Merge branch 'nfsd-next' of git://linux-nfs.org/~bfields/linux

Pull nfsd changes from Bruce Fields: "This includes miscellaneous bugfixes and cleanup and a performance fix for write-heavy NFSv4 workloads. (The most significant nfsd-relevant change this time is actually in the delegation patches that went through Viro, fixing a long-standing bug that can cause NFSv4 clients to miss updates made by non-nfs users of the filesystem. Those enable some followup nfsd patches which I have queued locally, but those can wait till 3.14)" * 'nfsd-next' of git://linux-nfs.org/~bfields/linux: (24 commits) nfsd: export proper maximum file size to the client nfsd4: improve write performance with better sendspace reservations svcrpc: remove an unnecessary assignment sunrpc: comment typo fix Revert "nfsd: remove_stid can be incorporated into nfs4_put_delegation" nfsd4: fix discarded security labels on setattr NFSD: Add support for NFS v4.2 operation checking nfsd4: nfsd_shutdown_net needs state lock NFSD: Combine decode operations for v4 and v4.1 nfsd: -EINVAL on invalid anonuid/gid instead of silent failure nfsd: return better errors to exportfs nfsd: fh_update should error out in unexpected cases nfsd4: need to destroy revoked delegations in destroy_client nfsd: no need to unhash_stid before free nfsd: remove_stid can be incorporated into nfs4_put_delegation nfsd: nfs4_open_delegation needs to remove_stid rather than unhash_stid nfsd: nfs4_free_stid nfsd: fix Kconfig syntax sunrpc: trim off EC bytes in GSSAPI v2 unwrap gss_krb5: document that we ignore sequence number ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-16 15:04:02 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-16 15:04:02 -0500
commit: 449bf8d03c5b94f00cc014ff601c2fe2eebb5a6e (patch)
tree: 8f17959c0a20d9ca3061d28036855813c775c783 /net/sunrpc
parent: ffd3c0260aeeb1fd4d36378d2e06e6410661dd0f (diff)
parent: aea240f4162d50e0f2d8bd5ea3ba11b5f072add8 (diff)
6 files changed, 28 insertions, 28 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 6cd930f3678f..6c981ddc19f8 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -150,7 +150,6 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
        struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),
                                      .data = cksumdata};
        s32 now;
-        u64 seqnum;
        u8 *ptr = read_token->data;
        u8 *cksumkey;
        u8 flags;
@@ -197,9 +196,10 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
        if (now > ctx->endtime)
                return GSS_S_CONTEXT_EXPIRED;
-        /* do sequencing checks */
+        /*
+         * NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
-        seqnum = be64_to_cpup((__be64 *)ptr + 8);
+         * doesn't want it checked; see page 6 of rfc 2203.
+         */
        return GSS_S_COMPLETE;
 }
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 1da52d1406fc..42560e55d978 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -489,7 +489,6 @@ static u32
 gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
 {
        s32             now;
-        u64             seqnum;
        u8              *ptr;
        u8              flags = 0x00;
        u16             ec, rrc;
@@ -525,7 +524,10 @@ gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
        ec = be16_to_cpup((__be16 *)(ptr + 4));
        rrc = be16_to_cpup((__be16 *)(ptr + 6));
-        seqnum = be64_to_cpup((__be64 *)(ptr + 8));
+        /*
+         * NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
+         * doesn't want it checked; see page 6 of rfc 2203.
+         */
        if (rrc != 0)
                rotate_left(offset + 16, buf, rrc);
@@ -574,8 +576,8 @@ gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
        buf->head[0].iov_len -= GSS_KRB5_TOK_HDR_LEN + headskip;
        buf->len -= GSS_KRB5_TOK_HDR_LEN + headskip;
-        /* Trim off the checksum blob */
+        /* Trim off the trailing "extra count" and checksum blob */
-        xdr_buf_trim(buf, GSS_KRB5_TOK_HDR_LEN + tailskip);
+        xdr_buf_trim(buf, ec + GSS_KRB5_TOK_HDR_LEN + tailskip);
        return GSS_S_COMPLETE;
 }
diff --git a/net/sunrpc/auth_gss/gss_rpc_upcall.c b/net/sunrpc/auth_gss/gss_rpc_upcall.c
index f1eb0d16666c..458f85e9b0ba 100644
--- a/net/sunrpc/auth_gss/gss_rpc_upcall.c
+++ b/net/sunrpc/auth_gss/gss_rpc_upcall.c
@@ -298,7 +298,8 @@ int gssp_accept_sec_context_upcall(struct net *net,
        if (res.context_handle) {
                data->out_handle = rctxh.exported_context_token;
                data->mech_oid.len = rctxh.mech.len;
-                memcpy(data->mech_oid.data, rctxh.mech.data,
+                if (rctxh.mech.data)
+                        memcpy(data->mech_oid.data, rctxh.mech.data,
                                                data->mech_oid.len);
                client_name = rctxh.src_name.display_name;
        }
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index f0f78c5f1c7d..1ec19f6f0c2b 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -559,6 +559,8 @@ static int gssx_enc_cred(struct xdr_stream *xdr,
        /* cred->elements */
        err = dummy_enc_credel_array(xdr, &cred->elements);
+        if (err)
+                return err;
        /* cred->cred_handle_reference */
        err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);
@@ -740,22 +742,20 @@ void gssx_enc_accept_sec_context(struct rpc_rqst *req,
                goto done;
        /* arg->context_handle */
-        if (arg->context_handle) {
+        if (arg->context_handle)
                err = gssx_enc_ctx(xdr, arg->context_handle);
-                if (err)
+        else
-                        goto done;
-        } else {
                err = gssx_enc_bool(xdr, 0);
-        }
+        if (err)
+                goto done;
        /* arg->cred_handle */
-        if (arg->cred_handle) {
+        if (arg->cred_handle)
                err = gssx_enc_cred(xdr, arg->cred_handle);
-                if (err)
+        else
-                        goto done;
-        } else {
                err = gssx_enc_bool(xdr, 0);
-        }
+        if (err)
+                goto done;
        /* arg->input_token */
        err = gssx_enc_in_token(xdr, &arg->input_token);
@@ -763,13 +763,12 @@ void gssx_enc_accept_sec_context(struct rpc_rqst *req,
                goto done;
        /* arg->input_cb */
-        if (arg->input_cb) {
+        if (arg->input_cb)
                err = gssx_enc_cb(xdr, arg->input_cb);
-                if (err)
+        else
-                        goto done;
-        } else {
                err = gssx_enc_bool(xdr, 0);
-        }
+        if (err)
+                goto done;
        err = gssx_enc_bool(xdr, arg->ret_deleg_cred);
        if (err)
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 09fb638bcaa4..008cdade5aae 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1167,8 +1167,8 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
        if (!ud->found_creds) {
                /* userspace seem buggy, we should always get at least a
                 * mapping to nobody */
-                dprintk("RPC:       No creds found, marking Negative!\n");
+                dprintk("RPC:       No creds found!\n");
-                set_bit(CACHE_NEGATIVE, &rsci.h.flags);
+                goto out;
        } else {
                /* steal creds */
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index b974571126fe..e7fbe368b4a3 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -1104,8 +1104,6 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
        rqstp->rq_vers = vers = svc_getnl(argv);        /* version number */
        rqstp->rq_proc = proc = svc_getnl(argv);        /* procedure number */
-        progp = serv->sv_program;
        for (progp = serv->sv_program; progp; progp = progp->pg_next)
                if (prog == progp->pg_prog)
                        break;
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-16 15:04:02 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-16 15:04:02 -0500
commit	449bf8d03c5b94f00cc014ff601c2fe2eebb5a6e (patch)
tree	8f17959c0a20d9ca3061d28036855813c775c783 /net/sunrpc
parent	ffd3c0260aeeb1fd4d36378d2e06e6410661dd0f (diff)
parent	aea240f4162d50e0f2d8bd5ea3ba11b5f072add8 (diff)

diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index 6cd930f3678f..6c981ddc19f8 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -150,7 +150,6 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
150	struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),	150	struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),
151	.data = cksumdata};	151	.data = cksumdata};
152	s32 now;	152	s32 now;
153	u64 seqnum;
154	u8 *ptr = read_token->data;	153	u8 *ptr = read_token->data;
155	u8 *cksumkey;	154	u8 *cksumkey;
156	u8 flags;	155	u8 flags;
@@ -197,9 +196,10 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
197	if (now > ctx->endtime)	196	if (now > ctx->endtime)
198	return GSS_S_CONTEXT_EXPIRED;	197	return GSS_S_CONTEXT_EXPIRED;
199		198
200	/* do sequencing checks */	199	/*
201		200	* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
202	seqnum = be64_to_cpup((__be64 *)ptr + 8);	201	* doesn't want it checked; see page 6 of rfc 2203.
		202	*/
203		203
204	return GSS_S_COMPLETE;	204	return GSS_S_COMPLETE;
205	}	205	}


diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index 1da52d1406fc..42560e55d978 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -489,7 +489,6 @@ static u32
489	gss_unwrap_kerberos_v2(struct krb5_ctx kctx, int offset, struct xdr_buf buf)	489	gss_unwrap_kerberos_v2(struct krb5_ctx kctx, int offset, struct xdr_buf buf)
490	{	490	{
491	s32 now;	491	s32 now;
492	u64 seqnum;
493	u8 *ptr;	492	u8 *ptr;
494	u8 flags = 0x00;	493	u8 flags = 0x00;
495	u16 ec, rrc;	494	u16 ec, rrc;
@@ -525,7 +524,10 @@ gss_unwrap_kerberos_v2(struct krb5_ctx kctx, int offset, struct xdr_buf buf)
525	ec = be16_to_cpup((__be16 *)(ptr + 4));	524	ec = be16_to_cpup((__be16 *)(ptr + 4));
526	rrc = be16_to_cpup((__be16 *)(ptr + 6));	525	rrc = be16_to_cpup((__be16 *)(ptr + 6));
527		526
528	seqnum = be64_to_cpup((__be64 *)(ptr + 8));	527	/*
		528	* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
		529	* doesn't want it checked; see page 6 of rfc 2203.
		530	*/
529		531
530	if (rrc != 0)	532	if (rrc != 0)
531	rotate_left(offset + 16, buf, rrc);	533	rotate_left(offset + 16, buf, rrc);
@@ -574,8 +576,8 @@ gss_unwrap_kerberos_v2(struct krb5_ctx kctx, int offset, struct xdr_buf buf)
574	buf->head[0].iov_len -= GSS_KRB5_TOK_HDR_LEN + headskip;	576	buf->head[0].iov_len -= GSS_KRB5_TOK_HDR_LEN + headskip;
575	buf->len -= GSS_KRB5_TOK_HDR_LEN + headskip;	577	buf->len -= GSS_KRB5_TOK_HDR_LEN + headskip;
576		578
577	/* Trim off the checksum blob */	579	/* Trim off the trailing "extra count" and checksum blob */
578	xdr_buf_trim(buf, GSS_KRB5_TOK_HDR_LEN + tailskip);	580	xdr_buf_trim(buf, ec + GSS_KRB5_TOK_HDR_LEN + tailskip);
579	return GSS_S_COMPLETE;	581	return GSS_S_COMPLETE;
580	}	582	}
581		583


diff --git a/net/sunrpc/auth_gss/gss_rpc_upcall.c b/net/sunrpc/auth_gss/gss_rpc_upcall.c index f1eb0d16666c..458f85e9b0ba 100644 --- a/net/sunrpc/auth_gss/gss_rpc_upcall.c +++ b/net/sunrpc/auth_gss/gss_rpc_upcall.c
@@ -298,7 +298,8 @@ int gssp_accept_sec_context_upcall(struct net *net,
298	if (res.context_handle) {	298	if (res.context_handle) {
299	data->out_handle = rctxh.exported_context_token;	299	data->out_handle = rctxh.exported_context_token;
300	data->mech_oid.len = rctxh.mech.len;	300	data->mech_oid.len = rctxh.mech.len;
301	memcpy(data->mech_oid.data, rctxh.mech.data,	301	if (rctxh.mech.data)
		302	memcpy(data->mech_oid.data, rctxh.mech.data,
302	data->mech_oid.len);	303	data->mech_oid.len);
303	client_name = rctxh.src_name.display_name;	304	client_name = rctxh.src_name.display_name;
304	}	305	}


diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index f0f78c5f1c7d..1ec19f6f0c2b 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -559,6 +559,8 @@ static int gssx_enc_cred(struct xdr_stream *xdr,
559		559
560	/* cred->elements */	560	/* cred->elements */
561	err = dummy_enc_credel_array(xdr, &cred->elements);	561	err = dummy_enc_credel_array(xdr, &cred->elements);
		562	if (err)
		563	return err;
562		564
563	/* cred->cred_handle_reference */	565	/* cred->cred_handle_reference */
564	err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);	566	err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);
@@ -740,22 +742,20 @@ void gssx_enc_accept_sec_context(struct rpc_rqst *req,
740	goto done;	742	goto done;
741		743
742	/* arg->context_handle */	744	/* arg->context_handle */
743	if (arg->context_handle) {	745	if (arg->context_handle)
744	err = gssx_enc_ctx(xdr, arg->context_handle);	746	err = gssx_enc_ctx(xdr, arg->context_handle);
745	if (err)	747	else
746	goto done;
747	} else {
748	err = gssx_enc_bool(xdr, 0);	748	err = gssx_enc_bool(xdr, 0);
749	}	749	if (err)
		750	goto done;
750		751
751	/* arg->cred_handle */	752	/* arg->cred_handle */
752	if (arg->cred_handle) {	753	if (arg->cred_handle)
753	err = gssx_enc_cred(xdr, arg->cred_handle);	754	err = gssx_enc_cred(xdr, arg->cred_handle);
754	if (err)	755	else
755	goto done;
756	} else {
757	err = gssx_enc_bool(xdr, 0);	756	err = gssx_enc_bool(xdr, 0);
758	}	757	if (err)
		758	goto done;
759		759
760	/* arg->input_token */	760	/* arg->input_token */
761	err = gssx_enc_in_token(xdr, &arg->input_token);	761	err = gssx_enc_in_token(xdr, &arg->input_token);
@@ -763,13 +763,12 @@ void gssx_enc_accept_sec_context(struct rpc_rqst *req,
763	goto done;	763	goto done;
764		764
765	/* arg->input_cb */	765	/* arg->input_cb */
766	if (arg->input_cb) {	766	if (arg->input_cb)
767	err = gssx_enc_cb(xdr, arg->input_cb);	767	err = gssx_enc_cb(xdr, arg->input_cb);
768	if (err)	768	else
769	goto done;
770	} else {
771	err = gssx_enc_bool(xdr, 0);	769	err = gssx_enc_bool(xdr, 0);
772	}	770	if (err)
		771	goto done;
773		772
774	err = gssx_enc_bool(xdr, arg->ret_deleg_cred);	773	err = gssx_enc_bool(xdr, arg->ret_deleg_cred);
775	if (err)	774	if (err)


diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 09fb638bcaa4..008cdade5aae 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1167,8 +1167,8 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
1167	if (!ud->found_creds) {	1167	if (!ud->found_creds) {
1168	/* userspace seem buggy, we should always get at least a	1168	/* userspace seem buggy, we should always get at least a
1169	* mapping to nobody */	1169	* mapping to nobody */
1170	dprintk("RPC: No creds found, marking Negative!\n");	1170	dprintk("RPC: No creds found!\n");
1171	set_bit(CACHE_NEGATIVE, &rsci.h.flags);	1171	goto out;
1172	} else {	1172	} else {
1173		1173
1174	/* steal creds */	1174	/* steal creds */


diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index b974571126fe..e7fbe368b4a3 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c
@@ -1104,8 +1104,6 @@ svc_process_common(struct svc_rqst rqstp, struct kvec argv, struct kvec *resv)
1104	rqstp->rq_vers = vers = svc_getnl(argv); /* version number */	1104	rqstp->rq_vers = vers = svc_getnl(argv); /* version number */
1105	rqstp->rq_proc = proc = svc_getnl(argv); /* procedure number */	1105	rqstp->rq_proc = proc = svc_getnl(argv); /* procedure number */
1106		1106
1107	progp = serv->sv_program;
1108
1109	for (progp = serv->sv_program; progp; progp = progp->pg_next)	1107	for (progp = serv->sv_program; progp; progp = progp->pg_next)
1110	if (prog == progp->pg_prog)	1108	if (prog == progp->pg_prog)
1111	break;	1109	break;