Merge branch 'nfsd-next' of git://linux-nfs.org/~bfields/linux
Pull nfsd updates from Bruce Fields: "This was a very quiet cycle! Just a few bugfixes and some cleanup" * 'nfsd-next' of git://linux-nfs.org/~bfields/linux: rpc: let xdr layer allocate gssproxy receieve pages rpc: fix huge kmalloc's in gss-proxy rpc: comment on linux_cred encoding, treat all as unsigned rpc: clean up decoding of gssproxy linux creds svcrpc: remove unused rq_resused nfsd4: nfsd4_create_clid_dir prints uninitialized data nfsd4: fix leak of inode reference on delegation failure Revert "nfsd: nfs4_file_get_access: need to be more careful with O_RDWR" sunrpc: prepare NFS for 2038 nfsd4: fix setlease error return nfsd: nfs4_file_get_access: need to be more careful with O_RDWR
This commit is contained in:
Linus Torvalds
@@ -213,6 +213,26 @@ static int gssp_call(struct net *net, struct rpc_message *msg)
|
||||
return status;
|
||||
}
|
||||
|
||||
static void gssp_free_receive_pages(struct gssx_arg_accept_sec_context *arg)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < arg->npages && arg->pages[i]; i++)
|
||||
__free_page(arg->pages[i]);
|
||||
}
|
||||
|
||||
static int gssp_alloc_receive_pages(struct gssx_arg_accept_sec_context *arg)
|
||||
{
|
||||
arg->npages = DIV_ROUND_UP(NGROUPS_MAX * 4, PAGE_SIZE);
|
||||
arg->pages = kzalloc(arg->npages * sizeof(struct page *), GFP_KERNEL);
|
||||
/*
|
||||
* XXX: actual pages are allocated by xdr layer in
|
||||
* xdr_partial_copy_from_skb.
|
||||
*/
|
||||
if (!arg->pages)
|
||||
return -ENOMEM;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Public functions
|
||||
@@ -261,10 +281,16 @@ int gssp_accept_sec_context_upcall(struct net *net,
|
||||
arg.context_handle = &ctxh;
|
||||
res.output_token->len = GSSX_max_output_token_sz;
|
||||
|
||||
ret = gssp_alloc_receive_pages(&arg);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
/* use nfs/ for targ_name ? */
|
||||
|
||||
ret = gssp_call(net, &msg);
|
||||
|
||||
gssp_free_receive_pages(&arg);
|
||||
|
||||
/* we need to fetch all data even in case of error so
|
||||
* that we can free special strctures is they have been allocated */
|
||||
data->major_status = res.status.major_status;
|
||||
|
||||
@@ -166,14 +166,15 @@ static int dummy_dec_opt_array(struct xdr_stream *xdr,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int get_s32(void **p, void *max, s32 *res)
|
||||
static int get_host_u32(struct xdr_stream *xdr, u32 *res)
|
||||
{
|
||||
void *base = *p;
|
||||
void *next = (void *)((char *)base + sizeof(s32));
|
||||
if (unlikely(next > max || next < base))
|
||||
__be32 *p;
|
||||
|
||||
p = xdr_inline_decode(xdr, 4);
|
||||
if (!p)
|
||||
return -EINVAL;
|
||||
memcpy(res, base, sizeof(s32));
|
||||
*p = next;
|
||||
/* Contents of linux creds are all host-endian: */
|
||||
memcpy(res, p, sizeof(u32));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -182,9 +183,9 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
|
||||
{
|
||||
u32 length;
|
||||
__be32 *p;
|
||||
void *q, *end;
|
||||
s32 tmp;
|
||||
int N, i, err;
|
||||
u32 tmp;
|
||||
u32 N;
|
||||
int i, err;
|
||||
|
||||
p = xdr_inline_decode(xdr, 4);
|
||||
if (unlikely(p == NULL))
|
||||
@@ -192,33 +193,28 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
|
||||
|
||||
length = be32_to_cpup(p);
|
||||
|
||||
/* FIXME: we do not want to use the scratch buffer for this one
|
||||
* may need to use functions that allows us to access an io vector
|
||||
* directly */
|
||||
p = xdr_inline_decode(xdr, length);
|
||||
if (unlikely(p == NULL))
|
||||
if (length > (3 + NGROUPS_MAX) * sizeof(u32))
|
||||
return -ENOSPC;
|
||||
|
||||
q = p;
|
||||
end = q + length;
|
||||
|
||||
/* uid */
|
||||
err = get_s32(&q, end, &tmp);
|
||||
err = get_host_u32(xdr, &tmp);
|
||||
if (err)
|
||||
return err;
|
||||
creds->cr_uid = make_kuid(&init_user_ns, tmp);
|
||||
|
||||
/* gid */
|
||||
err = get_s32(&q, end, &tmp);
|
||||
err = get_host_u32(xdr, &tmp);
|
||||
if (err)
|
||||
return err;
|
||||
creds->cr_gid = make_kgid(&init_user_ns, tmp);
|
||||
|
||||
/* number of additional gid's */
|
||||
err = get_s32(&q, end, &tmp);
|
||||
err = get_host_u32(xdr, &tmp);
|
||||
if (err)
|
||||
return err;
|
||||
N = tmp;
|
||||
if ((3 + N) * sizeof(u32) != length)
|
||||
return -EINVAL;
|
||||
creds->cr_group_info = groups_alloc(N);
|
||||
if (creds->cr_group_info == NULL)
|
||||
return -ENOMEM;
|
||||
@@ -226,7 +222,7 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
|
||||
/* gid's */
|
||||
for (i = 0; i < N; i++) {
|
||||
kgid_t kgid;
|
||||
err = get_s32(&q, end, &tmp);
|
||||
err = get_host_u32(xdr, &tmp);
|
||||
if (err)
|
||||
goto out_free_groups;
|
||||
err = -EINVAL;
|
||||
@@ -784,6 +780,9 @@ void gssx_enc_accept_sec_context(struct rpc_rqst *req,
|
||||
/* arg->options */
|
||||
err = dummy_enc_opt_array(xdr, &arg->options);
|
||||
|
||||
xdr_inline_pages(&req->rq_rcv_buf,
|
||||
PAGE_SIZE/2 /* pretty arbitrary */,
|
||||
arg->pages, 0 /* page base */, arg->npages * PAGE_SIZE);
|
||||
done:
|
||||
if (err)
|
||||
dprintk("RPC: gssx_enc_accept_sec_context: %d\n", err);
|
||||
|
||||
@@ -147,6 +147,8 @@ struct gssx_arg_accept_sec_context {
|
||||
struct gssx_cb *input_cb;
|
||||
u32 ret_deleg_cred;
|
||||
struct gssx_option_array options;
|
||||
struct page **pages;
|
||||
unsigned int npages;
|
||||
};
|
||||
|
||||
struct gssx_res_accept_sec_context {
|
||||
@@ -240,7 +242,8 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
|
||||
2 * GSSX_max_princ_sz + \
|
||||
8 + 8 + 4 + 4 + 4)
|
||||
#define GSSX_max_output_token_sz 1024
|
||||
#define GSSX_max_creds_sz (4 + 4 + 4 + NGROUPS_MAX * 4)
|
||||
/* grouplist not included; we allocate separate pages for that: */
|
||||
#define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */)
|
||||
#define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \
|
||||
GSSX_default_ctx_sz + \
|
||||
GSSX_max_output_token_sz + \
|
||||
|
||||
Reference in New Issue
Block a user