1. 17 May, 2016 38 commits
  2. 09 May, 2016 2 commits
    • J. Bruce Fields's avatar
      nfs: don't share mounts between network namespaces · 7e3fcf61
      J. Bruce Fields authored
      There's no guarantee that an IP address in a different network namespace
      actually represents the same endpoint.
      
      Also, if we allow unprivileged nfs mounts some day then this might allow
      an unprivileged user in another network namespace to misdirect somebody
      else's nfs mounts.
      
      If sharing between containers is really what's wanted then that could
      still be arranged explicitly, for example with bind mounts.
      Reported-by: default avatar"Eric W. Biederman" <ebiederm@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      7e3fcf61
    • Chuck Lever's avatar
      NFS: Fix an LOCK/OPEN race when unlinking an open file · 11476e9d
      Chuck Lever authored
      At Connectathon 2016, we found that recent upstream Linux clients
      would occasionally send a LOCK operation with a zero stateid. This
      appeared to happen in close proximity to another thread returning
      a delegation before unlinking the same file while it remained open.
      
      Earlier, the client received a write delegation on this file and
      returned the open stateid. Now, as it is getting ready to unlink the
      file, it returns the write delegation. But there is still an open
      file descriptor on that file, so the client must OPEN the file
      again before it returns the delegation.
      
      Since commit 24311f88 ('NFSv4: Recovery of recalled read
      delegations is broken'), nfs_open_delegation_recall() clears the
      NFS_DELEGATED_STATE flag _before_ it sends the OPEN. This allows a
      racing LOCK on the same inode to be put on the wire before the OPEN
      operation has returned a valid open stateid.
      
      To eliminate this race, serialize delegation return with the
      acquisition of a file lock on the same file. Adopt the same approach
      as is used in the unlock path.
      
      This patch also eliminates a similar race seen when sending a LOCK
      operation at the same time as returning a delegation on the same file.
      
      Fixes: 24311f88 ('NFSv4: Recovery of recalled read ... ')
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      [Anna: Add sentence about LOCK / delegation race]
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      11476e9d