summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
diff options
context:
space:
mode:
authorNicolás Reynolds <fauno@endefensadelsl.org>2014-01-14 03:47:29 +0000
committerNicolás Reynolds <fauno@endefensadelsl.org>2014-01-14 03:47:29 +0000
commit271da49386e259723ef574713339f04886630604 (patch)
tree3357a1b3aa15cfd25145095c41b0a94612ce3635 /kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
parentbcefa96cbc68f340b2aa11c108353993db074e76 (diff)
Tue Jan 14 03:40:13 UTC 2014
Diffstat (limited to 'kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch')
-rw-r--r--kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch233
1 files changed, 233 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
new file mode 100644
index 000000000..805498a70
--- /dev/null
+++ b/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
@@ -0,0 +1,233 @@
+Bugzilla: N/A
+Upstream-status: queued in NFS git tree (for 3.13/3.14?)
+
+rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows
+up under rpc_pipefs. That behavior gives us a reliable mechanism to tell
+whether it's actually running or not.
+
+Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted.
+Under that directory create another directory called "clntXX", and then
+within that a pipe called "gssd".
+
+We'll never send an upcall along that pipe, and any downcall written to
+it will just return -EINVAL.
+
+Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+---
+ include/linux/sunrpc/rpc_pipe_fs.h | 3 +-
+ net/sunrpc/netns.h | 1 +
+ net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++-
+ net/sunrpc/sunrpc_syms.c | 8 +++-
+ 4 files changed, 100 insertions(+), 5 deletions(-)
+
+diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h
+--- linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h 2013-11-21 10:11:17.893026000 -0500
+@@ -64,7 +64,8 @@ enum {
+
+ extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb,
+ const unsigned char *dir_name);
+-extern void rpc_pipefs_init_net(struct net *net);
++extern int rpc_pipefs_init_net(struct net *net);
++extern void rpc_pipefs_exit_net(struct net *net);
+ extern struct super_block *rpc_get_sb_net(const struct net *net);
+ extern void rpc_put_sb_net(const struct net *net);
+
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h 2013-11-21 10:11:17.897029000 -0500
+@@ -14,6 +14,7 @@ struct sunrpc_net {
+ struct cache_detail *rsi_cache;
+
+ struct super_block *pipefs_sb;
++ struct rpc_pipe *gssd_dummy;
+ struct mutex pipefs_sb_lock;
+
+ struct list_head all_clients;
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c 2013-11-21 10:11:17.903026000 -0500
+@@ -38,7 +38,7 @@
+ #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "")
+
+ static struct file_system_type rpc_pipe_fs_type;
+-
++static const struct rpc_pipe_ops gssd_dummy_pipe_ops;
+
+ static struct kmem_cache *rpc_inode_cachep __read_mostly;
+
+@@ -1019,6 +1019,7 @@ enum {
+ RPCAUTH_nfsd4_cb,
+ RPCAUTH_cache,
+ RPCAUTH_nfsd,
++ RPCAUTH_gssd,
+ RPCAUTH_RootEOF
+ };
+
+@@ -1055,6 +1056,10 @@ static const struct rpc_filelist files[]
+ .name = "nfsd",
+ .mode = S_IFDIR | S_IRUGO | S_IXUGO,
+ },
++ [RPCAUTH_gssd] = {
++ .name = "gssd",
++ .mode = S_IFDIR | S_IRUGO | S_IXUGO,
++ },
+ };
+
+ /*
+@@ -1068,13 +1073,25 @@ struct dentry *rpc_d_lookup_sb(const str
+ }
+ EXPORT_SYMBOL_GPL(rpc_d_lookup_sb);
+
+-void rpc_pipefs_init_net(struct net *net)
++int rpc_pipefs_init_net(struct net *net)
+ {
+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
+
++ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0);
++ if (IS_ERR(sn->gssd_dummy))
++ return PTR_ERR(sn->gssd_dummy);
++
+ mutex_init(&sn->pipefs_sb_lock);
+ sn->gssd_running = 1;
+ sn->pipe_version = -1;
++ return 0;
++}
++
++void rpc_pipefs_exit_net(struct net *net)
++{
++ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
++
++ rpc_destroy_pipe_data(sn->gssd_dummy);
+ }
+
+ /*
+@@ -1104,11 +1121,73 @@ void rpc_put_sb_net(const struct net *ne
+ }
+ EXPORT_SYMBOL_GPL(rpc_put_sb_net);
+
++static const struct rpc_filelist gssd_dummy_clnt_dir[] = {
++ [0] = {
++ .name = "clntXX",
++ .mode = S_IFDIR | S_IRUGO | S_IXUGO,
++ },
++};
++
++static ssize_t
++dummy_downcall(struct file *filp, const char __user *src, size_t len)
++{
++ return -EINVAL;
++}
++
++static const struct rpc_pipe_ops gssd_dummy_pipe_ops = {
++ .upcall = rpc_pipe_generic_upcall,
++ .downcall = dummy_downcall,
++};
++
++/**
++ * rpc_gssd_dummy_populate - create a dummy gssd pipe
++ * @root: root of the rpc_pipefs filesystem
++ * @pipe_data: pipe data created when netns is initialized
++ *
++ * Create a dummy set of directories and a pipe that gssd can hold open to
++ * indicate that it is up and running.
++ */
++static struct dentry *
++rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data)
++{
++ int ret = 0;
++ struct dentry *gssd_dentry;
++ struct dentry *clnt_dentry = NULL;
++ struct dentry *pipe_dentry = NULL;
++ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name,
++ strlen(files[RPCAUTH_gssd].name));
++
++ /* We should never get this far if "gssd" doesn't exist */
++ gssd_dentry = d_hash_and_lookup(root, &q);
++ if (!gssd_dentry)
++ return ERR_PTR(-ENOENT);
++
++ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL);
++ if (ret) {
++ pipe_dentry = ERR_PTR(ret);
++ goto out;
++ }
++
++ q.name = gssd_dummy_clnt_dir[0].name;
++ q.len = strlen(gssd_dummy_clnt_dir[0].name);
++ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q);
++ if (!clnt_dentry) {
++ pipe_dentry = ERR_PTR(-ENOENT);
++ goto out;
++ }
++
++ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data);
++out:
++ dput(clnt_dentry);
++ dput(gssd_dentry);
++ return pipe_dentry;
++}
++
+ static int
+ rpc_fill_super(struct super_block *sb, void *data, int silent)
+ {
+ struct inode *inode;
+- struct dentry *root;
++ struct dentry *root, *gssd_dentry;
+ struct net *net = data;
+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
+ int err;
+@@ -1126,6 +1205,13 @@ rpc_fill_super(struct super_block *sb, v
+ return -ENOMEM;
+ if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL))
+ return -ENOMEM;
++
++ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy);
++ if (IS_ERR(gssd_dentry)) {
++ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF);
++ return PTR_ERR(gssd_dentry);
++ }
++
+ dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n",
+ net, NET_NAME(net));
+ mutex_lock(&sn->pipefs_sb_lock);
+@@ -1140,6 +1226,7 @@ rpc_fill_super(struct super_block *sb, v
+ return 0;
+
+ err_depopulate:
++ dput(gssd_dentry);
+ blocking_notifier_call_chain(&rpc_pipefs_notifier_list,
+ RPC_PIPEFS_UMOUNT,
+ sb);
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c 2013-11-21 10:11:17.908026000 -0500
+@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(st
+ if (err)
+ goto err_unixgid;
+
+- rpc_pipefs_init_net(net);
++ err = rpc_pipefs_init_net(net);
++ if (err)
++ goto err_pipefs;
++
+ INIT_LIST_HEAD(&sn->all_clients);
+ spin_lock_init(&sn->rpc_client_lock);
+ spin_lock_init(&sn->rpcb_clnt_lock);
+ return 0;
+
++err_pipefs:
++ unix_gid_cache_destroy(net);
+ err_unixgid:
+ ip_map_cache_destroy(net);
+ err_ipmap:
+@@ -60,6 +65,7 @@ err_proc:
+
+ static __net_exit void sunrpc_exit_net(struct net *net)
+ {
++ rpc_pipefs_exit_net(net);
+ unix_gid_cache_destroy(net);
+ ip_map_cache_destroy(net);
+ rpc_proc_exit(net);
+