1. 15 Jan, 2019 1 commit
  2. 02 Jan, 2019 5 commits
  3. 31 Dec, 2018 1 commit
  4. 28 Dec, 2018 3 commits
  5. 21 Dec, 2018 5 commits
    • Chris Perl's avatar
      NFS: nfs_compare_mount_options always compare auth flavors. · 594d1644
      Chris Perl authored
      This patch removes the check from nfs_compare_mount_options to see if a
      `sec' option was passed for the current mount before comparing auth
      flavors and instead just always compares auth flavors.
      Consider the following scenario:
      You have a server with the address and two exports /export/a
      and /export/b.  The first export supports `sys' and `krb5' security, the
      second just `sys'.
      Assume you start with no mounts from the server.
      The following results in EIOs being returned as the kernel nfs client
      incorrectly thinks it can share the underlying `struct nfs_server's:
      $ mkdir /tmp/{a,b}
      $ sudo mount -t nfs -o vers=3,sec=krb5 /tmp/a
      $ sudo mount -t nfs -o vers=3 /tmp/b
      $ df >/dev/null
      df: ‘/tmp/b’: Input/output error
      Signed-off-by: default avatarChris Perl <cperl@janestreet.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
    • Al Viro's avatar
      LSM: new method: ->sb_add_mnt_opt() · 757cbe59
      Al Viro authored
      Adding options to growing mnt_opts.  NFS kludge with passing
      context= down into non-text-options mount switched to it, and
      with that the last use of ->sb_parse_opts_str() is gone.
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    • Al Viro's avatar
      LSM: hide struct security_mnt_opts from any generic code · 204cc0cc
      Al Viro authored
      Keep void * instead, allocate on demand (in parse_str_opts, at the
      moment).  Eventually both selinux and smack will be better off
      with private structures with several strings in those, rather than
      this "counter and two pointers to dynamically allocated arrays"
      ugliness.  This commit allows to do that at leisure, without
      disrupting anything outside of given module.
      	* instead of struct security_mnt_opt use an opaque pointer
      initialized to NULL.
      	* security_sb_eat_lsm_opts(), security_sb_parse_opts_str() and
      security_free_mnt_opts() take it as var argument (i.e. as void **);
      call sites are unchanged.
      	* security_sb_set_mnt_opts() and security_sb_remount() take
      it by value (i.e. as void *).
      	* new method: ->sb_free_mnt_opts().  Takes void *, does
      whatever freeing that needs to be done.
      	* ->sb_set_mnt_opts() and ->sb_remount() might get NULL as
      mnt_opts argument, meaning "empty".
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    • Al Viro's avatar
      nfs_remount(): don't leak, don't ignore LSM options quietly · 6a0440e5
      Al Viro authored
      * if mount(2) passes something like "context=foo" with MS_REMOUNT
      in flags (/sbin/mount.nfs will _not_ do that - you need to issue
      the syscall manually), you'll get leaked copies for LSM options.
      The reason is that instead of nfs_{alloc,free}_parsed_mount_data()
      nfs_remount() uses kzalloc/kfree, which lacks the needed cleanup.
      * selinux options are not changed on remount (as for any other
      fs), but in case of NFS the failure is quiet - they are not compared
      to what we used to have, with complaint in case of attempted changes.
      Trivially fixed by converting to use of security_sb_remount().
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    • Al Viro's avatar
      new helper: security_sb_eat_lsm_opts() · f5c0c26d
      Al Viro authored
      combination of alloc_secdata(), security_sb_copy_data(),
      security_sb_parse_opt_str() and free_secdata().
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
  6. 19 Dec, 2018 12 commits
  7. 02 Dec, 2018 2 commits
    • Dave Kleikamp's avatar
      nfs: don't dirty kernel pages read by direct-io · ad3cba22
      Dave Kleikamp authored
      When we use direct_IO with an NFS backing store, we can trigger a
      WARNING in __set_page_dirty(), as below, since we're dirtying the page
      unnecessarily in nfs_direct_read_completion().
      To fix, replicate the logic in commit 53cbf3b1 ("fs: direct-io:
      don't dirtying pages for ITER_BVEC/ITER_KVEC direct read").
      Other filesystems that implement direct_IO handle this; most use
      blockdev_direct_IO(). ceph and cifs have similar logic.
      mount /nfs
      dd if=/dev/zero of=/nfs/image bs=1M count=200
      losetup --direct-io=on -f /nfs/image
      mkfs.btrfs /dev/loop0
      mount -t btrfs /dev/loop0 /mnt/
      kernel: WARNING: CPU: 0 PID: 8067 at fs/buffer.c:580 __set_page_dirty+0xaf/0xd0
      kernel: Modules linked in: loop(E) nfsv3(E) rpcsec_gss_krb5(E) nfsv4(E) dns_resolver(E) nfs(E) fscache(E) nfsd(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) fuse(E) tun(E) ip6t_rpfilter(E) ipt_REJECT(E) nf_
      kernel:  snd_seq(E) snd_seq_device(E) snd_pcm(E) video(E) snd_timer(E) snd(E) soundcore(E) ip_tables(E) xfs(E) libcrc32c(E) sd_mod(E) sr_mod(E) cdrom(E) ata_generic(E) pata_acpi(E) crc32c_intel(E) ahci(E) li
      kernel: CPU: 0 PID: 8067 Comm: kworker/0:2 Tainted: G            E     4.20.0-rc1.master.20181111.ol7.x86_64 #1
      kernel: Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
      kernel: Workqueue: nfsiod rpc_async_release [sunrpc]
      kernel: RIP: 0010:__set_page_dirty+0xaf/0xd0
      kernel: Code: c3 48 8b 02 f6 c4 04 74 d4 48 89 df e8 ba 05 f7 ff 48 89 c6 eb cb 48 8b 43 08 a8 01 75 1f 48 89 d8 48 8b 00 a8 04 74 02 eb 87 <0f> 0b eb 83 48 83 e8 01 eb 9f 48 83 ea 01 0f 1f 00 eb 8b 48 83 e8
      kernel: RSP: 0000:ffffc1c8825b7d78 EFLAGS: 00013046
      kernel: RAX: 000fffffc0020089 RBX: fffff2b603308b80 RCX: 0000000000000001
      kernel: RDX: 0000000000000001 RSI: ffff9d11478115c8 RDI: ffff9d11478115d0
      kernel: RBP: ffffc1c8825b7da0 R08: 0000646f6973666e R09: 8080808080808080
      kernel: R10: 0000000000000001 R11: 0000000000000000 R12: ffff9d11478115d0
      kernel: R13: ffff9d11478115c8 R14: 0000000000003246 R15: 0000000000000001
      kernel: FS:  0000000000000000(0000) GS:ffff9d115ba00000(0000) knlGS:0000000000000000
      kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      kernel: CR2: 00007f408686f640 CR3: 0000000104d8e004 CR4: 00000000000606f0
      kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      kernel: Call Trace:
      kernel:  __set_page_dirty_buffers+0xb6/0x110
      kernel:  set_page_dirty+0x52/0xb0
      kernel:  nfs_direct_read_completion+0xc4/0x120 [nfs]
      kernel:  nfs_pgio_release+0x10/0x20 [nfs]
      kernel:  rpc_free_task+0x30/0x70 [sunrpc]
      kernel:  rpc_async_release+0x12/0x20 [sunrpc]
      kernel:  process_one_work+0x174/0x390
      kernel:  worker_thread+0x4f/0x3e0
      kernel:  kthread+0x102/0x140
      kernel:  ? drain_workqueue+0x130/0x130
      kernel:  ? kthread_stop+0x110/0x110
      kernel:  ret_from_fork+0x35/0x40
      kernel: ---[ end trace 01341980905412c9 ]---
      Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
      Signed-off-by: default avatarSantosh Shilimkar <santosh.shilimkar@oracle.com>
      [forward-ported to v4.20]
      Signed-off-by: default avatarCalum Mackay <calum.mackay@oracle.com>
      Reviewed-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
      Reviewed-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
    • Tigran Mkrtchyan's avatar
      flexfiles: enforce per-mirror stateid only for v4 DSes · 320f35b7
      Tigran Mkrtchyan authored
      Since commit bb21ce0a we always enforce per-mirror stateid.
      However, this makes sense only for v4+ servers.
      Signed-off-by: default avatarTigran Mkrtchyan <tigran.mkrtchyan@desy.de>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
  8. 30 Nov, 2018 1 commit
  9. 22 Nov, 2018 2 commits
  10. 20 Nov, 2018 1 commit
  11. 13 Nov, 2018 1 commit
  12. 12 Nov, 2018 2 commits
  13. 01 Nov, 2018 1 commit
  14. 29 Oct, 2018 3 commits