[v16,12/26] SUNRPC: add svcauth_map_clnt_to_svc_cred_local

Message ID	20240905191011.41650-13-snitzer@kernel.org (mailing list archive)
State	New
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DB20192D67 for <linux-nfs@vger.kernel.org>; Thu, 5 Sep 2024 19:10:29 +0000 (UTC) From: Mike Snitzer <snitzer@kernel.org> To: linux-nfs@vger.kernel.org Cc: Jeff Layton <jlayton@kernel.org>, Chuck Lever <chuck.lever@oracle.com>, Anna Schumaker <anna@kernel.org>, Trond Myklebust <trondmy@hammerspace.com>, NeilBrown <neilb@suse.de> Subject: [PATCH v16 12/26] SUNRPC: add svcauth_map_clnt_to_svc_cred_local Date: Thu, 5 Sep 2024 15:09:46 -0400 Message-ID: <20240905191011.41650-13-snitzer@kernel.org> In-Reply-To: <20240905191011.41650-1-snitzer@kernel.org> References: <20240905191011.41650-1-snitzer@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	nfs/nfsd: add support for LOCALIO \| expand [v16,00/26] nfs/nfsd: add support for LOCALIO [v16,01/26] nfs_common: factor out nfs_errtbl and nfs_stat_to_errno [v16,02/26] nfs_common: factor out nfs4_errtbl and nfs4_stat_to_errno [v16,03/26] nfs: factor out {encode,decode}_opaque_fixed to nfs_xdr.h [v16,04/26] NFSD: Handle @rqstp == NULL in check_nfsd_access() [v16,05/26] NFSD: Refactor nfsd_setuser_and_check_port() [v16,06/26] NFSD: Avoid using rqstp->rq_vers in nfsd_set_fh_dentry() [v16,07/26] NFSD: Short-circuit fh_verify tracepoints for LOCALIO [v16,08/26] nfsd: factor out __fh_verify to allow NULL rqstp to be passed [v16,09/26] nfsd: add nfsd_file_acquire_local() [v16,10/26] nfsd: add nfsd_serv_try_get and nfsd_serv_put [v16,11/26] SUNRPC: remove call_allocate() BUG_ONs [v16,12/26] SUNRPC: add svcauth_map_clnt_to_svc_cred_local [v16,13/26] SUNRPC: replace program list with program array [v16,14/26] nfs_common: add NFS LOCALIO auxiliary protocol enablement [v16,15/26] nfs_common: prepare for the NFS client to use nfsd_file for LOCALIO [v16,16/26] nfsd: add LOCALIO support [v16,17/26] nfsd: implement server support for NFS_LOCALIO_PROGRAM [v16,18/26] nfs: pass struct nfsd_file to nfs_init_pgio and nfs_init_commit [v16,19/26] nfs: add LOCALIO support [v16,20/26] nfs: enable localio for non-pNFS IO [v16,21/26] pnfs/flexfiles: enable localio support [v16,22/26] nfs/localio: use dedicated workqueues for filesystem read and write [v16,23/26] nfs: implement client support for NFS_LOCALIO_PROGRAM [v16,24/26] nfs: add Documentation/filesystems/nfs/localio.rst [v16,25/26] nfs: add FAQ section to Documentation/filesystems/nfs/localio.rst [v16,26/26] nfs: add "NFS Client and Server Interlock" section to localio.rst

Message ID

20240905191011.41650-13-snitzer@kernel.org (mailing list archive)

State

New

Headers

From: Mike Snitzer <snitzer@kernel.org>
To: linux-nfs@vger.kernel.org
Cc: Jeff Layton <jlayton@kernel.org>,
	Chuck Lever <chuck.lever@oracle.com>,
	Anna Schumaker <anna@kernel.org>,
	Trond Myklebust <trondmy@hammerspace.com>,
	NeilBrown <neilb@suse.de>
Subject: [PATCH v16 12/26] SUNRPC: add svcauth_map_clnt_to_svc_cred_local
Date: Thu,  5 Sep 2024 15:09:46 -0400
Message-ID: <20240905191011.41650-13-snitzer@kernel.org>
In-Reply-To: <20240905191011.41650-1-snitzer@kernel.org>
References: <20240905191011.41650-1-snitzer@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

nfs/nfsd: add support for LOCALIO | expand

Commit Message

Mike Snitzer Sept. 5, 2024, 7:09 p.m. UTC

From: Weston Andros Adamson <dros@primarydata.com>

Add new funtion svcauth_map_clnt_to_svc_cred_local which maps a
generic cred to a svc_cred suitable for use in nfsd.

This is needed by the localio code to map nfs client creds to nfs
server credentials.

Following from net/sunrpc/auth_unix.c:unx_marshal() it is clear that
->fsuid and ->fsgid must be used (rather than ->uid and ->gid).  In
addition, these uid and gid must be translated with from_kuid_munged()
so local client uses correct uid and gid when acting as local server.

Jeff Layton noted:
  This is where the magic happens. Since we're working in
  kuid_t/kgid_t, we don't need to worry about further idmapping.

Suggested-by: NeilBrown <neilb@suse.de> # to approximate unx_marshal()
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Co-developed-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: NeilBrown <neilb@suse.de>
---
 include/linux/sunrpc/svcauth.h |  5 +++++
 net/sunrpc/svcauth.c           | 28 ++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
index 63cf6fb26dcc..2e111153f7cd 100644
--- a/include/linux/sunrpc/svcauth.h
+++ b/include/linux/sunrpc/svcauth.h
@@ -14,6 +14,7 @@ 
 #include <linux/sunrpc/msg_prot.h>
 #include <linux/sunrpc/cache.h>
 #include <linux/sunrpc/gss_api.h>
+#include <linux/sunrpc/clnt.h>
 #include <linux/hash.h>
 #include <linux/stringhash.h>
 #include <linux/cred.h>
@@ -157,6 +158,10 @@  extern enum svc_auth_status svc_set_client(struct svc_rqst *rqstp);
 extern int	svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops);
 extern void	svc_auth_unregister(rpc_authflavor_t flavor);
 
+extern void	svcauth_map_clnt_to_svc_cred_local(struct rpc_clnt *clnt,
+						   const struct cred *,
+						   struct svc_cred *);
+
 extern struct auth_domain *unix_domain_find(char *name);
 extern void auth_domain_put(struct auth_domain *item);
 extern struct auth_domain *auth_domain_lookup(char *name, struct auth_domain *new);
diff --git a/net/sunrpc/svcauth.c b/net/sunrpc/svcauth.c
index 93d9e949e265..55b4d2874188 100644
--- a/net/sunrpc/svcauth.c
+++ b/net/sunrpc/svcauth.c
@@ -18,6 +18,7 @@ 
 #include <linux/sunrpc/svcauth.h>
 #include <linux/err.h>
 #include <linux/hash.h>
+#include <linux/user_namespace.h>
 
 #include <trace/events/sunrpc.h>
 
@@ -175,6 +176,33 @@  rpc_authflavor_t svc_auth_flavor(struct svc_rqst *rqstp)
 }
 EXPORT_SYMBOL_GPL(svc_auth_flavor);
 
+/**
+ * svcauth_map_clnt_to_svc_cred_local - maps a generic cred
+ * to a svc_cred suitable for use in nfsd.
+ * @clnt: rpc_clnt associated with nfs client
+ * @cred: generic cred associated with nfs client
+ * @svc: returned svc_cred that is suitable for use in nfsd
+ */
+void svcauth_map_clnt_to_svc_cred_local(struct rpc_clnt *clnt,
+					const struct cred *cred,
+					struct svc_cred *svc)
+{
+	struct user_namespace *userns = clnt->cl_cred ?
+		clnt->cl_cred->user_ns : &init_user_ns;
+
+	memset(svc, 0, sizeof(struct svc_cred));
+
+	svc->cr_uid = KUIDT_INIT(from_kuid_munged(userns, cred->fsuid));
+	svc->cr_gid = KGIDT_INIT(from_kgid_munged(userns, cred->fsgid));
+	svc->cr_flavor = clnt->cl_auth->au_flavor;
+	if (cred->group_info)
+		svc->cr_group_info = get_group_info(cred->group_info);
+	/* These aren't relevant for local (network is bypassed) */
+	svc->cr_principal = NULL;
+	svc->cr_gss_mech = NULL;
+}
+EXPORT_SYMBOL_GPL(svcauth_map_clnt_to_svc_cred_local);
+
 /**************************************************
  * 'auth_domains' are stored in a hash table indexed by name.
  * When the last reference to an 'auth_domain' is dropped,

[v16,12/26] SUNRPC: add svcauth_map_clnt_to_svc_cred_local

Commit Message

Patch