diff options
author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-01-14 03:47:29 +0000 |
---|---|---|
committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-01-14 03:47:29 +0000 |
commit | 271da49386e259723ef574713339f04886630604 (patch) | |
tree | 3357a1b3aa15cfd25145095c41b0a94612ce3635 /kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch | |
parent | bcefa96cbc68f340b2aa11c108353993db074e76 (diff) |
Tue Jan 14 03:40:13 UTC 2014
Diffstat (limited to 'kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch')
-rw-r--r-- | kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch new file mode 100644 index 000000000..805498a70 --- /dev/null +++ b/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch @@ -0,0 +1,233 @@ +Bugzilla: N/A +Upstream-status: queued in NFS git tree (for 3.13/3.14?) + +rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows +up under rpc_pipefs. That behavior gives us a reliable mechanism to tell +whether it's actually running or not. + +Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted. +Under that directory create another directory called "clntXX", and then +within that a pipe called "gssd". + +We'll never send an upcall along that pipe, and any downcall written to +it will just return -EINVAL. + +Signed-off-by: Jeff Layton <jlayton@redhat.com> +Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> +--- + include/linux/sunrpc/rpc_pipe_fs.h | 3 +- + net/sunrpc/netns.h | 1 + + net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++- + net/sunrpc/sunrpc_syms.c | 8 +++- + 4 files changed, 100 insertions(+), 5 deletions(-) + +diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h +--- linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h 2013-11-21 10:11:17.893026000 -0500 +@@ -64,7 +64,8 @@ enum { + + extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb, + const unsigned char *dir_name); +-extern void rpc_pipefs_init_net(struct net *net); ++extern int rpc_pipefs_init_net(struct net *net); ++extern void rpc_pipefs_exit_net(struct net *net); + extern struct super_block *rpc_get_sb_net(const struct net *net); + extern void rpc_put_sb_net(const struct net *net); + +diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h +--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h 2013-11-21 10:11:17.897029000 -0500 +@@ -14,6 +14,7 @@ struct sunrpc_net { + struct cache_detail *rsi_cache; + + struct super_block *pipefs_sb; ++ struct rpc_pipe *gssd_dummy; + struct mutex pipefs_sb_lock; + + struct list_head all_clients; +diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c +--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c 2013-11-21 10:11:17.903026000 -0500 +@@ -38,7 +38,7 @@ + #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "") + + static struct file_system_type rpc_pipe_fs_type; +- ++static const struct rpc_pipe_ops gssd_dummy_pipe_ops; + + static struct kmem_cache *rpc_inode_cachep __read_mostly; + +@@ -1019,6 +1019,7 @@ enum { + RPCAUTH_nfsd4_cb, + RPCAUTH_cache, + RPCAUTH_nfsd, ++ RPCAUTH_gssd, + RPCAUTH_RootEOF + }; + +@@ -1055,6 +1056,10 @@ static const struct rpc_filelist files[] + .name = "nfsd", + .mode = S_IFDIR | S_IRUGO | S_IXUGO, + }, ++ [RPCAUTH_gssd] = { ++ .name = "gssd", ++ .mode = S_IFDIR | S_IRUGO | S_IXUGO, ++ }, + }; + + /* +@@ -1068,13 +1073,25 @@ struct dentry *rpc_d_lookup_sb(const str + } + EXPORT_SYMBOL_GPL(rpc_d_lookup_sb); + +-void rpc_pipefs_init_net(struct net *net) ++int rpc_pipefs_init_net(struct net *net) + { + struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + ++ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0); ++ if (IS_ERR(sn->gssd_dummy)) ++ return PTR_ERR(sn->gssd_dummy); ++ + mutex_init(&sn->pipefs_sb_lock); + sn->gssd_running = 1; + sn->pipe_version = -1; ++ return 0; ++} ++ ++void rpc_pipefs_exit_net(struct net *net) ++{ ++ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); ++ ++ rpc_destroy_pipe_data(sn->gssd_dummy); + } + + /* +@@ -1104,11 +1121,73 @@ void rpc_put_sb_net(const struct net *ne + } + EXPORT_SYMBOL_GPL(rpc_put_sb_net); + ++static const struct rpc_filelist gssd_dummy_clnt_dir[] = { ++ [0] = { ++ .name = "clntXX", ++ .mode = S_IFDIR | S_IRUGO | S_IXUGO, ++ }, ++}; ++ ++static ssize_t ++dummy_downcall(struct file *filp, const char __user *src, size_t len) ++{ ++ return -EINVAL; ++} ++ ++static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { ++ .upcall = rpc_pipe_generic_upcall, ++ .downcall = dummy_downcall, ++}; ++ ++/** ++ * rpc_gssd_dummy_populate - create a dummy gssd pipe ++ * @root: root of the rpc_pipefs filesystem ++ * @pipe_data: pipe data created when netns is initialized ++ * ++ * Create a dummy set of directories and a pipe that gssd can hold open to ++ * indicate that it is up and running. ++ */ ++static struct dentry * ++rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) ++{ ++ int ret = 0; ++ struct dentry *gssd_dentry; ++ struct dentry *clnt_dentry = NULL; ++ struct dentry *pipe_dentry = NULL; ++ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name, ++ strlen(files[RPCAUTH_gssd].name)); ++ ++ /* We should never get this far if "gssd" doesn't exist */ ++ gssd_dentry = d_hash_and_lookup(root, &q); ++ if (!gssd_dentry) ++ return ERR_PTR(-ENOENT); ++ ++ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL); ++ if (ret) { ++ pipe_dentry = ERR_PTR(ret); ++ goto out; ++ } ++ ++ q.name = gssd_dummy_clnt_dir[0].name; ++ q.len = strlen(gssd_dummy_clnt_dir[0].name); ++ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q); ++ if (!clnt_dentry) { ++ pipe_dentry = ERR_PTR(-ENOENT); ++ goto out; ++ } ++ ++ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); ++out: ++ dput(clnt_dentry); ++ dput(gssd_dentry); ++ return pipe_dentry; ++} ++ + static int + rpc_fill_super(struct super_block *sb, void *data, int silent) + { + struct inode *inode; +- struct dentry *root; ++ struct dentry *root, *gssd_dentry; + struct net *net = data; + struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + int err; +@@ -1126,6 +1205,13 @@ rpc_fill_super(struct super_block *sb, v + return -ENOMEM; + if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL)) + return -ENOMEM; ++ ++ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy); ++ if (IS_ERR(gssd_dentry)) { ++ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF); ++ return PTR_ERR(gssd_dentry); ++ } ++ + dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n", + net, NET_NAME(net)); + mutex_lock(&sn->pipefs_sb_lock); +@@ -1140,6 +1226,7 @@ rpc_fill_super(struct super_block *sb, v + return 0; + + err_depopulate: ++ dput(gssd_dentry); + blocking_notifier_call_chain(&rpc_pipefs_notifier_list, + RPC_PIPEFS_UMOUNT, + sb); +diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c +--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig 2013-09-02 16:46:10.000000000 -0400 ++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c 2013-11-21 10:11:17.908026000 -0500 +@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(st + if (err) + goto err_unixgid; + +- rpc_pipefs_init_net(net); ++ err = rpc_pipefs_init_net(net); ++ if (err) ++ goto err_pipefs; ++ + INIT_LIST_HEAD(&sn->all_clients); + spin_lock_init(&sn->rpc_client_lock); + spin_lock_init(&sn->rpcb_clnt_lock); + return 0; + ++err_pipefs: ++ unix_gid_cache_destroy(net); + err_unixgid: + ip_map_cache_destroy(net); + err_ipmap: +@@ -60,6 +65,7 @@ err_proc: + + static __net_exit void sunrpc_exit_net(struct net *net) + { ++ rpc_pipefs_exit_net(net); + unix_gid_cache_destroy(net); + ip_map_cache_destroy(net); + rpc_proc_exit(net); + |