From patchwork Mon Jul 1 02:53:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 13717521 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 847A73D62 for ; Mon, 1 Jul 2024 02:58:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802720; cv=none; b=huoJ1sA9sH4yDvDcSxxN5EDohNS+GGpm30+Ej52PWP1GmTXWLB2DjU+bF+L3IzU9AS43jioYdO3eRT/ktZJW/feT0LdEqmGaMIQY6OAH3URUmaf70Rm5IBDzrmTshT9ku2xz0W5bPDm8G+uuKKRnZRKRW/WqUrxBJBLVc5gZA98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802720; c=relaxed/simple; bh=Xigck+beaN2LxcN152rBeHGnVsPrm3z629foUUDx+TE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aif1PFcGdZ25PeI7hX5h6dxz7x4n7Uw5MIoSd7IU7o6pv1FyWFTyP3d+/Uo7lIEMOQYPogJQhzDJ/d9FRw/fJDckPEGMPYERTLPLw91vihNXK/SbT6cbbNBPGA0UEGbjqSDfuJKfiUBwGIg0KX34oHPJUdXYEfSViX2m59dxdRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=qHG2AzRE; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=sOfrKwUc; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=qHG2AzRE; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=sOfrKwUc; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="qHG2AzRE"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="sOfrKwUc"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="qHG2AzRE"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="sOfrKwUc" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id A397A219EE; Mon, 1 Jul 2024 02:58:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802716; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r220mdYJD8If/YQdr3hK/O1Vx+zA62ZvysNxIUJT+lA=; b=qHG2AzREJwuMcLJzxOEcL/WJgskPhaeY4s5KcnyGCyO4A8iaCC+HRPJMEyI8Izgawvi1/v 0hEOstZBd6/UHZK9HZohNhrCVkx0t2HPfksxCSLnhJPCOvS4XuwjkI7m9AUqD6tgmohN1A mJeGyp1gvEb/F+WnMB2xOfNI8LUq5B8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802716; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r220mdYJD8If/YQdr3hK/O1Vx+zA62ZvysNxIUJT+lA=; b=sOfrKwUcPO6iagWRH+uScey9C1VvrlLn6gD5TV8xbzS/MWrF9HVSwvz4XGpmPbtHojgbKD gFp4Shy4YXpzKsCQ== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=qHG2AzRE; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=sOfrKwUc DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802716; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r220mdYJD8If/YQdr3hK/O1Vx+zA62ZvysNxIUJT+lA=; b=qHG2AzREJwuMcLJzxOEcL/WJgskPhaeY4s5KcnyGCyO4A8iaCC+HRPJMEyI8Izgawvi1/v 0hEOstZBd6/UHZK9HZohNhrCVkx0t2HPfksxCSLnhJPCOvS4XuwjkI7m9AUqD6tgmohN1A mJeGyp1gvEb/F+WnMB2xOfNI8LUq5B8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802716; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r220mdYJD8If/YQdr3hK/O1Vx+zA62ZvysNxIUJT+lA=; b=sOfrKwUcPO6iagWRH+uScey9C1VvrlLn6gD5TV8xbzS/MWrF9HVSwvz4XGpmPbtHojgbKD gFp4Shy4YXpzKsCQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id A0EA41340C; Mon, 1 Jul 2024 02:58:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id qI0HEVkbgmbULgAAD6G6ig (envelope-from ); Mon, 01 Jul 2024 02:58:33 +0000 From: NeilBrown To: Chuck Lever , Jeff Layton Cc: linux-nfs@vger.kernel.org, Olga Kornievskaia , Dai Ngo , Tom Talpey , Mike Snitzer Subject: [PATCH 1/6] nfsd: introduce __fh_verify which takes explicit nfsd_net arg Date: Mon, 1 Jul 2024 12:53:16 +1000 Message-ID: <20240701025802.22985-2-neilb@suse.de> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240701025802.22985-1-neilb@suse.de> References: <20240701025802.22985-1-neilb@suse.de> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spamd-Result: default: False [-5.01 / 50.00]; BAYES_HAM(-3.00)[100.00%]; DWL_DNSWL_MED(-2.00)[suse.de:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_SEVEN(0.00)[7]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:dkim]; FUZZY_BLOCKED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Action: no action X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Queue-Id: A397A219EE X-Spam-Flag: NO X-Spam-Score: -5.01 X-Spam-Level: This is a step towards having an interface like fh_verify() which doesn't require a struct svc_rqst *, but instead takes the specific parts of that which are actually needed. This first step allows the 'struct nfsd_net *' to be passed in separately. __fh_verify() does not use SVC_NET(), nor does its callers. Signed-off-by: NeilBrown --- fs/nfsd/export.c | 12 ++++++++---- fs/nfsd/export.h | 4 +++- fs/nfsd/nfs4proc.c | 2 +- fs/nfsd/nfsfh.c | 20 ++++++++++++++------ 4 files changed, 26 insertions(+), 12 deletions(-) diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 50b3135d07ac..a35f06b610d0 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -1165,11 +1165,15 @@ rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path) } struct svc_export * -rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv) +rqst_exp_find(struct svc_rqst *rqstp, struct nfsd_net *nn, + int fsid_type, u32 *fsidv) { struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); - struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); - struct cache_detail *cd = nn->svc_export_cache; + struct cache_detail *cd; + + if (!nn) + nn = net_generic(SVC_NET(rqstp), nfsd_net_id); + cd = nn->svc_export_cache; if (rqstp->rq_client == NULL) goto gss; @@ -1220,7 +1224,7 @@ struct svc_export *rqst_find_fsidzero_export(struct svc_rqst *rqstp) mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL); - return rqst_exp_find(rqstp, FSID_NUM, fsidv); + return rqst_exp_find(rqstp, NULL, FSID_NUM, fsidv); } /* diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h index ca9dc230ae3d..1a54d388d58d 100644 --- a/fs/nfsd/export.h +++ b/fs/nfsd/export.h @@ -127,6 +127,8 @@ static inline struct svc_export *exp_get(struct svc_export *exp) cache_get(&exp->h); return exp; } -struct svc_export * rqst_exp_find(struct svc_rqst *, int, u32 *); +struct nfsd_net; +struct svc_export * rqst_exp_find(struct svc_rqst *, struct nfsd_net *, + int, u32 *); #endif /* NFSD_EXPORT_H */ diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 2e39cf2e502a..30335cdf9e6c 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2231,7 +2231,7 @@ nfsd4_getdeviceinfo(struct svc_rqst *rqstp, return nfserr_noent; } - exp = rqst_exp_find(rqstp, map->fsid_type, map->fsid); + exp = rqst_exp_find(rqstp, NULL, map->fsid_type, map->fsid); if (IS_ERR(exp)) { dprintk("%s: could not find device id\n", __func__); return nfserr_noent; diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 0b75305fb5f5..e27ed27054ab 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -151,7 +151,8 @@ static inline __be32 check_pseudo_root(struct svc_rqst *rqstp, * dentry. On success, the results are used to set fh_export and * fh_dentry. */ -static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) +static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, + struct svc_fh *fhp) { struct knfsd_fh *fh = &fhp->fh_handle; struct fid *fid = NULL; @@ -195,7 +196,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) data_left -= len; if (data_left < 0) return error; - exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_fsid); + exp = rqst_exp_find(rqstp, nn, fh->fh_fsid_type, fh->fh_fsid); fid = (struct fid *)(fh->fh_fsid + len); error = nfserr_stale; @@ -324,16 +325,16 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) * @access is formed from the NFSD_MAY_* constants defined in * fs/nfsd/vfs.h. */ -__be32 -fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) +static __be32 +__fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, + struct svc_fh *fhp, umode_t type, int access) { - struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); struct svc_export *exp = NULL; struct dentry *dentry; __be32 error; if (!fhp->fh_dentry) { - error = nfsd_set_fh_dentry(rqstp, fhp); + error = nfsd_set_fh_dentry(rqstp, nn, fhp); if (error) goto out; } @@ -400,6 +401,13 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) return error; } +__be32 +fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) +{ + return __fh_verify(rqstp, net_generic(SVC_NET(rqstp), nfsd_net_id), + fhp, type, access); +} + /* * Compose a file handle for an NFS reply. From patchwork Mon Jul 1 02:53:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 13717522 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B7716C13B for ; Mon, 1 Jul 2024 02:58:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802728; cv=none; b=Cp1loOkrft3OAieILrXqvM1no3tdJ7jpqD6KULIvKO2TKGs3IKzt9dNKdJtd/XH3KdnvJDa0Y4Uvr+B4ENor/8fPhy+vBsGxW/yiqcJIDnocLP4HL00IfiNAbefWSGc1oeCe5AikIZxUknPD35eyoXMWjP6VrkaIHcw2nF5ilAs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802728; c=relaxed/simple; bh=Iq29TcalvSOPzqEMMRg8m0Xr7tmY2JCADQp8y/uhISg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aWbAogM8p44wOZmyyWp1KTfX4wYJgysEt4gsmy2Dd9Be0UNdLrW7QwCoZ8x/ztHRqKajQsQ4zwWymd/mFSdNfid6+RWPhkTrfhnukBVOP8QAnq6HssU+bx5LzcNuoX0aRm1KMTcOUAFJBk9PmWBDZpNCogGrySitVsilXZubWzw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=pRUj1yS4; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=JpOV4DW5; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=RqENmGv6; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=HM2idDG1; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="pRUj1yS4"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="JpOV4DW5"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="RqENmGv6"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="HM2idDG1" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id E4B4E219EE; Mon, 1 Jul 2024 02:58:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802724; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rAszePV7xAY9I57K+3A+VwhNSFS3DRP62W975wixz+Y=; b=pRUj1yS4H3R0pWcBo8Npp6Ca7PCtDVQGj3Jo23HbVD8XrwPriNATydFKDiAysTU88nPUVZ PPGfBlCu4vtT4gNW1PjM4rfdzarymCE0EwcFsc4IuX91bHEfHe+FLRTNKIrHJvbKaC7sVP kiHRnQOwlGBJ+nMzaDaYOkhr/ouSW+0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802724; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rAszePV7xAY9I57K+3A+VwhNSFS3DRP62W975wixz+Y=; b=JpOV4DW5OgFUPr/92dxwHyUkbXwSmr0QI/wiiDDMsTWck6D8U3unHcfpdlXAeEfb0ZWO9r iSGbCEyR4X6EWHDQ== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=RqENmGv6; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=HM2idDG1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802723; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rAszePV7xAY9I57K+3A+VwhNSFS3DRP62W975wixz+Y=; b=RqENmGv6/SQITUoIlB+H5wG0MOilz1rp09OlWBvNHT/vv1iscjBDQaEQplAD9nN5K+6fAP zh+DU5dyzNeBA9TEsWXegqfCxsL6XD6dXImq+gm/vQ82TKMeX4K8ophx3S6QqUNsjHwGoN GcVQ9lrI0JR4wVqrsz3WqgNO4uSQjEs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802723; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rAszePV7xAY9I57K+3A+VwhNSFS3DRP62W975wixz+Y=; b=HM2idDG16WGIRotNicOZ5MUDcmWZk/6QFuZ1HYsALXVt6zCax00o4DZVljBkey8mbHJMZQ sYK97wa3weRwpWCA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id E3DF21340C; Mon, 1 Jul 2024 02:58:40 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id i0d/IWAbgmboLgAAD6G6ig (envelope-from ); Mon, 01 Jul 2024 02:58:40 +0000 From: NeilBrown To: Chuck Lever , Jeff Layton Cc: linux-nfs@vger.kernel.org, Olga Kornievskaia , Dai Ngo , Tom Talpey , Mike Snitzer Subject: [PATCH 2/6] nfsd: add cred parameter to __fh_verify() Date: Mon, 1 Jul 2024 12:53:17 +1000 Message-ID: <20240701025802.22985-3-neilb@suse.de> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240701025802.22985-1-neilb@suse.de> References: <20240701025802.22985-1-neilb@suse.de> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Queue-Id: E4B4E219EE X-Spam-Score: -3.01 X-Spam-Level: X-Spam-Flag: NO X-Spamd-Result: default: False [-3.01 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:dkim]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_SEVEN(0.00)[7]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; TO_DN_SOME(0.00)[]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org __fh_verify() now takes a 'cred' parameter and never dereferences rqstp->rq_cred. nfsd_permission(), nfsd_setuser() and nfsexp_flags() only never needed the cred out of rqstp, so we now pass in the cred explicitly and not the rqstp. nfsd_originating_port_ok() is NOT passed a cred despite that it uses one. This function is not useful when rqstp is NULL and a future patch will address that. Signed-off-by: NeilBrown --- fs/nfsd/auth.c | 14 +++++++------- fs/nfsd/auth.h | 2 +- fs/nfsd/export.h | 3 ++- fs/nfsd/nfs4state.c | 3 ++- fs/nfsd/nfsfh.c | 18 +++++++++++------- fs/nfsd/nfsproc.c | 9 +++++---- fs/nfsd/vfs.c | 21 ++++++++++++--------- fs/nfsd/vfs.h | 2 +- 8 files changed, 41 insertions(+), 31 deletions(-) diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index e6beaaf4f170..93e33d1ee891 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -5,26 +5,26 @@ #include "nfsd.h" #include "auth.h" -int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp) +int nfsexp_flags(struct svc_cred *cred, struct svc_export *exp) { struct exp_flavor_info *f; struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; for (f = exp->ex_flavors; f < end; f++) { - if (f->pseudoflavor == rqstp->rq_cred.cr_flavor) + if (f->pseudoflavor == cred->cr_flavor) return f->flags; } return exp->ex_flags; } -int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) +int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) { struct group_info *rqgi; struct group_info *gi; struct cred *new; int i; - int flags = nfsexp_flags(rqstp, exp); + int flags = nfsexp_flags(cred, exp); /* discard any old override before preparing the new set */ revert_creds(get_cred(current_real_cred())); @@ -32,10 +32,10 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) if (!new) return -ENOMEM; - new->fsuid = rqstp->rq_cred.cr_uid; - new->fsgid = rqstp->rq_cred.cr_gid; + new->fsuid = cred->cr_uid; + new->fsgid = cred->cr_gid; - rqgi = rqstp->rq_cred.cr_group_info; + rqgi = cred->cr_group_info; if (flags & NFSEXP_ALLSQUASH) { new->fsuid = exp->ex_anon_uid; diff --git a/fs/nfsd/auth.h b/fs/nfsd/auth.h index dbd66424f600..fc75c5d90be4 100644 --- a/fs/nfsd/auth.h +++ b/fs/nfsd/auth.h @@ -12,6 +12,6 @@ * Set the current process's fsuid/fsgid etc to those of the NFS * client user */ -int nfsd_setuser(struct svc_rqst *, struct svc_export *); +int nfsd_setuser(struct svc_cred *, struct svc_export *); #endif /* LINUX_NFSD_AUTH_H */ diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h index 1a54d388d58d..2dbd15704a86 100644 --- a/fs/nfsd/export.h +++ b/fs/nfsd/export.h @@ -99,7 +99,8 @@ struct svc_expkey { #define EX_NOHIDE(exp) ((exp)->ex_flags & NFSEXP_NOHIDE) #define EX_WGATHER(exp) ((exp)->ex_flags & NFSEXP_GATHERED_WRITES) -int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp); +struct svc_cred; +int nfsexp_flags(struct svc_cred *cred, struct svc_export *exp); __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp); /* diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index a20c2c9d7d45..eadb7d1a7f13 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -6889,7 +6889,8 @@ nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s, nf = nfs4_find_file(s, flags); if (nf) { - status = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, + status = nfsd_permission(&rqstp->rq_cred, + fhp->fh_export, fhp->fh_dentry, acc | NFSD_MAY_OWNER_OVERRIDE); if (status) { nfsd_file_put(nf); diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index e27ed27054ab..760684fa4b50 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -100,9 +100,10 @@ static bool nfsd_originating_port_ok(struct svc_rqst *rqstp, int flags) } static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, + struct svc_cred *cred, struct svc_export *exp) { - int flags = nfsexp_flags(rqstp, exp); + int flags = nfsexp_flags(cred, exp); /* Check if the request originated from a secure port. */ if (!nfsd_originating_port_ok(rqstp, flags)) { @@ -113,7 +114,7 @@ static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, } /* Set user creds for this exportpoint */ - return nfserrno(nfsd_setuser(rqstp, exp)); + return nfserrno(nfsd_setuser(cred, exp)); } static inline __be32 check_pseudo_root(struct svc_rqst *rqstp, @@ -152,6 +153,7 @@ static inline __be32 check_pseudo_root(struct svc_rqst *rqstp, * fh_dentry. */ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, + struct svc_cred *cred, struct svc_fh *fhp) { struct knfsd_fh *fh = &fhp->fh_handle; @@ -230,7 +232,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, put_cred(override_creds(new)); put_cred(new); } else { - error = nfsd_setuser_and_check_port(rqstp, exp); + error = nfsd_setuser_and_check_port(rqstp, cred, exp); if (error) goto out; } @@ -326,7 +328,8 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, * fs/nfsd/vfs.h. */ static __be32 -__fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, +__fh_verify(struct svc_rqst *rqstp, + struct nfsd_net *nn, struct svc_cred *cred, struct svc_fh *fhp, umode_t type, int access) { struct svc_export *exp = NULL; @@ -334,7 +337,7 @@ __fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, __be32 error; if (!fhp->fh_dentry) { - error = nfsd_set_fh_dentry(rqstp, nn, fhp); + error = nfsd_set_fh_dentry(rqstp, nn, cred, fhp); if (error) goto out; } @@ -363,7 +366,7 @@ __fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, if (error) goto out; - error = nfsd_setuser_and_check_port(rqstp, exp); + error = nfsd_setuser_and_check_port(rqstp, cred, exp); if (error) goto out; @@ -393,7 +396,7 @@ __fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, skip_pseudoflavor_check: /* Finally, check access permissions. */ - error = nfsd_permission(rqstp, exp, dentry, access); + error = nfsd_permission(cred, exp, dentry, access); out: trace_nfsd_fh_verify_err(rqstp, fhp, type, access, error); if (error == nfserr_stale) @@ -405,6 +408,7 @@ __be32 fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) { return __fh_verify(rqstp, net_generic(SVC_NET(rqstp), nfsd_net_id), + &rqstp->rq_cred, fhp, type, access); } diff --git a/fs/nfsd/nfsproc.c b/fs/nfsd/nfsproc.c index 36370b957b63..97aab34593ef 100644 --- a/fs/nfsd/nfsproc.c +++ b/fs/nfsd/nfsproc.c @@ -331,10 +331,11 @@ nfsd_proc_create(struct svc_rqst *rqstp) * echo thing > device-special-file-or-pipe * by doing a CREATE with type==0 */ - resp->status = nfsd_permission(rqstp, - newfhp->fh_export, - newfhp->fh_dentry, - NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS); + resp->status = nfsd_permission( + &rqstp->rq_cred, + newfhp->fh_export, + newfhp->fh_dentry, + NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS); if (resp->status && resp->status != nfserr_rofs) goto out_unlock; } diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 29b1f3613800..0862f6ae86a9 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -421,8 +421,9 @@ nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp, if (iap->ia_size < inode->i_size) { __be32 err; - err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, - NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); + err = nfsd_permission(&rqstp->rq_cred, + fhp->fh_export, fhp->fh_dentry, + NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); if (err) return err; } @@ -814,7 +815,8 @@ nfsd_access(struct svc_rqst *rqstp, struct svc_fh *fhp, u32 *access, u32 *suppor sresult |= map->access; - err2 = nfsd_permission(rqstp, export, dentry, map->how); + err2 = nfsd_permission(&rqstp->rq_cred, export, + dentry, map->how); switch (err2) { case nfs_ok: result |= map->access; @@ -1475,7 +1477,8 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, dirp = d_inode(dentry); dchild = dget(resfhp->fh_dentry); - err = nfsd_permission(rqstp, fhp->fh_export, dentry, NFSD_MAY_CREATE); + err = nfsd_permission(&rqstp->rq_cred, fhp->fh_export, dentry, + NFSD_MAY_CREATE); if (err) goto out; @@ -2255,9 +2258,9 @@ nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat, in return err; } -static int exp_rdonly(struct svc_rqst *rqstp, struct svc_export *exp) +static int exp_rdonly(struct svc_cred *cred, struct svc_export *exp) { - return nfsexp_flags(rqstp, exp) & NFSEXP_READONLY; + return nfsexp_flags(cred, exp) & NFSEXP_READONLY; } #ifdef CONFIG_NFSD_V4 @@ -2501,8 +2504,8 @@ nfsd_setxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name, * Check for a user's access permissions to this inode. */ __be32 -nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, - struct dentry *dentry, int acc) +nfsd_permission(struct svc_cred *cred, struct svc_export *exp, + struct dentry *dentry, int acc) { struct inode *inode = d_inode(dentry); int err; @@ -2533,7 +2536,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, */ if (!(acc & NFSD_MAY_LOCAL_ACCESS)) if (acc & (NFSD_MAY_WRITE | NFSD_MAY_SATTR | NFSD_MAY_TRUNC)) { - if (exp_rdonly(rqstp, exp) || + if (exp_rdonly(cred, exp) || __mnt_is_readonly(exp->ex_path.mnt)) return nfserr_rofs; if (/* (acc & NFSD_MAY_WRITE) && */ IS_IMMUTABLE(inode)) diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h index 57cd70062048..1565c1dc28b6 100644 --- a/fs/nfsd/vfs.h +++ b/fs/nfsd/vfs.h @@ -153,7 +153,7 @@ __be32 nfsd_readdir(struct svc_rqst *, struct svc_fh *, __be32 nfsd_statfs(struct svc_rqst *, struct svc_fh *, struct kstatfs *, int access); -__be32 nfsd_permission(struct svc_rqst *, struct svc_export *, +__be32 nfsd_permission(struct svc_cred *, struct svc_export *, struct dentry *, int); void nfsd_filp_close(struct file *fp); From patchwork Mon Jul 1 02:53:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 13717523 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D0CFC13B for ; Mon, 1 Jul 2024 02:58:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802734; cv=none; b=KOdCqnywgBod4nAMg5PZt4PTkm1ErZE/6OMI6eL/B0ODYUxuP8IWwf9GObH+9b3y4oZwGHWDPvKUdn9yrfiZUIPLjKKQEWeRqEdliKup8rWdOmsErm8sEE458fqZe7VO1SypIqxuZLgtIIJoi7bCFcdbRPvMsqkMIvS/HyGelI0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802734; c=relaxed/simple; bh=gC3cEJbR3+CerSgvfDtoUUTR+WrMC1PS/yhihNsVsAw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=m+hCZXJiM+yNd/23wM0rZWiNmh3miF1TxCWS3HHhtZqrlKOWRL1+gZvcXt6OdpScsiEd0Kx5STUuhsZKHl5yEuWTps5skG1vki+9U8YLHET/ywcTS69Tlh2jsfc1RVEsg1eELUAic0SdrIUKeUVQNiIr8yP3df6CibIbpb9AkvU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=KqAZxQSI; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=WBUNPxp5; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=KqAZxQSI; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=WBUNPxp5; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="KqAZxQSI"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="WBUNPxp5"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="KqAZxQSI"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="WBUNPxp5" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 31CB2219EE; Mon, 1 Jul 2024 02:58:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802731; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UB3EqLxC2JRGmIuSY/xwOsawUdTSonpcPqDuEwd0UKA=; b=KqAZxQSIq598QrQDFxr6LfZgFgXg81Nyo61urgx8igZ3cBUUFTnpD8ODI7wW/yRQkJDeTX VkW8XxZGMhyft4UlTXCxqc1ZpLB1CJvfUek8QcOHL+1xYA7FKtc8LF1F+Mnjt/+Y3I4oa1 rtnQVNkvqpfh6CGB13ZKVo5lHiZ4PmY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802731; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UB3EqLxC2JRGmIuSY/xwOsawUdTSonpcPqDuEwd0UKA=; b=WBUNPxp5v4PUlV7nX8VutLG9Nvy0MNfzium/Xi7ljKTFrRIhb3OkPeNEPQMzi6hO83exUU FudfyxxIqGgDOYDw== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=KqAZxQSI; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=WBUNPxp5 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802731; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UB3EqLxC2JRGmIuSY/xwOsawUdTSonpcPqDuEwd0UKA=; b=KqAZxQSIq598QrQDFxr6LfZgFgXg81Nyo61urgx8igZ3cBUUFTnpD8ODI7wW/yRQkJDeTX VkW8XxZGMhyft4UlTXCxqc1ZpLB1CJvfUek8QcOHL+1xYA7FKtc8LF1F+Mnjt/+Y3I4oa1 rtnQVNkvqpfh6CGB13ZKVo5lHiZ4PmY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802731; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UB3EqLxC2JRGmIuSY/xwOsawUdTSonpcPqDuEwd0UKA=; b=WBUNPxp5v4PUlV7nX8VutLG9Nvy0MNfzium/Xi7ljKTFrRIhb3OkPeNEPQMzi6hO83exUU FudfyxxIqGgDOYDw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 2DECB1340C; Mon, 1 Jul 2024 02:58:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id xXuPMGcbgmb2LgAAD6G6ig (envelope-from ); Mon, 01 Jul 2024 02:58:47 +0000 From: NeilBrown To: Chuck Lever , Jeff Layton Cc: linux-nfs@vger.kernel.org, Olga Kornievskaia , Dai Ngo , Tom Talpey , Mike Snitzer Subject: [PATCH 3/6] nfsd: pass nfs_vers explicitly to __fh_verify() Date: Mon, 1 Jul 2024 12:53:18 +1000 Message-ID: <20240701025802.22985-4-neilb@suse.de> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240701025802.22985-1-neilb@suse.de> References: <20240701025802.22985-1-neilb@suse.de> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Rspamd-Queue-Id: 31CB2219EE X-Spam-Score: -3.01 X-Spam-Level: X-Spam-Flag: NO X-Spamd-Result: default: False [-3.01 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:dkim]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_SEVEN(0.00)[7]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; TO_DN_SOME(0.00)[]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org Rather then depending on rqstp->rq_vers to determine nfs version, pass it in explicitly. This removes another dependency on rqstp and ensures the correct version is checked. The rqstp can be for an NLM request and while some code tests that, other code does not. Signed-off-by: NeilBrown --- fs/nfsd/nfsfh.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 760684fa4b50..adc731bb171e 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -62,7 +62,7 @@ static int nfsd_acceptable(void *expv, struct dentry *dentry) * the write call). */ static inline __be32 -nfsd_mode_check(struct svc_rqst *rqstp, struct dentry *dentry, +nfsd_mode_check(int nfs_vers, struct dentry *dentry, umode_t requested) { umode_t mode = d_inode(dentry)->i_mode & S_IFMT; @@ -80,7 +80,7 @@ nfsd_mode_check(struct svc_rqst *rqstp, struct dentry *dentry, * v4 has an error more specific than err_notdir which we should * return in preference to err_notdir: */ - if (rqstp->rq_vers == 4 && mode == S_IFLNK) + if (nfs_vers == 4 && mode == S_IFLNK) return nfserr_symlink; if (requested == S_IFDIR) return nfserr_notdir; @@ -117,8 +117,9 @@ static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, return nfserrno(nfsd_setuser(cred, exp)); } -static inline __be32 check_pseudo_root(struct svc_rqst *rqstp, - struct dentry *dentry, struct svc_export *exp) +static inline __be32 check_pseudo_root(int nfs_vers, + struct dentry *dentry, + struct svc_export *exp) { if (!(exp->ex_flags & NFSEXP_V4ROOT)) return nfs_ok; @@ -128,7 +129,7 @@ static inline __be32 check_pseudo_root(struct svc_rqst *rqstp, * in v4-specific code, in which case v2/v3 clients could bypass * them. */ - if (!nfsd_v4client(rqstp)) + if (nfs_vers != 4) return nfserr_stale; /* * We're exposing only the directories and symlinks that have to be @@ -153,7 +154,7 @@ static inline __be32 check_pseudo_root(struct svc_rqst *rqstp, * fh_dentry. */ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, - struct svc_cred *cred, + struct svc_cred *cred, int nfs_vers, struct svc_fh *fhp) { struct knfsd_fh *fh = &fhp->fh_handle; @@ -166,9 +167,9 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, __be32 error; error = nfserr_stale; - if (rqstp->rq_vers > 2) + if (nfs_vers > 2) error = nfserr_badhandle; - if (rqstp->rq_vers == 4 && fh->fh_size == 0) + if (nfs_vers == 4 && fh->fh_size == 0) return nfserr_nofilehandle; if (fh->fh_version != 1) @@ -241,7 +242,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, * Look up the dentry using the NFS file handle. */ error = nfserr_stale; - if (rqstp->rq_vers > 2) + if (nfs_vers > 2) error = nfserr_badhandle; fileid_type = fh->fh_fileid_type; @@ -281,7 +282,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, fhp->fh_dentry = dentry; fhp->fh_export = exp; - switch (rqstp->rq_vers) { + switch (nfs_vers) { case 4: if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOATOMIC_ATTR) fhp->fh_no_atomic_attr = true; @@ -330,6 +331,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, static __be32 __fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, struct svc_cred *cred, + int nfs_vers, struct svc_fh *fhp, umode_t type, int access) { struct svc_export *exp = NULL; @@ -337,7 +339,7 @@ __fh_verify(struct svc_rqst *rqstp, __be32 error; if (!fhp->fh_dentry) { - error = nfsd_set_fh_dentry(rqstp, nn, cred, fhp); + error = nfsd_set_fh_dentry(rqstp, nn, cred, nfs_vers, fhp); if (error) goto out; } @@ -362,7 +364,7 @@ __fh_verify(struct svc_rqst *rqstp, * (for example, if different id-squashing options are in * effect on the new filesystem). */ - error = check_pseudo_root(rqstp, dentry, exp); + error = check_pseudo_root(nfs_vers, dentry, exp); if (error) goto out; @@ -370,7 +372,7 @@ __fh_verify(struct svc_rqst *rqstp, if (error) goto out; - error = nfsd_mode_check(rqstp, dentry, type); + error = nfsd_mode_check(nfs_vers, dentry, type); if (error) goto out; @@ -407,12 +409,16 @@ __fh_verify(struct svc_rqst *rqstp, __be32 fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) { + int nfs_vers; + if (rqstp->rq_prog == NFS_PROGRAM) + nfs_vers = rqstp->rq_vers; + else /* must be NLM */ + nfs_vers = rqstp->rq_vers == 4 ? 3 : 2; return __fh_verify(rqstp, net_generic(SVC_NET(rqstp), nfsd_net_id), - &rqstp->rq_cred, + &rqstp->rq_cred, nfs_vers, fhp, type, access); } - /* * Compose a file handle for an NFS reply. * From patchwork Mon Jul 1 02:53:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 13717524 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37310C13B for ; Mon, 1 Jul 2024 02:59:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802741; cv=none; b=e/RTCE2kZKi6IHM7ugof7eoiSM2ALwFLrNzjJzsHCTjv8ugbKo0y69NQ/9rt3rGzoYb/O9ghjUuATlVBSch4iFtTqtFCR4Hkb38sV+mYjsmN+ZrpcDBHhTXdbWxmUvUXtUB1jtEoLpJeEKGOpJQIJ4GGTO9p0ebzeRMUPirxdyk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802741; c=relaxed/simple; bh=sVq+VmFQxz+wl6uieob5DFniD7GUvmIfkDDcFLptuSk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YS3V5Q5TxU7ZwYu4w8ir1BH/X2T5UuHojgaLKVqgAnitfp4GBYtQTOOnoFB5xeroQNltW5OShUPws66pWCrgcEtKb17xHJDFE8TMsBM8nbbNHhB3B0OmJi9QJEVRENGbGcbDyXQTAicgqgTj6sWj4jRmVyXaotfziVOdXn1cGQM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=UTen2UhB; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=hnndDoqr; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=UTen2UhB; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=hnndDoqr; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="UTen2UhB"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="hnndDoqr"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="UTen2UhB"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="hnndDoqr" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 5B4231F8BA; Mon, 1 Jul 2024 02:58:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802738; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CiXyL0CKlv7FrBaaCpust98IKTOg02CARB2IBTCcVyw=; b=UTen2UhBSd+iZIhZOfB1cFMbHZ1yHvZ9jziUCvQMpqq3nBBIO9E6t4lhvgWjoBOl5qRO77 tqrIM+Sv69AGOxKEEkfDwz7t2am0AXfX710DS6vKGhz532v0qtFVQM8ujBGhEpwSbQmQQI hCNN+p7f0YsMQVlcH9MB/sgOJAkEy68= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802738; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CiXyL0CKlv7FrBaaCpust98IKTOg02CARB2IBTCcVyw=; b=hnndDoqryFsLx8Op4oUgHMtCMDDf3QJoViDcAiTEEd5Rpz2bbZ71eUiyecby74vQNfkhSo iAcmRQdkcLJVLuAQ== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802738; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CiXyL0CKlv7FrBaaCpust98IKTOg02CARB2IBTCcVyw=; b=UTen2UhBSd+iZIhZOfB1cFMbHZ1yHvZ9jziUCvQMpqq3nBBIO9E6t4lhvgWjoBOl5qRO77 tqrIM+Sv69AGOxKEEkfDwz7t2am0AXfX710DS6vKGhz532v0qtFVQM8ujBGhEpwSbQmQQI hCNN+p7f0YsMQVlcH9MB/sgOJAkEy68= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802738; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CiXyL0CKlv7FrBaaCpust98IKTOg02CARB2IBTCcVyw=; b=hnndDoqryFsLx8Op4oUgHMtCMDDf3QJoViDcAiTEEd5Rpz2bbZ71eUiyecby74vQNfkhSo iAcmRQdkcLJVLuAQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 5ADDF1340C; Mon, 1 Jul 2024 02:58:54 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id GPWWO24bgmYFLwAAD6G6ig (envelope-from ); Mon, 01 Jul 2024 02:58:54 +0000 From: NeilBrown To: Chuck Lever , Jeff Layton Cc: linux-nfs@vger.kernel.org, Olga Kornievskaia , Dai Ngo , Tom Talpey , Mike Snitzer Subject: [PATCH 4/6] nfsd: pass client explicitly to __fh_verify() Date: Mon, 1 Jul 2024 12:53:19 +1000 Message-ID: <20240701025802.22985-5-neilb@suse.de> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240701025802.22985-1-neilb@suse.de> References: <20240701025802.22985-1-neilb@suse.de> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spamd-Result: default: False [-2.80 / 50.00]; BAYES_HAM(-3.00)[100.00%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-0.987]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email]; RCVD_TLS_ALL(0.00)[] X-Spam-Flag: NO X-Spam-Score: -2.80 X-Spam-Level: Rather than using rqstp->rq_client pass the client explicitly to __fh_verify and thence to rqst_exp_find(). If rqst_exp_find is given an explicit client it doesn't try ->rq_gssclient. Signed-off-by: NeilBrown --- fs/nfsd/export.c | 15 ++++++++++----- fs/nfsd/export.h | 2 +- fs/nfsd/nfs4proc.c | 2 +- fs/nfsd/nfsfh.c | 11 ++++++----- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index a35f06b610d0..ccfe8c528bcb 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -1165,21 +1165,26 @@ rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path) } struct svc_export * -rqst_exp_find(struct svc_rqst *rqstp, struct nfsd_net *nn, +rqst_exp_find(struct svc_rqst *rqstp, struct nfsd_net *nn, + struct auth_domain *client, int fsid_type, u32 *fsidv) { struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); struct cache_detail *cd; + bool try_gss = rqstp && !client; if (!nn) nn = net_generic(SVC_NET(rqstp), nfsd_net_id); cd = nn->svc_export_cache; - if (rqstp->rq_client == NULL) + if (!client && rqstp) + client = rqstp->rq_client; + + if (client == NULL) goto gss; /* First try the auth_unix client: */ - exp = exp_find(cd, rqstp->rq_client, fsid_type, + exp = exp_find(cd, client, fsid_type, fsidv, &rqstp->rq_chandle); if (PTR_ERR(exp) == -ENOENT) goto gss; @@ -1190,7 +1195,7 @@ rqst_exp_find(struct svc_rqst *rqstp, struct nfsd_net *nn, return exp; gss: /* Otherwise, try falling back on gss client */ - if (rqstp->rq_gssclient == NULL) + if (!try_gss || rqstp->rq_gssclient == NULL) return exp; gssexp = exp_find(cd, rqstp->rq_gssclient, fsid_type, fsidv, &rqstp->rq_chandle); @@ -1224,7 +1229,7 @@ struct svc_export *rqst_find_fsidzero_export(struct svc_rqst *rqstp) mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL); - return rqst_exp_find(rqstp, NULL, FSID_NUM, fsidv); + return rqst_exp_find(rqstp, NULL, NULL, FSID_NUM, fsidv); } /* diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h index 2dbd15704a86..accad9d231fd 100644 --- a/fs/nfsd/export.h +++ b/fs/nfsd/export.h @@ -130,6 +130,6 @@ static inline struct svc_export *exp_get(struct svc_export *exp) } struct nfsd_net; struct svc_export * rqst_exp_find(struct svc_rqst *, struct nfsd_net *, - int, u32 *); + struct auth_domain *, int, u32 *); #endif /* NFSD_EXPORT_H */ diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 30335cdf9e6c..8430c197c900 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2231,7 +2231,7 @@ nfsd4_getdeviceinfo(struct svc_rqst *rqstp, return nfserr_noent; } - exp = rqst_exp_find(rqstp, NULL, map->fsid_type, map->fsid); + exp = rqst_exp_find(rqstp, NULL, NULL, map->fsid_type, map->fsid); if (IS_ERR(exp)) { dprintk("%s: could not find device id\n", __func__); return nfserr_noent; diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index adc731bb171e..ea3d98c43a9d 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -155,7 +155,7 @@ static inline __be32 check_pseudo_root(int nfs_vers, */ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, struct svc_cred *cred, int nfs_vers, - struct svc_fh *fhp) + struct auth_domain *client, struct svc_fh *fhp) { struct knfsd_fh *fh = &fhp->fh_handle; struct fid *fid = NULL; @@ -199,7 +199,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, data_left -= len; if (data_left < 0) return error; - exp = rqst_exp_find(rqstp, nn, fh->fh_fsid_type, fh->fh_fsid); + exp = rqst_exp_find(rqstp, nn, client, fh->fh_fsid_type, fh->fh_fsid); fid = (struct fid *)(fh->fh_fsid + len); error = nfserr_stale; @@ -331,7 +331,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, static __be32 __fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, struct svc_cred *cred, - int nfs_vers, + int nfs_vers, struct auth_domain *client, struct svc_fh *fhp, umode_t type, int access) { struct svc_export *exp = NULL; @@ -339,7 +339,8 @@ __fh_verify(struct svc_rqst *rqstp, __be32 error; if (!fhp->fh_dentry) { - error = nfsd_set_fh_dentry(rqstp, nn, cred, nfs_vers, fhp); + error = nfsd_set_fh_dentry(rqstp, nn, cred, nfs_vers, client, + fhp); if (error) goto out; } @@ -415,7 +416,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) else /* must be NLM */ nfs_vers = rqstp->rq_vers == 4 ? 3 : 2; return __fh_verify(rqstp, net_generic(SVC_NET(rqstp), nfsd_net_id), - &rqstp->rq_cred, nfs_vers, + &rqstp->rq_cred, nfs_vers, rqstp->rq_client, fhp, type, access); } From patchwork Mon Jul 1 02:53:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 13717525 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAC0FD534 for ; Mon, 1 Jul 2024 02:59:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802748; cv=none; b=UigQoFG1hMPHDHmgHjOXq1Uyl2bCeXVuqf4EPKdsJIt0IQTHLDXlGUUSkP0Il/8MU1vr2YNhZeEEqT+pvyyxLuvIGCgzYxmbuMah3TstzmdzFoEO2CWJYvQSTLlpL7huJjhnm8BrXSnG/5VHBDxqBiTFgwK1FtPxk1aY29Z1DIo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802748; c=relaxed/simple; bh=Y+lyFMUuCk9qEzqKZ3u6uFvEwtM5gjdrJtEW5AsS9Lo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Sp9JRSFIhhJdov9kDcBHtQ5HCboqt1tINEbzrmx8t7+oaKc9z2I9bRpLB0UR4MltTY3/uwSBTUjesrWF2Nn2+UBhsOhKoh80RQZta58xPVULsmEx31UjJJaMJjfPtjdyctzwnlO/W8Aqioy76Q4wnPnbGixSeQjXlCkt1pSVBto= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=iOuNDlXB; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=lQWFcZo9; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=iOuNDlXB; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=lQWFcZo9; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="iOuNDlXB"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="lQWFcZo9"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="iOuNDlXB"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="lQWFcZo9" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 6E3EA1F8BE; Mon, 1 Jul 2024 02:59:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5zu3buywb36GykSG8DupHx41IOIDVysa3ccHKJyWPgk=; b=iOuNDlXB1SV4Ue8wMUUGY4FuR+h4tVFy1NXfaPneVYHmPkn5sWE7TRA4/D9jzaBDDQ62bl O9G873VONLXvL4B/dHzRBvS1dI0tjypuxCmBjDrJsYLpJeDKPXq5a+HFiO6ICSrgi+k1o0 O7X7dLhEvsa6QyDMzAhcw1joM98cFek= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5zu3buywb36GykSG8DupHx41IOIDVysa3ccHKJyWPgk=; b=lQWFcZo9+2UmBRUa30QNl0xtGn7j8e48zuoTJLwOAMwRYpJPXaSK7qJxKfHfMfoQDBhriS u7sxk8q3j/8bhoBA== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5zu3buywb36GykSG8DupHx41IOIDVysa3ccHKJyWPgk=; b=iOuNDlXB1SV4Ue8wMUUGY4FuR+h4tVFy1NXfaPneVYHmPkn5sWE7TRA4/D9jzaBDDQ62bl O9G873VONLXvL4B/dHzRBvS1dI0tjypuxCmBjDrJsYLpJeDKPXq5a+HFiO6ICSrgi+k1o0 O7X7dLhEvsa6QyDMzAhcw1joM98cFek= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802745; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5zu3buywb36GykSG8DupHx41IOIDVysa3ccHKJyWPgk=; b=lQWFcZo9+2UmBRUa30QNl0xtGn7j8e48zuoTJLwOAMwRYpJPXaSK7qJxKfHfMfoQDBhriS u7sxk8q3j/8bhoBA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 789491340C; Mon, 1 Jul 2024 02:59:02 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id otWZB3YbgmYOLwAAD6G6ig (envelope-from ); Mon, 01 Jul 2024 02:59:02 +0000 From: NeilBrown To: Chuck Lever , Jeff Layton Cc: linux-nfs@vger.kernel.org, Olga Kornievskaia , Dai Ngo , Tom Talpey , Mike Snitzer Subject: [PATCH 5/6] nfsd: __fh_verify now treats NULL rqstp as a trusted connection. Date: Mon, 1 Jul 2024 12:53:20 +1000 Message-ID: <20240701025802.22985-6-neilb@suse.de> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240701025802.22985-1-neilb@suse.de> References: <20240701025802.22985-1-neilb@suse.de> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Score: -2.80 X-Spam-Level: X-Spam-Flag: NO X-Spamd-Result: default: False [-2.80 / 50.00]; BAYES_HAM(-3.00)[100.00%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-0.986]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email]; RCVD_TLS_ALL(0.00)[] The final places where __fh_verify unconditionally dereferences rqstp involve checked is the connection is suitably secure. They look at rqstp->rq_xprt which is not meaningful in the target use case of "localio" NFS in which the client talk directly to the local server. So check these to always succeed when rqstp is NULL. With this it is safe tocall __fh_verify with a NULL rqstp providing nn, cred, and client are not NULL. Signed-off-by: NeilBrown --- fs/nfsd/export.c | 12 +++++++++--- fs/nfsd/nfsfh.c | 4 ++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index ccfe8c528bcb..9e3e2380f8ae 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -1077,7 +1077,13 @@ static struct svc_export *exp_find(struct cache_detail *cd, __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp) { struct exp_flavor_info *f, *end = exp->ex_flavors + exp->ex_nflavors; - struct svc_xprt *xprt = rqstp->rq_xprt; + struct svc_xprt *xprt; + + if (!rqstp) + /* Always allow LOCALIO */ + return 0; + + xprt = rqstp->rq_xprt; if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_NONE) { if (!test_bit(XPT_TLS_SESSION, &xprt->xpt_flags)) @@ -1185,7 +1191,7 @@ rqst_exp_find(struct svc_rqst *rqstp, struct nfsd_net *nn, /* First try the auth_unix client: */ exp = exp_find(cd, client, fsid_type, - fsidv, &rqstp->rq_chandle); + fsidv, rqstp ? &rqstp->rq_chandle : NULL); if (PTR_ERR(exp) == -ENOENT) goto gss; if (IS_ERR(exp)) @@ -1198,7 +1204,7 @@ rqst_exp_find(struct svc_rqst *rqstp, struct nfsd_net *nn, if (!try_gss || rqstp->rq_gssclient == NULL) return exp; gssexp = exp_find(cd, rqstp->rq_gssclient, fsid_type, fsidv, - &rqstp->rq_chandle); + rqstp ? &rqstp->rq_chandle : NULL); if (PTR_ERR(gssexp) == -ENOENT) return exp; if (!IS_ERR(exp)) diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index ea3d98c43a9d..fb5a23060a4c 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -106,10 +106,10 @@ static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, int flags = nfsexp_flags(cred, exp); /* Check if the request originated from a secure port. */ - if (!nfsd_originating_port_ok(rqstp, flags)) { + if (rqstp && !nfsd_originating_port_ok(rqstp, flags)) { RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]); dprintk("nfsd: request from insecure port %s!\n", - svc_print_addr(rqstp, buf, sizeof(buf))); + svc_print_addr(rqstp, buf, sizeof(buf))); return nfserr_perm; } From patchwork Mon Jul 1 02:53:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 13717526 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 305D8D535 for ; Mon, 1 Jul 2024 02:59:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802761; cv=none; b=iqSa0wTFSEkv0zSuDmx7xdlr1N/4ASIn6yFrUsIT/3Zk+p+uM7mzol6ZyZkngBar2gS0dyXlMoEWAfQlQ/RuRy2Mfh1FI/LlqBk+4cqEnzMJ+5J5Mlpm1rnMcPWzhsIzlKHMa8plbRU357qyB89N9aZgqOaqAm6Xfj/m+zz9PI8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1719802761; c=relaxed/simple; bh=zxTbQ783C55lnQxkbVp/MJLGQV4nYg4ZzrOeqiknQdE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fp7bTrSjRfmTeGtmU4FHSv8Ay5389Hc2SkQkdKmDWZ+YAI+bRULd8BCFcPFiUQoIaemaXNofQjFZgofGf6WiXx3NWTHm2QLEz5F04h9/pDcs68KfrkrlPJq7kg87k3Foat10UX9abqlJKtQiv3bW9Npb5ZGKH1am6Tfes7swYAg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=yoMpiS+y; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=VwxAmUGm; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=wwbK1edn; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=7k7Uwh8M; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="yoMpiS+y"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="VwxAmUGm"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="wwbK1edn"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="7k7Uwh8M" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 9A11A1F8BB; Mon, 1 Jul 2024 02:59:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802757; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XtKMJ2rEN8YMYT7xxEmsChXBdk4MeiUyLR7ELvMMJl0=; b=yoMpiS+yaQkVzLUV/G+KCWkm+3hO2p5igUcSzcS9STb7mcec+np3yWv/WYhpbaOVbz4C0a r4e79Ak0xN/p40hoxBOQ73Tj5/liYJ17Y0EgC71hpQYStnO21ZoMx5yjONs956Dxqv0WVA x0W//uaRa+S14Fr3zE0nZRh3lib2+OQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802757; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XtKMJ2rEN8YMYT7xxEmsChXBdk4MeiUyLR7ELvMMJl0=; b=VwxAmUGmGFT1yMDav+9Y/n4tIuc/BEA1jbwXlrpyyVh9HCv16/pMvTFLfElITY6/3vnM/y /Hpj6qU6m+AGv3Ag== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719802756; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XtKMJ2rEN8YMYT7xxEmsChXBdk4MeiUyLR7ELvMMJl0=; b=wwbK1ednm1avc5xC1X7/+JPYE6sUgQwh9kH0nzrTx0wIE5a1Ji5fIFaVK6krrkO+OtOgrC 4gzCjUdad9OLH/2SSQJ1ATpT2Q5X04B0XzAE47AE4hTrRm6nsMwOwBFb+lHS/W0LRDst1k RpEmhgzwTWy/vmjOHMDQPgwWhVAPFgY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719802756; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XtKMJ2rEN8YMYT7xxEmsChXBdk4MeiUyLR7ELvMMJl0=; b=7k7Uwh8MBFQOoZ7/pVkV4esTTi7bn/EPN9zIz4xF04cvux7TTTDflFerEaj4NKTX0oozM/ cB50+MM0cBAqEmAg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id A304F1340C; Mon, 1 Jul 2024 02:59:13 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id /HDlEYEbgmYgLwAAD6G6ig (envelope-from ); Mon, 01 Jul 2024 02:59:13 +0000 From: NeilBrown To: Chuck Lever , Jeff Layton Cc: linux-nfs@vger.kernel.org, Olga Kornievskaia , Dai Ngo , Tom Talpey , Mike Snitzer Subject: [PATCH 6/6] nfsd: add nfsd_file_acquire_local(). Date: Mon, 1 Jul 2024 12:53:21 +1000 Message-ID: <20240701025802.22985-7-neilb@suse.de> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240701025802.22985-1-neilb@suse.de> References: <20240701025802.22985-1-neilb@suse.de> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spamd-Result: default: False [-2.80 / 50.00]; BAYES_HAM(-3.00)[100.00%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-0.987]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email]; RCVD_TLS_ALL(0.00)[] X-Spam-Flag: NO X-Spam-Score: -2.80 X-Spam-Level: nfsd_file_acquire_local() can be used to look up a file by filehandle without having a struct rqst. This can be used by NFS LOCALIO to allow the NFS client to by the NFS protocol to directly access a file provided by the NFS server which is running in the same kernel. Signed-off-by: NeilBrown --- fs/nfsd/filecache.c | 54 ++++++++++++++++++++++++++++++++++++++++----- fs/nfsd/filecache.h | 4 ++++ fs/nfsd/nfsfh.c | 2 +- fs/nfsd/nfsfh.h | 5 +++++ 4 files changed, 59 insertions(+), 6 deletions(-) diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index ad9083ca144b..87f965d2574b 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -977,7 +977,10 @@ nfsd_file_is_cached(struct inode *inode) } static __be32 -nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp, +nfsd_file_do_acquire(struct svc_rqst *rqstp, struct nfsd_net *nn, + struct svc_cred *cred, int nfs_vers, + struct auth_domain *client, + struct svc_fh *fhp, unsigned int may_flags, struct file *file, struct nfsd_file **pnf, bool want_gc) { @@ -991,7 +994,7 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp, int ret; retry: - status = fh_verify(rqstp, fhp, S_IFREG, + status = __fh_verify(rqstp, nn, cred, nfs_vers, client, fhp, S_IFREG, may_flags|NFSD_MAY_OWNER_OVERRIDE); if (status != nfs_ok) return status; @@ -1139,7 +1142,8 @@ __be32 nfsd_file_acquire_gc(struct svc_rqst *rqstp, struct svc_fh *fhp, unsigned int may_flags, struct nfsd_file **pnf) { - return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, true); + return nfsd_file_do_acquire(rqstp, NULL, NULL, 0, NULL, + fhp, may_flags, NULL, pnf, true); } /** @@ -1163,7 +1167,46 @@ __be32 nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp, unsigned int may_flags, struct nfsd_file **pnf) { - return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, false); + return nfsd_file_do_acquire(rqstp, NULL, NULL, 0, NULL, fhp, + may_flags, NULL, pnf, false); +} + +/** + * nfsd_file_acquire_local - Get a struct nfsd_file with an open file for localio + * @nn: The nfsd network namespace in which to perform a lookup + * @cred: the user credential with which to validate access + * @nfs_vers: NFS version number to assume for request + * @client: the auth_domain for LOCALIO lookup + * @fhp: the NFS filehandle of the file to be opened + * @may_flags: NFSD_MAY_ settings for the file + * @pnf: OUT: new or found "struct nfsd_file" object + * + * This file lookup interface provide access to a file given the + * filehandle and credential. No connection-based authorisation + * is performed and in that way it is quite different to other + * file access mediated by nfsd. It allows a kernel module such as the NFS + * client to reach across network and filesystem namespaces to access + * a file. The security implications of this should be carefully + * considered before use. + * + * The nfsd_file_object returned by this API is reference-counted + * but not garbage-collected. The object is unhashed after the + * final nfsd_file_put(). + * + * Return values: + * %nfs_ok - @pnf points to an nfsd_file with its reference + * count boosted. + * + * On error, an nfsstat value in network byte order is returned. + */ +__be32 +nfsd_file_acquire_local(struct nfsd_net *nn, struct svc_cred *cred, + int nfs_vers, struct auth_domain *client, + struct svc_fh *fhp, + unsigned int may_flags, struct nfsd_file **pnf) +{ + return nfsd_file_do_acquire(NULL, nn, cred, nfs_vers, client, + fhp, may_flags, NULL, pnf, false); } /** @@ -1189,7 +1232,8 @@ nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp, unsigned int may_flags, struct file *file, struct nfsd_file **pnf) { - return nfsd_file_do_acquire(rqstp, fhp, may_flags, file, pnf, false); + return nfsd_file_do_acquire(rqstp, NULL, NULL, 0, NULL, + fhp, may_flags, file, pnf, false); } /* diff --git a/fs/nfsd/filecache.h b/fs/nfsd/filecache.h index c61884def906..d179dbae98e3 100644 --- a/fs/nfsd/filecache.h +++ b/fs/nfsd/filecache.h @@ -65,5 +65,9 @@ __be32 nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp, __be32 nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp, unsigned int may_flags, struct file *file, struct nfsd_file **nfp); +__be32 nfsd_file_acquire_local(struct nfsd_net *nn, struct svc_cred *cred, + int nfs_vers, struct auth_domain *client, + struct svc_fh *fhp, + unsigned int may_flags, struct nfsd_file **pnf); int nfsd_file_cache_stats_show(struct seq_file *m, void *v); #endif /* _FS_NFSD_FILECACHE_H */ diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index fb5a23060a4c..fa7e358d91ab 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -328,7 +328,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct nfsd_net *nn, * @access is formed from the NFSD_MAY_* constants defined in * fs/nfsd/vfs.h. */ -static __be32 +__be32 __fh_verify(struct svc_rqst *rqstp, struct nfsd_net *nn, struct svc_cred *cred, int nfs_vers, struct auth_domain *client, diff --git a/fs/nfsd/nfsfh.h b/fs/nfsd/nfsfh.h index 6ebdf7ea27bf..a2d9962f1bf8 100644 --- a/fs/nfsd/nfsfh.h +++ b/fs/nfsd/nfsfh.h @@ -214,7 +214,12 @@ extern char * SVCFH_fmt(struct svc_fh *fhp); /* * Function prototypes */ +struct nfsd_net; __be32 fh_verify(struct svc_rqst *, struct svc_fh *, umode_t, int); +__be32 __fh_verify(struct svc_rqst *rqstp, + struct nfsd_net *nn, struct svc_cred *cred, + int nfs_vers, struct auth_domain *client, + struct svc_fh *fhp, umode_t type, int access); __be32 fh_compose(struct svc_fh *, struct svc_export *, struct dentry *, struct svc_fh *); __be32 fh_update(struct svc_fh *); void fh_put(struct svc_fh *);