linux_dsm_epyc7002/fs/nfs/super.c
Scott Mayhew 779df6a548 NFS: Ensure security label is set for root inode
When using NFSv4.2, the security label for the root inode should be set
via a call to nfs_setsecurity() during the mount process, otherwise the
inode will appear as unlabeled for up to acdirmin seconds.  Currently
the label for the root inode is allocated, retrieved, and freed entirely
witin nfs4_proc_get_root().

Add a field for the label to the nfs_fattr struct, and allocate & free
the label in nfs_get_root(), where we also add a call to
nfs_setsecurity().  Note that for the call to nfs_setsecurity() to
succeed, it's necessary to also move the logic calling
security_sb_{set,clone}_security() from nfs_get_tree_common() down into
nfs_get_root()... otherwise the SBLABEL_MNT flag will not be set in the
super_block's security flags and nfs_setsecurity() will silently fail.

Reported-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Tested-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: fixed 80-char line width problems]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2020-03-30 19:56:50 -04:00

1349 lines
36 KiB
C

// SPDX-License-Identifier: GPL-2.0-only
/*
* linux/fs/nfs/super.c
*
* Copyright (C) 1992 Rick Sladkey
*
* nfs superblock handling functions
*
* Modularised by Alan Cox <alan@lxorguk.ukuu.org.uk>, while hacking some
* experimental NFS changes. Modularisation taken straight from SYS5 fs.
*
* Change to nfs_read_super() to permit NFS mounts to multi-homed hosts.
* J.S.Peatfield@damtp.cam.ac.uk
*
* Split from inode.c by David Howells <dhowells@redhat.com>
*
* - superblocks are indexed on server only - all inodes, dentries, etc. associated with a
* particular server are held in the same superblock
* - NFS superblocks can have several effective roots to the dentry tree
* - directory type roots are spliced into the tree when a path from one root reaches the root
* of another (see nfs_lookup())
*/
#include <linux/module.h>
#include <linux/init.h>
#include <linux/time.h>
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/string.h>
#include <linux/stat.h>
#include <linux/errno.h>
#include <linux/unistd.h>
#include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/addr.h>
#include <linux/sunrpc/stats.h>
#include <linux/sunrpc/metrics.h>
#include <linux/sunrpc/xprtsock.h>
#include <linux/sunrpc/xprtrdma.h>
#include <linux/nfs_fs.h>
#include <linux/nfs_mount.h>
#include <linux/nfs4_mount.h>
#include <linux/lockd/bind.h>
#include <linux/seq_file.h>
#include <linux/mount.h>
#include <linux/namei.h>
#include <linux/vfs.h>
#include <linux/inet.h>
#include <linux/in6.h>
#include <linux/slab.h>
#include <net/ipv6.h>
#include <linux/netdevice.h>
#include <linux/nfs_xdr.h>
#include <linux/magic.h>
#include <linux/parser.h>
#include <linux/nsproxy.h>
#include <linux/rcupdate.h>
#include <linux/uaccess.h>
#include "nfs4_fs.h"
#include "callback.h"
#include "delegation.h"
#include "iostat.h"
#include "internal.h"
#include "fscache.h"
#include "nfs4session.h"
#include "pnfs.h"
#include "nfs.h"
#define NFSDBG_FACILITY NFSDBG_VFS
const struct super_operations nfs_sops = {
.alloc_inode = nfs_alloc_inode,
.free_inode = nfs_free_inode,
.write_inode = nfs_write_inode,
.drop_inode = nfs_drop_inode,
.statfs = nfs_statfs,
.evict_inode = nfs_evict_inode,
.umount_begin = nfs_umount_begin,
.show_options = nfs_show_options,
.show_devname = nfs_show_devname,
.show_path = nfs_show_path,
.show_stats = nfs_show_stats,
};
EXPORT_SYMBOL_GPL(nfs_sops);
#if IS_ENABLED(CONFIG_NFS_V4)
static int __init register_nfs4_fs(void)
{
return register_filesystem(&nfs4_fs_type);
}
static void unregister_nfs4_fs(void)
{
unregister_filesystem(&nfs4_fs_type);
}
#else
static int __init register_nfs4_fs(void)
{
return 0;
}
static void unregister_nfs4_fs(void)
{
}
#endif
static struct shrinker acl_shrinker = {
.count_objects = nfs_access_cache_count,
.scan_objects = nfs_access_cache_scan,
.seeks = DEFAULT_SEEKS,
};
/*
* Register the NFS filesystems
*/
int __init register_nfs_fs(void)
{
int ret;
ret = register_filesystem(&nfs_fs_type);
if (ret < 0)
goto error_0;
ret = register_nfs4_fs();
if (ret < 0)
goto error_1;
ret = nfs_register_sysctl();
if (ret < 0)
goto error_2;
ret = register_shrinker(&acl_shrinker);
if (ret < 0)
goto error_3;
return 0;
error_3:
nfs_unregister_sysctl();
error_2:
unregister_nfs4_fs();
error_1:
unregister_filesystem(&nfs_fs_type);
error_0:
return ret;
}
/*
* Unregister the NFS filesystems
*/
void __exit unregister_nfs_fs(void)
{
unregister_shrinker(&acl_shrinker);
nfs_unregister_sysctl();
unregister_nfs4_fs();
unregister_filesystem(&nfs_fs_type);
}
bool nfs_sb_active(struct super_block *sb)
{
struct nfs_server *server = NFS_SB(sb);
if (!atomic_inc_not_zero(&sb->s_active))
return false;
if (atomic_inc_return(&server->active) != 1)
atomic_dec(&sb->s_active);
return true;
}
EXPORT_SYMBOL_GPL(nfs_sb_active);
void nfs_sb_deactive(struct super_block *sb)
{
struct nfs_server *server = NFS_SB(sb);
if (atomic_dec_and_test(&server->active))
deactivate_super(sb);
}
EXPORT_SYMBOL_GPL(nfs_sb_deactive);
/*
* Deliver file system statistics to userspace
*/
int nfs_statfs(struct dentry *dentry, struct kstatfs *buf)
{
struct nfs_server *server = NFS_SB(dentry->d_sb);
unsigned char blockbits;
unsigned long blockres;
struct nfs_fh *fh = NFS_FH(d_inode(dentry));
struct nfs_fsstat res;
int error = -ENOMEM;
res.fattr = nfs_alloc_fattr();
if (res.fattr == NULL)
goto out_err;
error = server->nfs_client->rpc_ops->statfs(server, fh, &res);
if (unlikely(error == -ESTALE)) {
struct dentry *pd_dentry;
pd_dentry = dget_parent(dentry);
nfs_zap_caches(d_inode(pd_dentry));
dput(pd_dentry);
}
nfs_free_fattr(res.fattr);
if (error < 0)
goto out_err;
buf->f_type = NFS_SUPER_MAGIC;
/*
* Current versions of glibc do not correctly handle the
* case where f_frsize != f_bsize. Eventually we want to
* report the value of wtmult in this field.
*/
buf->f_frsize = dentry->d_sb->s_blocksize;
/*
* On most *nix systems, f_blocks, f_bfree, and f_bavail
* are reported in units of f_frsize. Linux hasn't had
* an f_frsize field in its statfs struct until recently,
* thus historically Linux's sys_statfs reports these
* fields in units of f_bsize.
*/
buf->f_bsize = dentry->d_sb->s_blocksize;
blockbits = dentry->d_sb->s_blocksize_bits;
blockres = (1 << blockbits) - 1;
buf->f_blocks = (res.tbytes + blockres) >> blockbits;
buf->f_bfree = (res.fbytes + blockres) >> blockbits;
buf->f_bavail = (res.abytes + blockres) >> blockbits;
buf->f_files = res.tfiles;
buf->f_ffree = res.afiles;
buf->f_namelen = server->namelen;
return 0;
out_err:
dprintk("%s: statfs error = %d\n", __func__, -error);
return error;
}
EXPORT_SYMBOL_GPL(nfs_statfs);
/*
* Map the security flavour number to a name
*/
static const char *nfs_pseudoflavour_to_name(rpc_authflavor_t flavour)
{
static const struct {
rpc_authflavor_t flavour;
const char *str;
} sec_flavours[NFS_AUTH_INFO_MAX_FLAVORS] = {
/* update NFS_AUTH_INFO_MAX_FLAVORS when this list changes! */
{ RPC_AUTH_NULL, "null" },
{ RPC_AUTH_UNIX, "sys" },
{ RPC_AUTH_GSS_KRB5, "krb5" },
{ RPC_AUTH_GSS_KRB5I, "krb5i" },
{ RPC_AUTH_GSS_KRB5P, "krb5p" },
{ RPC_AUTH_GSS_LKEY, "lkey" },
{ RPC_AUTH_GSS_LKEYI, "lkeyi" },
{ RPC_AUTH_GSS_LKEYP, "lkeyp" },
{ RPC_AUTH_GSS_SPKM, "spkm" },
{ RPC_AUTH_GSS_SPKMI, "spkmi" },
{ RPC_AUTH_GSS_SPKMP, "spkmp" },
{ UINT_MAX, "unknown" }
};
int i;
for (i = 0; sec_flavours[i].flavour != UINT_MAX; i++) {
if (sec_flavours[i].flavour == flavour)
break;
}
return sec_flavours[i].str;
}
static void nfs_show_mountd_netid(struct seq_file *m, struct nfs_server *nfss,
int showdefaults)
{
struct sockaddr *sap = (struct sockaddr *) &nfss->mountd_address;
char *proto = NULL;
switch (sap->sa_family) {
case AF_INET:
switch (nfss->mountd_protocol) {
case IPPROTO_UDP:
proto = RPCBIND_NETID_UDP;
break;
case IPPROTO_TCP:
proto = RPCBIND_NETID_TCP;
break;
}
break;
case AF_INET6:
switch (nfss->mountd_protocol) {
case IPPROTO_UDP:
proto = RPCBIND_NETID_UDP6;
break;
case IPPROTO_TCP:
proto = RPCBIND_NETID_TCP6;
break;
}
break;
}
if (proto || showdefaults)
seq_printf(m, ",mountproto=%s", proto ?: "auto");
}
static void nfs_show_mountd_options(struct seq_file *m, struct nfs_server *nfss,
int showdefaults)
{
struct sockaddr *sap = (struct sockaddr *)&nfss->mountd_address;
if (nfss->flags & NFS_MOUNT_LEGACY_INTERFACE)
return;
switch (sap->sa_family) {
case AF_INET: {
struct sockaddr_in *sin = (struct sockaddr_in *)sap;
seq_printf(m, ",mountaddr=%pI4", &sin->sin_addr.s_addr);
break;
}
case AF_INET6: {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sap;
seq_printf(m, ",mountaddr=%pI6c", &sin6->sin6_addr);
break;
}
default:
if (showdefaults)
seq_puts(m, ",mountaddr=unspecified");
}
if (nfss->mountd_version || showdefaults)
seq_printf(m, ",mountvers=%u", nfss->mountd_version);
if ((nfss->mountd_port &&
nfss->mountd_port != (unsigned short)NFS_UNSPEC_PORT) ||
showdefaults)
seq_printf(m, ",mountport=%u", nfss->mountd_port);
nfs_show_mountd_netid(m, nfss, showdefaults);
}
#if IS_ENABLED(CONFIG_NFS_V4)
static void nfs_show_nfsv4_options(struct seq_file *m, struct nfs_server *nfss,
int showdefaults)
{
struct nfs_client *clp = nfss->nfs_client;
seq_printf(m, ",clientaddr=%s", clp->cl_ipaddr);
}
#else
static void nfs_show_nfsv4_options(struct seq_file *m, struct nfs_server *nfss,
int showdefaults)
{
}
#endif
static void nfs_show_nfs_version(struct seq_file *m,
unsigned int version,
unsigned int minorversion)
{
seq_printf(m, ",vers=%u", version);
if (version == 4)
seq_printf(m, ".%u", minorversion);
}
/*
* Describe the mount options in force on this server representation
*/
static void nfs_show_mount_options(struct seq_file *m, struct nfs_server *nfss,
int showdefaults)
{
static const struct proc_nfs_info {
int flag;
const char *str;
const char *nostr;
} nfs_info[] = {
{ NFS_MOUNT_SOFT, ",soft", "" },
{ NFS_MOUNT_SOFTERR, ",softerr", "" },
{ NFS_MOUNT_SOFTREVAL, ",softreval", "" },
{ NFS_MOUNT_POSIX, ",posix", "" },
{ NFS_MOUNT_NOCTO, ",nocto", "" },
{ NFS_MOUNT_NOAC, ",noac", "" },
{ NFS_MOUNT_NONLM, ",nolock", "" },
{ NFS_MOUNT_NOACL, ",noacl", "" },
{ NFS_MOUNT_NORDIRPLUS, ",nordirplus", "" },
{ NFS_MOUNT_UNSHARED, ",nosharecache", "" },
{ NFS_MOUNT_NORESVPORT, ",noresvport", "" },
{ 0, NULL, NULL }
};
const struct proc_nfs_info *nfs_infop;
struct nfs_client *clp = nfss->nfs_client;
u32 version = clp->rpc_ops->version;
int local_flock, local_fcntl;
nfs_show_nfs_version(m, version, clp->cl_minorversion);
seq_printf(m, ",rsize=%u", nfss->rsize);
seq_printf(m, ",wsize=%u", nfss->wsize);
if (nfss->bsize != 0)
seq_printf(m, ",bsize=%u", nfss->bsize);
seq_printf(m, ",namlen=%u", nfss->namelen);
if (nfss->acregmin != NFS_DEF_ACREGMIN*HZ || showdefaults)
seq_printf(m, ",acregmin=%u", nfss->acregmin/HZ);
if (nfss->acregmax != NFS_DEF_ACREGMAX*HZ || showdefaults)
seq_printf(m, ",acregmax=%u", nfss->acregmax/HZ);
if (nfss->acdirmin != NFS_DEF_ACDIRMIN*HZ || showdefaults)
seq_printf(m, ",acdirmin=%u", nfss->acdirmin/HZ);
if (nfss->acdirmax != NFS_DEF_ACDIRMAX*HZ || showdefaults)
seq_printf(m, ",acdirmax=%u", nfss->acdirmax/HZ);
if (!(nfss->flags & (NFS_MOUNT_SOFT|NFS_MOUNT_SOFTERR)))
seq_puts(m, ",hard");
for (nfs_infop = nfs_info; nfs_infop->flag; nfs_infop++) {
if (nfss->flags & nfs_infop->flag)
seq_puts(m, nfs_infop->str);
else
seq_puts(m, nfs_infop->nostr);
}
rcu_read_lock();
seq_printf(m, ",proto=%s",
rpc_peeraddr2str(nfss->client, RPC_DISPLAY_NETID));
rcu_read_unlock();
if (clp->cl_nconnect > 0)
seq_printf(m, ",nconnect=%u", clp->cl_nconnect);
if (version == 4) {
if (nfss->port != NFS_PORT)
seq_printf(m, ",port=%u", nfss->port);
} else
if (nfss->port)
seq_printf(m, ",port=%u", nfss->port);
seq_printf(m, ",timeo=%lu", 10U * nfss->client->cl_timeout->to_initval / HZ);
seq_printf(m, ",retrans=%u", nfss->client->cl_timeout->to_retries);
seq_printf(m, ",sec=%s", nfs_pseudoflavour_to_name(nfss->client->cl_auth->au_flavor));
if (version != 4)
nfs_show_mountd_options(m, nfss, showdefaults);
else
nfs_show_nfsv4_options(m, nfss, showdefaults);
if (nfss->options & NFS_OPTION_FSCACHE)
seq_puts(m, ",fsc");
if (nfss->options & NFS_OPTION_MIGRATION)
seq_puts(m, ",migration");
if (nfss->flags & NFS_MOUNT_LOOKUP_CACHE_NONEG) {
if (nfss->flags & NFS_MOUNT_LOOKUP_CACHE_NONE)
seq_puts(m, ",lookupcache=none");
else
seq_puts(m, ",lookupcache=pos");
}
local_flock = nfss->flags & NFS_MOUNT_LOCAL_FLOCK;
local_fcntl = nfss->flags & NFS_MOUNT_LOCAL_FCNTL;
if (!local_flock && !local_fcntl)
seq_puts(m, ",local_lock=none");
else if (local_flock && local_fcntl)
seq_puts(m, ",local_lock=all");
else if (local_flock)
seq_puts(m, ",local_lock=flock");
else
seq_puts(m, ",local_lock=posix");
}
/*
* Describe the mount options on this VFS mountpoint
*/
int nfs_show_options(struct seq_file *m, struct dentry *root)
{
struct nfs_server *nfss = NFS_SB(root->d_sb);
nfs_show_mount_options(m, nfss, 0);
rcu_read_lock();
seq_printf(m, ",addr=%s",
rpc_peeraddr2str(nfss->nfs_client->cl_rpcclient,
RPC_DISPLAY_ADDR));
rcu_read_unlock();
return 0;
}
EXPORT_SYMBOL_GPL(nfs_show_options);
#if IS_ENABLED(CONFIG_NFS_V4)
static void show_lease(struct seq_file *m, struct nfs_server *server)
{
struct nfs_client *clp = server->nfs_client;
unsigned long expire;
seq_printf(m, ",lease_time=%ld", clp->cl_lease_time / HZ);
expire = clp->cl_last_renewal + clp->cl_lease_time;
seq_printf(m, ",lease_expired=%ld",
time_after(expire, jiffies) ? 0 : (jiffies - expire) / HZ);
}
#ifdef CONFIG_NFS_V4_1
static void show_sessions(struct seq_file *m, struct nfs_server *server)
{
if (nfs4_has_session(server->nfs_client))
seq_puts(m, ",sessions");
}
#else
static void show_sessions(struct seq_file *m, struct nfs_server *server) {}
#endif
#endif
#ifdef CONFIG_NFS_V4_1
static void show_pnfs(struct seq_file *m, struct nfs_server *server)
{
seq_printf(m, ",pnfs=");
if (server->pnfs_curr_ld)
seq_printf(m, "%s", server->pnfs_curr_ld->name);
else
seq_printf(m, "not configured");
}
static void show_implementation_id(struct seq_file *m, struct nfs_server *nfss)
{
if (nfss->nfs_client && nfss->nfs_client->cl_implid) {
struct nfs41_impl_id *impl_id = nfss->nfs_client->cl_implid;
seq_printf(m, "\n\timpl_id:\tname='%s',domain='%s',"
"date='%llu,%u'",
impl_id->name, impl_id->domain,
impl_id->date.seconds, impl_id->date.nseconds);
}
}
#else
#if IS_ENABLED(CONFIG_NFS_V4)
static void show_pnfs(struct seq_file *m, struct nfs_server *server)
{
}
#endif
static void show_implementation_id(struct seq_file *m, struct nfs_server *nfss)
{
}
#endif
int nfs_show_devname(struct seq_file *m, struct dentry *root)
{
char *page = (char *) __get_free_page(GFP_KERNEL);
char *devname, *dummy;
int err = 0;
if (!page)
return -ENOMEM;
devname = nfs_path(&dummy, root, page, PAGE_SIZE, 0);
if (IS_ERR(devname))
err = PTR_ERR(devname);
else
seq_escape(m, devname, " \t\n\\");
free_page((unsigned long)page);
return err;
}
EXPORT_SYMBOL_GPL(nfs_show_devname);
int nfs_show_path(struct seq_file *m, struct dentry *dentry)
{
seq_puts(m, "/");
return 0;
}
EXPORT_SYMBOL_GPL(nfs_show_path);
/*
* Present statistical information for this VFS mountpoint
*/
int nfs_show_stats(struct seq_file *m, struct dentry *root)
{
int i, cpu;
struct nfs_server *nfss = NFS_SB(root->d_sb);
struct rpc_auth *auth = nfss->client->cl_auth;
struct nfs_iostats totals = { };
seq_printf(m, "statvers=%s", NFS_IOSTAT_VERS);
/*
* Display all mount option settings
*/
seq_puts(m, "\n\topts:\t");
seq_puts(m, sb_rdonly(root->d_sb) ? "ro" : "rw");
seq_puts(m, root->d_sb->s_flags & SB_SYNCHRONOUS ? ",sync" : "");
seq_puts(m, root->d_sb->s_flags & SB_NOATIME ? ",noatime" : "");
seq_puts(m, root->d_sb->s_flags & SB_NODIRATIME ? ",nodiratime" : "");
nfs_show_mount_options(m, nfss, 1);
seq_printf(m, "\n\tage:\t%lu", (jiffies - nfss->mount_time) / HZ);
show_implementation_id(m, nfss);
seq_puts(m, "\n\tcaps:\t");
seq_printf(m, "caps=0x%x", nfss->caps);
seq_printf(m, ",wtmult=%u", nfss->wtmult);
seq_printf(m, ",dtsize=%u", nfss->dtsize);
seq_printf(m, ",bsize=%u", nfss->bsize);
seq_printf(m, ",namlen=%u", nfss->namelen);
#if IS_ENABLED(CONFIG_NFS_V4)
if (nfss->nfs_client->rpc_ops->version == 4) {
seq_puts(m, "\n\tnfsv4:\t");
seq_printf(m, "bm0=0x%x", nfss->attr_bitmask[0]);
seq_printf(m, ",bm1=0x%x", nfss->attr_bitmask[1]);
seq_printf(m, ",bm2=0x%x", nfss->attr_bitmask[2]);
seq_printf(m, ",acl=0x%x", nfss->acl_bitmask);
show_sessions(m, nfss);
show_pnfs(m, nfss);
show_lease(m, nfss);
}
#endif
/*
* Display security flavor in effect for this mount
*/
seq_printf(m, "\n\tsec:\tflavor=%u", auth->au_ops->au_flavor);
if (auth->au_flavor)
seq_printf(m, ",pseudoflavor=%u", auth->au_flavor);
/*
* Display superblock I/O counters
*/
for_each_possible_cpu(cpu) {
struct nfs_iostats *stats;
preempt_disable();
stats = per_cpu_ptr(nfss->io_stats, cpu);
for (i = 0; i < __NFSIOS_COUNTSMAX; i++)
totals.events[i] += stats->events[i];
for (i = 0; i < __NFSIOS_BYTESMAX; i++)
totals.bytes[i] += stats->bytes[i];
#ifdef CONFIG_NFS_FSCACHE
for (i = 0; i < __NFSIOS_FSCACHEMAX; i++)
totals.fscache[i] += stats->fscache[i];
#endif
preempt_enable();
}
seq_puts(m, "\n\tevents:\t");
for (i = 0; i < __NFSIOS_COUNTSMAX; i++)
seq_printf(m, "%lu ", totals.events[i]);
seq_puts(m, "\n\tbytes:\t");
for (i = 0; i < __NFSIOS_BYTESMAX; i++)
seq_printf(m, "%Lu ", totals.bytes[i]);
#ifdef CONFIG_NFS_FSCACHE
if (nfss->options & NFS_OPTION_FSCACHE) {
seq_puts(m, "\n\tfsc:\t");
for (i = 0; i < __NFSIOS_FSCACHEMAX; i++)
seq_printf(m, "%Lu ", totals.fscache[i]);
}
#endif
seq_putc(m, '\n');
rpc_clnt_show_stats(m, nfss->client);
return 0;
}
EXPORT_SYMBOL_GPL(nfs_show_stats);
/*
* Begin unmount by attempting to remove all automounted mountpoints we added
* in response to xdev traversals and referrals
*/
void nfs_umount_begin(struct super_block *sb)
{
struct nfs_server *server;
struct rpc_clnt *rpc;
server = NFS_SB(sb);
/* -EIO all pending I/O */
rpc = server->client_acl;
if (!IS_ERR(rpc))
rpc_killall_tasks(rpc);
rpc = server->client;
if (!IS_ERR(rpc))
rpc_killall_tasks(rpc);
}
EXPORT_SYMBOL_GPL(nfs_umount_begin);
/*
* Return true if 'match' is in auth_info or auth_info is empty.
* Return false otherwise.
*/
bool nfs_auth_info_match(const struct nfs_auth_info *auth_info,
rpc_authflavor_t match)
{
int i;
if (!auth_info->flavor_len)
return true;
for (i = 0; i < auth_info->flavor_len; i++) {
if (auth_info->flavors[i] == match)
return true;
}
return false;
}
EXPORT_SYMBOL_GPL(nfs_auth_info_match);
/*
* Ensure that a specified authtype in ctx->auth_info is supported by
* the server. Returns 0 and sets ctx->selected_flavor if it's ok, and
* -EACCES if not.
*/
static int nfs_verify_authflavors(struct nfs_fs_context *ctx,
rpc_authflavor_t *server_authlist,
unsigned int count)
{
rpc_authflavor_t flavor = RPC_AUTH_MAXFLAVOR;
bool found_auth_null = false;
unsigned int i;
/*
* If the sec= mount option is used, the specified flavor or AUTH_NULL
* must be in the list returned by the server.
*
* AUTH_NULL has a special meaning when it's in the server list - it
* means that the server will ignore the rpc creds, so any flavor
* can be used but still use the sec= that was specified.
*
* Note also that the MNT procedure in MNTv1 does not return a list
* of supported security flavors. In this case, nfs_mount() fabricates
* a security flavor list containing just AUTH_NULL.
*/
for (i = 0; i < count; i++) {
flavor = server_authlist[i];
if (nfs_auth_info_match(&ctx->auth_info, flavor))
goto out;
if (flavor == RPC_AUTH_NULL)
found_auth_null = true;
}
if (found_auth_null) {
flavor = ctx->auth_info.flavors[0];
goto out;
}
dfprintk(MOUNT,
"NFS: specified auth flavors not supported by server\n");
return -EACCES;
out:
ctx->selected_flavor = flavor;
dfprintk(MOUNT, "NFS: using auth flavor %u\n", ctx->selected_flavor);
return 0;
}
/*
* Use the remote server's MOUNT service to request the NFS file handle
* corresponding to the provided path.
*/
static int nfs_request_mount(struct fs_context *fc,
struct nfs_fh *root_fh,
rpc_authflavor_t *server_authlist,
unsigned int *server_authlist_len)
{
struct nfs_fs_context *ctx = nfs_fc2context(fc);
struct nfs_mount_request request = {
.sap = (struct sockaddr *)
&ctx->mount_server.address,
.dirpath = ctx->nfs_server.export_path,
.protocol = ctx->mount_server.protocol,
.fh = root_fh,
.noresvport = ctx->flags & NFS_MOUNT_NORESVPORT,
.auth_flav_len = server_authlist_len,
.auth_flavs = server_authlist,
.net = fc->net_ns,
};
int status;
if (ctx->mount_server.version == 0) {
switch (ctx->version) {
default:
ctx->mount_server.version = NFS_MNT3_VERSION;
break;
case 2:
ctx->mount_server.version = NFS_MNT_VERSION;
}
}
request.version = ctx->mount_server.version;
if (ctx->mount_server.hostname)
request.hostname = ctx->mount_server.hostname;
else
request.hostname = ctx->nfs_server.hostname;
/*
* Construct the mount server's address.
*/
if (ctx->mount_server.address.sa_family == AF_UNSPEC) {
memcpy(request.sap, &ctx->nfs_server.address,
ctx->nfs_server.addrlen);
ctx->mount_server.addrlen = ctx->nfs_server.addrlen;
}
request.salen = ctx->mount_server.addrlen;
nfs_set_port(request.sap, &ctx->mount_server.port, 0);
/*
* Now ask the mount server to map our export path
* to a file handle.
*/
status = nfs_mount(&request);
if (status != 0) {
dfprintk(MOUNT, "NFS: unable to mount server %s, error %d\n",
request.hostname, status);
return status;
}
return 0;
}
static struct nfs_server *nfs_try_mount_request(struct fs_context *fc)
{
struct nfs_fs_context *ctx = nfs_fc2context(fc);
int status;
unsigned int i;
bool tried_auth_unix = false;
bool auth_null_in_list = false;
struct nfs_server *server = ERR_PTR(-EACCES);
rpc_authflavor_t authlist[NFS_MAX_SECFLAVORS];
unsigned int authlist_len = ARRAY_SIZE(authlist);
status = nfs_request_mount(fc, ctx->mntfh, authlist, &authlist_len);
if (status)
return ERR_PTR(status);
/*
* Was a sec= authflavor specified in the options? First, verify
* whether the server supports it, and then just try to use it if so.
*/
if (ctx->auth_info.flavor_len > 0) {
status = nfs_verify_authflavors(ctx, authlist, authlist_len);
dfprintk(MOUNT, "NFS: using auth flavor %u\n",
ctx->selected_flavor);
if (status)
return ERR_PTR(status);
return ctx->nfs_mod->rpc_ops->create_server(fc);
}
/*
* No sec= option was provided. RFC 2623, section 2.7 suggests we
* SHOULD prefer the flavor listed first. However, some servers list
* AUTH_NULL first. Avoid ever choosing AUTH_NULL.
*/
for (i = 0; i < authlist_len; ++i) {
rpc_authflavor_t flavor;
struct rpcsec_gss_info info;
flavor = authlist[i];
switch (flavor) {
case RPC_AUTH_UNIX:
tried_auth_unix = true;
break;
case RPC_AUTH_NULL:
auth_null_in_list = true;
continue;
default:
if (rpcauth_get_gssinfo(flavor, &info) != 0)
continue;
/* Fallthrough */
}
dfprintk(MOUNT, "NFS: attempting to use auth flavor %u\n", flavor);
ctx->selected_flavor = flavor;
server = ctx->nfs_mod->rpc_ops->create_server(fc);
if (!IS_ERR(server))
return server;
}
/*
* Nothing we tried so far worked. At this point, give up if we've
* already tried AUTH_UNIX or if the server's list doesn't contain
* AUTH_NULL
*/
if (tried_auth_unix || !auth_null_in_list)
return server;
/* Last chance! Try AUTH_UNIX */
dfprintk(MOUNT, "NFS: attempting to use auth flavor %u\n", RPC_AUTH_UNIX);
ctx->selected_flavor = RPC_AUTH_UNIX;
return ctx->nfs_mod->rpc_ops->create_server(fc);
}
int nfs_try_get_tree(struct fs_context *fc)
{
struct nfs_fs_context *ctx = nfs_fc2context(fc);
if (ctx->need_mount)
ctx->server = nfs_try_mount_request(fc);
else
ctx->server = ctx->nfs_mod->rpc_ops->create_server(fc);
return nfs_get_tree_common(fc);
}
EXPORT_SYMBOL_GPL(nfs_try_get_tree);
#define NFS_REMOUNT_CMP_FLAGMASK ~(NFS_MOUNT_INTR \
| NFS_MOUNT_SECURE \
| NFS_MOUNT_TCP \
| NFS_MOUNT_VER3 \
| NFS_MOUNT_KERBEROS \
| NFS_MOUNT_NONLM \
| NFS_MOUNT_BROKEN_SUID \
| NFS_MOUNT_STRICTLOCK \
| NFS_MOUNT_LEGACY_INTERFACE)
#define NFS_MOUNT_CMP_FLAGMASK (NFS_REMOUNT_CMP_FLAGMASK & \
~(NFS_MOUNT_UNSHARED | NFS_MOUNT_NORESVPORT))
static int
nfs_compare_remount_data(struct nfs_server *nfss,
struct nfs_fs_context *ctx)
{
if ((ctx->flags ^ nfss->flags) & NFS_REMOUNT_CMP_FLAGMASK ||
ctx->rsize != nfss->rsize ||
ctx->wsize != nfss->wsize ||
ctx->version != nfss->nfs_client->rpc_ops->version ||
ctx->minorversion != nfss->nfs_client->cl_minorversion ||
ctx->retrans != nfss->client->cl_timeout->to_retries ||
!nfs_auth_info_match(&ctx->auth_info, nfss->client->cl_auth->au_flavor) ||
ctx->acregmin != nfss->acregmin / HZ ||
ctx->acregmax != nfss->acregmax / HZ ||
ctx->acdirmin != nfss->acdirmin / HZ ||
ctx->acdirmax != nfss->acdirmax / HZ ||
ctx->timeo != (10U * nfss->client->cl_timeout->to_initval / HZ) ||
(ctx->options & NFS_OPTION_FSCACHE) != (nfss->options & NFS_OPTION_FSCACHE) ||
ctx->nfs_server.port != nfss->port ||
ctx->nfs_server.addrlen != nfss->nfs_client->cl_addrlen ||
!rpc_cmp_addr((struct sockaddr *)&ctx->nfs_server.address,
(struct sockaddr *)&nfss->nfs_client->cl_addr))
return -EINVAL;
return 0;
}
int nfs_reconfigure(struct fs_context *fc)
{
struct nfs_fs_context *ctx = nfs_fc2context(fc);
struct super_block *sb = fc->root->d_sb;
struct nfs_server *nfss = sb->s_fs_info;
sync_filesystem(sb);
/*
* Userspace mount programs that send binary options generally send
* them populated with default values. We have no way to know which
* ones were explicitly specified. Fall back to legacy behavior and
* just return success.
*/
if (ctx->skip_reconfig_option_check)
return 0;
/*
* noac is a special case. It implies -o sync, but that's not
* necessarily reflected in the mtab options. reconfigure_super
* will clear SB_SYNCHRONOUS if -o sync wasn't specified in the
* remount options, so we have to explicitly reset it.
*/
if (ctx->flags & NFS_MOUNT_NOAC) {
fc->sb_flags |= SB_SYNCHRONOUS;
fc->sb_flags_mask |= SB_SYNCHRONOUS;
}
/* compare new mount options with old ones */
return nfs_compare_remount_data(nfss, ctx);
}
EXPORT_SYMBOL_GPL(nfs_reconfigure);
/*
* Finish setting up an NFS superblock
*/
static void nfs_fill_super(struct super_block *sb, struct nfs_fs_context *ctx)
{
struct nfs_server *server = NFS_SB(sb);
sb->s_blocksize_bits = 0;
sb->s_blocksize = 0;
sb->s_xattr = server->nfs_client->cl_nfs_mod->xattr;
sb->s_op = server->nfs_client->cl_nfs_mod->sops;
if (ctx && ctx->bsize)
sb->s_blocksize = nfs_block_size(ctx->bsize, &sb->s_blocksize_bits);
if (server->nfs_client->rpc_ops->version != 2) {
/* The VFS shouldn't apply the umask to mode bits. We will do
* so ourselves when necessary.
*/
sb->s_flags |= SB_POSIXACL;
sb->s_time_gran = 1;
sb->s_export_op = &nfs_export_ops;
} else
sb->s_time_gran = 1000;
if (server->nfs_client->rpc_ops->version != 4) {
sb->s_time_min = 0;
sb->s_time_max = U32_MAX;
} else {
sb->s_time_min = S64_MIN;
sb->s_time_max = S64_MAX;
}
sb->s_magic = NFS_SUPER_MAGIC;
/* We probably want something more informative here */
snprintf(sb->s_id, sizeof(sb->s_id),
"%u:%u", MAJOR(sb->s_dev), MINOR(sb->s_dev));
if (sb->s_blocksize == 0)
sb->s_blocksize = nfs_block_bits(server->wsize,
&sb->s_blocksize_bits);
nfs_super_set_maxbytes(sb, server->maxfilesize);
}
static int nfs_compare_mount_options(const struct super_block *s, const struct nfs_server *b,
const struct fs_context *fc)
{
const struct nfs_server *a = s->s_fs_info;
const struct rpc_clnt *clnt_a = a->client;
const struct rpc_clnt *clnt_b = b->client;
if ((s->s_flags & NFS_SB_MASK) != (fc->sb_flags & NFS_SB_MASK))
goto Ebusy;
if (a->nfs_client != b->nfs_client)
goto Ebusy;
if ((a->flags ^ b->flags) & NFS_MOUNT_CMP_FLAGMASK)
goto Ebusy;
if (a->wsize != b->wsize)
goto Ebusy;
if (a->rsize != b->rsize)
goto Ebusy;
if (a->acregmin != b->acregmin)
goto Ebusy;
if (a->acregmax != b->acregmax)
goto Ebusy;
if (a->acdirmin != b->acdirmin)
goto Ebusy;
if (a->acdirmax != b->acdirmax)
goto Ebusy;
if (clnt_a->cl_auth->au_flavor != clnt_b->cl_auth->au_flavor)
goto Ebusy;
return 1;
Ebusy:
return 0;
}
static int nfs_set_super(struct super_block *s, struct fs_context *fc)
{
struct nfs_server *server = fc->s_fs_info;
int ret;
s->s_d_op = server->nfs_client->rpc_ops->dentry_ops;
ret = set_anon_super(s, server);
if (ret == 0)
server->s_dev = s->s_dev;
return ret;
}
static int nfs_compare_super_address(struct nfs_server *server1,
struct nfs_server *server2)
{
struct sockaddr *sap1, *sap2;
struct rpc_xprt *xprt1 = server1->client->cl_xprt;
struct rpc_xprt *xprt2 = server2->client->cl_xprt;
if (!net_eq(xprt1->xprt_net, xprt2->xprt_net))
return 0;
sap1 = (struct sockaddr *)&server1->nfs_client->cl_addr;
sap2 = (struct sockaddr *)&server2->nfs_client->cl_addr;
if (sap1->sa_family != sap2->sa_family)
return 0;
switch (sap1->sa_family) {
case AF_INET: {
struct sockaddr_in *sin1 = (struct sockaddr_in *)sap1;
struct sockaddr_in *sin2 = (struct sockaddr_in *)sap2;
if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr)
return 0;
if (sin1->sin_port != sin2->sin_port)
return 0;
break;
}
case AF_INET6: {
struct sockaddr_in6 *sin1 = (struct sockaddr_in6 *)sap1;
struct sockaddr_in6 *sin2 = (struct sockaddr_in6 *)sap2;
if (!ipv6_addr_equal(&sin1->sin6_addr, &sin2->sin6_addr))
return 0;
if (sin1->sin6_port != sin2->sin6_port)
return 0;
break;
}
default:
return 0;
}
return 1;
}
static int nfs_compare_userns(const struct nfs_server *old,
const struct nfs_server *new)
{
const struct user_namespace *oldns = &init_user_ns;
const struct user_namespace *newns = &init_user_ns;
if (old->client && old->client->cl_cred)
oldns = old->client->cl_cred->user_ns;
if (new->client && new->client->cl_cred)
newns = new->client->cl_cred->user_ns;
if (oldns != newns)
return 0;
return 1;
}
static int nfs_compare_super(struct super_block *sb, struct fs_context *fc)
{
struct nfs_server *server = fc->s_fs_info, *old = NFS_SB(sb);
if (!nfs_compare_super_address(old, server))
return 0;
/* Note: NFS_MOUNT_UNSHARED == NFS4_MOUNT_UNSHARED */
if (old->flags & NFS_MOUNT_UNSHARED)
return 0;
if (memcmp(&old->fsid, &server->fsid, sizeof(old->fsid)) != 0)
return 0;
if (!nfs_compare_userns(old, server))
return 0;
return nfs_compare_mount_options(sb, server, fc);
}
#ifdef CONFIG_NFS_FSCACHE
static void nfs_get_cache_cookie(struct super_block *sb,
struct nfs_fs_context *ctx)
{
struct nfs_server *nfss = NFS_SB(sb);
char *uniq = NULL;
int ulen = 0;
nfss->fscache_key = NULL;
nfss->fscache = NULL;
if (!ctx)
return;
if (ctx->clone_data.sb) {
struct nfs_server *mnt_s = NFS_SB(ctx->clone_data.sb);
if (!(mnt_s->options & NFS_OPTION_FSCACHE))
return;
if (mnt_s->fscache_key) {
uniq = mnt_s->fscache_key->key.uniquifier;
ulen = mnt_s->fscache_key->key.uniq_len;
}
} else {
if (!(ctx->options & NFS_OPTION_FSCACHE))
return;
if (ctx->fscache_uniq) {
uniq = ctx->fscache_uniq;
ulen = strlen(ctx->fscache_uniq);
}
return;
}
nfs_fscache_get_super_cookie(sb, uniq, ulen);
}
#else
static void nfs_get_cache_cookie(struct super_block *sb,
struct nfs_fs_context *ctx)
{
}
#endif
static void nfs_set_readahead(struct backing_dev_info *bdi,
unsigned long iomax_pages)
{
bdi->ra_pages = VM_READAHEAD_PAGES;
bdi->io_pages = iomax_pages;
}
int nfs_get_tree_common(struct fs_context *fc)
{
struct nfs_fs_context *ctx = nfs_fc2context(fc);
struct super_block *s;
int (*compare_super)(struct super_block *, struct fs_context *) = nfs_compare_super;
struct nfs_server *server = ctx->server;
int error;
ctx->server = NULL;
if (IS_ERR(server))
return PTR_ERR(server);
if (server->flags & NFS_MOUNT_UNSHARED)
compare_super = NULL;
/* -o noac implies -o sync */
if (server->flags & NFS_MOUNT_NOAC)
fc->sb_flags |= SB_SYNCHRONOUS;
if (ctx->clone_data.sb)
if (ctx->clone_data.sb->s_flags & SB_SYNCHRONOUS)
fc->sb_flags |= SB_SYNCHRONOUS;
if (server->caps & NFS_CAP_SECURITY_LABEL)
fc->lsm_flags |= SECURITY_LSM_NATIVE_LABELS;
/* Get a superblock - note that we may end up sharing one that already exists */
fc->s_fs_info = server;
s = sget_fc(fc, compare_super, nfs_set_super);
fc->s_fs_info = NULL;
if (IS_ERR(s)) {
error = PTR_ERR(s);
nfs_errorf(fc, "NFS: Couldn't get superblock");
goto out_err_nosb;
}
if (s->s_fs_info != server) {
nfs_free_server(server);
server = NULL;
} else {
error = super_setup_bdi_name(s, "%u:%u", MAJOR(server->s_dev),
MINOR(server->s_dev));
if (error)
goto error_splat_super;
nfs_set_readahead(s->s_bdi, server->rpages);
server->super = s;
}
if (!s->s_root) {
unsigned bsize = ctx->clone_data.inherited_bsize;
/* initial superblock/root creation */
nfs_fill_super(s, ctx);
if (bsize) {
s->s_blocksize_bits = bsize;
s->s_blocksize = 1U << bsize;
}
nfs_get_cache_cookie(s, ctx);
}
error = nfs_get_root(s, fc);
if (error < 0) {
nfs_errorf(fc, "NFS: Couldn't get root dentry");
goto error_splat_super;
}
s->s_flags |= SB_ACTIVE;
error = 0;
out:
return error;
out_err_nosb:
nfs_free_server(server);
goto out;
error_splat_super:
deactivate_locked_super(s);
goto out;
}
/*
* Destroy an NFS2/3 superblock
*/
void nfs_kill_super(struct super_block *s)
{
struct nfs_server *server = NFS_SB(s);
dev_t dev = s->s_dev;
generic_shutdown_super(s);
nfs_fscache_release_super_cookie(s);
nfs_free_server(server);
free_anon_bdev(dev);
}
EXPORT_SYMBOL_GPL(nfs_kill_super);
#if IS_ENABLED(CONFIG_NFS_V4)
/*
* NFS v4 module parameters need to stay in the
* NFS client for backwards compatibility
*/
unsigned int nfs_callback_set_tcpport;
unsigned short nfs_callback_nr_threads;
/* Default cache timeout is 10 minutes */
unsigned int nfs_idmap_cache_timeout = 600;
/* Turn off NFSv4 uid/gid mapping when using AUTH_SYS */
bool nfs4_disable_idmapping = true;
unsigned short max_session_slots = NFS4_DEF_SLOT_TABLE_SIZE;
unsigned short max_session_cb_slots = NFS4_DEF_CB_SLOT_TABLE_SIZE;
unsigned short send_implementation_id = 1;
char nfs4_client_id_uniquifier[NFS4_CLIENT_ID_UNIQ_LEN] = "";
bool recover_lost_locks = false;
EXPORT_SYMBOL_GPL(nfs_callback_nr_threads);
EXPORT_SYMBOL_GPL(nfs_callback_set_tcpport);
EXPORT_SYMBOL_GPL(nfs_idmap_cache_timeout);
EXPORT_SYMBOL_GPL(nfs4_disable_idmapping);
EXPORT_SYMBOL_GPL(max_session_slots);
EXPORT_SYMBOL_GPL(max_session_cb_slots);
EXPORT_SYMBOL_GPL(send_implementation_id);
EXPORT_SYMBOL_GPL(nfs4_client_id_uniquifier);
EXPORT_SYMBOL_GPL(recover_lost_locks);
#define NFS_CALLBACK_MAXPORTNR (65535U)
static int param_set_portnr(const char *val, const struct kernel_param *kp)
{
unsigned long num;
int ret;
if (!val)
return -EINVAL;
ret = kstrtoul(val, 0, &num);
if (ret || num > NFS_CALLBACK_MAXPORTNR)
return -EINVAL;
*((unsigned int *)kp->arg) = num;
return 0;
}
static const struct kernel_param_ops param_ops_portnr = {
.set = param_set_portnr,
.get = param_get_uint,
};
#define param_check_portnr(name, p) __param_check(name, p, unsigned int);
module_param_named(callback_tcpport, nfs_callback_set_tcpport, portnr, 0644);
module_param_named(callback_nr_threads, nfs_callback_nr_threads, ushort, 0644);
MODULE_PARM_DESC(callback_nr_threads, "Number of threads that will be "
"assigned to the NFSv4 callback channels.");
module_param(nfs_idmap_cache_timeout, int, 0644);
module_param(nfs4_disable_idmapping, bool, 0644);
module_param_string(nfs4_unique_id, nfs4_client_id_uniquifier,
NFS4_CLIENT_ID_UNIQ_LEN, 0600);
MODULE_PARM_DESC(nfs4_disable_idmapping,
"Turn off NFSv4 idmapping when using 'sec=sys'");
module_param(max_session_slots, ushort, 0644);
MODULE_PARM_DESC(max_session_slots, "Maximum number of outstanding NFSv4.1 "
"requests the client will negotiate");
module_param(max_session_cb_slots, ushort, 0644);
MODULE_PARM_DESC(max_session_cb_slots, "Maximum number of parallel NFSv4.1 "
"callbacks the client will process for a given server");
module_param(send_implementation_id, ushort, 0644);
MODULE_PARM_DESC(send_implementation_id,
"Send implementation ID with NFSv4.1 exchange_id");
MODULE_PARM_DESC(nfs4_unique_id, "nfs_client_id4 uniquifier string");
module_param(recover_lost_locks, bool, 0644);
MODULE_PARM_DESC(recover_lost_locks,
"If the server reports that a lock might be lost, "
"try to recover it risking data corruption.");
#endif /* CONFIG_NFS_V4 */