From patchwork Fri Mar 25 17:00:24 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rob Landley X-Patchwork-Id: 662911 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p2PH0Wiv023328 for ; Fri, 25 Mar 2011 17:00:32 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754667Ab1CYRAb (ORCPT ); Fri, 25 Mar 2011 13:00:31 -0400 Received: from mx2.parallels.com ([64.131.90.16]:37853 "EHLO mx2.parallels.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754650Ab1CYRAa (ORCPT ); Fri, 25 Mar 2011 13:00:30 -0400 Received: from [96.31.168.206] (helo=mail.parallels.com) by mx2.parallels.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.74) (envelope-from ) id 1Q3ANA-0005fh-9y; Fri, 25 Mar 2011 13:00:29 -0400 Received: from [192.168.2.108] (24.27.19.110) by mail.parallels.com (10.255.249.32) with Microsoft SMTP Server (TLS) id 14.1.218.12; Fri, 25 Mar 2011 10:00:27 -0700 Message-ID: <4D8CCA28.7040001@parallels.com> Date: Fri, 25 Mar 2011 12:00:24 -0500 From: Rob Landley User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: , , Trond Myklebust Subject: [RFC PATCH] Teach auth_unix cache to check network namespace in comparisons X-Originating-IP: [24.27.19.110] Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Fri, 25 Mar 2011 17:00:32 +0000 (UTC) diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index 30916b0..63a2fa7 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -14,6 +14,7 @@ #include #include #include +#include #define RPCDBG_FACILITY RPCDBG_AUTH #include @@ -94,6 +95,7 @@ struct ip_map { struct cache_head h; char m_class[8]; /* e.g. "nfsd" */ struct in6_addr m_addr; + struct net *m_net; struct unix_domain *m_client; #ifdef CONFIG_NFSD_DEPRECATED int m_add_change; @@ -134,6 +136,7 @@ static int ip_map_match(struct cache_head *corig, struct cache_head *cnew) struct ip_map *orig = container_of(corig, struct ip_map, h); struct ip_map *new = container_of(cnew, struct ip_map, h); return strcmp(orig->m_class, new->m_class) == 0 && + net_eq(orig->m_net, new->m_net) && ipv6_addr_equal(&orig->m_addr, &new->m_addr); } static void ip_map_init(struct cache_head *cnew, struct cache_head *citem) @@ -142,6 +145,7 @@ static void ip_map_init(struct cache_head *cnew, struct cache_head *citem) struct ip_map *item = container_of(citem, struct ip_map, h); strcpy(new->m_class, item->m_class); + new->m_net = item->m_net; ipv6_addr_copy(&new->m_addr, &item->m_addr); } static void update(struct cache_head *cnew, struct cache_head *citem) @@ -186,7 +190,7 @@ static int ip_map_upcall(struct cache_detail *cd, struct cache_head *h) return sunrpc_cache_pipe_upcall(cd, h, ip_map_request); } -static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, struct in6_addr *addr); +static struct ip_map *__ip_map_lookup(struct cache_detail *cd, struct net *net, char *class, struct in6_addr *addr); static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, struct unix_domain *udom, time_t expiry); static int ip_map_parse(struct cache_detail *cd, @@ -256,7 +260,8 @@ static int ip_map_parse(struct cache_detail *cd, dom = NULL; /* IPv6 scope IDs are ignored for now */ - ipmp = __ip_map_lookup(cd, class, &sin6.sin6_addr); + ipmp = __ip_map_lookup(cd, current->nsproxy->net_ns, class, + &sin6.sin6_addr); if (ipmp) { err = __ip_map_update(cd, ipmp, container_of(dom, struct unix_domain, h), @@ -301,13 +306,14 @@ static int ip_map_show(struct seq_file *m, } -static struct ip_map *__ip_map_lookup(struct cache_detail *cd, char *class, - struct in6_addr *addr) +static struct ip_map *__ip_map_lookup(struct cache_detail *cd, struct net *net, + char *class, struct in6_addr *addr) { struct ip_map ip; struct cache_head *ch; strcpy(ip.m_class, class); + ip.m_net = net; ipv6_addr_copy(&ip.m_addr, addr); ch = sunrpc_cache_lookup(cd, &ip.h, hash_str(class, IP_HASHBITS) ^ @@ -325,7 +331,7 @@ static inline struct ip_map *ip_map_lookup(struct net *net, char *class, struct sunrpc_net *sn; sn = net_generic(net, sunrpc_net_id); - return __ip_map_lookup(sn->ip_map_cache, class, addr); + return __ip_map_lookup(sn->ip_map_cache, net, class, addr); } static int __ip_map_update(struct cache_detail *cd, struct ip_map *ipm, @@ -748,8 +754,9 @@ svcauth_unix_set_client(struct svc_rqst *rqstp) ipm = ip_map_cached_get(xprt); if (ipm == NULL) - ipm = __ip_map_lookup(sn->ip_map_cache, rqstp->rq_server->sv_program->pg_class, - &sin6->sin6_addr); + ipm = __ip_map_lookup(sn->ip_map_cache, net, + rqstp->rq_server->sv_program->pg_class, + &sin6->sin6_addr); if (ipm == NULL) return SVC_DENIED;