[PATCH Version 4 0/5] Avoid expired credential keys for buffered writes

[PATCH Version 4 0/5] Avoid expired credential keys for buffered writes

[andros]

From: Andy Adamson <andros@netapp.com>

This code has been refactored since version 3, and the first two patches
are new.

Related code to destroy the gss context upon kdestoy that also uses some of the
underlying SUNRPC functionality will come in a separate patch set. 

-----------
Version 3, responded to comments:

1) Changed "SUNRPC Fix rpc_verify_header error returns" into
"SUNRPC refactor rpcauth_checkverf error returns" which only returns -EACCES on
rpcauth_checkverf error in gss_validate if -EKEYEXPIRED is returned.

Rebased on 3.7-rc7 Trond's testing branch.
-------------
Version 2, responded to comments:
1) Just use high water mark
2) Move expiration testing into nfs_file_write
3) Added a patch to clean up rpc_verify_header error processing

Edited explanation from version 3:

We must avoid buffering a WRITE that is using a credential key (e.g. a GSS
context key) that is about to expire.  We currently will paint ourselves into
a corner by returning success to the applciation for such a buffered WRITE,
only to discover that we do not have permission when we attempt to flush the
WRITE (and potentially associated COMMIT) to disk.  This results in the
the application thinking it has written more to disk than it actually has.

Pages for buffered WRITEs are allocated in nfs_write_begin where we have an
nfs_open_context and associated rpc_cred. This is a generic rpc_cred, NOT
the gss_cred used in the actual WRITE RPC. Each WRITE RPC call takes the generic
rpc_cred (or uses the 'current_cred') uid and uses it to lookup the associated
gss_cred and gss_context in the call_refresh RPC state. So, there is a
one-to-one association between the nfs_open_context generic_cred and a
gss_cred with a matching uid and a valid non expired gss context.

We need to check the nfs_open_context generic cred 'underlying' gss_cred
gss_context gc_expiry in nfs_write_begin to determine if there is enough
time left in the gss_context lifetime to complete the buffered WRITEs.

I've added a credential key expiry watermark, RPC_KEY_EXPIRE_TIMEO set to 240
seconds as a default and can be set via a module parameter as we need to
ensure there is time for any dirty data to be flushed.

If a WRITE is using a credential with a key that will expire within
watermark seconds, we flush the inode in nfs_write_end and send only
NFS_FILE_SYNC WRITEs.

TESTING:

We've begun testing upstream kernels mounting Kerberos shares, and will test
these changes for regressions.

I've tested the kernel without these changes, and then with these changes using
a modified Connectathon Special test5 that holds the file open and rewrites to
ensure that buffered writing is occuring as the GSS context expires.

I've verified that without this patch set, the bytes written that the test
application sees is more than the bytes written to the file system (ls -l0

I've verified that with a long enough watermark, the bytes written that the
test application calculates is equal to the bytes written to the file
system (ls -l).

-->Andy

Andy Adamson (5):
  SUNRPC: don't map EKEYEXPIRED to EACCES in call_refreshresult
  NFS: Warn when attempting a buffered write or commit with an expired
    credential
  SUNRPC new rpc_credops to test credential expiry
  NFS avoid expired credential keys for buffered writes
  SUNRPC refactor rpcauth_checkverf error returns

 fs/nfs/file.c                  | 19 +++++++++-
 fs/nfs/internal.h              |  2 ++
 fs/nfs/write.c                 | 37 +++++++++++++++++++
 include/linux/sunrpc/auth.h    | 16 +++++++++
 net/sunrpc/auth.c              | 21 +++++++++++
 net/sunrpc/auth_generic.c      | 82 ++++++++++++++++++++++++++++++++++++++++++
 net/sunrpc/auth_gss/auth_gss.c | 61 ++++++++++++++++++++++++++++---
 net/sunrpc/auth_null.c         |  5 +--
 net/sunrpc/auth_unix.c         |  5 +--
 net/sunrpc/clnt.c              | 19 +++++-----
 10 files changed, 250 insertions(+), 17 deletions(-)

-- 
1.8.3.1

[PATCH Version 4 1/5] SUNRPC: don't map EKEYEXPIRED to EACCES in call_refreshresult

[andros]

From: Andy Adamson <andros@netapp.com>

The NFS layer needs to know when a key has expired.
This change also returns -EKEYEXPIRED to the application, and the informative
"Key has expired" error message is displayed. The user then knows that
credential renewal is required.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 net/sunrpc/clnt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index aa40156..68e8595 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1426,9 +1426,9 @@ call_refreshresult(struct rpc_task *task)
 		return;
 	case -ETIMEDOUT:
 		rpc_delay(task, 3*HZ);
-	case -EKEYEXPIRED:
 	case -EAGAIN:
 		status = -EACCES;
+	case -EKEYEXPIRED:
 		if (!task->tk_cred_retry)
 			break;
 		task->tk_cred_retry--;
-- 
1.8.3.1

[PATCH Version 4 2/5] NFS: Warn when attempting a buffered write or commit with an expired credential

[andros]

From: Andy Adamson <andros@netapp.com>

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 fs/nfs/write.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index f1bdb72..724c845 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1330,6 +1330,14 @@ void nfs_writeback_done(struct rpc_task *task, struct nfs_write_data *data)
 	dprintk("NFS: %5u nfs_writeback_done (status %d)\n",
 		task->tk_pid, task->tk_status);
 
+	if (task->tk_status == -EKEYEXPIRED)
+		pr_warn("NFS:	write attempt with expired credential "
+			"req %s/%lld, %u bytes @ offset %llu\n",
+			inode->i_sb->s_id,
+			(long long)NFS_FILEID(inode),
+			data->args.count,
+			(unsigned long long)data->args.offset);
+
 	/*
 	 * ->write_done will attempt to use post-op attributes to detect
 	 * conflicting writes by other clients.  A strict interpretation
@@ -1556,6 +1564,8 @@ static void nfs_commit_done(struct rpc_task *task, void *calldata)
 
         dprintk("NFS: %5u nfs_commit_done (status %d)\n",
                                 task->tk_pid, task->tk_status);
+	if (task->tk_status == -EKEYEXPIRED)
+		pr_warn("NFS: commit attempt with expired credential\n");
 
 	/* Call the NFS version-specific code */
 	NFS_PROTO(data->inode)->commit_done(task, data);
-- 
1.8.3.1

[PATCH Version 4 3/5] SUNRPC new rpc_credops to test credential expiry

[andros]

From: Andy Adamson <andros@netapp.com>

This patch provides the RPC layer helper functions to allow NFS to manage
data in the face of expired credentials - such as avoiding buffered WRITEs
and COMMITs when the gss context will expire before the WRITEs are flushed
and COMMITs are sent.

These helper functions enable checking the expiration of an underlying
credential key for a generic rpc credential, e.g. the gss_cred gss context
gc_expiry which for Kerberos is set to the remaining TGT lifetime.

A new rpc_authops key_timeout is only defined for the generic auth.
A new rpc_credops crkey_to_expire is only defined for the generic cred.
A new rpc_credops crkey_timeout is only defined for the gss cred.

Set a credential key expiry watermark, RPC_KEY_EXPIRE_TIMEO set to 240 seconds
as a default and can be set via a module parameter as we need to ensure there
is time for any dirty data to be flushed.

If key_timeout is called on a credential with an underlying credential key that
will expire within watermark seconds, we set the RPC_CRED_KEY_EXPIRE_SOON
flag in the generic_cred acred so that the NFS layer can clean up prior to
key expiration.

Checking a generic credential's underlying credential involves a cred lookup.
To avoid this lookup in the normal case when the underlying credential has
a key that is valid (before the watermark), a notify flag is set in
the generic credential the first time the key_timeout is called. The
generic credential then stops checking the underlying credential key expiry, and
the underlying credential (gss_cred) match routine then checks the key
expiration upon each normal use and sets a flag in the associated generic
credential only when the key expiration is within the watermark.
This in turn signals the generic credential key_timeout to perform the extra
credential lookup thereafter.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 include/linux/sunrpc/auth.h    | 16 +++++++++
 net/sunrpc/auth.c              | 21 +++++++++++
 net/sunrpc/auth_generic.c      | 82 ++++++++++++++++++++++++++++++++++++++++++
 net/sunrpc/auth_gss/auth_gss.c | 54 ++++++++++++++++++++++++++--
 4 files changed, 171 insertions(+), 2 deletions(-)

diff --git a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h
index 0dd00f4..a79d042 100644
--- a/include/linux/sunrpc/auth.h
+++ b/include/linux/sunrpc/auth.h
@@ -24,12 +24,21 @@
 
 struct rpcsec_gss_info;
 
+/* auth_cred ac_flags bits */
+enum {
+	RPC_CRED_NO_CRKEY_TIMEOUT = 0, /* underlying cred has no key timeout */
+	RPC_CRED_KEY_EXPIRE_SOON = 1, /* underlying cred key will expire soon */
+	RPC_CRED_NOTIFY_TIMEOUT = 2,   /* nofity generic cred when underlying
+					key will expire soon */
+};
+
 /* Work around the lack of a VFS credential */
 struct auth_cred {
 	kuid_t	uid;
 	kgid_t	gid;
 	struct group_info *group_info;
 	const char *principal;
+	unsigned long ac_flags;
 	unsigned char machine_cred : 1;
 };
 
@@ -108,6 +117,8 @@ struct rpc_authops {
 	rpc_authflavor_t	(*info2flavor)(struct rpcsec_gss_info *);
 	int			(*flavor2info)(rpc_authflavor_t,
 						struct rpcsec_gss_info *);
+	int			(*key_timeout)(struct rpc_auth *,
+						struct rpc_cred *);
 };
 
 struct rpc_credops {
@@ -124,6 +135,8 @@ struct rpc_credops {
 						void *, __be32 *, void *);
 	int			(*crunwrap_resp)(struct rpc_task *, kxdrdproc_t,
 						void *, __be32 *, void *);
+	int			(*crkey_timeout)(struct rpc_cred *);
+	bool			(*crkey_to_expire)(struct rpc_cred *);
 };
 
 extern const struct rpc_authops	authunix_ops;
@@ -162,6 +175,9 @@ int			rpcauth_uptodatecred(struct rpc_task *);
 int			rpcauth_init_credcache(struct rpc_auth *);
 void			rpcauth_destroy_credcache(struct rpc_auth *);
 void			rpcauth_clear_credcache(struct rpc_cred_cache *);
+int			rpcauth_key_timeout_notify(struct rpc_auth *,
+						struct rpc_cred *);
+bool			rpcauth_cred_key_to_expire(struct rpc_cred *);
 
 static inline
 struct rpc_cred *	get_rpccred(struct rpc_cred *cred)
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index ed2fdd2..1741370 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -343,6 +343,27 @@ out_nocache:
 EXPORT_SYMBOL_GPL(rpcauth_init_credcache);
 
 /*
+ * Setup a credential key lifetime timeout notification
+ */
+int
+rpcauth_key_timeout_notify(struct rpc_auth *auth, struct rpc_cred *cred)
+{
+	if (!cred->cr_auth->au_ops->key_timeout)
+		return 0;
+	return cred->cr_auth->au_ops->key_timeout(auth, cred);
+}
+EXPORT_SYMBOL_GPL(rpcauth_key_timeout_notify);
+
+bool
+rpcauth_cred_key_to_expire(struct rpc_cred *cred)
+{
+	if (!cred->cr_ops->crkey_to_expire)
+		return false;
+	return cred->cr_ops->crkey_to_expire(cred);
+}
+EXPORT_SYMBOL_GPL(rpcauth_cred_key_to_expire);
+
+/*
  * Destroy a list of credentials
  */
 static inline
diff --git a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c
index b6badaf..7430d38 100644
--- a/net/sunrpc/auth_generic.c
+++ b/net/sunrpc/auth_generic.c
@@ -89,6 +89,7 @@ generic_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
 	gcred->acred.uid = acred->uid;
 	gcred->acred.gid = acred->gid;
 	gcred->acred.group_info = acred->group_info;
+	gcred->acred.ac_flags = 0;
 	if (gcred->acred.group_info != NULL)
 		get_group_info(gcred->acred.group_info);
 	gcred->acred.machine_cred = acred->machine_cred;
@@ -182,11 +183,78 @@ void rpc_destroy_generic_auth(void)
 	rpcauth_destroy_credcache(&generic_auth);
 }
 
+/*
+ * Test the the current time (now) against the underlying credential key expiry
+ * minus a timeout and setup notification.
+ *
+ * The normal case:
+ * If 'now' is before the key expiry minus RPC_KEY_EXPIRE_TIMEO, set
+ * the RPC_CRED_NOTIFY_TIMEOUT flag to setup the underlying credential
+ * rpc_credops crmatch routine to notify this generic cred when it's key
+ * expiration is within RPC_KEY_EXPIRE_TIMEO, and return 0.
+ *
+ * The error case:
+ * If the underlying cred lookup fails, return -EACCES.
+ *
+ * The 'almost' error case:
+ * If 'now' is within key expiry minus RPC_KEY_EXPIRE_TIMEO, but not within
+ * key expiry minus RPC_KEY_EXPIRE_FAIL, set the RPC_CRED_EXPIRE_SOON bit
+ * on the acred ac_flags and return 0.
+ */
+static int
+generic_key_timeout(struct rpc_auth *auth, struct rpc_cred *cred)
+{
+	struct auth_cred *acred = &container_of(cred, struct generic_cred,
+						gc_base)->acred;
+	struct rpc_cred *tcred;
+	int ret = 0;
+
+
+	/* Fast track for non crkey_timeout (no key) underlying credentials */
+	if (test_bit(RPC_CRED_NO_CRKEY_TIMEOUT, &acred->ac_flags))
+		return 0;
+
+	/* Fast track for the normal case */
+	if (test_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags))
+		return 0;
+
+	/* lookup_cred either returns a valid referenced rpc_cred, or PTR_ERR */
+	tcred = auth->au_ops->lookup_cred(auth, acred, 0);
+	if (IS_ERR(tcred))
+		return -EACCES;
+
+	if (!tcred->cr_ops->crkey_timeout) {
+		set_bit(RPC_CRED_NO_CRKEY_TIMEOUT, &acred->ac_flags);
+		ret = 0;
+		goto out_put;
+	}
+
+	/* Test for the almost error case */
+	ret = tcred->cr_ops->crkey_timeout(tcred);
+	if (ret != 0) {
+		set_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags);
+		ret = 0;
+	} else {
+		/* In case underlying cred key has been reset */
+		if (test_and_clear_bit(RPC_CRED_KEY_EXPIRE_SOON,
+					&acred->ac_flags))
+			pr_warn("RPC: UID %d Credential key reset\n",
+				tcred->cr_uid);
+		/* set up fasttrack for the normal case */
+		set_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags);
+	}
+
+out_put:
+	put_rpccred(tcred);
+	return ret;
+}
+
 static const struct rpc_authops generic_auth_ops = {
 	.owner = THIS_MODULE,
 	.au_name = "Generic",
 	.lookup_cred = generic_lookup_cred,
 	.crcreate = generic_create_cred,
+	.key_timeout = generic_key_timeout,
 };
 
 static struct rpc_auth generic_auth = {
@@ -194,9 +262,23 @@ static struct rpc_auth generic_auth = {
 	.au_count = ATOMIC_INIT(0),
 };
 
+static bool generic_key_to_expire(struct rpc_cred *cred)
+{
+	struct auth_cred *acred = &container_of(cred, struct generic_cred,
+						gc_base)->acred;
+	bool ret;
+
+	get_rpccred(cred);
+	ret = test_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags);
+	put_rpccred(cred);
+
+	return ret;
+}
+
 static const struct rpc_credops generic_credops = {
 	.cr_name = "Generic cred",
 	.crdestroy = generic_destroy_cred,
 	.crbind = generic_bind_cred,
 	.crmatch = generic_match,
+	.crkey_to_expire = generic_key_to_expire,
 };
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index fc2f78d..e1f4735 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -62,6 +62,9 @@ static const struct rpc_credops gss_nullops;
 #define GSS_RETRY_EXPIRED 5
 static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
 
+#define GSS_KEY_EXPIRE_TIMEO 240
+static unsigned int gss_key_expire_timeo = GSS_KEY_EXPIRE_TIMEO;
+
 #ifdef RPC_DEBUG
 # define RPCDBG_FACILITY	RPCDBG_AUTH
 #endif
@@ -1126,10 +1129,32 @@ gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
 	return err;
 }
 
+/*
+ * Returns -EACCES if GSS context is NULL or will expire within the
+ * timeout (miliseconds)
+ */
+static int
+gss_key_timeout(struct rpc_cred *rc)
+{
+	struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
+	unsigned long now = jiffies;
+	unsigned long expire;
+
+	if (gss_cred->gc_ctx == NULL)
+		return -EACCES;
+
+	expire = gss_cred->gc_ctx->gc_expiry - (gss_key_expire_timeo * HZ);
+
+	if (time_after(now, expire))
+		return -EACCES;
+	return 0;
+}
+
 static int
 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
 {
 	struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
+	int ret;
 
 	if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
 		goto out;
@@ -1142,11 +1167,28 @@ out:
 	if (acred->principal != NULL) {
 		if (gss_cred->gc_principal == NULL)
 			return 0;
-		return strcmp(acred->principal, gss_cred->gc_principal) == 0;
+		ret = strcmp(acred->principal, gss_cred->gc_principal) == 0;
+		goto check_expire;
 	}
 	if (gss_cred->gc_principal != NULL)
 		return 0;
-	return uid_eq(rc->cr_uid, acred->uid);
+	ret = uid_eq(rc->cr_uid, acred->uid);
+
+check_expire:
+	if (ret == 0)
+		return ret;
+
+	/* Notify acred users of GSS context expiration timeout */
+	if (test_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags) &&
+	    (gss_key_timeout(rc) != 0)) {
+		/* test will now be done from generic cred */
+		test_and_clear_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags);
+		/* tell NFS layer that key will expire soon */
+		set_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags);
+		pr_warn("RPC: UID %d GSS context to expire within %d seconds\n",
+			rc->cr_uid, gss_key_expire_timeo);
+	}
+	return ret;
 }
 
 /*
@@ -1675,6 +1717,7 @@ static const struct rpc_credops gss_credops = {
 	.crvalidate	= gss_validate,
 	.crwrap_req	= gss_wrap_req,
 	.crunwrap_resp	= gss_unwrap_resp,
+	.crkey_timeout	= gss_key_timeout,
 };
 
 static const struct rpc_credops gss_nullops = {
@@ -1762,5 +1805,12 @@ module_param_named(expired_cred_retry_delay,
 MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
 		"the RPC engine retries an expired credential");
 
+module_param_named(key_expire_timeo,
+		   gss_key_expire_timeo,
+		   uint, 0644);
+MODULE_PARM_DESC(key_expire_timeo, "Time (in seconds) at the end of a "
+		"credential keys lifetime where the NFS layer cleans up "
+		"prior to key expiration");
+
 module_init(init_rpcsec_gss)
 module_exit(exit_rpcsec_gss)
-- 
1.8.3.1

[PATCH Version 4 4/5] NFS avoid expired credential keys for buffered writes

[andros]

From: Andy Adamson <andros@netapp.com>

We must avoid buffering a WRITE that is using a credential key (e.g. a GSS
context key) that is about to expire.  We currently will paint ourselves
into a corner by returning success to the applciation for such a buffered
WRITE, only to discover that we do not have permission when
we attempt to flush the WRITE (and potentially associated COMMIT) to disk.

Use the RPC layer credential key timeout and expire routines which use a
a watermark, gss_key_expire_timeo. We test the key in nfs_file_write.

If a WRITE is using a credential with a key that will expire within
watermark seconds, flush the inode in nfs_write_end and send only
NFS_FILE_SYNC WRITEs by adding nfs_ctx_key_to_expire to nfs_need_sync_write.
Note that this results in single page NFS_FILE_SYNC WRITEs.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 fs/nfs/file.c     | 19 ++++++++++++++++++-
 fs/nfs/internal.h |  2 ++
 fs/nfs/write.c    | 27 +++++++++++++++++++++++++++
 3 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 94e94bd..dfff8df 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -406,6 +406,7 @@ static int nfs_write_end(struct file *file, struct address_space *mapping,
 			struct page *page, void *fsdata)
 {
 	unsigned offset = pos & (PAGE_CACHE_SIZE - 1);
+	struct nfs_open_context *ctx = nfs_file_open_context(file);
 	int status;
 
 	dfprintk(PAGECACHE, "NFS: write_end(%s/%s(%ld), %u@%lld)\n",
@@ -441,6 +442,17 @@ static int nfs_write_end(struct file *file, struct address_space *mapping,
 	if (status < 0)
 		return status;
 	NFS_I(mapping->host)->write_io += copied;
+
+	if (nfs_ctx_key_to_expire(ctx)) {
+		pr_warn_once("NFS:	Credential Key to expire. Flush %s/%s(%ld)\n",
+			file->f_path.dentry->d_parent->d_name.name,
+			file->f_path.dentry->d_name.name,
+			mapping->host->i_ino);
+		status = nfs_wb_all(mapping->host);
+		if (status < 0)
+			return status;
+	}
+
 	return copied;
 }
 
@@ -637,7 +649,8 @@ static int nfs_need_sync_write(struct file *filp, struct inode *inode)
 	if (IS_SYNC(inode) || (filp->f_flags & O_DSYNC))
 		return 1;
 	ctx = nfs_file_open_context(filp);
-	if (test_bit(NFS_CONTEXT_ERROR_WRITE, &ctx->flags))
+	if (test_bit(NFS_CONTEXT_ERROR_WRITE, &ctx->flags) ||
+	    nfs_ctx_key_to_expire(ctx))
 		return 1;
 	return 0;
 }
@@ -651,6 +664,10 @@ ssize_t nfs_file_write(struct kiocb *iocb, const struct iovec *iov,
 	ssize_t result;
 	size_t count = iov_length(iov, nr_segs);
 
+	result = nfs_key_timeout_notify(iocb->ki_filp, inode);
+	if (result)
+		return result;
+
 	if (iocb->ki_filp->f_flags & O_DIRECT)
 		return nfs_file_direct_write(iocb, iov, nr_segs, pos, true);
 
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 3c8373f..e86dc20 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -430,6 +430,8 @@ void nfs_request_remove_commit_list(struct nfs_page *req,
 void nfs_init_cinfo(struct nfs_commit_info *cinfo,
 		    struct inode *inode,
 		    struct nfs_direct_req *dreq);
+int nfs_key_timeout_notify(struct file *filp, struct inode *inode);
+bool nfs_ctx_key_to_expire(struct nfs_open_context *ctx);
 
 #ifdef CONFIG_MIGRATION
 extern int nfs_migrate_page(struct address_space *,
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 724c845..144085c 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -874,6 +874,33 @@ int nfs_flush_incompatible(struct file *file, struct page *page)
 }
 
 /*
+ * Avoid buffered writes when a open context credential's key would
+ * expire soon.
+ *
+ * Returns -EACCES if the key will expire within RPC_KEY_EXPIRE_FAIL.
+ *
+ * Return 0 and set a credential flag which triggers the inode to flush
+ * and performs  NFS_FILE_SYNC writes if the key will expired within
+ * RPC_KEY_EXPIRE_TIMEO.
+ */
+int
+nfs_key_timeout_notify(struct file *filp, struct inode *inode)
+{
+	struct nfs_open_context *ctx = nfs_file_open_context(filp);
+	struct rpc_auth *auth = NFS_SERVER(inode)->client->cl_auth;
+
+	return rpcauth_key_timeout_notify(auth, ctx->cred);
+}
+
+/*
+ * Test if the open context credential key is marked to expire soon.
+ */
+bool nfs_ctx_key_to_expire(struct nfs_open_context *ctx)
+{
+	return rpcauth_cred_key_to_expire(ctx->cred);
+}
+
+/*
  * If the page cache is marked as unsafe or invalid, then we can't rely on
  * the PageUptodate() flag. In this case, we will need to turn off
  * write optimisations that depend on the page contents being correct.
-- 
1.8.3.1

[PATCH Version 4 5/5] SUNRPC refactor rpcauth_checkverf error returns

[andros]

From: Andy Adamson <andros@netapp.com>

Most of the time an error from the credops crvalidate function means the
server has sent us a garbage verifier. The gss_validate function is the
exception where there is an -EACCES case if the user GSS_context on the client
has expired.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 net/sunrpc/auth_gss/auth_gss.c |  7 +++++--
 net/sunrpc/auth_null.c         |  5 +++--
 net/sunrpc/auth_unix.c         |  5 +++--
 net/sunrpc/clnt.c              | 17 ++++++++++-------
 4 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index e1f4735..d0500bc 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -1334,6 +1334,7 @@ gss_validate(struct rpc_task *task, __be32 *p)
 	struct xdr_netobj mic;
 	u32		flav,len;
 	u32		maj_stat;
+	__be32		*ret = ERR_PTR(-EIO);
 
 	dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
 
@@ -1349,6 +1350,7 @@ gss_validate(struct rpc_task *task, __be32 *p)
 	mic.data = (u8 *)p;
 	mic.len = len;
 
+	ret = ERR_PTR(-EACCES);
 	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
 	if (maj_stat == GSS_S_CONTEXT_EXPIRED)
 		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
@@ -1366,8 +1368,9 @@ gss_validate(struct rpc_task *task, __be32 *p)
 	return p + XDR_QUADLEN(len);
 out_bad:
 	gss_put_ctx(ctx);
-	dprintk("RPC: %5u %s failed.\n", task->tk_pid, __func__);
-	return NULL;
+	dprintk("RPC: %5u %s failed ret %ld.\n", task->tk_pid, __func__,
+		PTR_ERR(ret));
+	return ret;
 }
 
 static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
diff --git a/net/sunrpc/auth_null.c b/net/sunrpc/auth_null.c
index a5c36c0..d60a673 100644
--- a/net/sunrpc/auth_null.c
+++ b/net/sunrpc/auth_null.c
@@ -84,17 +84,18 @@ nul_validate(struct rpc_task *task, __be32 *p)
 {
 	rpc_authflavor_t	flavor;
 	u32			size;
+	__be32			*ret = ERR_PTR(-EIO);
 
 	flavor = ntohl(*p++);
 	if (flavor != RPC_AUTH_NULL) {
 		printk("RPC: bad verf flavor: %u\n", flavor);
-		return NULL;
+		return ret;
 	}
 
 	size = ntohl(*p++);
 	if (size != 0) {
 		printk("RPC: bad verf size: %u\n", size);
-		return NULL;
+		return ret;
 	}
 
 	return p;
diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c
index dc37021..461a444 100644
--- a/net/sunrpc/auth_unix.c
+++ b/net/sunrpc/auth_unix.c
@@ -186,19 +186,20 @@ unx_validate(struct rpc_task *task, __be32 *p)
 {
 	rpc_authflavor_t	flavor;
 	u32			size;
+	__be32			*ret = ERR_PTR(-EIO);
 
 	flavor = ntohl(*p++);
 	if (flavor != RPC_AUTH_NULL &&
 	    flavor != RPC_AUTH_UNIX &&
 	    flavor != RPC_AUTH_SHORT) {
 		printk("RPC: bad verf flavor: %u\n", flavor);
-		return NULL;
+		return ret;
 	}
 
 	size = ntohl(*p++);
 	if (size > RPC_MAX_AUTH_SIZE) {
 		printk("RPC: giant verf size: %u\n", size);
-		return NULL;
+		return ret;
 	}
 	task->tk_rqstp->rq_cred->cr_auth->au_rslack = (size >> 2) + 2;
 	p += (size >> 2);
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 68e8595..5efc89c 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -2090,7 +2090,8 @@ rpc_verify_header(struct rpc_task *task)
 		dprintk("RPC: %5u %s: XDR representation not a multiple of"
 		       " 4 bytes: 0x%x\n", task->tk_pid, __func__,
 		       task->tk_rqstp->rq_rcv_buf.len);
-		goto out_eio;
+		error = -EIO;
+		goto out_err;
 	}
 	if ((len -= 3) < 0)
 		goto out_overflow;
@@ -2099,6 +2100,7 @@ rpc_verify_header(struct rpc_task *task)
 	if ((n = ntohl(*p++)) != RPC_REPLY) {
 		dprintk("RPC: %5u %s: not an RPC reply: %x\n",
 			task->tk_pid, __func__, n);
+		error = -EIO;
 		goto out_garbage;
 	}
 
@@ -2117,7 +2119,8 @@ rpc_verify_header(struct rpc_task *task)
 			dprintk("RPC: %5u %s: RPC call rejected, "
 				"unknown error: %x\n",
 				task->tk_pid, __func__, n);
-			goto out_eio;
+			error = -EIO;
+			goto out_err;
 		}
 		if (--len < 0)
 			goto out_overflow;
@@ -2162,9 +2165,11 @@ rpc_verify_header(struct rpc_task *task)
 				task->tk_pid, __func__, n);
 		goto out_err;
 	}
-	if (!(p = rpcauth_checkverf(task, p))) {
-		dprintk("RPC: %5u %s: auth check failed\n",
-				task->tk_pid, __func__);
+	p = rpcauth_checkverf(task, p);
+	if (IS_ERR(p)) {
+		error = PTR_ERR(p);
+		dprintk("RPC: %5u %s: auth check failed with %d\n",
+				task->tk_pid, __func__, error);
 		goto out_garbage;		/* bad verifier, retry */
 	}
 	len = p - (__be32 *)iov->iov_base - 1;
@@ -2217,8 +2222,6 @@ out_garbage:
 out_retry:
 		return ERR_PTR(-EAGAIN);
 	}
-out_eio:
-	error = -EIO;
 out_err:
 	rpc_exit(task, error);
 	dprintk("RPC: %5u %s: call failed with error %d\n", task->tk_pid,
-- 
1.8.3.1

Re: [PATCH Version 4 2/5] NFS: Warn when attempting a buffered write or commit with an expired credential

[Myklebust, Trond]

T24gVGh1LCAyMDEzLTA3LTE4IGF0IDE1OjM1IC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IFNpZ25l
ZC1vZmYtYnk6IEFuZHkgQWRhbXNvbiA8YW5kcm9zQG5ldGFwcC5jb20+DQo+IC0tLQ0KPiAgZnMv
bmZzL3dyaXRlLmMgfCAxMCArKysrKysrKysrDQo+ICAxIGZpbGUgY2hhbmdlZCwgMTAgaW5zZXJ0
aW9ucygrKQ0KPiANCj4gZGlmZiAtLWdpdCBhL2ZzL25mcy93cml0ZS5jIGIvZnMvbmZzL3dyaXRl
LmMNCj4gaW5kZXggZjFiZGI3Mi4uNzI0Yzg0NSAxMDA2NDQNCj4gLS0tIGEvZnMvbmZzL3dyaXRl
LmMNCj4gKysrIGIvZnMvbmZzL3dyaXRlLmMNCj4gQEAgLTEzMzAsNiArMTMzMCwxNCBAQCB2b2lk
IG5mc193cml0ZWJhY2tfZG9uZShzdHJ1Y3QgcnBjX3Rhc2sgKnRhc2ssIHN0cnVjdCBuZnNfd3Jp
dGVfZGF0YSAqZGF0YSkNCj4gIAlkcHJpbnRrKCJORlM6ICU1dSBuZnNfd3JpdGViYWNrX2RvbmUg
KHN0YXR1cyAlZClcbiIsDQo+ICAJCXRhc2stPnRrX3BpZCwgdGFzay0+dGtfc3RhdHVzKTsNCj4g
IA0KPiArCWlmICh0YXNrLT50a19zdGF0dXMgPT0gLUVLRVlFWFBJUkVEKQ0KPiArCQlwcl93YXJu
KCJORlM6CXdyaXRlIGF0dGVtcHQgd2l0aCBleHBpcmVkIGNyZWRlbnRpYWwgIg0KPiArCQkJInJl
cSAlcy8lbGxkLCAldSBieXRlcyBAIG9mZnNldCAlbGx1XG4iLA0KPiArCQkJaW5vZGUtPmlfc2It
PnNfaWQsDQo+ICsJCQkobG9uZyBsb25nKU5GU19GSUxFSUQoaW5vZGUpLA0KPiArCQkJZGF0YS0+
YXJncy5jb3VudCwNCj4gKwkJCSh1bnNpZ25lZCBsb25nIGxvbmcpZGF0YS0+YXJncy5vZmZzZXQp
Ow0KDQpUaGlzIG5lZWRzIHRvIGJlIHJhdGVsaW1pdGVkIHRvIGF2b2lkIHRyb3VibGUgd2l0aCBz
eXNsb2cuDQoNCj4gKw0KPiAgCS8qDQo+ICAJICogLT53cml0ZV9kb25lIHdpbGwgYXR0ZW1wdCB0
byB1c2UgcG9zdC1vcCBhdHRyaWJ1dGVzIHRvIGRldGVjdA0KPiAgCSAqIGNvbmZsaWN0aW5nIHdy
aXRlcyBieSBvdGhlciBjbGllbnRzLiAgQSBzdHJpY3QgaW50ZXJwcmV0YXRpb24NCj4gQEAgLTE1
NTYsNiArMTU2NCw4IEBAIHN0YXRpYyB2b2lkIG5mc19jb21taXRfZG9uZShzdHJ1Y3QgcnBjX3Rh
c2sgKnRhc2ssIHZvaWQgKmNhbGxkYXRhKQ0KPiAgDQo+ICAgICAgICAgIGRwcmludGsoIk5GUzog
JTV1IG5mc19jb21taXRfZG9uZSAoc3RhdHVzICVkKVxuIiwNCj4gICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgdGFzay0+dGtfcGlkLCB0YXNrLT50a19zdGF0dXMpOw0KPiArCWlmICh0
YXNrLT50a19zdGF0dXMgPT0gLUVLRVlFWFBJUkVEKQ0KPiArCQlwcl93YXJuKCJORlM6IGNvbW1p
dCBhdHRlbXB0IHdpdGggZXhwaXJlZCBjcmVkZW50aWFsXG4iKTsNCg0KQWdhaW4sIHRoaXMgd2Fu
dHMgdG8gYmUgcmF0ZSBsaW1pdGVkLg0KDQo+ICANCj4gIAkvKiBDYWxsIHRoZSBORlMgdmVyc2lv
bi1zcGVjaWZpYyBjb2RlICovDQo+ICAJTkZTX1BST1RPKGRhdGEtPmlub2RlKS0+Y29tbWl0X2Rv
bmUodGFzaywgZGF0YSk7DQoNCi0tIA0KVHJvbmQgTXlrbGVidXN0DQpMaW51eCBORlMgY2xpZW50
IG1haW50YWluZXINCg0KTmV0QXBwDQpUcm9uZC5NeWtsZWJ1c3RAbmV0YXBwLmNvbQ0Kd3d3Lm5l
dGFwcC5jb20NCg==

Re: [PATCH Version 4 4/5] NFS avoid expired credential keys for buffered writes

[Myklebust, Trond]

T24gVGh1LCAyMDEzLTA3LTE4IGF0IDE1OjM1IC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IFdlIG11
c3QgYXZvaWQgYnVmZmVyaW5nIGEgV1JJVEUgdGhhdCBpcyB1c2luZyBhIGNyZWRlbnRpYWwga2V5
IChlLmcuIGEgR1NTDQo+IGNvbnRleHQga2V5KSB0aGF0IGlzIGFib3V0IHRvIGV4cGlyZS4gIFdl
IGN1cnJlbnRseSB3aWxsIHBhaW50IG91cnNlbHZlcw0KPiBpbnRvIGEgY29ybmVyIGJ5IHJldHVy
bmluZyBzdWNjZXNzIHRvIHRoZSBhcHBsY2lhdGlvbiBmb3Igc3VjaCBhIGJ1ZmZlcmVkDQo+IFdS
SVRFLCBvbmx5IHRvIGRpc2NvdmVyIHRoYXQgd2UgZG8gbm90IGhhdmUgcGVybWlzc2lvbiB3aGVu
DQo+IHdlIGF0dGVtcHQgdG8gZmx1c2ggdGhlIFdSSVRFIChhbmQgcG90ZW50aWFsbHkgYXNzb2Np
YXRlZCBDT01NSVQpIHRvIGRpc2suDQo+IA0KPiBVc2UgdGhlIFJQQyBsYXllciBjcmVkZW50aWFs
IGtleSB0aW1lb3V0IGFuZCBleHBpcmUgcm91dGluZXMgd2hpY2ggdXNlIGENCj4gYSB3YXRlcm1h
cmssIGdzc19rZXlfZXhwaXJlX3RpbWVvLiBXZSB0ZXN0IHRoZSBrZXkgaW4gbmZzX2ZpbGVfd3Jp
dGUuDQo+IA0KPiBJZiBhIFdSSVRFIGlzIHVzaW5nIGEgY3JlZGVudGlhbCB3aXRoIGEga2V5IHRo
YXQgd2lsbCBleHBpcmUgd2l0aGluDQo+IHdhdGVybWFyayBzZWNvbmRzLCBmbHVzaCB0aGUgaW5v
ZGUgaW4gbmZzX3dyaXRlX2VuZCBhbmQgc2VuZCBvbmx5DQo+IE5GU19GSUxFX1NZTkMgV1JJVEVz
IGJ5IGFkZGluZyBuZnNfY3R4X2tleV90b19leHBpcmUgdG8gbmZzX25lZWRfc3luY193cml0ZS4N
Cj4gTm90ZSB0aGF0IHRoaXMgcmVzdWx0cyBpbiBzaW5nbGUgcGFnZSBORlNfRklMRV9TWU5DIFdS
SVRFcy4NCj4gDQo+IFNpZ25lZC1vZmYtYnk6IEFuZHkgQWRhbXNvbiA8YW5kcm9zQG5ldGFwcC5j
b20+DQo+IC0tLQ0KPiAgZnMvbmZzL2ZpbGUuYyAgICAgfCAxOSArKysrKysrKysrKysrKysrKyst
DQo+ICBmcy9uZnMvaW50ZXJuYWwuaCB8ICAyICsrDQo+ICBmcy9uZnMvd3JpdGUuYyAgICB8IDI3
ICsrKysrKysrKysrKysrKysrKysrKysrKysrKw0KPiAgMyBmaWxlcyBjaGFuZ2VkLCA0NyBpbnNl
cnRpb25zKCspLCAxIGRlbGV0aW9uKC0pDQo+IA0KPiBkaWZmIC0tZ2l0IGEvZnMvbmZzL2ZpbGUu
YyBiL2ZzL25mcy9maWxlLmMNCj4gaW5kZXggOTRlOTRiZC4uZGZmZjhkZiAxMDA2NDQNCj4gLS0t
IGEvZnMvbmZzL2ZpbGUuYw0KPiArKysgYi9mcy9uZnMvZmlsZS5jDQo+IEBAIC00MDYsNiArNDA2
LDcgQEAgc3RhdGljIGludCBuZnNfd3JpdGVfZW5kKHN0cnVjdCBmaWxlICpmaWxlLCBzdHJ1Y3Qg
YWRkcmVzc19zcGFjZSAqbWFwcGluZywNCj4gIAkJCXN0cnVjdCBwYWdlICpwYWdlLCB2b2lkICpm
c2RhdGEpDQo+ICB7DQo+ICAJdW5zaWduZWQgb2Zmc2V0ID0gcG9zICYgKFBBR0VfQ0FDSEVfU0la
RSAtIDEpOw0KPiArCXN0cnVjdCBuZnNfb3Blbl9jb250ZXh0ICpjdHggPSBuZnNfZmlsZV9vcGVu
X2NvbnRleHQoZmlsZSk7DQo+ICAJaW50IHN0YXR1czsNCj4gIA0KPiAgCWRmcHJpbnRrKFBBR0VD
QUNIRSwgIk5GUzogd3JpdGVfZW5kKCVzLyVzKCVsZCksICV1QCVsbGQpXG4iLA0KPiBAQCAtNDQx
LDYgKzQ0MiwxNyBAQCBzdGF0aWMgaW50IG5mc193cml0ZV9lbmQoc3RydWN0IGZpbGUgKmZpbGUs
IHN0cnVjdCBhZGRyZXNzX3NwYWNlICptYXBwaW5nLA0KPiAgCWlmIChzdGF0dXMgPCAwKQ0KPiAg
CQlyZXR1cm4gc3RhdHVzOw0KPiAgCU5GU19JKG1hcHBpbmctPmhvc3QpLT53cml0ZV9pbyArPSBj
b3BpZWQ7DQo+ICsNCj4gKwlpZiAobmZzX2N0eF9rZXlfdG9fZXhwaXJlKGN0eCkpIHsNCj4gKwkJ
cHJfd2Fybl9vbmNlKCJORlM6CUNyZWRlbnRpYWwgS2V5IHRvIGV4cGlyZS4gRmx1c2ggJXMvJXMo
JWxkKVxuIiwNCg0KcHJfd2Fybl9yYXRlbGltaXRlZD8NCg0KPiArCQkJZmlsZS0+Zl9wYXRoLmRl
bnRyeS0+ZF9wYXJlbnQtPmRfbmFtZS5uYW1lLA0KPiArCQkJZmlsZS0+Zl9wYXRoLmRlbnRyeS0+
ZF9uYW1lLm5hbWUsDQo+ICsJCQltYXBwaW5nLT5ob3N0LT5pX2lubyk7DQo+ICsJCXN0YXR1cyA9
IG5mc193Yl9hbGwobWFwcGluZy0+aG9zdCk7DQo+ICsJCWlmIChzdGF0dXMgPCAwKQ0KPiArCQkJ
cmV0dXJuIHN0YXR1czsNCj4gKwl9DQo+ICsNCj4gIAlyZXR1cm4gY29waWVkOw0KPiAgfQ0KPiAg
DQo+IEBAIC02MzcsNyArNjQ5LDggQEAgc3RhdGljIGludCBuZnNfbmVlZF9zeW5jX3dyaXRlKHN0
cnVjdCBmaWxlICpmaWxwLCBzdHJ1Y3QgaW5vZGUgKmlub2RlKQ0KPiAgCWlmIChJU19TWU5DKGlu
b2RlKSB8fCAoZmlscC0+Zl9mbGFncyAmIE9fRFNZTkMpKQ0KPiAgCQlyZXR1cm4gMTsNCj4gIAlj
dHggPSBuZnNfZmlsZV9vcGVuX2NvbnRleHQoZmlscCk7DQo+IC0JaWYgKHRlc3RfYml0KE5GU19D
T05URVhUX0VSUk9SX1dSSVRFLCAmY3R4LT5mbGFncykpDQo+ICsJaWYgKHRlc3RfYml0KE5GU19D
T05URVhUX0VSUk9SX1dSSVRFLCAmY3R4LT5mbGFncykgfHwNCj4gKwkgICAgbmZzX2N0eF9rZXlf
dG9fZXhwaXJlKGN0eCkpDQo+ICAJCXJldHVybiAxOw0KPiAgCXJldHVybiAwOw0KPiAgfQ0KPiBA
QCAtNjUxLDYgKzY2NCwxMCBAQCBzc2l6ZV90IG5mc19maWxlX3dyaXRlKHN0cnVjdCBraW9jYiAq
aW9jYiwgY29uc3Qgc3RydWN0IGlvdmVjICppb3YsDQo+ICAJc3NpemVfdCByZXN1bHQ7DQo+ICAJ
c2l6ZV90IGNvdW50ID0gaW92X2xlbmd0aChpb3YsIG5yX3NlZ3MpOw0KPiAgDQo+ICsJcmVzdWx0
ID0gbmZzX2tleV90aW1lb3V0X25vdGlmeShpb2NiLT5raV9maWxwLCBpbm9kZSk7DQo+ICsJaWYg
KHJlc3VsdCkNCj4gKwkJcmV0dXJuIHJlc3VsdDsNCj4gKw0KPiAgCWlmIChpb2NiLT5raV9maWxw
LT5mX2ZsYWdzICYgT19ESVJFQ1QpDQo+ICAJCXJldHVybiBuZnNfZmlsZV9kaXJlY3Rfd3JpdGUo
aW9jYiwgaW92LCBucl9zZWdzLCBwb3MsIHRydWUpOw0KPiAgDQo+IGRpZmYgLS1naXQgYS9mcy9u
ZnMvaW50ZXJuYWwuaCBiL2ZzL25mcy9pbnRlcm5hbC5oDQo+IGluZGV4IDNjODM3M2YuLmU4NmRj
MjAgMTAwNjQ0DQo+IC0tLSBhL2ZzL25mcy9pbnRlcm5hbC5oDQo+ICsrKyBiL2ZzL25mcy9pbnRl
cm5hbC5oDQo+IEBAIC00MzAsNiArNDMwLDggQEAgdm9pZCBuZnNfcmVxdWVzdF9yZW1vdmVfY29t
bWl0X2xpc3Qoc3RydWN0IG5mc19wYWdlICpyZXEsDQo+ICB2b2lkIG5mc19pbml0X2NpbmZvKHN0
cnVjdCBuZnNfY29tbWl0X2luZm8gKmNpbmZvLA0KPiAgCQkgICAgc3RydWN0IGlub2RlICppbm9k
ZSwNCj4gIAkJICAgIHN0cnVjdCBuZnNfZGlyZWN0X3JlcSAqZHJlcSk7DQo+ICtpbnQgbmZzX2tl
eV90aW1lb3V0X25vdGlmeShzdHJ1Y3QgZmlsZSAqZmlscCwgc3RydWN0IGlub2RlICppbm9kZSk7
DQo+ICtib29sIG5mc19jdHhfa2V5X3RvX2V4cGlyZShzdHJ1Y3QgbmZzX29wZW5fY29udGV4dCAq
Y3R4KTsNCj4gIA0KPiAgI2lmZGVmIENPTkZJR19NSUdSQVRJT04NCj4gIGV4dGVybiBpbnQgbmZz
X21pZ3JhdGVfcGFnZShzdHJ1Y3QgYWRkcmVzc19zcGFjZSAqLA0KPiBkaWZmIC0tZ2l0IGEvZnMv
bmZzL3dyaXRlLmMgYi9mcy9uZnMvd3JpdGUuYw0KPiBpbmRleCA3MjRjODQ1Li4xNDQwODVjIDEw
MDY0NA0KPiAtLS0gYS9mcy9uZnMvd3JpdGUuYw0KPiArKysgYi9mcy9uZnMvd3JpdGUuYw0KPiBA
QCAtODc0LDYgKzg3NCwzMyBAQCBpbnQgbmZzX2ZsdXNoX2luY29tcGF0aWJsZShzdHJ1Y3QgZmls
ZSAqZmlsZSwgc3RydWN0IHBhZ2UgKnBhZ2UpDQo+ICB9DQo+ICANCj4gIC8qDQo+ICsgKiBBdm9p
ZCBidWZmZXJlZCB3cml0ZXMgd2hlbiBhIG9wZW4gY29udGV4dCBjcmVkZW50aWFsJ3Mga2V5IHdv
dWxkDQo+ICsgKiBleHBpcmUgc29vbi4NCj4gKyAqDQo+ICsgKiBSZXR1cm5zIC1FQUNDRVMgaWYg
dGhlIGtleSB3aWxsIGV4cGlyZSB3aXRoaW4gUlBDX0tFWV9FWFBJUkVfRkFJTC4NCj4gKyAqDQo+
ICsgKiBSZXR1cm4gMCBhbmQgc2V0IGEgY3JlZGVudGlhbCBmbGFnIHdoaWNoIHRyaWdnZXJzIHRo
ZSBpbm9kZSB0byBmbHVzaA0KPiArICogYW5kIHBlcmZvcm1zICBORlNfRklMRV9TWU5DIHdyaXRl
cyBpZiB0aGUga2V5IHdpbGwgZXhwaXJlZCB3aXRoaW4NCj4gKyAqIFJQQ19LRVlfRVhQSVJFX1RJ
TUVPLg0KPiArICovDQo+ICtpbnQNCj4gK25mc19rZXlfdGltZW91dF9ub3RpZnkoc3RydWN0IGZp
bGUgKmZpbHAsIHN0cnVjdCBpbm9kZSAqaW5vZGUpDQo+ICt7DQo+ICsJc3RydWN0IG5mc19vcGVu
X2NvbnRleHQgKmN0eCA9IG5mc19maWxlX29wZW5fY29udGV4dChmaWxwKTsNCj4gKwlzdHJ1Y3Qg
cnBjX2F1dGggKmF1dGggPSBORlNfU0VSVkVSKGlub2RlKS0+Y2xpZW50LT5jbF9hdXRoOw0KPiAr
DQo+ICsJcmV0dXJuIHJwY2F1dGhfa2V5X3RpbWVvdXRfbm90aWZ5KGF1dGgsIGN0eC0+Y3JlZCk7
DQo+ICt9DQo+ICsNCj4gKy8qDQo+ICsgKiBUZXN0IGlmIHRoZSBvcGVuIGNvbnRleHQgY3JlZGVu
dGlhbCBrZXkgaXMgbWFya2VkIHRvIGV4cGlyZSBzb29uLg0KPiArICovDQo+ICtib29sIG5mc19j
dHhfa2V5X3RvX2V4cGlyZShzdHJ1Y3QgbmZzX29wZW5fY29udGV4dCAqY3R4KQ0KPiArew0KPiAr
CXJldHVybiBycGNhdXRoX2NyZWRfa2V5X3RvX2V4cGlyZShjdHgtPmNyZWQpOw0KPiArfQ0KPiAr
DQo+ICsvKg0KPiAgICogSWYgdGhlIHBhZ2UgY2FjaGUgaXMgbWFya2VkIGFzIHVuc2FmZSBvciBp
bnZhbGlkLCB0aGVuIHdlIGNhbid0IHJlbHkgb24NCj4gICAqIHRoZSBQYWdlVXB0b2RhdGUoKSBm
bGFnLiBJbiB0aGlzIGNhc2UsIHdlIHdpbGwgbmVlZCB0byB0dXJuIG9mZg0KPiAgICogd3JpdGUg
b3B0aW1pc2F0aW9ucyB0aGF0IGRlcGVuZCBvbiB0aGUgcGFnZSBjb250ZW50cyBiZWluZyBjb3Jy
ZWN0Lg0KDQotLSANClRyb25kIE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFpbmVy
DQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAuY29tDQo=

Re: [PATCH Version 4 3/5] SUNRPC new rpc_credops to test credential expiry

[Myklebust, Trond]

T24gVGh1LCAyMDEzLTA3LTE4IGF0IDE1OjM1IC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IFRoaXMg
cGF0Y2ggcHJvdmlkZXMgdGhlIFJQQyBsYXllciBoZWxwZXIgZnVuY3Rpb25zIHRvIGFsbG93IE5G
UyB0byBtYW5hZ2UNCj4gZGF0YSBpbiB0aGUgZmFjZSBvZiBleHBpcmVkIGNyZWRlbnRpYWxzIC0g
c3VjaCBhcyBhdm9pZGluZyBidWZmZXJlZCBXUklURXMNCj4gYW5kIENPTU1JVHMgd2hlbiB0aGUg
Z3NzIGNvbnRleHQgd2lsbCBleHBpcmUgYmVmb3JlIHRoZSBXUklURXMgYXJlIGZsdXNoZWQNCj4g
YW5kIENPTU1JVHMgYXJlIHNlbnQuDQo+IA0KPiBUaGVzZSBoZWxwZXIgZnVuY3Rpb25zIGVuYWJs
ZSBjaGVja2luZyB0aGUgZXhwaXJhdGlvbiBvZiBhbiB1bmRlcmx5aW5nDQo+IGNyZWRlbnRpYWwg
a2V5IGZvciBhIGdlbmVyaWMgcnBjIGNyZWRlbnRpYWwsIGUuZy4gdGhlIGdzc19jcmVkIGdzcyBj
b250ZXh0DQo+IGdjX2V4cGlyeSB3aGljaCBmb3IgS2VyYmVyb3MgaXMgc2V0IHRvIHRoZSByZW1h
aW5pbmcgVEdUIGxpZmV0aW1lLg0KPiANCj4gQSBuZXcgcnBjX2F1dGhvcHMga2V5X3RpbWVvdXQg
aXMgb25seSBkZWZpbmVkIGZvciB0aGUgZ2VuZXJpYyBhdXRoLg0KPiBBIG5ldyBycGNfY3JlZG9w
cyBjcmtleV90b19leHBpcmUgaXMgb25seSBkZWZpbmVkIGZvciB0aGUgZ2VuZXJpYyBjcmVkLg0K
PiBBIG5ldyBycGNfY3JlZG9wcyBjcmtleV90aW1lb3V0IGlzIG9ubHkgZGVmaW5lZCBmb3IgdGhl
IGdzcyBjcmVkLg0KPiANCj4gU2V0IGEgY3JlZGVudGlhbCBrZXkgZXhwaXJ5IHdhdGVybWFyaywg
UlBDX0tFWV9FWFBJUkVfVElNRU8gc2V0IHRvIDI0MCBzZWNvbmRzDQo+IGFzIGEgZGVmYXVsdCBh
bmQgY2FuIGJlIHNldCB2aWEgYSBtb2R1bGUgcGFyYW1ldGVyIGFzIHdlIG5lZWQgdG8gZW5zdXJl
IHRoZXJlDQo+IGlzIHRpbWUgZm9yIGFueSBkaXJ0eSBkYXRhIHRvIGJlIGZsdXNoZWQuDQo+IA0K
PiBJZiBrZXlfdGltZW91dCBpcyBjYWxsZWQgb24gYSBjcmVkZW50aWFsIHdpdGggYW4gdW5kZXJs
eWluZyBjcmVkZW50aWFsIGtleSB0aGF0DQo+IHdpbGwgZXhwaXJlIHdpdGhpbiB3YXRlcm1hcmsg
c2Vjb25kcywgd2Ugc2V0IHRoZSBSUENfQ1JFRF9LRVlfRVhQSVJFX1NPT04NCj4gZmxhZyBpbiB0
aGUgZ2VuZXJpY19jcmVkIGFjcmVkIHNvIHRoYXQgdGhlIE5GUyBsYXllciBjYW4gY2xlYW4gdXAg
cHJpb3IgdG8NCj4ga2V5IGV4cGlyYXRpb24uDQo+IA0KPiBDaGVja2luZyBhIGdlbmVyaWMgY3Jl
ZGVudGlhbCdzIHVuZGVybHlpbmcgY3JlZGVudGlhbCBpbnZvbHZlcyBhIGNyZWQgbG9va3VwLg0K
PiBUbyBhdm9pZCB0aGlzIGxvb2t1cCBpbiB0aGUgbm9ybWFsIGNhc2Ugd2hlbiB0aGUgdW5kZXJs
eWluZyBjcmVkZW50aWFsIGhhcw0KPiBhIGtleSB0aGF0IGlzIHZhbGlkIChiZWZvcmUgdGhlIHdh
dGVybWFyayksIGEgbm90aWZ5IGZsYWcgaXMgc2V0IGluDQo+IHRoZSBnZW5lcmljIGNyZWRlbnRp
YWwgdGhlIGZpcnN0IHRpbWUgdGhlIGtleV90aW1lb3V0IGlzIGNhbGxlZC4gVGhlDQo+IGdlbmVy
aWMgY3JlZGVudGlhbCB0aGVuIHN0b3BzIGNoZWNraW5nIHRoZSB1bmRlcmx5aW5nIGNyZWRlbnRp
YWwga2V5IGV4cGlyeSwgYW5kDQo+IHRoZSB1bmRlcmx5aW5nIGNyZWRlbnRpYWwgKGdzc19jcmVk
KSBtYXRjaCByb3V0aW5lIHRoZW4gY2hlY2tzIHRoZSBrZXkNCj4gZXhwaXJhdGlvbiB1cG9uIGVh
Y2ggbm9ybWFsIHVzZSBhbmQgc2V0cyBhIGZsYWcgaW4gdGhlIGFzc29jaWF0ZWQgZ2VuZXJpYw0K
PiBjcmVkZW50aWFsIG9ubHkgd2hlbiB0aGUga2V5IGV4cGlyYXRpb24gaXMgd2l0aGluIHRoZSB3
YXRlcm1hcmsuDQo+IFRoaXMgaW4gdHVybiBzaWduYWxzIHRoZSBnZW5lcmljIGNyZWRlbnRpYWwg
a2V5X3RpbWVvdXQgdG8gcGVyZm9ybSB0aGUgZXh0cmENCj4gY3JlZGVudGlhbCBsb29rdXAgdGhl
cmVhZnRlci4NCj4gDQo+IFNpZ25lZC1vZmYtYnk6IEFuZHkgQWRhbXNvbiA8YW5kcm9zQG5ldGFw
cC5jb20+DQo+IC0tLQ0KPiAgaW5jbHVkZS9saW51eC9zdW5ycGMvYXV0aC5oICAgIHwgMTYgKysr
KysrKysrDQo+ICBuZXQvc3VucnBjL2F1dGguYyAgICAgICAgICAgICAgfCAyMSArKysrKysrKysr
Kw0KPiAgbmV0L3N1bnJwYy9hdXRoX2dlbmVyaWMuYyAgICAgIHwgODIgKysrKysrKysrKysrKysr
KysrKysrKysrKysrKysrKysrKysrKysrKysrDQo+ICBuZXQvc3VucnBjL2F1dGhfZ3NzL2F1dGhf
Z3NzLmMgfCA1NCArKysrKysrKysrKysrKysrKysrKysrKysrKy0tDQo+ICA0IGZpbGVzIGNoYW5n
ZWQsIDE3MSBpbnNlcnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQ0KPiANCj4gZGlmZiAtLWdpdCBh
L2luY2x1ZGUvbGludXgvc3VucnBjL2F1dGguaCBiL2luY2x1ZGUvbGludXgvc3VucnBjL2F1dGgu
aA0KPiBpbmRleCAwZGQwMGY0Li5hNzlkMDQyIDEwMDY0NA0KPiAtLS0gYS9pbmNsdWRlL2xpbnV4
L3N1bnJwYy9hdXRoLmgNCj4gKysrIGIvaW5jbHVkZS9saW51eC9zdW5ycGMvYXV0aC5oDQo+IEBA
IC0yNCwxMiArMjQsMjEgQEANCj4gIA0KPiAgc3RydWN0IHJwY3NlY19nc3NfaW5mbzsNCj4gIA0K
PiArLyogYXV0aF9jcmVkIGFjX2ZsYWdzIGJpdHMgKi8NCj4gK2VudW0gew0KPiArCVJQQ19DUkVE
X05PX0NSS0VZX1RJTUVPVVQgPSAwLCAvKiB1bmRlcmx5aW5nIGNyZWQgaGFzIG5vIGtleSB0aW1l
b3V0ICovDQo+ICsJUlBDX0NSRURfS0VZX0VYUElSRV9TT09OID0gMSwgLyogdW5kZXJseWluZyBj
cmVkIGtleSB3aWxsIGV4cGlyZSBzb29uICovDQo+ICsJUlBDX0NSRURfTk9USUZZX1RJTUVPVVQg
PSAyLCAgIC8qIG5vZml0eSBnZW5lcmljIGNyZWQgd2hlbiB1bmRlcmx5aW5nDQo+ICsJCQkJCWtl
eSB3aWxsIGV4cGlyZSBzb29uICovDQo+ICt9Ow0KPiArDQo+ICAvKiBXb3JrIGFyb3VuZCB0aGUg
bGFjayBvZiBhIFZGUyBjcmVkZW50aWFsICovDQo+ICBzdHJ1Y3QgYXV0aF9jcmVkIHsNCj4gIAlr
dWlkX3QJdWlkOw0KPiAgCWtnaWRfdAlnaWQ7DQo+ICAJc3RydWN0IGdyb3VwX2luZm8gKmdyb3Vw
X2luZm87DQo+ICAJY29uc3QgY2hhciAqcHJpbmNpcGFsOw0KPiArCXVuc2lnbmVkIGxvbmcgYWNf
ZmxhZ3M7DQo+ICAJdW5zaWduZWQgY2hhciBtYWNoaW5lX2NyZWQgOiAxOw0KPiAgfTsNCj4gIA0K
PiBAQCAtMTA4LDYgKzExNyw4IEBAIHN0cnVjdCBycGNfYXV0aG9wcyB7DQo+ICAJcnBjX2F1dGhm
bGF2b3JfdAkoKmluZm8yZmxhdm9yKShzdHJ1Y3QgcnBjc2VjX2dzc19pbmZvICopOw0KPiAgCWlu
dAkJCSgqZmxhdm9yMmluZm8pKHJwY19hdXRoZmxhdm9yX3QsDQo+ICAJCQkJCQlzdHJ1Y3QgcnBj
c2VjX2dzc19pbmZvICopOw0KPiArCWludAkJCSgqa2V5X3RpbWVvdXQpKHN0cnVjdCBycGNfYXV0
aCAqLA0KPiArCQkJCQkJc3RydWN0IHJwY19jcmVkICopOw0KPiAgfTsNCj4gIA0KPiAgc3RydWN0
IHJwY19jcmVkb3BzIHsNCj4gQEAgLTEyNCw2ICsxMzUsOCBAQCBzdHJ1Y3QgcnBjX2NyZWRvcHMg
ew0KPiAgCQkJCQkJdm9pZCAqLCBfX2JlMzIgKiwgdm9pZCAqKTsNCj4gIAlpbnQJCQkoKmNydW53
cmFwX3Jlc3ApKHN0cnVjdCBycGNfdGFzayAqLCBreGRyZHByb2NfdCwNCj4gIAkJCQkJCXZvaWQg
KiwgX19iZTMyICosIHZvaWQgKik7DQo+ICsJaW50CQkJKCpjcmtleV90aW1lb3V0KShzdHJ1Y3Qg
cnBjX2NyZWQgKik7DQo+ICsJYm9vbAkJCSgqY3JrZXlfdG9fZXhwaXJlKShzdHJ1Y3QgcnBjX2Ny
ZWQgKik7DQo+ICB9Ow0KPiAgDQo+ICBleHRlcm4gY29uc3Qgc3RydWN0IHJwY19hdXRob3BzCWF1
dGh1bml4X29wczsNCj4gQEAgLTE2Miw2ICsxNzUsOSBAQCBpbnQJCQlycGNhdXRoX3VwdG9kYXRl
Y3JlZChzdHJ1Y3QgcnBjX3Rhc2sgKik7DQo+ICBpbnQJCQlycGNhdXRoX2luaXRfY3JlZGNhY2hl
KHN0cnVjdCBycGNfYXV0aCAqKTsNCj4gIHZvaWQJCQlycGNhdXRoX2Rlc3Ryb3lfY3JlZGNhY2hl
KHN0cnVjdCBycGNfYXV0aCAqKTsNCj4gIHZvaWQJCQlycGNhdXRoX2NsZWFyX2NyZWRjYWNoZShz
dHJ1Y3QgcnBjX2NyZWRfY2FjaGUgKik7DQo+ICtpbnQJCQlycGNhdXRoX2tleV90aW1lb3V0X25v
dGlmeShzdHJ1Y3QgcnBjX2F1dGggKiwNCj4gKwkJCQkJCXN0cnVjdCBycGNfY3JlZCAqKTsNCj4g
K2Jvb2wJCQlycGNhdXRoX2NyZWRfa2V5X3RvX2V4cGlyZShzdHJ1Y3QgcnBjX2NyZWQgKik7DQo+
ICANCj4gIHN0YXRpYyBpbmxpbmUNCj4gIHN0cnVjdCBycGNfY3JlZCAqCWdldF9ycGNjcmVkKHN0
cnVjdCBycGNfY3JlZCAqY3JlZCkNCj4gZGlmZiAtLWdpdCBhL25ldC9zdW5ycGMvYXV0aC5jIGIv
bmV0L3N1bnJwYy9hdXRoLmMNCj4gaW5kZXggZWQyZmRkMi4uMTc0MTM3MCAxMDA2NDQNCj4gLS0t
IGEvbmV0L3N1bnJwYy9hdXRoLmMNCj4gKysrIGIvbmV0L3N1bnJwYy9hdXRoLmMNCj4gQEAgLTM0
Myw2ICszNDMsMjcgQEAgb3V0X25vY2FjaGU6DQo+ICBFWFBPUlRfU1lNQk9MX0dQTChycGNhdXRo
X2luaXRfY3JlZGNhY2hlKTsNCj4gIA0KPiAgLyoNCj4gKyAqIFNldHVwIGEgY3JlZGVudGlhbCBr
ZXkgbGlmZXRpbWUgdGltZW91dCBub3RpZmljYXRpb24NCj4gKyAqLw0KPiAraW50DQo+ICtycGNh
dXRoX2tleV90aW1lb3V0X25vdGlmeShzdHJ1Y3QgcnBjX2F1dGggKmF1dGgsIHN0cnVjdCBycGNf
Y3JlZCAqY3JlZCkNCj4gK3sNCj4gKwlpZiAoIWNyZWQtPmNyX2F1dGgtPmF1X29wcy0+a2V5X3Rp
bWVvdXQpDQo+ICsJCXJldHVybiAwOw0KPiArCXJldHVybiBjcmVkLT5jcl9hdXRoLT5hdV9vcHMt
PmtleV90aW1lb3V0KGF1dGgsIGNyZWQpOw0KPiArfQ0KPiArRVhQT1JUX1NZTUJPTF9HUEwocnBj
YXV0aF9rZXlfdGltZW91dF9ub3RpZnkpOw0KPiArDQo+ICtib29sDQo+ICtycGNhdXRoX2NyZWRf
a2V5X3RvX2V4cGlyZShzdHJ1Y3QgcnBjX2NyZWQgKmNyZWQpDQo+ICt7DQo+ICsJaWYgKCFjcmVk
LT5jcl9vcHMtPmNya2V5X3RvX2V4cGlyZSkNCj4gKwkJcmV0dXJuIGZhbHNlOw0KPiArCXJldHVy
biBjcmVkLT5jcl9vcHMtPmNya2V5X3RvX2V4cGlyZShjcmVkKTsNCj4gK30NCj4gK0VYUE9SVF9T
WU1CT0xfR1BMKHJwY2F1dGhfY3JlZF9rZXlfdG9fZXhwaXJlKTsNCj4gKw0KPiArLyoNCj4gICAq
IERlc3Ryb3kgYSBsaXN0IG9mIGNyZWRlbnRpYWxzDQo+ICAgKi8NCj4gIHN0YXRpYyBpbmxpbmUN
Cj4gZGlmZiAtLWdpdCBhL25ldC9zdW5ycGMvYXV0aF9nZW5lcmljLmMgYi9uZXQvc3VucnBjL2F1
dGhfZ2VuZXJpYy5jDQo+IGluZGV4IGI2YmFkYWYuLjc0MzBkMzggMTAwNjQ0DQo+IC0tLSBhL25l
dC9zdW5ycGMvYXV0aF9nZW5lcmljLmMNCj4gKysrIGIvbmV0L3N1bnJwYy9hdXRoX2dlbmVyaWMu
Yw0KPiBAQCAtODksNiArODksNyBAQCBnZW5lcmljX2NyZWF0ZV9jcmVkKHN0cnVjdCBycGNfYXV0
aCAqYXV0aCwgc3RydWN0IGF1dGhfY3JlZCAqYWNyZWQsIGludCBmbGFncykNCj4gIAlnY3JlZC0+
YWNyZWQudWlkID0gYWNyZWQtPnVpZDsNCj4gIAlnY3JlZC0+YWNyZWQuZ2lkID0gYWNyZWQtPmdp
ZDsNCj4gIAlnY3JlZC0+YWNyZWQuZ3JvdXBfaW5mbyA9IGFjcmVkLT5ncm91cF9pbmZvOw0KPiAr
CWdjcmVkLT5hY3JlZC5hY19mbGFncyA9IDA7DQo+ICAJaWYgKGdjcmVkLT5hY3JlZC5ncm91cF9p
bmZvICE9IE5VTEwpDQo+ICAJCWdldF9ncm91cF9pbmZvKGdjcmVkLT5hY3JlZC5ncm91cF9pbmZv
KTsNCj4gIAlnY3JlZC0+YWNyZWQubWFjaGluZV9jcmVkID0gYWNyZWQtPm1hY2hpbmVfY3JlZDsN
Cj4gQEAgLTE4MiwxMSArMTgzLDc4IEBAIHZvaWQgcnBjX2Rlc3Ryb3lfZ2VuZXJpY19hdXRoKHZv
aWQpDQo+ICAJcnBjYXV0aF9kZXN0cm95X2NyZWRjYWNoZSgmZ2VuZXJpY19hdXRoKTsNCj4gIH0N
Cj4gIA0KPiArLyoNCj4gKyAqIFRlc3QgdGhlIHRoZSBjdXJyZW50IHRpbWUgKG5vdykgYWdhaW5z
dCB0aGUgdW5kZXJseWluZyBjcmVkZW50aWFsIGtleSBleHBpcnkNCj4gKyAqIG1pbnVzIGEgdGlt
ZW91dCBhbmQgc2V0dXAgbm90aWZpY2F0aW9uLg0KPiArICoNCj4gKyAqIFRoZSBub3JtYWwgY2Fz
ZToNCj4gKyAqIElmICdub3cnIGlzIGJlZm9yZSB0aGUga2V5IGV4cGlyeSBtaW51cyBSUENfS0VZ
X0VYUElSRV9USU1FTywgc2V0DQo+ICsgKiB0aGUgUlBDX0NSRURfTk9USUZZX1RJTUVPVVQgZmxh
ZyB0byBzZXR1cCB0aGUgdW5kZXJseWluZyBjcmVkZW50aWFsDQo+ICsgKiBycGNfY3JlZG9wcyBj
cm1hdGNoIHJvdXRpbmUgdG8gbm90aWZ5IHRoaXMgZ2VuZXJpYyBjcmVkIHdoZW4gaXQncyBrZXkN
Cj4gKyAqIGV4cGlyYXRpb24gaXMgd2l0aGluIFJQQ19LRVlfRVhQSVJFX1RJTUVPLCBhbmQgcmV0
dXJuIDAuDQo+ICsgKg0KPiArICogVGhlIGVycm9yIGNhc2U6DQo+ICsgKiBJZiB0aGUgdW5kZXJs
eWluZyBjcmVkIGxvb2t1cCBmYWlscywgcmV0dXJuIC1FQUNDRVMuDQo+ICsgKg0KPiArICogVGhl
ICdhbG1vc3QnIGVycm9yIGNhc2U6DQo+ICsgKiBJZiAnbm93JyBpcyB3aXRoaW4ga2V5IGV4cGly
eSBtaW51cyBSUENfS0VZX0VYUElSRV9USU1FTywgYnV0IG5vdCB3aXRoaW4NCj4gKyAqIGtleSBl
eHBpcnkgbWludXMgUlBDX0tFWV9FWFBJUkVfRkFJTCwgc2V0IHRoZSBSUENfQ1JFRF9FWFBJUkVf
U09PTiBiaXQNCj4gKyAqIG9uIHRoZSBhY3JlZCBhY19mbGFncyBhbmQgcmV0dXJuIDAuDQo+ICsg
Ki8NCj4gK3N0YXRpYyBpbnQNCj4gK2dlbmVyaWNfa2V5X3RpbWVvdXQoc3RydWN0IHJwY19hdXRo
ICphdXRoLCBzdHJ1Y3QgcnBjX2NyZWQgKmNyZWQpDQo+ICt7DQo+ICsJc3RydWN0IGF1dGhfY3Jl
ZCAqYWNyZWQgPSAmY29udGFpbmVyX29mKGNyZWQsIHN0cnVjdCBnZW5lcmljX2NyZWQsDQo+ICsJ
CQkJCQlnY19iYXNlKS0+YWNyZWQ7DQo+ICsJc3RydWN0IHJwY19jcmVkICp0Y3JlZDsNCj4gKwlp
bnQgcmV0ID0gMDsNCj4gKw0KPiArDQo+ICsJLyogRmFzdCB0cmFjayBmb3Igbm9uIGNya2V5X3Rp
bWVvdXQgKG5vIGtleSkgdW5kZXJseWluZyBjcmVkZW50aWFscyAqLw0KPiArCWlmICh0ZXN0X2Jp
dChSUENfQ1JFRF9OT19DUktFWV9USU1FT1VULCAmYWNyZWQtPmFjX2ZsYWdzKSkNCj4gKwkJcmV0
dXJuIDA7DQo+ICsNCj4gKwkvKiBGYXN0IHRyYWNrIGZvciB0aGUgbm9ybWFsIGNhc2UgKi8NCj4g
KwlpZiAodGVzdF9iaXQoUlBDX0NSRURfTk9USUZZX1RJTUVPVVQsICZhY3JlZC0+YWNfZmxhZ3Mp
KQ0KPiArCQlyZXR1cm4gMDsNCj4gKw0KPiArCS8qIGxvb2t1cF9jcmVkIGVpdGhlciByZXR1cm5z
IGEgdmFsaWQgcmVmZXJlbmNlZCBycGNfY3JlZCwgb3IgUFRSX0VSUiAqLw0KPiArCXRjcmVkID0g
YXV0aC0+YXVfb3BzLT5sb29rdXBfY3JlZChhdXRoLCBhY3JlZCwgMCk7DQo+ICsJaWYgKElTX0VS
Uih0Y3JlZCkpDQo+ICsJCXJldHVybiAtRUFDQ0VTOw0KPiArDQo+ICsJaWYgKCF0Y3JlZC0+Y3Jf
b3BzLT5jcmtleV90aW1lb3V0KSB7DQo+ICsJCXNldF9iaXQoUlBDX0NSRURfTk9fQ1JLRVlfVElN
RU9VVCwgJmFjcmVkLT5hY19mbGFncyk7DQo+ICsJCXJldCA9IDA7DQo+ICsJCWdvdG8gb3V0X3B1
dDsNCj4gKwl9DQo+ICsNCj4gKwkvKiBUZXN0IGZvciB0aGUgYWxtb3N0IGVycm9yIGNhc2UgKi8N
Cj4gKwlyZXQgPSB0Y3JlZC0+Y3Jfb3BzLT5jcmtleV90aW1lb3V0KHRjcmVkKTsNCj4gKwlpZiAo
cmV0ICE9IDApIHsNCj4gKwkJc2V0X2JpdChSUENfQ1JFRF9LRVlfRVhQSVJFX1NPT04sICZhY3Jl
ZC0+YWNfZmxhZ3MpOw0KPiArCQlyZXQgPSAwOw0KPiArCX0gZWxzZSB7DQo+ICsJCS8qIEluIGNh
c2UgdW5kZXJseWluZyBjcmVkIGtleSBoYXMgYmVlbiByZXNldCAqLw0KPiArCQlpZiAodGVzdF9h
bmRfY2xlYXJfYml0KFJQQ19DUkVEX0tFWV9FWFBJUkVfU09PTiwNCj4gKwkJCQkJJmFjcmVkLT5h
Y19mbGFncykpDQo+ICsJCQlwcl93YXJuKCJSUEM6IFVJRCAlZCBDcmVkZW50aWFsIGtleSByZXNl
dFxuIiwNCj4gKwkJCQl0Y3JlZC0+Y3JfdWlkKTsNCg0KZHByaW50aygpPw0KDQo+ICsJCS8qIHNl
dCB1cCBmYXN0dHJhY2sgZm9yIHRoZSBub3JtYWwgY2FzZSAqLw0KPiArCQlzZXRfYml0KFJQQ19D
UkVEX05PVElGWV9USU1FT1VULCAmYWNyZWQtPmFjX2ZsYWdzKTsNCj4gKwl9DQo+ICsNCj4gK291
dF9wdXQ6DQo+ICsJcHV0X3JwY2NyZWQodGNyZWQpOw0KPiArCXJldHVybiByZXQ7DQo+ICt9DQo+
ICsNCj4gIHN0YXRpYyBjb25zdCBzdHJ1Y3QgcnBjX2F1dGhvcHMgZ2VuZXJpY19hdXRoX29wcyA9
IHsNCj4gIAkub3duZXIgPSBUSElTX01PRFVMRSwNCj4gIAkuYXVfbmFtZSA9ICJHZW5lcmljIiwN
Cj4gIAkubG9va3VwX2NyZWQgPSBnZW5lcmljX2xvb2t1cF9jcmVkLA0KPiAgCS5jcmNyZWF0ZSA9
IGdlbmVyaWNfY3JlYXRlX2NyZWQsDQo+ICsJLmtleV90aW1lb3V0ID0gZ2VuZXJpY19rZXlfdGlt
ZW91dCwNCj4gIH07DQo+ICANCj4gIHN0YXRpYyBzdHJ1Y3QgcnBjX2F1dGggZ2VuZXJpY19hdXRo
ID0gew0KPiBAQCAtMTk0LDkgKzI2MiwyMyBAQCBzdGF0aWMgc3RydWN0IHJwY19hdXRoIGdlbmVy
aWNfYXV0aCA9IHsNCj4gIAkuYXVfY291bnQgPSBBVE9NSUNfSU5JVCgwKSwNCj4gIH07DQo+ICAN
Cj4gK3N0YXRpYyBib29sIGdlbmVyaWNfa2V5X3RvX2V4cGlyZShzdHJ1Y3QgcnBjX2NyZWQgKmNy
ZWQpDQo+ICt7DQo+ICsJc3RydWN0IGF1dGhfY3JlZCAqYWNyZWQgPSAmY29udGFpbmVyX29mKGNy
ZWQsIHN0cnVjdCBnZW5lcmljX2NyZWQsDQo+ICsJCQkJCQlnY19iYXNlKS0+YWNyZWQ7DQo+ICsJ
Ym9vbCByZXQ7DQo+ICsNCj4gKwlnZXRfcnBjY3JlZChjcmVkKTsNCj4gKwlyZXQgPSB0ZXN0X2Jp
dChSUENfQ1JFRF9LRVlfRVhQSVJFX1NPT04sICZhY3JlZC0+YWNfZmxhZ3MpOw0KPiArCXB1dF9y
cGNjcmVkKGNyZWQpOw0KPiArDQo+ICsJcmV0dXJuIHJldDsNCj4gK30NCj4gKw0KPiAgc3RhdGlj
IGNvbnN0IHN0cnVjdCBycGNfY3JlZG9wcyBnZW5lcmljX2NyZWRvcHMgPSB7DQo+ICAJLmNyX25h
bWUgPSAiR2VuZXJpYyBjcmVkIiwNCj4gIAkuY3JkZXN0cm95ID0gZ2VuZXJpY19kZXN0cm95X2Ny
ZWQsDQo+ICAJLmNyYmluZCA9IGdlbmVyaWNfYmluZF9jcmVkLA0KPiAgCS5jcm1hdGNoID0gZ2Vu
ZXJpY19tYXRjaCwNCj4gKwkuY3JrZXlfdG9fZXhwaXJlID0gZ2VuZXJpY19rZXlfdG9fZXhwaXJl
LA0KPiAgfTsNCj4gZGlmZiAtLWdpdCBhL25ldC9zdW5ycGMvYXV0aF9nc3MvYXV0aF9nc3MuYyBi
L25ldC9zdW5ycGMvYXV0aF9nc3MvYXV0aF9nc3MuYw0KPiBpbmRleCBmYzJmNzhkLi5lMWY0NzM1
IDEwMDY0NA0KPiAtLS0gYS9uZXQvc3VucnBjL2F1dGhfZ3NzL2F1dGhfZ3NzLmMNCj4gKysrIGIv
bmV0L3N1bnJwYy9hdXRoX2dzcy9hdXRoX2dzcy5jDQo+IEBAIC02Miw2ICs2Miw5IEBAIHN0YXRp
YyBjb25zdCBzdHJ1Y3QgcnBjX2NyZWRvcHMgZ3NzX251bGxvcHM7DQo+ICAjZGVmaW5lIEdTU19S
RVRSWV9FWFBJUkVEIDUNCj4gIHN0YXRpYyB1bnNpZ25lZCBpbnQgZ3NzX2V4cGlyZWRfY3JlZF9y
ZXRyeV9kZWxheSA9IEdTU19SRVRSWV9FWFBJUkVEOw0KPiAgDQo+ICsjZGVmaW5lIEdTU19LRVlf
RVhQSVJFX1RJTUVPIDI0MA0KPiArc3RhdGljIHVuc2lnbmVkIGludCBnc3Nfa2V5X2V4cGlyZV90
aW1lbyA9IEdTU19LRVlfRVhQSVJFX1RJTUVPOw0KPiArDQo+ICAjaWZkZWYgUlBDX0RFQlVHDQo+
ICAjIGRlZmluZSBSUENEQkdfRkFDSUxJVFkJUlBDREJHX0FVVEgNCj4gICNlbmRpZg0KPiBAQCAt
MTEyNiwxMCArMTEyOSwzMiBAQCBnc3NfY3JlZF9pbml0KHN0cnVjdCBycGNfYXV0aCAqYXV0aCwg
c3RydWN0IHJwY19jcmVkICpjcmVkKQ0KPiAgCXJldHVybiBlcnI7DQo+ICB9DQo+ICANCj4gKy8q
DQo+ICsgKiBSZXR1cm5zIC1FQUNDRVMgaWYgR1NTIGNvbnRleHQgaXMgTlVMTCBvciB3aWxsIGV4
cGlyZSB3aXRoaW4gdGhlDQo+ICsgKiB0aW1lb3V0IChtaWxpc2Vjb25kcykNCj4gKyAqLw0KPiAr
c3RhdGljIGludA0KPiArZ3NzX2tleV90aW1lb3V0KHN0cnVjdCBycGNfY3JlZCAqcmMpDQo+ICt7
DQo+ICsJc3RydWN0IGdzc19jcmVkICpnc3NfY3JlZCA9IGNvbnRhaW5lcl9vZihyYywgc3RydWN0
IGdzc19jcmVkLCBnY19iYXNlKTsNCj4gKwl1bnNpZ25lZCBsb25nIG5vdyA9IGppZmZpZXM7DQo+
ICsJdW5zaWduZWQgbG9uZyBleHBpcmU7DQo+ICsNCj4gKwlpZiAoZ3NzX2NyZWQtPmdjX2N0eCA9
PSBOVUxMKQ0KPiArCQlyZXR1cm4gLUVBQ0NFUzsNCj4gKw0KPiArCWV4cGlyZSA9IGdzc19jcmVk
LT5nY19jdHgtPmdjX2V4cGlyeSAtIChnc3Nfa2V5X2V4cGlyZV90aW1lbyAqIEhaKTsNCj4gKw0K
PiArCWlmICh0aW1lX2FmdGVyKG5vdywgZXhwaXJlKSkNCj4gKwkJcmV0dXJuIC1FQUNDRVM7DQo+
ICsJcmV0dXJuIDA7DQo+ICt9DQo+ICsNCj4gIHN0YXRpYyBpbnQNCj4gIGdzc19tYXRjaChzdHJ1
Y3QgYXV0aF9jcmVkICphY3JlZCwgc3RydWN0IHJwY19jcmVkICpyYywgaW50IGZsYWdzKQ0KPiAg
ew0KPiAgCXN0cnVjdCBnc3NfY3JlZCAqZ3NzX2NyZWQgPSBjb250YWluZXJfb2YocmMsIHN0cnVj
dCBnc3NfY3JlZCwgZ2NfYmFzZSk7DQo+ICsJaW50IHJldDsNCj4gIA0KPiAgCWlmICh0ZXN0X2Jp
dChSUENBVVRIX0NSRURfTkVXLCAmcmMtPmNyX2ZsYWdzKSkNCj4gIAkJZ290byBvdXQ7DQo+IEBA
IC0xMTQyLDExICsxMTY3LDI4IEBAIG91dDoNCj4gIAlpZiAoYWNyZWQtPnByaW5jaXBhbCAhPSBO
VUxMKSB7DQo+ICAJCWlmIChnc3NfY3JlZC0+Z2NfcHJpbmNpcGFsID09IE5VTEwpDQo+ICAJCQly
ZXR1cm4gMDsNCj4gLQkJcmV0dXJuIHN0cmNtcChhY3JlZC0+cHJpbmNpcGFsLCBnc3NfY3JlZC0+
Z2NfcHJpbmNpcGFsKSA9PSAwOw0KPiArCQlyZXQgPSBzdHJjbXAoYWNyZWQtPnByaW5jaXBhbCwg
Z3NzX2NyZWQtPmdjX3ByaW5jaXBhbCkgPT0gMDsNCj4gKwkJZ290byBjaGVja19leHBpcmU7DQo+
ICAJfQ0KPiAgCWlmIChnc3NfY3JlZC0+Z2NfcHJpbmNpcGFsICE9IE5VTEwpDQo+ICAJCXJldHVy
biAwOw0KPiAtCXJldHVybiB1aWRfZXEocmMtPmNyX3VpZCwgYWNyZWQtPnVpZCk7DQo+ICsJcmV0
ID0gdWlkX2VxKHJjLT5jcl91aWQsIGFjcmVkLT51aWQpOw0KPiArDQo+ICtjaGVja19leHBpcmU6
DQo+ICsJaWYgKHJldCA9PSAwKQ0KPiArCQlyZXR1cm4gcmV0Ow0KPiArDQo+ICsJLyogTm90aWZ5
IGFjcmVkIHVzZXJzIG9mIEdTUyBjb250ZXh0IGV4cGlyYXRpb24gdGltZW91dCAqLw0KPiArCWlm
ICh0ZXN0X2JpdChSUENfQ1JFRF9OT1RJRllfVElNRU9VVCwgJmFjcmVkLT5hY19mbGFncykgJiYN
Cj4gKwkgICAgKGdzc19rZXlfdGltZW91dChyYykgIT0gMCkpIHsNCj4gKwkJLyogdGVzdCB3aWxs
IG5vdyBiZSBkb25lIGZyb20gZ2VuZXJpYyBjcmVkICovDQo+ICsJCXRlc3RfYW5kX2NsZWFyX2Jp
dChSUENfQ1JFRF9OT1RJRllfVElNRU9VVCwgJmFjcmVkLT5hY19mbGFncyk7DQo+ICsJCS8qIHRl
bGwgTkZTIGxheWVyIHRoYXQga2V5IHdpbGwgZXhwaXJlIHNvb24gKi8NCj4gKwkJc2V0X2JpdChS
UENfQ1JFRF9LRVlfRVhQSVJFX1NPT04sICZhY3JlZC0+YWNfZmxhZ3MpOw0KPiArCQlwcl93YXJu
KCJSUEM6IFVJRCAlZCBHU1MgY29udGV4dCB0byBleHBpcmUgd2l0aGluICVkIHNlY29uZHNcbiIs
DQo+ICsJCQlyYy0+Y3JfdWlkLCBnc3Nfa2V5X2V4cGlyZV90aW1lbyk7DQoNCkFnYWluLCByYXRl
IGxpbWl0Lg0KDQpBbHNvLCB3aGF0IGhhcHBlbnMgaWYgeW91IHJlbmV3IHRoZSBjcmVkZW50aWFs
IHVzaW5nIGtpbml0IGluc3RlYWQgb2YNCnVzaW5nIHRoZSB3cmFwcGVyPyBXb24ndCB0aGUgYWJv
dmUgYmUgc3BhbW1pbmcgdGhlIHVzZXIgd2l0aCBhIGxvdCBvZg0KdW5uZWNlc3NhcnkgKGFuZCBl
dmVuIGluY29ycmVjdCkgaW5mb3JtYXRpb24/DQoNCj4gKwl9DQo+ICsJcmV0dXJuIHJldDsNCj4g
IH0NCj4gIA0KPiAgLyoNCj4gQEAgLTE2NzUsNiArMTcxNyw3IEBAIHN0YXRpYyBjb25zdCBzdHJ1
Y3QgcnBjX2NyZWRvcHMgZ3NzX2NyZWRvcHMgPSB7DQo+ICAJLmNydmFsaWRhdGUJPSBnc3NfdmFs
aWRhdGUsDQo+ICAJLmNyd3JhcF9yZXEJPSBnc3Nfd3JhcF9yZXEsDQo+ICAJLmNydW53cmFwX3Jl
c3AJPSBnc3NfdW53cmFwX3Jlc3AsDQo+ICsJLmNya2V5X3RpbWVvdXQJPSBnc3Nfa2V5X3RpbWVv
dXQsDQo+ICB9Ow0KPiAgDQo+ICBzdGF0aWMgY29uc3Qgc3RydWN0IHJwY19jcmVkb3BzIGdzc19u
dWxsb3BzID0gew0KPiBAQCAtMTc2Miw1ICsxODA1LDEyIEBAIG1vZHVsZV9wYXJhbV9uYW1lZChl
eHBpcmVkX2NyZWRfcmV0cnlfZGVsYXksDQo+ICBNT0RVTEVfUEFSTV9ERVNDKGV4cGlyZWRfY3Jl
ZF9yZXRyeV9kZWxheSwgIlRpbWVvdXQgKGluIHNlY29uZHMpIHVudGlsICINCj4gIAkJInRoZSBS
UEMgZW5naW5lIHJldHJpZXMgYW4gZXhwaXJlZCBjcmVkZW50aWFsIik7DQo+ICANCj4gK21vZHVs
ZV9wYXJhbV9uYW1lZChrZXlfZXhwaXJlX3RpbWVvLA0KPiArCQkgICBnc3Nfa2V5X2V4cGlyZV90
aW1lbywNCj4gKwkJICAgdWludCwgMDY0NCk7DQo+ICtNT0RVTEVfUEFSTV9ERVNDKGtleV9leHBp
cmVfdGltZW8sICJUaW1lIChpbiBzZWNvbmRzKSBhdCB0aGUgZW5kIG9mIGEgIg0KPiArCQkiY3Jl
ZGVudGlhbCBrZXlzIGxpZmV0aW1lIHdoZXJlIHRoZSBORlMgbGF5ZXIgY2xlYW5zIHVwICINCj4g
KwkJInByaW9yIHRvIGtleSBleHBpcmF0aW9uIik7DQo+ICsNCj4gIG1vZHVsZV9pbml0KGluaXRf
cnBjc2VjX2dzcykNCj4gIG1vZHVsZV9leGl0KGV4aXRfcnBjc2VjX2dzcykNCg0KLS0gDQpUcm9u
ZCBNeWtsZWJ1c3QNCkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5lcg0KDQpOZXRBcHANClRyb25k
Lk15a2xlYnVzdEBuZXRhcHAuY29tDQp3d3cubmV0YXBwLmNvbQ0K

Re: [PATCH Version 4 5/5] SUNRPC refactor rpcauth_checkverf error returns

[Myklebust, Trond]

T24gVGh1LCAyMDEzLTA3LTE4IGF0IDE1OjM1IC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IE1vc3Qg
b2YgdGhlIHRpbWUgYW4gZXJyb3IgZnJvbSB0aGUgY3JlZG9wcyBjcnZhbGlkYXRlIGZ1bmN0aW9u
IG1lYW5zIHRoZQ0KPiBzZXJ2ZXIgaGFzIHNlbnQgdXMgYSBnYXJiYWdlIHZlcmlmaWVyLiBUaGUg
Z3NzX3ZhbGlkYXRlIGZ1bmN0aW9uIGlzIHRoZQ0KPiBleGNlcHRpb24gd2hlcmUgdGhlcmUgaXMg
YW4gLUVBQ0NFUyBjYXNlIGlmIHRoZSB1c2VyIEdTU19jb250ZXh0IG9uIHRoZSBjbGllbnQNCj4g
aGFzIGV4cGlyZWQuDQo+IA0KPiBTaWduZWQtb2ZmLWJ5OiBBbmR5IEFkYW1zb24gPGFuZHJvc0Bu
ZXRhcHAuY29tPg0KPiAtLS0NCj4gIG5ldC9zdW5ycGMvYXV0aF9nc3MvYXV0aF9nc3MuYyB8ICA3
ICsrKysrLS0NCj4gIG5ldC9zdW5ycGMvYXV0aF9udWxsLmMgICAgICAgICB8ICA1ICsrKy0tDQo+
ICBuZXQvc3VucnBjL2F1dGhfdW5peC5jICAgICAgICAgfCAgNSArKystLQ0KPiAgbmV0L3N1bnJw
Yy9jbG50LmMgICAgICAgICAgICAgIHwgMTcgKysrKysrKysrKy0tLS0tLS0NCj4gIDQgZmlsZXMg
Y2hhbmdlZCwgMjEgaW5zZXJ0aW9ucygrKSwgMTMgZGVsZXRpb25zKC0pDQo+IA0KPiBkaWZmIC0t
Z2l0IGEvbmV0L3N1bnJwYy9hdXRoX2dzcy9hdXRoX2dzcy5jIGIvbmV0L3N1bnJwYy9hdXRoX2dz
cy9hdXRoX2dzcy5jDQo+IGluZGV4IGUxZjQ3MzUuLmQwNTAwYmMgMTAwNjQ0DQo+IC0tLSBhL25l
dC9zdW5ycGMvYXV0aF9nc3MvYXV0aF9nc3MuYw0KPiArKysgYi9uZXQvc3VucnBjL2F1dGhfZ3Nz
L2F1dGhfZ3NzLmMNCj4gQEAgLTEzMzQsNiArMTMzNCw3IEBAIGdzc192YWxpZGF0ZShzdHJ1Y3Qg
cnBjX3Rhc2sgKnRhc2ssIF9fYmUzMiAqcCkNCj4gIAlzdHJ1Y3QgeGRyX25ldG9iaiBtaWM7DQo+
ICAJdTMyCQlmbGF2LGxlbjsNCj4gIAl1MzIJCW1hal9zdGF0Ow0KPiArCV9fYmUzMgkJKnJldCA9
IEVSUl9QVFIoLUVJTyk7DQo+ICANCj4gIAlkcHJpbnRrKCJSUEM6ICU1dSAlc1xuIiwgdGFzay0+
dGtfcGlkLCBfX2Z1bmNfXyk7DQo+ICANCj4gQEAgLTEzNDksNiArMTM1MCw3IEBAIGdzc192YWxp
ZGF0ZShzdHJ1Y3QgcnBjX3Rhc2sgKnRhc2ssIF9fYmUzMiAqcCkNCj4gIAltaWMuZGF0YSA9ICh1
OCAqKXA7DQo+ICAJbWljLmxlbiA9IGxlbjsNCj4gIA0KPiArCXJldCA9IEVSUl9QVFIoLUVBQ0NF
Uyk7DQo+ICAJbWFqX3N0YXQgPSBnc3NfdmVyaWZ5X21pYyhjdHgtPmdjX2dzc19jdHgsICZ2ZXJm
X2J1ZiwgJm1pYyk7DQo+ICAJaWYgKG1hal9zdGF0ID09IEdTU19TX0NPTlRFWFRfRVhQSVJFRCkN
Cj4gIAkJY2xlYXJfYml0KFJQQ0FVVEhfQ1JFRF9VUFRPREFURSwgJmNyZWQtPmNyX2ZsYWdzKTsN
Cj4gQEAgLTEzNjYsOCArMTM2OCw5IEBAIGdzc192YWxpZGF0ZShzdHJ1Y3QgcnBjX3Rhc2sgKnRh
c2ssIF9fYmUzMiAqcCkNCj4gIAlyZXR1cm4gcCArIFhEUl9RVUFETEVOKGxlbik7DQo+ICBvdXRf
YmFkOg0KPiAgCWdzc19wdXRfY3R4KGN0eCk7DQo+IC0JZHByaW50aygiUlBDOiAlNXUgJXMgZmFp
bGVkLlxuIiwgdGFzay0+dGtfcGlkLCBfX2Z1bmNfXyk7DQo+IC0JcmV0dXJuIE5VTEw7DQo+ICsJ
ZHByaW50aygiUlBDOiAlNXUgJXMgZmFpbGVkIHJldCAlbGQuXG4iLCB0YXNrLT50a19waWQsIF9f
ZnVuY19fLA0KPiArCQlQVFJfRVJSKHJldCkpOw0KPiArCXJldHVybiByZXQ7DQo+ICB9DQo+ICAN
Cj4gIHN0YXRpYyB2b2lkIGdzc193cmFwX3JlcV9lbmNvZGUoa3hkcmVwcm9jX3QgZW5jb2RlLCBz
dHJ1Y3QgcnBjX3Jxc3QgKnJxc3RwLA0KPiBkaWZmIC0tZ2l0IGEvbmV0L3N1bnJwYy9hdXRoX251
bGwuYyBiL25ldC9zdW5ycGMvYXV0aF9udWxsLmMNCj4gaW5kZXggYTVjMzZjMC4uZDYwYTY3MyAx
MDA2NDQNCj4gLS0tIGEvbmV0L3N1bnJwYy9hdXRoX251bGwuYw0KPiArKysgYi9uZXQvc3VucnBj
L2F1dGhfbnVsbC5jDQo+IEBAIC04NCwxNyArODQsMTggQEAgbnVsX3ZhbGlkYXRlKHN0cnVjdCBy
cGNfdGFzayAqdGFzaywgX19iZTMyICpwKQ0KPiAgew0KPiAgCXJwY19hdXRoZmxhdm9yX3QJZmxh
dm9yOw0KPiAgCXUzMgkJCXNpemU7DQo+ICsJX19iZTMyCQkJKnJldCA9IEVSUl9QVFIoLUVJTyk7
DQo+ICANCj4gIAlmbGF2b3IgPSBudG9obCgqcCsrKTsNCj4gIAlpZiAoZmxhdm9yICE9IFJQQ19B
VVRIX05VTEwpIHsNCj4gIAkJcHJpbnRrKCJSUEM6IGJhZCB2ZXJmIGZsYXZvcjogJXVcbiIsIGZs
YXZvcik7DQo+IC0JCXJldHVybiBOVUxMOw0KPiArCQlyZXR1cm4gcmV0Ow0KDQpXaHkgbm90IGp1
c3QgcmV0dXJuIEVSUl9QVFIoLUVJTyk/IEl0IGRvZXNuJ3QgbG9vayBhcyBpZiAncmV0JyBjYW4g
ZXZlcg0KdGFrZSBhbnkgZGlmZmVyZW50IHZhbHVlcy4gRGl0dG8gYmVsb3cuDQoNCj4gIAl9DQo+
ICANCj4gIAlzaXplID0gbnRvaGwoKnArKyk7DQo+ICAJaWYgKHNpemUgIT0gMCkgew0KPiAgCQlw
cmludGsoIlJQQzogYmFkIHZlcmYgc2l6ZTogJXVcbiIsIHNpemUpOw0KPiAtCQlyZXR1cm4gTlVM
TDsNCj4gKwkJcmV0dXJuIHJldDsNCj4gIAl9DQo+ICANCj4gIAlyZXR1cm4gcDsNCj4gZGlmZiAt
LWdpdCBhL25ldC9zdW5ycGMvYXV0aF91bml4LmMgYi9uZXQvc3VucnBjL2F1dGhfdW5peC5jDQo+
IGluZGV4IGRjMzcwMjEuLjQ2MWE0NDQgMTAwNjQ0DQo+IC0tLSBhL25ldC9zdW5ycGMvYXV0aF91
bml4LmMNCj4gKysrIGIvbmV0L3N1bnJwYy9hdXRoX3VuaXguYw0KPiBAQCAtMTg2LDE5ICsxODYs
MjAgQEAgdW54X3ZhbGlkYXRlKHN0cnVjdCBycGNfdGFzayAqdGFzaywgX19iZTMyICpwKQ0KPiAg
ew0KPiAgCXJwY19hdXRoZmxhdm9yX3QJZmxhdm9yOw0KPiAgCXUzMgkJCXNpemU7DQo+ICsJX19i
ZTMyCQkJKnJldCA9IEVSUl9QVFIoLUVJTyk7DQo+ICANCj4gIAlmbGF2b3IgPSBudG9obCgqcCsr
KTsNCj4gIAlpZiAoZmxhdm9yICE9IFJQQ19BVVRIX05VTEwgJiYNCj4gIAkgICAgZmxhdm9yICE9
IFJQQ19BVVRIX1VOSVggJiYNCj4gIAkgICAgZmxhdm9yICE9IFJQQ19BVVRIX1NIT1JUKSB7DQo+
ICAJCXByaW50aygiUlBDOiBiYWQgdmVyZiBmbGF2b3I6ICV1XG4iLCBmbGF2b3IpOw0KPiAtCQly
ZXR1cm4gTlVMTDsNCj4gKwkJcmV0dXJuIHJldDsNCj4gIAl9DQo+ICANCj4gIAlzaXplID0gbnRv
aGwoKnArKyk7DQo+ICAJaWYgKHNpemUgPiBSUENfTUFYX0FVVEhfU0laRSkgew0KPiAgCQlwcmlu
dGsoIlJQQzogZ2lhbnQgdmVyZiBzaXplOiAldVxuIiwgc2l6ZSk7DQo+IC0JCXJldHVybiBOVUxM
Ow0KPiArCQlyZXR1cm4gcmV0Ow0KPiAgCX0NCj4gIAl0YXNrLT50a19ycXN0cC0+cnFfY3JlZC0+
Y3JfYXV0aC0+YXVfcnNsYWNrID0gKHNpemUgPj4gMikgKyAyOw0KPiAgCXAgKz0gKHNpemUgPj4g
Mik7DQo+IGRpZmYgLS1naXQgYS9uZXQvc3VucnBjL2NsbnQuYyBiL25ldC9zdW5ycGMvY2xudC5j
DQo+IGluZGV4IDY4ZTg1OTUuLjVlZmM4OWMgMTAwNjQ0DQo+IC0tLSBhL25ldC9zdW5ycGMvY2xu
dC5jDQo+ICsrKyBiL25ldC9zdW5ycGMvY2xudC5jDQo+IEBAIC0yMDkwLDcgKzIwOTAsOCBAQCBy
cGNfdmVyaWZ5X2hlYWRlcihzdHJ1Y3QgcnBjX3Rhc2sgKnRhc2spDQo+ICAJCWRwcmludGsoIlJQ
QzogJTV1ICVzOiBYRFIgcmVwcmVzZW50YXRpb24gbm90IGEgbXVsdGlwbGUgb2YiDQo+ICAJCSAg
ICAgICAiIDQgYnl0ZXM6IDB4JXhcbiIsIHRhc2stPnRrX3BpZCwgX19mdW5jX18sDQo+ICAJCSAg
ICAgICB0YXNrLT50a19ycXN0cC0+cnFfcmN2X2J1Zi5sZW4pOw0KPiAtCQlnb3RvIG91dF9laW87
DQo+ICsJCWVycm9yID0gLUVJTzsNCj4gKwkJZ290byBvdXRfZXJyOw0KPiAgCX0NCj4gIAlpZiAo
KGxlbiAtPSAzKSA8IDApDQo+ICAJCWdvdG8gb3V0X292ZXJmbG93Ow0KPiBAQCAtMjA5OSw2ICsy
MTAwLDcgQEAgcnBjX3ZlcmlmeV9oZWFkZXIoc3RydWN0IHJwY190YXNrICp0YXNrKQ0KPiAgCWlm
ICgobiA9IG50b2hsKCpwKyspKSAhPSBSUENfUkVQTFkpIHsNCj4gIAkJZHByaW50aygiUlBDOiAl
NXUgJXM6IG5vdCBhbiBSUEMgcmVwbHk6ICV4XG4iLA0KPiAgCQkJdGFzay0+dGtfcGlkLCBfX2Z1
bmNfXywgbik7DQo+ICsJCWVycm9yID0gLUVJTzsNCj4gIAkJZ290byBvdXRfZ2FyYmFnZTsNCj4g
IAl9DQo+ICANCj4gQEAgLTIxMTcsNyArMjExOSw4IEBAIHJwY192ZXJpZnlfaGVhZGVyKHN0cnVj
dCBycGNfdGFzayAqdGFzaykNCj4gIAkJCWRwcmludGsoIlJQQzogJTV1ICVzOiBSUEMgY2FsbCBy
ZWplY3RlZCwgIg0KPiAgCQkJCSJ1bmtub3duIGVycm9yOiAleFxuIiwNCj4gIAkJCQl0YXNrLT50
a19waWQsIF9fZnVuY19fLCBuKTsNCj4gLQkJCWdvdG8gb3V0X2VpbzsNCj4gKwkJCWVycm9yID0g
LUVJTzsNCj4gKwkJCWdvdG8gb3V0X2VycjsNCj4gIAkJfQ0KPiAgCQlpZiAoLS1sZW4gPCAwKQ0K
PiAgCQkJZ290byBvdXRfb3ZlcmZsb3c7DQo+IEBAIC0yMTYyLDkgKzIxNjUsMTEgQEAgcnBjX3Zl
cmlmeV9oZWFkZXIoc3RydWN0IHJwY190YXNrICp0YXNrKQ0KPiAgCQkJCXRhc2stPnRrX3BpZCwg
X19mdW5jX18sIG4pOw0KPiAgCQlnb3RvIG91dF9lcnI7DQo+ICAJfQ0KPiAtCWlmICghKHAgPSBy
cGNhdXRoX2NoZWNrdmVyZih0YXNrLCBwKSkpIHsNCj4gLQkJZHByaW50aygiUlBDOiAlNXUgJXM6
IGF1dGggY2hlY2sgZmFpbGVkXG4iLA0KPiAtCQkJCXRhc2stPnRrX3BpZCwgX19mdW5jX18pOw0K
PiArCXAgPSBycGNhdXRoX2NoZWNrdmVyZih0YXNrLCBwKTsNCj4gKwlpZiAoSVNfRVJSKHApKSB7
DQo+ICsJCWVycm9yID0gUFRSX0VSUihwKTsNCj4gKwkJZHByaW50aygiUlBDOiAlNXUgJXM6IGF1
dGggY2hlY2sgZmFpbGVkIHdpdGggJWRcbiIsDQo+ICsJCQkJdGFzay0+dGtfcGlkLCBfX2Z1bmNf
XywgZXJyb3IpOw0KPiAgCQlnb3RvIG91dF9nYXJiYWdlOwkJLyogYmFkIHZlcmlmaWVyLCByZXRy
eSAqLw0KPiAgCX0NCj4gIAlsZW4gPSBwIC0gKF9fYmUzMiAqKWlvdi0+aW92X2Jhc2UgLSAxOw0K
PiBAQCAtMjIxNyw4ICsyMjIyLDYgQEAgb3V0X2dhcmJhZ2U6DQo+ICBvdXRfcmV0cnk6DQo+ICAJ
CXJldHVybiBFUlJfUFRSKC1FQUdBSU4pOw0KPiAgCX0NCj4gLW91dF9laW86DQo+IC0JZXJyb3Ig
PSAtRUlPOw0KPiAgb3V0X2VycjoNCj4gIAlycGNfZXhpdCh0YXNrLCBlcnJvcik7DQo+ICAJZHBy
aW50aygiUlBDOiAlNXUgJXM6IGNhbGwgZmFpbGVkIHdpdGggZXJyb3IgJWRcbiIsIHRhc2stPnRr
X3BpZCwNCg0KLS0gDQpUcm9uZCBNeWtsZWJ1c3QNCkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5l
cg0KDQpOZXRBcHANClRyb25kLk15a2xlYnVzdEBuZXRhcHAuY29tDQp3d3cubmV0YXBwLmNvbQ0K