| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <af2105e98a924a31ed76462b4076967735285276.camel@kernel.org>
Date: Sun, 19 Oct 2025 09:41:36 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Chuck Lever <chuck.lever@...cle.com>, Miklos Szeredi
<miklos@...redi.hu>, Alexander Viro <viro@...iv.linux.org.uk>, Christian
Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, Alexander Aring
<alex.aring@...il.com>, Trond Myklebust <trondmy@...nel.org>, Anna
Schumaker <anna@...nel.org>, Steve French <sfrench@...ba.org>, Paulo
Alcantara <pc@...guebit.org>, Ronnie Sahlberg <ronniesahlberg@...il.com>,
Shyam Prasad N <sprasad@...rosoft.com>, Tom Talpey <tom@...pey.com>,
Bharath SM <bharathsm@...rosoft.com>, Greg Kroah-Hartman
<gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>,
Danilo Krummrich <dakr@...nel.org>, David Howells <dhowells@...hat.com>,
Tyler Hicks <code@...icks.com>, NeilBrown <neil@...wn.name>, Olga
Kornievskaia <okorniev@...hat.com>, Dai Ngo <Dai.Ngo@...cle.com>, Amir
Goldstein <amir73il@...il.com>, Namjae Jeon <linkinjeon@...nel.org>, Steve
French <smfrench@...il.com>, Sergey Senozhatsky
<senozhatsky@...omium.org>, Carlos Maiolino <cem@...nel.org>, Kuniyuki
Iwashima <kuniyu@...gle.com>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-nfs@...r.kernel.org, linux-cifs@...r.kernel.org,
samba-technical@...ts.samba.org, netfs@...ts.linux.dev,
ecryptfs@...r.kernel.org, linux-unionfs@...r.kernel.org,
linux-xfs@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v2 09/11] nfsd: allow filecache to hold S_IFDIR files
On Sat, 2025-10-18 at 15:33 -0400, Chuck Lever wrote:
> On 10/17/25 7:32 AM, Jeff Layton wrote:
> > The filecache infrastructure will only handle S_IFREG files at the
> > moment. Directory delegations will require adding support for opening
> > S_IFDIR inodes.
> >
> > Plumb a "type" argument into nfsd_file_do_acquire() and have all of the
> > existing callers set it to S_IFREG. Add a new nfsd_file_acquire_dir()
> > wrapper that nfsd can call to request a nfsd_file that holds a directory
> > open.
> >
> > For now, there is no need for a fsnotify_mark for directories, as
> > CB_NOTIFY is not yet supported. Change nfsd_file_do_acquire() to avoid
> > allocating one for non-S_IFREG inodes.
> >
> > Signed-off-by: Jeff Layton <jlayton@...nel.org>
> > ---
> > fs/nfsd/filecache.c | 57 ++++++++++++++++++++++++++++++++++++++++-------------
> > fs/nfsd/filecache.h | 2 ++
> > fs/nfsd/vfs.c | 5 +++--
> > fs/nfsd/vfs.h | 2 +-
> > 4 files changed, 49 insertions(+), 17 deletions(-)
> >
> > diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
> > index a238b6725008a5c2988bd3da874d1f34ee778437..93798575b8075c63f95cd415b6d24df706ada0f6 100644
> > --- a/fs/nfsd/filecache.c
> > +++ b/fs/nfsd/filecache.c
> > @@ -1086,7 +1086,7 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct net *net,
> > struct auth_domain *client,
> > struct svc_fh *fhp,
> > unsigned int may_flags, struct file *file,
> > - struct nfsd_file **pnf, bool want_gc)
> > + umode_t type, bool want_gc, struct nfsd_file **pnf)
> > {
> > unsigned char need = may_flags & NFSD_FILE_MAY_MASK;
> > struct nfsd_file *new, *nf;
> > @@ -1097,13 +1097,13 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct net *net,
> > int ret;
> >
> > retry:
> > - if (rqstp) {
> > - status = fh_verify(rqstp, fhp, S_IFREG,
> > + if (rqstp)
> > + status = fh_verify(rqstp, fhp, type,
> > may_flags|NFSD_MAY_OWNER_OVERRIDE);
> > - } else {
> > - status = fh_verify_local(net, cred, client, fhp, S_IFREG,
> > + else
> > + status = fh_verify_local(net, cred, client, fhp, type,
> > may_flags|NFSD_MAY_OWNER_OVERRIDE);
> > - }
> > +
> > if (status != nfs_ok)
> > return status;
> > inode = d_inode(fhp->fh_dentry);
> > @@ -1176,15 +1176,18 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct net *net,
> >
> > open_file:
> > trace_nfsd_file_alloc(nf);
> > - nf->nf_mark = nfsd_file_mark_find_or_create(inode);
> > - if (nf->nf_mark) {
> > +
> > + if (type == S_IFREG)
> > + nf->nf_mark = nfsd_file_mark_find_or_create(inode);
> > +
> > + if (type != S_IFREG || nf->nf_mark) {
> > if (file) {
> > get_file(file);
> > nf->nf_file = file;
> > status = nfs_ok;
> > trace_nfsd_file_opened(nf, status);
> > } else {
> > - ret = nfsd_open_verified(fhp, may_flags, &nf->nf_file);
> > + ret = nfsd_open_verified(fhp, type, may_flags, &nf->nf_file);
> > if (ret == -EOPENSTALE && stale_retry) {
> > stale_retry = false;
> > nfsd_file_unhash(nf);
> > @@ -1246,7 +1249,7 @@ nfsd_file_acquire_gc(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > unsigned int may_flags, struct nfsd_file **pnf)
> > {
> > return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
> > - fhp, may_flags, NULL, pnf, true);
> > + fhp, may_flags, NULL, S_IFREG, true, pnf);
> > }
> >
> > /**
> > @@ -1271,7 +1274,7 @@ nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > unsigned int may_flags, struct nfsd_file **pnf)
> > {
> > return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
> > - fhp, may_flags, NULL, pnf, false);
> > + fhp, may_flags, NULL, S_IFREG, false, pnf);
> > }
> >
> > /**
> > @@ -1314,8 +1317,8 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
> > const struct cred *save_cred = get_current_cred();
> > __be32 beres;
> >
> > - beres = nfsd_file_do_acquire(NULL, net, cred, client,
> > - fhp, may_flags, NULL, pnf, false);
> > + beres = nfsd_file_do_acquire(NULL, net, cred, client, fhp, may_flags,
> > + NULL, S_IFREG, false, pnf);
> > put_cred(revert_creds(save_cred));
> > return beres;
> > }
> > @@ -1344,7 +1347,33 @@ nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > struct nfsd_file **pnf)
> > {
> > return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
> > - fhp, may_flags, file, pnf, false);
> > + fhp, may_flags, file, S_IFREG, false, pnf);
> > +}
> > +
> > +/**
> > + * nfsd_file_acquire_dir - Get a struct nfsd_file with an open directory
> > + * @rqstp: the RPC transaction being executed
> > + * @fhp: the NFS filehandle of the file to be opened
> > + * @pnf: OUT: new or found "struct nfsd_file" object
> > + *
> > + * The nfsd_file_object returned by this API is reference-counted
> > + * but not garbage-collected. The object is unhashed after the
> > + * final nfsd_file_put(). This opens directories only, and only
> > + * in O_RDONLY mode.
> > + *
> > + * Return values:
> > + * %nfs_ok - @pnf points to an nfsd_file with its reference
> > + * count boosted.
> > + *
> > + * On error, an nfsstat value in network byte order is returned.
> > + */
> > +__be32
> > +nfsd_file_acquire_dir(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > + struct nfsd_file **pnf)
> > +{
> > + return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL, fhp,
> > + NFSD_MAY_READ|NFSD_MAY_64BIT_COOKIE,
> > + NULL, S_IFDIR, false, pnf);
> > }
> >
> > /*
> > diff --git a/fs/nfsd/filecache.h b/fs/nfsd/filecache.h
> > index e3d6ca2b60308e5e91ba4bb32d935f54527d8bda..b383dbc5b9218d21a29b852572f80fab08de9fa9 100644
> > --- a/fs/nfsd/filecache.h
> > +++ b/fs/nfsd/filecache.h
> > @@ -82,5 +82,7 @@ __be32 nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > __be32 nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
> > struct auth_domain *client, struct svc_fh *fhp,
> > unsigned int may_flags, struct nfsd_file **pnf);
> > +__be32 nfsd_file_acquire_dir(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > + struct nfsd_file **pnf);
> > int nfsd_file_cache_stats_show(struct seq_file *m, void *v);
> > #endif /* _FS_NFSD_FILECACHE_H */
> > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
> > index eeb138569eba5df6de361cf6ba29604722e14af9..12c33223b612664dbb3b18b591e97fc708165763 100644
> > --- a/fs/nfsd/vfs.c
> > +++ b/fs/nfsd/vfs.c
> > @@ -959,15 +959,16 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
> > /**
> > * nfsd_open_verified - Open a regular file for the filecache
> > * @fhp: NFS filehandle of the file to open
> > + * @type: S_IFMT inode type allowed (0 means any type is allowed)
> > * @may_flags: internal permission flags
> > * @filp: OUT: open "struct file *"
> > *
> > * Returns zero on success, or a negative errno value.
> > */
> > int
> > -nfsd_open_verified(struct svc_fh *fhp, int may_flags, struct file **filp)
> > +nfsd_open_verified(struct svc_fh *fhp, umode_t type, int may_flags, struct file **filp)
> > {
> > - return __nfsd_open(fhp, S_IFREG, may_flags, filp);
> > + return __nfsd_open(fhp, type, may_flags, filp);
> > }
> >
> > /*
> > diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h
> > index fa46f8b5f132079e3a2c45e71ecf9cc43181f6b0..ded2900d423f80d33fb6c8b809bc5d9fc842ebfd 100644
> > --- a/fs/nfsd/vfs.h
> > +++ b/fs/nfsd/vfs.h
> > @@ -114,7 +114,7 @@ __be32 nfsd_setxattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > int nfsd_open_break_lease(struct inode *, int);
> > __be32 nfsd_open(struct svc_rqst *, struct svc_fh *, umode_t,
> > int, struct file **);
> > -int nfsd_open_verified(struct svc_fh *fhp, int may_flags,
> > +int nfsd_open_verified(struct svc_fh *fhp, umode_t type, int may_flags,
> > struct file **filp);
> > __be32 nfsd_splice_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
> > struct file *file, loff_t offset,
> >
>
> Reviewed-by: Chuck Lever <chuck.lever@...cle.com>
>
> These can probably go in via Christian's tree. I don't think there
> are going to be conflicts between these and what's in nfsd-testing
> now.
That would work. I think I have at least one more respin of the VFS
bits before we merge anything anyway.
--
Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists