From: Jeff Layton <jlayton@kernel.org>
To: Mike Snitzer <snitzer@kernel.org>, linux-nfs@vger.kernel.org
Cc: Chuck Lever <chuck.lever@oracle.com>,
Anna Schumaker <anna@kernel.org>,
Trond Myklebust <trondmy@hammerspace.com>,
NeilBrown <neilb@suse.de>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v14 04/25] NFSD: Handle @rqstp == NULL in check_nfsd_access()
Date: Thu, 29 Aug 2024 10:20:31 -0400 [thread overview]
Message-ID: <d5f673d4c809a48465b5fadea57d9d1fccaffe8a.camel@kernel.org> (raw)
In-Reply-To: <20240829010424.83693-5-snitzer@kernel.org>
On Wed, 2024-08-28 at 21:03 -0400, Mike Snitzer wrote:
> From: NeilBrown <neilb@suse.de>
>
> LOCALIO-initiated open operations are not running in an nfsd thread
> and thus do not have an associated svc_rqst context.
>
> Signed-off-by: NeilBrown <neilb@suse.de>
> Co-developed-by: Mike Snitzer <snitzer@kernel.org>
> Signed-off-by: Mike Snitzer <snitzer@kernel.org>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
> fs/nfsd/export.c | 30 +++++++++++++++++++++++++-----
> 1 file changed, 25 insertions(+), 5 deletions(-)
>
> diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
> index 7bb4f2075ac5..c82d8e3e0d4f 100644
> --- a/fs/nfsd/export.c
> +++ b/fs/nfsd/export.c
> @@ -1074,10 +1074,30 @@ static struct svc_export *exp_find(struct cache_detail *cd,
> return exp;
> }
>
> +/**
> + * check_nfsd_access - check if access to export is allowed.
> + * @exp: svc_export that is being accessed.
> + * @rqstp: svc_rqst attempting to access @exp (will be NULL for LOCALIO).
> + *
> + * Return values:
> + * %nfs_ok if access is granted, or
> + * %nfserr_wrongsec if access is denied
> + */
> __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
> {
> struct exp_flavor_info *f, *end = exp->ex_flavors + exp->ex_nflavors;
> - struct svc_xprt *xprt = rqstp->rq_xprt;
> + struct svc_xprt *xprt;
> +
> + /*
> + * If rqstp is NULL, this is a LOCALIO request which will only
> + * ever use a filehandle/credential pair for which access has
> + * been affirmed (by ACCESS or OPEN NFS requests) over the
> + * wire. So there is no need for further checks here.
> + */
> + if (!rqstp)
> + return nfs_ok;
> +
> + xprt = rqstp->rq_xprt;
>
> if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_NONE) {
> if (!test_bit(XPT_TLS_SESSION, &xprt->xpt_flags))
> @@ -1098,17 +1118,17 @@ __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
> ok:
> /* legacy gss-only clients are always OK: */
> if (exp->ex_client == rqstp->rq_gssclient)
> - return 0;
> + return nfs_ok;
> /* ip-address based client; check sec= export option: */
> for (f = exp->ex_flavors; f < end; f++) {
> if (f->pseudoflavor == rqstp->rq_cred.cr_flavor)
> - return 0;
> + return nfs_ok;
> }
> /* defaults in absence of sec= options: */
> if (exp->ex_nflavors == 0) {
> if (rqstp->rq_cred.cr_flavor == RPC_AUTH_NULL ||
> rqstp->rq_cred.cr_flavor == RPC_AUTH_UNIX)
> - return 0;
> + return nfs_ok;
> }
>
> /* If the compound op contains a spo_must_allowed op,
> @@ -1118,7 +1138,7 @@ __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
> */
>
> if (nfsd4_spo_must_allow(rqstp))
> - return 0;
> + return nfs_ok;
>
> denied:
> return nfserr_wrongsec;
Reviewed-by: Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2024-08-29 14:20 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-29 1:03 [PATCH v14 00/25] nfs/nfsd: add support for LOCALIO Mike Snitzer
2024-08-29 1:03 ` [PATCH v14 01/25] nfs_common: factor out nfs_errtbl and nfs_stat_to_errno Mike Snitzer
2024-08-29 14:17 ` Jeff Layton
2024-08-29 1:03 ` [PATCH v14 02/25] nfs_common: factor out nfs4_errtbl and nfs4_stat_to_errno Mike Snitzer
2024-08-29 14:17 ` Jeff Layton
2024-08-29 1:03 ` [PATCH v14 03/25] nfs: factor out {encode,decode}_opaque_fixed to nfs_xdr.h Mike Snitzer
2024-08-29 14:19 ` Jeff Layton
2024-08-29 1:03 ` [PATCH v14 04/25] NFSD: Handle @rqstp == NULL in check_nfsd_access() Mike Snitzer
2024-08-29 14:20 ` Jeff Layton [this message]
2024-08-29 1:04 ` [PATCH v14 05/25] NFSD: Refactor nfsd_setuser_and_check_port() Mike Snitzer
2024-08-29 14:23 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 06/25] NFSD: Avoid using rqstp->rq_vers in nfsd_set_fh_dentry() Mike Snitzer
2024-08-29 1:45 ` [PATCH v14.5 " Mike Snitzer
2024-08-29 16:52 ` Jeff Layton
2024-08-29 14:28 ` [PATCH v14 " Jeff Layton
2024-08-29 15:28 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 07/25] NFSD: Short-circuit fh_verify tracepoints for LOCALIO Mike Snitzer
2024-08-29 14:33 ` Jeff Layton
2024-08-29 14:35 ` Chuck Lever
2024-08-29 1:04 ` [PATCH v14 08/25] nfsd: factor out __fh_verify to allow NULL rqstp to be passed Mike Snitzer
2024-08-29 14:39 ` Jeff Layton
2024-08-29 15:35 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 09/25] nfsd: add nfsd_file_acquire_local() Mike Snitzer
2024-08-29 14:49 ` Jeff Layton
2024-08-29 15:47 ` Chuck Lever
2024-08-29 15:59 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 10/25] nfsd: add nfsd_serv_try_get and nfsd_serv_put Mike Snitzer
2024-08-29 15:49 ` Chuck Lever
2024-08-29 15:57 ` Jeff Layton
2024-08-29 16:01 ` Mike Snitzer
2024-08-29 16:04 ` Chuck Lever
2024-08-29 1:04 ` [PATCH v14 11/25] SUNRPC: remove call_allocate() BUG_ONs Mike Snitzer
2024-08-29 15:58 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 12/25] SUNRPC: add svcauth_map_clnt_to_svc_cred_local Mike Snitzer
2024-08-29 15:50 ` Chuck Lever
2024-08-29 16:01 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 13/25] SUNRPC: replace program list with program array Mike Snitzer
2024-08-29 16:02 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 14/25] nfs_common: add NFS LOCALIO auxiliary protocol enablement Mike Snitzer
2024-08-29 16:07 ` Jeff Layton
2024-08-29 16:22 ` Mike Snitzer
2024-08-29 23:39 ` NeilBrown
2024-08-30 1:45 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 15/25] nfs_common: introduce nfs_localio_ctx struct and interfaces Mike Snitzer
2024-08-29 16:40 ` Jeff Layton
2024-08-29 16:52 ` Mike Snitzer
2024-08-29 17:48 ` Jeff Layton
2024-08-30 4:36 ` NeilBrown
2024-08-30 5:01 ` Mike Snitzer
2024-08-30 5:08 ` Mike Snitzer
2024-08-30 5:12 ` Mike Snitzer
2024-08-30 5:34 ` NeilBrown
2024-08-30 6:02 ` Mike Snitzer
2024-08-30 5:46 ` NeilBrown
2024-08-30 5:56 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 16/25] nfsd: add localio support Mike Snitzer
2024-08-29 16:01 ` Chuck Lever
2024-08-29 16:15 ` Mike Snitzer
2024-08-29 23:10 ` NeilBrown
2024-08-29 16:49 ` Jeff Layton
2024-08-29 16:59 ` Mike Snitzer
2024-08-29 17:18 ` Chuck Lever
2024-08-29 1:04 ` [PATCH v14 17/25] nfsd: implement server support for NFS_LOCALIO_PROGRAM Mike Snitzer
2024-08-29 16:50 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 18/25] nfs: pass struct nfs_localio_ctx to nfs_init_pgio and nfs_init_commit Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 19/25] nfs: add localio support Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 20/25] nfs: enable localio for non-pNFS IO Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 21/25] pnfs/flexfiles: enable localio support Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 22/25] nfs/localio: use dedicated workqueues for filesystem read and write Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 23/25] nfs: implement client support for NFS_LOCALIO_PROGRAM Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 24/25] nfs: add Documentation/filesystems/nfs/localio.rst Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 25/25] nfs: add FAQ section to Documentation/filesystems/nfs/localio.rst Mike Snitzer
2024-08-29 1:47 ` [PATCH v14.5 " Mike Snitzer
2024-08-29 1:42 ` [PATCH v14 00/25] nfs/nfsd: add support for LOCALIO Mike Snitzer
2024-08-29 1:50 ` Mike Snitzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5f673d4c809a48465b5fadea57d9d1fccaffe8a.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=snitzer@kernel.org \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.