From patchwork Tue Apr  9 12:48:51 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miquel van Smoorenburg <mikevs@xs4all.net>
X-Patchwork-Id: 2415311
Return-Path: <linux-nfs-owner@vger.kernel.org>
X-Original-To: patchwork-linux-nfs@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork2.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork2.kernel.org (Postfix) with ESMTP id 7B3EBDF25A
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Tue,  9 Apr 2013 13:00:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S935222Ab3DINAg (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Tue, 9 Apr 2013 09:00:36 -0400
Received: from smtp-vbr8.xs4all.nl ([194.109.24.28]:2075 "EHLO
	smtp-vbr8.xs4all.nl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S935212Ab3DINAf (ORCPT
	<rfc822;linux-nfs@vger.kernel.org>); Tue, 9 Apr 2013 09:00:35 -0400
X-Greylist: delayed 697 seconds by postgrey-1.27 at vger.kernel.org;
	Tue, 09 Apr 2013 09:00:35 EDT
Received: from n2o.xs4all.nl (n2o.xs4all.nl [194.109.0.112])
	by smtp-vbr8.xs4all.nl (8.13.8/8.13.8) with SMTP id r39Cmqul025880;
	Tue, 9 Apr 2013 14:48:54 +0200 (CEST)
	(envelope-from mikevs@xs4all.net)
Received: by n2o.xs4all.nl (sSMTP sendmail emulation);
	Tue, 09 Apr 2013 14:48:51 +0200
Date: Tue, 9 Apr 2013 14:48:51 +0200
From: Miquel van Smoorenburg <mikevs@xs4all.net>
To: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 1/2] "noaccesscheck" mount option
Message-ID: <20130409124851.GA15231@xs4all.net>
References: <20130409124600.GA15201@xs4all.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20130409124600.GA15201@xs4all.net>
X-NCC-RegID: nl.xs4all
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Virus-Scanned: by XS4ALL Virus Scanner
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

1/2: "noaccesscheck" mount option

     If this option is enabled, the nfs client will not send any
     NFS ACCESS calls to the server, except for UID 0. For all other
     uids, access is checked locally using generic_permission().
---
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff -ruN linux-3.9-rc6.orig/include/uapi/linux/nfs_mount.h linux-3.9-rc6/include/uapi/linux/nfs_mount.h
--- linux-3.9-rc6.orig/include/uapi/linux/nfs_mount.h	2013-04-08 05:49:54.000000000 +0200
+++ linux-3.9-rc6/include/uapi/linux/nfs_mount.h	2013-04-08 15:58:38.590470728 +0200
@@ -74,4 +74,6 @@
 #define NFS_MOUNT_LOCAL_FLOCK	0x100000
 #define NFS_MOUNT_LOCAL_FCNTL	0x200000
 
+#define NFS_MOUNT_NOACCESSCHECK	0x400000
+
 #endif
diff -ruN linux-3.9-rc6.orig/fs/nfs/dir.c linux-3.9-rc6/fs/nfs/dir.c
--- linux-3.9-rc6.orig/fs/nfs/dir.c	2013-04-08 05:49:54.000000000 +0200
+++ linux-3.9-rc6/fs/nfs/dir.c	2013-04-08 15:59:04.674471048 +0200
@@ -2165,6 +2165,22 @@
 	struct nfs_access_entry cache;
 	int status;
 
+	if (NFS_SERVER(inode)->flags & NFS_MOUNT_NOACCESSCHECK) {
+		/*
+		 * We could also check
+		 * NFS_SERVER(inode)->client->cl_auth->au_ops->au_flavor
+		 * to see if this is RPC_AUTH_UNIX, which is the only
+		 * auth flavor where this makes sense, but that's way
+		 * too much pointer chasing.
+		 */
+		if (cred->cr_uid != 0) {
+			status = nfs_revalidate_inode(NFS_SERVER(inode), inode);
+			if (status == 0)
+				status = generic_permission(inode, mask);
+			return status;
+		}
+	}
+
 	status = nfs_access_get_cached(inode, cred, &cache);
 	if (status == 0)
 		goto out;
diff -ruN linux-3.9-rc6.orig/fs/nfs/super.c linux-3.9-rc6/fs/nfs/super.c
--- linux-3.9-rc6.orig/fs/nfs/super.c	2013-04-08 05:49:54.000000000 +0200
+++ linux-3.9-rc6/fs/nfs/super.c	2013-04-08 15:59:04.678470794 +0200
@@ -91,6 +91,7 @@
 	Opt_resvport, Opt_noresvport,
 	Opt_fscache, Opt_nofscache,
 	Opt_migration, Opt_nomigration,
+	Opt_accesscheck, Opt_noaccesscheck,
 
 	/* Mount options that take integer arguments */
 	Opt_port,
@@ -152,6 +153,8 @@
 	{ Opt_nofscache, "nofsc" },
 	{ Opt_migration, "migration" },
 	{ Opt_nomigration, "nomigration" },
+	{ Opt_accesscheck, "accesscheck" },
+	{ Opt_noaccesscheck, "noaccesscheck" },
 
 	{ Opt_port, "port=%s" },
 	{ Opt_rsize, "rsize=%s" },
@@ -635,6 +638,7 @@
 		{ NFS_MOUNT_NORDIRPLUS, ",nordirplus", "" },
 		{ NFS_MOUNT_UNSHARED, ",nosharecache", "" },
 		{ NFS_MOUNT_NORESVPORT, ",noresvport", "" },
+		{ NFS_MOUNT_NOACCESSCHECK, ",noaccesscheck", "" },
 		{ 0, NULL, NULL }
 	};
 	const struct proc_nfs_info *nfs_infop;
@@ -1261,6 +1265,12 @@
 		case Opt_nomigration:
 			mnt->options &= NFS_OPTION_MIGRATION;
 			break;
+		case Opt_accesscheck:
+			mnt->flags &= ~NFS_MOUNT_NOACCESSCHECK;
+			break;
+		case Opt_noaccesscheck:
+			mnt->flags |= NFS_MOUNT_NOACCESSCHECK;
+			break;
 
 		/*
 		 * options that take numeric values