Merge branch 'for-3.10' of git://linux-nfs.org/~bfields/linux

Pull nfsd fixes from Bruce Fields: "A couple minor fixes for the (new to 3.10) gss-proxy code. And one regression from user-namespace changes. (XBMC clients were doing something admittedly weird--sending -1 gid's--but something that we used to allow.)" * 'for-3.10' of git://linux-nfs.org/~bfields/linux: svcrpc: fix failures to handle -1 uid's and gid's svcrpc: implement O_NONBLOCK behavior for use-gss-proxy svcauth_gss: fix error code in use_gss_proxy()
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-05-30 20:48:56 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-05-30 20:48:56 -0400
commit: 4203afc3fb0c5dd4ced24ee116f31ec591f7c5c7 (patch)
tree: 18d8932af2c04b249f154b1c85ce8893ccc7fea3 /net/sunrpc
parent: 484b002e28ca328195829ddc06fa9082c8ad41f8 (diff)
parent: afe3c3fd5392b2f0066930abc5dbd3f4b14a0f13 (diff)
2 files changed, 12 insertions, 8 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 871c73c92165..29b4ba93ab3c 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1287,7 +1287,7 @@ static bool use_gss_proxy(struct net *net)
 #ifdef CONFIG_PROC_FS
-static bool set_gss_proxy(struct net *net, int type)
+static int set_gss_proxy(struct net *net, int type)
 {
        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
        int ret = 0;
@@ -1317,10 +1317,12 @@ static inline bool gssp_ready(struct sunrpc_net *sn)
        return false;
 }
-static int wait_for_gss_proxy(struct net *net)
+static int wait_for_gss_proxy(struct net *net, struct file *file)
 {
        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
+        if (file->f_flags & O_NONBLOCK && !gssp_ready(sn))
+                return -EAGAIN;
        return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn));
 }
@@ -1362,7 +1364,7 @@ static ssize_t read_gssp(struct file *file, char __user *buf,
        size_t len;
        int ret;
-        ret = wait_for_gss_proxy(net);
+        ret = wait_for_gss_proxy(net, file);
        if (ret)
                return ret;
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index c3f9e1ef7f53..06bdf5a1082c 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
                goto badcred;
        argv->iov_base = (void*)((__be32*)argv->iov_base + slen);       /* skip machname */
        argv->iov_len -= slen*4;
+        /*
+         * Note: we skip uid_valid()/gid_valid() checks here for
+         * backwards compatibility with clients that use -1 id's.
+         * Instead, -1 uid or gid is later mapped to the
+         * (export-specific) anonymous id by nfsd_setuser.
+         * Supplementary gid's will be left alone.
+         */
        cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
        cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
-        if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid))
-                goto badcred;
        slen = svc_getnl(argv);                 /* gids length */
        if (slen > 16 || (len -= (slen + 2)*4) < 0)
                goto badcred;
@@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
                return SVC_CLOSE;
        for (i = 0; i < slen; i++) {
                kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
-                if (!gid_valid(kgid))
-                        goto badcred;
                GROUP_AT(cred->cr_group_info, i) = kgid;
        }
        if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-05-30 20:48:56 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-05-30 20:48:56 -0400
commit	4203afc3fb0c5dd4ced24ee116f31ec591f7c5c7 (patch)
tree	18d8932af2c04b249f154b1c85ce8893ccc7fea3 /net/sunrpc
parent	484b002e28ca328195829ddc06fa9082c8ad41f8 (diff)
parent	afe3c3fd5392b2f0066930abc5dbd3f4b14a0f13 (diff)

diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 871c73c92165..29b4ba93ab3c 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1287,7 +1287,7 @@ static bool use_gss_proxy(struct net *net)
1287		1287
1288	#ifdef CONFIG_PROC_FS	1288	#ifdef CONFIG_PROC_FS
1289		1289
1290	static bool set_gss_proxy(struct net *net, int type)	1290	static int set_gss_proxy(struct net *net, int type)
1291	{	1291	{
1292	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);	1292	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
1293	int ret = 0;	1293	int ret = 0;
@@ -1317,10 +1317,12 @@ static inline bool gssp_ready(struct sunrpc_net *sn)
1317	return false;	1317	return false;
1318	}	1318	}
1319		1319
1320	static int wait_for_gss_proxy(struct net *net)	1320	static int wait_for_gss_proxy(struct net net, struct file file)
1321	{	1321	{
1322	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);	1322	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
1323		1323
		1324	if (file->f_flags & O_NONBLOCK && !gssp_ready(sn))
		1325	return -EAGAIN;
1324	return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn));	1326	return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn));
1325	}	1327	}
1326		1328
@@ -1362,7 +1364,7 @@ static ssize_t read_gssp(struct file file, char __user buf,
1362	size_t len;	1364	size_t len;
1363	int ret;	1365	int ret;
1364		1366
1365	ret = wait_for_gss_proxy(net);	1367	ret = wait_for_gss_proxy(net, file);
1366	if (ret)	1368	if (ret)
1367	return ret;	1369	return ret;
1368		1370


diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index c3f9e1ef7f53..06bdf5a1082c 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c
@@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst rqstp, __be32 authp)
810	goto badcred;	810	goto badcred;
811	argv->iov_base = (void)((__be32)argv->iov_base + slen); /* skip machname */	811	argv->iov_base = (void)((__be32)argv->iov_base + slen); /* skip machname */
812	argv->iov_len -= slen*4;	812	argv->iov_len -= slen*4;
813		813	/*
		814	* Note: we skip uid_valid()/gid_valid() checks here for
		815	* backwards compatibility with clients that use -1 id's.
		816	* Instead, -1 uid or gid is later mapped to the
		817	* (export-specific) anonymous id by nfsd_setuser.
		818	* Supplementary gid's will be left alone.
		819	*/
814	cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */	820	cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
815	cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */	821	cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
816	if (!uid_valid(cred->cr_uid) \|\| !gid_valid(cred->cr_gid))
817	goto badcred;
818	slen = svc_getnl(argv); /* gids length */	822	slen = svc_getnl(argv); /* gids length */
819	if (slen > 16 \|\| (len -= (slen + 2)*4) < 0)	823	if (slen > 16 \|\| (len -= (slen + 2)*4) < 0)
820	goto badcred;	824	goto badcred;
@@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst rqstp, __be32 authp)
823	return SVC_CLOSE;	827	return SVC_CLOSE;
824	for (i = 0; i < slen; i++) {	828	for (i = 0; i < slen; i++) {
825	kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));	829	kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
826	if (!gid_valid(kgid))
827	goto badcred;
828	GROUP_AT(cred->cr_group_info, i) = kgid;	830	GROUP_AT(cred->cr_group_info, i) = kgid;
829	}	831	}
830	if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) \|\| svc_getu32(argv) != 0) {	832	if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) \|\| svc_getu32(argv) != 0) {