From: Mike Snitzer <snitzer@kernel.org>
To: NeilBrown <neilb@suse.de>
Cc: cel@kernel.org, linux-nfs@vger.kernel.org
Subject: Re: [RFC PATCH 1/6] NFSD: Handle @rqstp == NULL in check_nfsd_access()
Date: Tue, 27 Aug 2024 23:00:20 -0400 [thread overview]
Message-ID: <Zs6SxCUgv8yl9aqg@kernel.org> (raw)
In-Reply-To: <172480752028.4433.11727348270307536121@noble.neil.brown.name>
On Wed, Aug 28, 2024 at 11:12:00AM +1000, NeilBrown wrote:
> On Wed, 28 Aug 2024, cel@kernel.org wrote:
> > From: NeilBrown <neilb@suse.de>
> >
> > LOCALIO-initiated open operations are not running in an nfsd thread
> > and thus do not have an associated svc_rqst context.
> >
> > Signed-off-by: NeilBrown <neilb@suse.de>
> > Co-developed-by: Mike Snitzer <snitzer@kernel.org>
> > Signed-off-by: Mike Snitzer <snitzer@kernel.org>
> > Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> > ---
> > fs/nfsd/export.c | 29 ++++++++++++++++++++++++-----
> > 1 file changed, 24 insertions(+), 5 deletions(-)
> >
> > diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
> > index 7bb4f2075ac5..46a4d989c850 100644
> > --- a/fs/nfsd/export.c
> > +++ b/fs/nfsd/export.c
> > @@ -1074,10 +1074,29 @@ static struct svc_export *exp_find(struct cache_detail *cd,
> > return exp;
> > }
> >
> > +/**
> > + * check_nfsd_access - check if access to export is allowed.
> > + * @exp: svc_export that is being accessed.
> > + * @rqstp: svc_rqst attempting to access @exp (will be NULL for LOCALIO).
> > + *
> > + * Return values:
> > + * %nfs_ok if access is granted, or
> > + * %nfserr_wrongsec if access is denied
> > + */
> > __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
> > {
> > struct exp_flavor_info *f, *end = exp->ex_flavors + exp->ex_nflavors;
> > - struct svc_xprt *xprt = rqstp->rq_xprt;
> > + struct svc_xprt *xprt;
> > +
> > + /*
> > + * The target use case for rqstp being NULL is LOCALIO, which
> > + * currently only supports AUTH_UNIX. The behavior for LOCALIO
> > + * is therefore the same as the AUTH_UNIX check below.
>
> The "AUTH_UNIX check below" only applies if exp->ex_flavours == 0.
> To make "rqstp == NULL" mean "treat like AUTH_UNIX" I think we need
> to confirm that
> exp->ex_xprtsec_mods & NFSEXP_XPRTSEC_NONE
> and either
> exp->ex_nflavours == 0
> or
> one for the exp->ex_flavors->pseudoflavor values is RPC_AUTH_UNIX
>
> I'm not sure that is all really necessary, but if not then we probably
> need a better comment...
Think extra checks aren't needed (unless you think a NULL rqstp
_without_ the use of LOCALIO possible? which could trigger a false
positive granting of access? seems unlikely but...)
Mike
next prev parent reply other threads:[~2024-08-28 3:00 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-28 0:44 [RFC PATCH 0/6] Split up refactoring of fh_verify() cel
2024-08-28 0:44 ` [RFC PATCH 1/6] NFSD: Handle @rqstp == NULL in check_nfsd_access() cel
2024-08-28 1:12 ` NeilBrown
2024-08-28 3:00 ` Mike Snitzer [this message]
2024-08-28 6:30 ` NeilBrown
2024-08-28 13:26 ` Chuck Lever III
2024-08-28 13:45 ` Mike Snitzer
2024-08-28 21:05 ` NeilBrown
2024-08-29 0:27 ` Mike Snitzer
2024-08-28 0:44 ` [RFC PATCH 2/6] NFSD: Refactor nfsd_setuser_and_check_port() cel
2024-08-28 0:44 ` [RFC PATCH 3/6] NFSD: Avoid using rqstp->rq_vers in nfsd_set_fh_dentry() cel
2024-08-28 5:02 ` NeilBrown
2024-08-28 13:45 ` Chuck Lever
2024-08-28 14:19 ` Mike Snitzer
2024-08-28 0:44 ` [RFC PATCH 4/6] NFSD: Short-circuit fh_verify tracepoints for LOCALIO cel
2024-08-28 0:44 ` [RFC PATCH 5/6] nfsd: factor out __fh_verify to allow NULL rqstp to be passed cel
2024-08-28 0:44 ` [RFC PATCH 6/6] nfsd: add nfsd_file_acquire_local() cel
2024-08-28 1:08 ` [RFC PATCH 0/6] Split up refactoring of fh_verify() Mike Snitzer
2024-08-28 2:32 ` Mike Snitzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zs6SxCUgv8yl9aqg@kernel.org \
--to=snitzer@kernel.org \
--cc=cel@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox