Merge tag 'nfs-for-3.10-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes and cleanups from Trond Myklebust:

 - NLM: stable fix for NFSv2/v3 blocking locks

 - NFSv4.x: stable fixes for the delegation recall error handling code

 - NFSv4.x: Security flavour negotiation fixes and cleanups by Chuck
   Lever

 - SUNRPC: A number of RPCSEC_GSS fixes and cleanups also from Chuck

 - NFSv4.x assorted state management and reboot recovery bugfixes

 - NFSv4.1: In cases where we have already looked up a file, and hold a
   valid filehandle, use the new open-by-filehandle operation instead of
   opening by name.

 - Allow the NFSv4.1 callback thread to freeze

 - NFSv4.x: ensure that file unlock waits for readahead to complete

 - NFSv4.1: ensure that the RPC layer doesn't override the NFS session
   table size negotiation by limiting the number of slots.

 - NFSv4.x: Fix SETATTR spec compatibility issues

* tag 'nfs-for-3.10-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (67 commits)
  NFSv4: Warn once about servers that incorrectly apply open mode to setattr
  NFSv4: Servers should only check SETATTR stateid open mode on size change
  NFSv4: Don't recheck permissions on open in case of recovery cached open
  NFSv4.1: Don't do a delegated open for NFS4_OPEN_CLAIM_DELEG_CUR_FH modes
  NFSv4.1: Use the more efficient open_noattr call for open-by-filehandle
  NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE
  NFSv4: Ensure that we clear the NFS_OPEN_STATE flag when appropriate
  LOCKD: Ensure that nlmclnt_block resets block->b_status after a server reboot
  NFSv4: Ensure the LOCK call cannot use the delegation stateid
  NFSv4: Use the open stateid if the delegation has the wrong mode
  nfs: Send atime and mtime as a 64bit value
  NFSv4: Record the OPEN create mode used in the nfs4_opendata structure
  NFSv4.1: Set the RPC_CLNT_CREATE_INFINITE_SLOTS flag for NFSv4.1 transports
  SUNRPC: Allow rpc_create() to request that TCP slots be unlimited
  SUNRPC: Fix a livelock problem in the xprt->backlog queue
  NFSv4: Fix handling of revoked delegations by setattr
  NFSv4 release the sequence id in the return on close case
  nfs: remove unnecessary check for NULL inode->i_flock from nfs_delegation_claim_locks
  NFS: Ensure that NFS file unlock waits for readahead to complete
  NFS: Add functionality to allow waiting on all outstanding reads to complete
  ...

1 files changed, 42 insertions, 38 deletions

diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 2f8a29db0f1b..eb494f6a4c6b 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -920,7 +920,7 @@ static struct nfs_parsed_mount_data *nfs_alloc_parsed_mount_data(void)
                 data->mount_server.port = NFS_UNSPEC_PORT;
                 data->nfs_server.port   = NFS_UNSPEC_PORT;
                 data->nfs_server.protocol = XPRT_TRANSPORT_TCP;
-                data->auth_flavors[0]   = RPC_AUTH_UNIX;
+                data->auth_flavors[0]   = RPC_AUTH_MAXFLAVOR;
                 data->auth_flavor_len   = 1;
                 data->minorversion      = 0;
                 data->need_mount        = true;
@@ -1608,49 +1608,57 @@ out_security_failure:
 }
 
 /*
- * Match the requested auth flavors with the list returned by
- * the server.  Returns zero and sets the mount's authentication
- * flavor on success; returns -EACCES if server does not support
- * the requested flavor.
+ * Select a security flavor for this mount.  The selected flavor
+ * is planted in args->auth_flavors[0].
  */
-static int nfs_walk_authlist(struct nfs_parsed_mount_data *args,
-                             struct nfs_mount_request *request)
+static void nfs_select_flavor(struct nfs_parsed_mount_data *args,
+                              struct nfs_mount_request *request)
 {
-        unsigned int i, j, server_authlist_len = *(request->auth_flav_len);
+        unsigned int i, count = *(request->auth_flav_len);
+        rpc_authflavor_t flavor;
+
+        if (args->auth_flavors[0] != RPC_AUTH_MAXFLAVOR)
+                goto out;
+
+        /*
+         * The NFSv2 MNT operation does not return a flavor list.
+         */
+        if (args->mount_server.version != NFS_MNT3_VERSION)
+                goto out_default;
 
         /*
          * Certain releases of Linux's mountd return an empty
-         * flavor list.  To prevent behavioral regression with
-         * these servers (ie. rejecting mounts that used to
-         * succeed), revert to pre-2.6.32 behavior (no checking)
-         * if the returned flavor list is empty.
+         * flavor list in some cases.
          */
-        if (server_authlist_len == 0)
-                return 0;
+        if (count == 0)
+                goto out_default;
 
         /*
-         * We avoid sophisticated negotiating here, as there are
-         * plenty of cases where we can get it wrong, providing
-         * either too little or too much security.
-         *
          * RFC 2623, section 2.7 suggests we SHOULD prefer the
          * flavor listed first.  However, some servers list
-         * AUTH_NULL first.  Our caller plants AUTH_SYS, the
-         * preferred default, in args->auth_flavors[0] if user
-         * didn't specify sec= mount option.
+         * AUTH_NULL first.  Avoid ever choosing AUTH_NULL.
          */
-        for (i = 0; i < args->auth_flavor_len; i++)
-                for (j = 0; j < server_authlist_len; j++)
-                        if (args->auth_flavors[i] == request->auth_flavs[j]) {
-                                dfprintk(MOUNT, "NFS: using auth flavor %d\n",
-                                        request->auth_flavs[j]);
-                                args->auth_flavors[0] = request->auth_flavs[j];
-                                return 0;
-                        }
+        for (i = 0; i < count; i++) {
+                struct rpcsec_gss_info info;
+
+                flavor = request->auth_flavs[i];
+                switch (flavor) {
+                case RPC_AUTH_UNIX:
+                        goto out_set;
+                case RPC_AUTH_NULL:
+                        continue;
+                default:
+                        if (rpcauth_get_gssinfo(flavor, &info) == 0)
+                                goto out_set;
+                }
+        }
 
-        dfprintk(MOUNT, "NFS: server does not support requested auth flavor\n");
-        nfs_umount(request);
-        return -EACCES;
+out_default:
+        flavor = RPC_AUTH_UNIX;
+out_set:
+        args->auth_flavors[0] = flavor;
+out:
+        dfprintk(MOUNT, "NFS: using auth flavor %d\n", args->auth_flavors[0]);
 }
 
 /*
@@ -1713,12 +1721,8 @@ static int nfs_request_mount(struct nfs_parsed_mount_data *args,
                 return status;
         }
 
-        /*
-         * MNTv1 (NFSv2) does not support auth flavor negotiation.
-         */
-        if (args->mount_server.version != NFS_MNT3_VERSION)
-                return 0;
-        return nfs_walk_authlist(args, &request);
+        nfs_select_flavor(args, &request);
+        return 0;
 }
 
 struct dentry *nfs_try_mount(int flags, const char *dev_name,