* [PATCH] gss: remove legacy gssd upcall pipe
@ 2021-09-28 19:34 J. Bruce Fields
2021-09-28 19:37 ` J. Bruce Fields
0 siblings, 1 reply; 7+ messages in thread
From: J. Bruce Fields @ 2021-09-28 19:34 UTC (permalink / raw)
To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs
From: "J. Bruce Fields" <bfields@redhat.com>
This code exists only for compatibility with nfs-utils before
0cfdc66de043 "gssd: handle new client upcall" (which first appeared in
nfs-utils version 1.2.2, in 2019). After 12 years, maybe it's time to
drop that compatibility code.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
net/sunrpc/auth_gss/auth_gss.c | 102 ++++-----------------------------
1 file changed, 12 insertions(+), 90 deletions(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5f42aa5fc612..8929178410e7 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -73,13 +73,7 @@ struct gss_auth {
enum rpc_gss_svc service;
struct rpc_clnt *client;
struct net *net;
- /*
- * There are two upcall pipes; dentry[1], named "gssd", is used
- * for the new text-based upcall; dentry[0] is named after the
- * mechanism (for example, "krb5") and exists for
- * backwards-compatibility with older gssd's.
- */
- struct gss_pipe *gss_pipe[2];
+ struct gss_pipe *gss_pipe;
const char *target_name;
};
@@ -90,7 +84,6 @@ static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
static void gss_put_auth(struct gss_auth *gss_auth);
static void gss_free_ctx(struct gss_cl_ctx *);
-static const struct rpc_pipe_ops gss_upcall_ops_v0;
static const struct rpc_pipe_ops gss_upcall_ops_v1;
static inline struct gss_cl_ctx *
@@ -261,7 +254,7 @@ static int get_pipe_version(struct net *net)
spin_lock(&pipe_version_lock);
if (sn->pipe_version >= 0) {
atomic_inc(&sn->pipe_users);
- ret = sn->pipe_version;
+ ret = 0;
} else
ret = -EAGAIN;
spin_unlock(&pipe_version_lock);
@@ -385,31 +378,6 @@ gss_upcall_callback(struct rpc_task *task)
gss_release_msg(gss_msg);
}
-static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
- const struct cred *cred)
-{
- struct user_namespace *userns = cred->user_ns;
-
- uid_t uid = from_kuid_munged(userns, gss_msg->uid);
- memcpy(gss_msg->databuf, &uid, sizeof(uid));
- gss_msg->msg.data = gss_msg->databuf;
- gss_msg->msg.len = sizeof(uid);
-
- BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
-}
-
-static ssize_t
-gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
- char __user *buf, size_t buflen)
-{
- struct gss_upcall_msg *gss_msg = container_of(msg,
- struct gss_upcall_msg,
- msg);
- if (msg->copied == 0)
- gss_encode_v0_msg(gss_msg, file->f_cred);
- return rpc_pipe_generic_upcall(file, msg, buf, buflen);
-}
-
static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
const char *service_name,
const char *target_name,
@@ -507,17 +475,15 @@ gss_alloc_msg(struct gss_auth *gss_auth,
kuid_t uid, const char *service_name)
{
struct gss_upcall_msg *gss_msg;
- int vers;
int err = -ENOMEM;
gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
if (gss_msg == NULL)
goto err;
- vers = get_pipe_version(gss_auth->net);
- err = vers;
+ err = get_pipe_version(gss_auth->net);
if (err < 0)
goto err_free_msg;
- gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
+ gss_msg->pipe = gss_auth->gss_pipe->pipe;
INIT_LIST_HEAD(&gss_msg->list);
rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
init_waitqueue_head(&gss_msg->waitqueue);
@@ -777,38 +743,21 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
return err;
}
-static int gss_pipe_open(struct inode *inode, int new_version)
+static int gss_pipe_open(struct inode *inode)
{
struct net *net = inode->i_sb->s_fs_info;
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
- int ret = 0;
spin_lock(&pipe_version_lock);
if (sn->pipe_version < 0) {
- /* First open of any gss pipe determines the version: */
- sn->pipe_version = new_version;
+ sn->pipe_version = 1;
rpc_wake_up(&pipe_version_rpc_waitqueue);
wake_up(&pipe_version_waitqueue);
- } else if (sn->pipe_version != new_version) {
- /* Trying to open a pipe of a different version */
- ret = -EBUSY;
- goto out;
}
atomic_inc(&sn->pipe_users);
-out:
spin_unlock(&pipe_version_lock);
- return ret;
-
-}
-
-static int gss_pipe_open_v0(struct inode *inode)
-{
- return gss_pipe_open(inode, 0);
-}
+ return 0;
-static int gss_pipe_open_v1(struct inode *inode)
-{
- return gss_pipe_open(inode, 1);
}
static void
@@ -1039,30 +988,14 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
err = rpcauth_init_credcache(auth);
if (err)
goto err_put_mech;
- /*
- * Note: if we created the old pipe first, then someone who
- * examined the directory at the right moment might conclude
- * that we supported only the old pipe. So we instead create
- * the new pipe first.
- */
gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
if (IS_ERR(gss_pipe)) {
err = PTR_ERR(gss_pipe);
goto err_destroy_credcache;
}
- gss_auth->gss_pipe[1] = gss_pipe;
-
- gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
- &gss_upcall_ops_v0);
- if (IS_ERR(gss_pipe)) {
- err = PTR_ERR(gss_pipe);
- goto err_destroy_pipe_1;
- }
- gss_auth->gss_pipe[0] = gss_pipe;
+ gss_auth->gss_pipe = gss_pipe;
return gss_auth;
-err_destroy_pipe_1:
- gss_pipe_free(gss_auth->gss_pipe[1]);
err_destroy_credcache:
rpcauth_destroy_credcache(auth);
err_put_mech:
@@ -1081,8 +1014,7 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
static void
gss_free(struct gss_auth *gss_auth)
{
- gss_pipe_free(gss_auth->gss_pipe[0]);
- gss_pipe_free(gss_auth->gss_pipe[1]);
+ gss_pipe_free(gss_auth->gss_pipe);
gss_mech_put(gss_auth->mech);
put_net(gss_auth->net);
kfree(gss_auth->target_name);
@@ -1117,10 +1049,8 @@ gss_destroy(struct rpc_auth *auth)
spin_unlock(&gss_auth_hash_lock);
}
- gss_pipe_free(gss_auth->gss_pipe[0]);
- gss_auth->gss_pipe[0] = NULL;
- gss_pipe_free(gss_auth->gss_pipe[1]);
- gss_auth->gss_pipe[1] = NULL;
+ gss_pipe_free(gss_auth->gss_pipe);
+ gss_auth->gss_pipe = NULL;
rpcauth_destroy_credcache(auth);
gss_put_auth(gss_auth);
@@ -2179,19 +2109,11 @@ static const struct rpc_credops gss_nullops = {
.crstringify_acceptor = gss_stringify_acceptor,
};
-static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
- .upcall = gss_v0_upcall,
- .downcall = gss_pipe_downcall,
- .destroy_msg = gss_pipe_destroy_msg,
- .open_pipe = gss_pipe_open_v0,
- .release_pipe = gss_pipe_release,
-};
-
static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
.upcall = gss_v1_upcall,
.downcall = gss_pipe_downcall,
.destroy_msg = gss_pipe_destroy_msg,
- .open_pipe = gss_pipe_open_v1,
+ .open_pipe = gss_pipe_open,
.release_pipe = gss_pipe_release,
};
--
2.31.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] gss: remove legacy gssd upcall pipe
2021-09-28 19:34 [PATCH] gss: remove legacy gssd upcall pipe J. Bruce Fields
@ 2021-09-28 19:37 ` J. Bruce Fields
2021-09-28 21:17 ` J. Bruce Fields
0 siblings, 1 reply; 7+ messages in thread
From: J. Bruce Fields @ 2021-09-28 19:37 UTC (permalink / raw)
To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs
Just an odd todo I keep forgetting:
On Tue, Sep 28, 2021 at 03:34:42PM -0400, bfields wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> This code exists only for compatibility with nfs-utils before
> 0cfdc66de043 "gssd: handle new client upcall" (which first appeared in
> nfs-utils version 1.2.2, in 2019). After 12 years, maybe it's time to
> drop that compatibility code.
There's probably more that could go too. It wasn't immediately obvious
to me whether the code that waits for an open at the start of
gss_{refresh,create}_upcall is still useful.
--b.
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> ---
> net/sunrpc/auth_gss/auth_gss.c | 102 ++++-----------------------------
> 1 file changed, 12 insertions(+), 90 deletions(-)
>
> diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> index 5f42aa5fc612..8929178410e7 100644
> --- a/net/sunrpc/auth_gss/auth_gss.c
> +++ b/net/sunrpc/auth_gss/auth_gss.c
> @@ -73,13 +73,7 @@ struct gss_auth {
> enum rpc_gss_svc service;
> struct rpc_clnt *client;
> struct net *net;
> - /*
> - * There are two upcall pipes; dentry[1], named "gssd", is used
> - * for the new text-based upcall; dentry[0] is named after the
> - * mechanism (for example, "krb5") and exists for
> - * backwards-compatibility with older gssd's.
> - */
> - struct gss_pipe *gss_pipe[2];
> + struct gss_pipe *gss_pipe;
> const char *target_name;
> };
>
> @@ -90,7 +84,6 @@ static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
> static void gss_put_auth(struct gss_auth *gss_auth);
>
> static void gss_free_ctx(struct gss_cl_ctx *);
> -static const struct rpc_pipe_ops gss_upcall_ops_v0;
> static const struct rpc_pipe_ops gss_upcall_ops_v1;
>
> static inline struct gss_cl_ctx *
> @@ -261,7 +254,7 @@ static int get_pipe_version(struct net *net)
> spin_lock(&pipe_version_lock);
> if (sn->pipe_version >= 0) {
> atomic_inc(&sn->pipe_users);
> - ret = sn->pipe_version;
> + ret = 0;
> } else
> ret = -EAGAIN;
> spin_unlock(&pipe_version_lock);
> @@ -385,31 +378,6 @@ gss_upcall_callback(struct rpc_task *task)
> gss_release_msg(gss_msg);
> }
>
> -static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
> - const struct cred *cred)
> -{
> - struct user_namespace *userns = cred->user_ns;
> -
> - uid_t uid = from_kuid_munged(userns, gss_msg->uid);
> - memcpy(gss_msg->databuf, &uid, sizeof(uid));
> - gss_msg->msg.data = gss_msg->databuf;
> - gss_msg->msg.len = sizeof(uid);
> -
> - BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
> -}
> -
> -static ssize_t
> -gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
> - char __user *buf, size_t buflen)
> -{
> - struct gss_upcall_msg *gss_msg = container_of(msg,
> - struct gss_upcall_msg,
> - msg);
> - if (msg->copied == 0)
> - gss_encode_v0_msg(gss_msg, file->f_cred);
> - return rpc_pipe_generic_upcall(file, msg, buf, buflen);
> -}
> -
> static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
> const char *service_name,
> const char *target_name,
> @@ -507,17 +475,15 @@ gss_alloc_msg(struct gss_auth *gss_auth,
> kuid_t uid, const char *service_name)
> {
> struct gss_upcall_msg *gss_msg;
> - int vers;
> int err = -ENOMEM;
>
> gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
> if (gss_msg == NULL)
> goto err;
> - vers = get_pipe_version(gss_auth->net);
> - err = vers;
> + err = get_pipe_version(gss_auth->net);
> if (err < 0)
> goto err_free_msg;
> - gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
> + gss_msg->pipe = gss_auth->gss_pipe->pipe;
> INIT_LIST_HEAD(&gss_msg->list);
> rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
> init_waitqueue_head(&gss_msg->waitqueue);
> @@ -777,38 +743,21 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
> return err;
> }
>
> -static int gss_pipe_open(struct inode *inode, int new_version)
> +static int gss_pipe_open(struct inode *inode)
> {
> struct net *net = inode->i_sb->s_fs_info;
> struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> - int ret = 0;
>
> spin_lock(&pipe_version_lock);
> if (sn->pipe_version < 0) {
> - /* First open of any gss pipe determines the version: */
> - sn->pipe_version = new_version;
> + sn->pipe_version = 1;
> rpc_wake_up(&pipe_version_rpc_waitqueue);
> wake_up(&pipe_version_waitqueue);
> - } else if (sn->pipe_version != new_version) {
> - /* Trying to open a pipe of a different version */
> - ret = -EBUSY;
> - goto out;
> }
> atomic_inc(&sn->pipe_users);
> -out:
> spin_unlock(&pipe_version_lock);
> - return ret;
> -
> -}
> -
> -static int gss_pipe_open_v0(struct inode *inode)
> -{
> - return gss_pipe_open(inode, 0);
> -}
> + return 0;
>
> -static int gss_pipe_open_v1(struct inode *inode)
> -{
> - return gss_pipe_open(inode, 1);
> }
>
> static void
> @@ -1039,30 +988,14 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
> err = rpcauth_init_credcache(auth);
> if (err)
> goto err_put_mech;
> - /*
> - * Note: if we created the old pipe first, then someone who
> - * examined the directory at the right moment might conclude
> - * that we supported only the old pipe. So we instead create
> - * the new pipe first.
> - */
> gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
> if (IS_ERR(gss_pipe)) {
> err = PTR_ERR(gss_pipe);
> goto err_destroy_credcache;
> }
> - gss_auth->gss_pipe[1] = gss_pipe;
> -
> - gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
> - &gss_upcall_ops_v0);
> - if (IS_ERR(gss_pipe)) {
> - err = PTR_ERR(gss_pipe);
> - goto err_destroy_pipe_1;
> - }
> - gss_auth->gss_pipe[0] = gss_pipe;
> + gss_auth->gss_pipe = gss_pipe;
>
> return gss_auth;
> -err_destroy_pipe_1:
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> err_destroy_credcache:
> rpcauth_destroy_credcache(auth);
> err_put_mech:
> @@ -1081,8 +1014,7 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
> static void
> gss_free(struct gss_auth *gss_auth)
> {
> - gss_pipe_free(gss_auth->gss_pipe[0]);
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> + gss_pipe_free(gss_auth->gss_pipe);
> gss_mech_put(gss_auth->mech);
> put_net(gss_auth->net);
> kfree(gss_auth->target_name);
> @@ -1117,10 +1049,8 @@ gss_destroy(struct rpc_auth *auth)
> spin_unlock(&gss_auth_hash_lock);
> }
>
> - gss_pipe_free(gss_auth->gss_pipe[0]);
> - gss_auth->gss_pipe[0] = NULL;
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> - gss_auth->gss_pipe[1] = NULL;
> + gss_pipe_free(gss_auth->gss_pipe);
> + gss_auth->gss_pipe = NULL;
> rpcauth_destroy_credcache(auth);
>
> gss_put_auth(gss_auth);
> @@ -2179,19 +2109,11 @@ static const struct rpc_credops gss_nullops = {
> .crstringify_acceptor = gss_stringify_acceptor,
> };
>
> -static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
> - .upcall = gss_v0_upcall,
> - .downcall = gss_pipe_downcall,
> - .destroy_msg = gss_pipe_destroy_msg,
> - .open_pipe = gss_pipe_open_v0,
> - .release_pipe = gss_pipe_release,
> -};
> -
> static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
> .upcall = gss_v1_upcall,
> .downcall = gss_pipe_downcall,
> .destroy_msg = gss_pipe_destroy_msg,
> - .open_pipe = gss_pipe_open_v1,
> + .open_pipe = gss_pipe_open,
> .release_pipe = gss_pipe_release,
> };
>
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] gss: remove legacy gssd upcall pipe
2021-09-28 19:37 ` J. Bruce Fields
@ 2021-09-28 21:17 ` J. Bruce Fields
2021-10-01 13:30 ` [PATCH v2] " J. Bruce Fields
0 siblings, 1 reply; 7+ messages in thread
From: J. Bruce Fields @ 2021-09-28 21:17 UTC (permalink / raw)
To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs
On Tue, Sep 28, 2021 at 03:37:56PM -0400, J. Bruce Fields wrote:
> Just an odd todo I keep forgetting:
>
> On Tue, Sep 28, 2021 at 03:34:42PM -0400, bfields wrote:
> > From: "J. Bruce Fields" <bfields@redhat.com>
> >
> > This code exists only for compatibility with nfs-utils before
> > 0cfdc66de043 "gssd: handle new client upcall" (which first appeared in
> > nfs-utils version 1.2.2, in 2019). After 12 years, maybe it's time to
> > drop that compatibility code.
>
> There's probably more that could go too. It wasn't immediately obvious
> to me whether the code that waits for an open at the start of
> gss_{refresh,create}_upcall is still useful.
Eh, I think that can all go too.
--b.
include/linux/sunrpc/rpc_pipe_fs.h | 1 -
net/sunrpc/auth_gss/auth_gss.c | 75 +-------------------------------------
net/sunrpc/rpc_pipe.c | 7 ----
3 files changed, 1 insertion(+), 82 deletions(-)
diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
index cd188a527d16..f8a11d1cfbf8 100644
--- a/include/linux/sunrpc/rpc_pipe_fs.h
+++ b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -36,7 +36,6 @@ struct rpc_pipe_ops {
ssize_t (*upcall)(struct file *, struct rpc_pipe_msg *, char __user *, size_t);
ssize_t (*downcall)(struct file *, const char __user *, size_t);
void (*release_pipe)(struct inode *);
- int (*open_pipe)(struct inode *);
void (*destroy_msg)(struct rpc_pipe_msg *);
};
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 8929178410e7..71fd2fb7c5fb 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -77,10 +77,6 @@ struct gss_auth {
const char *target_name;
};
-/* pipe_version >= 0 if and only if someone has a pipe open. */
-static DEFINE_SPINLOCK(pipe_version_lock);
-static struct rpc_wait_queue pipe_version_rpc_waitqueue;
-static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
static void gss_put_auth(struct gss_auth *gss_auth);
static void gss_free_ctx(struct gss_cl_ctx *);
@@ -246,38 +242,11 @@ struct gss_upcall_msg {
char databuf[UPCALL_BUF_LEN];
};
-static int get_pipe_version(struct net *net)
-{
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
- int ret;
-
- spin_lock(&pipe_version_lock);
- if (sn->pipe_version >= 0) {
- atomic_inc(&sn->pipe_users);
- ret = 0;
- } else
- ret = -EAGAIN;
- spin_unlock(&pipe_version_lock);
- return ret;
-}
-
-static void put_pipe_version(struct net *net)
-{
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
-
- if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
- sn->pipe_version = -1;
- spin_unlock(&pipe_version_lock);
- }
-}
-
static void
gss_release_msg(struct gss_upcall_msg *gss_msg)
{
- struct net *net = gss_msg->auth->net;
if (!refcount_dec_and_test(&gss_msg->count))
return;
- put_pipe_version(net);
BUG_ON(!list_empty(&gss_msg->list));
if (gss_msg->ctx != NULL)
gss_put_ctx(gss_msg->ctx);
@@ -480,9 +449,6 @@ gss_alloc_msg(struct gss_auth *gss_auth,
gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
if (gss_msg == NULL)
goto err;
- err = get_pipe_version(gss_auth->net);
- if (err < 0)
- goto err_free_msg;
gss_msg->pipe = gss_auth->gss_pipe->pipe;
INIT_LIST_HEAD(&gss_msg->list);
rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
@@ -495,12 +461,10 @@ gss_alloc_msg(struct gss_auth *gss_auth,
gss_msg->service_name = kstrdup_const(service_name, GFP_NOFS);
if (!gss_msg->service_name) {
err = -ENOMEM;
- goto err_put_pipe_version;
+ goto err_free_msg;
}
}
return gss_msg;
-err_put_pipe_version:
- put_pipe_version(gss_auth->net);
err_free_msg:
kfree(gss_msg);
err:
@@ -556,8 +520,6 @@ gss_refresh_upcall(struct rpc_task *task)
/* XXX: warning on the first, under the assumption we
* shouldn't normally hit this case on a refresh. */
warn_gssd();
- rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
- task, NULL, jiffies + (15 * HZ));
err = -EAGAIN;
goto out;
}
@@ -590,14 +552,12 @@ static inline int
gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
{
struct net *net = gss_auth->net;
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
struct rpc_pipe *pipe;
struct rpc_cred *cred = &gss_cred->gc_base;
struct gss_upcall_msg *gss_msg;
DEFINE_WAIT(wait);
int err;
-retry:
err = 0;
/* if gssd is down, just skip upcalling altogether */
if (!gssd_running(net)) {
@@ -606,17 +566,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
goto out;
}
gss_msg = gss_setup_upcall(gss_auth, cred);
- if (PTR_ERR(gss_msg) == -EAGAIN) {
- err = wait_event_interruptible_timeout(pipe_version_waitqueue,
- sn->pipe_version >= 0, 15 * HZ);
- if (sn->pipe_version < 0) {
- warn_gssd();
- err = -EACCES;
- }
- if (err < 0)
- goto out;
- goto retry;
- }
if (IS_ERR(gss_msg)) {
err = PTR_ERR(gss_msg);
goto out;
@@ -743,27 +692,9 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
return err;
}
-static int gss_pipe_open(struct inode *inode)
-{
- struct net *net = inode->i_sb->s_fs_info;
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
-
- spin_lock(&pipe_version_lock);
- if (sn->pipe_version < 0) {
- sn->pipe_version = 1;
- rpc_wake_up(&pipe_version_rpc_waitqueue);
- wake_up(&pipe_version_waitqueue);
- }
- atomic_inc(&sn->pipe_users);
- spin_unlock(&pipe_version_lock);
- return 0;
-
-}
-
static void
gss_pipe_release(struct inode *inode)
{
- struct net *net = inode->i_sb->s_fs_info;
struct rpc_pipe *pipe = RPC_I(inode)->pipe;
struct gss_upcall_msg *gss_msg;
@@ -781,8 +712,6 @@ gss_pipe_release(struct inode *inode)
goto restart;
}
spin_unlock(&pipe->lock);
-
- put_pipe_version(net);
}
static void
@@ -2113,7 +2042,6 @@ static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
.upcall = gss_v1_upcall,
.downcall = gss_pipe_downcall,
.destroy_msg = gss_pipe_destroy_msg,
- .open_pipe = gss_pipe_open,
.release_pipe = gss_pipe_release,
};
@@ -2148,7 +2076,6 @@ static int __init init_rpcsec_gss(void)
err = register_pernet_subsys(&rpcsec_gss_net_ops);
if (err)
goto out_svc_exit;
- rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
return 0;
out_svc_exit:
gss_svc_shutdown();
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index ee5336d73fdd..f34bafb0dbd3 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -213,19 +213,12 @@ static int
rpc_pipe_open(struct inode *inode, struct file *filp)
{
struct rpc_pipe *pipe;
- int first_open;
int res = -ENXIO;
inode_lock(inode);
pipe = RPC_I(inode)->pipe;
if (pipe == NULL)
goto out;
- first_open = pipe->nreaders == 0 && pipe->nwriters == 0;
- if (first_open && pipe->ops->open_pipe) {
- res = pipe->ops->open_pipe(inode);
- if (res)
- goto out;
- }
if (filp->f_mode & FMODE_READ)
pipe->nreaders++;
if (filp->f_mode & FMODE_WRITE)
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2] gss: remove legacy gssd upcall pipe
2021-09-28 21:17 ` J. Bruce Fields
@ 2021-10-01 13:30 ` J. Bruce Fields
2021-10-03 0:07 ` J. Bruce Fields
0 siblings, 1 reply; 7+ messages in thread
From: J. Bruce Fields @ 2021-10-01 13:30 UTC (permalink / raw)
To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs
From: "J. Bruce Fields" <bfields@redhat.com>
This code exists only for compatibility with nfs-utils before
0cfdc66de043 "gssd: handle new client upcall" (which first appeared in
nfs-utils version 1.2.2, in 2019). After 12 years, maybe it's time to
drop that compatibility code.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
include/linux/sunrpc/rpc_pipe_fs.h | 1 -
net/sunrpc/auth_gss/auth_gss.c | 165 ++---------------------------
net/sunrpc/rpc_pipe.c | 7 --
3 files changed, 7 insertions(+), 166 deletions(-)
On Tue, Sep 28, 2021 at 05:17:55PM -0400, J. Bruce Fields wrote:
> On Tue, Sep 28, 2021 at 03:37:56PM -0400, J. Bruce Fields wrote:
> > There's probably more that could go too. It wasn't immediately obvious
> > to me whether the code that waits for an open at the start of
> > gss_{refresh,create}_upcall is still useful.
>
> Eh, I think that can all go too.
Here's the combined version.
diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
index cd188a527d16..f8a11d1cfbf8 100644
--- a/include/linux/sunrpc/rpc_pipe_fs.h
+++ b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -36,7 +36,6 @@ struct rpc_pipe_ops {
ssize_t (*upcall)(struct file *, struct rpc_pipe_msg *, char __user *, size_t);
ssize_t (*downcall)(struct file *, const char __user *, size_t);
void (*release_pipe)(struct inode *);
- int (*open_pipe)(struct inode *);
void (*destroy_msg)(struct rpc_pipe_msg *);
};
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5f42aa5fc612..71fd2fb7c5fb 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -73,24 +73,13 @@ struct gss_auth {
enum rpc_gss_svc service;
struct rpc_clnt *client;
struct net *net;
- /*
- * There are two upcall pipes; dentry[1], named "gssd", is used
- * for the new text-based upcall; dentry[0] is named after the
- * mechanism (for example, "krb5") and exists for
- * backwards-compatibility with older gssd's.
- */
- struct gss_pipe *gss_pipe[2];
+ struct gss_pipe *gss_pipe;
const char *target_name;
};
-/* pipe_version >= 0 if and only if someone has a pipe open. */
-static DEFINE_SPINLOCK(pipe_version_lock);
-static struct rpc_wait_queue pipe_version_rpc_waitqueue;
-static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
static void gss_put_auth(struct gss_auth *gss_auth);
static void gss_free_ctx(struct gss_cl_ctx *);
-static const struct rpc_pipe_ops gss_upcall_ops_v0;
static const struct rpc_pipe_ops gss_upcall_ops_v1;
static inline struct gss_cl_ctx *
@@ -253,38 +242,11 @@ struct gss_upcall_msg {
char databuf[UPCALL_BUF_LEN];
};
-static int get_pipe_version(struct net *net)
-{
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
- int ret;
-
- spin_lock(&pipe_version_lock);
- if (sn->pipe_version >= 0) {
- atomic_inc(&sn->pipe_users);
- ret = sn->pipe_version;
- } else
- ret = -EAGAIN;
- spin_unlock(&pipe_version_lock);
- return ret;
-}
-
-static void put_pipe_version(struct net *net)
-{
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
-
- if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
- sn->pipe_version = -1;
- spin_unlock(&pipe_version_lock);
- }
-}
-
static void
gss_release_msg(struct gss_upcall_msg *gss_msg)
{
- struct net *net = gss_msg->auth->net;
if (!refcount_dec_and_test(&gss_msg->count))
return;
- put_pipe_version(net);
BUG_ON(!list_empty(&gss_msg->list));
if (gss_msg->ctx != NULL)
gss_put_ctx(gss_msg->ctx);
@@ -385,31 +347,6 @@ gss_upcall_callback(struct rpc_task *task)
gss_release_msg(gss_msg);
}
-static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
- const struct cred *cred)
-{
- struct user_namespace *userns = cred->user_ns;
-
- uid_t uid = from_kuid_munged(userns, gss_msg->uid);
- memcpy(gss_msg->databuf, &uid, sizeof(uid));
- gss_msg->msg.data = gss_msg->databuf;
- gss_msg->msg.len = sizeof(uid);
-
- BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
-}
-
-static ssize_t
-gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
- char __user *buf, size_t buflen)
-{
- struct gss_upcall_msg *gss_msg = container_of(msg,
- struct gss_upcall_msg,
- msg);
- if (msg->copied == 0)
- gss_encode_v0_msg(gss_msg, file->f_cred);
- return rpc_pipe_generic_upcall(file, msg, buf, buflen);
-}
-
static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
const char *service_name,
const char *target_name,
@@ -507,17 +444,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
kuid_t uid, const char *service_name)
{
struct gss_upcall_msg *gss_msg;
- int vers;
int err = -ENOMEM;
gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
if (gss_msg == NULL)
goto err;
- vers = get_pipe_version(gss_auth->net);
- err = vers;
- if (err < 0)
- goto err_free_msg;
- gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
+ gss_msg->pipe = gss_auth->gss_pipe->pipe;
INIT_LIST_HEAD(&gss_msg->list);
rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
init_waitqueue_head(&gss_msg->waitqueue);
@@ -529,12 +461,10 @@ gss_alloc_msg(struct gss_auth *gss_auth,
gss_msg->service_name = kstrdup_const(service_name, GFP_NOFS);
if (!gss_msg->service_name) {
err = -ENOMEM;
- goto err_put_pipe_version;
+ goto err_free_msg;
}
}
return gss_msg;
-err_put_pipe_version:
- put_pipe_version(gss_auth->net);
err_free_msg:
kfree(gss_msg);
err:
@@ -590,8 +520,6 @@ gss_refresh_upcall(struct rpc_task *task)
/* XXX: warning on the first, under the assumption we
* shouldn't normally hit this case on a refresh. */
warn_gssd();
- rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
- task, NULL, jiffies + (15 * HZ));
err = -EAGAIN;
goto out;
}
@@ -624,14 +552,12 @@ static inline int
gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
{
struct net *net = gss_auth->net;
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
struct rpc_pipe *pipe;
struct rpc_cred *cred = &gss_cred->gc_base;
struct gss_upcall_msg *gss_msg;
DEFINE_WAIT(wait);
int err;
-retry:
err = 0;
/* if gssd is down, just skip upcalling altogether */
if (!gssd_running(net)) {
@@ -640,17 +566,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
goto out;
}
gss_msg = gss_setup_upcall(gss_auth, cred);
- if (PTR_ERR(gss_msg) == -EAGAIN) {
- err = wait_event_interruptible_timeout(pipe_version_waitqueue,
- sn->pipe_version >= 0, 15 * HZ);
- if (sn->pipe_version < 0) {
- warn_gssd();
- err = -EACCES;
- }
- if (err < 0)
- goto out;
- goto retry;
- }
if (IS_ERR(gss_msg)) {
err = PTR_ERR(gss_msg);
goto out;
@@ -777,44 +692,9 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
return err;
}
-static int gss_pipe_open(struct inode *inode, int new_version)
-{
- struct net *net = inode->i_sb->s_fs_info;
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
- int ret = 0;
-
- spin_lock(&pipe_version_lock);
- if (sn->pipe_version < 0) {
- /* First open of any gss pipe determines the version: */
- sn->pipe_version = new_version;
- rpc_wake_up(&pipe_version_rpc_waitqueue);
- wake_up(&pipe_version_waitqueue);
- } else if (sn->pipe_version != new_version) {
- /* Trying to open a pipe of a different version */
- ret = -EBUSY;
- goto out;
- }
- atomic_inc(&sn->pipe_users);
-out:
- spin_unlock(&pipe_version_lock);
- return ret;
-
-}
-
-static int gss_pipe_open_v0(struct inode *inode)
-{
- return gss_pipe_open(inode, 0);
-}
-
-static int gss_pipe_open_v1(struct inode *inode)
-{
- return gss_pipe_open(inode, 1);
-}
-
static void
gss_pipe_release(struct inode *inode)
{
- struct net *net = inode->i_sb->s_fs_info;
struct rpc_pipe *pipe = RPC_I(inode)->pipe;
struct gss_upcall_msg *gss_msg;
@@ -832,8 +712,6 @@ gss_pipe_release(struct inode *inode)
goto restart;
}
spin_unlock(&pipe->lock);
-
- put_pipe_version(net);
}
static void
@@ -1039,30 +917,14 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
err = rpcauth_init_credcache(auth);
if (err)
goto err_put_mech;
- /*
- * Note: if we created the old pipe first, then someone who
- * examined the directory at the right moment might conclude
- * that we supported only the old pipe. So we instead create
- * the new pipe first.
- */
gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
if (IS_ERR(gss_pipe)) {
err = PTR_ERR(gss_pipe);
goto err_destroy_credcache;
}
- gss_auth->gss_pipe[1] = gss_pipe;
-
- gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
- &gss_upcall_ops_v0);
- if (IS_ERR(gss_pipe)) {
- err = PTR_ERR(gss_pipe);
- goto err_destroy_pipe_1;
- }
- gss_auth->gss_pipe[0] = gss_pipe;
+ gss_auth->gss_pipe = gss_pipe;
return gss_auth;
-err_destroy_pipe_1:
- gss_pipe_free(gss_auth->gss_pipe[1]);
err_destroy_credcache:
rpcauth_destroy_credcache(auth);
err_put_mech:
@@ -1081,8 +943,7 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
static void
gss_free(struct gss_auth *gss_auth)
{
- gss_pipe_free(gss_auth->gss_pipe[0]);
- gss_pipe_free(gss_auth->gss_pipe[1]);
+ gss_pipe_free(gss_auth->gss_pipe);
gss_mech_put(gss_auth->mech);
put_net(gss_auth->net);
kfree(gss_auth->target_name);
@@ -1117,10 +978,8 @@ gss_destroy(struct rpc_auth *auth)
spin_unlock(&gss_auth_hash_lock);
}
- gss_pipe_free(gss_auth->gss_pipe[0]);
- gss_auth->gss_pipe[0] = NULL;
- gss_pipe_free(gss_auth->gss_pipe[1]);
- gss_auth->gss_pipe[1] = NULL;
+ gss_pipe_free(gss_auth->gss_pipe);
+ gss_auth->gss_pipe = NULL;
rpcauth_destroy_credcache(auth);
gss_put_auth(gss_auth);
@@ -2179,19 +2038,10 @@ static const struct rpc_credops gss_nullops = {
.crstringify_acceptor = gss_stringify_acceptor,
};
-static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
- .upcall = gss_v0_upcall,
- .downcall = gss_pipe_downcall,
- .destroy_msg = gss_pipe_destroy_msg,
- .open_pipe = gss_pipe_open_v0,
- .release_pipe = gss_pipe_release,
-};
-
static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
.upcall = gss_v1_upcall,
.downcall = gss_pipe_downcall,
.destroy_msg = gss_pipe_destroy_msg,
- .open_pipe = gss_pipe_open_v1,
.release_pipe = gss_pipe_release,
};
@@ -2226,7 +2076,6 @@ static int __init init_rpcsec_gss(void)
err = register_pernet_subsys(&rpcsec_gss_net_ops);
if (err)
goto out_svc_exit;
- rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
return 0;
out_svc_exit:
gss_svc_shutdown();
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index ee5336d73fdd..f34bafb0dbd3 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -213,19 +213,12 @@ static int
rpc_pipe_open(struct inode *inode, struct file *filp)
{
struct rpc_pipe *pipe;
- int first_open;
int res = -ENXIO;
inode_lock(inode);
pipe = RPC_I(inode)->pipe;
if (pipe == NULL)
goto out;
- first_open = pipe->nreaders == 0 && pipe->nwriters == 0;
- if (first_open && pipe->ops->open_pipe) {
- res = pipe->ops->open_pipe(inode);
- if (res)
- goto out;
- }
if (filp->f_mode & FMODE_READ)
pipe->nreaders++;
if (filp->f_mode & FMODE_WRITE)
--
2.31.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] gss: remove legacy gssd upcall pipe
2021-10-01 13:30 ` [PATCH v2] " J. Bruce Fields
@ 2021-10-03 0:07 ` J. Bruce Fields
2021-11-23 16:57 ` [PATCH v3] " J. Bruce Fields
0 siblings, 1 reply; 7+ messages in thread
From: J. Bruce Fields @ 2021-10-03 0:07 UTC (permalink / raw)
To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs
On Fri, Oct 01, 2021 at 09:30:14AM -0400, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> This code exists only for compatibility with nfs-utils before
> 0cfdc66de043 "gssd: handle new client upcall" (which first appeared in
> nfs-utils version 1.2.2, in 2019). After 12 years, maybe it's time to
> drop that compatibility code.
(Whoops, somebody just pointed out a typo'd a year--that 2019 should
obviously be 2009.
--b.
>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> ---
> include/linux/sunrpc/rpc_pipe_fs.h | 1 -
> net/sunrpc/auth_gss/auth_gss.c | 165 ++---------------------------
> net/sunrpc/rpc_pipe.c | 7 --
> 3 files changed, 7 insertions(+), 166 deletions(-)
>
> On Tue, Sep 28, 2021 at 05:17:55PM -0400, J. Bruce Fields wrote:
> > On Tue, Sep 28, 2021 at 03:37:56PM -0400, J. Bruce Fields wrote:
> > > There's probably more that could go too. It wasn't immediately obvious
> > > to me whether the code that waits for an open at the start of
> > > gss_{refresh,create}_upcall is still useful.
> >
> > Eh, I think that can all go too.
>
> Here's the combined version.
>
> diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
> index cd188a527d16..f8a11d1cfbf8 100644
> --- a/include/linux/sunrpc/rpc_pipe_fs.h
> +++ b/include/linux/sunrpc/rpc_pipe_fs.h
> @@ -36,7 +36,6 @@ struct rpc_pipe_ops {
> ssize_t (*upcall)(struct file *, struct rpc_pipe_msg *, char __user *, size_t);
> ssize_t (*downcall)(struct file *, const char __user *, size_t);
> void (*release_pipe)(struct inode *);
> - int (*open_pipe)(struct inode *);
> void (*destroy_msg)(struct rpc_pipe_msg *);
> };
>
> diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> index 5f42aa5fc612..71fd2fb7c5fb 100644
> --- a/net/sunrpc/auth_gss/auth_gss.c
> +++ b/net/sunrpc/auth_gss/auth_gss.c
> @@ -73,24 +73,13 @@ struct gss_auth {
> enum rpc_gss_svc service;
> struct rpc_clnt *client;
> struct net *net;
> - /*
> - * There are two upcall pipes; dentry[1], named "gssd", is used
> - * for the new text-based upcall; dentry[0] is named after the
> - * mechanism (for example, "krb5") and exists for
> - * backwards-compatibility with older gssd's.
> - */
> - struct gss_pipe *gss_pipe[2];
> + struct gss_pipe *gss_pipe;
> const char *target_name;
> };
>
> -/* pipe_version >= 0 if and only if someone has a pipe open. */
> -static DEFINE_SPINLOCK(pipe_version_lock);
> -static struct rpc_wait_queue pipe_version_rpc_waitqueue;
> -static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
> static void gss_put_auth(struct gss_auth *gss_auth);
>
> static void gss_free_ctx(struct gss_cl_ctx *);
> -static const struct rpc_pipe_ops gss_upcall_ops_v0;
> static const struct rpc_pipe_ops gss_upcall_ops_v1;
>
> static inline struct gss_cl_ctx *
> @@ -253,38 +242,11 @@ struct gss_upcall_msg {
> char databuf[UPCALL_BUF_LEN];
> };
>
> -static int get_pipe_version(struct net *net)
> -{
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> - int ret;
> -
> - spin_lock(&pipe_version_lock);
> - if (sn->pipe_version >= 0) {
> - atomic_inc(&sn->pipe_users);
> - ret = sn->pipe_version;
> - } else
> - ret = -EAGAIN;
> - spin_unlock(&pipe_version_lock);
> - return ret;
> -}
> -
> -static void put_pipe_version(struct net *net)
> -{
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> -
> - if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
> - sn->pipe_version = -1;
> - spin_unlock(&pipe_version_lock);
> - }
> -}
> -
> static void
> gss_release_msg(struct gss_upcall_msg *gss_msg)
> {
> - struct net *net = gss_msg->auth->net;
> if (!refcount_dec_and_test(&gss_msg->count))
> return;
> - put_pipe_version(net);
> BUG_ON(!list_empty(&gss_msg->list));
> if (gss_msg->ctx != NULL)
> gss_put_ctx(gss_msg->ctx);
> @@ -385,31 +347,6 @@ gss_upcall_callback(struct rpc_task *task)
> gss_release_msg(gss_msg);
> }
>
> -static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
> - const struct cred *cred)
> -{
> - struct user_namespace *userns = cred->user_ns;
> -
> - uid_t uid = from_kuid_munged(userns, gss_msg->uid);
> - memcpy(gss_msg->databuf, &uid, sizeof(uid));
> - gss_msg->msg.data = gss_msg->databuf;
> - gss_msg->msg.len = sizeof(uid);
> -
> - BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
> -}
> -
> -static ssize_t
> -gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
> - char __user *buf, size_t buflen)
> -{
> - struct gss_upcall_msg *gss_msg = container_of(msg,
> - struct gss_upcall_msg,
> - msg);
> - if (msg->copied == 0)
> - gss_encode_v0_msg(gss_msg, file->f_cred);
> - return rpc_pipe_generic_upcall(file, msg, buf, buflen);
> -}
> -
> static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
> const char *service_name,
> const char *target_name,
> @@ -507,17 +444,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
> kuid_t uid, const char *service_name)
> {
> struct gss_upcall_msg *gss_msg;
> - int vers;
> int err = -ENOMEM;
>
> gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
> if (gss_msg == NULL)
> goto err;
> - vers = get_pipe_version(gss_auth->net);
> - err = vers;
> - if (err < 0)
> - goto err_free_msg;
> - gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
> + gss_msg->pipe = gss_auth->gss_pipe->pipe;
> INIT_LIST_HEAD(&gss_msg->list);
> rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
> init_waitqueue_head(&gss_msg->waitqueue);
> @@ -529,12 +461,10 @@ gss_alloc_msg(struct gss_auth *gss_auth,
> gss_msg->service_name = kstrdup_const(service_name, GFP_NOFS);
> if (!gss_msg->service_name) {
> err = -ENOMEM;
> - goto err_put_pipe_version;
> + goto err_free_msg;
> }
> }
> return gss_msg;
> -err_put_pipe_version:
> - put_pipe_version(gss_auth->net);
> err_free_msg:
> kfree(gss_msg);
> err:
> @@ -590,8 +520,6 @@ gss_refresh_upcall(struct rpc_task *task)
> /* XXX: warning on the first, under the assumption we
> * shouldn't normally hit this case on a refresh. */
> warn_gssd();
> - rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
> - task, NULL, jiffies + (15 * HZ));
> err = -EAGAIN;
> goto out;
> }
> @@ -624,14 +552,12 @@ static inline int
> gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
> {
> struct net *net = gss_auth->net;
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> struct rpc_pipe *pipe;
> struct rpc_cred *cred = &gss_cred->gc_base;
> struct gss_upcall_msg *gss_msg;
> DEFINE_WAIT(wait);
> int err;
>
> -retry:
> err = 0;
> /* if gssd is down, just skip upcalling altogether */
> if (!gssd_running(net)) {
> @@ -640,17 +566,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
> goto out;
> }
> gss_msg = gss_setup_upcall(gss_auth, cred);
> - if (PTR_ERR(gss_msg) == -EAGAIN) {
> - err = wait_event_interruptible_timeout(pipe_version_waitqueue,
> - sn->pipe_version >= 0, 15 * HZ);
> - if (sn->pipe_version < 0) {
> - warn_gssd();
> - err = -EACCES;
> - }
> - if (err < 0)
> - goto out;
> - goto retry;
> - }
> if (IS_ERR(gss_msg)) {
> err = PTR_ERR(gss_msg);
> goto out;
> @@ -777,44 +692,9 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
> return err;
> }
>
> -static int gss_pipe_open(struct inode *inode, int new_version)
> -{
> - struct net *net = inode->i_sb->s_fs_info;
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> - int ret = 0;
> -
> - spin_lock(&pipe_version_lock);
> - if (sn->pipe_version < 0) {
> - /* First open of any gss pipe determines the version: */
> - sn->pipe_version = new_version;
> - rpc_wake_up(&pipe_version_rpc_waitqueue);
> - wake_up(&pipe_version_waitqueue);
> - } else if (sn->pipe_version != new_version) {
> - /* Trying to open a pipe of a different version */
> - ret = -EBUSY;
> - goto out;
> - }
> - atomic_inc(&sn->pipe_users);
> -out:
> - spin_unlock(&pipe_version_lock);
> - return ret;
> -
> -}
> -
> -static int gss_pipe_open_v0(struct inode *inode)
> -{
> - return gss_pipe_open(inode, 0);
> -}
> -
> -static int gss_pipe_open_v1(struct inode *inode)
> -{
> - return gss_pipe_open(inode, 1);
> -}
> -
> static void
> gss_pipe_release(struct inode *inode)
> {
> - struct net *net = inode->i_sb->s_fs_info;
> struct rpc_pipe *pipe = RPC_I(inode)->pipe;
> struct gss_upcall_msg *gss_msg;
>
> @@ -832,8 +712,6 @@ gss_pipe_release(struct inode *inode)
> goto restart;
> }
> spin_unlock(&pipe->lock);
> -
> - put_pipe_version(net);
> }
>
> static void
> @@ -1039,30 +917,14 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
> err = rpcauth_init_credcache(auth);
> if (err)
> goto err_put_mech;
> - /*
> - * Note: if we created the old pipe first, then someone who
> - * examined the directory at the right moment might conclude
> - * that we supported only the old pipe. So we instead create
> - * the new pipe first.
> - */
> gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
> if (IS_ERR(gss_pipe)) {
> err = PTR_ERR(gss_pipe);
> goto err_destroy_credcache;
> }
> - gss_auth->gss_pipe[1] = gss_pipe;
> -
> - gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
> - &gss_upcall_ops_v0);
> - if (IS_ERR(gss_pipe)) {
> - err = PTR_ERR(gss_pipe);
> - goto err_destroy_pipe_1;
> - }
> - gss_auth->gss_pipe[0] = gss_pipe;
> + gss_auth->gss_pipe = gss_pipe;
>
> return gss_auth;
> -err_destroy_pipe_1:
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> err_destroy_credcache:
> rpcauth_destroy_credcache(auth);
> err_put_mech:
> @@ -1081,8 +943,7 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
> static void
> gss_free(struct gss_auth *gss_auth)
> {
> - gss_pipe_free(gss_auth->gss_pipe[0]);
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> + gss_pipe_free(gss_auth->gss_pipe);
> gss_mech_put(gss_auth->mech);
> put_net(gss_auth->net);
> kfree(gss_auth->target_name);
> @@ -1117,10 +978,8 @@ gss_destroy(struct rpc_auth *auth)
> spin_unlock(&gss_auth_hash_lock);
> }
>
> - gss_pipe_free(gss_auth->gss_pipe[0]);
> - gss_auth->gss_pipe[0] = NULL;
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> - gss_auth->gss_pipe[1] = NULL;
> + gss_pipe_free(gss_auth->gss_pipe);
> + gss_auth->gss_pipe = NULL;
> rpcauth_destroy_credcache(auth);
>
> gss_put_auth(gss_auth);
> @@ -2179,19 +2038,10 @@ static const struct rpc_credops gss_nullops = {
> .crstringify_acceptor = gss_stringify_acceptor,
> };
>
> -static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
> - .upcall = gss_v0_upcall,
> - .downcall = gss_pipe_downcall,
> - .destroy_msg = gss_pipe_destroy_msg,
> - .open_pipe = gss_pipe_open_v0,
> - .release_pipe = gss_pipe_release,
> -};
> -
> static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
> .upcall = gss_v1_upcall,
> .downcall = gss_pipe_downcall,
> .destroy_msg = gss_pipe_destroy_msg,
> - .open_pipe = gss_pipe_open_v1,
> .release_pipe = gss_pipe_release,
> };
>
> @@ -2226,7 +2076,6 @@ static int __init init_rpcsec_gss(void)
> err = register_pernet_subsys(&rpcsec_gss_net_ops);
> if (err)
> goto out_svc_exit;
> - rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
> return 0;
> out_svc_exit:
> gss_svc_shutdown();
> diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
> index ee5336d73fdd..f34bafb0dbd3 100644
> --- a/net/sunrpc/rpc_pipe.c
> +++ b/net/sunrpc/rpc_pipe.c
> @@ -213,19 +213,12 @@ static int
> rpc_pipe_open(struct inode *inode, struct file *filp)
> {
> struct rpc_pipe *pipe;
> - int first_open;
> int res = -ENXIO;
>
> inode_lock(inode);
> pipe = RPC_I(inode)->pipe;
> if (pipe == NULL)
> goto out;
> - first_open = pipe->nreaders == 0 && pipe->nwriters == 0;
> - if (first_open && pipe->ops->open_pipe) {
> - res = pipe->ops->open_pipe(inode);
> - if (res)
> - goto out;
> - }
> if (filp->f_mode & FMODE_READ)
> pipe->nreaders++;
> if (filp->f_mode & FMODE_WRITE)
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v3] gss: remove legacy gssd upcall pipe
2021-10-03 0:07 ` J. Bruce Fields
@ 2021-11-23 16:57 ` J. Bruce Fields
2022-01-26 22:48 ` J. Bruce Fields
0 siblings, 1 reply; 7+ messages in thread
From: J. Bruce Fields @ 2021-11-23 16:57 UTC (permalink / raw)
To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs
From: "J. Bruce Fields" <bfields@redhat.com>
This code exists only for compatibility with nfs-utils before
0cfdc66de043 "gssd: handle new client upcall" (which first appeared in
nfs-utils version 1.2.2, in 2009). After 12 years, maybe it's time to
drop that compatibility code.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
include/linux/sunrpc/rpc_pipe_fs.h | 1 -
net/sunrpc/auth_gss/auth_gss.c | 165 ++---------------------------
net/sunrpc/rpc_pipe.c | 7 --
3 files changed, 7 insertions(+), 166 deletions(-)
On Sat, Oct 02, 2021 at 08:07:20PM -0400, J. Bruce Fields wrote:
> (Whoops, somebody just pointed out a typo'd a year--that 2019 should
> obviously be 2009.
Resending with that typo fixed. Can we get this in 5.17? I think it'd
make life just a little easier for the next person that has to mess with
this code.
--b.
diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
index cd188a527d16..f8a11d1cfbf8 100644
--- a/include/linux/sunrpc/rpc_pipe_fs.h
+++ b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -36,7 +36,6 @@ struct rpc_pipe_ops {
ssize_t (*upcall)(struct file *, struct rpc_pipe_msg *, char __user *, size_t);
ssize_t (*downcall)(struct file *, const char __user *, size_t);
void (*release_pipe)(struct inode *);
- int (*open_pipe)(struct inode *);
void (*destroy_msg)(struct rpc_pipe_msg *);
};
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5f42aa5fc612..71fd2fb7c5fb 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -73,24 +73,13 @@ struct gss_auth {
enum rpc_gss_svc service;
struct rpc_clnt *client;
struct net *net;
- /*
- * There are two upcall pipes; dentry[1], named "gssd", is used
- * for the new text-based upcall; dentry[0] is named after the
- * mechanism (for example, "krb5") and exists for
- * backwards-compatibility with older gssd's.
- */
- struct gss_pipe *gss_pipe[2];
+ struct gss_pipe *gss_pipe;
const char *target_name;
};
-/* pipe_version >= 0 if and only if someone has a pipe open. */
-static DEFINE_SPINLOCK(pipe_version_lock);
-static struct rpc_wait_queue pipe_version_rpc_waitqueue;
-static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
static void gss_put_auth(struct gss_auth *gss_auth);
static void gss_free_ctx(struct gss_cl_ctx *);
-static const struct rpc_pipe_ops gss_upcall_ops_v0;
static const struct rpc_pipe_ops gss_upcall_ops_v1;
static inline struct gss_cl_ctx *
@@ -253,38 +242,11 @@ struct gss_upcall_msg {
char databuf[UPCALL_BUF_LEN];
};
-static int get_pipe_version(struct net *net)
-{
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
- int ret;
-
- spin_lock(&pipe_version_lock);
- if (sn->pipe_version >= 0) {
- atomic_inc(&sn->pipe_users);
- ret = sn->pipe_version;
- } else
- ret = -EAGAIN;
- spin_unlock(&pipe_version_lock);
- return ret;
-}
-
-static void put_pipe_version(struct net *net)
-{
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
-
- if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
- sn->pipe_version = -1;
- spin_unlock(&pipe_version_lock);
- }
-}
-
static void
gss_release_msg(struct gss_upcall_msg *gss_msg)
{
- struct net *net = gss_msg->auth->net;
if (!refcount_dec_and_test(&gss_msg->count))
return;
- put_pipe_version(net);
BUG_ON(!list_empty(&gss_msg->list));
if (gss_msg->ctx != NULL)
gss_put_ctx(gss_msg->ctx);
@@ -385,31 +347,6 @@ gss_upcall_callback(struct rpc_task *task)
gss_release_msg(gss_msg);
}
-static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
- const struct cred *cred)
-{
- struct user_namespace *userns = cred->user_ns;
-
- uid_t uid = from_kuid_munged(userns, gss_msg->uid);
- memcpy(gss_msg->databuf, &uid, sizeof(uid));
- gss_msg->msg.data = gss_msg->databuf;
- gss_msg->msg.len = sizeof(uid);
-
- BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
-}
-
-static ssize_t
-gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
- char __user *buf, size_t buflen)
-{
- struct gss_upcall_msg *gss_msg = container_of(msg,
- struct gss_upcall_msg,
- msg);
- if (msg->copied == 0)
- gss_encode_v0_msg(gss_msg, file->f_cred);
- return rpc_pipe_generic_upcall(file, msg, buf, buflen);
-}
-
static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
const char *service_name,
const char *target_name,
@@ -507,17 +444,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
kuid_t uid, const char *service_name)
{
struct gss_upcall_msg *gss_msg;
- int vers;
int err = -ENOMEM;
gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
if (gss_msg == NULL)
goto err;
- vers = get_pipe_version(gss_auth->net);
- err = vers;
- if (err < 0)
- goto err_free_msg;
- gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
+ gss_msg->pipe = gss_auth->gss_pipe->pipe;
INIT_LIST_HEAD(&gss_msg->list);
rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
init_waitqueue_head(&gss_msg->waitqueue);
@@ -529,12 +461,10 @@ gss_alloc_msg(struct gss_auth *gss_auth,
gss_msg->service_name = kstrdup_const(service_name, GFP_NOFS);
if (!gss_msg->service_name) {
err = -ENOMEM;
- goto err_put_pipe_version;
+ goto err_free_msg;
}
}
return gss_msg;
-err_put_pipe_version:
- put_pipe_version(gss_auth->net);
err_free_msg:
kfree(gss_msg);
err:
@@ -590,8 +520,6 @@ gss_refresh_upcall(struct rpc_task *task)
/* XXX: warning on the first, under the assumption we
* shouldn't normally hit this case on a refresh. */
warn_gssd();
- rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
- task, NULL, jiffies + (15 * HZ));
err = -EAGAIN;
goto out;
}
@@ -624,14 +552,12 @@ static inline int
gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
{
struct net *net = gss_auth->net;
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
struct rpc_pipe *pipe;
struct rpc_cred *cred = &gss_cred->gc_base;
struct gss_upcall_msg *gss_msg;
DEFINE_WAIT(wait);
int err;
-retry:
err = 0;
/* if gssd is down, just skip upcalling altogether */
if (!gssd_running(net)) {
@@ -640,17 +566,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
goto out;
}
gss_msg = gss_setup_upcall(gss_auth, cred);
- if (PTR_ERR(gss_msg) == -EAGAIN) {
- err = wait_event_interruptible_timeout(pipe_version_waitqueue,
- sn->pipe_version >= 0, 15 * HZ);
- if (sn->pipe_version < 0) {
- warn_gssd();
- err = -EACCES;
- }
- if (err < 0)
- goto out;
- goto retry;
- }
if (IS_ERR(gss_msg)) {
err = PTR_ERR(gss_msg);
goto out;
@@ -777,44 +692,9 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
return err;
}
-static int gss_pipe_open(struct inode *inode, int new_version)
-{
- struct net *net = inode->i_sb->s_fs_info;
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
- int ret = 0;
-
- spin_lock(&pipe_version_lock);
- if (sn->pipe_version < 0) {
- /* First open of any gss pipe determines the version: */
- sn->pipe_version = new_version;
- rpc_wake_up(&pipe_version_rpc_waitqueue);
- wake_up(&pipe_version_waitqueue);
- } else if (sn->pipe_version != new_version) {
- /* Trying to open a pipe of a different version */
- ret = -EBUSY;
- goto out;
- }
- atomic_inc(&sn->pipe_users);
-out:
- spin_unlock(&pipe_version_lock);
- return ret;
-
-}
-
-static int gss_pipe_open_v0(struct inode *inode)
-{
- return gss_pipe_open(inode, 0);
-}
-
-static int gss_pipe_open_v1(struct inode *inode)
-{
- return gss_pipe_open(inode, 1);
-}
-
static void
gss_pipe_release(struct inode *inode)
{
- struct net *net = inode->i_sb->s_fs_info;
struct rpc_pipe *pipe = RPC_I(inode)->pipe;
struct gss_upcall_msg *gss_msg;
@@ -832,8 +712,6 @@ gss_pipe_release(struct inode *inode)
goto restart;
}
spin_unlock(&pipe->lock);
-
- put_pipe_version(net);
}
static void
@@ -1039,30 +917,14 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
err = rpcauth_init_credcache(auth);
if (err)
goto err_put_mech;
- /*
- * Note: if we created the old pipe first, then someone who
- * examined the directory at the right moment might conclude
- * that we supported only the old pipe. So we instead create
- * the new pipe first.
- */
gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
if (IS_ERR(gss_pipe)) {
err = PTR_ERR(gss_pipe);
goto err_destroy_credcache;
}
- gss_auth->gss_pipe[1] = gss_pipe;
-
- gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
- &gss_upcall_ops_v0);
- if (IS_ERR(gss_pipe)) {
- err = PTR_ERR(gss_pipe);
- goto err_destroy_pipe_1;
- }
- gss_auth->gss_pipe[0] = gss_pipe;
+ gss_auth->gss_pipe = gss_pipe;
return gss_auth;
-err_destroy_pipe_1:
- gss_pipe_free(gss_auth->gss_pipe[1]);
err_destroy_credcache:
rpcauth_destroy_credcache(auth);
err_put_mech:
@@ -1081,8 +943,7 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
static void
gss_free(struct gss_auth *gss_auth)
{
- gss_pipe_free(gss_auth->gss_pipe[0]);
- gss_pipe_free(gss_auth->gss_pipe[1]);
+ gss_pipe_free(gss_auth->gss_pipe);
gss_mech_put(gss_auth->mech);
put_net(gss_auth->net);
kfree(gss_auth->target_name);
@@ -1117,10 +978,8 @@ gss_destroy(struct rpc_auth *auth)
spin_unlock(&gss_auth_hash_lock);
}
- gss_pipe_free(gss_auth->gss_pipe[0]);
- gss_auth->gss_pipe[0] = NULL;
- gss_pipe_free(gss_auth->gss_pipe[1]);
- gss_auth->gss_pipe[1] = NULL;
+ gss_pipe_free(gss_auth->gss_pipe);
+ gss_auth->gss_pipe = NULL;
rpcauth_destroy_credcache(auth);
gss_put_auth(gss_auth);
@@ -2179,19 +2038,10 @@ static const struct rpc_credops gss_nullops = {
.crstringify_acceptor = gss_stringify_acceptor,
};
-static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
- .upcall = gss_v0_upcall,
- .downcall = gss_pipe_downcall,
- .destroy_msg = gss_pipe_destroy_msg,
- .open_pipe = gss_pipe_open_v0,
- .release_pipe = gss_pipe_release,
-};
-
static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
.upcall = gss_v1_upcall,
.downcall = gss_pipe_downcall,
.destroy_msg = gss_pipe_destroy_msg,
- .open_pipe = gss_pipe_open_v1,
.release_pipe = gss_pipe_release,
};
@@ -2226,7 +2076,6 @@ static int __init init_rpcsec_gss(void)
err = register_pernet_subsys(&rpcsec_gss_net_ops);
if (err)
goto out_svc_exit;
- rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
return 0;
out_svc_exit:
gss_svc_shutdown();
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index 3ecc194c21ef..633a66bc5df9 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -213,19 +213,12 @@ static int
rpc_pipe_open(struct inode *inode, struct file *filp)
{
struct rpc_pipe *pipe;
- int first_open;
int res = -ENXIO;
inode_lock(inode);
pipe = RPC_I(inode)->pipe;
if (pipe == NULL)
goto out;
- first_open = pipe->nreaders == 0 && pipe->nwriters == 0;
- if (first_open && pipe->ops->open_pipe) {
- res = pipe->ops->open_pipe(inode);
- if (res)
- goto out;
- }
if (filp->f_mode & FMODE_READ)
pipe->nreaders++;
if (filp->f_mode & FMODE_WRITE)
--
2.33.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v3] gss: remove legacy gssd upcall pipe
2021-11-23 16:57 ` [PATCH v3] " J. Bruce Fields
@ 2022-01-26 22:48 ` J. Bruce Fields
0 siblings, 0 replies; 7+ messages in thread
From: J. Bruce Fields @ 2022-01-26 22:48 UTC (permalink / raw)
To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs
On Tue, Nov 23, 2021 at 11:57:04AM -0500, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> This code exists only for compatibility with nfs-utils before
> 0cfdc66de043 "gssd: handle new client upcall" (which first appeared in
> nfs-utils version 1.2.2, in 2009). After 12 years, maybe it's time to
> drop that compatibility code.
Are you interested in this? Should I resend?
--b.
>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> ---
> include/linux/sunrpc/rpc_pipe_fs.h | 1 -
> net/sunrpc/auth_gss/auth_gss.c | 165 ++---------------------------
> net/sunrpc/rpc_pipe.c | 7 --
> 3 files changed, 7 insertions(+), 166 deletions(-)
>
> On Sat, Oct 02, 2021 at 08:07:20PM -0400, J. Bruce Fields wrote:
> > (Whoops, somebody just pointed out a typo'd a year--that 2019 should
> > obviously be 2009.
>
> Resending with that typo fixed. Can we get this in 5.17? I think it'd
> make life just a little easier for the next person that has to mess with
> this code.
>
> --b.
>
> diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
> index cd188a527d16..f8a11d1cfbf8 100644
> --- a/include/linux/sunrpc/rpc_pipe_fs.h
> +++ b/include/linux/sunrpc/rpc_pipe_fs.h
> @@ -36,7 +36,6 @@ struct rpc_pipe_ops {
> ssize_t (*upcall)(struct file *, struct rpc_pipe_msg *, char __user *, size_t);
> ssize_t (*downcall)(struct file *, const char __user *, size_t);
> void (*release_pipe)(struct inode *);
> - int (*open_pipe)(struct inode *);
> void (*destroy_msg)(struct rpc_pipe_msg *);
> };
>
> diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> index 5f42aa5fc612..71fd2fb7c5fb 100644
> --- a/net/sunrpc/auth_gss/auth_gss.c
> +++ b/net/sunrpc/auth_gss/auth_gss.c
> @@ -73,24 +73,13 @@ struct gss_auth {
> enum rpc_gss_svc service;
> struct rpc_clnt *client;
> struct net *net;
> - /*
> - * There are two upcall pipes; dentry[1], named "gssd", is used
> - * for the new text-based upcall; dentry[0] is named after the
> - * mechanism (for example, "krb5") and exists for
> - * backwards-compatibility with older gssd's.
> - */
> - struct gss_pipe *gss_pipe[2];
> + struct gss_pipe *gss_pipe;
> const char *target_name;
> };
>
> -/* pipe_version >= 0 if and only if someone has a pipe open. */
> -static DEFINE_SPINLOCK(pipe_version_lock);
> -static struct rpc_wait_queue pipe_version_rpc_waitqueue;
> -static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
> static void gss_put_auth(struct gss_auth *gss_auth);
>
> static void gss_free_ctx(struct gss_cl_ctx *);
> -static const struct rpc_pipe_ops gss_upcall_ops_v0;
> static const struct rpc_pipe_ops gss_upcall_ops_v1;
>
> static inline struct gss_cl_ctx *
> @@ -253,38 +242,11 @@ struct gss_upcall_msg {
> char databuf[UPCALL_BUF_LEN];
> };
>
> -static int get_pipe_version(struct net *net)
> -{
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> - int ret;
> -
> - spin_lock(&pipe_version_lock);
> - if (sn->pipe_version >= 0) {
> - atomic_inc(&sn->pipe_users);
> - ret = sn->pipe_version;
> - } else
> - ret = -EAGAIN;
> - spin_unlock(&pipe_version_lock);
> - return ret;
> -}
> -
> -static void put_pipe_version(struct net *net)
> -{
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> -
> - if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
> - sn->pipe_version = -1;
> - spin_unlock(&pipe_version_lock);
> - }
> -}
> -
> static void
> gss_release_msg(struct gss_upcall_msg *gss_msg)
> {
> - struct net *net = gss_msg->auth->net;
> if (!refcount_dec_and_test(&gss_msg->count))
> return;
> - put_pipe_version(net);
> BUG_ON(!list_empty(&gss_msg->list));
> if (gss_msg->ctx != NULL)
> gss_put_ctx(gss_msg->ctx);
> @@ -385,31 +347,6 @@ gss_upcall_callback(struct rpc_task *task)
> gss_release_msg(gss_msg);
> }
>
> -static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
> - const struct cred *cred)
> -{
> - struct user_namespace *userns = cred->user_ns;
> -
> - uid_t uid = from_kuid_munged(userns, gss_msg->uid);
> - memcpy(gss_msg->databuf, &uid, sizeof(uid));
> - gss_msg->msg.data = gss_msg->databuf;
> - gss_msg->msg.len = sizeof(uid);
> -
> - BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
> -}
> -
> -static ssize_t
> -gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
> - char __user *buf, size_t buflen)
> -{
> - struct gss_upcall_msg *gss_msg = container_of(msg,
> - struct gss_upcall_msg,
> - msg);
> - if (msg->copied == 0)
> - gss_encode_v0_msg(gss_msg, file->f_cred);
> - return rpc_pipe_generic_upcall(file, msg, buf, buflen);
> -}
> -
> static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
> const char *service_name,
> const char *target_name,
> @@ -507,17 +444,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
> kuid_t uid, const char *service_name)
> {
> struct gss_upcall_msg *gss_msg;
> - int vers;
> int err = -ENOMEM;
>
> gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
> if (gss_msg == NULL)
> goto err;
> - vers = get_pipe_version(gss_auth->net);
> - err = vers;
> - if (err < 0)
> - goto err_free_msg;
> - gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
> + gss_msg->pipe = gss_auth->gss_pipe->pipe;
> INIT_LIST_HEAD(&gss_msg->list);
> rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
> init_waitqueue_head(&gss_msg->waitqueue);
> @@ -529,12 +461,10 @@ gss_alloc_msg(struct gss_auth *gss_auth,
> gss_msg->service_name = kstrdup_const(service_name, GFP_NOFS);
> if (!gss_msg->service_name) {
> err = -ENOMEM;
> - goto err_put_pipe_version;
> + goto err_free_msg;
> }
> }
> return gss_msg;
> -err_put_pipe_version:
> - put_pipe_version(gss_auth->net);
> err_free_msg:
> kfree(gss_msg);
> err:
> @@ -590,8 +520,6 @@ gss_refresh_upcall(struct rpc_task *task)
> /* XXX: warning on the first, under the assumption we
> * shouldn't normally hit this case on a refresh. */
> warn_gssd();
> - rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
> - task, NULL, jiffies + (15 * HZ));
> err = -EAGAIN;
> goto out;
> }
> @@ -624,14 +552,12 @@ static inline int
> gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
> {
> struct net *net = gss_auth->net;
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> struct rpc_pipe *pipe;
> struct rpc_cred *cred = &gss_cred->gc_base;
> struct gss_upcall_msg *gss_msg;
> DEFINE_WAIT(wait);
> int err;
>
> -retry:
> err = 0;
> /* if gssd is down, just skip upcalling altogether */
> if (!gssd_running(net)) {
> @@ -640,17 +566,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
> goto out;
> }
> gss_msg = gss_setup_upcall(gss_auth, cred);
> - if (PTR_ERR(gss_msg) == -EAGAIN) {
> - err = wait_event_interruptible_timeout(pipe_version_waitqueue,
> - sn->pipe_version >= 0, 15 * HZ);
> - if (sn->pipe_version < 0) {
> - warn_gssd();
> - err = -EACCES;
> - }
> - if (err < 0)
> - goto out;
> - goto retry;
> - }
> if (IS_ERR(gss_msg)) {
> err = PTR_ERR(gss_msg);
> goto out;
> @@ -777,44 +692,9 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
> return err;
> }
>
> -static int gss_pipe_open(struct inode *inode, int new_version)
> -{
> - struct net *net = inode->i_sb->s_fs_info;
> - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> - int ret = 0;
> -
> - spin_lock(&pipe_version_lock);
> - if (sn->pipe_version < 0) {
> - /* First open of any gss pipe determines the version: */
> - sn->pipe_version = new_version;
> - rpc_wake_up(&pipe_version_rpc_waitqueue);
> - wake_up(&pipe_version_waitqueue);
> - } else if (sn->pipe_version != new_version) {
> - /* Trying to open a pipe of a different version */
> - ret = -EBUSY;
> - goto out;
> - }
> - atomic_inc(&sn->pipe_users);
> -out:
> - spin_unlock(&pipe_version_lock);
> - return ret;
> -
> -}
> -
> -static int gss_pipe_open_v0(struct inode *inode)
> -{
> - return gss_pipe_open(inode, 0);
> -}
> -
> -static int gss_pipe_open_v1(struct inode *inode)
> -{
> - return gss_pipe_open(inode, 1);
> -}
> -
> static void
> gss_pipe_release(struct inode *inode)
> {
> - struct net *net = inode->i_sb->s_fs_info;
> struct rpc_pipe *pipe = RPC_I(inode)->pipe;
> struct gss_upcall_msg *gss_msg;
>
> @@ -832,8 +712,6 @@ gss_pipe_release(struct inode *inode)
> goto restart;
> }
> spin_unlock(&pipe->lock);
> -
> - put_pipe_version(net);
> }
>
> static void
> @@ -1039,30 +917,14 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
> err = rpcauth_init_credcache(auth);
> if (err)
> goto err_put_mech;
> - /*
> - * Note: if we created the old pipe first, then someone who
> - * examined the directory at the right moment might conclude
> - * that we supported only the old pipe. So we instead create
> - * the new pipe first.
> - */
> gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
> if (IS_ERR(gss_pipe)) {
> err = PTR_ERR(gss_pipe);
> goto err_destroy_credcache;
> }
> - gss_auth->gss_pipe[1] = gss_pipe;
> -
> - gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
> - &gss_upcall_ops_v0);
> - if (IS_ERR(gss_pipe)) {
> - err = PTR_ERR(gss_pipe);
> - goto err_destroy_pipe_1;
> - }
> - gss_auth->gss_pipe[0] = gss_pipe;
> + gss_auth->gss_pipe = gss_pipe;
>
> return gss_auth;
> -err_destroy_pipe_1:
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> err_destroy_credcache:
> rpcauth_destroy_credcache(auth);
> err_put_mech:
> @@ -1081,8 +943,7 @@ gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
> static void
> gss_free(struct gss_auth *gss_auth)
> {
> - gss_pipe_free(gss_auth->gss_pipe[0]);
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> + gss_pipe_free(gss_auth->gss_pipe);
> gss_mech_put(gss_auth->mech);
> put_net(gss_auth->net);
> kfree(gss_auth->target_name);
> @@ -1117,10 +978,8 @@ gss_destroy(struct rpc_auth *auth)
> spin_unlock(&gss_auth_hash_lock);
> }
>
> - gss_pipe_free(gss_auth->gss_pipe[0]);
> - gss_auth->gss_pipe[0] = NULL;
> - gss_pipe_free(gss_auth->gss_pipe[1]);
> - gss_auth->gss_pipe[1] = NULL;
> + gss_pipe_free(gss_auth->gss_pipe);
> + gss_auth->gss_pipe = NULL;
> rpcauth_destroy_credcache(auth);
>
> gss_put_auth(gss_auth);
> @@ -2179,19 +2038,10 @@ static const struct rpc_credops gss_nullops = {
> .crstringify_acceptor = gss_stringify_acceptor,
> };
>
> -static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
> - .upcall = gss_v0_upcall,
> - .downcall = gss_pipe_downcall,
> - .destroy_msg = gss_pipe_destroy_msg,
> - .open_pipe = gss_pipe_open_v0,
> - .release_pipe = gss_pipe_release,
> -};
> -
> static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
> .upcall = gss_v1_upcall,
> .downcall = gss_pipe_downcall,
> .destroy_msg = gss_pipe_destroy_msg,
> - .open_pipe = gss_pipe_open_v1,
> .release_pipe = gss_pipe_release,
> };
>
> @@ -2226,7 +2076,6 @@ static int __init init_rpcsec_gss(void)
> err = register_pernet_subsys(&rpcsec_gss_net_ops);
> if (err)
> goto out_svc_exit;
> - rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
> return 0;
> out_svc_exit:
> gss_svc_shutdown();
> diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
> index 3ecc194c21ef..633a66bc5df9 100644
> --- a/net/sunrpc/rpc_pipe.c
> +++ b/net/sunrpc/rpc_pipe.c
> @@ -213,19 +213,12 @@ static int
> rpc_pipe_open(struct inode *inode, struct file *filp)
> {
> struct rpc_pipe *pipe;
> - int first_open;
> int res = -ENXIO;
>
> inode_lock(inode);
> pipe = RPC_I(inode)->pipe;
> if (pipe == NULL)
> goto out;
> - first_open = pipe->nreaders == 0 && pipe->nwriters == 0;
> - if (first_open && pipe->ops->open_pipe) {
> - res = pipe->ops->open_pipe(inode);
> - if (res)
> - goto out;
> - }
> if (filp->f_mode & FMODE_READ)
> pipe->nreaders++;
> if (filp->f_mode & FMODE_WRITE)
> --
> 2.33.1
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-01-26 22:48 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-28 19:34 [PATCH] gss: remove legacy gssd upcall pipe J. Bruce Fields
2021-09-28 19:37 ` J. Bruce Fields
2021-09-28 21:17 ` J. Bruce Fields
2021-10-01 13:30 ` [PATCH v2] " J. Bruce Fields
2021-10-03 0:07 ` J. Bruce Fields
2021-11-23 16:57 ` [PATCH v3] " J. Bruce Fields
2022-01-26 22:48 ` J. Bruce Fields
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.