Commit c63f0e48 authored by NeilBrown's avatar NeilBrown Committed by Anna Schumaker
Browse files

nfsd: add nfsd_file_acquire_local() 



nfsd_file_acquire_local() can be used to look up a file by filehandle
without having a struct svc_rqst.  This can be used by NFS LOCALIO to
allow the NFS client to bypass the NFS protocol to directly access a
file provided by the NFS server which is running in the same kernel.

In nfsd_file_do_acquire() care is taken to always use fh_verify() if
rqstp is not NULL (as is the case for non-LOCALIO callers).  Otherwise
the non-LOCALIO callers will not supply the correct and required
arguments to __fh_verify (e.g. gssclient isn't passed).

Introduce fh_verify_local() wrapper around __fh_verify to make it
clear that LOCALIO is intended caller.

Also, use GC for nfsd_file returned by nfsd_file_acquire_local.  GC
offers performance improvements if/when a file is reopened before
launderette cleans it from the filecache's LRU.

Suggested-by: Jeff Layton <jlayton@kernel.org> # use filecache's GC
Signed-off-by: default avatarNeilBrown <neilb@suse.de>
Co-developed-by: default avatarMike Snitzer <snitzer@kernel.org>
Signed-off-by: default avatarMike Snitzer <snitzer@kernel.org>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarAnna Schumaker <anna.schumaker@oracle.com>
parent 5e66d2d9

fs/nfsd/filecache.c

+64 −7
Original line number Diff line number Diff line
@@ -982,12 +982,14 @@ nfsd_file_is_cached(struct inode *inode) 
}



static __be32

nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,

nfsd_file_do_acquire(struct svc_rqst *rqstp, struct net *net,

		     struct svc_cred *cred,

		     struct auth_domain *client,

		     struct svc_fh *fhp,

		     unsigned int may_flags, struct file *file,

		     struct nfsd_file **pnf, bool want_gc)

{

	unsigned char need = may_flags & NFSD_FILE_MAY_MASK;

	struct net *net = SVC_NET(rqstp);

	struct nfsd_file *new, *nf;

	bool stale_retry = true;

	bool open_retry = true;
@@ -996,8 +998,13 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp, 
	int ret;



retry:

	if (rqstp) {

		status = fh_verify(rqstp, fhp, S_IFREG,

				   may_flags|NFSD_MAY_OWNER_OVERRIDE);

	} else {

		status = fh_verify_local(net, cred, client, fhp, S_IFREG,

					 may_flags|NFSD_MAY_OWNER_OVERRIDE);

	}

	if (status != nfs_ok)

		return status;

	inode = d_inode(fhp->fh_dentry);
@@ -1143,7 +1150,8 @@ __be32 
nfsd_file_acquire_gc(struct svc_rqst *rqstp, struct svc_fh *fhp,

		     unsigned int may_flags, struct nfsd_file **pnf)

{

	return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, true);

	return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,

				    fhp, may_flags, NULL, pnf, true);

}



/**
@@ -1167,7 +1175,55 @@ __be32 
nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,

		  unsigned int may_flags, struct nfsd_file **pnf)

{

	return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, false);

	return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,

				    fhp, may_flags, NULL, pnf, false);

}



/**

 * nfsd_file_acquire_local - Get a struct nfsd_file with an open file for localio

 * @net: The network namespace in which to perform a lookup

 * @cred: the user credential with which to validate access

 * @client: the auth_domain for LOCALIO lookup

 * @fhp: the NFS filehandle of the file to be opened

 * @may_flags: NFSD_MAY_ settings for the file

 * @pnf: OUT: new or found "struct nfsd_file" object

 *

 * This file lookup interface provide access to a file given the

 * filehandle and credential.  No connection-based authorisation

 * is performed and in that way it is quite different to other

 * file access mediated by nfsd.  It allows a kernel module such as the NFS

 * client to reach across network and filesystem namespaces to access

 * a file.  The security implications of this should be carefully

 * considered before use.

 *

 * The nfsd_file object returned by this API is reference-counted

 * and garbage-collected. The object is retained for a few

 * seconds after the final nfsd_file_put() in case the caller

 * wants to re-use it.

 *

 * Return values:

 *   %nfs_ok - @pnf points to an nfsd_file with its reference

 *   count boosted.

 *

 * On error, an nfsstat value in network byte order is returned.

 */

__be32

nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,

			struct auth_domain *client, struct svc_fh *fhp,

			unsigned int may_flags, struct nfsd_file **pnf)

{

	/*

	 * Save creds before calling nfsd_file_do_acquire() (which calls

	 * nfsd_setuser). Important because caller (LOCALIO) is from

	 * client context.

	 */

	const struct cred *save_cred = get_current_cred();

	__be32 beres;



	beres = nfsd_file_do_acquire(NULL, net, cred, client,

				     fhp, may_flags, NULL, pnf, true);

	revert_creds(save_cred);

	return beres;

}



/**
@@ -1193,7 +1249,8 @@ nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp, 
			 unsigned int may_flags, struct file *file,

			 struct nfsd_file **pnf)

{

	return nfsd_file_do_acquire(rqstp, fhp, may_flags, file, pnf, false);

	return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,

				    fhp, may_flags, file, pnf, false);

}



/*

fs/nfsd/filecache.h

+3 −0
Original line number Diff line number Diff line
@@ -66,5 +66,8 @@ __be32 nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp, 
__be32 nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,

		  unsigned int may_flags, struct file *file,

		  struct nfsd_file **nfp);

__be32 nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,

			       struct auth_domain *client, struct svc_fh *fhp,

			       unsigned int may_flags, struct nfsd_file **pnf);

int nfsd_file_cache_stats_show(struct seq_file *m, void *v);

#endif /* _FS_NFSD_FILECACHE_H */

fs/nfsd/nfsfh.c

+23 −0
Original line number Diff line number Diff line
@@ -392,6 +392,29 @@ __fh_verify(struct svc_rqst *rqstp, 
	return error;

}



/**

 * fh_verify_local - filehandle lookup and access checking

 * @net: net namespace in which to perform the export lookup

 * @cred: RPC user credential

 * @client: RPC auth domain

 * @fhp: filehandle to be verified

 * @type: expected type of object pointed to by filehandle

 * @access: type of access needed to object

 *

 * This API can be used by callers who do not have an RPC

 * transaction context (ie are not running in an nfsd thread).

 *

 * See fh_verify() for further descriptions of @fhp, @type, and @access.

 */

__be32

fh_verify_local(struct net *net, struct svc_cred *cred,

		struct auth_domain *client, struct svc_fh *fhp,

		umode_t type, int access)

{

	return __fh_verify(NULL, net, cred, client, NULL,

			   fhp, type, access);

}



/**

 * fh_verify - filehandle lookup and access checking

 * @rqstp: pointer to current rpc request

fs/nfsd/nfsfh.h

+2 −0
Original line number Diff line number Diff line
@@ -217,6 +217,8 @@ extern char * SVCFH_fmt(struct svc_fh *fhp); 
 * Function prototypes

 */

__be32	fh_verify(struct svc_rqst *, struct svc_fh *, umode_t, int);

__be32	fh_verify_local(struct net *, struct svc_cred *, struct auth_domain *,

			struct svc_fh *, umode_t, int);

__be32	fh_compose(struct svc_fh *, struct svc_export *, struct dentry *, struct svc_fh *);

__be32	fh_update(struct svc_fh *);

void	fh_put(struct svc_fh *);