From: NeilBrown <neilb@suse.com>
To: "J. Bruce Fields" <bfields@fieldses.org>,
Chuck Lever <chuck.lever@oracle.com>,
Jeff Layton <jlayton@kernel.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna.schumaker@netapp.com>
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
linux-kernel@vger.kernel.org
Subject: [PATCH 14/23] SUNRPC: add side channel to use non-generic cred for rpc call.
Date: Mon, 03 Dec 2018 11:30:30 +1100 [thread overview]
Message-ID: <154379703067.28598.6540375775619413453.stgit@noble> (raw)
In-Reply-To: <154379689752.28598.6750646657534626618.stgit@noble>
The credential passed in rpc_message.rpc_cred is always a
generic credential except in one instance.
When gss_destroying_context() calls rpc_call_null(), it passes
a specific credential that it needs to destroy.
In this case the RPC acts *on* the credential rather than
being authorized by it.
This special case deserves explicit support and providing that will
mean that rpc_message.rpc_cred is *always* generic, allowing
some optimizations.
So add "tk_op_cred" to rpc_task and "rpc_op_cred" to the setup data.
Use this to pass the cred down from rpc_call_null(), and have
rpcauth_bindcred() notice it and bind it in place.
Credit to kernel test robot <fengguang.wu@intel.com> for finding
a bug in earlier version of this patch.
Signed-off-by: NeilBrown <neilb@suse.com>
---
include/linux/sunrpc/sched.h | 2 ++
net/sunrpc/auth.c | 6 +++++-
net/sunrpc/clnt.c | 2 +-
net/sunrpc/sched.c | 3 +++
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/include/linux/sunrpc/sched.h b/include/linux/sunrpc/sched.h
index bd722ebc70b7..4e2b893b83a8 100644
--- a/include/linux/sunrpc/sched.h
+++ b/include/linux/sunrpc/sched.h
@@ -71,6 +71,7 @@ struct rpc_task {
struct rpc_clnt * tk_client; /* RPC client */
struct rpc_xprt * tk_xprt; /* Transport */
+ struct rpc_cred * tk_op_cred; /* cred being operated on */
struct rpc_rqst * tk_rqstp; /* RPC request */
@@ -105,6 +106,7 @@ struct rpc_task_setup {
struct rpc_task *task;
struct rpc_clnt *rpc_client;
struct rpc_xprt *rpc_xprt;
+ struct rpc_cred *rpc_op_cred; /* credential being operated on */
const struct rpc_message *rpc_message;
const struct rpc_call_ops *callback_ops;
void *callback_data;
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index dcfcc590b34e..27d90578e7a0 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -751,7 +751,11 @@ rpcauth_bindcred(struct rpc_task *task, struct rpc_cred *cred, int flags)
if (flags & RPC_TASK_ASYNC)
lookupflags |= RPCAUTH_LOOKUP_NEW;
- if (cred != NULL && cred != &machine_cred)
+ if (task->tk_op_cred)
+ /* Task must use exactly this rpc_cred */
+ new = task->tk_op_cred->cr_ops->crbind(task, task->tk_op_cred,
+ lookupflags);
+ else if (cred != NULL && cred != &machine_cred)
new = cred->cr_ops->crbind(task, cred, lookupflags);
else if (cred == &machine_cred)
new = rpcauth_bind_machine_cred(task, lookupflags);
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 1217d874202c..87a517d576c1 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -2525,12 +2525,12 @@ struct rpc_task *rpc_call_null_helper(struct rpc_clnt *clnt,
{
struct rpc_message msg = {
.rpc_proc = &rpcproc_null,
- .rpc_cred = cred,
};
struct rpc_task_setup task_setup_data = {
.rpc_client = clnt,
.rpc_xprt = xprt,
.rpc_message = &msg,
+ .rpc_op_cred = cred,
.callback_ops = (ops != NULL) ? ops : &rpc_default_ops,
.callback_data = data,
.flags = flags,
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index 57ca5bead1cb..c9f65037a6ad 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -997,6 +997,8 @@ static void rpc_init_task(struct rpc_task *task, const struct rpc_task_setup *ta
task->tk_xprt = xprt_get(task_setup_data->rpc_xprt);
+ task->tk_op_cred = get_rpccred(task_setup_data->rpc_op_cred);
+
if (task->tk_ops->rpc_call_prepare != NULL)
task->tk_action = rpc_prepare_task;
@@ -1054,6 +1056,7 @@ static void rpc_free_task(struct rpc_task *task)
{
unsigned short tk_flags = task->tk_flags;
+ put_rpccred(task->tk_op_cred);
rpc_release_calldata(task->tk_ops, task->tk_calldata);
if (tk_flags & RPC_TASK_DYNAMIC) {
next prev parent reply other threads:[~2018-12-03 0:33 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-03 0:30 [PATCH 00/23 - V5] NFS: Remove generic RPC credentials NeilBrown
2018-12-03 0:30 ` [PATCH 05/23] SUNRPC: add 'struct cred *' to auth_cred and rpc_cred NeilBrown
2018-12-03 0:30 ` [PATCH 15/23] NFS: move credential expiry tracking out of SUNRPC into NFS NeilBrown
2018-12-03 0:30 ` NeilBrown [this message]
2018-12-03 0:30 ` [PATCH 03/23] cred: export get_task_cred() NeilBrown
2018-12-03 0:30 ` [PATCH 16/23] SUNRPC: remove RPCAUTH_AUTH_NO_CRKEY_TIMEOUT NeilBrown
2018-12-03 0:30 ` [PATCH 18/23] NFS: struct nfs_open_dir_context: convert rpc_cred pointer to cred NeilBrown
2018-12-03 0:30 ` [PATCH 11/23] SUNRPC: discard RPC_DO_ROOTOVERRIDE() NeilBrown
2018-12-03 0:30 ` [PATCH 08/23] SUNRPC: remove machine_cred field from struct auth_cred NeilBrown
2018-12-03 0:30 ` [PATCH 12/23] NFS/SUNRPC: don't lookup machine credential until rpcauth_bindcred() NeilBrown
2018-12-03 0:30 ` [PATCH 09/23] NFSv4: add cl_root_cred for use when machine cred is not available NeilBrown
2018-12-03 0:30 ` [PATCH 06/23] SUNRPC: remove groupinfo from struct auth_cred NeilBrown
2018-12-03 0:30 ` [PATCH 04/23] cred: allow get_cred() and put_cred() to be given NULL NeilBrown
2018-12-03 0:30 ` [PATCH 13/23] SUNRPC: introduce RPC_TASK_NULLCREDS to request auth_none NeilBrown
2018-12-03 0:30 ` [PATCH 07/23] SUNRPC: remove uid and gid from struct auth_cred NeilBrown
2018-12-03 0:30 ` [PATCH 02/23] cred: add get_cred_rcu() NeilBrown
2018-12-03 0:30 ` [PATCH 10/23] NFSv4: don't require lock for get_renew_cred or get_machine_cred NeilBrown
2018-12-03 0:30 ` [PATCH 17/23] NFS: change access cache to use 'struct cred' NeilBrown
2018-12-03 0:30 ` [PATCH 01/23] cred: add cred_fscmp() for comparing creds NeilBrown
2018-12-03 0:30 ` [PATCH 23/23] SUNRPC discard cr_uid from struct rpc_cred NeilBrown
2018-12-03 0:30 ` [PATCH 22/23] SUNRPC: simplify auth_unix NeilBrown
2018-12-03 0:30 ` [PATCH 19/23] NFS/NFSD/SUNRPC: replace generic creds with 'struct cred' NeilBrown
2018-12-03 0:30 ` [PATCH 20/23] SUNRPC: remove generic cred code NeilBrown
2018-12-03 0:30 ` [PATCH 21/23] SUNRPC: remove crbind rpc_cred operation NeilBrown
2018-12-04 20:21 ` [PATCH 00/23 - V5] NFS: Remove generic RPC credentials J. Bruce Fields
2018-12-04 21:33 ` Schumaker, Anna
2018-12-05 1:47 ` bfields
-- strict thread matches above, loose matches on Subject: below --
2018-11-07 4:12 [PATCH 00/23 - V4] " NeilBrown
2018-11-07 4:12 ` [PATCH 14/23] SUNRPC: add side channel to use non-generic cred for rpc call NeilBrown
2018-02-19 5:02 [PATCH 00/23] Remove generic rpc credentials, and associated changed - V3 NeilBrown
2018-02-19 5:02 ` [PATCH 14/23] SUNRPC: add side channel to use non-generic cred for rpc call NeilBrown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=154379703067.28598.6540375775619413453.stgit@noble \
--to=neilb@suse.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.