From patchwork Mon Oct 5 11:02:34 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 7326511 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id C47F39F1D5 for ; Mon, 5 Oct 2015 11:03:41 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id C3926206E9 for ; Mon, 5 Oct 2015 11:03:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1F2BC207BC for ; Mon, 5 Oct 2015 11:03:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751083AbbJELDc (ORCPT ); Mon, 5 Oct 2015 07:03:32 -0400 Received: from mail-qg0-f48.google.com ([209.85.192.48]:33000 "EHLO mail-qg0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751501AbbJELDB (ORCPT ); Mon, 5 Oct 2015 07:03:01 -0400 Received: by qgev79 with SMTP id v79so145482725qge.0 for ; Mon, 05 Oct 2015 04:03:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=02Sl+uZbppvUc2HjszUjzgWIEr+BOvnCfHuCtkzELc0=; b=kMowoPivHQLkN8OChI8OFX5JW9aVTIpfI3Kur8ih3a5LuDQlmC9wlbsGNeJLfEgBZS ax5nJ2XLAEXKMIzaIuNjdTmBBoi1o0K5W8o8mSzZjiSpPhb21h63pkOBAKbWVYTrf2Ut 30MEhvCtkuNQJqpvvL2AxIf2EC4JPWa2TX5Ng6Sf+PQf5RBiWjyO/iqqgNJ92WHmBfDs Fdwe8R5voc5erYDzL9vNS5c4Sz0D3w5FXCEsMPlIMTETU9Ooch5tO0z4I3PEEzsj4c6Q YYMzL2/iTNVSuK+8YWJwYt4X3HWVViYPLhLtggkXk10+gpPgvGNtnwhL0mHRZ+eUfe36 BUjw== X-Gm-Message-State: ALoCoQnBy85sXaIHr0bh+6e/if/621/ntkV/loutnYCyLNuqWrA9dyjQmpd7tg6GHdBirBOUrDQn X-Received: by 10.140.98.54 with SMTP id n51mr38299452qge.75.1444042980266; Mon, 05 Oct 2015 04:03:00 -0700 (PDT) Received: from tlielax.poochiereds.net ([2606:a000:1125:6079::d5a]) by smtp.googlemail.com with ESMTPSA id p39sm4977719qkp.47.2015.10.05.04.02.59 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Oct 2015 04:02:59 -0700 (PDT) From: Jeff Layton X-Google-Original-From: Jeff Layton To: bfields@fieldses.org Cc: linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, Al Viro Subject: [PATCH v5 12/20] nfsd: allow filecache open to skip fh_verify check Date: Mon, 5 Oct 2015 07:02:34 -0400 Message-Id: <1444042962-6947-13-git-send-email-jeff.layton@primarydata.com> X-Mailer: git-send-email 2.4.3 In-Reply-To: <1444042962-6947-1-git-send-email-jeff.layton@primarydata.com> References: <1444042962-6947-1-git-send-email-jeff.layton@primarydata.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Currently, we call fh_verify twice on the filehandle. Once when we call into nfsd_file_acquire, and then again from nfsd_open. The second one is completely superfluous though, and fh_verify can do some things that require a fair bit of work (checking permissions, for instance). Create a new nfsd_open_verified function that will do an nfsd_open on a filehandle that has already been verified. Call that from the filecache code. Signed-off-by: Jeff Layton --- fs/nfsd/filecache.c | 2 +- fs/nfsd/vfs.c | 63 +++++++++++++++++++++++++++++++++++------------------ fs/nfsd/vfs.h | 2 ++ 3 files changed, 45 insertions(+), 22 deletions(-) diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index 932b58a5774f..9944152df415 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -572,7 +572,7 @@ out: return status; open_file: /* FIXME: should we abort opening if the link count goes to 0? */ - status = nfsd_open(rqstp, fhp, S_IFREG, may_flags, &nf->nf_file); + status = nfsd_open_verified(rqstp, fhp, S_IFREG, may_flags, &nf->nf_file); clear_bit_unlock(NFSD_FILE_PENDING, &nf->nf_flags); smp_mb__after_atomic(); wake_up_bit(&nf->nf_flags, NFSD_FILE_PENDING); diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index a144849cec10..cf4a2018d57a 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -640,9 +640,9 @@ nfsd_open_break_lease(struct inode *inode, int access) * and additional flags. * N.B. After this call fhp needs an fh_put */ -__be32 -nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, - int may_flags, struct file **filp) +static __be32 +__nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, + int may_flags, struct file **filp) { struct path path; struct inode *inode; @@ -651,24 +651,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, __be32 err; int host_err = 0; - validate_process_creds(); - - /* - * If we get here, then the client has already done an "open", - * and (hopefully) checked permission - so allow OWNER_OVERRIDE - * in case a chmod has now revoked permission. - * - * Arguably we should also allow the owner override for - * directories, but we never have and it doesn't seem to have - * caused anyone a problem. If we were to change this, note - * also that our filldir callbacks would need a variant of - * lookup_one_len that doesn't check permissions. - */ - if (type == S_IFREG) - may_flags |= NFSD_MAY_OWNER_OVERRIDE; - err = fh_verify(rqstp, fhp, type, may_flags); - if (err) - goto out; + BUG_ON(!fhp->fh_dentry); path.mnt = fhp->fh_export->ex_path.mnt; path.dentry = fhp->fh_dentry; @@ -723,6 +706,44 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, out_nfserr: err = nfserrno(host_err); out: + return err; +} + +__be32 +nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, + int may_flags, struct file **filp) +{ + __be32 err; + + validate_process_creds(); + /* + * If we get here, then the client has already done an "open", + * and (hopefully) checked permission - so allow OWNER_OVERRIDE + * in case a chmod has now revoked permission. + * + * Arguably we should also allow the owner override for + * directories, but we never have and it doesn't seem to have + * caused anyone a problem. If we were to change this, note + * also that our filldir callbacks would need a variant of + * lookup_one_len that doesn't check permissions. + */ + if (type == S_IFREG) + may_flags |= NFSD_MAY_OWNER_OVERRIDE; + err = fh_verify(rqstp, fhp, type, may_flags); + if (!err) + err = __nfsd_open(rqstp, fhp, type, may_flags, filp); + validate_process_creds(); + return err; +} + +__be32 +nfsd_open_verified(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, + int may_flags, struct file **filp) +{ + __be32 err; + + validate_process_creds(); + err = __nfsd_open(rqstp, fhp, type, may_flags, filp); validate_process_creds(); return err; } diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h index a877be59d5dd..b3beb896b08d 100644 --- a/fs/nfsd/vfs.h +++ b/fs/nfsd/vfs.h @@ -72,6 +72,8 @@ __be32 nfsd_commit(struct svc_rqst *, struct svc_fh *, int nfsd_open_break_lease(struct inode *, int); __be32 nfsd_open(struct svc_rqst *, struct svc_fh *, umode_t, int, struct file **); +__be32 nfsd_open_verified(struct svc_rqst *, struct svc_fh *, umode_t, + int, struct file **); struct raparms; __be32 nfsd_splice_read(struct svc_rqst *, struct file *, loff_t, unsigned long *);