Commit a5cddc88 authored by J. Bruce Fields's avatar J. Bruce Fields

nfsd4: better reservation of head space for krb5

RPC_MAX_AUTH_SIZE is scattered around several places.  Better to set it
once in the auth code, where this kind of estimate should be made.  And
while we're at it we can leave it zero when we're not using krb5i or
krb5p.
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent d05d5744
...@@ -1261,13 +1261,13 @@ static void svcxdr_init_encode(struct svc_rqst *rqstp, ...@@ -1261,13 +1261,13 @@ static void svcxdr_init_encode(struct svc_rqst *rqstp,
xdr->buf = buf; xdr->buf = buf;
xdr->iov = head; xdr->iov = head;
xdr->p = head->iov_base + head->iov_len; xdr->p = head->iov_base + head->iov_len;
xdr->end = head->iov_base + PAGE_SIZE - 2 * RPC_MAX_AUTH_SIZE; xdr->end = head->iov_base + PAGE_SIZE - rqstp->rq_auth_slack;
/* Tail and page_len should be zero at this point: */ /* Tail and page_len should be zero at this point: */
buf->len = buf->head[0].iov_len; buf->len = buf->head[0].iov_len;
xdr->scratch.iov_len = 0; xdr->scratch.iov_len = 0;
xdr->page_ptr = buf->pages; xdr->page_ptr = buf->pages;
buf->buflen = PAGE_SIZE * (1 + rqstp->rq_page_end - buf->pages) buf->buflen = PAGE_SIZE * (1 + rqstp->rq_page_end - buf->pages)
- 2 * RPC_MAX_AUTH_SIZE; - rqstp->rq_auth_slack;
} }
/* /*
......
...@@ -2288,7 +2288,7 @@ nfsd4_sequence(struct svc_rqst *rqstp, ...@@ -2288,7 +2288,7 @@ nfsd4_sequence(struct svc_rqst *rqstp,
session->se_fchannel.maxresp_sz; session->se_fchannel.maxresp_sz;
status = (seq->cachethis) ? nfserr_rep_too_big_to_cache : status = (seq->cachethis) ? nfserr_rep_too_big_to_cache :
nfserr_rep_too_big; nfserr_rep_too_big;
if (xdr_restrict_buflen(xdr, buflen - 2 * RPC_MAX_AUTH_SIZE)) if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack))
goto out_put_session; goto out_put_session;
svc_reserve(rqstp, buflen); svc_reserve(rqstp, buflen);
......
...@@ -1611,7 +1611,8 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp) ...@@ -1611,7 +1611,8 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
DECODE_HEAD; DECODE_HEAD;
struct nfsd4_op *op; struct nfsd4_op *op;
bool cachethis = false; bool cachethis = false;
int max_reply = 2 * RPC_MAX_AUTH_SIZE + 8; /* opcnt, status */ int auth_slack= argp->rqstp->rq_auth_slack;
int max_reply = auth_slack + 8; /* opcnt, status */
int readcount = 0; int readcount = 0;
int readbytes = 0; int readbytes = 0;
int i; int i;
...@@ -1677,7 +1678,7 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp) ...@@ -1677,7 +1678,7 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
svc_reserve(argp->rqstp, max_reply + readbytes); svc_reserve(argp->rqstp, max_reply + readbytes);
argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE; argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
if (readcount > 1 || max_reply > PAGE_SIZE - 2*RPC_MAX_AUTH_SIZE) if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
argp->rqstp->rq_splice_ok = false; argp->rqstp->rq_splice_ok = false;
DECODE_TAIL; DECODE_TAIL;
......
...@@ -260,7 +260,10 @@ struct svc_rqst { ...@@ -260,7 +260,10 @@ struct svc_rqst {
void * rq_argp; /* decoded arguments */ void * rq_argp; /* decoded arguments */
void * rq_resp; /* xdr'd results */ void * rq_resp; /* xdr'd results */
void * rq_auth_data; /* flavor-specific data */ void * rq_auth_data; /* flavor-specific data */
int rq_auth_slack; /* extra space xdr code
* should leave in head
* for krb5i, krb5p.
*/
int rq_reserved; /* space on socket outq int rq_reserved; /* space on socket outq
* reserved for this request * reserved for this request
*/ */
...@@ -456,11 +459,7 @@ char * svc_print_addr(struct svc_rqst *, char *, size_t); ...@@ -456,11 +459,7 @@ char * svc_print_addr(struct svc_rqst *, char *, size_t);
*/ */
static inline void svc_reserve_auth(struct svc_rqst *rqstp, int space) static inline void svc_reserve_auth(struct svc_rqst *rqstp, int space)
{ {
int added_space = 0; svc_reserve(rqstp, space + rqstp->rq_auth_slack);
if (rqstp->rq_authop->flavour)
added_space = RPC_MAX_AUTH_SIZE;
svc_reserve(rqstp, space + added_space);
} }
#endif /* SUNRPC_SVC_H */ #endif /* SUNRPC_SVC_H */
...@@ -1503,6 +1503,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) ...@@ -1503,6 +1503,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
if (unwrap_integ_data(rqstp, &rqstp->rq_arg, if (unwrap_integ_data(rqstp, &rqstp->rq_arg,
gc->gc_seq, rsci->mechctx)) gc->gc_seq, rsci->mechctx))
goto garbage_args; goto garbage_args;
rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE;
break; break;
case RPC_GSS_SVC_PRIVACY: case RPC_GSS_SVC_PRIVACY:
/* placeholders for length and seq. number: */ /* placeholders for length and seq. number: */
...@@ -1511,6 +1512,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) ...@@ -1511,6 +1512,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
if (unwrap_priv_data(rqstp, &rqstp->rq_arg, if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
gc->gc_seq, rsci->mechctx)) gc->gc_seq, rsci->mechctx))
goto garbage_args; goto garbage_args;
rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE * 2;
break; break;
default: default:
goto auth_err; goto auth_err;
......
...@@ -54,6 +54,8 @@ svc_authenticate(struct svc_rqst *rqstp, __be32 *authp) ...@@ -54,6 +54,8 @@ svc_authenticate(struct svc_rqst *rqstp, __be32 *authp)
} }
spin_unlock(&authtab_lock); spin_unlock(&authtab_lock);
rqstp->rq_auth_slack = 0;
rqstp->rq_authop = aops; rqstp->rq_authop = aops;
return aops->accept(rqstp, authp); return aops->accept(rqstp, authp);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment