| Age | Commit message (Collapse) | Author |
|---|
|
|
|
into hostme.bitkeeper.com:/ua/repos/n/nfsclient/linux-2.5
|
|
From: Grzegorz Jaskiewicz <gj@pointblue.com.pl>
gcc-2.94 fails to compile this code, alleging an invalid lvalue.
An equivalent transformation fixes it up.
|
|
of this patch is to eliminate the use of xdr_kmap() and xdr_unmap()
by replacing them with MSG_MORE. xdr_kmap() is deadlock-prone
due to the fact that it has to kmap() several pages at the same time.
|
|
ports. Remove the existing code to temporarily raise privileges in
fs/lockd/host.c, and use the new code in net/sunrpc/xprt.c
There should no longer be a need to temporarily change the fsuid.
Remove this feature.
|
|
1/ call cache_fresh when replacing a cache entry (instead of only
when updating) so that up-calls waiting on the replaced entry continue.
2/ in svcauth_unix_accept, don't put the verifier until all tests have
succeeded.
3/ calculate size of request-being-deferred correctly.
|
|
In most cases the fix is to add an struct module * member to the operations
vector instead and manipulate the refcounts in the callers context.
For the ALSA cases it was completly superflous (when will people get it that
using an exported symbol will make it's module unloadable?..)
|
|
NFS replies can have a 'tail' after a 'data' component
(for read, readlink, readdir).
For nfsv2 and v3 this tail is in the same page as the head.
For nfsv4, this tail is in a separate page.
We need to keep track of which page so that it right one
gets sent. This patch does that.
|
|
- Only set up pipefs entries for those RPC services that actually
need them (for the moment NFS only). Portmap, lockd,... shouldn't
need to make upcalls.
- Add in missing semaphore in rpc_populate().
- Make inode/dentry variable names in rpc_depopulate/rpc_populate
more consistent w.r.t other functions in rpc_pipe.c
- Call shrink_dcache_parent() in order to clean up child entries
before we rmdir().
|
|
The following patch provides minimal client support for the
(mandatory) Kerberos V5 authentication mechanism under RPCSEC_GSS.
See RFC2623 and RFC3010 for protocol details.
Only authentication is supported for the moment. Data integrity and/or
data privacy (encryption) will be implemented at a later stage.
|
|
This patches the RPCSEC_GSS client to make use of the upcall mechanism
that was provided by patch [3/6].
If an RPC task presents a non-uptodate credential to call_refresh(),
a user daemon is contacted by means of a dedicated rpc_pipefs pipe.
The daemon is then fed the uid for which it must establish a new RPCSEC
security context.
While the daemon goes about its business, the RPC task is put to sleep
on a wait queue in order to allow the 'rpciod' process to service other
requests. If another task wants to use the same credential, it too will
be put to sleep once it reaches call_refresh(). A timeout mechanism
ensures that requests are retried (or that 'soft' mounts fail) if the
daemon crashes / is killed.
Once the daemon has established the RPCSEC context, it writes the result
back to the pipe, causing the credential to be updated. Those RPC tasks
that were sleeping on the context are automatically woken up, and
their execution can proceed.
|
|
This patch provides the basic framework for RPCSEC_GSS authentication
in the RPC client. The protocol is fully described in RFC-2203.
Sun has supported it in their commercial NFSv3 and v2 implementations
for quite some time, and it has been specified in RFC3010 as being
mandatory for NFSv4.
- Update the mount_data struct for NFSv2 and v3 in order to allow them
to pass an RPCSEC_GSS security flavour. Compatibility with existing
versions of the 'mount' program is ensured by requiring that RPCSEC
support be enabled using the new flag NFS_MOUNT_SECFLAVOUR.
- Provide secure authentication, and later data encryption on
a per-user basis. A later patch will an provide an implementation
of the Kerberos 5 security mechanism. SPKM and LIPKEY are still
being planned.
- Security context negotiation and initialization are all assumed
to be done in userland. A later patch will provide the actual upcall
mechanisms to allow for this.
|
|
This patch provides the upcall mechanism that will be used for communicating
with the RPCSEC client user daemons.
It sets up a 'ramfs' style filesystem (rpc_pipefs) that is populated with
named pipes. Each time the kernel initializes a new NFS, lockd, statd or
portmapper client, a directory automatically gets set up in this fs.
The directory is initially only populated with a single file "info"
that provides information such as the server IP address, the port number
and the RPC service for the benefit of the user daemon.
When an RPCSEC_GSS mechanism needs to communicate with the daemon, it
is provided with a toolkit for setting up a named pipe in the same
directory. It can then perform upcalls/downcalls in order to talk to the
daemon in much the same way as is done by CODA.
The NFSv4 client will also need to use this same filesystem to communicate
with its user daemon in order to do name-to-uid/name-from-uid and
name-to-gid/name-from-gid translation.
|
|
The RPCSEC_GSS user context defines a 'sequence number' in the AUTH header
fields in order to provide protection against replay attacks. This
number needs to lie within a given 'window', and is required to be updated
even when retransmitting dropped requests.
In order to allow this update to occur, move the XDR 'encode' phase
so that it is done immediately before writing the data to the socket.
|
|
Clean up RPC client credcache lookups.
- Remove the limitation whereby the RPC client may only look up
credentials for the current task.
The ability to lookup arbitrary credentials is needed in order to allow
a user daemon to set the RPCSEC_GSS private information once it
has finished negotiating the RPCSEC user context with the server.
|
|
Implementing hash_str as hash_mem(..., strlen()) is actually quite slow,
so create a separate hash_str.
Now hash_mem has only one call site, and both are quite small, so we make them
both inline.
|
|
We encode that status in the return value.
Also, don't pass 'proc' parameter to ->accept, as it is
implicit in rqstp.
|
|
|
|
Converts the RPC client auth code to use 'list_head' rather than a
custom pointer scheme.
Fixes a (relatively harmless) race which could cause several cred
entries to be created for the same user.
|
|
into kernel.bkbits.net:/home/davem/sparc-2.5
|
|
|
|
|
|
It works much better than my little toy hash functions.
|
|
This provides a /proc/sunrpc/*/content seq_file for caches to display
their content.
This code is based on the code for /proc/fs/nfs/exports
|
|
|
|
|
|
In order to speed up NFS reads, we attempt to copy directly from
skbuffs into the pagecache pages. As we cannot do XDR decoding in the
soft interrupts, we attempt to estimate the size of the RPC header (+
attributes,...) that will precede the actual data that goes in the
pagecache. If we get the estimate wrong, the XDR decode routines
perform a realignment of the data into the pagecache.
In the existing code, we do a multi-page kmap() from the xdr_buf into
an iovec array, in order to do the shift.
The following patch adds tools for doing the realigment without going
through the iovec array (and without having to do the deadlock-prone
multi-page kmap()).
It also adds the 2 helper routines xdr_read_pages()/xdr_write_pages()
which will be needed for NFSv4 reads/writes in order to add pre/post
operation GETATTR calls.
|
|
Attached is a patch, that updates the 2.5.50 to the latest pnp
version. It includes all 9 of the previously submitted patches.
Highlights are as follows:
-PnP BIOS fixes
-Several new macros
-PnP Card Services
-Various bug fixes
-more drivers converted to the new APIs
|
|
Here is the a pre-patch in the attempt to get rid of 'struct
nfs4_compound', and the associated horrible union in 'struct
nfs4_op'.
It splits out the fields that are meant to do buffer overflow checking
and iovec adjusting on the XDR received/sent data. It moves support
for that nto the dedicated structure 'xdr_stream', and the associated
functions 'xdr_reserve_space()', 'xdr_inline_decode()'.
The patch also expands out the all macros ENCODE_HEAD, ENCODE_TAIL,
ADJUST_ARGS and DECODE_HEAD, as well as most of the DECODE_TAILs.
|
|
The "procedure number" has been used for 2 purposes in the kernel
client RPC implementation:
1) As a number to pass to the server in the RPC header.
2) As an index into the "procedure array" of type 'struct
rpc_procinfo', from which the RPC layer can find the XDR
encode/decode functions, buffer size, and all the other static
data that it needs to construct the on-wire RPC message.
This works fine for NFSv2, v3 and for the NLM locking code for which
there is a one-to-one mapping between NFS file operations, and RPC
procedures.
For NFSv4 on the other hand, the mapping is many-to-one, since there
is only one RPC procedure number: NFSPROC4_COMPOUND.
For efficiency purposes, we want to have a one-to-one mapping between
NFS file operations and the corresponding XDR encode/decode routines,
but currently this is not possible because of (2). The result is the
mess that is 'struct nfs4_op' and encode/decode_compound.
In the process eliminating (2), we might as well change to passing a
pointer to the appropriate procedure array entry instead of an
index. This change can be made transparent
The appended patch therefore does the following:
- Substitute a pointer to the rpc_procinfo instead of the RPC
procedure number in the struct rpc_message.
- Make the RPC procedure number an entry in the struct
rpc_procinfo.
- Clean out the largely unused (except in some obscure lockd
debugging code) p_name field. The latter was just a stringified
version of the RPC procedure name, so for those lockd cases, we
can use the RPC procedure number instead.
|
|
In order to better cope with low memory conditions, add slabs for
struct rpc_task and 'small' RPC buffers of <= 2k. Protect these using
mempools.
The only case where we appear to use buffers of > 2k is when
symlinking, and is due to the fact that the path can be up to 4k in
length. For the moment, we just use kmalloc(), but it may be worth it
some time in the near future to convert nfs_symlink() to use pages.
|
|
clean up RPC client's RTO estimator.
|
|
the new RPC RTO estimator has some jiffies wrap problems.
|
|
fix up the last remaining static struct initializers in the RPC client and
portmapper.
|
|
smaller patch that removes unused RPC cruft.
|
|
The RPC clnt struct has a cl_flags field with one bit defined (in an NFS
header, no less). no one ever sets the flag, so remove flag, field, and
test in NFSv2 XDR routines that check for the flag.
|
|
rq_res->len was not always updated properly.
It is only needed in the sendto routine, so we calculate
it just before that is called, and don't bother
updating it anywhere else.
|
|
From Hirokazu Takahashi <taka@valinux.co.jp>
This patch changes read and readdir in nfsd.
read:
If the file supports readpage, we use it to collect pages out of the page
cache and to attache them directly to the outgoing nfs reply.
The reduces the number of copies by one, and if the filesystem/device
driver didn't copy the data, and if the network card can support not copying
the data, then you get zero-copy reads.
readdir:
A separate page is used for stoing the readdir response so that a fill
PAGE_SIZE bytes of reply can be supported.
|
|
From Hirokazu Takahashi <taka@valinux.co.jp>
As all rpc server replies are now in well defined pages,
we can use ->sendpage to send these replies, and so
make use for zero-copy transmit on network cards that
support it.
|
|
This means:
1/ We don't need an order-4 allocation for each nfsd that starts
2/ We don't need an order-4 allocation in skb_linearize when
we receive a 32K write request
3/ It will be easier to incorporate the zero-copy read changes
The pages are handed around using an xdr_buf (instead of svc_buf)
much like the NFS client so future crypto code can use the same
data structure for both client and server.
The code assumes that most requests and replies fit in a single page.
The exceptions are assumed to have some largish 'data' bit, and the
rest must fit in a single page.
The 'data' bits are file data, readdir data, and symlinks.
There must be only one 'data' bit per request.
This is all fine for nfs/nlm.
This isn't complete:
1/ NFSv4 hasn't been converted yet (it won't compile)
2/ NFSv3 allows symlinks upto 4096, but the code will only support
upto about 3800 at the moment
3/ readdir responses are limited to about 3800.
but I thought that patch was big enough, and the rest can come
later.
This patch introduces vfs_readv and vfs_writev as parallels to
vfs_read and vfs_write. This means there is a fair bit of
duplication in read_write.c that should probably be tidied up...
|
|
... as generic names probably aren't such a good idea.
Also sort the related EXPORT_SYMBOLS.
A 'qword' is a 'quoted word' and can be added, added as hex,
or got (getted??).
|
|
An rpc service like NFSD knows about a number of
versions (2,3,4) and needs to know the max and min valid
version numbers, and also the maximum xdr buffer size used
by any version.
These max/mins are currently computed at compile time which means
we need to include all the xdr*.h headers into nfssvc.c just for
computing a couple of numbers.
With this patch, these max/mins are calculated at run time from
information in the svc_version structure which has been extended to
include per-version xdrsize.
Also the nfsd_version2, nfsd_version3, and nfsd_version4
structures are moved from nfssvc.c to their more correct home
of nfs*proc.c
Code gets neated, xdr*.h are no-longer included in
nfssvc.c, and the ugly ifdef can be removed fom xdr4.h
|
|
|
|
get_word understands both \x and \012 quoting styles.
|
|
This code enhances 'cache_check' to try to initiate
an up-call if the cache entry is not up-to-date, and also
defines add_word and add_hex for formating up-call
requests. See rpc-cache.txt for more detail.
|
|
communicating cache updates with kernel
Each cache gets it's own 'channel' at
/proc/net/rpc/$CACHENAME/channel
Reads from the file will return all pending requests, one at a time.
select will block when at end of file.
writes will pass full lines in to be processed.
|
|
cache.c gets code to allow a 'request' to be referred pending
an update of a cache item, and revisited when the item is
updates.
svcsock.c gets code to store the relevant part of a request on deferral, and
to re-queue it when the cache item that caused the deferral is
filled in.
|
|
Instead of doing the lookup from ipaddr to domain inside
the nfs server, (and also when lockd calls into nfsd) it is
now done at the rpc authentication level which is a more
sensible place for it.
Note that both AUTH_UNIX and AUTH_NULL do the same lookup.
So that the rpc layer knows that nfsd and lockd both uses the
name space of domains (while other hypothetical services may
not) we introduce a 'class' for each service which svc_auth combines
with the IP address when doing a lookup.
|
|
This patch introduces two caches using the new infrastucture, and the
concept of a 'domain'.
A 'domain' refers to a collection of clients that all have the same
view of the nfs server, and all have the same access rights (modulo
different users on the clients). For AUTH_UNIX (and AUTH_NULL), the
domain is determined from the IP address. For other authentication
styles, the domain might be determined directly from the credentials.
Each auth flavour knows how to allocate and free it's domain-specific
infomation.
auth_domain_cache maps a name to a domain which is owned by
an auth flavour.
ip_map_cache is a cache specific to AUTH_UNIX which maps
IP address to domain.
With this patch, svcauth_unix.c is created to store all
auth_unix related code.
The IP address lookup code is removed from nfsd/exports.c
sunrpc module initilisation is moved out of stats.c into sunrpc_syms
which seemed to be the most central .c file. It now registers these
two caches.
Now that the caches are being used, nfsd needs to call cache_clean
periodically.
|
|
This patch provides a "virtual class" for defining caches
that make user-space information available in the kernel
It is intended for RPC services or clients that need user-space
support for authentication.
As yet, support for userspace interaction isn't included as I want
that to be able to have separate review.
|
