nfsd: clean up fh_auth usage

Use fh_fsid when reffering to the fsid part of the filehandle. The variable length auth field envisioned in nfsfh wasn't ever implemented. Also clean up some lose ends around this and document the file handle format better. Btw, why do we even export nfsfh.h to userspace? The file handle very much is kernel private, and nothing in nfs-utils include the header either. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
author: Christoph Hellwig <hch@lst.de> 2014-05-07 07:49:44 -0400
committer: J. Bruce Fields <bfields@redhat.com> 2014-05-08 12:43:03 -0400
commit: 5409e46f1bcf960c651f3fff35f2f25e539655cf (patch)
tree: 2ed81c5a35f0adafcf63347b0407c8b6c2ea6156
parent: ecc7455d8eb1860f5aa6b9ad82a9a81f93eb11d1 (diff)
2 files changed, 16 insertions, 36 deletions
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 3c37b160dcad..a337106d6875 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -169,8 +169,8 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
                data_left -= len;
                if (data_left < 0)
                        return error;
-                exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_auth);
+                exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_fsid);
-                fid = (struct fid *)(fh->fh_auth + len);
+                fid = (struct fid *)(fh->fh_fsid + len);
        } else {
                __u32 tfh[2];
                dev_t xdev;
@@ -385,7 +385,7 @@ static void _fh_update(struct svc_fh *fhp, struct svc_export *exp,
 {
        if (dentry != exp->ex_path.dentry) {
                struct fid *fid = (struct fid *)
-                        (fhp->fh_handle.fh_auth + fhp->fh_handle.fh_size/4 - 1);
+                        (fhp->fh_handle.fh_fsid + fhp->fh_handle.fh_size/4 - 1);
                int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
                int subtreecheck = !(exp->ex_flags & NFSEXP_NOSUBTREECHECK);
@@ -513,7 +513,6 @@ fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
         */
        struct inode * inode = dentry->d_inode;
-        __u32 *datap;
        dev_t ex_dev = exp_sb(exp)->s_dev;
        dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n",
@@ -557,17 +556,16 @@ fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
                if (inode)
                        _fh_update_old(dentry, exp, &fhp->fh_handle);
        } else {
-                int len;
+                fhp->fh_handle.fh_size =
+                        key_len(fhp->fh_handle.fh_fsid_type) + 4;
                fhp->fh_handle.fh_auth_type = 0;
-                datap = fhp->fh_handle.fh_auth+0;
-                mk_fsid(fhp->fh_handle.fh_fsid_type, datap, ex_dev,
+                mk_fsid(fhp->fh_handle.fh_fsid_type,
+                        fhp->fh_handle.fh_fsid,
+                        ex_dev,
                        exp->ex_path.dentry->d_inode->i_ino,
                        exp->ex_fsid, exp->ex_uuid);
-                len = key_len(fhp->fh_handle.fh_fsid_type);
-                datap += len/4;
-                fhp->fh_handle.fh_size = 4 + len;
                if (inode)
                        _fh_update(fhp, exp, dentry);
                if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) {
diff --git a/include/uapi/linux/nfsd/nfsfh.h b/include/uapi/linux/nfsd/nfsfh.h
index 616e3b396476..20391235d088 100644
--- a/include/uapi/linux/nfsd/nfsfh.h
+++ b/include/uapi/linux/nfsd/nfsfh.h
@@ -1,13 +1,7 @@
 /*
- * include/linux/nfsd/nfsfh.h
- *
 * This file describes the layout of the file handles as passed
 * over the wire.
 *
- * Earlier versions of knfsd used to sign file handles using keyed MD5
- * or SHA. I've removed this code, because it doesn't give you more
- * security than blocking external access to port 2049 on your firewall.
- *
 * Copyright (C) 1995, 1996, 1997 Olaf Kirch <okir@monad.swb.de>
 */
@@ -37,7 +31,7 @@ struct nfs_fhbase_old {
 };
 /*
- * This is the new flexible, extensible style NFSv2/v3 file handle.
+ * This is the new flexible, extensible style NFSv2/v3/v4 file handle.
 * by Neil Brown <neilb@cse.unsw.edu.au> - March 2000
 *
 * The file handle starts with a sequence of four-byte words.
@@ -47,14 +41,7 @@ struct nfs_fhbase_old {
 *
 * All four-byte values are in host-byte-order.
 *
- * The auth_type field specifies how the filehandle can be authenticated
+ * The auth_type field is deprecated and must be set to 0.
- * This might allow a file to be confirmed to be in a writable part of a
- * filetree without checking the path from it up to the root.
- * Current values:
- *     0  - No authentication.  fb_auth is 0 bytes long
- * Possible future values:
- *     1  - 4 bytes taken from MD5 hash of the remainer of the file handle
- *          prefixed by a secret and with the important export flags.
 *
 * The fsid_type identifies how the filesystem (or export point) is
 *    encoded.
@@ -71,14 +58,9 @@ struct nfs_fhbase_old {
 *     7  - 8 byte inode number and 16 byte uuid
 *
 * The fileid_type identified how the file within the filesystem is encoded.
- * This is (will be) passed to, and set by, the underlying filesystem if it supports
+ *   The values for this field are filesystem specific, exccept that
- * filehandle operations.  The filesystem must not use the value '0' or '0xff' and may
+ *   filesystems must not use the values '0' or '0xff'. 'See enum fid_type'
- * only use the values 1 and 2 as defined below:
+ *   in include/linux/exportfs.h for currently registered values.
- *  Current values:
- *    0   - The root, or export point, of the filesystem.  fb_fileid is 0 bytes.
- *    1   - 32bit inode number, 32 bit generation number.
- *    2   - 32bit inode number, 32 bit generation number, 32 bit parent directory inode number.
- *
 */
 struct nfs_fhbase_new {
        __u8            fb_version;     /* == 1, even => nfs_fhbase_old */
@@ -114,9 +96,9 @@ struct knfsd_fh {
 #define fh_fsid_type            fh_base.fh_new.fb_fsid_type
 #define fh_auth_type            fh_base.fh_new.fb_auth_type
 #define fh_fileid_type          fh_base.fh_new.fb_fileid_type
-#define fh_auth                 fh_base.fh_new.fb_auth
 #define fh_fsid                 fh_base.fh_new.fb_auth
+/* Do not use, provided for userspace compatiblity. */
+#define fh_auth                 fh_base.fh_new.fb_auth
 #endif /* _UAPI_LINUX_NFSD_FH_H */
author	Christoph Hellwig <hch@lst.de>	2014-05-07 07:49:44 -0400
committer	J. Bruce Fields <bfields@redhat.com>	2014-05-08 12:43:03 -0400
commit	5409e46f1bcf960c651f3fff35f2f25e539655cf (patch)
tree	2ed81c5a35f0adafcf63347b0407c8b6c2ea6156
parent	ecc7455d8eb1860f5aa6b9ad82a9a81f93eb11d1 (diff)

diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 3c37b160dcad..a337106d6875 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c
@@ -169,8 +169,8 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst rqstp, struct svc_fh fhp)
169	data_left -= len;	169	data_left -= len;
170	if (data_left < 0)	170	if (data_left < 0)
171	return error;	171	return error;
172	exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_auth);	172	exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_fsid);
173	fid = (struct fid *)(fh->fh_auth + len);	173	fid = (struct fid *)(fh->fh_fsid + len);
174	} else {	174	} else {
175	__u32 tfh[2];	175	__u32 tfh[2];
176	dev_t xdev;	176	dev_t xdev;
@@ -385,7 +385,7 @@ static void _fh_update(struct svc_fh fhp, struct svc_export exp,
385	{	385	{
386	if (dentry != exp->ex_path.dentry) {	386	if (dentry != exp->ex_path.dentry) {
387	struct fid fid = (struct fid )	387	struct fid fid = (struct fid )
388	(fhp->fh_handle.fh_auth + fhp->fh_handle.fh_size/4 - 1);	388	(fhp->fh_handle.fh_fsid + fhp->fh_handle.fh_size/4 - 1);
389	int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;	389	int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
390	int subtreecheck = !(exp->ex_flags & NFSEXP_NOSUBTREECHECK);	390	int subtreecheck = !(exp->ex_flags & NFSEXP_NOSUBTREECHECK);
391		391
@@ -513,7 +513,6 @@ fh_compose(struct svc_fh fhp, struct svc_export exp, struct dentry *dentry,
513	*/	513	*/
514		514
515	struct inode * inode = dentry->d_inode;	515	struct inode * inode = dentry->d_inode;
516	__u32 *datap;
517	dev_t ex_dev = exp_sb(exp)->s_dev;	516	dev_t ex_dev = exp_sb(exp)->s_dev;
518		517
519	dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n",	518	dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n",
@@ -557,17 +556,16 @@ fh_compose(struct svc_fh fhp, struct svc_export exp, struct dentry *dentry,
557	if (inode)	556	if (inode)
558	_fh_update_old(dentry, exp, &fhp->fh_handle);	557	_fh_update_old(dentry, exp, &fhp->fh_handle);
559	} else {	558	} else {
560	int len;	559	fhp->fh_handle.fh_size =
		560	key_len(fhp->fh_handle.fh_fsid_type) + 4;
561	fhp->fh_handle.fh_auth_type = 0;	561	fhp->fh_handle.fh_auth_type = 0;
562	datap = fhp->fh_handle.fh_auth+0;	562
563	mk_fsid(fhp->fh_handle.fh_fsid_type, datap, ex_dev,	563	mk_fsid(fhp->fh_handle.fh_fsid_type,
		564	fhp->fh_handle.fh_fsid,
		565	ex_dev,
564	exp->ex_path.dentry->d_inode->i_ino,	566	exp->ex_path.dentry->d_inode->i_ino,
565	exp->ex_fsid, exp->ex_uuid);	567	exp->ex_fsid, exp->ex_uuid);
566		568
567	len = key_len(fhp->fh_handle.fh_fsid_type);
568	datap += len/4;
569	fhp->fh_handle.fh_size = 4 + len;
570
571	if (inode)	569	if (inode)
572	_fh_update(fhp, exp, dentry);	570	_fh_update(fhp, exp, dentry);
573	if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) {	571	if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) {


diff --git a/include/uapi/linux/nfsd/nfsfh.h b/include/uapi/linux/nfsd/nfsfh.h index 616e3b396476..20391235d088 100644 --- a/include/uapi/linux/nfsd/nfsfh.h +++ b/include/uapi/linux/nfsd/nfsfh.h
@@ -1,13 +1,7 @@
1	/*	1	/*
2	* include/linux/nfsd/nfsfh.h
3	*
4	* This file describes the layout of the file handles as passed	2	* This file describes the layout of the file handles as passed
5	* over the wire.	3	* over the wire.
6	*	4	*
7	* Earlier versions of knfsd used to sign file handles using keyed MD5
8	* or SHA. I've removed this code, because it doesn't give you more
9	* security than blocking external access to port 2049 on your firewall.
10	*
11	* Copyright (C) 1995, 1996, 1997 Olaf Kirch <okir@monad.swb.de>	5	* Copyright (C) 1995, 1996, 1997 Olaf Kirch <okir@monad.swb.de>
12	*/	6	*/
13		7
@@ -37,7 +31,7 @@ struct nfs_fhbase_old {
37	};	31	};
38		32
39	/*	33	/*
40	* This is the new flexible, extensible style NFSv2/v3 file handle.	34	* This is the new flexible, extensible style NFSv2/v3/v4 file handle.
41	* by Neil Brown <neilb@cse.unsw.edu.au> - March 2000	35	* by Neil Brown <neilb@cse.unsw.edu.au> - March 2000
42	*	36	*
43	* The file handle starts with a sequence of four-byte words.	37	* The file handle starts with a sequence of four-byte words.
@@ -47,14 +41,7 @@ struct nfs_fhbase_old {
47	*	41	*
48	* All four-byte values are in host-byte-order.	42	* All four-byte values are in host-byte-order.
49	*	43	*
50	* The auth_type field specifies how the filehandle can be authenticated	44	* The auth_type field is deprecated and must be set to 0.
51	* This might allow a file to be confirmed to be in a writable part of a
52	* filetree without checking the path from it up to the root.
53	* Current values:
54	* 0 - No authentication. fb_auth is 0 bytes long
55	* Possible future values:
56	* 1 - 4 bytes taken from MD5 hash of the remainer of the file handle
57	* prefixed by a secret and with the important export flags.
58	*	45	*
59	* The fsid_type identifies how the filesystem (or export point) is	46	* The fsid_type identifies how the filesystem (or export point) is
60	* encoded.	47	* encoded.
@@ -71,14 +58,9 @@ struct nfs_fhbase_old {
71	* 7 - 8 byte inode number and 16 byte uuid	58	* 7 - 8 byte inode number and 16 byte uuid
72	*	59	*
73	* The fileid_type identified how the file within the filesystem is encoded.	60	* The fileid_type identified how the file within the filesystem is encoded.
74	* This is (will be) passed to, and set by, the underlying filesystem if it supports	61	* The values for this field are filesystem specific, exccept that
75	* filehandle operations. The filesystem must not use the value '0' or '0xff' and may	62	* filesystems must not use the values '0' or '0xff'. 'See enum fid_type'
76	* only use the values 1 and 2 as defined below:	63	* in include/linux/exportfs.h for currently registered values.
77	* Current values:
78	* 0 - The root, or export point, of the filesystem. fb_fileid is 0 bytes.
79	* 1 - 32bit inode number, 32 bit generation number.
80	* 2 - 32bit inode number, 32 bit generation number, 32 bit parent directory inode number.
81	*
82	*/	64	*/
83	struct nfs_fhbase_new {	65	struct nfs_fhbase_new {
84	__u8 fb_version; /* == 1, even => nfs_fhbase_old */	66	__u8 fb_version; /* == 1, even => nfs_fhbase_old */
@@ -114,9 +96,9 @@ struct knfsd_fh {
114	#define fh_fsid_type fh_base.fh_new.fb_fsid_type	96	#define fh_fsid_type fh_base.fh_new.fb_fsid_type
115	#define fh_auth_type fh_base.fh_new.fb_auth_type	97	#define fh_auth_type fh_base.fh_new.fb_auth_type
116	#define fh_fileid_type fh_base.fh_new.fb_fileid_type	98	#define fh_fileid_type fh_base.fh_new.fb_fileid_type
117	#define fh_auth fh_base.fh_new.fb_auth
118	#define fh_fsid fh_base.fh_new.fb_auth	99	#define fh_fsid fh_base.fh_new.fb_auth
119		100
120		101	/* Do not use, provided for userspace compatiblity. */
		102	#define fh_auth fh_base.fh_new.fb_auth
121		103
122	#endif /* _UAPI_LINUX_NFSD_FH_H */	104	#endif /* _UAPI_LINUX_NFSD_FH_H */