From: Mike Snitzer <snitzer@kernel.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: linux-nfs@vger.kernel.org, Jeff Layton <jlayton@kernel.org>,
Anna Schumaker <anna@kernel.org>,
Trond Myklebust <trondmy@hammerspace.com>,
NeilBrown <neilb@suse.de>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v14 09/25] nfsd: add nfsd_file_acquire_local()
Date: Thu, 29 Aug 2024 11:59:35 -0400 [thread overview]
Message-ID: <ZtCa5x15Al2P2VNk@kernel.org> (raw)
In-Reply-To: <ZtCYCgcxFeQZ0XBN@tissot.1015granger.net>
On Thu, Aug 29, 2024 at 11:47:22AM -0400, Chuck Lever wrote:
> On Wed, Aug 28, 2024 at 09:04:04PM -0400, Mike Snitzer wrote:
> > From: NeilBrown <neilb@suse.de>
> >
> > nfsd_file_acquire_local() can be used to look up a file by filehandle
> > without having a struct svc_rqst. This can be used by NFS LOCALIO to
> > allow the NFS client to bypass the NFS protocol to directly access a
> > file provided by the NFS server which is running in the same kernel.
> >
> > In nfsd_file_do_acquire() care is taken to always use fh_verify() if
> > rqstp is not NULL (as is the case for non-LOCALIO callers). Otherwise
> > the non-LOCALIO callers will not supply the correct and required
> > arguments to __fh_verify (e.g. gssclient isn't passed).
> >
> > Introduce fh_verify_local() wrapper around __fh_verify to make it
> > clear that LOCALIO is intended caller.
> >
> > Also, use GC for nfsd_file returned by nfsd_file_acquire_local. GC
> > offers performance improvements if/when a file is reopened before
> > launderette cleans it from the filecache's LRU.
> >
> > Suggested-by: Jeff Layton <jlayton@kernel.org> # use filecache's GC
> > Signed-off-by: NeilBrown <neilb@suse.de>
> > Co-developed-by: Mike Snitzer <snitzer@kernel.org>
> > Signed-off-by: Mike Snitzer <snitzer@kernel.org>
> > Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> > ---
> > fs/nfsd/filecache.c | 71 ++++++++++++++++++++++++++++++++++++++++-----
> > fs/nfsd/filecache.h | 3 ++
> > fs/nfsd/nfsfh.c | 39 +++++++++++++++++++++++++
> > fs/nfsd/nfsfh.h | 2 ++
> > 4 files changed, 108 insertions(+), 7 deletions(-)
> >
> > diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
> > index 9e9d246f993c..2dc72de31f61 100644
> > --- a/fs/nfsd/filecache.c
> > +++ b/fs/nfsd/filecache.c
> > @@ -982,12 +982,14 @@ nfsd_file_is_cached(struct inode *inode)
> > }
> >
> > static __be32
> > -nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > +nfsd_file_do_acquire(struct svc_rqst *rqstp, struct net *net,
> > + struct svc_cred *cred,
> > + struct auth_domain *client,
> > + struct svc_fh *fhp,
> > unsigned int may_flags, struct file *file,
> > struct nfsd_file **pnf, bool want_gc)
> > {
> > unsigned char need = may_flags & NFSD_FILE_MAY_MASK;
> > - struct net *net = SVC_NET(rqstp);
> > struct nfsd_file *new, *nf;
> > bool stale_retry = true;
> > bool open_retry = true;
> > @@ -996,8 +998,13 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > int ret;
> >
> > retry:
> > - status = fh_verify(rqstp, fhp, S_IFREG,
> > - may_flags|NFSD_MAY_OWNER_OVERRIDE);
> > + if (rqstp) {
> > + status = fh_verify(rqstp, fhp, S_IFREG,
> > + may_flags|NFSD_MAY_OWNER_OVERRIDE);
> > + } else {
> > + status = fh_verify_local(net, cred, client, fhp, S_IFREG,
> > + may_flags|NFSD_MAY_OWNER_OVERRIDE);
> > + }
> > if (status != nfs_ok)
> > return status;
> > inode = d_inode(fhp->fh_dentry);
> > @@ -1143,7 +1150,8 @@ __be32
> > nfsd_file_acquire_gc(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > unsigned int may_flags, struct nfsd_file **pnf)
> > {
> > - return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, true);
> > + return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
> > + fhp, may_flags, NULL, pnf, true);
> > }
> >
> > /**
> > @@ -1167,7 +1175,55 @@ __be32
> > nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > unsigned int may_flags, struct nfsd_file **pnf)
> > {
> > - return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, false);
> > + return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
> > + fhp, may_flags, NULL, pnf, false);
> > +}
> > +
> > +/**
> > + * nfsd_file_acquire_local - Get a struct nfsd_file with an open file for localio
> > + * @net: The network namespace in which to perform a lookup
> > + * @cred: the user credential with which to validate access
> > + * @client: the auth_domain for LOCALIO lookup
> > + * @fhp: the NFS filehandle of the file to be opened
> > + * @may_flags: NFSD_MAY_ settings for the file
> > + * @pnf: OUT: new or found "struct nfsd_file" object
> > + *
> > + * This file lookup interface provide access to a file given the
> > + * filehandle and credential. No connection-based authorisation
> > + * is performed and in that way it is quite different to other
> > + * file access mediated by nfsd. It allows a kernel module such as the NFS
> > + * client to reach across network and filesystem namespaces to access
> > + * a file. The security implications of this should be carefully
> > + * considered before use.
> > + *
> > + * The nfsd_file object returned by this API is reference-counted
> > + * and garbage-collected. The object is retained for a few
> > + * seconds after the final nfsd_file_put() in case the caller
> > + * wants to re-use it.
> > + *
> > + * Return values:
> > + * %nfs_ok - @pnf points to an nfsd_file with its reference
> > + * count boosted.
> > + *
> > + * On error, an nfsstat value in network byte order is returned.
> > + */
> > +__be32
> > +nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
> > + struct auth_domain *client, struct svc_fh *fhp,
> > + unsigned int may_flags, struct nfsd_file **pnf)
> > +{
> > + /*
> > + * Save creds before calling nfsd_file_do_acquire() (which calls
> > + * nfsd_setuser). Important because caller (LOCALIO) is from
> > + * client context.
> > + */
> > + const struct cred *save_cred = get_current_cred();
> > + __be32 beres;
> > +
> > + beres = nfsd_file_do_acquire(NULL, net, cred, client,
> > + fhp, may_flags, NULL, pnf, true);
> > + revert_creds(save_cred);
> > + return beres;
> > }
> >
> > /**
> > @@ -1193,7 +1249,8 @@ nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > unsigned int may_flags, struct file *file,
> > struct nfsd_file **pnf)
> > {
> > - return nfsd_file_do_acquire(rqstp, fhp, may_flags, file, pnf, false);
> > + return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
> > + fhp, may_flags, file, pnf, false);
> > }
> >
> > /*
> > diff --git a/fs/nfsd/filecache.h b/fs/nfsd/filecache.h
> > index 3fbec24eea6c..26ada78b8c1e 100644
> > --- a/fs/nfsd/filecache.h
> > +++ b/fs/nfsd/filecache.h
> > @@ -66,5 +66,8 @@ __be32 nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > __be32 nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > unsigned int may_flags, struct file *file,
> > struct nfsd_file **nfp);
> > +__be32 nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
> > + struct auth_domain *client, struct svc_fh *fhp,
> > + unsigned int may_flags, struct nfsd_file **pnf);
> > int nfsd_file_cache_stats_show(struct seq_file *m, void *v);
> > #endif /* _FS_NFSD_FILECACHE_H */
> > diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
> > index 80c06e170e9a..49468e478d23 100644
> > --- a/fs/nfsd/nfsfh.c
> > +++ b/fs/nfsd/nfsfh.c
> > @@ -301,6 +301,22 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
> > return error;
> > }
> >
> > +/**
> > + * __fh_verify - filehandle lookup and access checking
> > + * @rqstp: RPC transaction context, or NULL
> > + * @net: net namespace in which to perform the export lookup
> > + * @cred: RPC user credential
> > + * @client: RPC auth domain
> > + * @gssclient: RPC GSS auth domain, or NULL
> > + * @fhp: filehandle to be verified
> > + * @type: expected type of object pointed to by filehandle
> > + * @access: type of access needed to object
> > + *
> > + * This internal API can be used by callers who do not have an RPC
> > + * transaction context (ie are not running in an nfsd thread).
>
> This paragraph is incorrect, since fh_verify(), which has a non-NULL
> @rqstp, also uses this internal API. Another review isn't needed,
> but you should perhaps drop this paragraph before submitting the
> final version.
OK, I reviewed this and thought the "can be" implied optional, so it
still applicable for the localio usecase. But yeah, I will drop it.
>
>
> > + *
> > + * See fh_verify() for further descriptions of @fhp, @type, and @access.
> > + */
> > static __be32
> > __fh_verify(struct svc_rqst *rqstp,
> > struct net *net, struct svc_cred *cred,
> > @@ -382,6 +398,29 @@ __fh_verify(struct svc_rqst *rqstp,
> > return error;
> > }
> >
> > +/**
> > + * fh_verify_local - filehandle lookup and access checking
> > + * @net: net namespace in which to perform the export lookup
> > + * @cred: RPC user credential
> > + * @client: RPC auth domain
> > + * @fhp: filehandle to be verified
> > + * @type: expected type of object pointed to by filehandle
> > + * @access: type of access needed to object
> > + *
> > + * This API can be used by callers who do not have an RPC
> > + * transaction context (ie are not running in an nfsd thread).
> > + *
> > + * See fh_verify() for further descriptions of @fhp, @type, and @access.
> > + */
> > +__be32
> > +fh_verify_local(struct net *net, struct svc_cred *cred,
> > + struct auth_domain *client, struct svc_fh *fhp,
> > + umode_t type, int access)
>
> Yeah: Unneeded @rqstp parameter is gone. Clean.
>
Yes
> > +{
> > + return __fh_verify(NULL, net, cred, client, NULL,
> > + fhp, type, access);
> > +}
> > +
> > /**
> > * fh_verify - filehandle lookup and access checking
> > * @rqstp: pointer to current rpc request
> > diff --git a/fs/nfsd/nfsfh.h b/fs/nfsd/nfsfh.h
> > index 8d46e203d139..5b7394801dc4 100644
> > --- a/fs/nfsd/nfsfh.h
> > +++ b/fs/nfsd/nfsfh.h
> > @@ -217,6 +217,8 @@ extern char * SVCFH_fmt(struct svc_fh *fhp);
> > * Function prototypes
> > */
> > __be32 fh_verify(struct svc_rqst *, struct svc_fh *, umode_t, int);
> > +__be32 fh_verify_local(struct net *, struct svc_cred *, struct auth_domain *,
> > + struct svc_fh *, umode_t, int);
> > __be32 fh_compose(struct svc_fh *, struct svc_export *, struct dentry *, struct svc_fh *);
> > __be32 fh_update(struct svc_fh *);
> > void fh_put(struct svc_fh *);
> > --
> > 2.44.0
> >
>
> Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
>
> --
> Chuck Lever
Thanks
next prev parent reply other threads:[~2024-08-29 15:59 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-29 1:03 [PATCH v14 00/25] nfs/nfsd: add support for LOCALIO Mike Snitzer
2024-08-29 1:03 ` [PATCH v14 01/25] nfs_common: factor out nfs_errtbl and nfs_stat_to_errno Mike Snitzer
2024-08-29 14:17 ` Jeff Layton
2024-08-29 1:03 ` [PATCH v14 02/25] nfs_common: factor out nfs4_errtbl and nfs4_stat_to_errno Mike Snitzer
2024-08-29 14:17 ` Jeff Layton
2024-08-29 1:03 ` [PATCH v14 03/25] nfs: factor out {encode,decode}_opaque_fixed to nfs_xdr.h Mike Snitzer
2024-08-29 14:19 ` Jeff Layton
2024-08-29 1:03 ` [PATCH v14 04/25] NFSD: Handle @rqstp == NULL in check_nfsd_access() Mike Snitzer
2024-08-29 14:20 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 05/25] NFSD: Refactor nfsd_setuser_and_check_port() Mike Snitzer
2024-08-29 14:23 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 06/25] NFSD: Avoid using rqstp->rq_vers in nfsd_set_fh_dentry() Mike Snitzer
2024-08-29 1:45 ` [PATCH v14.5 " Mike Snitzer
2024-08-29 16:52 ` Jeff Layton
2024-08-29 14:28 ` [PATCH v14 " Jeff Layton
2024-08-29 15:28 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 07/25] NFSD: Short-circuit fh_verify tracepoints for LOCALIO Mike Snitzer
2024-08-29 14:33 ` Jeff Layton
2024-08-29 14:35 ` Chuck Lever
2024-08-29 1:04 ` [PATCH v14 08/25] nfsd: factor out __fh_verify to allow NULL rqstp to be passed Mike Snitzer
2024-08-29 14:39 ` Jeff Layton
2024-08-29 15:35 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 09/25] nfsd: add nfsd_file_acquire_local() Mike Snitzer
2024-08-29 14:49 ` Jeff Layton
2024-08-29 15:47 ` Chuck Lever
2024-08-29 15:59 ` Mike Snitzer [this message]
2024-08-29 1:04 ` [PATCH v14 10/25] nfsd: add nfsd_serv_try_get and nfsd_serv_put Mike Snitzer
2024-08-29 15:49 ` Chuck Lever
2024-08-29 15:57 ` Jeff Layton
2024-08-29 16:01 ` Mike Snitzer
2024-08-29 16:04 ` Chuck Lever
2024-08-29 1:04 ` [PATCH v14 11/25] SUNRPC: remove call_allocate() BUG_ONs Mike Snitzer
2024-08-29 15:58 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 12/25] SUNRPC: add svcauth_map_clnt_to_svc_cred_local Mike Snitzer
2024-08-29 15:50 ` Chuck Lever
2024-08-29 16:01 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 13/25] SUNRPC: replace program list with program array Mike Snitzer
2024-08-29 16:02 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 14/25] nfs_common: add NFS LOCALIO auxiliary protocol enablement Mike Snitzer
2024-08-29 16:07 ` Jeff Layton
2024-08-29 16:22 ` Mike Snitzer
2024-08-29 23:39 ` NeilBrown
2024-08-30 1:45 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 15/25] nfs_common: introduce nfs_localio_ctx struct and interfaces Mike Snitzer
2024-08-29 16:40 ` Jeff Layton
2024-08-29 16:52 ` Mike Snitzer
2024-08-29 17:48 ` Jeff Layton
2024-08-30 4:36 ` NeilBrown
2024-08-30 5:01 ` Mike Snitzer
2024-08-30 5:08 ` Mike Snitzer
2024-08-30 5:12 ` Mike Snitzer
2024-08-30 5:34 ` NeilBrown
2024-08-30 6:02 ` Mike Snitzer
2024-08-30 5:46 ` NeilBrown
2024-08-30 5:56 ` Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 16/25] nfsd: add localio support Mike Snitzer
2024-08-29 16:01 ` Chuck Lever
2024-08-29 16:15 ` Mike Snitzer
2024-08-29 23:10 ` NeilBrown
2024-08-29 16:49 ` Jeff Layton
2024-08-29 16:59 ` Mike Snitzer
2024-08-29 17:18 ` Chuck Lever
2024-08-29 1:04 ` [PATCH v14 17/25] nfsd: implement server support for NFS_LOCALIO_PROGRAM Mike Snitzer
2024-08-29 16:50 ` Jeff Layton
2024-08-29 1:04 ` [PATCH v14 18/25] nfs: pass struct nfs_localio_ctx to nfs_init_pgio and nfs_init_commit Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 19/25] nfs: add localio support Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 20/25] nfs: enable localio for non-pNFS IO Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 21/25] pnfs/flexfiles: enable localio support Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 22/25] nfs/localio: use dedicated workqueues for filesystem read and write Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 23/25] nfs: implement client support for NFS_LOCALIO_PROGRAM Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 24/25] nfs: add Documentation/filesystems/nfs/localio.rst Mike Snitzer
2024-08-29 1:04 ` [PATCH v14 25/25] nfs: add FAQ section to Documentation/filesystems/nfs/localio.rst Mike Snitzer
2024-08-29 1:47 ` [PATCH v14.5 " Mike Snitzer
2024-08-29 1:42 ` [PATCH v14 00/25] nfs/nfsd: add support for LOCALIO Mike Snitzer
2024-08-29 1:50 ` Mike Snitzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZtCa5x15Al2P2VNk@kernel.org \
--to=snitzer@kernel.org \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).