9fc2f99030
Two significant security enhancements are part of this release: * NFSD's RPC header encoding and decoding, including RPCSEC GSS and gssproxy header parsing, has been overhauled to make it more memory-safe. * Support for Kerberos AES-SHA2-based encryption types has been added for both the NFS client and server. This provides a clean path for deprecating and removing insecure encryption types based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so that NFS with Kerberos may now be used on systems with fips enabled. In addition to these, NFSD is now able to handle crossing into an auto-mounted mount point on an exported NFS mount. A number of fixes have been made to NFSD's server-side copy implementation. RPC metrics have been converted to per-CPU variables. This helps reduce unnecessary cross-CPU and cross-node memory bus traffic, and significantly reduces noise when KCSAN is enabled. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmPzgiYACgkQM2qzM29m f5dB2A//eqjpj+FgAN+UjygrwMC4ahAsPX3Sc3FG8/lTAiao3NFVFY2gxAiCPyVE CFk+tUyfL23oXvbyfIBe3LhxSBOf621xU6up2OzqAzJqh1Q9iUWB6as3I14to8ZU sWpxXo5ofwk1hzkbrvOAVkyfY0emwsr00iBeWMawkpBe8FZEQA31OYj3/xHr6bBI zEVlZPBZAZlp0DZ74tb+bBLs/EOnqKj+XLWcogCH13JB3sn2umF6cQNkYgsxvHGa TNQi4LEdzWZGme242LfBRiGGwm1xuVIjlAhYV/R1wIjaknE3QBzqfXc6lJx74WII HaqpRJGrKqdo7B+1gaXCl/AMS7YluED1CBrxuej0wBG7l2JEB7m2MFMQ4LTQjgsn nrr3P70DgbB4LuPCPyUS7dtsMmUXabIqP7niiCR4T1toH6lBmHAgEi4cFmkzg7Cd EoFzn888mtDpfx4fghcsRWS5oKXEzbPJfu5+IZOD63+UB+NGpi0Xo2s23sJPK8vz kqK/X63JYOUxWUvK0zkj/c/wW1cLqIaBwnSKbShou5/BL+cZVI+uJYrnEesgpoB2 5fh/cZv3hdcoOPO7OfcjCLQYy4J6RCWajptnk/hcS3lMvBTBrnq697iAqCVURDKU Xfmlf7XbBwje+sk4eHgqVGEqqVjrEmoqbmA2OS44WSS5LDvxXdI= =ZG/7 -----END PGP SIGNATURE----- Merge tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux Pull nfsd updates from Chuck Lever: "Two significant security enhancements are part of this release: - NFSD's RPC header encoding and decoding, including RPCSEC GSS and gssproxy header parsing, has been overhauled to make it more memory-safe. - Support for Kerberos AES-SHA2-based encryption types has been added for both the NFS client and server. This provides a clean path for deprecating and removing insecure encryption types based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so that NFS with Kerberos may now be used on systems with fips enabled. In addition to these, NFSD is now able to handle crossing into an auto-mounted mount point on an exported NFS mount. A number of fixes have been made to NFSD's server-side copy implementation. RPC metrics have been converted to per-CPU variables. This helps reduce unnecessary cross-CPU and cross-node memory bus traffic, and significantly reduces noise when KCSAN is enabled" * tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (121 commits) NFSD: Clean up nfsd_symlink() NFSD: copy the whole verifier in nfsd_copy_write_verifier nfsd: don't fsync nfsd_files on last close SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open NFSD: fix problems with cleanup on errors in nfsd4_copy nfsd: fix race to check ls_layouts nfsd: don't hand out delegation on setuid files being opened for write SUNRPC: Remove ->xpo_secure_port() SUNRPC: Clean up the svc_xprt_flags() macro nfsd: remove fs/nfsd/fault_inject.c NFSD: fix leaked reference count of nfsd4_ssc_umount_item nfsd: clean up potential nfsd_file refcount leaks in COPY codepath nfsd: zero out pointers after putting nfsd_files on COPY setup error SUNRPC: Fix whitespace damage in svcauth_unix.c nfsd: eliminate __nfs4_get_fd nfsd: add some kerneldoc comments for stateid preprocessing functions nfsd: eliminate find_deleg_file_locked nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS SUNRPC: Add encryption self-tests ...
156 lines
3.9 KiB
C
156 lines
3.9 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (c) 2015, Primary Data, Inc. All rights reserved.
|
|
*
|
|
* Tao Peng <bergwolf@primarydata.com>
|
|
*/
|
|
#include <linux/dcache.h>
|
|
#include <linux/exportfs.h>
|
|
#include <linux/nfs.h>
|
|
#include <linux/nfs_fs.h>
|
|
|
|
#include "internal.h"
|
|
#include "nfstrace.h"
|
|
|
|
#define NFSDBG_FACILITY NFSDBG_VFS
|
|
|
|
enum {
|
|
FILEID_HIGH_OFF = 0, /* inode fileid high */
|
|
FILEID_LOW_OFF, /* inode fileid low */
|
|
FILE_I_TYPE_OFF, /* inode type */
|
|
EMBED_FH_OFF /* embeded server fh */
|
|
};
|
|
|
|
|
|
static struct nfs_fh *nfs_exp_embedfh(__u32 *p)
|
|
{
|
|
return (struct nfs_fh *)(p + EMBED_FH_OFF);
|
|
}
|
|
|
|
/*
|
|
* Let's break subtree checking for now... otherwise we'll have to embed parent fh
|
|
* but there might not be enough space.
|
|
*/
|
|
static int
|
|
nfs_encode_fh(struct inode *inode, __u32 *p, int *max_len, struct inode *parent)
|
|
{
|
|
struct nfs_fh *server_fh = NFS_FH(inode);
|
|
struct nfs_fh *clnt_fh = nfs_exp_embedfh(p);
|
|
size_t fh_size = offsetof(struct nfs_fh, data) + server_fh->size;
|
|
int len = EMBED_FH_OFF + XDR_QUADLEN(fh_size);
|
|
|
|
dprintk("%s: max fh len %d inode %p parent %p",
|
|
__func__, *max_len, inode, parent);
|
|
|
|
if (*max_len < len) {
|
|
dprintk("%s: fh len %d too small, required %d\n",
|
|
__func__, *max_len, len);
|
|
*max_len = len;
|
|
return FILEID_INVALID;
|
|
}
|
|
|
|
p[FILEID_HIGH_OFF] = NFS_FILEID(inode) >> 32;
|
|
p[FILEID_LOW_OFF] = NFS_FILEID(inode);
|
|
p[FILE_I_TYPE_OFF] = inode->i_mode & S_IFMT;
|
|
p[len - 1] = 0; /* Padding */
|
|
nfs_copy_fh(clnt_fh, server_fh);
|
|
*max_len = len;
|
|
dprintk("%s: result fh fileid %llu mode %u size %d\n",
|
|
__func__, NFS_FILEID(inode), inode->i_mode, *max_len);
|
|
return *max_len;
|
|
}
|
|
|
|
static struct dentry *
|
|
nfs_fh_to_dentry(struct super_block *sb, struct fid *fid,
|
|
int fh_len, int fh_type)
|
|
{
|
|
struct nfs_fattr *fattr = NULL;
|
|
struct nfs_fh *server_fh = nfs_exp_embedfh(fid->raw);
|
|
size_t fh_size = offsetof(struct nfs_fh, data) + server_fh->size;
|
|
const struct nfs_rpc_ops *rpc_ops;
|
|
struct dentry *dentry;
|
|
struct inode *inode;
|
|
int len = EMBED_FH_OFF + XDR_QUADLEN(fh_size);
|
|
u32 *p = fid->raw;
|
|
int ret;
|
|
|
|
/* NULL translates to ESTALE */
|
|
if (fh_len < len || fh_type != len)
|
|
return NULL;
|
|
|
|
fattr = nfs_alloc_fattr_with_label(NFS_SB(sb));
|
|
if (fattr == NULL) {
|
|
dentry = ERR_PTR(-ENOMEM);
|
|
goto out;
|
|
}
|
|
|
|
fattr->fileid = ((u64)p[FILEID_HIGH_OFF] << 32) + p[FILEID_LOW_OFF];
|
|
fattr->mode = p[FILE_I_TYPE_OFF];
|
|
fattr->valid |= NFS_ATTR_FATTR_FILEID | NFS_ATTR_FATTR_TYPE;
|
|
|
|
dprintk("%s: fileid %llu mode %d\n", __func__, fattr->fileid, fattr->mode);
|
|
|
|
inode = nfs_ilookup(sb, fattr, server_fh);
|
|
if (inode)
|
|
goto out_found;
|
|
|
|
rpc_ops = NFS_SB(sb)->nfs_client->rpc_ops;
|
|
ret = rpc_ops->getattr(NFS_SB(sb), server_fh, fattr, NULL);
|
|
if (ret) {
|
|
dprintk("%s: getattr failed %d\n", __func__, ret);
|
|
trace_nfs_fh_to_dentry(sb, server_fh, fattr->fileid, ret);
|
|
dentry = ERR_PTR(ret);
|
|
goto out_free_fattr;
|
|
}
|
|
|
|
inode = nfs_fhget(sb, server_fh, fattr);
|
|
|
|
out_found:
|
|
dentry = d_obtain_alias(inode);
|
|
out_free_fattr:
|
|
nfs_free_fattr(fattr);
|
|
out:
|
|
return dentry;
|
|
}
|
|
|
|
static struct dentry *
|
|
nfs_get_parent(struct dentry *dentry)
|
|
{
|
|
int ret;
|
|
struct inode *inode = d_inode(dentry), *pinode;
|
|
struct super_block *sb = inode->i_sb;
|
|
struct nfs_server *server = NFS_SB(sb);
|
|
struct nfs_fattr *fattr = NULL;
|
|
struct dentry *parent;
|
|
struct nfs_rpc_ops const *ops = server->nfs_client->rpc_ops;
|
|
struct nfs_fh fh;
|
|
|
|
if (!ops->lookupp)
|
|
return ERR_PTR(-EACCES);
|
|
|
|
fattr = nfs_alloc_fattr_with_label(server);
|
|
if (fattr == NULL)
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
ret = ops->lookupp(inode, &fh, fattr);
|
|
if (ret) {
|
|
parent = ERR_PTR(ret);
|
|
goto out;
|
|
}
|
|
|
|
pinode = nfs_fhget(sb, &fh, fattr);
|
|
parent = d_obtain_alias(pinode);
|
|
out:
|
|
nfs_free_fattr(fattr);
|
|
return parent;
|
|
}
|
|
|
|
const struct export_operations nfs_export_ops = {
|
|
.encode_fh = nfs_encode_fh,
|
|
.fh_to_dentry = nfs_fh_to_dentry,
|
|
.get_parent = nfs_get_parent,
|
|
.flags = EXPORT_OP_NOWCC|EXPORT_OP_NOSUBTREECHK|
|
|
EXPORT_OP_CLOSE_BEFORE_UNLINK|EXPORT_OP_REMOTE_FS|
|
|
EXPORT_OP_NOATOMIC_ATTR,
|
|
};
|