From f11b2a1cfbf5dd783eb55cb470509d06e20d1c78 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Sat, 21 Jun 2014 20:52:17 -0400 Subject: nfs4: copy acceptor name from context to nfs_client The current CB_COMPOUND handling code tries to compare the principal name of the request with the cl_hostname in the client. This is not guaranteed to ever work, particularly if the client happened to mount a CNAME of the server or a non-fqdn. Fix this by instead comparing the cr_principal string with the acceptor name that we get from gssd. In the event that gssd didn't send one down (i.e. it was too old), then we fall back to trying to use the cl_hostname as we do today. Signed-off-by: Jeff Layton Signed-off-by: Trond Myklebust --- fs/nfs/callback.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'fs/nfs/callback.c') diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 073b4cf67ed..54de482143c 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -428,6 +428,18 @@ check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp) if (p == NULL) return 0; + /* + * Did we get the acceptor from userland during the SETCLIENID + * negotiation? + */ + if (clp->cl_acceptor) + return !strcmp(p, clp->cl_acceptor); + + /* + * Otherwise try to verify it using the cl_hostname. Note that this + * doesn't work if a non-canonical hostname was used in the devname. + */ + /* Expect a GSS_C_NT_HOSTBASED_NAME like "nfs@serverhostname" */ if (memcmp(p, "nfs@", 4) != 0) -- cgit v1.2.3-70-g09d2 From 887999774aeca9375b3831dbe58bab02df7b327f Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Sun, 3 Aug 2014 13:03:08 -0400 Subject: nfs: Ensure that nfs_callback_start_svc sets the server rq_task... Signed-off-by: Trond Myklebust Signed-off-by: J. Bruce Fields --- fs/nfs/callback.c | 1 + 1 file changed, 1 insertion(+) (limited to 'fs/nfs/callback.c') diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 54de482143c..e3dd1cd175d 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -244,6 +244,7 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, cb_info->task = NULL; return ret; } + rqstp->rq_task = cb_info->task; dprintk("nfs_callback_up: service started\n"); return 0; } -- cgit v1.2.3-70-g09d2 From 66f09ca717e7905e0eebe000b86e27d0274b95ac Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Tue, 2 Sep 2014 13:58:58 -0400 Subject: nfs: do not start the callback thread until we set rqstp->rq_task This fixes an Oopsable race when starting up the callback server. Signed-off-by: Trond Myklebust Reviewed-by: Jeff Layton Signed-off-by: J. Bruce Fields --- fs/nfs/callback.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'fs/nfs/callback.c') diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index e3dd1cd175d..b8fb3a4ef64 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -235,7 +235,7 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, cb_info->serv = serv; cb_info->rqst = rqstp; - cb_info->task = kthread_run(callback_svc, cb_info->rqst, + cb_info->task = kthread_create(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion); if (IS_ERR(cb_info->task)) { ret = PTR_ERR(cb_info->task); @@ -245,6 +245,7 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, return ret; } rqstp->rq_task = cb_info->task; + wake_up_process(cb_info->task); dprintk("nfs_callback_up: service started\n"); return 0; } -- cgit v1.2.3-70-g09d2