| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 03 Dec 2018 11:30:30 +1100
From: NeilBrown <neilb@...e.com>
To: "J. Bruce Fields" <bfields@...ldses.org>,
Chuck Lever <chuck.lever@...cle.com>,
Jeff Layton <jlayton@...nel.org>,
Trond Myklebust <trond.myklebust@...merspace.com>,
Anna Schumaker <anna.schumaker@...app.com>
Cc: Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
linux-kernel@...r.kernel.org
Subject: [PATCH 09/23] NFSv4: add cl_root_cred for use when machine cred is
not available.
NFSv4 state management tries a root credential when no machine
credential is available, as can happen with kerberos.
It does this by replacing the cl_machine_cred with a root credential.
This means that any user of the machine credential needs to take
a lock while getting a reference to the machine credential, which is
a little cumbersome.
So introduce an explicit cl_root_cred, and never free either
credential until client shutdown. This means that no locking
is needed to reference these credentials. Future patches
will make use of this.
This is only a temporary addition. both cl_machine_cred and
cl_root_cred will disappear later in the series.
Signed-off-by: NeilBrown <neilb@...e.com>
---
fs/nfs/client.c | 2 ++
fs/nfs/nfs4state.c | 20 ++++++++++++--------
include/linux/nfs_fs_sb.h | 1 +
3 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 96d5f8135eb9..cce151776709 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -248,6 +248,8 @@ void nfs_free_client(struct nfs_client *clp)
if (clp->cl_machine_cred != NULL)
put_rpccred(clp->cl_machine_cred);
+ if (clp->cl_root_cred != NULL)
+ put_rpccred(clp->cl_root_cred);
put_net(clp->cl_net);
put_nfs_version(clp->cl_nfs_mod);
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index d8decf2ec48f..511bcdee98f5 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -166,24 +166,28 @@ int nfs40_discover_server_trunking(struct nfs_client *clp,
struct rpc_cred *nfs4_get_machine_cred_locked(struct nfs_client *clp)
{
- struct rpc_cred *cred = NULL;
+ struct rpc_cred *cred = clp->cl_root_cred;
- if (clp->cl_machine_cred != NULL)
- cred = get_rpccred(clp->cl_machine_cred);
+ if (!cred)
+ cred = clp->cl_machine_cred;
+ if (cred)
+ return get_rpccred(cred);
return cred;
}
static void nfs4_root_machine_cred(struct nfs_client *clp)
{
- struct rpc_cred *cred, *new;
+ struct rpc_cred *new;
new = rpc_lookup_machine_cred(NULL);
spin_lock(&clp->cl_lock);
- cred = clp->cl_machine_cred;
- clp->cl_machine_cred = new;
+ if (clp->cl_root_cred == NULL) {
+ clp->cl_root_cred = new;
+ new = NULL;
+ }
spin_unlock(&clp->cl_lock);
- if (cred != NULL)
- put_rpccred(cred);
+ if (new != NULL)
+ put_rpccred(new);
}
static struct rpc_cred *
diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h
index 0fc0b9135d46..fea51b44fe50 100644
--- a/include/linux/nfs_fs_sb.h
+++ b/include/linux/nfs_fs_sb.h
@@ -59,6 +59,7 @@ struct nfs_client {
u32 cl_minorversion;/* NFSv4 minorversion */
struct rpc_cred *cl_machine_cred;
+ struct rpc_cred *cl_root_cred; /* Use when machine_cred is ineffective */
#if IS_ENABLED(CONFIG_NFS_V4)
struct list_head cl_ds_clients; /* auth flavor data servers */
Powered by blists - more mailing lists