Merge tag 'nfs-for-3.12-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes (part 2) from Trond Myklebust:
 "Bugfixes:
   - Fix a few credential reference leaks resulting from the
     SP4_MACH_CRED NFSv4.1 state protection code.
   - Fix the SUNRPC bloatometer footprint: convert a 256K hashtable into
     the intended 64 byte structure.
   - Fix a long standing XDR issue with FREE_STATEID
   - Fix a potential WARN_ON spamming issue
   - Fix a missing dprintk() kuid conversion

  New features:
   - Enable the NFSv4.1 state protection support for the WRITE and
     COMMIT operations"

* tag 'nfs-for-3.12-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  SUNRPC: No, I did not intend to create a 256KiB hashtable
  sunrpc: Add missing kuids conversion for printing
  NFSv4.1: sp4_mach_cred: WARN_ON -> WARN_ON_ONCE
  NFSv4.1: sp4_mach_cred: no need to ref count creds
  NFSv4.1: fix SECINFO* use of put_rpccred
  NFSv4.1: sp4_mach_cred: ask for WRITE and COMMIT
  NFSv4.1 fix decode_free_stateid

diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h
index f520a1113b38b53e6eeb4ec589f75bb401d03d95..28842abafab45ad8b351e96f0ba06517b6676b28 100644 (file)
--- a/fs/nfs/nfs4_fs.h
+++ b/fs/nfs/nfs4_fs.h
@@ -279,15 +279,15 @@ _nfs4_state_protect(struct nfs_client *clp, unsigned long sp4_mode,
        if (test_bit(sp4_mode, &clp->cl_sp4_flags)) {
                spin_lock(&clp->cl_lock);
                if (clp->cl_machine_cred != NULL)
-                       newcred = get_rpccred(clp->cl_machine_cred);
+                       /* don't call get_rpccred on the machine cred -
+                        * a reference will be held for life of clp */
+                       newcred = clp->cl_machine_cred;
                spin_unlock(&clp->cl_lock);
-               if (msg->rpc_cred)
-                       put_rpccred(msg->rpc_cred);
                msg->rpc_cred = newcred;
 
                flavor = clp->cl_rpcclient->cl_auth->au_flavor;
-               WARN_ON(flavor != RPC_AUTH_GSS_KRB5I &&
-                       flavor != RPC_AUTH_GSS_KRB5P);
+               WARN_ON_ONCE(flavor != RPC_AUTH_GSS_KRB5I &&
+                            flavor != RPC_AUTH_GSS_KRB5P);
                *clntp = clp->cl_rpcclient;
 
                return true;

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 39b6cf2d1683fae228f71d1954383f53550e0439..989bb9d3074d0d4c88d63a486f05491423b090d4 100644 (file)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6001,10 +6001,12 @@ static int _nfs4_proc_secinfo(struct inode *dir, const struct qstr *name, struct
                .rpc_resp = &res,
        };
        struct rpc_clnt *clnt = NFS_SERVER(dir)->client;
+       struct rpc_cred *cred = NULL;
 
        if (use_integrity) {
                clnt = NFS_SERVER(dir)->nfs_client->cl_rpcclient;
-               msg.rpc_cred = nfs4_get_clid_cred(NFS_SERVER(dir)->nfs_client);
+               cred = nfs4_get_clid_cred(NFS_SERVER(dir)->nfs_client);
+               msg.rpc_cred = cred;
        }
 
        dprintk("NFS call  secinfo %s\n", name->name);
@@ -6016,8 +6018,8 @@ static int _nfs4_proc_secinfo(struct inode *dir, const struct qstr *name, struct
                                &res.seq_res, 0);
        dprintk("NFS reply  secinfo: %d\n", status);
 
-       if (msg.rpc_cred)
-               put_rpccred(msg.rpc_cred);
+       if (cred)
+               put_rpccred(cred);
 
        return status;
 }
@@ -6151,11 +6153,13 @@ static const struct nfs41_state_protection nfs4_sp4_mach_cred_request = {
        },
        .allow.u.words = {
                [0] = 1 << (OP_CLOSE) |
-                     1 << (OP_LOCKU),
+                     1 << (OP_LOCKU) |
+                     1 << (OP_COMMIT),
                [1] = 1 << (OP_SECINFO - 32) |
                      1 << (OP_SECINFO_NO_NAME - 32) |
                      1 << (OP_TEST_STATEID - 32) |
-                     1 << (OP_FREE_STATEID - 32)
+                     1 << (OP_FREE_STATEID - 32) |
+                     1 << (OP_WRITE - 32)
        }
 };
 
@@ -7496,11 +7500,13 @@ _nfs41_proc_secinfo_no_name(struct nfs_server *server, struct nfs_fh *fhandle,
                .rpc_resp = &res,
        };
        struct rpc_clnt *clnt = server->client;
+       struct rpc_cred *cred = NULL;
        int status;
 
        if (use_integrity) {
                clnt = server->nfs_client->cl_rpcclient;
-               msg.rpc_cred = nfs4_get_clid_cred(server->nfs_client);
+               cred = nfs4_get_clid_cred(server->nfs_client);
+               msg.rpc_cred = cred;
        }
 
        dprintk("--> %s\n", __func__);
@@ -7508,8 +7514,8 @@ _nfs41_proc_secinfo_no_name(struct nfs_server *server, struct nfs_fh *fhandle,
                                &res.seq_res, 0);
        dprintk("<-- %s status=%d\n", __func__, status);
 
-       if (msg.rpc_cred)
-               put_rpccred(msg.rpc_cred);
+       if (cred)
+               put_rpccred(cred);
 
        return status;
 }

diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index fbdad9e1719fd6ea52548edb4443e4b2a4201582..79210d23f60770cfc3e7ede9d4156a299f45ee01 100644 (file)
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -414,7 +414,7 @@ static int nfs4_stat_to_errno(int);
 #define decode_test_stateid_maxsz      (op_decode_hdr_maxsz + 2 + 1)
 #define encode_free_stateid_maxsz      (op_encode_hdr_maxsz + 1 + \
                                         XDR_QUADLEN(NFS4_STATEID_SIZE))
-#define decode_free_stateid_maxsz      (op_decode_hdr_maxsz + 1)
+#define decode_free_stateid_maxsz      (op_decode_hdr_maxsz)
 #else /* CONFIG_NFS_V4_1 */
 #define encode_sequence_maxsz  0
 #define decode_sequence_maxsz  0
@@ -5966,21 +5966,8 @@ out:
 static int decode_free_stateid(struct xdr_stream *xdr,
                               struct nfs41_free_stateid_res *res)
 {
-       __be32 *p;
-       int status;
-
-       status = decode_op_hdr(xdr, OP_FREE_STATEID);
-       if (status)
-               return status;
-
-       p = xdr_inline_decode(xdr, 4);
-       if (unlikely(!p))
-               goto out_overflow;
-       res->status = be32_to_cpup(p++);
+       res->status = decode_op_hdr(xdr, OP_FREE_STATEID);
        return res->status;
-out_overflow:
-       print_overflow_msg(__func__, xdr);
-       return -EIO;
 }
 #endif /* CONFIG_NFS_V4_1 */
 

diff --git a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c
index f6d84be4905080fee435fcd2adec265d0562a5c5..ed04869b2d4f4f097ea85e8fe899c2ea262a0aca 100644 (file)
--- a/net/sunrpc/auth_generic.c
+++ b/net/sunrpc/auth_generic.c
@@ -239,7 +239,7 @@ generic_key_timeout(struct rpc_auth *auth, struct rpc_cred *cred)
                if (test_and_clear_bit(RPC_CRED_KEY_EXPIRE_SOON,
                                        &acred->ac_flags))
                        dprintk("RPC:        UID %d Credential key reset\n",
-                               tcred->cr_uid);
+                               from_kuid(&init_user_ns, tcred->cr_uid));
                /* set up fasttrack for the normal case */
                set_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags);
        }

diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 30eb502135bb93f4d43b9789936d48bd50459a77..fcac5d14171779a32599e6b4111b75a8e94a15aa 100644 (file)
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -75,7 +75,7 @@ static unsigned int gss_key_expire_timeo = GSS_KEY_EXPIRE_TIMEO;
  * using integrity (two 4-byte integers): */
 #define GSS_VERF_SLACK         100
 
-static DEFINE_HASHTABLE(gss_auth_hash_table, 16);
+static DEFINE_HASHTABLE(gss_auth_hash_table, 4);
 static DEFINE_SPINLOCK(gss_auth_hash_lock);
 
 struct gss_pipe {