summaryrefslogtreecommitdiffstats
path: root/fs/nfsd/nfsd.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* nfsd: implement machine credential support for some operationsAndrew Elble2016-07-131-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | This addresses the conundrum referenced in RFC5661 18.35.3, and will allow clients to return state to the server using the machine credentials. The biggest part of the problem is that we need to allow the client to send a compound op with integrity/privacy on mounts that don't have it enabled. Add server support for properly decoding and using spo_must_enforce and spo_must_allow bits. Add support for machine credentials to be used for CLOSE, OPEN_DOWNGRADE, LOCKU, DELEGRETURN, and TEST/FREE STATEID. Implement a check so as to not throw WRONGSEC errors when these operations are used if integrity/privacy isn't turned on. Without this, Linux clients with credentials that expired while holding delegations were getting stuck in an endless loop. Signed-off-by: Andrew Elble <aweits@rit.edu> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: eliminate NFSD_DEBUGMark Salter2015-04-211-1/+1
| | | | | | | | | | | | | | | | | | | Commit f895b252d4edf ("sunrpc: eliminate RPC_DEBUG") introduced use of IS_ENABLED() in a uapi header which leads to a build failure for userspace apps trying to use <linux/nfsd/debug.h>: linux/nfsd/debug.h:18:15: error: missing binary operator before token "(" #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) ^ Since this was only used to define NFSD_DEBUG if CONFIG_SUNRPC_DEBUG is enabled, replace instances of NFSD_DEBUG with CONFIG_SUNRPC_DEBUG. Cc: stable@vger.kernel.org Fixes: f895b252d4edf "sunrpc: eliminate RPC_DEBUG" Signed-off-by: Mark Salter <msalter@redhat.com> Reviewed-by: Jeff Layton <jlayton@primarydata.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: implement pNFS operationsChristoph Hellwig2015-02-021-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for the GETDEVICEINFO, LAYOUTGET, LAYOUTCOMMIT and LAYOUTRETURN NFSv4.1 operations, as well as backing code to manage outstanding layouts and devices. Layout management is very straight forward, with a nfs4_layout_stateid structure that extends nfs4_stid to manage layout stateids as the top-level structure. It is linked into the nfs4_file and nfs4_client structures like the other stateids, and contains a linked list of layouts that hang of the stateid. The actual layout operations are implemented in layout drivers that are not part of this commit, but will be added later. The worst part of this commit is the management of the pNFS device IDs, which suffers from a specification that is not sanely implementable due to the fact that the device-IDs are global and not bound to an export, and have a small enough size so that we can't store the fsid portion of a file handle, and must never be reused. As we still do need perform all export authentication and validation checks on a device ID passed to GETDEVICEINFO we are caught between a rock and a hard place. To work around this issue we add a new hash that maps from a 64-bit integer to a fsid so that we can look up the export to authenticate against it, a 32-bit integer as a generation that we can bump when changing the device, and a currently unused 32-bit integer that could be used in the future to handle more than a single device per export. Entries in this hash table are never deleted as we can't reuse the ids anyway, and would have a severe lifetime problem anyway as Linux export structures are temporary structures that can go away under load. Parts of the XDR data, structures and marshaling/unmarshaling code, as well as many concepts are derived from the old pNFS server implementation from Andy Adamson, Benny Halevy, Dean Hildebrand, Marc Eshel, Fred Isaman, Mike Sager, Ricardo Labiaga and many others. Signed-off-by: Christoph Hellwig <hch@lst.de>
* nfsd: correctly define v4.2 support attributesChristoph Hellwig2014-11-191-3/+6
| | | | | | | | | Even when security labels are disabled we support at least the same attributes as v4.1. Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Update some as-yet unused 4.2 error codesAnna Schumaker2014-08-281-1/+1
| | | | | | | | | | | | Recent NFS v4.2 drafts have removed NFS4ERR_METADATA_NOTSUPP and reassigned the error code to NFS4ERR_UNION_NOTSUPP. I also add in the NFS4ERR_OFFLOAD_NO_REQS error code. We're not using any of these yet, so there's no harm done. Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Get rid of empty function nfs4_state_initKinglong Mee2014-05-081-2/+0
| | | | | Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: remove <linux/nfsd/debug.h>Christoph Hellwig2014-05-061-1/+8
| | | | | | | | There is almost nothing left it in, just merge it into the only file that includes it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: move <linux/nfsd/stats.h> to fs/nfsdChristoph Hellwig2014-05-061-1/+1
| | | | | | | There are no legitimate users outside of fs/nfsd, so move it there. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: move <linux/nfsd/export.h> to fs/nfsdChristoph Hellwig2014-05-061-1/+2
| | | | | | | There are no legitimate users outside of fs/nfsd, so move it there. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: remove <linux/nfsd/nfsfh.h>Christoph Hellwig2014-05-061-0/+1
| | | | | | | | | The only real user of this header is fs/nfsd/nfsfh.h, so merge the two. Various lockѕ source files used it to indirectly get other sunrpc or nfs headers, so fix those up. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: leave reply buffer space for failed setattrJ. Bruce Fields2014-03-271-1/+1
| | | | | | | | | This fixes an ommission from 18032ca062e621e15683cb61c066ef3dc5414a7b "NFSD: Server implementation of MAC Labeling", which increased the size of the setattr error reply without increasing COMPOUND_ERR_SLACK_SPACE. Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: fix minorversion support interfaceJ. Bruce Fields2013-07-121-1/+0
| | | | | | | | | | | | | | | | You can turn on or off support for minorversions using e.g. echo "-4.2" >/proc/fs/nfsd/versions However, the current implementation is a little wonky. For example, the above will turn off 4.2 support, but it will also turn *on* 4.1 support. This didn't matter as long as we only had 2 minorversions, which was true till very recently. And do a little cleanup here. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Server implementation of MAC LabelingDavid Quigley2013-05-151-2/+16
| | | | | | | | | | | | | Implement labeled NFS on the server: encoding and decoding, and writing and reading, of file labels. Enabled with CONFIG_NFSD_V4_SECURITY_LABEL. Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSDv4.2: Add NFS v4.2 support to the NFS serverSteve Dickson2013-05-131-1/+1
| | | | | | | | | | | | | | | This enables NFSv4.2 support for the server. To enable this code do the following: echo "+4.2" >/proc/fs/nfsd/versions after the nfsd kernel module is loaded. On its own this does nothing except allow the server to respond to compounds with minorversion set to 2. All the new NFSv4.2 features are optional, so this is perfectly legal. Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFS: Add NFSv4.2 protocol constantsSteve Dickson2013-05-131-0/+6
| | | | | | | | | Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* fs/nfsd: change type of max_delegations, nfsd_drc_max_mem and nfsd_drc_mem_usedZhang Yanfei2013-02-241-3/+3
| | | | | | | | | The three variables are calculated from nr_free_buffer_pages so change their types to unsigned long in case of overflow. Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* nfsd: make NFSd service structure allocated per netStanislav Kinsbursky2012-12-101-14/+4
| | | | | | | | | | | | | | | | | | | | This patch makes main step in NFSd containerisation. There could be different approaches to how to make NFSd able to handle incoming RPC request from different network namespaces. The two main options are: 1) Share NFSd kthreads betwween all network namespaces. 2) Create separated pool of threads for each namespace. While first approach looks more flexible, second one is simpler and non-racy. This patch implements the second option. To make it possible to allocate separate pools of threads, we have to make it possible to allocate separate NFSd service structures per net. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: make NFSd service boot time per-netStanislav Kinsbursky2012-12-101-5/+0
| | | | | | | | | This is simple: an NFSd service can be started at different times in different network environments. So, its "boot time" has to be assigned per net. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: pass net to nfsd_set_nrthreads()Stanislav Kinsbursky2012-12-101-1/+1
| | | | | | | | Precursor patch. Hard-coded "init_net" will be replaced by proper one in future. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: pass net to nfsd_svc()Stanislav Kinsbursky2012-12-101-1/+1
| | | | | | | | Precursor patch. Hard-coded "init_net" will be replaced by proper one in future. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: pass net to nfsd_create_serv()Stanislav Kinsbursky2012-12-101-1/+1
| | | | | | | | Precursor patch. Hard-coded "init_net" will be replaced by proper one in future. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: make NFSv4 grace time per netStanislav Kinsbursky2012-11-281-2/+0
| | | | | | | | Grace time is a part of NFSv4 state engine, which is constructed per network namespace. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: make NFSv4 lease time per netStanislav Kinsbursky2012-11-281-1/+0
| | | | | | | | Lease time is a part of NFSv4 state engine, which is constructed per network namespace. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: call state init and shutdown twiceStanislav Kinsbursky2012-11-281-0/+4
| | | | | | | | | | | Split NFSv4 state init and shutdown into two different calls: per-net one and generic one. Per-net cwinit/shutdown pair have to be called for any namespace, generic pair - only once on NSFd kthreads start and shutdown respectively. Refresh of diff-nfsd-call-state-init-twice Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: remove redundant "port" argumentJ. Bruce Fields2012-08-211-1/+1
| | | | | | | | | "port" in all these functions is always NFS_PORT. nfsd can already be run on a nonstandard port using the "nfsd/portlist" interface. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: declare nfs4_recoverydir properlyJ. Bruce Fields2012-08-211-0/+2
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSd: set nfsd_serv to NULL after service destructionStanislav Kinsbursky2012-07-251-0/+2
| | | | | | | | | | | | | | In nfsd_destroy(): if (destroy) svc_shutdown_net(nfsd_serv, net); svc_destroy(nfsd_server); svc_shutdown_net(nfsd_serv, net) calls nfsd_last_thread(), which sets nfsd_serv to NULL, causing a NULL dereference on the following line. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSd: introduce nfsd_destroy() helperStanislav Kinsbursky2012-07-251-0/+9
| | | | | Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: share some function prototypesJ. Bruce Fields2012-07-101-0/+2
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: only register cld pipe notifier when CONFIG_NFSD_V4 is enabledJeff Layton2012-03-291-1/+6
| | | | | | | | | | | | | | | Otherwise, we get a warning or error similar to this when building with CONFIG_NFSD_V4 disabled: ERROR: "nfsd4_cld_block" [fs/nfsd/nfsd.ko] undefined! Fix this by wrapping the calls to rpc_pipefs_notifier_register and ..._unregister in another function and providing no-op replacements when CONFIG_NFSD_V4 is disabled. Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Remove unnecessary whitespaceBryan Schumaker2011-11-081-7/+7
| | | | | | | | The close parenthesis was hard to find with it spaced so far over. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> [bfields@redhat.com: get all these lines under 80 chars while we're here] Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Call nfsd4_init_slabs() from init_nfsd()Bryan Schumaker2011-11-081-2/+4
| | | | | | | | | init_nfsd() was calling free_slabs() during cleanup code, but the call to init_slabs() was hidden in nfsd4_state_init(). This could be confusing to people unfamiliar with the code. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Add a cache for fs_locations informationTrond Myklebust2011-09-141-0/+7
| | | | | | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> [ cel: since this is server-side, use nfsd4_ prefix instead of nfs4_ prefix. ] [ cel: implement S_ISVTX filter in bfields-normal form ] Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* Remove include/linux/nfsd/const.hJ. Bruce Fields2011-08-271-0/+26
| | | | | | | Userspace shouldn't have a use for these constants. Nothing here is used outside fs/nfsd. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: name->id mapping should fail with BADOWNER not BADNAMEJ. Bruce Fields2011-01-051-0/+1
| | | | | | | | | | | | | According to rfc 3530 BADNAME is for strings that represent paths; BADOWNER is for user/group names that don't map. And the too-long name should probably be BADOWNER as well; it's effectively the same as if we couldn't map it. Cc: stable@kernel.org Reported-by: Trond Myklebust <Trond.Myklebust@netapp.com> Reported-by: Simon Kirby <sim@hostway.ca> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: expire clients more promptlyJ. Bruce Fields2010-10-121-1/+1
| | | | | | | | | | | Expire clients more promptly, at the expense of possibly running the laundromat thread more frequently. Though it's not the default, I'd like it to be feasible to run with a lease time of just a few seconds, at which point a minimum 10 second wait between laundromat runs seems a little much. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: share file descriptors between stateid'sJ. Bruce Fields2010-07-301-0/+1
| | | | | | | | | | | | | | | | The vfs doesn't really allow us to "upgrade" a file descriptor from read-only to read-write, and our attempt to do so in nfs4_upgrade_open is ugly and incomplete. Move to a different scheme where we keep multiple opens, shared between open stateid's, in the nfs4_file struct. Each file will be opened at most 3 times (for read, write, and read-write), and those opens will be shared between all clients and openers. On upgrade we will do another open if necessary instead of attempting to upgrade an existing open. We keep count of the number of readers and writers so we know when to close the shared files. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
* nfsd4: allow setting grace period timeJ. Bruce Fields2010-03-061-0/+1
| | | | | | | Allow explicit configuration of the grace period time as well as the lease period time. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
* nfsd4: simplify references to nfsd4 lease timeJ. Bruce Fields2010-03-061-3/+2
| | | | | | | | Instead of accessing the lease time directly, some users call nfs4_lease_time(), and some a macro, NFSD_LEASE_TIME, defined as nfs4_lease_time(). Neither layer of indirection serves any purpose. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
* nfsd: remove pointless paths in file headersJ. Bruce Fields2009-12-151-2/+0
| | | | | | | | The new .h files have paths at the top that are now out of date. While we're here, just remove all of those from fs/nfsd; they never served any purpose. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
* nfsd: restrict filehandles accepted in V4ROOT caseSteve Dickson2009-12-151-0/+5
| | | | | | | | | | | | | On V4ROOT exports, only accept filehandles that are the *root* of some export. This allows mountd to allow or deny access to individual directories and symlinks on the pseudofilesystem. Note that the checks in readdir and lookup are not enough, since a malicious host with access to the network could guess filehandles that they weren't able to obtain through lookup or readdir. Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
* nfsd: Move private headers to source directoryBoaz Harrosh2009-12-151-0/+335
Lots of include/linux/nfsd/* headers are only used by nfsd module. Move them to the source directory Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>