients */
struct list_head cl_tasks; /* List of tasks */ struct list_head cl_tasks; /* List of tasks */
spinlock_t cl_lock; /* spinlock */ spinlock_t cl_lock; /* spinlock */
......
...@@ -38,7 +38,7 @@ static const struct rpc_authops *auth_flavors[RPC_AUTH_MAXFLAVOR] = { ...@@ -38,7 +38,7 @@ static const struct rpc_authops *auth_flavors[RPC_AUTH_MAXFLAVOR] = {
static LIST_HEAD(cred_unused); static LIST_HEAD(cred_unused);
static unsigned long number_cred_unused; static unsigned long number_cred_unused;
#define MAX_HASHTABLE_BITS (10) #define MAX_HASHTABLE_BITS (14)
static int param_set_hashtbl_sz(const char *val, const struct kernel_param *kp) static int param_set_hashtbl_sz(const char *val, const struct kernel_param *kp)
{ {
unsigned long num; unsigned long num;
......
...@@ -745,17 +745,18 @@ gss_pipe_release(struct inode *inode) ...@@ -745,17 +745,18 @@ gss_pipe_release(struct inode *inode)
struct rpc_inode *rpci = RPC_I(inode); struct rpc_inode *rpci = RPC_I(inode);
struct gss_upcall_msg *gss_msg; struct gss_upcall_msg *gss_msg;
restart:
spin_lock(&inode->i_lock); spin_lock(&inode->i_lock);
while (!list_empty(&rpci->in_downcall)) { list_for_each_entry(gss_msg, &rpci->in_downcall, list) {
gss_msg = list_entry(rpci->in_downcall.next, if (!list_empty(&gss_msg->msg.list))
struct gss_upcall_msg, list); continue;
gss_msg->msg.errno = -EPIPE; gss_msg->msg.errno = -EPIPE;
atomic_inc(&gss_msg->count); atomic_inc(&gss_msg->count);
__gss_unhash_msg(gss_msg); __gss_unhash_msg(gss_msg);
spin_unlock(&inode->i_lock); spin_unlock(&inode->i_lock);
gss_release_msg(gss_msg); gss_release_msg(gss_msg);
spin_lock(&inode->i_lock); goto restart;
} }
spin_unlock(&inode->i_lock); spin_unlock(&inode->i_lock);
......
...@@ -237,6 +237,7 @@ get_key(const void *p, const void *end, ...@@ -237,6 +237,7 @@ get_key(const void *p, const void *end,
if (!supported_gss_krb5_enctype(alg)) { if (!supported_gss_krb5_enctype(alg)) {
printk(KERN_WARNING "gss_kerberos_mech: unsupported " printk(KERN_WARNING "gss_kerberos_mech: unsupported "
"encryption key algorithm %d\n", alg); "encryption key algorithm %d\n", alg);
p = ERR_PTR(-EINVAL);
goto out_err; goto out_err;
} }
p = simple_get_netobj(p, end, &key); p = simple_get_netobj(p, end, &key);
...@@ -282,15 +283,19 @@ gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx) ...@@ -282,15 +283,19 @@ gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx)
ctx->enctype = ENCTYPE_DES_CBC_RAW; ctx->enctype = ENCTYPE_DES_CBC_RAW;
ctx->gk5e = get_gss_krb5_enctype(ctx->enctype); ctx->gk5e = get_gss_krb5_enctype(ctx->enctype);
if (ctx->gk5e == NULL) if (ctx->gk5e == NULL) {
p = ERR_PTR(-EINVAL);
goto out_err; goto out_err;
}
/* The downcall format was designed before we completely understood /* The downcall format was designed before we completely understood
* the uses of the context fields; so it includes some stuff we * the uses of the context fields; so it includes some stuff we
* just give some minimal sanity-checking, and some we ignore * just give some minimal sanity-checking, and some we ignore
* completely (like the next twenty bytes): */ * completely (like the next twenty bytes): */
if (unlikely(p + 20 > end || p + 20 < p)) if (unlikely(p + 20 > end || p + 20 < p)) {
p = ERR_PTR(-EFAULT);
goto out_err; goto out_err;
}
p += 20; p += 20;
p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p)) if (IS_ERR(p))
...@@ -619,6 +624,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, ...@@ -619,6 +624,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
if (ctx->seq_send64 != ctx->seq_send) { if (ctx->seq_send64 != ctx->seq_send) {
dprintk("%s: seq_send64 %lx, seq_send %x overflow?\n", __func__, dprintk("%s: seq_send64 %lx, seq_send %x overflow?\n", __func__,
(long unsigned)ctx->seq_send64, ctx->seq_send); (long unsigned)ctx->seq_send64, ctx->seq_send);
p = ERR_PTR(-EINVAL);
goto out_err; goto out_err;
} }
p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype)); p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype));
......
...@@ -100,6 +100,7 @@ gss_import_sec_context_spkm3(const void *p, size_t len, ...@@ -100,6 +100,7 @@ gss_import_sec_context_spkm3(const void *p, size_t len,
if (version != 1) { if (version != 1) {
dprintk("RPC: unknown spkm3 token format: " dprintk("RPC: unknown spkm3 token format: "
"obsolete nfs-utils?\n"); "obsolete nfs-utils?\n");
p = ERR_PTR(-EINVAL);
goto out_err_free_ctx; goto out_err_free_ctx;
} }
...@@ -135,8 +136,10 @@ gss_import_sec_context_spkm3(const void *p, size_t len, ...@@ -135,8 +136,10 @@ gss_import_sec_context_spkm3(const void *p, size_t len,
if (IS_ERR(p)) if (IS_ERR(p))
goto out_err_free_intg_alg; goto out_err_free_intg_alg;
if (p != end) if (p != end) {
p = ERR_PTR(-EFAULT);
goto out_err_free_intg_key; goto out_err_free_intg_key;
}
ctx_id->internal_ctx_id = ctx; ctx_id->internal_ctx_id = ctx;
......
...@@ -226,7 +226,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru ...@@ -226,7 +226,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru
goto out_no_principal; goto out_no_principal;
} }
kref_init(&clnt->cl_kref); atomic_set(&clnt->cl_count, 1);
err = rpc_setup_pipedir(clnt, program->pipe_dir_name); err = rpc_setup_pipedir(clnt, program->pipe_dir_name);
if (err < 0) if (err < 0)
...@@ -390,14 +390,14 @@ rpc_clone_client(struct rpc_clnt *clnt) ...@@ -390,14 +390,14 @@ rpc_clone_client(struct rpc_clnt *clnt)
if (new->cl_principal == NULL) if (new->cl_principal == NULL)
goto out_no_principal; goto out_no_principal;
} }
kref_init(&new->cl_kref); atomic_set(&new->cl_count, 1);
err = rpc_setup_pipedir(new, clnt->cl_program->pipe_dir_name); err = rpc_setup_pipedir(new, clnt->cl_program->pipe_dir_name);
if (err != 0) if (err != 0)
goto out_no_path; goto out_no_path;
if (new->cl_auth) if (new->cl_auth)
atomic_inc(&new->cl_auth->au_count); atomic_inc(&new->cl_auth->au_count);
xprt_get(clnt->cl_xprt); xprt_get(clnt->cl_xprt);
kref_get(&clnt->cl_kref); atomic_inc(&clnt->cl_count);
rpc_register_client(new); rpc_register_client(new);
rpciod_up(); rpciod_up();
return new; return new;
...@@ -465,10 +465,8 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client); ...@@ -465,10 +465,8 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client);
* Free an RPC client * Free an RPC client
*/ */
static void static void
rpc_free_client(struct kref *kref) rpc_free_client(struct rpc_clnt *clnt)
{ {
struct rpc_clnt *clnt = container_of(kref, struct rpc_clnt, cl_kref);
dprintk("RPC: destroying %s client for %s\n", dprintk("RPC: destroying %s client for %s\n",
clnt->cl_protname, clnt->cl_server); clnt->cl_protname, clnt->cl_server);
if (!IS_ERR(clnt->cl_path.dentry)) { if (!IS_ERR(clnt->cl_path.dentry)) {
...@@ -495,12 +493,10 @@ rpc_free_client(struct kref *kref) ...@@ -495,12 +493,10 @@ rpc_free_client(struct kref *kref)
* Free an RPC client * Free an RPC client
*/ */
static void static void
rpc_free_auth(struct kref *kref) rpc_free_auth(struct rpc_clnt *clnt)
{ {
struct rpc_clnt *clnt = container_of(kref, struct rpc_clnt, cl_kref);
if (clnt->cl_auth == NULL) { if (clnt->cl_auth == NULL) {
rpc_free_client(kref); rpc_free_client(clnt);
return; return;
} }
...@@ -509,10 +505,11 @@ rpc_free_auth(struct kref *kref) ...@@ -509,10 +505,11 @@ rpc_free_auth(struct kref *kref)
* release remaining GSS contexts. This mechanism ensures * release remaining GSS contexts. This mechanism ensures
* that it can do so safely. * that it can do so safely.
*/ */
kref_init(kref); atomic_inc(&clnt->cl_count);
rpcauth_release(clnt->cl_auth); rpcauth_release(clnt->cl_auth);
clnt->cl_auth = NULL; clnt->cl_auth = NULL;
kref_put(kref, rpc_free_client); if (atomic_dec_and_test(&clnt->cl_count))
rpc_free_client(clnt);
} }
/* /*
...@@ -525,7 +522,8 @@ rpc_release_client(struct rpc_clnt *clnt) ...@@ -525,7 +522,8 @@ rpc_release_client(struct rpc_clnt *clnt)
if (list_empty(&clnt->cl_tasks)) if (list_empty(&clnt->cl_tasks))
wake_up(&destroy_wait); wake_up(&destroy_wait);
kref_put(&clnt->cl_kref, rpc_free_auth); if (atomic_dec_and_test(&clnt->cl_count))
rpc_free_auth(clnt);
} }
/** /**
...@@ -588,7 +586,7 @@ void rpc_task_set_client(struct rpc_task *task, struct rpc_clnt *clnt) ...@@ -588,7 +586,7 @@ void rpc_task_set_client(struct rpc_task *task, struct rpc_clnt *clnt)
if (clnt != NULL) { if (clnt != NULL) {
rpc_task_release_client(task); rpc_task_release_client(task);
task->tk_client = clnt; task->tk_client = clnt;
kref_get(&clnt->cl_kref); atomic_inc(&clnt->cl_count);
if (clnt->cl_softrtry) if (clnt->cl_softrtry)
task->tk_flags |= RPC_TASK_SOFT; task->tk_flags |= RPC_TASK_SOFT;
/* Add to the client's list of all tasks */ /* Add to the client's list of all tasks */
...@@ -931,7 +929,7 @@ call_reserveresult(struct rpc_task *task) ...@@ -931,7 +929,7 @@ call_reserveresult(struct rpc_task *task)
task->tk_status = 0; task->tk_status = 0;
if (status >= 0) { if (status >= 0) {
if (task->tk_rqstp) { if (task->tk_rqstp) {
task->tk_action = call_allocate; task->tk_action = call_refresh;
return; return;
} }
...@@ -966,13 +964,54 @@ call_reserveresult(struct rpc_task *task) ...@@ -966,13 +964,54 @@ call_reserveresult(struct rpc_task *task)
} }
/* /*
* 2. Allocate the buffer. For details, see sched.c:rpc_malloc. * 2. Bind and/or refresh the credentials
*/
static void
call_refresh(struct rpc_task *task)
{
dprint_status(task);
task->tk_action = call_refreshresult;
task->tk_status = 0;
task->tk_client->cl_stats->rpcauthrefresh++;
rpcauth_refreshcred(task);
}
/*
* 2a. Process the results of a credential refresh
*/
static void
call_refreshresult(struct rpc_task *task)
{
int status = task->tk_status;
dprint_status(task);
task->tk_status = 0;
task->tk_action = call_allocate;
if (status >= 0 && rpcauth_uptodatecred(task))
return;
switch (status) {
case -EACCES:
rpc_exit(task, -EACCES);
return;
case -ENOMEM:
rpc_exit(task, -ENOMEM);
return;
case -ETIMEDOUT:
rpc_delay(task, 3*HZ);
}
task->tk_action = call_refresh;
}
/*
* 2b. Allocate the buffer. For details, see sched.c:rpc_malloc.
* (Note: buffer memory is freed in xprt_release). * (Note: buffer memory is freed in xprt_release).
*/ */
static void static void
call_allocate(struct rpc_task *task) call_allocate(struct rpc_task *task)
{ {
unsigned int slack = task->tk_client->cl_auth->au_cslack; unsigned int slack = task->tk_rqstp->rq_cred->cr_auth->au_cslack;
struct rpc_rqst *req = task->tk_rqstp; struct rpc_rqst *req = task->tk_rqstp;
struct rpc_xprt *xprt = task->tk_xprt; struct rpc_xprt *xprt = task->tk_xprt;
struct rpc_procinfo *proc = task->tk_msg.rpc_proc; struct rpc_procinfo *proc = task->tk_msg.rpc_proc;
...@@ -980,7 +1019,7 @@ call_allocate(struct rpc_task *task) ...@@ -980,7 +1019,7 @@ call_allocate(struct rpc_task *task)
dprint_status(task); dprint_status(task);
task->tk_status = 0; task->tk_status = 0;
task->tk_action = call_refresh; task->tk_action = call_bind;
if (req->rq_buffer) if (req->rq_buffer)
return; return;
...@@ -1017,47 +1056,6 @@ call_allocate(struct rpc_task *task) ...@@ -1017,47 +1056,6 @@ call_allocate(struct rpc_task *task)
rpc_exit(task, -ERESTARTSYS); rpc_exit(task, -ERESTARTSYS);
} }
/*
* 2a. Bind and/or refresh the credentials
*/
static void
call_refresh(struct rpc_task *task)
{
dprint_status(task);
task->tk_action = call_refreshresult;
task->tk_status = 0;
task->tk_client->cl_stats->rpcauthrefresh++;
rpcauth_refreshcred(task);
}
/*
* 2b. Process the results of a credential refresh
*/
static void
call_refreshresult(struct rpc_task *task)
{
int status = task->tk_status;
dprint_status(task);
task->tk_status = 0;
task->tk_action = call_bind;
if (status >= 0 && rpcauth_uptodatecred(task))
return;
switch (status) {
case -EACCES:
rpc_exit(task, -EACCES);
return;
case -ENOMEM:
rpc_exit(task, -ENOMEM);
return;
case -ETIMEDOUT:
rpc_delay(task, 3*HZ);
}
task->tk_action = call_refresh;
}
static inline int static inline int
rpc_task_need_encode(struct rpc_task *task) rpc_task_need_encode(struct rpc_task *task)
{ {
......
...@@ -48,7 +48,7 @@ static void rpc_purge_list(struct rpc_inode *rpci, struct list_head *head, ...@@ -48,7 +48,7 @@ static void rpc_purge_list(struct rpc_inode *rpci, struct list_head *head,
return; return;
do { do {
msg = list_entry(head->next, struct rpc_pipe_msg, list); msg = list_entry(head->next, struct rpc_pipe_msg, list);
list_del(&msg->list); list_del_init(&msg->list);
msg->errno = err; msg->errno = err;
destroy_msg(msg); destroy_msg(msg);
} while (!list_empty(head)); } while (!list_empty(head));
...@@ -208,7 +208,7 @@ rpc_pipe_release(struct inode *inode, struct file *filp) ...@@ -208,7 +208,7 @@ rpc_pipe_release(struct inode *inode, struct file *filp)
if (msg != NULL) { if (msg != NULL) {
spin_lock(&inode->i_lock); spin_lock(&inode->i_lock);
msg->errno = -EAGAIN; msg->errno = -EAGAIN;
list_del(&msg->list); list_del_init(&msg->list);
spin_unlock(&inode->i_lock); spin_unlock(&inode->i_lock);
rpci->ops->destroy_msg(msg); rpci->ops->destroy_msg(msg);
} }
...@@ -268,7 +268,7 @@ rpc_pipe_read(struct file *filp, char __user *buf, size_t len, loff_t *offset) ...@@ -268,7 +268,7 @@ rpc_pipe_read(struct file *filp, char __user *buf, size_t len, loff_t *offset)
if (res < 0 || msg->len == msg->copied) { if (res < 0 || msg->len == msg->copied) {
filp->private_data = NULL; filp->private_data = NULL;
spin_lock(&inode->i_lock); spin_lock(&inode->i_lock);
list_del(&msg->list); list_del_init(&msg->list);
spin_unlock(&inode->i_lock); spin_unlock(&inode->i_lock);
rpci->ops->destroy_msg(msg); rpci->ops->destroy_msg(msg);
} }
...@@ -371,21 +371,23 @@ rpc_show_info(struct seq_file *m, void *v) ...@@ -371,21 +371,23 @@ rpc_show_info(struct seq_file *m, void *v)
static int static int
rpc_info_open(struct inode *inode, struct file *file) rpc_info_open(struct inode *inode, struct file *file)
{ {
struct rpc_clnt *clnt; struct rpc_clnt *clnt = NULL;
int ret = single_open(file, rpc_show_info, NULL); int ret = single_open(file, rpc_show_info, NULL);
if (!ret) { if (!ret) {
struct seq_file *m = file->private_data; struct seq_file *m = file->private_data;
mutex_lock(&inode->i_mutex);
clnt = RPC_I(inode)->private; spin_lock(&file->f_path.dentry->d_lock);
if (clnt) { if (!d_unhashed(file->f_path.dentry))
kref_get(&clnt->cl_kref); clnt = RPC_I(inode)->private;
if (clnt != NULL && atomic_inc_not_zero(&clnt->cl_count)) {
spin_unlock(&file->f_path.dentry->d_lock);
m->private = clnt; m->private = clnt;
} else { } else {
spin_unlock(&file->f_path.dentry->d_lock);
single_release(inode, file); single_release(inode, file);
ret = -EINVAL; ret = -EINVAL;
} }
mutex_unlock(&inode->i_mutex);
} }
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment