summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2014-05-30NFSD: Add missing comment of "expiry" in expkey_parse()Kinglong Mee
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30NFSD: Remove typedef of svc_client and svc_export in export.cKinglong Mee
No need for a typedef wrapper for svc_export or svc_client, remove them. Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30NFSD: Cleanup unneeded including net/ipv6.hKinglong Mee
Commit 49b28684fdba ("nfsd: Remove deprecated nfsctl system call and related code") removed the only use of ipv6_addr_set_v4mapped(), so net/ipv6.h is unneeded now. Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30NFSD: Cleanup unused variable in nfsd_setuser()Kinglong Mee
Commit 8f6c5ffc8987 ("kernel/groups.c: remove return value of set_groups") removed the last use of "ret". Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30NFSD: remove unneeded linux/user_namespace.h includeKinglong Mee
After commit 4c1e1b34d5c8 ("nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids") using kuid/kgid for ex_anon_uid/ex_anon_gid, user_namespace.h is not needed. Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30NFSD: Adds macro EX_UUID_LEN for exports uuid's lengthKinglong Mee
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30NFSD: Helper function for parsing uuidKinglong Mee
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30NFS4: Avoid NULL reference or double free in nfsd4_fslocs_free()Kinglong Mee
If fsloc_parse() failed at kzalloc(), fs/nfsd/export.c 411 412 fsloc->locations = kzalloc(fsloc->locations_count 413 * sizeof(struct nfsd4_fs_location), GFP_KERNEL); 414 if (!fsloc->locations) 415 return -ENOMEM; svc_export_parse() will call nfsd4_fslocs_free() with fsloc->locations = NULL, so that, "kfree(fsloc->locations[i].path);" will cause a crash. If fsloc_parse() failed after that, fsloc_parse() will call nfsd4_fslocs_free(), and svc_export_parse() will call it again, so that, a double free is caused. This patch checks the fsloc->locations, and set to NULL after it be freed. Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: better reservation of head space for krb5J. Bruce Fields
RPC_MAX_AUTH_SIZE is scattered around several places. Better to set it once in the auth code, where this kind of estimate should be made. And while we're at it we can leave it zero when we're not using krb5i or krb5p. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: kill write32, write64J. Bruce Fields
And switch a couple other functions from the encode(&p,...) convention to the p = encode(p,...) convention mostly used elsewhere. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: kill WRITEMEMJ. Bruce Fields
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: kill WRITE64J. Bruce Fields
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: kill WRITE32J. Bruce Fields
These macros just obscure what's going on. Adopt the convention of the client-side code. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: really fix nfs4err_resource in 4.1 caseJ. Bruce Fields
encode_getattr, for example, can return nfserr_resource to indicate it ran out of buffer space. That's not a legal error in the 4.1 case. And in the 4.1 case, if we ran out of buffer space, we should have exceeded a session limit too. (Note in 1bc49d83c37cfaf46be357757e592711e67f9809 "nfsd4: fix nfs4err_resource in 4.1 case" we originally tried fixing this error return before fixing the problem that we could error out while we still had lots of available space. The result was to trade one illegal error for another in those cases. We decided that was helpful, so reverted the change in fc208d026be0c7d60db9118583fc62f6ca97743d, and are only reinstating it now that we've elimited almost all of those cases.) Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: allow exotic read compoundsJ. Bruce Fields
I'm not sure why a client would want to stuff multiple reads in a single compound rpc, but it's legal for them to do it, and we should really support it. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: more read encoding cleanupJ. Bruce Fields
More cleanup, no change in functionality. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: read encoding cleanupJ. Bruce Fields
Trivial cleanup, no change in functionality. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: separate splice and readv casesJ. Bruce Fields
The splice and readv cases are actually quite different--for example the former case ignores the array of vectors we build up for the latter. It is probably clearer to separate the two cases entirely. There's some code duplication between the split out encoders, but this is only temporary and will be fixed by a later patch. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: nfsd_vfs_read doesn't use file handle parameterJ. Bruce Fields
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: turn off zero-copy-read in exotic casesJ. Bruce Fields
We currently allow only one read per compound, with operations before and after whose responses will require no more than about a page to encode. While we don't expect clients to violate those limits any time soon, this limitation isn't really condoned by the spec, so to future proof the server we should lift the limitation. At the same time we'd like to continue to support zero-copy reads. Supporting multiple zero-copy-reads per compound would require a new data structure to replace struct xdr_buf, which can represent only one set of included pages. So for now we plan to modify encode_read() to support either zero-copy or non-zero-copy reads, and use some heuristics at the start of the compound processing to decide whether a zero-copy read will work. This will allow us to support more exotic compounds without introducing a performance regression in the normal case. Later patches handle those "exotic compounds", this one just makes sure zero-copy is turned off in those cases. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: estimate sequence response sizeJ. Bruce Fields
Otherwise a following patch would turn off all 4.1 zero-copy reads. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: better estimate of getattr response sizeJ. Bruce Fields
We plan to use this estimate to decide whether or not to allow zero-copy reads. Currently we're assuming all getattr's are a page, which can be both too small (ACLs e.g. may be arbitrarily long) and too large (after an upcoming read patch this will unnecessarily prevent zero copy reads in any read compound also containing a getattr). Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: don't treat readlink like a zero-copy operationJ. Bruce Fields
There's no advantage to this zero-copy-style readlink encoding, and it unnecessarily limits the kinds of compounds we can handle. (In practice I can't see why a client would want e.g. multiple readlink calls in a comound, but it's probably a spec violation for us not to handle it.) Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: enforce rd_dircountJ. Bruce Fields
As long as we're here, let's enforce the protocol's limit on the number of directory entries to return in a readdir. I don't think anyone's ever noticed our lack of enforcement, but maybe there's more of a chance they will now that we allow larger readdirs. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: allow large readdirsJ. Bruce Fields
Currently we limit readdir results to a single page. This can result in a performance regression compared to NFSv3 when reading large directories. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: use session limits to release send buffer reservationJ. Bruce Fields
Once we know the limits the session places on the size of the rpc, we can also use that information to release any unnecessary reserved reply buffer space. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: adjust buflen to session channel limitJ. Bruce Fields
We can simplify session limit enforcement by restricting the xdr buflen to the session size. Also fix a preexisting bug: we should really have been taking into account the auth-required space when comparing against session limits, which are limits on the size of the entire rpc reply, including any krb5 overhead. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30rpc: define xdr_restrict_buflenJ. Bruce Fields
With this xdr_reserve_space can help us enforce various limits. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: fix buflen calculation after read encodingJ. Bruce Fields
We don't necessarily want to assume that the buflen is the same as the number of bytes available in the pages. We may have some reason to set it to something less (for example, later patches will use a smaller buflen to enforce session limits). So, calculate the buflen relative to the previous buflen instead of recalculating it from scratch. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: nfsd4_check_resp_size should check against whole bufferJ. Bruce Fields
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: minor encode_read cleanupJ. Bruce Fields
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: more precise nfsd4_max_replyJ. Bruce Fields
It will turn out to be useful to have a more accurate estimate of reply size; so, piggyback on the existing op reply-size estimators. Also move nfsd4_max_reply to nfs4proc.c to get easier access to struct nfsd4_operation and friends. (Thanks to Christoph Hellwig for pointing out that simplification.) Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: don't try to encode conflicting owner if low on spaceJ. Bruce Fields
I ran into this corner case in testing: in theory clients can provide state owners up to 1024 bytes long. In the sessions case there might be a risk of this pushing us over the DRC slot size. The conflicting owner isn't really that important, so let's humor a client that provides a small maxresponsize_cached by allowing ourselves to return without the conflicting owner instead of outright failing the operation. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: convert 4.1 replay encodingJ. Bruce Fields
Limits on maxresp_sz mean that we only ever need to replay rpc's that are contained entirely in the head. The one exception is very small zero-copy reads. That's an odd corner case as clients wouldn't normally ask those to be cached. in any case, this seems a little more robust. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: allow encoding across page boundariesJ. Bruce Fields
After this we can handle for example getattr of very large ACLs. Read, readdir, readlink are still special cases with their own limits. Also we can't handle a new operation starting close to the end of a page. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: size-checking cleanupJ. Bruce Fields
Better variable name, some comments, etc. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: remove redundant encode buffer size checkingJ. Bruce Fields
Now that all op encoders can handle running out of space, we no longer need to check the remaining size for every operation; only nonidempotent operations need that check, and that can be done by nfsd4_check_resp_size. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: nfsd4_check_resp_size needn't recalculate lengthJ. Bruce Fields
We're keeping the length updated as we go now, so there's no need for the extra calculation here. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: reserve space before inlining 0-copy pagesJ. Bruce Fields
Once we've included page-cache pages in the encoding it's difficult to remove them and restart encoding. (xdr_truncate_encode doesn't handle that case.) So, make sure we'll have adequate space to finish the operation first. For now COMPOUND_SLACK_SPACE checks should prevent this case happening, but we want to remove those checks. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: teach encoders to handle reserve_space failuresJ. Bruce Fields
We've tried to prevent running out of space with COMPOUND_SLACK_SPACE and special checking in those operations (getattr) whose result can vary enormously. However: - COMPOUND_SLACK_SPACE may be difficult to maintain as we add more protocol. - BUG_ON or page faulting on failure seems overly fragile. - Especially in the 4.1 case, we prefer not to fail compounds just because the returned result came *close* to session limits. (Though perfect enforcement here may be difficult.) - I'd prefer encoding to be uniform for all encoders instead of having special exceptions for encoders containing, for example, attributes. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: "backfill" using write_bytes_to_xdr_bufJ. Bruce Fields
Normally xdr encoding proceeds in a single pass from start of a buffer to end, but sometimes we have to write a few bytes to an earlier position. Use write_bytes_to_xdr_buf for these cases rather than saving a pointer to write to. We plan to rewrite xdr_reserve_space to handle encoding across page boundaries using a scratch buffer, and don't want to risk writing to a pointer that was contained in a scratch buffer. Also it will no longer be safe to calculate lengths by subtracting two pointers, so use xdr_buf offsets instead. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30nfsd4: use xdr_truncate_encodeJ. Bruce Fields
Now that lengths are reliable, we can use xdr_truncate instead of open-coding it everywhere. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30rpc: xdr_truncate_encodeJ. Bruce Fields
This will be used in the server side in a few cases: - when certain operations (read, readdir, readlink) fail after encoding a partial response. - when we run out of space after encoding a partial response. - in readlink, where we initially reserve PAGE_SIZE bytes for data, then truncate to the actual size. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-28nfsd4: keep xdr buf length updatedJ. Bruce Fields
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-28nfsd4: no need for encode_compoundres to adjust lengthsJ. Bruce Fields
xdr_reserve_space should now be calculating the length correctly as we go, so there's no longer any need to fix it up here. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-28nfsd4: remove ADJUST_ARGSJ. Bruce Fields
It's just uninteresting debugging code at this point. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-28nfsd4: use xdr_stream throughout compound encodingJ. Bruce Fields
Note this makes ADJUST_ARGS useless; we'll remove it in the following patch. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-28nfsd4: use xdr_reserve_space in attribute encodingJ. Bruce Fields
This is a cosmetic change for now; no change in behavior. Note we're just depending on xdr_reserve_space to do the bounds checking for us, we're not really depending on its adjustment of iovec or xdr_buf lengths yet, as those are fixed up by as necessary after the fact by read-link operations and by nfs4svc_encode_compoundres. However we do have to update xdr->iov on read-like operations to prevent xdr_reserve_space from messing with the already-fixed-up length of the the head. When the attribute encoding fails partway through we have to undo the length adjustments made so far. We do it manually for now, but later patches will add an xdr_truncate_encode() helper to handle cases like this. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-27nfsd4: allow space for final error returnJ. Bruce Fields
This post-encoding check should be taking into account the need to encode at least an out-of-space error to the following op (if any). Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-27nfsd4: fix encoding of out-of-space repliesJ. Bruce Fields
If nfsd4_check_resp_size() returns an error then we should really be truncating the reply here, otherwise we may leave extra garbage at the end of the rpc reply. Also add a warning to catch any cases where our reply-size estimates may be wrong in the case of a non-idempotent operation. Signed-off-by: J. Bruce Fields <bfields@redhat.com>