summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-09-12SUNRPC: No, I did not intend to create a 256KiB hashtableTrond Myklebust
Fix the declaration of the gss_auth_hash_table so that it creates a 16 bucket hashtable, as I had intended. Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-12sunrpc: Add missing kuids conversion for printingGeert Uytterhoeven
m68k/allmodconfig: net/sunrpc/auth_generic.c: In function ‘generic_key_timeout’: net/sunrpc/auth_generic.c:241: warning: format ‘%d’ expects type ‘int’, but argument 2 has type ‘kuid_t’ commit cdba321e291f0fbf5abda4d88340292b858e3d4d ("sunrpc: Convert kuids and kgids to uids and gids for printing") forgot to convert one instance. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-11NFSv4.1: sp4_mach_cred: WARN_ON -> WARN_ON_ONCEWeston Andros Adamson
No need to spam the logs Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-11NFSv4.1: sp4_mach_cred: no need to ref count credsWeston Andros Adamson
The cl_machine_cred doesn't need to be reference counted here - a reference is held is for the lifetime of the struct nfs_client. Also, no need to put_rpccred the rpc_message.rpc_cred. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-11NFSv4.1: fix SECINFO* use of put_rpccredWeston Andros Adamson
Recent SP4_MACH_CRED changes allows rpc_message.rpc_cred to change, so keep a separate pointer to the machine cred for put_rpccred. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-11NFSv4.1: sp4_mach_cred: ask for WRITE and COMMITWeston Andros Adamson
Request SP4_MACH_CRED WRITE and COMMIT support in spo_must_allow list -- they're already supported by the client. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-10NFSv4.1 fix decode_free_stateidAndy Adamson
The operation status is decoded in decode_op_hdr. Stop the print_overflow message that is always hit without this patch: nfs: decode_free_stateid: prematurely hit end of receive buffer. Remaining buffer length is 0 words. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFSv4: use mach cred for SECINFO_NO_NAME w/ integrityWeston Andros Adamson
Commit 97431204ea005ec8070ac94bc3251e836daa7ca7 introduced a regression that causes SECINFO_NO_NAME to fail without sending an RPC if: 1) the nfs_client's rpc_client is using krb5i/p (now tried by default) 2) the current user doesn't have valid kerberos credentials This situation is quite common - as of now a sec=sys mount would use krb5i for the nfs_client's rpc_client and a user would hardly be faulted for not having run kinit. The solution is to use the machine cred when trying to use an integrity protected auth flavor for SECINFO_NO_NAME. Older servers may not support using the machine cred or an integrity protected auth flavor for SECINFO_NO_NAME in every circumstance, so we fall back to using the user's cred and the filesystem's auth flavor in this case. We run into another problem when running against linux nfs servers - they return NFS4ERR_WRONGSEC when using integrity auth flavor (unless the mount is also that flavor) even though that is not a valid error for SECINFO*. Even though it's against spec, handle WRONGSEC errors on SECINFO_NO_NAME by falling back to using the user cred and the filesystem's auth flavor. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFS: nfs_compare_super shouldn't check the auth flavour unless 'sec=' was setTrond Myklebust
Also don't worry about obsolete mount flags... Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFSv4: Allow security autonegotiation for submountsTrond Myklebust
In cases where the parent super block was not mounted with a 'sec=' line, allow autonegotiation of security for the submounts. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFSv4: Disallow security negotiation for lookups when 'sec=' is specifiedTrond Myklebust
Ensure that nfs4_proc_lookup_common respects the NFS_MOUNT_SECFLAVOUR flag. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFSv4: Fix security auto-negotiationTrond Myklebust
NFSv4 security auto-negotiation has been broken since commit 4580a92d44e2b21c2254fa5fef0f1bfb43c82318 (NFS: Use server-recommended security flavor by default (NFSv3)) because nfs4_try_mount() will automatically select AUTH_SYS if it sees no auth flavours. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Chuck Lever <chuck.lever@oracle.com>
2013-09-07NFS: Clean up nfs_parse_security_flavors()Trond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFS: Clean up the auth flavour array messTrond Myklebust
What is the point of having a 'auth_flavor_len' field, if it is always set to 1, and can't be used to determine if the user has selected an auth flavour? This cleanup goes back to using auth_flavor_len for its original intended purpose, and gets rid of the ad-hoc replacements. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-06NFSv4.1 Use MDS auth flavor for data server connectionAndy Adamson
Commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible" uses the nfs_client cl_rpcclient for all state management operations, and will use krb5i or auth_sys with no regard to the mount command authflavor choice. The MDS, as any NFSv4.1 mount point, uses the nfs_server rpc client for all non-state management operations with a different nfs_server for each fsid encountered traversing the mount point, each with a potentially different auth flavor. pNFS data servers are not mounted in the normal sense as there is no associated nfs_server structure. Data servers can also export multiple fsids, each with a potentially different auth flavor. Data servers need to use the same authflavor as the MDS server rpc client for non-state management operations. Populate a list of rpc clients with the MDS server rpc client auth flavor for the DS to use. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-06NFS: Don't check lock owner compatability unless file is locked (part 2)Trond Myklebust
When coalescing requests into a single READ or WRITE RPC call, and there is no file locking involved, we don't have to refuse coalescing for requests where the lock owner information doesn't match. Reported-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05NFS: Don't check lock owner compatibility in writes unless file is lockedTrond Myklebust
If we're doing buffered writes, and there is no file locking involved, then we don't have to worry about whether or not the lock owner information is identical. By relaxing this check, we ensure that fork()ed child processes can write to a page without having to first sync dirty data that was written by the parent to disk. Reported-by: Quentin Barnes <qbarnes@gmail.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Tested-by: Quentin Barnes <qbarnes@gmail.com>
2013-09-05nfs4: Map NFS4ERR_WRONG_CRED to EPERMWeston Andros Adamson
Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05nfs4.1: Add SP4_MACH_CRED write and commit supportWeston Andros Adamson
WRITE and COMMIT can use the machine credential. If WRITE is supported and COMMIT is not, make all (mach cred) writes FILE_SYNC4. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05nfs4.1: Add SP4_MACH_CRED stateid supportWeston Andros Adamson
TEST_STATEID and FREE_STATEID can use the machine credential. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05nfs4.1: Add SP4_MACH_CRED secinfo supportWeston Andros Adamson
SECINFO and SECINFO_NONAME can use the machine credential. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05nfs4.1: Add SP4_MACH_CRED cleanup supportWeston Andros Adamson
CLOSE and LOCKU can use the machine credential. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05nfs4.1: Add state protection handlerWeston Andros Adamson
Add nfs4_state_protect - the function responsible for switching to the machine credential and the correct rpc client when SP4_MACH_CRED is in use. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05nfs4.1: Minimal SP4_MACH_CRED implementationWeston Andros Adamson
This is a minimal client side implementation of SP4_MACH_CRED. It will attempt to negotiate SP4_MACH_CRED iff the EXCHANGE_ID is using krb5i or krb5p auth. SP4_MACH_CRED will be used if the server supports the minimal operations: BIND_CONN_TO_SESSION EXCHANGE_ID CREATE_SESSION DESTROY_SESSION DESTROY_CLIENTID This patch only includes the EXCHANGE_ID negotiation code because the client will already use the machine cred for these operations. If the server doesn't support SP4_MACH_CRED or doesn't support the minimal operations, the exchange id will be resent with SP4_NONE. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05SUNRPC: Replace pointer values with task->tk_pid and rpc_clnt->cl_clidTrond Myklebust
Instead of the pointer values, use the task and client identifier values for tracing purposes. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-05SUNRPC: Add an identifier for struct rpc_clntTrond Myklebust
Add an identifier in order to aid debugging. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-04SUNRPC: Ensure rpc_task->tk_pid is available for tracepointsTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-04NFSv4: Document the recover_lost_locks kernel parameterTrond Myklebust
Rename the new 'recover_locks' kernel parameter to 'recover_lost_locks' and change the default to 'false'. Document why in Documentation/kernel-parameters.txt Move the 'recover_lost_locks' kernel parameter to fs/nfs/super.c to make it easy to backport to kernels prior to 3.6.x, which don't have a separate NFSv4 module. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-04NFSv4: Don't try to recover NFSv4 locks when they are lost.NeilBrown
When an NFSv4 client loses contact with the server it can lose any locks that it holds. Currently when it reconnects to the server it simply tries to reclaim those locks. This might succeed even though some other client has held and released a lock in the mean time. So the first client might think the file is unchanged, but it isn't. This isn't good. If, when recovery happens, the locks cannot be claimed because some other client still holds the lock, then we get a message in the kernel logs, but the client can still write. So two clients can both think they have a lock and can both write at the same time. This is equally not good. There was a patch a while ago http://comments.gmane.org/gmane.linux.nfs/41917 which tried to address some of this, but it didn't seem to go anywhere. That patch would also send a signal to the process. That might be useful but for now this patch just causes writes to fail. For NFSv4 (unlike v2/v3) there is a strong link between the lock and the write request so we can fairly easily fail any IO of the lock is gone. While some applications might not expect this, it is still safer than allowing the write to succeed. Because this is a fairly big change in behaviour a module parameter, "recover_locks", is introduced which defaults to true (the current behaviour) but can be set to "false" to tell the client not to try to recover things that were lost. Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-04SUNRPC: Add tracepoints to help debug socket connection issuesTrond Myklebust
Add client side debugging to help trace socket connection/disconnection and unexpected state change issues. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-04NFS: Fix warning introduced by NFSv4.0 transport blocking patchesChuck Lever
When CONFIG_NFS_V4_1 is not enabled, gcc emits this warning: linux/fs/nfs/nfs4state.c:255:12: warning: ‘nfs4_begin_drain_session’ defined but not used [-Wunused-function] static int nfs4_begin_drain_session(struct nfs_client *clp) ^ Eventually NFSv4.0 migration recovery will invoke this function, but that has not yet been merged. Hide nfs4_begin_drain_session() behind CONFIG_NFS_V4_1 for now. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-04When CONFIG_NFS_V4_1 is not enabled, "make C=2" emits this warning:Chuck Lever
linux/fs/nfs/nfs4session.c:337:6: warning: symbol 'nfs41_set_target_slotid' was not declared. Should it be static? Move nfs41_set_target_slotid() and nfs41_update_target_slotid() back behind CONFIG_NFS_V4_1, since, in the final revision of this work, they are used only in NFSv4.1 and later. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Update session draining barriers for NFSv4.0 transport blockingChuck Lever
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Add nfs4_sequence calls for OPEN_CONFIRMChuck Lever
Ensure OPEN_CONFIRM is not emitted while the transport is plugged. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Add nfs4_sequence calls for RELEASE_LOCKOWNERChuck Lever
Ensure RELEASE_LOCKOWNER is not emitted while the transport is plugged. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Enable nfs4_setup_sequence() for DELEGRETURNChuck Lever
When CONFIG_NFS_V4_1 is disabled, the calls to nfs4_setup_sequence() and nfs4_sequence_done() are compiled out for the DELEGRETURN operation. To allow NFSv4.0 transport blocking to work for DELEGRETURN, these call sites have to be present all the time. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: NFSv4.0 transport blockingChuck Lever
Plumb in a mechanism for plugging an NFSv4.0 mount, using the same infrastructure as NFSv4.1 sessions. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Add a slot table to struct nfs_client for NFSv4.0 transport blockingChuck Lever
Anchor an nfs4_slot_table in the nfs_client for use with NFSv4.0 transport blocking. It is initialized only for NFSv4.0 nfs_client's. Introduce appropriate minor version ops to handle nfs_client initialization and shutdown requirements that differ for each minor version. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Add global helper for releasing slot table resourcesChuck Lever
The nfs4_destroy_slot_tables() function is renamed to avoid confusion with the new helper. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Add global helper to set up a stand-along nfs4_slot_tableChuck Lever
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Enable slot table helpers for NFSv4.0Chuck Lever
I'd like to re-use NFSv4.1's slot table machinery for NFSv4.0 transport blocking. Re-organize some of nfs4session.c so the slot table code is built even when NFS_V4_1 is disabled. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Remove unused call_sync minor version opChuck Lever
Clean up. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Add RPC callouts to start NFSv4.0 synchronous requestsChuck Lever
Refactor nfs4_call_sync_sequence() so it is used for NFSv4.0 now. The RPC callouts will house transport blocking logic similar to NFSv4.1 sessions. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Common versions of sequence helper functionsChuck Lever
NFSv4.0 will have need for this functionality when I add the ability to block NFSv4.0 traffic before migration recovery. I'm not really clear on why nfs4_set_sequence_privileged() gets a generic name, but nfs41_init_sequence() gets a minor version-specific name. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Clean up nfs4_setup_sequence()Chuck Lever
Clean up: Both the NFSv4.0 and NFSv4.1 version of nfs4_setup_sequence() are used only in fs/nfs/nfs4proc.c. No need to keep global header declarations for either version. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Rename nfs41_call_sync_data as a common data structureChuck Lever
Clean up: rename nfs41_call_sync_data for use as a data structure common to all NFSv4 minor versions. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: When displaying session slot numbers, use "%u" consistentlyChuck Lever
Clean up, since slot and sequence numbers are all unsigned anyway. Among other things, squelch compiler warnings: linux/fs/nfs/nfs4proc.c: In function ‘nfs4_setup_sequence’: linux/fs/nfs/nfs4proc.c:703:2: warning: signed and unsigned type in conditional expression [-Wsign-compare] and linux/fs/nfs/nfs4session.c: In function ‘nfs4_alloc_slot’: linux/fs/nfs/nfs4session.c:151:31: warning: signed and unsigned type in conditional expression [-Wsign-compare] Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFS: Ensure that rmdir() waits for sillyrenames to completeTrond Myklebust
If an NFS client does mkdir("dir"); fd = open("dir/file"); unlink("dir/file"); close(fd); rmdir("dir"); then the asynchronous nature of the sillyrename operation means that we can end up getting EBUSY for the rmdir() in the above test. Fix that by ensuring that we wait for any in-progress sillyrenames before sending the rmdir() to the server. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03NFSv4: use the mach cred for SECINFO w/ integrityWeston Andros Adamson
Commit 5ec16a8500d339b0e7a0cc76b785d18daad354d4 introduced a regression that causes SECINFO to fail without actualy sending an RPC if: 1) the nfs_client's rpc_client was using KRB5i/p (now tried by default) 2) the current user doesn't have valid kerberos credentials This situation is quite common - as of now a sec=sys mount would use krb5i for the nfs_client's rpc_client and a user would hardly be faulted for not having run kinit. The solution is to use the machine cred when trying to use an integrity protected auth flavor for SECINFO. Older servers may not support using the machine cred or an integrity protected auth flavor for SECINFO in every circumstance, so we fall back to using the user's cred and the filesystem's auth flavor in this case. We run into another problem when running against linux nfs servers - they return NFS4ERR_WRONGSEC when using integrity auth flavor (unless the mount is also that flavor) even though that is not a valid error for SECINFO*. Even though it's against spec, handle WRONGSEC errors on SECINFO by falling back to using the user cred and the filesystem's auth flavor. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03SUNRPC refactor rpcauth_checkverf error returnsAndy Adamson
Most of the time an error from the credops crvalidate function means the server has sent us a garbage verifier. The gss_validate function is the exception where there is an -EACCES case if the user GSS_context on the client has expired. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>