Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 LT |
2 | /* |
3 | * linux/fs/nfs/callback.c | |
4 | * | |
5 | * Copyright (C) 2004 Trond Myklebust | |
6 | * | |
7 | * NFSv4 callback handling | |
8 | */ | |
9 | ||
1da177e4 LT |
10 | #include <linux/completion.h> |
11 | #include <linux/ip.h> | |
12 | #include <linux/module.h> | |
3f07c014 | 13 | #include <linux/sched/signal.h> |
1da177e4 LT |
14 | #include <linux/sunrpc/svc.h> |
15 | #include <linux/sunrpc/svcsock.h> | |
16 | #include <linux/nfs_fs.h> | |
758201e2 | 17 | #include <linux/errno.h> |
353ab6e9 | 18 | #include <linux/mutex.h> |
83144186 | 19 | #include <linux/freezer.h> |
a277e33c | 20 | #include <linux/kthread.h> |
945b34a7 | 21 | #include <linux/sunrpc/svcauth_gss.h> |
a43cde94 | 22 | #include <linux/sunrpc/bc_xprt.h> |
14c85021 ACM |
23 | |
24 | #include <net/inet_sock.h> | |
25 | ||
4ce79717 | 26 | #include "nfs4_fs.h" |
1da177e4 | 27 | #include "callback.h" |
24c8dbbb | 28 | #include "internal.h" |
bbe0a3aa | 29 | #include "netns.h" |
1da177e4 LT |
30 | |
31 | #define NFSDBG_FACILITY NFSDBG_CALLBACK | |
32 | ||
33 | struct nfs_callback_data { | |
34 | unsigned int users; | |
a43cde94 | 35 | struct svc_serv *serv; |
1da177e4 LT |
36 | }; |
37 | ||
e82dc22d | 38 | static struct nfs_callback_data nfs_callback_info[NFS4_MAX_MINOR_VERSION + 1]; |
353ab6e9 | 39 | static DEFINE_MUTEX(nfs_callback_mutex); |
1da177e4 LT |
40 | static struct svc_program nfs4_callback_program; |
41 | ||
c946556b SK |
42 | static int nfs4_callback_up_net(struct svc_serv *serv, struct net *net) |
43 | { | |
4df493a2 | 44 | const struct cred *cred = current_cred(); |
c946556b | 45 | int ret; |
bbe0a3aa | 46 | struct nfs_net *nn = net_generic(net, nfs_net_id); |
c946556b | 47 | |
352ad314 CL |
48 | ret = svc_xprt_create(serv, "tcp", net, PF_INET, |
49 | nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS, | |
50 | cred); | |
c946556b SK |
51 | if (ret <= 0) |
52 | goto out_err; | |
bbe0a3aa | 53 | nn->nfs_callback_tcpport = ret; |
e4949e4b VA |
54 | dprintk("NFS: Callback listener port = %u (af %u, net %x)\n", |
55 | nn->nfs_callback_tcpport, PF_INET, net->ns.inum); | |
c946556b | 56 | |
352ad314 CL |
57 | ret = svc_xprt_create(serv, "tcp", net, PF_INET6, |
58 | nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS, | |
59 | cred); | |
c946556b | 60 | if (ret > 0) { |
29dcc16a | 61 | nn->nfs_callback_tcpport6 = ret; |
91bd2ffa | 62 | dprintk("NFS: Callback listener port = %u (af %u, net %x)\n", |
e4949e4b | 63 | nn->nfs_callback_tcpport6, PF_INET6, net->ns.inum); |
c946556b SK |
64 | } else if (ret != -EAFNOSUPPORT) |
65 | goto out_err; | |
66 | return 0; | |
67 | ||
68 | out_err: | |
69 | return (ret) ? ret : -ENOMEM; | |
70 | } | |
71 | ||
1da177e4 | 72 | /* |
e82dc22d | 73 | * This is the NFSv4 callback kernel thread. |
1da177e4 | 74 | */ |
a277e33c | 75 | static int |
71468513 | 76 | nfs4_callback_svc(void *vrqstp) |
1da177e4 | 77 | { |
5b444cc9 | 78 | int err; |
a277e33c | 79 | struct svc_rqst *rqstp = vrqstp; |
1da177e4 | 80 | |
83144186 | 81 | set_freezable(); |
1da177e4 | 82 | |
ed6473dd TM |
83 | while (!kthread_freezable_should_stop(NULL)) { |
84 | ||
85 | if (signal_pending(current)) | |
86 | flush_signals(current); | |
1da177e4 LT |
87 | /* |
88 | * Listen for a request on the socket | |
89 | */ | |
6fb2b47f | 90 | err = svc_recv(rqstp, MAX_SCHEDULE_TIMEOUT); |
5b444cc9 | 91 | if (err == -EAGAIN || err == -EINTR) |
1da177e4 | 92 | continue; |
6fb2b47f | 93 | svc_process(rqstp); |
1da177e4 | 94 | } |
ed6473dd | 95 | svc_exit_thread(rqstp); |
ca3574bd | 96 | module_put_and_kthread_exit(0); |
a277e33c | 97 | return 0; |
1da177e4 LT |
98 | } |
99 | ||
a43cde94 RL |
100 | #if defined(CONFIG_NFS_V4_1) |
101 | /* | |
102 | * The callback service for NFSv4.1 callbacks | |
103 | */ | |
104 | static int | |
105 | nfs41_callback_svc(void *vrqstp) | |
106 | { | |
107 | struct svc_rqst *rqstp = vrqstp; | |
108 | struct svc_serv *serv = rqstp->rq_server; | |
109 | struct rpc_rqst *req; | |
110 | int error; | |
111 | DEFINE_WAIT(wq); | |
112 | ||
113 | set_freezable(); | |
114 | ||
ed6473dd TM |
115 | while (!kthread_freezable_should_stop(NULL)) { |
116 | ||
117 | if (signal_pending(current)) | |
118 | flush_signals(current); | |
25d280aa | 119 | |
5d05e54a | 120 | prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); |
a43cde94 RL |
121 | spin_lock_bh(&serv->sv_cb_lock); |
122 | if (!list_empty(&serv->sv_cb_list)) { | |
123 | req = list_first_entry(&serv->sv_cb_list, | |
124 | struct rpc_rqst, rq_bc_list); | |
125 | list_del(&req->rq_bc_list); | |
126 | spin_unlock_bh(&serv->sv_cb_lock); | |
6ffa30d3 | 127 | finish_wait(&serv->sv_cb_waitq, &wq); |
a43cde94 RL |
128 | dprintk("Invoking bc_svc_process()\n"); |
129 | error = bc_svc_process(serv, req, rqstp); | |
130 | dprintk("bc_svc_process() returned w/ error code= %d\n", | |
131 | error); | |
132 | } else { | |
133 | spin_unlock_bh(&serv->sv_cb_lock); | |
ed6473dd TM |
134 | if (!kthread_should_stop()) |
135 | schedule(); | |
6ffa30d3 | 136 | finish_wait(&serv->sv_cb_waitq, &wq); |
a43cde94 | 137 | } |
a43cde94 | 138 | } |
ed6473dd | 139 | svc_exit_thread(rqstp); |
ca3574bd | 140 | module_put_and_kthread_exit(0); |
a43cde94 RL |
141 | return 0; |
142 | } | |
143 | ||
a43cde94 | 144 | static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt, |
691c457a | 145 | struct svc_serv *serv) |
a43cde94 RL |
146 | { |
147 | if (minorversion) | |
691c457a SK |
148 | /* |
149 | * Save the svc_serv in the transport so that it can | |
150 | * be referenced when the session backchannel is initialized | |
151 | */ | |
152 | xprt->bc_serv = serv; | |
a43cde94 RL |
153 | } |
154 | #else | |
a43cde94 | 155 | static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt, |
691c457a | 156 | struct svc_serv *serv) |
a43cde94 RL |
157 | { |
158 | } | |
159 | #endif /* CONFIG_NFS_V4_1 */ | |
160 | ||
8e246144 SK |
161 | static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, |
162 | struct svc_serv *serv) | |
163 | { | |
5405fc44 | 164 | int nrservs = nfs_callback_nr_threads; |
8e246144 | 165 | int ret; |
8e246144 SK |
166 | |
167 | nfs_callback_bc_serv(minorversion, xprt, serv); | |
168 | ||
5405fc44 TM |
169 | if (nrservs < NFS4_MIN_NR_CALLBACK_THREADS) |
170 | nrservs = NFS4_MIN_NR_CALLBACK_THREADS; | |
171 | ||
ec52361d | 172 | if (serv->sv_nrthreads == nrservs) |
23c20ecd SK |
173 | return 0; |
174 | ||
3ebdbe52 | 175 | ret = svc_set_num_threads(serv, NULL, nrservs); |
bb6aeba7 | 176 | if (ret) { |
3ebdbe52 | 177 | svc_set_num_threads(serv, NULL, 0); |
e9b7e917 | 178 | return ret; |
8e246144 SK |
179 | } |
180 | dprintk("nfs_callback_up: service started\n"); | |
181 | return 0; | |
182 | } | |
183 | ||
b3d19c51 SK |
184 | static void nfs_callback_down_net(u32 minorversion, struct svc_serv *serv, struct net *net) |
185 | { | |
186 | struct nfs_net *nn = net_generic(net, nfs_net_id); | |
187 | ||
188 | if (--nn->cb_users[minorversion]) | |
189 | return; | |
190 | ||
e4949e4b | 191 | dprintk("NFS: destroy per-net callback data; net=%x\n", net->ns.inum); |
b3d19c51 SK |
192 | svc_shutdown_net(serv, net); |
193 | } | |
194 | ||
76566773 CL |
195 | static int nfs_callback_up_net(int minorversion, struct svc_serv *serv, |
196 | struct net *net, struct rpc_xprt *xprt) | |
c946556b | 197 | { |
b3d19c51 | 198 | struct nfs_net *nn = net_generic(net, nfs_net_id); |
c946556b SK |
199 | int ret; |
200 | ||
b3d19c51 SK |
201 | if (nn->cb_users[minorversion]++) |
202 | return 0; | |
203 | ||
e4949e4b | 204 | dprintk("NFS: create per-net callback data; net=%x\n", net->ns.inum); |
c946556b SK |
205 | |
206 | ret = svc_bind(serv, net); | |
207 | if (ret < 0) { | |
208 | printk(KERN_WARNING "NFS: bind callback service failed\n"); | |
209 | goto err_bind; | |
210 | } | |
211 | ||
a289ce53 | 212 | ret = 0; |
d55b352b | 213 | if (!IS_ENABLED(CONFIG_NFS_V4_1) || minorversion == 0) |
76566773 | 214 | ret = nfs4_callback_up_net(serv, net); |
a289ce53 | 215 | else if (xprt->ops->bc_setup) |
0ad30ff6 | 216 | set_bc_enabled(serv); |
a289ce53 VA |
217 | else |
218 | ret = -EPROTONOSUPPORT; | |
c946556b SK |
219 | |
220 | if (ret < 0) { | |
221 | printk(KERN_ERR "NFS: callback service start failed\n"); | |
222 | goto err_socks; | |
223 | } | |
224 | return 0; | |
225 | ||
226 | err_socks: | |
227 | svc_rpcb_cleanup(serv, net); | |
228 | err_bind: | |
98b0f80c | 229 | nn->cb_users[minorversion]--; |
23c20ecd | 230 | dprintk("NFS: Couldn't create callback socket: err = %d; " |
e4949e4b | 231 | "net = %x\n", ret, net->ns.inum); |
c946556b SK |
232 | return ret; |
233 | } | |
234 | ||
afea5657 | 235 | static const struct svc_serv_ops nfs40_cb_sv_ops = { |
f4b52bb0 | 236 | .svo_function = nfs4_callback_svc, |
f4b52bb0 TM |
237 | .svo_module = THIS_MODULE, |
238 | }; | |
239 | #if defined(CONFIG_NFS_V4_1) | |
afea5657 | 240 | static const struct svc_serv_ops nfs41_cb_sv_ops = { |
f4b52bb0 | 241 | .svo_function = nfs41_callback_svc, |
f4b52bb0 | 242 | .svo_module = THIS_MODULE, |
ea126e74 JL |
243 | }; |
244 | ||
afea5657 | 245 | static const struct svc_serv_ops *nfs4_cb_sv_ops[] = { |
f4b52bb0 TM |
246 | [0] = &nfs40_cb_sv_ops, |
247 | [1] = &nfs41_cb_sv_ops, | |
248 | }; | |
249 | #else | |
afea5657 | 250 | static const struct svc_serv_ops *nfs4_cb_sv_ops[] = { |
f4b52bb0 TM |
251 | [0] = &nfs40_cb_sv_ops, |
252 | [1] = NULL, | |
253 | }; | |
254 | #endif | |
255 | ||
dd018428 SK |
256 | static struct svc_serv *nfs_callback_create_svc(int minorversion) |
257 | { | |
258 | struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; | |
afea5657 | 259 | const struct svc_serv_ops *sv_ops; |
dd018428 SK |
260 | struct svc_serv *serv; |
261 | ||
262 | /* | |
263 | * Check whether we're already up and running. | |
264 | */ | |
df5e49c8 | 265 | if (cb_info->serv) |
df5e49c8 | 266 | return svc_get(cb_info->serv); |
dd018428 | 267 | |
f4b52bb0 TM |
268 | switch (minorversion) { |
269 | case 0: | |
270 | sv_ops = nfs4_cb_sv_ops[0]; | |
271 | break; | |
272 | default: | |
273 | sv_ops = nfs4_cb_sv_ops[1]; | |
274 | } | |
275 | ||
276 | if (sv_ops == NULL) | |
277 | return ERR_PTR(-ENOTSUPP); | |
278 | ||
dd018428 SK |
279 | /* |
280 | * Sanity check: if there's no task, | |
281 | * we should be the first user ... | |
282 | */ | |
283 | if (cb_info->users) | |
284 | printk(KERN_WARNING "nfs_callback_create_svc: no kthread, %d users??\n", | |
285 | cb_info->users); | |
286 | ||
23a1a573 | 287 | serv = svc_create(&nfs4_callback_program, NFS4_CALLBACK_BUFSIZE, sv_ops); |
dd018428 SK |
288 | if (!serv) { |
289 | printk(KERN_ERR "nfs_callback_create_svc: create service failed\n"); | |
290 | return ERR_PTR(-ENOMEM); | |
291 | } | |
3b01c11e | 292 | cb_info->serv = serv; |
dd018428 SK |
293 | /* As there is only one thread we need to over-ride the |
294 | * default maximum of 80 connections | |
295 | */ | |
296 | serv->sv_maxconn = 1024; | |
297 | dprintk("nfs_callback_create_svc: service created\n"); | |
298 | return serv; | |
299 | } | |
300 | ||
71468513 BH |
301 | /* |
302 | * Bring up the callback thread if it is not already up. | |
303 | */ | |
304 | int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt) | |
305 | { | |
dd018428 | 306 | struct svc_serv *serv; |
e82dc22d | 307 | struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; |
23c20ecd | 308 | int ret; |
c946556b | 309 | struct net *net = xprt->xprt_net; |
71468513 BH |
310 | |
311 | mutex_lock(&nfs_callback_mutex); | |
dd018428 SK |
312 | |
313 | serv = nfs_callback_create_svc(minorversion); | |
314 | if (IS_ERR(serv)) { | |
315 | ret = PTR_ERR(serv); | |
316 | goto err_create; | |
317 | } | |
318 | ||
76566773 | 319 | ret = nfs_callback_up_net(minorversion, serv, net, xprt); |
c946556b SK |
320 | if (ret < 0) |
321 | goto err_net; | |
9793f7c8 | 322 | |
8e246144 SK |
323 | ret = nfs_callback_start_svc(minorversion, xprt, serv); |
324 | if (ret < 0) | |
325 | goto err_start; | |
a277e33c | 326 | |
23c20ecd | 327 | cb_info->users++; |
23c20ecd | 328 | err_net: |
3b01c11e TM |
329 | if (!cb_info->users) |
330 | cb_info->serv = NULL; | |
8c62d127 | 331 | svc_put(serv); |
dd018428 | 332 | err_create: |
353ab6e9 | 333 | mutex_unlock(&nfs_callback_mutex); |
1da177e4 | 334 | return ret; |
8e246144 SK |
335 | |
336 | err_start: | |
b3d19c51 | 337 | nfs_callback_down_net(minorversion, serv, net); |
23c20ecd SK |
338 | dprintk("NFS: Couldn't create server thread; err = %d\n", ret); |
339 | goto err_net; | |
1da177e4 LT |
340 | } |
341 | ||
342 | /* | |
5afc597c | 343 | * Kill the callback thread if it's no longer being used. |
1da177e4 | 344 | */ |
c8ceb412 | 345 | void nfs_callback_down(int minorversion, struct net *net) |
1da177e4 | 346 | { |
e82dc22d | 347 | struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; |
bb6aeba7 | 348 | struct svc_serv *serv; |
e82dc22d | 349 | |
353ab6e9 | 350 | mutex_lock(&nfs_callback_mutex); |
bb6aeba7 TM |
351 | serv = cb_info->serv; |
352 | nfs_callback_down_net(minorversion, serv, net); | |
e82dc22d | 353 | cb_info->users--; |
3b01c11e | 354 | if (cb_info->users == 0) { |
bb6aeba7 | 355 | svc_get(serv); |
3ebdbe52 | 356 | svc_set_num_threads(serv, NULL, 0); |
8c62d127 | 357 | svc_put(serv); |
1dc42e04 | 358 | dprintk("nfs_callback_down: service destroyed\n"); |
e82dc22d | 359 | cb_info->serv = NULL; |
5afc597c | 360 | } |
353ab6e9 | 361 | mutex_unlock(&nfs_callback_mutex); |
1da177e4 LT |
362 | } |
363 | ||
778be232 AA |
364 | /* Boolean check of RPC_AUTH_GSS principal */ |
365 | int | |
366 | check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp) | |
945b34a7 | 367 | { |
03a4e1f6 | 368 | char *p = rqstp->rq_cred.cr_principal; |
945b34a7 | 369 | |
778be232 AA |
370 | if (rqstp->rq_authop->flavour != RPC_AUTH_GSS) |
371 | return 1; | |
372 | ||
ece0de63 AA |
373 | /* No RPC_AUTH_GSS on NFSv4.1 back channel yet */ |
374 | if (clp->cl_minorversion != 0) | |
778be232 | 375 | return 0; |
945b34a7 OK |
376 | /* |
377 | * It might just be a normal user principal, in which case | |
378 | * userspace won't bother to tell us the name at all. | |
379 | */ | |
380 | if (p == NULL) | |
778be232 | 381 | return 0; |
945b34a7 | 382 | |
f11b2a1c JL |
383 | /* |
384 | * Did we get the acceptor from userland during the SETCLIENID | |
385 | * negotiation? | |
386 | */ | |
387 | if (clp->cl_acceptor) | |
388 | return !strcmp(p, clp->cl_acceptor); | |
389 | ||
390 | /* | |
391 | * Otherwise try to verify it using the cl_hostname. Note that this | |
392 | * doesn't work if a non-canonical hostname was used in the devname. | |
393 | */ | |
394 | ||
945b34a7 OK |
395 | /* Expect a GSS_C_NT_HOSTBASED_NAME like "nfs@serverhostname" */ |
396 | ||
397 | if (memcmp(p, "nfs@", 4) != 0) | |
778be232 | 398 | return 0; |
945b34a7 | 399 | p += 4; |
4e0038b6 | 400 | if (strcmp(p, clp->cl_hostname) != 0) |
778be232 AA |
401 | return 0; |
402 | return 1; | |
945b34a7 OK |
403 | } |
404 | ||
778be232 AA |
405 | /* |
406 | * pg_authenticate method for nfsv4 callback threads. | |
407 | * | |
408 | * The authflavor has been negotiated, so an incorrect flavor is a server | |
6f02dc88 | 409 | * bug. Deny packets with incorrect authflavor. |
778be232 AA |
410 | * |
411 | * All other checking done after NFS decoding where the nfs_client can be | |
412 | * found in nfs4_callback_compound | |
413 | */ | |
1da177e4 LT |
414 | static int nfs_callback_authenticate(struct svc_rqst *rqstp) |
415 | { | |
5c2465df CL |
416 | rqstp->rq_auth_stat = rpc_autherr_badcred; |
417 | ||
1da177e4 | 418 | switch (rqstp->rq_authop->flavour) { |
778be232 AA |
419 | case RPC_AUTH_NULL: |
420 | if (rqstp->rq_proc != CB_NULL) | |
6f02dc88 | 421 | return SVC_DENIED; |
778be232 AA |
422 | break; |
423 | case RPC_AUTH_GSS: | |
424 | /* No RPC_AUTH_GSS support yet in NFSv4.1 */ | |
425 | if (svc_is_backchannel(rqstp)) | |
6f02dc88 | 426 | return SVC_DENIED; |
1da177e4 | 427 | } |
5c2465df CL |
428 | |
429 | rqstp->rq_auth_stat = rpc_auth_ok; | |
778be232 | 430 | return SVC_OK; |
1da177e4 LT |
431 | } |
432 | ||
433 | /* | |
434 | * Define NFS4 callback program | |
435 | */ | |
e9679189 | 436 | static const struct svc_version *nfs4_callback_version[] = { |
1da177e4 | 437 | [1] = &nfs4_callback_version1, |
07bccc2d | 438 | [4] = &nfs4_callback_version4, |
1da177e4 LT |
439 | }; |
440 | ||
441 | static struct svc_stat nfs4_callback_stats; | |
442 | ||
443 | static struct svc_program nfs4_callback_program = { | |
444 | .pg_prog = NFS4_CALLBACK, /* RPC service number */ | |
445 | .pg_nvers = ARRAY_SIZE(nfs4_callback_version), /* Number of entries */ | |
446 | .pg_vers = nfs4_callback_version, /* version table */ | |
447 | .pg_name = "NFSv4 callback", /* service name */ | |
448 | .pg_class = "nfs", /* authentication class */ | |
449 | .pg_stats = &nfs4_callback_stats, | |
450 | .pg_authenticate = nfs_callback_authenticate, | |
8e5b6773 | 451 | .pg_init_request = svc_generic_init_request, |
642ee6b2 | 452 | .pg_rpcbind_set = svc_generic_rpcbind_set, |
1da177e4 | 453 | }; |