* [PATCH 1/6] NFSv4.1: Ensure that layoutget is called using the layout credential @ 2013-05-20 17:17 Trond Myklebust 2013-05-20 17:17 ` [PATCH 2/6] NFSv4.1: Ensure that layoutreturn uses the correct credential Trond Myklebust 0 siblings, 1 reply; 9+ messages in thread From: Trond Myklebust @ 2013-05-20 17:17 UTC (permalink / raw) To: linux-nfs Ensure that we use the same credential for layoutget, layoutcommit and layoutreturn. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- fs/nfs/nfs4proc.c | 1 + fs/nfs/pnfs.c | 1 + include/linux/nfs_xdr.h | 1 + 3 files changed, 3 insertions(+) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 8fbc100..a05397b 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -6348,6 +6348,7 @@ nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags) .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_LAYOUTGET], .rpc_argp = &lgp->args, .rpc_resp = &lgp->res, + .rpc_cred = lgp->cred, }; struct rpc_task_setup task_setup_data = { .rpc_client = server->client, diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c index c5bd758e..2f86115 100644 --- a/fs/nfs/pnfs.c +++ b/fs/nfs/pnfs.c @@ -766,6 +766,7 @@ send_layoutget(struct pnfs_layout_hdr *lo, lgp->args.inode = ino; lgp->args.ctx = get_nfs_open_context(ctx); lgp->gfp_flags = gfp_flags; + lgp->cred = lo->plh_lc_cred; /* Synchronously retrieve layout information from server and * store in lseg. diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index 104b62f..32c95d6 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h @@ -246,6 +246,7 @@ struct nfs4_layoutget_res { struct nfs4_layoutget { struct nfs4_layoutget_args args; struct nfs4_layoutget_res res; + struct rpc_cred *cred; gfp_t gfp_flags; }; -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/6] NFSv4.1: Ensure that layoutreturn uses the correct credential 2013-05-20 17:17 [PATCH 1/6] NFSv4.1: Ensure that layoutget is called using the layout credential Trond Myklebust @ 2013-05-20 17:17 ` Trond Myklebust 2013-05-20 17:17 ` [PATCH 3/6] NFSv4.1: Ensure that reclaim_complete uses the right credential Trond Myklebust 0 siblings, 1 reply; 9+ messages in thread From: Trond Myklebust @ 2013-05-20 17:17 UTC (permalink / raw) To: linux-nfs We need to use the same credential as was used for the layoutget and/or layoutcommit operations. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- fs/nfs/nfs4proc.c | 1 + fs/nfs/pnfs.c | 1 + 2 files changed, 2 insertions(+) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index a05397b..2956973 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -6452,6 +6452,7 @@ int nfs4_proc_layoutreturn(struct nfs4_layoutreturn *lrp) .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_LAYOUTRETURN], .rpc_argp = &lrp->args, .rpc_resp = &lrp->res, + .rpc_cred = lrp->cred, }; struct rpc_task_setup task_setup_data = { .rpc_client = lrp->clp->cl_rpcclient, diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c index 2f86115..89ca75f 100644 --- a/fs/nfs/pnfs.c +++ b/fs/nfs/pnfs.c @@ -861,6 +861,7 @@ _pnfs_return_layout(struct inode *ino) lrp->args.inode = ino; lrp->args.layout = lo; lrp->clp = NFS_SERVER(ino)->nfs_client; + lrp->cred = lo->plh_lc_cred; status = nfs4_proc_layoutreturn(lrp); out: -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/6] NFSv4.1: Ensure that reclaim_complete uses the right credential 2013-05-20 17:17 ` [PATCH 2/6] NFSv4.1: Ensure that layoutreturn uses the correct credential Trond Myklebust @ 2013-05-20 17:17 ` Trond Myklebust 2013-05-20 17:17 ` [PATCH 4/6] NFSv4.1: Ensure that test_stateid and free_stateid use correct credentials Trond Myklebust 0 siblings, 1 reply; 9+ messages in thread From: Trond Myklebust @ 2013-05-20 17:17 UTC (permalink / raw) To: linux-nfs We want to use the same credential for reclaim_complete as we used for the exchange_id call. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- fs/nfs/nfs4_fs.h | 2 +- fs/nfs/nfs4proc.c | 4 +++- fs/nfs/nfs4state.c | 13 ++++++++++--- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h index a1dd768..e64a00c 100644 --- a/fs/nfs/nfs4_fs.h +++ b/fs/nfs/nfs4_fs.h @@ -194,7 +194,7 @@ struct nfs4_state_recovery_ops { int (*recover_lock)(struct nfs4_state *, struct file_lock *); int (*establish_clid)(struct nfs_client *, struct rpc_cred *); struct rpc_cred * (*get_clid_cred)(struct nfs_client *); - int (*reclaim_complete)(struct nfs_client *); + int (*reclaim_complete)(struct nfs_client *, struct rpc_cred *); int (*detect_trunking)(struct nfs_client *, struct nfs_client **, struct rpc_cred *); }; diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 2956973..9d90f57 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -6159,12 +6159,14 @@ static const struct rpc_call_ops nfs4_reclaim_complete_call_ops = { /* * Issue a global reclaim complete. */ -static int nfs41_proc_reclaim_complete(struct nfs_client *clp) +static int nfs41_proc_reclaim_complete(struct nfs_client *clp, + struct rpc_cred *cred) { struct nfs4_reclaim_complete_data *calldata; struct rpc_task *task; struct rpc_message msg = { .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_RECLAIM_COMPLETE], + .rpc_cred = cred, }; struct rpc_task_setup task_setup_data = { .rpc_client = clp->cl_rpcclient, diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c index 300d17d..30b9ba1 100644 --- a/fs/nfs/nfs4state.c +++ b/fs/nfs/nfs4state.c @@ -1564,11 +1564,12 @@ static void nfs4_state_start_reclaim_reboot(struct nfs_client *clp) } static void nfs4_reclaim_complete(struct nfs_client *clp, - const struct nfs4_state_recovery_ops *ops) + const struct nfs4_state_recovery_ops *ops, + struct rpc_cred *cred) { /* Notify the server we're done reclaiming our state */ if (ops->reclaim_complete) - (void)ops->reclaim_complete(clp); + (void)ops->reclaim_complete(clp, cred); } static void nfs4_clear_reclaim_server(struct nfs_server *server) @@ -1613,9 +1614,15 @@ static int nfs4_state_clear_reclaim_reboot(struct nfs_client *clp) static void nfs4_state_end_reclaim_reboot(struct nfs_client *clp) { + const struct nfs4_state_recovery_ops *ops; + struct rpc_cred *cred; + if (!nfs4_state_clear_reclaim_reboot(clp)) return; - nfs4_reclaim_complete(clp, clp->cl_mvops->reboot_recovery_ops); + ops = clp->cl_mvops->reboot_recovery_ops; + cred = ops->get_clid_cred(clp); + nfs4_reclaim_complete(clp, ops, cred); + put_rpccred(cred); } static void nfs_delegation_clear_all(struct nfs_client *clp) -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4/6] NFSv4.1: Ensure that test_stateid and free_stateid use correct credentials 2013-05-20 17:17 ` [PATCH 3/6] NFSv4.1: Ensure that reclaim_complete uses the right credential Trond Myklebust @ 2013-05-20 17:17 ` Trond Myklebust 2013-05-20 17:17 ` [PATCH 5/6] NFSv4.1: Use layout credentials for get_deviceinfo calls Trond Myklebust 0 siblings, 1 reply; 9+ messages in thread From: Trond Myklebust @ 2013-05-20 17:17 UTC (permalink / raw) To: linux-nfs Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- fs/nfs/nfs4proc.c | 65 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 50 insertions(+), 15 deletions(-) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 9d90f57..4f42f49 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -83,8 +83,10 @@ static int nfs4_do_setattr(struct inode *inode, struct rpc_cred *cred, struct nfs_fattr *fattr, struct iattr *sattr, struct nfs4_state *state); #ifdef CONFIG_NFS_V4_1 -static int nfs41_test_stateid(struct nfs_server *, nfs4_stateid *); -static int nfs41_free_stateid(struct nfs_server *, nfs4_stateid *); +static int nfs41_test_stateid(struct nfs_server *, nfs4_stateid *, + struct rpc_cred *); +static int nfs41_free_stateid(struct nfs_server *, nfs4_stateid *, + struct rpc_cred *); #endif /* Prevent leaks of NFSv4 errors into userland */ static int nfs4_map_errors(int err) @@ -1855,18 +1857,30 @@ static void nfs41_clear_delegation_stateid(struct nfs4_state *state) { struct nfs_server *server = NFS_SERVER(state->inode); nfs4_stateid *stateid = &state->stateid; - int status; + struct nfs_delegation *delegation; + struct rpc_cred *cred = NULL; + int status = -NFS4ERR_BAD_STATEID; /* If a state reset has been done, test_stateid is unneeded */ if (test_bit(NFS_DELEGATED_STATE, &state->flags) == 0) return; - status = nfs41_test_stateid(server, stateid); + /* Get the delegation credential for use by test/free_stateid */ + rcu_read_lock(); + delegation = rcu_dereference(NFS_I(state->inode)->delegation); + if (delegation != NULL && + nfs4_stateid_match(&delegation->stateid, stateid)) { + cred = get_rpccred(delegation->cred); + rcu_read_unlock(); + status = nfs41_test_stateid(server, stateid, cred); + } else + rcu_read_unlock(); + if (status != NFS_OK) { /* Free the stateid unless the server explicitly * informs us the stateid is unrecognized. */ if (status != -NFS4ERR_BAD_STATEID) - nfs41_free_stateid(server, stateid); + nfs41_free_stateid(server, stateid, cred); nfs_remove_bad_delegation(state->inode); write_seqlock(&state->seqlock); @@ -1874,6 +1888,9 @@ static void nfs41_clear_delegation_stateid(struct nfs4_state *state) write_sequnlock(&state->seqlock); clear_bit(NFS_DELEGATED_STATE, &state->flags); } + + if (cred != NULL) + put_rpccred(cred); } /** @@ -1888,6 +1905,7 @@ static int nfs41_check_open_stateid(struct nfs4_state *state) { struct nfs_server *server = NFS_SERVER(state->inode); nfs4_stateid *stateid = &state->open_stateid; + struct rpc_cred *cred = state->owner->so_cred; int status; /* If a state reset has been done, test_stateid is unneeded */ @@ -1896,12 +1914,12 @@ static int nfs41_check_open_stateid(struct nfs4_state *state) (test_bit(NFS_O_RDWR_STATE, &state->flags) == 0)) return -NFS4ERR_BAD_STATEID; - status = nfs41_test_stateid(server, stateid); + status = nfs41_test_stateid(server, stateid, cred); if (status != NFS_OK) { /* Free the stateid unless the server explicitly * informs us the stateid is unrecognized. */ if (status != -NFS4ERR_BAD_STATEID) - nfs41_free_stateid(server, stateid); + nfs41_free_stateid(server, stateid, cred); clear_bit(NFS_O_RDONLY_STATE, &state->flags); clear_bit(NFS_O_WRONLY_STATE, &state->flags); @@ -5056,13 +5074,18 @@ static int nfs41_check_expired_locks(struct nfs4_state *state) list_for_each_entry(lsp, &state->lock_states, ls_locks) { if (test_bit(NFS_LOCK_INITIALIZED, &lsp->ls_flags)) { - status = nfs41_test_stateid(server, &lsp->ls_stateid); + struct rpc_cred *cred = lsp->ls_state->owner->so_cred; + + status = nfs41_test_stateid(server, + &lsp->ls_stateid, + cred); if (status != NFS_OK) { /* Free the stateid unless the server * informs us the stateid is unrecognized. */ if (status != -NFS4ERR_BAD_STATEID) nfs41_free_stateid(server, - &lsp->ls_stateid); + &lsp->ls_stateid, + cred); clear_bit(NFS_LOCK_INITIALIZED, &lsp->ls_flags); ret = status; } @@ -6737,7 +6760,9 @@ out: return err; } -static int _nfs41_test_stateid(struct nfs_server *server, nfs4_stateid *stateid) +static int _nfs41_test_stateid(struct nfs_server *server, + nfs4_stateid *stateid, + struct rpc_cred *cred) { int status; struct nfs41_test_stateid_args args = { @@ -6748,6 +6773,7 @@ static int _nfs41_test_stateid(struct nfs_server *server, nfs4_stateid *stateid) .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_TEST_STATEID], .rpc_argp = &args, .rpc_resp = &res, + .rpc_cred = cred, }; dprintk("NFS call test_stateid %p\n", stateid); @@ -6768,17 +6794,20 @@ static int _nfs41_test_stateid(struct nfs_server *server, nfs4_stateid *stateid) * * @server: server / transport on which to perform the operation * @stateid: state ID to test + * @cred: credential * * Returns NFS_OK if the server recognizes that "stateid" is valid. * Otherwise a negative NFS4ERR value is returned if the operation * failed or the state ID is not currently valid. */ -static int nfs41_test_stateid(struct nfs_server *server, nfs4_stateid *stateid) +static int nfs41_test_stateid(struct nfs_server *server, + nfs4_stateid *stateid, + struct rpc_cred *cred) { struct nfs4_exception exception = { }; int err; do { - err = _nfs41_test_stateid(server, stateid); + err = _nfs41_test_stateid(server, stateid, cred); if (err != -NFS4ERR_DELAY) break; nfs4_handle_exception(server, err, &exception); @@ -6827,10 +6856,12 @@ const struct rpc_call_ops nfs41_free_stateid_ops = { static struct rpc_task *_nfs41_free_stateid(struct nfs_server *server, nfs4_stateid *stateid, + struct rpc_cred *cred, bool privileged) { struct rpc_message msg = { .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_FREE_STATEID], + .rpc_cred = cred, }; struct rpc_task_setup task_setup = { .rpc_client = server->client, @@ -6863,16 +6894,19 @@ static struct rpc_task *_nfs41_free_stateid(struct nfs_server *server, * * @server: server / transport on which to perform the operation * @stateid: state ID to release + * @cred: credential * * Returns NFS_OK if the server freed "stateid". Otherwise a * negative NFS4ERR value is returned. */ -static int nfs41_free_stateid(struct nfs_server *server, nfs4_stateid *stateid) +static int nfs41_free_stateid(struct nfs_server *server, + nfs4_stateid *stateid, + struct rpc_cred *cred) { struct rpc_task *task; int ret; - task = _nfs41_free_stateid(server, stateid, true); + task = _nfs41_free_stateid(server, stateid, cred, true); if (IS_ERR(task)) return PTR_ERR(task); ret = rpc_wait_for_completion_task(task); @@ -6885,8 +6919,9 @@ static int nfs41_free_stateid(struct nfs_server *server, nfs4_stateid *stateid) static int nfs41_free_lock_state(struct nfs_server *server, struct nfs4_lock_state *lsp) { struct rpc_task *task; + struct rpc_cred *cred = lsp->ls_state->owner->so_cred; - task = _nfs41_free_stateid(server, &lsp->ls_stateid, false); + task = _nfs41_free_stateid(server, &lsp->ls_stateid, cred, false); nfs4_free_lock_state(server, lsp); if (IS_ERR(task)) return PTR_ERR(task); -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 5/6] NFSv4.1: Use layout credentials for get_deviceinfo calls 2013-05-20 17:17 ` [PATCH 4/6] NFSv4.1: Ensure that test_stateid and free_stateid use correct credentials Trond Myklebust @ 2013-05-20 17:17 ` Trond Myklebust 2013-05-20 17:17 ` [PATCH 6/6] NFSv4.1: Enable state protection Trond Myklebust 0 siblings, 1 reply; 9+ messages in thread From: Trond Myklebust @ 2013-05-20 17:17 UTC (permalink / raw) To: linux-nfs This is not strictly needed, since get_deviceinfo is not allowed to return NFS4ERR_ACCESS or NFS4ERR_WRONG_CRED, but lets do it anyway for consistency with other pNFS operations. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- fs/nfs/blocklayout/blocklayout.c | 2 +- fs/nfs/nfs4filelayout.c | 3 ++- fs/nfs/nfs4filelayout.h | 3 ++- fs/nfs/nfs4filelayoutdev.c | 7 +++++-- fs/nfs/nfs4proc.c | 11 ++++++++--- fs/nfs/objlayout/objlayout.c | 3 ++- fs/nfs/pnfs.h | 3 ++- 7 files changed, 22 insertions(+), 10 deletions(-) diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c index 434b93e..1e5fdd3 100644 --- a/fs/nfs/blocklayout/blocklayout.c +++ b/fs/nfs/blocklayout/blocklayout.c @@ -1091,7 +1091,7 @@ nfs4_blk_get_deviceinfo(struct nfs_server *server, const struct nfs_fh *fh, dev->mincount = 0; dprintk("%s: dev_id: %s\n", __func__, dev->dev_id.data); - rc = nfs4_proc_getdeviceinfo(server, dev); + rc = nfs4_proc_getdeviceinfo(server, dev, NULL); dprintk("%s getdevice info returns %d\n", __func__, rc); if (rc) { rv = ERR_PTR(rc); diff --git a/fs/nfs/nfs4filelayout.c b/fs/nfs/nfs4filelayout.c index 22d1062..17ed87e 100644 --- a/fs/nfs/nfs4filelayout.c +++ b/fs/nfs/nfs4filelayout.c @@ -643,7 +643,8 @@ filelayout_check_layout(struct pnfs_layout_hdr *lo, d = nfs4_find_get_deviceid(NFS_SERVER(lo->plh_inode)->pnfs_curr_ld, NFS_SERVER(lo->plh_inode)->nfs_client, id); if (d == NULL) { - dsaddr = filelayout_get_device_info(lo->plh_inode, id, gfp_flags); + dsaddr = filelayout_get_device_info(lo->plh_inode, id, + lo->plh_lc_cred, gfp_flags); if (dsaddr == NULL) goto out; } else diff --git a/fs/nfs/nfs4filelayout.h b/fs/nfs/nfs4filelayout.h index 235ff95..cebd20e 100644 --- a/fs/nfs/nfs4filelayout.h +++ b/fs/nfs/nfs4filelayout.h @@ -150,6 +150,7 @@ struct nfs4_pnfs_ds *nfs4_fl_prepare_ds(struct pnfs_layout_segment *lseg, extern void nfs4_fl_put_deviceid(struct nfs4_file_layout_dsaddr *dsaddr); extern void nfs4_fl_free_deviceid(struct nfs4_file_layout_dsaddr *dsaddr); struct nfs4_file_layout_dsaddr * -filelayout_get_device_info(struct inode *inode, struct nfs4_deviceid *dev_id, gfp_t gfp_flags); +filelayout_get_device_info(struct inode *inode, struct nfs4_deviceid *dev_id, + struct rpc_cred *cred, gfp_t gfp_flags); #endif /* FS_NFS_NFS4FILELAYOUT_H */ diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c index 661a0f6..0493dbd 100644 --- a/fs/nfs/nfs4filelayoutdev.c +++ b/fs/nfs/nfs4filelayoutdev.c @@ -668,7 +668,10 @@ decode_and_add_device(struct inode *inode, struct pnfs_device *dev, gfp_t gfp_fl * of available devices, and return it. */ struct nfs4_file_layout_dsaddr * -filelayout_get_device_info(struct inode *inode, struct nfs4_deviceid *dev_id, gfp_t gfp_flags) +filelayout_get_device_info(struct inode *inode, + struct nfs4_deviceid *dev_id, + struct rpc_cred *cred, + gfp_t gfp_flags) { struct pnfs_device *pdev = NULL; u32 max_resp_sz; @@ -709,7 +712,7 @@ filelayout_get_device_info(struct inode *inode, struct nfs4_deviceid *dev_id, gf pdev->pglen = max_resp_sz; pdev->mincount = 0; - rc = nfs4_proc_getdeviceinfo(server, pdev); + rc = nfs4_proc_getdeviceinfo(server, pdev, cred); dprintk("%s getdevice info returns %d\n", __func__, rc); if (rc) goto out_free; diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 4f42f49..7cdc706 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -6547,7 +6547,9 @@ int nfs4_proc_getdevicelist(struct nfs_server *server, EXPORT_SYMBOL_GPL(nfs4_proc_getdevicelist); static int -_nfs4_proc_getdeviceinfo(struct nfs_server *server, struct pnfs_device *pdev) +_nfs4_proc_getdeviceinfo(struct nfs_server *server, + struct pnfs_device *pdev, + struct rpc_cred *cred) { struct nfs4_getdeviceinfo_args args = { .pdev = pdev, @@ -6559,6 +6561,7 @@ _nfs4_proc_getdeviceinfo(struct nfs_server *server, struct pnfs_device *pdev) .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETDEVICEINFO], .rpc_argp = &args, .rpc_resp = &res, + .rpc_cred = cred, }; int status; @@ -6569,14 +6572,16 @@ _nfs4_proc_getdeviceinfo(struct nfs_server *server, struct pnfs_device *pdev) return status; } -int nfs4_proc_getdeviceinfo(struct nfs_server *server, struct pnfs_device *pdev) +int nfs4_proc_getdeviceinfo(struct nfs_server *server, + struct pnfs_device *pdev, + struct rpc_cred *cred) { struct nfs4_exception exception = { }; int err; do { err = nfs4_handle_exception(server, - _nfs4_proc_getdeviceinfo(server, pdev), + _nfs4_proc_getdeviceinfo(server, pdev, cred), &exception); } while (exception.retry); return err; diff --git a/fs/nfs/objlayout/objlayout.c b/fs/nfs/objlayout/objlayout.c index a9ebd81..1989908 100644 --- a/fs/nfs/objlayout/objlayout.c +++ b/fs/nfs/objlayout/objlayout.c @@ -614,7 +614,8 @@ int objlayout_get_deviceinfo(struct pnfs_layout_hdr *pnfslay, pd.pglen = PAGE_SIZE; pd.mincount = 0; - err = nfs4_proc_getdeviceinfo(NFS_SERVER(pnfslay->plh_inode), &pd); + err = nfs4_proc_getdeviceinfo(NFS_SERVER(pnfslay->plh_inode), &pd, + pnfslay->plh_lc_cred); dprintk("%s nfs_getdeviceinfo returned %d\n", __func__, err); if (err) goto err_out; diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h index f5f8a47..1441dff 100644 --- a/fs/nfs/pnfs.h +++ b/fs/nfs/pnfs.h @@ -170,7 +170,8 @@ extern int nfs4_proc_getdevicelist(struct nfs_server *server, const struct nfs_fh *fh, struct pnfs_devicelist *devlist); extern int nfs4_proc_getdeviceinfo(struct nfs_server *server, - struct pnfs_device *dev); + struct pnfs_device *dev, + struct rpc_cred *cred); extern struct pnfs_layout_segment* nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags); extern int nfs4_proc_layoutreturn(struct nfs4_layoutreturn *lrp); -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 6/6] NFSv4.1: Enable state protection 2013-05-20 17:17 ` [PATCH 5/6] NFSv4.1: Use layout credentials for get_deviceinfo calls Trond Myklebust @ 2013-05-20 17:17 ` Trond Myklebust 2013-05-20 20:40 ` J. Bruce Fields 0 siblings, 1 reply; 9+ messages in thread From: Trond Myklebust @ 2013-05-20 17:17 UTC (permalink / raw) To: linux-nfs Use the EXCHGID4_FLAG_BIND_PRINC_STATEID exchange_id flag to enable stateid protection. This means that if we create a stateid using a particular principal, then we must use the same principal if we want to change that state. IOW: if we OPEN a file using a particular credential, then we have to use the same credential in subsequent OPEN_DOWNGRADE, CLOSE, or DELEGRETURN operations that use that stateid. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- fs/nfs/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 7cdc706..3e21d43 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -5528,7 +5528,8 @@ int nfs4_proc_exchange_id(struct nfs_client *clp, struct rpc_cred *cred) struct nfs41_exchange_id_args args = { .verifier = &verifier, .client = clp, - .flags = EXCHGID4_FLAG_SUPP_MOVED_REFER, + .flags = EXCHGID4_FLAG_SUPP_MOVED_REFER | + EXCHGID4_FLAG_BIND_PRINC_STATEID, }; struct nfs41_exchange_id_res res = { 0 -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 6/6] NFSv4.1: Enable state protection 2013-05-20 17:17 ` [PATCH 6/6] NFSv4.1: Enable state protection Trond Myklebust @ 2013-05-20 20:40 ` J. Bruce Fields 2013-05-20 21:10 ` Myklebust, Trond 0 siblings, 1 reply; 9+ messages in thread From: J. Bruce Fields @ 2013-05-20 20:40 UTC (permalink / raw) To: Trond Myklebust; +Cc: linux-nfs On Mon, May 20, 2013 at 01:17:07PM -0400, Trond Myklebust wrote: > Use the EXCHGID4_FLAG_BIND_PRINC_STATEID exchange_id flag to enable > stateid protection. This means that if we create a stateid using a > particular principal, then we must use the same principal if we > want to change that state. Note that knfsd ignores this--its EXCHANGE_ID will always return with the flag unset regardless of what the client requests. My understanding is that that's legal ("Whether a bit is set or cleared on the arguments' flags does not force the server to set or clear the same bit on the results' side.") (Definitely not opposed to implementing it, just haven't gotten around to it.) --b. > IOW: if we OPEN a file using a particular credential, then we have > to use the same credential in subsequent OPEN_DOWNGRADE, CLOSE, > or DELEGRETURN operations that use that stateid. > > Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> > --- > fs/nfs/nfs4proc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c > index 7cdc706..3e21d43 100644 > --- a/fs/nfs/nfs4proc.c > +++ b/fs/nfs/nfs4proc.c > @@ -5528,7 +5528,8 @@ int nfs4_proc_exchange_id(struct nfs_client *clp, struct rpc_cred *cred) > struct nfs41_exchange_id_args args = { > .verifier = &verifier, > .client = clp, > - .flags = EXCHGID4_FLAG_SUPP_MOVED_REFER, > + .flags = EXCHGID4_FLAG_SUPP_MOVED_REFER | > + EXCHGID4_FLAG_BIND_PRINC_STATEID, > }; > struct nfs41_exchange_id_res res = { > 0 > -- > 1.8.1.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 6/6] NFSv4.1: Enable state protection 2013-05-20 20:40 ` J. Bruce Fields @ 2013-05-20 21:10 ` Myklebust, Trond 2013-05-20 21:25 ` J. Bruce Fields 0 siblings, 1 reply; 9+ messages in thread From: Myklebust, Trond @ 2013-05-20 21:10 UTC (permalink / raw) To: J. Bruce Fields; +Cc: linux-nfs@vger.kernel.org On Mon, 2013-05-20 at 16:40 -0400, J. Bruce Fields wrote: > On Mon, May 20, 2013 at 01:17:07PM -0400, Trond Myklebust wrote: > > Use the EXCHGID4_FLAG_BIND_PRINC_STATEID exchange_id flag to enable > > stateid protection. This means that if we create a stateid using a > > particular principal, then we must use the same principal if we > > want to change that state. > > Note that knfsd ignores this--its EXCHANGE_ID will always return with > the flag unset regardless of what the client requests. My understanding > is that that's legal ("Whether a bit is set or cleared on the arguments' > flags does not force the server to set or clear the same bit on the > results' side.") > > (Definitely not opposed to implementing it, just haven't gotten around > to it.) Right, but the point here is that the server is allowed to set EXCHGID4_FLAG_BIND_PRINC_STATEID without the client requesting it, so the client is supposed to always be ready for that situation. This patch series is therefore more about ensuring that the Linux client is spec compliant. -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@netapp.com www.netapp.com ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 6/6] NFSv4.1: Enable state protection 2013-05-20 21:10 ` Myklebust, Trond @ 2013-05-20 21:25 ` J. Bruce Fields 0 siblings, 0 replies; 9+ messages in thread From: J. Bruce Fields @ 2013-05-20 21:25 UTC (permalink / raw) To: Myklebust, Trond; +Cc: linux-nfs@vger.kernel.org On Mon, May 20, 2013 at 09:10:46PM +0000, Myklebust, Trond wrote: > On Mon, 2013-05-20 at 16:40 -0400, J. Bruce Fields wrote: > > On Mon, May 20, 2013 at 01:17:07PM -0400, Trond Myklebust wrote: > > > Use the EXCHGID4_FLAG_BIND_PRINC_STATEID exchange_id flag to enable > > > stateid protection. This means that if we create a stateid using a > > > particular principal, then we must use the same principal if we > > > want to change that state. > > > > Note that knfsd ignores this--its EXCHANGE_ID will always return with > > the flag unset regardless of what the client requests. My understanding > > is that that's legal ("Whether a bit is set or cleared on the arguments' > > flags does not force the server to set or clear the same bit on the > > results' side.") > > > > (Definitely not opposed to implementing it, just haven't gotten around > > to it.) > > Right, but the point here is that the server is allowed to set > EXCHGID4_FLAG_BIND_PRINC_STATEID without the client requesting it, so > the client is supposed to always be ready for that situation. > > This patch series is therefore more about ensuring that the Linux client > is spec compliant. Sure, makes sense. --b. ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2013-05-20 21:25 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-05-20 17:17 [PATCH 1/6] NFSv4.1: Ensure that layoutget is called using the layout credential Trond Myklebust 2013-05-20 17:17 ` [PATCH 2/6] NFSv4.1: Ensure that layoutreturn uses the correct credential Trond Myklebust 2013-05-20 17:17 ` [PATCH 3/6] NFSv4.1: Ensure that reclaim_complete uses the right credential Trond Myklebust 2013-05-20 17:17 ` [PATCH 4/6] NFSv4.1: Ensure that test_stateid and free_stateid use correct credentials Trond Myklebust 2013-05-20 17:17 ` [PATCH 5/6] NFSv4.1: Use layout credentials for get_deviceinfo calls Trond Myklebust 2013-05-20 17:17 ` [PATCH 6/6] NFSv4.1: Enable state protection Trond Myklebust 2013-05-20 20:40 ` J. Bruce Fields 2013-05-20 21:10 ` Myklebust, Trond 2013-05-20 21:25 ` J. Bruce Fields
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).