[v15,05/26] NFSD: Refactor nfsd_setuser_and_check_port()

Message ID	20240831223755.8569-6-snitzer@kernel.org (mailing list archive)
State	New
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 45190184529; Sat, 31 Aug 2024 22:38:03 +0000 (UTC) From: Mike Snitzer <snitzer@kernel.org> To: linux-nfs@vger.kernel.org Cc: Jeff Layton <jlayton@kernel.org>, Chuck Lever <chuck.lever@oracle.com>, Anna Schumaker <anna@kernel.org>, Trond Myklebust <trondmy@hammerspace.com>, NeilBrown <neilb@suse.de>, linux-fsdevel@vger.kernel.org Subject: [PATCH v15 05/26] NFSD: Refactor nfsd_setuser_and_check_port() Date: Sat, 31 Aug 2024 18:37:25 -0400 Message-ID: <20240831223755.8569-6-snitzer@kernel.org> In-Reply-To: <20240831223755.8569-1-snitzer@kernel.org> References: <20240831223755.8569-1-snitzer@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	nfs/nfsd: add support for LOCALIO \| expand [v15,00/26] nfs/nfsd: add support for LOCALIO [v15,01/26] nfs_common: factor out nfs_errtbl and nfs_stat_to_errno [v15,02/26] nfs_common: factor out nfs4_errtbl and nfs4_stat_to_errno [v15,03/26] nfs: factor out {encode,decode}_opaque_fixed to nfs_xdr.h [v15,04/26] NFSD: Handle @rqstp == NULL in check_nfsd_access() [v15,05/26] NFSD: Refactor nfsd_setuser_and_check_port() [v15,06/26] NFSD: Avoid using rqstp->rq_vers in nfsd_set_fh_dentry() [v15,07/26] NFSD: Short-circuit fh_verify tracepoints for LOCALIO [v15,08/26] nfsd: factor out __fh_verify to allow NULL rqstp to be passed [v15,09/26] nfsd: add nfsd_file_acquire_local() [v15,10/26] nfsd: add nfsd_serv_try_get and nfsd_serv_put [v15,11/26] SUNRPC: remove call_allocate() BUG_ONs [v15,12/26] SUNRPC: add svcauth_map_clnt_to_svc_cred_local [v15,13/26] SUNRPC: replace program list with program array [v15,14/26] nfs_common: add NFS LOCALIO auxiliary protocol enablement [v15,15/26] nfs_common: prepare for the NFS client to use nfsd_file for LOCALIO [v15,16/26] nfsd: add LOCALIO support [v15,17/26] nfsd: implement server support for NFS_LOCALIO_PROGRAM [v15,18/26] nfs: pass struct nfsd_file to nfs_init_pgio and nfs_init_commit [v15,19/26] nfs: add LOCALIO support [v15,20/26] nfs: enable localio for non-pNFS IO [v15,21/26] pnfs/flexfiles: enable localio support [v15,22/26] nfs/localio: use dedicated workqueues for filesystem read and write [v15,23/26] nfs: implement client support for NFS_LOCALIO_PROGRAM [v15,24/26] nfs: add Documentation/filesystems/nfs/localio.rst [v15,25/26] nfs: add FAQ section to Documentation/filesystems/nfs/localio.rst [v15,26/26] nfs: add "NFS Client and Server Interlock" section to localio.rst

Message ID

20240831223755.8569-6-snitzer@kernel.org (mailing list archive)

State

New

Headers

From: Mike Snitzer <snitzer@kernel.org>
To: linux-nfs@vger.kernel.org
Cc: Jeff Layton <jlayton@kernel.org>,
	Chuck Lever <chuck.lever@oracle.com>,
	Anna Schumaker <anna@kernel.org>,
	Trond Myklebust <trondmy@hammerspace.com>,
	NeilBrown <neilb@suse.de>,
	linux-fsdevel@vger.kernel.org
Subject: [PATCH v15 05/26] NFSD: Refactor nfsd_setuser_and_check_port()
Date: Sat, 31 Aug 2024 18:37:25 -0400
Message-ID: <20240831223755.8569-6-snitzer@kernel.org>
In-Reply-To: <20240831223755.8569-1-snitzer@kernel.org>
References: <20240831223755.8569-1-snitzer@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

nfs/nfsd: add support for LOCALIO | expand

Commit Message

Mike Snitzer Aug. 31, 2024, 10:37 p.m. UTC

From: NeilBrown <neilb@suse.de>

There are several places where __fh_verify unconditionally dereferences
rqstp to check that the connection is suitably secure.  They look at
rqstp->rq_xprt which is not meaningful in the target use case of
"localio" NFS in which the client talks directly to the local server.

Prepare these to always succeed when rqstp is NULL.

Signed-off-by: NeilBrown <neilb@suse.de>
Co-developed-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
---
 fs/nfsd/nfsfh.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 50d23d56f403..4b964a71a504 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -87,23 +87,24 @@  nfsd_mode_check(struct dentry *dentry, umode_t requested)
 	return nfserr_wrong_type;
 }
 
-static bool nfsd_originating_port_ok(struct svc_rqst *rqstp, int flags)
+static bool nfsd_originating_port_ok(struct svc_rqst *rqstp,
+				     struct svc_cred *cred,
+				     struct svc_export *exp)
 {
-	if (flags & NFSEXP_INSECURE_PORT)
+	if (nfsexp_flags(cred, exp) & NFSEXP_INSECURE_PORT)
 		return true;
 	/* We don't require gss requests to use low ports: */
-	if (rqstp->rq_cred.cr_flavor >= RPC_AUTH_GSS)
+	if (cred->cr_flavor >= RPC_AUTH_GSS)
 		return true;
 	return test_bit(RQ_SECURE, &rqstp->rq_flags);
 }
 
 static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
+					  struct svc_cred *cred,
 					  struct svc_export *exp)
 {
-	int flags = nfsexp_flags(&rqstp->rq_cred, exp);
-
 	/* Check if the request originated from a secure port. */
-	if (!nfsd_originating_port_ok(rqstp, flags)) {
+	if (rqstp && !nfsd_originating_port_ok(rqstp, cred, exp)) {
 		RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
 		dprintk("nfsd: request from insecure port %s!\n",
 		        svc_print_addr(rqstp, buf, sizeof(buf)));
@@ -111,7 +112,7 @@  static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
 	}
 
 	/* Set user creds for this exportpoint */
-	return nfserrno(nfsd_setuser(&rqstp->rq_cred, exp));
+	return nfserrno(nfsd_setuser(cred, exp));
 }
 
 static inline __be32 check_pseudo_root(struct dentry *dentry,
@@ -219,7 +220,7 @@  static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
 		put_cred(override_creds(new));
 		put_cred(new);
 	} else {
-		error = nfsd_setuser_and_check_port(rqstp, exp);
+		error = nfsd_setuser_and_check_port(rqstp, &rqstp->rq_cred, exp);
 		if (error)
 			goto out;
 	}
@@ -358,7 +359,7 @@  fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access)
 	if (error)
 		goto out;
 
-	error = nfsd_setuser_and_check_port(rqstp, exp);
+	error = nfsd_setuser_and_check_port(rqstp, &rqstp->rq_cred, exp);
 	if (error)
 		goto out;

[v15,05/26] NFSD: Refactor nfsd_setuser_and_check_port()

Commit Message

Patch