From: "J. Bruce Fields" <bfields@fieldses.org>
To: Christoph Hellwig <hch@lst.de>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH] nfsd: clean up fh_auth usage
Date: Wed, 7 May 2014 12:01:18 -0400 [thread overview]
Message-ID: <20140507160118.GD4240@fieldses.org> (raw)
In-Reply-To: <1399463384-4324-1-git-send-email-hch@lst.de>
On Wed, May 07, 2014 at 01:49:44PM +0200, Christoph Hellwig wrote:
> Use fh_fsid when reffering to the fsid part of the filehandle. The
> variable length auth field envisioned in nfsfh wasn't ever implemented.
> Also clean up some lose ends around this and document the file handle
> format better.
Thanks.
> Btw, why do we even export nfsfh.h to userspace? The file handle very
> much is kernel private, and nothing in nfs-utils include the header
> either.
Something like wireshark might use that information? But anyway that
doesn't mean it makes much sense to export. I'm fine with moving that
header.
--b.
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> fs/nfsd/nfsfh.c | 20 +++++++++-----------
> include/uapi/linux/nfsd/nfsfh.h | 32 +++++++-------------------------
> 2 files changed, 16 insertions(+), 36 deletions(-)
>
> diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
> index 3c37b16..a337106 100644
> --- a/fs/nfsd/nfsfh.c
> +++ b/fs/nfsd/nfsfh.c
> @@ -169,8 +169,8 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
> data_left -= len;
> if (data_left < 0)
> return error;
> - exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_auth);
> - fid = (struct fid *)(fh->fh_auth + len);
> + exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_fsid);
> + fid = (struct fid *)(fh->fh_fsid + len);
> } else {
> __u32 tfh[2];
> dev_t xdev;
> @@ -385,7 +385,7 @@ static void _fh_update(struct svc_fh *fhp, struct svc_export *exp,
> {
> if (dentry != exp->ex_path.dentry) {
> struct fid *fid = (struct fid *)
> - (fhp->fh_handle.fh_auth + fhp->fh_handle.fh_size/4 - 1);
> + (fhp->fh_handle.fh_fsid + fhp->fh_handle.fh_size/4 - 1);
> int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
> int subtreecheck = !(exp->ex_flags & NFSEXP_NOSUBTREECHECK);
>
> @@ -513,7 +513,6 @@ fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
> */
>
> struct inode * inode = dentry->d_inode;
> - __u32 *datap;
> dev_t ex_dev = exp_sb(exp)->s_dev;
>
> dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n",
> @@ -557,17 +556,16 @@ fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
> if (inode)
> _fh_update_old(dentry, exp, &fhp->fh_handle);
> } else {
> - int len;
> + fhp->fh_handle.fh_size =
> + key_len(fhp->fh_handle.fh_fsid_type) + 4;
> fhp->fh_handle.fh_auth_type = 0;
> - datap = fhp->fh_handle.fh_auth+0;
> - mk_fsid(fhp->fh_handle.fh_fsid_type, datap, ex_dev,
> +
> + mk_fsid(fhp->fh_handle.fh_fsid_type,
> + fhp->fh_handle.fh_fsid,
> + ex_dev,
> exp->ex_path.dentry->d_inode->i_ino,
> exp->ex_fsid, exp->ex_uuid);
>
> - len = key_len(fhp->fh_handle.fh_fsid_type);
> - datap += len/4;
> - fhp->fh_handle.fh_size = 4 + len;
> -
> if (inode)
> _fh_update(fhp, exp, dentry);
> if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) {
> diff --git a/include/uapi/linux/nfsd/nfsfh.h b/include/uapi/linux/nfsd/nfsfh.h
> index 616e3b3..2039123 100644
> --- a/include/uapi/linux/nfsd/nfsfh.h
> +++ b/include/uapi/linux/nfsd/nfsfh.h
> @@ -1,13 +1,7 @@
> /*
> - * include/linux/nfsd/nfsfh.h
> - *
> * This file describes the layout of the file handles as passed
> * over the wire.
> *
> - * Earlier versions of knfsd used to sign file handles using keyed MD5
> - * or SHA. I've removed this code, because it doesn't give you more
> - * security than blocking external access to port 2049 on your firewall.
> - *
> * Copyright (C) 1995, 1996, 1997 Olaf Kirch <okir@monad.swb.de>
> */
>
> @@ -37,7 +31,7 @@ struct nfs_fhbase_old {
> };
>
> /*
> - * This is the new flexible, extensible style NFSv2/v3 file handle.
> + * This is the new flexible, extensible style NFSv2/v3/v4 file handle.
> * by Neil Brown <neilb@cse.unsw.edu.au> - March 2000
> *
> * The file handle starts with a sequence of four-byte words.
> @@ -47,14 +41,7 @@ struct nfs_fhbase_old {
> *
> * All four-byte values are in host-byte-order.
> *
> - * The auth_type field specifies how the filehandle can be authenticated
> - * This might allow a file to be confirmed to be in a writable part of a
> - * filetree without checking the path from it up to the root.
> - * Current values:
> - * 0 - No authentication. fb_auth is 0 bytes long
> - * Possible future values:
> - * 1 - 4 bytes taken from MD5 hash of the remainer of the file handle
> - * prefixed by a secret and with the important export flags.
> + * The auth_type field is deprecated and must be set to 0.
> *
> * The fsid_type identifies how the filesystem (or export point) is
> * encoded.
> @@ -71,14 +58,9 @@ struct nfs_fhbase_old {
> * 7 - 8 byte inode number and 16 byte uuid
> *
> * The fileid_type identified how the file within the filesystem is encoded.
> - * This is (will be) passed to, and set by, the underlying filesystem if it supports
> - * filehandle operations. The filesystem must not use the value '0' or '0xff' and may
> - * only use the values 1 and 2 as defined below:
> - * Current values:
> - * 0 - The root, or export point, of the filesystem. fb_fileid is 0 bytes.
> - * 1 - 32bit inode number, 32 bit generation number.
> - * 2 - 32bit inode number, 32 bit generation number, 32 bit parent directory inode number.
> - *
> + * The values for this field are filesystem specific, exccept that
> + * filesystems must not use the values '0' or '0xff'. 'See enum fid_type'
> + * in include/linux/exportfs.h for currently registered values.
> */
> struct nfs_fhbase_new {
> __u8 fb_version; /* == 1, even => nfs_fhbase_old */
> @@ -114,9 +96,9 @@ struct knfsd_fh {
> #define fh_fsid_type fh_base.fh_new.fb_fsid_type
> #define fh_auth_type fh_base.fh_new.fb_auth_type
> #define fh_fileid_type fh_base.fh_new.fb_fileid_type
> -#define fh_auth fh_base.fh_new.fb_auth
> #define fh_fsid fh_base.fh_new.fb_auth
>
> -
> +/* Do not use, provided for userspace compatiblity. */
> +#define fh_auth fh_base.fh_new.fb_auth
>
> #endif /* _UAPI_LINUX_NFSD_FH_H */
> --
> 1.7.10.4
>
next prev parent reply other threads:[~2014-05-07 16:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-07 11:49 [PATCH] nfsd: clean up fh_auth usage Christoph Hellwig
2014-05-07 16:01 ` J. Bruce Fields [this message]
2014-05-08 6:27 ` Christoph Hellwig
2014-05-08 15:28 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140507160118.GD4240@fieldses.org \
--to=bfields@fieldses.org \
--cc=hch@lst.de \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).