nfsd: add nfsd_file_acquire_local()
nfsd_file_acquire_local() can be used to look up a file by filehandle without having a struct svc_rqst. This can be used by NFS LOCALIO to allow the NFS client to bypass the NFS protocol to directly access a file provided by the NFS server which is running in the same kernel. In nfsd_file_do_acquire() care is taken to always use fh_verify() if rqstp is not NULL (as is the case for non-LOCALIO callers). Otherwise the non-LOCALIO callers will not supply the correct and required arguments to __fh_verify (e.g. gssclient isn't passed). Introduce fh_verify_local() wrapper around __fh_verify to make it clear that LOCALIO is intended caller. Also, use GC for nfsd_file returned by nfsd_file_acquire_local. GC offers performance improvements if/when a file is reopened before launderette cleans it from the filecache's LRU. Suggested-by: Jeff Layton <jlayton@kernel.org> # use filecache's GC Signed-off-by: NeilBrown <neilb@suse.de> Co-developed-by: Mike Snitzer <snitzer@kernel.org> Signed-off-by: Mike Snitzer <snitzer@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
This commit is contained in:
parent
5e66d2d92a
commit
c63f0e48fe
@ -982,12 +982,14 @@ nfsd_file_is_cached(struct inode *inode)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static __be32
|
static __be32
|
||||||
nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
nfsd_file_do_acquire(struct svc_rqst *rqstp, struct net *net,
|
||||||
|
struct svc_cred *cred,
|
||||||
|
struct auth_domain *client,
|
||||||
|
struct svc_fh *fhp,
|
||||||
unsigned int may_flags, struct file *file,
|
unsigned int may_flags, struct file *file,
|
||||||
struct nfsd_file **pnf, bool want_gc)
|
struct nfsd_file **pnf, bool want_gc)
|
||||||
{
|
{
|
||||||
unsigned char need = may_flags & NFSD_FILE_MAY_MASK;
|
unsigned char need = may_flags & NFSD_FILE_MAY_MASK;
|
||||||
struct net *net = SVC_NET(rqstp);
|
|
||||||
struct nfsd_file *new, *nf;
|
struct nfsd_file *new, *nf;
|
||||||
bool stale_retry = true;
|
bool stale_retry = true;
|
||||||
bool open_retry = true;
|
bool open_retry = true;
|
||||||
@ -996,8 +998,13 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
retry:
|
retry:
|
||||||
|
if (rqstp) {
|
||||||
status = fh_verify(rqstp, fhp, S_IFREG,
|
status = fh_verify(rqstp, fhp, S_IFREG,
|
||||||
may_flags|NFSD_MAY_OWNER_OVERRIDE);
|
may_flags|NFSD_MAY_OWNER_OVERRIDE);
|
||||||
|
} else {
|
||||||
|
status = fh_verify_local(net, cred, client, fhp, S_IFREG,
|
||||||
|
may_flags|NFSD_MAY_OWNER_OVERRIDE);
|
||||||
|
}
|
||||||
if (status != nfs_ok)
|
if (status != nfs_ok)
|
||||||
return status;
|
return status;
|
||||||
inode = d_inode(fhp->fh_dentry);
|
inode = d_inode(fhp->fh_dentry);
|
||||||
@ -1143,7 +1150,8 @@ __be32
|
|||||||
nfsd_file_acquire_gc(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
nfsd_file_acquire_gc(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
||||||
unsigned int may_flags, struct nfsd_file **pnf)
|
unsigned int may_flags, struct nfsd_file **pnf)
|
||||||
{
|
{
|
||||||
return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, true);
|
return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
|
||||||
|
fhp, may_flags, NULL, pnf, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1167,7 +1175,55 @@ __be32
|
|||||||
nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
||||||
unsigned int may_flags, struct nfsd_file **pnf)
|
unsigned int may_flags, struct nfsd_file **pnf)
|
||||||
{
|
{
|
||||||
return nfsd_file_do_acquire(rqstp, fhp, may_flags, NULL, pnf, false);
|
return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
|
||||||
|
fhp, may_flags, NULL, pnf, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* nfsd_file_acquire_local - Get a struct nfsd_file with an open file for localio
|
||||||
|
* @net: The network namespace in which to perform a lookup
|
||||||
|
* @cred: the user credential with which to validate access
|
||||||
|
* @client: the auth_domain for LOCALIO lookup
|
||||||
|
* @fhp: the NFS filehandle of the file to be opened
|
||||||
|
* @may_flags: NFSD_MAY_ settings for the file
|
||||||
|
* @pnf: OUT: new or found "struct nfsd_file" object
|
||||||
|
*
|
||||||
|
* This file lookup interface provide access to a file given the
|
||||||
|
* filehandle and credential. No connection-based authorisation
|
||||||
|
* is performed and in that way it is quite different to other
|
||||||
|
* file access mediated by nfsd. It allows a kernel module such as the NFS
|
||||||
|
* client to reach across network and filesystem namespaces to access
|
||||||
|
* a file. The security implications of this should be carefully
|
||||||
|
* considered before use.
|
||||||
|
*
|
||||||
|
* The nfsd_file object returned by this API is reference-counted
|
||||||
|
* and garbage-collected. The object is retained for a few
|
||||||
|
* seconds after the final nfsd_file_put() in case the caller
|
||||||
|
* wants to re-use it.
|
||||||
|
*
|
||||||
|
* Return values:
|
||||||
|
* %nfs_ok - @pnf points to an nfsd_file with its reference
|
||||||
|
* count boosted.
|
||||||
|
*
|
||||||
|
* On error, an nfsstat value in network byte order is returned.
|
||||||
|
*/
|
||||||
|
__be32
|
||||||
|
nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
|
||||||
|
struct auth_domain *client, struct svc_fh *fhp,
|
||||||
|
unsigned int may_flags, struct nfsd_file **pnf)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Save creds before calling nfsd_file_do_acquire() (which calls
|
||||||
|
* nfsd_setuser). Important because caller (LOCALIO) is from
|
||||||
|
* client context.
|
||||||
|
*/
|
||||||
|
const struct cred *save_cred = get_current_cred();
|
||||||
|
__be32 beres;
|
||||||
|
|
||||||
|
beres = nfsd_file_do_acquire(NULL, net, cred, client,
|
||||||
|
fhp, may_flags, NULL, pnf, true);
|
||||||
|
revert_creds(save_cred);
|
||||||
|
return beres;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1193,7 +1249,8 @@ nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|||||||
unsigned int may_flags, struct file *file,
|
unsigned int may_flags, struct file *file,
|
||||||
struct nfsd_file **pnf)
|
struct nfsd_file **pnf)
|
||||||
{
|
{
|
||||||
return nfsd_file_do_acquire(rqstp, fhp, may_flags, file, pnf, false);
|
return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
|
||||||
|
fhp, may_flags, file, pnf, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -66,5 +66,8 @@ __be32 nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|||||||
__be32 nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
__be32 nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
||||||
unsigned int may_flags, struct file *file,
|
unsigned int may_flags, struct file *file,
|
||||||
struct nfsd_file **nfp);
|
struct nfsd_file **nfp);
|
||||||
|
__be32 nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
|
||||||
|
struct auth_domain *client, struct svc_fh *fhp,
|
||||||
|
unsigned int may_flags, struct nfsd_file **pnf);
|
||||||
int nfsd_file_cache_stats_show(struct seq_file *m, void *v);
|
int nfsd_file_cache_stats_show(struct seq_file *m, void *v);
|
||||||
#endif /* _FS_NFSD_FILECACHE_H */
|
#endif /* _FS_NFSD_FILECACHE_H */
|
||||||
|
@ -392,6 +392,29 @@ out:
|
|||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* fh_verify_local - filehandle lookup and access checking
|
||||||
|
* @net: net namespace in which to perform the export lookup
|
||||||
|
* @cred: RPC user credential
|
||||||
|
* @client: RPC auth domain
|
||||||
|
* @fhp: filehandle to be verified
|
||||||
|
* @type: expected type of object pointed to by filehandle
|
||||||
|
* @access: type of access needed to object
|
||||||
|
*
|
||||||
|
* This API can be used by callers who do not have an RPC
|
||||||
|
* transaction context (ie are not running in an nfsd thread).
|
||||||
|
*
|
||||||
|
* See fh_verify() for further descriptions of @fhp, @type, and @access.
|
||||||
|
*/
|
||||||
|
__be32
|
||||||
|
fh_verify_local(struct net *net, struct svc_cred *cred,
|
||||||
|
struct auth_domain *client, struct svc_fh *fhp,
|
||||||
|
umode_t type, int access)
|
||||||
|
{
|
||||||
|
return __fh_verify(NULL, net, cred, client, NULL,
|
||||||
|
fhp, type, access);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* fh_verify - filehandle lookup and access checking
|
* fh_verify - filehandle lookup and access checking
|
||||||
* @rqstp: pointer to current rpc request
|
* @rqstp: pointer to current rpc request
|
||||||
|
@ -217,6 +217,8 @@ extern char * SVCFH_fmt(struct svc_fh *fhp);
|
|||||||
* Function prototypes
|
* Function prototypes
|
||||||
*/
|
*/
|
||||||
__be32 fh_verify(struct svc_rqst *, struct svc_fh *, umode_t, int);
|
__be32 fh_verify(struct svc_rqst *, struct svc_fh *, umode_t, int);
|
||||||
|
__be32 fh_verify_local(struct net *, struct svc_cred *, struct auth_domain *,
|
||||||
|
struct svc_fh *, umode_t, int);
|
||||||
__be32 fh_compose(struct svc_fh *, struct svc_export *, struct dentry *, struct svc_fh *);
|
__be32 fh_compose(struct svc_fh *, struct svc_export *, struct dentry *, struct svc_fh *);
|
||||||
__be32 fh_update(struct svc_fh *);
|
__be32 fh_update(struct svc_fh *);
|
||||||
void fh_put(struct svc_fh *);
|
void fh_put(struct svc_fh *);
|
||||||
|
Loading…
Reference in New Issue
Block a user