summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* nfsd4: don't allow reclaims of expired clientsJ. Bruce Fields2012-10-011-8/+10
| | | | | | | | | | | | | | | | | | When a confirmed client expires, we normally also need to expire any stable storage record which would allow that client to reclaim state on the next boot. We forgot to do this in some cases. (For example, in destroy_clientid, and in the cases in exchange_id and create_session that destroy and existing confirmed client.) But in most other cases, there's really no harm to calling nfsd4_client_record_remove(), because it is a no-op in the case the client doesn't have an existing The single exception is destroying a client on shutdown, when we want to keep the stable storage records so we can recognize which clients will be allowed to reclaim when we come back up. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: remove redundant callback probeJ. Bruce Fields2012-10-011-3/+1
| | | | | | | | | | | Both nfsd4_init_conn and alloc_init_session are probing the callback channel, harmless but pointless. Also, nfsd4_init_conn should probably be probing in the "unknown" case as well. In fact I don't see any harm to just doing it unconditionally when we get a new backchannel connection. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: expire old client earlierJ. Bruce Fields2012-10-011-10/+7
| | | | | | | | Before we had to delay expiring a client till we'd found out whether the session and connection allocations would succeed. That's no longer necessary. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: separate session allocation and initializationJ. Bruce Fields2012-10-011-23/+23
| | | | | | This will allow some further simplification. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: clean up session allocationJ. Bruce Fields2012-10-011-12/+20
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: minor free_session cleanupJ. Bruce Fields2012-10-011-10/+9
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: new_conn_from_crses should only allocateJ. Bruce Fields2012-10-011-16/+10
| | | | | | | Do the initialization in the caller, and clarify that the only failure ever possible here was due to allocation. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: separate connection allocation and initializationJ. Bruce Fields2012-10-011-10/+15
| | | | | | | | | | It'll be useful to have connection allocation and initialization as separate functions. Also, note we'd been ignoring the alloc_conn error return in bind_conn_to_session. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: reject bad forechannel attrs earlierJ. Bruce Fields2012-10-011-4/+2
| | | | | | This could simplify the logic a little later. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: enforce per-client sessions/no-sessions distinctionJ. Bruce Fields2012-10-013-22/+31
| | | | | | | | | Something like creating a client with setclientid and then trying to confirm it with create_session may not crash the server, but I'm not completely positive of that, and in any case it's obviously bad client behavior. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: set cl_minorversion at create timeJ. Bruce Fields2012-10-011-10/+1
| | | | | | And remove some mostly obsolete comments. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: don't pin clientids to pseudoflavorsJ. Bruce Fields2012-10-011-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | I added cr_flavor to the data compared in same_creds without any justification, in d5497fc693a446ce9100fcf4117c3f795ddfd0d2 "nfsd4: move rq_flavor into svc_cred". Recent client changes then started making mount -osec=krb5 server:/export /mnt/ echo "hello" >/mnt/TMP umount /mnt/ mount -osec=krb5i server:/export /mnt/ echo "hello" >/mnt/TMP to fail due to a clid_inuse on the second open. Mounting sequentially like this with different flavors probably isn't that common outside artificial tests. Also, the real bug here may be that the server isn't just destroying the former clientid in this case (because it isn't good enough at recognizing when the old state is gone). But it prompted some discussion and a look back at the spec, and I think the check was probably wrong. Fix and document. Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: fix bind_conn_to_session xdr commentJ. Bruce Fields2012-09-251-1/+1
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: cast readlink() bug argumentJ. Bruce Fields2012-09-101-1/+1
| | | | | | As we already do in readv, writev. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: pass null terminated buf to kstrtouint()Malahal Naineni2012-09-101-1/+1
| | | | | | | | | The 'buf' is prepared with null termination with intention of using it for this purpose, but 'name' is passed instead! Signed-off-by: Malahal Naineni <malahal@us.ibm.com> Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: remove duplicate init in nfsd4_cb_recallNamjae Jeon2012-09-101-1/+0
| | | | | | | | remove duplicate init in nfsd4_cb_recall Signed-off-by: Namjae Jeon <linkinjeon@gmail.com> Signed-off-by: Vivek Trivedi <vtrivedi018@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: eliminate redundant nfs4_free_stateidJ. Bruce Fields2012-09-101-6/+1
| | | | | | | Somehow we ended up with identical functions "nfs4_free_stateid" and "free_generic_stateid". Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* fs/nfsd/nfs4idmap.c: adjust inconsistent IS_ERR and PTR_ERRJulia Lawall2012-09-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Change the call to PTR_ERR to access the value just tested by IS_ERR. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression e,e1; @@ ( if (IS_ERR(e)) { ... PTR_ERR(e) ... } | if (IS_ERR(e=e1)) { ... PTR_ERR(e) ... } | *if (IS_ERR(e)) { ... * PTR_ERR(e1) ... } ) // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: remove unused listener-removal interfacesJ. Bruce Fields2012-09-103-132/+0
| | | | | | | | | | | | | | | | | | | You can use nfsd/portlist to give nfsd additional sockets to listen on. In theory you can also remove listening sockets this way. But nobody's ever done that as far as I can tell. Also this was partially broken in 2.6.25, by a217813f9067b785241cb7f31956e51d2071703a "knfsd: Support adding transports by writing portlist file". (Note that we decide whether to take the "delfd" case by checking for a digit--but what's actually expected in that case is something made by svc_one_sock_name(), which won't begin with a digit.) So, let's just rip out this stuff. Acked-by: NeilBrown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: fix nfs4 stateid leakJ. Bruce Fields2012-09-101-0/+1
| | | | | | | | | | | | Processes that open and close multiple files may end up setting this oo_last_closed_stid without freeing what was previously pointed to. This can result in a major leak, visible for example by watching the nfsd4_stateids line of /proc/slabinfo. Reported-by: Cyril B. <cbay@excellency.fr> Tested-by: Cyril B. <cbay@excellency.fr> Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: document kernel interfaces for nfsd configurationJ. Bruce Fields2012-08-211-0/+41
| | | | | | | | | These are only needed by nfs-utils. But I needed to remind myself how they worked recently and thought this might be helpful. It's short and incomplete for now as I was only interested in startup, shutdown, and configuration of listening sockets. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: split up svc_handle_xprtJ. Bruce Fields2012-08-211-22/+25
| | | | | | Move initialization of newly accepted socket into a helper. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: break up svc_recvJ. Bruce Fields2012-08-211-36/+67
| | | | | | | | | | | | Matter of taste, I suppose, but svc_recv breaks up naturally into: allocate pages and setup arg dequeue (wait for, if necessary) next socket do something with that socket And I find it easier to read when it doesn't go on for pages and pages. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: make svc_xprt_received staticJ. Bruce Fields2012-08-213-26/+20
| | | | | | | | | | Note this isn't used outside svc_xprt.c. May as well move it so we don't need a declaration while we're here. Also remove an outdated comment. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: remove handling of unknown errors from svc_recvJ. Bruce Fields2012-08-213-40/+5
| | | | | | | | | svc_recv() returns only -EINTR or -EAGAIN. If we really want to worry about the case where it has a bug that causes it to return something else, we could stick a WARN() in svc_recv. But it's silly to require every caller to have all this boilerplate to handle that case. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: make xpo_recvfrom return only >=0J. Bruce Fields2012-08-212-4/+4
| | | | | | | | | | The only errors returned from xpo_recvfrom have been -EAGAIN and -EAFNOSUPPORT. The latter was removed by a previous patch. That leaves only -EAGAIN, which is treated just like 0 by the caller (svc_recv). So, just ditch -EAGAIN and return 0 instead. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: don't bother checking bad svc_addr_len resultJ. Bruce Fields2012-08-212-4/+1
| | | | | | | | | None of the callers should see an unsupported address family (only one of them even bothers to check for that case), so just check for the buggy case in svc_addr_len and don't bother elsewhere. Acked-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: minor udp code cleanupJ. Bruce Fields2012-08-211-4/+5
| | | | | | Order the code in a more boring way. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: allow configuring nfsd to listen on 5-digit portsJ. Bruce Fields2012-08-211-1/+1
| | | | | | Note a 16-bit value can require up to 5 digits. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: remove redundant "port" argumentJ. Bruce Fields2012-08-213-9/+9
| | | | | | | | | "port" in all these functions is always NFS_PORT. nfsd can already be run on a nonstandard port using the "nfsd/portlist" interface. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: share some setup of listening socketsJ. Bruce Fields2012-08-213-11/+12
| | | | | | There's some duplicate code here. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: make svc_create_xprt enqueue on clearing XPT_BUSYJ. Bruce Fields2012-08-211-1/+1
| | | | | | | | Whenever we clear XPT_BUSY we should call svc_xprt_enqueue(). Without that we may fail to notice any events (such as new connections) that arrived while XPT_BUSY was set. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: clean up control flowJ. Bruce Fields2012-08-211-35/+34
| | | | | | | | | | | | | | | | | | | Mainly, use the kernel standard err = -ERROR; if (something_bad) goto out; normal case; rather than if (something_bad) err = -ERROR else { normal case; } Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: standardize svc_setup_socket return conventionJ. Bruce Fields2012-08-211-18/+22
| | | | | | | Use the kernel-standard ptr-or-error return convention instead of passing a pointer to the error. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: fix xpt_list traversal locking on shutdownJ. Bruce Fields2012-08-211-9/+15
| | | | | | | Server threads are not running at this point, but svc_age_temp_xprts still may be, so we need this locking. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* knfsd: don't allocate file_locks on the stackJeff Layton2012-08-211-42/+76
| | | | | | | | | | | | | | struct file_lock is pretty large and really ought not live on the stack. On my x86_64 machine, they're almost 200 bytes each. (gdb) p sizeof(struct file_lock) $1 = 192 ...allocate them dynamically instead. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* knfsd: remove bogus BUG_ON() call from nfsd4_lockuJeff Layton2012-08-211-1/+0
| | | | | | | | The code checks for a NULL filp and handles it gracefully just before this BUG_ON. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: nfsd_process_n_delegations should be staticJ. Bruce Fields2012-08-211-1/+1
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Swap the struct nfs4_operation getter and setterBryan Schumaker2012-08-201-2/+2
| | | | | | | | stateid_setter should be matched to op_set_currentstateid, rather than op_get_currentstateid. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: do_nfsd_create verf argument is a u32J. Bruce Fields2012-08-201-1/+1
| | | | | | | The types here are actually a bit of a mess. For now cast as we do in the v4 case. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: declare nfs4_recoverydir properlyJ. Bruce Fields2012-08-202-2/+2
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: nfsaclsvc_encode_voidres staticJ. Bruce Fields2012-08-201-2/+1
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: trivial comment updatesJeff Layton2012-08-202-10/+1
| | | | | | | locks.c doesn't use the BKL anymore and there is no fi_perfile field. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* vfs: don't treat fl_type as a bitmapJeff Layton2012-08-201-3/+3
| | | | | | | | | | | | | | The rules for fl_type are rather convoluted. Typically it's treated as holding specific values, except in the case of LOCK_MAND, in which case it can be or'ed with LOCK_READ|LOCK_WRITE. On some arches F_WRLCK == 2 and F_UNLCK == 3, so and'ing with F_WRLCK will also catch the F_UNLCK case. It's unlikely in either case here that we'd ever see F_UNLCK since those shouldn't end up on any lists, but it's still best to be consistent. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: fix svc_xprt_enqueue/svc_recv busy-loopingJ. Bruce Fields2012-08-201-5/+2
| | | | | | | | | | | | | | | | | | | | | | | The rpc server tries to ensure that there will be room to send a reply before it receives a request. It does this by tracking, in xpt_reserved, an upper bound on the total size of the replies that is has already committed to for the socket. Currently it is adding in the estimate for a new reply *before* it checks whether there is space available. If it finds that there is not space, it then subtracts the estimate back out. This may lead the subsequent svc_xprt_enqueue to decide that there is space after all. The results is a svc_recv() that will repeatedly return -EAGAIN, causing server threads to loop without doing any actual work. Cc: stable@vger.kernel.org Reported-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: sends on closed socket should stop immediatelyJ. Bruce Fields2012-08-201-1/+2
| | | | | | | | | | | | | | | | | | | svc_tcp_sendto sets XPT_CLOSE if we fail to transmit the entire reply. However, the XPT_CLOSE won't be acted on immediately. Meanwhile other threads could send further replies before the socket is really shut down. This can manifest as data corruption: for example, if a truncated read reply is followed by another rpc reply, that second reply will look to the client like further read data. Symptoms were data corruption preceded by svc_tcp_sendto logging something like kernel: rpc-srv/tcp: nfsd: sent only 963696 when sending 1048708 bytes - shutting down socket Cc: stable@vger.kernel.org Reported-by: Malahal Naineni <malahal@us.ibm.com> Tested-by: Malahal Naineni <malahal@us.ibm.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* svcrpc: fix BUG() in svc_tcp_clear_pagesJ. Bruce Fields2012-08-201-1/+1
| | | | | | | | | | | | | | | | | | Examination of svc_tcp_clear_pages shows that it assumes sk_tcplen is consistent with sk_pages[] (in particular, sk_pages[n] can't be NULL if sk_tcplen would lead us to expect n pages of data). svc_tcp_restore_pages zeroes out sk_pages[] while leaving sk_tcplen. This is OK, since both functions are serialized by XPT_BUSY. However, that means the inconsistency must be repaired before dropping XPT_BUSY. Therefore we should be ensuring that svc_tcp_save_pages repairs the problem before exiting svc_tcp_recv_record on error. Symptoms were a BUG() in svc_tcp_clear_pages. Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: fix security flavor of NFSv4.0 callbackJ. Bruce Fields2012-08-202-3/+2
| | | | | | | | | | | | | | | | | Commit d5497fc693a446ce9100fcf4117c3f795ddfd0d2 "nfsd4: move rq_flavor into svc_cred" forgot to remove cl_flavor from the client, leaving two places (cl_flavor and cl_cred.cr_flavor) for the flavor to be stored. After that patch, the latter was the one that was updated, but the former was the one that the callback used. Symptoms were a long delay on utime(). This is because the utime() generated a setattr which recalled a delegation, but the cb_recall was ignored by the client because it had the wrong security flavor. Cc: stable@vger.kernel.org Tested-by: Jamie Heilman <jamie@audible.transient.net> Reported-by: Jamie Heilman <jamie@audible.transient.net> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* Linux 3.6-rc2v3.6-rc2Linus Torvalds2012-08-161-1/+1
|
* autofs4 - fix get_next_positive_subdir()Ian Kent2012-08-161-18/+13
| | | | | | | | | | | | | | | | | | Following a report of a crash during an automount expire I found that the locking in fs/autofs4/expire.c:get_next_positive_subdir() was wrong. Not only is the locking wrong but the function is more complex than it needs to be. The function is meant to calculate (and dget) the next entry in the list of directories contained in the root of an autofs mount point (an autofs indirect mount to be precise). The main problem was that the d_lock of the owner of the list was not being taken when walking the list, which lead to list corruption under load. The only other lock that needs to be taken is against the next dentry candidate so it can be checked for usability. Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
OpenPOWER on IntegriCloud