[linux-block.git] / fs / nfs / callback.c

// SPDX-License-Identifier: GPL-2.0
/*
 * linux/fs/nfs/callback.c
 *
 * Copyright (C) 2004 Trond Myklebust
 *
 * NFSv4 callback handling
 */

#include <linux/completion.h>
#include <linux/ip.h>
#include <linux/module.h>
#include <linux/sched/signal.h>
#include <linux/sunrpc/svc.h>
#include <linux/sunrpc/svcsock.h>
#include <linux/nfs_fs.h>
#include <linux/errno.h>
#include <linux/mutex.h>
#include <linux/freezer.h>
#include <linux/kthread.h>
#include <linux/sunrpc/svcauth_gss.h>
#include <linux/sunrpc/bc_xprt.h>

#include <net/inet_sock.h>

#include "nfs4_fs.h"
#include "callback.h"
#include "internal.h"
#include "netns.h"

#define NFSDBG_FACILITY NFSDBG_CALLBACK

struct nfs_callback_data {
	unsigned int users;
	struct svc_serv *serv;
};

static struct nfs_callback_data nfs_callback_info[NFS4_MAX_MINOR_VERSION + 1];
static DEFINE_MUTEX(nfs_callback_mutex);
static struct svc_program nfs4_callback_program;

static int nfs4_callback_up_net(struct svc_serv *serv, struct net *net)
{
	const struct cred *cred = current_cred();
	int ret;
	struct nfs_net *nn = net_generic(net, nfs_net_id);

	ret = svc_xprt_create(serv, "tcp", net, PF_INET,
			      nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS,
			      cred);
	if (ret <= 0)
		goto out_err;
	nn->nfs_callback_tcpport = ret;
	dprintk("NFS: Callback listener port = %u (af %u, net %x)\n",
		nn->nfs_callback_tcpport, PF_INET, net->ns.inum);

	ret = svc_xprt_create(serv, "tcp", net, PF_INET6,
			      nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS,
			      cred);
	if (ret > 0) {
		nn->nfs_callback_tcpport6 = ret;
		dprintk("NFS: Callback listener port = %u (af %u, net %x)\n",
			nn->nfs_callback_tcpport6, PF_INET6, net->ns.inum);
	} else if (ret != -EAFNOSUPPORT)
		goto out_err;
	return 0;

out_err:
	return (ret) ? ret : -ENOMEM;
}

/*
 * This is the NFSv4 callback kernel thread.
 */
static int
nfs4_callback_svc(void *vrqstp)
{
	int err;
	struct svc_rqst *rqstp = vrqstp;

	set_freezable();

	while (!kthread_freezable_should_stop(NULL)) {

		if (signal_pending(current))
			flush_signals(current);
		/*
		 * Listen for a request on the socket
		 */
		err = svc_recv(rqstp, MAX_SCHEDULE_TIMEOUT);
		if (err == -EAGAIN || err == -EINTR)
			continue;
		svc_process(rqstp);
	}
	svc_exit_thread(rqstp);
	module_put_and_kthread_exit(0);
	return 0;
}

#if defined(CONFIG_NFS_V4_1)
/*
 * The callback service for NFSv4.1 callbacks
 */
static int
nfs41_callback_svc(void *vrqstp)
{
	struct svc_rqst *rqstp = vrqstp;
	struct svc_serv *serv = rqstp->rq_server;
	struct rpc_rqst *req;
	int error;
	DEFINE_WAIT(wq);

	set_freezable();

	while (!kthread_freezable_should_stop(NULL)) {

		if (signal_pending(current))
			flush_signals(current);

		prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
		spin_lock_bh(&serv->sv_cb_lock);
		if (!list_empty(&serv->sv_cb_list)) {
			req = list_first_entry(&serv->sv_cb_list,
					struct rpc_rqst, rq_bc_list);
			list_del(&req->rq_bc_list);
			spin_unlock_bh(&serv->sv_cb_lock);
			finish_wait(&serv->sv_cb_waitq, &wq);
			dprintk("Invoking bc_svc_process()\n");
			error = bc_svc_process(serv, req, rqstp);
			dprintk("bc_svc_process() returned w/ error code= %d\n",
				error);
		} else {
			spin_unlock_bh(&serv->sv_cb_lock);
			if (!kthread_should_stop())
				schedule();
			finish_wait(&serv->sv_cb_waitq, &wq);
		}
	}
	svc_exit_thread(rqstp);
	module_put_and_kthread_exit(0);
	return 0;
}

static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt,
		struct svc_serv *serv)
{
	if (minorversion)
		/*
		 * Save the svc_serv in the transport so that it can
		 * be referenced when the session backchannel is initialized
		 */
		xprt->bc_serv = serv;
}
#else
static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt,
		struct svc_serv *serv)
{
}
#endif /* CONFIG_NFS_V4_1 */

static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
				  struct svc_serv *serv)
{
	int nrservs = nfs_callback_nr_threads;
	int ret;

	nfs_callback_bc_serv(minorversion, xprt, serv);

	if (nrservs < NFS4_MIN_NR_CALLBACK_THREADS)
		nrservs = NFS4_MIN_NR_CALLBACK_THREADS;

	if (serv->sv_nrthreads == nrservs)
		return 0;

	ret = svc_set_num_threads(serv, NULL, nrservs);
	if (ret) {
		svc_set_num_threads(serv, NULL, 0);
		return ret;
	}
	dprintk("nfs_callback_up: service started\n");
	return 0;
}

static void nfs_callback_down_net(u32 minorversion, struct svc_serv *serv, struct net *net)
{
	struct nfs_net *nn = net_generic(net, nfs_net_id);

	if (--nn->cb_users[minorversion])
		return;

	dprintk("NFS: destroy per-net callback data; net=%x\n", net->ns.inum);
	svc_shutdown_net(serv, net);
}

static int nfs_callback_up_net(int minorversion, struct svc_serv *serv,
			       struct net *net, struct rpc_xprt *xprt)
{
	struct nfs_net *nn = net_generic(net, nfs_net_id);
	int ret;

	if (nn->cb_users[minorversion]++)
		return 0;

	dprintk("NFS: create per-net callback data; net=%x\n", net->ns.inum);

	ret = svc_bind(serv, net);
	if (ret < 0) {
		printk(KERN_WARNING "NFS: bind callback service failed\n");
		goto err_bind;
	}

	ret = 0;
	if (!IS_ENABLED(CONFIG_NFS_V4_1) || minorversion == 0)
		ret = nfs4_callback_up_net(serv, net);
	else if (xprt->ops->bc_setup)
		set_bc_enabled(serv);
	else
		ret = -EPROTONOSUPPORT;

	if (ret < 0) {
		printk(KERN_ERR "NFS: callback service start failed\n");
		goto err_socks;
	}
	return 0;

err_socks:
	svc_rpcb_cleanup(serv, net);
err_bind:
	nn->cb_users[minorversion]--;
	dprintk("NFS: Couldn't create callback socket: err = %d; "
			"net = %x\n", ret, net->ns.inum);
	return ret;
}

static const struct svc_serv_ops nfs40_cb_sv_ops = {
	.svo_function		= nfs4_callback_svc,
	.svo_module		= THIS_MODULE,
};
#if defined(CONFIG_NFS_V4_1)
static const struct svc_serv_ops nfs41_cb_sv_ops = {
	.svo_function		= nfs41_callback_svc,
	.svo_module		= THIS_MODULE,
};

static const struct svc_serv_ops *nfs4_cb_sv_ops[] = {
	[0] = &nfs40_cb_sv_ops,
	[1] = &nfs41_cb_sv_ops,
};
#else
static const struct svc_serv_ops *nfs4_cb_sv_ops[] = {
	[0] = &nfs40_cb_sv_ops,
	[1] = NULL,
};
#endif

static struct svc_serv *nfs_callback_create_svc(int minorversion)
{
	struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
	const struct svc_serv_ops *sv_ops;
	struct svc_serv *serv;

	/*
	 * Check whether we're already up and running.
	 */
	if (cb_info->serv)
		return svc_get(cb_info->serv);

	switch (minorversion) {
	case 0:
		sv_ops = nfs4_cb_sv_ops[0];
		break;
	default:
		sv_ops = nfs4_cb_sv_ops[1];
	}

	if (sv_ops == NULL)
		return ERR_PTR(-ENOTSUPP);

	/*
	 * Sanity check: if there's no task,
	 * we should be the first user ...
	 */
	if (cb_info->users)
		printk(KERN_WARNING "nfs_callback_create_svc: no kthread, %d users??\n",
			cb_info->users);

	serv = svc_create(&nfs4_callback_program, NFS4_CALLBACK_BUFSIZE, sv_ops);
	if (!serv) {
		printk(KERN_ERR "nfs_callback_create_svc: create service failed\n");
		return ERR_PTR(-ENOMEM);
	}
	cb_info->serv = serv;
	/* As there is only one thread we need to over-ride the
	 * default maximum of 80 connections
	 */
	serv->sv_maxconn = 1024;
	dprintk("nfs_callback_create_svc: service created\n");
	return serv;
}

/*
 * Bring up the callback thread if it is not already up.
 */
int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt)
{
	struct svc_serv *serv;
	struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
	int ret;
	struct net *net = xprt->xprt_net;

	mutex_lock(&nfs_callback_mutex);

	serv = nfs_callback_create_svc(minorversion);
	if (IS_ERR(serv)) {
		ret = PTR_ERR(serv);
		goto err_create;
	}

	ret = nfs_callback_up_net(minorversion, serv, net, xprt);
	if (ret < 0)
		goto err_net;

	ret = nfs_callback_start_svc(minorversion, xprt, serv);
	if (ret < 0)
		goto err_start;

	cb_info->users++;
err_net:
	if (!cb_info->users)
		cb_info->serv = NULL;
	svc_put(serv);
err_create:
	mutex_unlock(&nfs_callback_mutex);
	return ret;

err_start:
	nfs_callback_down_net(minorversion, serv, net);
	dprintk("NFS: Couldn't create server thread; err = %d\n", ret);
	goto err_net;
}

/*
 * Kill the callback thread if it's no longer being used.
 */
void nfs_callback_down(int minorversion, struct net *net)
{
	struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
	struct svc_serv *serv;

	mutex_lock(&nfs_callback_mutex);
	serv = cb_info->serv;
	nfs_callback_down_net(minorversion, serv, net);
	cb_info->users--;
	if (cb_info->users == 0) {
		svc_get(serv);
		svc_set_num_threads(serv, NULL, 0);
		svc_put(serv);
		dprintk("nfs_callback_down: service destroyed\n");
		cb_info->serv = NULL;
	}
	mutex_unlock(&nfs_callback_mutex);
}

/* Boolean check of RPC_AUTH_GSS principal */
int
check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp)
{
	char *p = rqstp->rq_cred.cr_principal;

	if (rqstp->rq_authop->flavour != RPC_AUTH_GSS)
		return 1;

	/* No RPC_AUTH_GSS on NFSv4.1 back channel yet */
	if (clp->cl_minorversion != 0)
		return 0;
	/*
	 * It might just be a normal user principal, in which case
	 * userspace won't bother to tell us the name at all.
	 */
	if (p == NULL)
		return 0;

	/*
	 * Did we get the acceptor from userland during the SETCLIENID
	 * negotiation?
	 */
	if (clp->cl_acceptor)
		return !strcmp(p, clp->cl_acceptor);

	/*
	 * Otherwise try to verify it using the cl_hostname. Note that this
	 * doesn't work if a non-canonical hostname was used in the devname.
	 */

	/* Expect a GSS_C_NT_HOSTBASED_NAME like "nfs@serverhostname" */

	if (memcmp(p, "nfs@", 4) != 0)
		return 0;
	p += 4;
	if (strcmp(p, clp->cl_hostname) != 0)
		return 0;
	return 1;
}

/*
 * pg_authenticate method for nfsv4 callback threads.
 *
 * The authflavor has been negotiated, so an incorrect flavor is a server
 * bug. Deny packets with incorrect authflavor.
 *
 * All other checking done after NFS decoding where the nfs_client can be
 * found in nfs4_callback_compound
 */
static int nfs_callback_authenticate(struct svc_rqst *rqstp)
{
	rqstp->rq_auth_stat = rpc_autherr_badcred;

	switch (rqstp->rq_authop->flavour) {
	case RPC_AUTH_NULL:
		if (rqstp->rq_proc != CB_NULL)
			return SVC_DENIED;
		break;
	case RPC_AUTH_GSS:
		/* No RPC_AUTH_GSS support yet in NFSv4.1 */
		 if (svc_is_backchannel(rqstp))
			return SVC_DENIED;
	}

	rqstp->rq_auth_stat = rpc_auth_ok;
	return SVC_OK;
}

/*
 * Define NFS4 callback program
 */
static const struct svc_version *nfs4_callback_version[] = {
	[1] = &nfs4_callback_version1,
	[4] = &nfs4_callback_version4,
};

static struct svc_stat nfs4_callback_stats;

static struct svc_program nfs4_callback_program = {
	.pg_prog = NFS4_CALLBACK,			/* RPC service number */
	.pg_nvers = ARRAY_SIZE(nfs4_callback_version),	/* Number of entries */
	.pg_vers = nfs4_callback_version,		/* version table */
	.pg_name = "NFSv4 callback",			/* service name */
	.pg_class = "nfs",				/* authentication class */
	.pg_stats = &nfs4_callback_stats,
	.pg_authenticate = nfs_callback_authenticate,
	.pg_init_request = svc_generic_init_request,
	.pg_rpcbind_set	= svc_generic_rpcbind_set,
};
Commit	Line	Data
b2441318	1	// SPDX-License-Identifier: GPL-2.0
1da177e4 LT	2	/*
	3	* linux/fs/nfs/callback.c
	4	*
	5	* Copyright (C) 2004 Trond Myklebust
	6	*
	7	* NFSv4 callback handling
	8	*/
	9
1da177e4 LT	10	#include <linux/completion.h>
	11	#include <linux/ip.h>
	12	#include <linux/module.h>
3f07c014	13	#include <linux/sched/signal.h>
1da177e4 LT	14	#include <linux/sunrpc/svc.h>
	15	#include <linux/sunrpc/svcsock.h>
	16	#include <linux/nfs_fs.h>
758201e2	17	#include <linux/errno.h>
353ab6e9	18	#include <linux/mutex.h>
83144186	19	#include <linux/freezer.h>
a277e33c	20	#include <linux/kthread.h>
945b34a7	21	#include <linux/sunrpc/svcauth_gss.h>
a43cde94	22	#include <linux/sunrpc/bc_xprt.h>
14c85021 ACM	23
	24	#include <net/inet_sock.h>
	25
4ce79717	26	#include "nfs4_fs.h"
1da177e4	27	#include "callback.h"
24c8dbbb	28	#include "internal.h"
bbe0a3aa	29	#include "netns.h"
1da177e4 LT	30
	31	#define NFSDBG_FACILITY NFSDBG_CALLBACK
	32
	33	struct nfs_callback_data {
	34	unsigned int users;
a43cde94	35	struct svc_serv *serv;
1da177e4 LT	36	};
1da177e4 LT	37
e82dc22d	38	static struct nfs_callback_data nfs_callback_info[NFS4_MAX_MINOR_VERSION + 1];
353ab6e9	39	static DEFINE_MUTEX(nfs_callback_mutex);
1da177e4 LT	40	static struct svc_program nfs4_callback_program;
1da177e4 LT	41
c946556b SK	42	static int nfs4_callback_up_net(struct svc_serv serv, struct net net)
c946556b SK	43	{
4df493a2	44	const struct cred *cred = current_cred();
c946556b	45	int ret;
bbe0a3aa	46	struct nfs_net *nn = net_generic(net, nfs_net_id);
c946556b	47
352ad314 CL	48	ret = svc_xprt_create(serv, "tcp", net, PF_INET,
	49	nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS,
	50	cred);
c946556b SK	51	if (ret <= 0)
c946556b SK	52	goto out_err;
bbe0a3aa	53	nn->nfs_callback_tcpport = ret;
e4949e4b VA	54	dprintk("NFS: Callback listener port = %u (af %u, net %x)\n",
e4949e4b VA	55	nn->nfs_callback_tcpport, PF_INET, net->ns.inum);
c946556b	56
352ad314 CL	57	ret = svc_xprt_create(serv, "tcp", net, PF_INET6,
	58	nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS,
	59	cred);
c946556b	60	if (ret > 0) {
29dcc16a	61	nn->nfs_callback_tcpport6 = ret;
91bd2ffa	62	dprintk("NFS: Callback listener port = %u (af %u, net %x)\n",
e4949e4b	63	nn->nfs_callback_tcpport6, PF_INET6, net->ns.inum);
c946556b SK	64	} else if (ret != -EAFNOSUPPORT)
	65	goto out_err;
	66	return 0;
	67
	68	out_err:
	69	return (ret) ? ret : -ENOMEM;
	70	}
	71
1da177e4	72	/*
e82dc22d	73	* This is the NFSv4 callback kernel thread.
1da177e4	74	*/
a277e33c	75	static int
71468513	76	nfs4_callback_svc(void *vrqstp)
1da177e4	77	{
5b444cc9	78	int err;
a277e33c	79	struct svc_rqst *rqstp = vrqstp;
1da177e4	80
83144186	81	set_freezable();
1da177e4	82
ed6473dd TM	83	while (!kthread_freezable_should_stop(NULL)) {
	84
	85	if (signal_pending(current))
	86	flush_signals(current);
1da177e4 LT	87	/*
	88	* Listen for a request on the socket
	89	*/
6fb2b47f	90	err = svc_recv(rqstp, MAX_SCHEDULE_TIMEOUT);
5b444cc9	91	if (err == -EAGAIN \|\| err == -EINTR)
1da177e4	92	continue;
6fb2b47f	93	svc_process(rqstp);
1da177e4	94	}
ed6473dd	95	svc_exit_thread(rqstp);
ca3574bd	96	module_put_and_kthread_exit(0);
a277e33c	97	return 0;
1da177e4 LT	98	}
1da177e4 LT	99
a43cde94 RL	100	#if defined(CONFIG_NFS_V4_1)
	101	/*
	102	* The callback service for NFSv4.1 callbacks
	103	*/
	104	static int
	105	nfs41_callback_svc(void *vrqstp)
	106	{
	107	struct svc_rqst *rqstp = vrqstp;
	108	struct svc_serv *serv = rqstp->rq_server;
	109	struct rpc_rqst *req;
	110	int error;
	111	DEFINE_WAIT(wq);
	112
	113	set_freezable();
	114
ed6473dd TM	115	while (!kthread_freezable_should_stop(NULL)) {
	116
	117	if (signal_pending(current))
	118	flush_signals(current);
25d280aa	119
5d05e54a	120	prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
a43cde94 RL	121	spin_lock_bh(&serv->sv_cb_lock);
	122	if (!list_empty(&serv->sv_cb_list)) {
	123	req = list_first_entry(&serv->sv_cb_list,
	124	struct rpc_rqst, rq_bc_list);
	125	list_del(&req->rq_bc_list);
	126	spin_unlock_bh(&serv->sv_cb_lock);
6ffa30d3	127	finish_wait(&serv->sv_cb_waitq, &wq);
a43cde94 RL	128	dprintk("Invoking bc_svc_process()\n");
	129	error = bc_svc_process(serv, req, rqstp);
	130	dprintk("bc_svc_process() returned w/ error code= %d\n",
	131	error);
	132	} else {
	133	spin_unlock_bh(&serv->sv_cb_lock);
ed6473dd TM	134	if (!kthread_should_stop())
ed6473dd TM	135	schedule();
6ffa30d3	136	finish_wait(&serv->sv_cb_waitq, &wq);
a43cde94	137	}
a43cde94	138	}
ed6473dd	139	svc_exit_thread(rqstp);
ca3574bd	140	module_put_and_kthread_exit(0);
a43cde94 RL	141	return 0;
	142	}
	143
a43cde94	144	static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt,
691c457a	145	struct svc_serv *serv)
a43cde94 RL	146	{
a43cde94 RL	147	if (minorversion)
691c457a SK	148	/*
	149	* Save the svc_serv in the transport so that it can
	150	* be referenced when the session backchannel is initialized
	151	*/
	152	xprt->bc_serv = serv;
a43cde94 RL	153	}
a43cde94 RL	154	#else
a43cde94	155	static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt,
691c457a	156	struct svc_serv *serv)
a43cde94 RL	157	{
	158	}
	159	#endif /* CONFIG_NFS_V4_1 */
	160
8e246144 SK	161	static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
	162	struct svc_serv *serv)
	163	{
5405fc44	164	int nrservs = nfs_callback_nr_threads;
8e246144	165	int ret;
8e246144 SK	166
	167	nfs_callback_bc_serv(minorversion, xprt, serv);
	168
5405fc44 TM	169	if (nrservs < NFS4_MIN_NR_CALLBACK_THREADS)
	170	nrservs = NFS4_MIN_NR_CALLBACK_THREADS;
	171
ec52361d	172	if (serv->sv_nrthreads == nrservs)
23c20ecd SK	173	return 0;
23c20ecd SK	174
3ebdbe52	175	ret = svc_set_num_threads(serv, NULL, nrservs);
bb6aeba7	176	if (ret) {
3ebdbe52	177	svc_set_num_threads(serv, NULL, 0);
e9b7e917	178	return ret;
8e246144 SK	179	}
	180	dprintk("nfs_callback_up: service started\n");
	181	return 0;
	182	}
	183
b3d19c51 SK	184	static void nfs_callback_down_net(u32 minorversion, struct svc_serv serv, struct net net)
	185	{
	186	struct nfs_net *nn = net_generic(net, nfs_net_id);
	187
	188	if (--nn->cb_users[minorversion])
	189	return;
	190
e4949e4b	191	dprintk("NFS: destroy per-net callback data; net=%x\n", net->ns.inum);
b3d19c51 SK	192	svc_shutdown_net(serv, net);
	193	}
	194
76566773 CL	195	static int nfs_callback_up_net(int minorversion, struct svc_serv *serv,
76566773 CL	196	struct net net, struct rpc_xprt xprt)
c946556b	197	{
b3d19c51	198	struct nfs_net *nn = net_generic(net, nfs_net_id);
c946556b SK	199	int ret;
c946556b SK	200
b3d19c51 SK	201	if (nn->cb_users[minorversion]++)
	202	return 0;
	203
e4949e4b	204	dprintk("NFS: create per-net callback data; net=%x\n", net->ns.inum);
c946556b SK	205
	206	ret = svc_bind(serv, net);
	207	if (ret < 0) {
	208	printk(KERN_WARNING "NFS: bind callback service failed\n");
	209	goto err_bind;
	210	}
	211
a289ce53	212	ret = 0;
d55b352b	213	if (!IS_ENABLED(CONFIG_NFS_V4_1) \|\| minorversion == 0)
76566773	214	ret = nfs4_callback_up_net(serv, net);
a289ce53	215	else if (xprt->ops->bc_setup)
0ad30ff6	216	set_bc_enabled(serv);
a289ce53 VA	217	else
a289ce53 VA	218	ret = -EPROTONOSUPPORT;
c946556b SK	219
	220	if (ret < 0) {
	221	printk(KERN_ERR "NFS: callback service start failed\n");
	222	goto err_socks;
	223	}
	224	return 0;
	225
	226	err_socks:
	227	svc_rpcb_cleanup(serv, net);
	228	err_bind:
98b0f80c	229	nn->cb_users[minorversion]--;
23c20ecd	230	dprintk("NFS: Couldn't create callback socket: err = %d; "
e4949e4b	231	"net = %x\n", ret, net->ns.inum);
c946556b SK	232	return ret;
	233	}
	234
afea5657	235	static const struct svc_serv_ops nfs40_cb_sv_ops = {
f4b52bb0	236	.svo_function = nfs4_callback_svc,
f4b52bb0 TM	237	.svo_module = THIS_MODULE,
	238	};
	239	#if defined(CONFIG_NFS_V4_1)
afea5657	240	static const struct svc_serv_ops nfs41_cb_sv_ops = {
f4b52bb0	241	.svo_function = nfs41_callback_svc,
f4b52bb0	242	.svo_module = THIS_MODULE,
ea126e74 JL	243	};
ea126e74 JL	244
afea5657	245	static const struct svc_serv_ops *nfs4_cb_sv_ops[] = {
f4b52bb0 TM	246	[0] = &nfs40_cb_sv_ops,
	247	[1] = &nfs41_cb_sv_ops,
	248	};
	249	#else
afea5657	250	static const struct svc_serv_ops *nfs4_cb_sv_ops[] = {
f4b52bb0 TM	251	[0] = &nfs40_cb_sv_ops,
	252	[1] = NULL,
	253	};
	254	#endif
	255
dd018428 SK	256	static struct svc_serv *nfs_callback_create_svc(int minorversion)
	257	{
	258	struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
afea5657	259	const struct svc_serv_ops *sv_ops;
dd018428 SK	260	struct svc_serv *serv;
	261
	262	/*
	263	* Check whether we're already up and running.
	264	*/
df5e49c8	265	if (cb_info->serv)
df5e49c8	266	return svc_get(cb_info->serv);
dd018428	267
f4b52bb0 TM	268	switch (minorversion) {
	269	case 0:
	270	sv_ops = nfs4_cb_sv_ops[0];
	271	break;
	272	default:
	273	sv_ops = nfs4_cb_sv_ops[1];
	274	}
	275
	276	if (sv_ops == NULL)
	277	return ERR_PTR(-ENOTSUPP);
	278
dd018428 SK	279	/*
	280	* Sanity check: if there's no task,
	281	* we should be the first user ...
	282	*/
	283	if (cb_info->users)
	284	printk(KERN_WARNING "nfs_callback_create_svc: no kthread, %d users??\n",
	285	cb_info->users);
	286
23a1a573	287	serv = svc_create(&nfs4_callback_program, NFS4_CALLBACK_BUFSIZE, sv_ops);
dd018428 SK	288	if (!serv) {
	289	printk(KERN_ERR "nfs_callback_create_svc: create service failed\n");
	290	return ERR_PTR(-ENOMEM);
	291	}
3b01c11e	292	cb_info->serv = serv;
dd018428 SK	293	/* As there is only one thread we need to over-ride the
	294	* default maximum of 80 connections
	295	*/
	296	serv->sv_maxconn = 1024;
	297	dprintk("nfs_callback_create_svc: service created\n");
	298	return serv;
	299	}
	300
71468513 BH	301	/*
	302	* Bring up the callback thread if it is not already up.
	303	*/
	304	int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt)
	305	{
dd018428	306	struct svc_serv *serv;
e82dc22d	307	struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
23c20ecd	308	int ret;
c946556b	309	struct net *net = xprt->xprt_net;
71468513 BH	310
71468513 BH	311	mutex_lock(&nfs_callback_mutex);
dd018428 SK	312
	313	serv = nfs_callback_create_svc(minorversion);
	314	if (IS_ERR(serv)) {
	315	ret = PTR_ERR(serv);
	316	goto err_create;
	317	}
	318
76566773	319	ret = nfs_callback_up_net(minorversion, serv, net, xprt);
c946556b SK	320	if (ret < 0)
c946556b SK	321	goto err_net;
9793f7c8	322
8e246144 SK	323	ret = nfs_callback_start_svc(minorversion, xprt, serv);
	324	if (ret < 0)
	325	goto err_start;
a277e33c	326
23c20ecd	327	cb_info->users++;
23c20ecd	328	err_net:
3b01c11e TM	329	if (!cb_info->users)
3b01c11e TM	330	cb_info->serv = NULL;
8c62d127	331	svc_put(serv);
dd018428	332	err_create:
353ab6e9	333	mutex_unlock(&nfs_callback_mutex);
1da177e4	334	return ret;
8e246144 SK	335
8e246144 SK	336	err_start:
b3d19c51	337	nfs_callback_down_net(minorversion, serv, net);
23c20ecd SK	338	dprintk("NFS: Couldn't create server thread; err = %d\n", ret);
23c20ecd SK	339	goto err_net;
1da177e4 LT	340	}
	341
	342	/*
5afc597c	343	* Kill the callback thread if it's no longer being used.
1da177e4	344	*/
c8ceb412	345	void nfs_callback_down(int minorversion, struct net *net)
1da177e4	346	{
e82dc22d	347	struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
bb6aeba7	348	struct svc_serv *serv;
e82dc22d	349
353ab6e9	350	mutex_lock(&nfs_callback_mutex);
bb6aeba7 TM	351	serv = cb_info->serv;
bb6aeba7 TM	352	nfs_callback_down_net(minorversion, serv, net);
e82dc22d	353	cb_info->users--;
3b01c11e	354	if (cb_info->users == 0) {
bb6aeba7	355	svc_get(serv);
3ebdbe52	356	svc_set_num_threads(serv, NULL, 0);
8c62d127	357	svc_put(serv);
1dc42e04	358	dprintk("nfs_callback_down: service destroyed\n");
e82dc22d	359	cb_info->serv = NULL;
5afc597c	360	}
353ab6e9	361	mutex_unlock(&nfs_callback_mutex);
1da177e4 LT	362	}
1da177e4 LT	363
778be232 AA	364	/* Boolean check of RPC_AUTH_GSS principal */
	365	int
	366	check_gss_callback_principal(struct nfs_client clp, struct svc_rqst rqstp)
945b34a7	367	{
03a4e1f6	368	char *p = rqstp->rq_cred.cr_principal;
945b34a7	369
778be232 AA	370	if (rqstp->rq_authop->flavour != RPC_AUTH_GSS)
	371	return 1;
	372
ece0de63 AA	373	/* No RPC_AUTH_GSS on NFSv4.1 back channel yet */
ece0de63 AA	374	if (clp->cl_minorversion != 0)
778be232	375	return 0;
945b34a7 OK	376	/*
	377	* It might just be a normal user principal, in which case
	378	* userspace won't bother to tell us the name at all.
	379	*/
	380	if (p == NULL)
778be232	381	return 0;
945b34a7	382
f11b2a1c JL	383	/*
	384	* Did we get the acceptor from userland during the SETCLIENID
	385	* negotiation?
	386	*/
	387	if (clp->cl_acceptor)
	388	return !strcmp(p, clp->cl_acceptor);
	389
	390	/*
	391	* Otherwise try to verify it using the cl_hostname. Note that this
	392	* doesn't work if a non-canonical hostname was used in the devname.
	393	*/
	394
945b34a7 OK	395	/* Expect a GSS_C_NT_HOSTBASED_NAME like "nfs@serverhostname" */
	396
	397	if (memcmp(p, "nfs@", 4) != 0)
778be232	398	return 0;
945b34a7	399	p += 4;
4e0038b6	400	if (strcmp(p, clp->cl_hostname) != 0)
778be232 AA	401	return 0;
778be232 AA	402	return 1;
945b34a7 OK	403	}
945b34a7 OK	404
778be232 AA	405	/*
	406	* pg_authenticate method for nfsv4 callback threads.
	407	*
	408	* The authflavor has been negotiated, so an incorrect flavor is a server
6f02dc88	409	* bug. Deny packets with incorrect authflavor.
778be232 AA	410	*
	411	* All other checking done after NFS decoding where the nfs_client can be
	412	* found in nfs4_callback_compound
	413	*/
1da177e4 LT	414	static int nfs_callback_authenticate(struct svc_rqst *rqstp)
1da177e4 LT	415	{
5c2465df CL	416	rqstp->rq_auth_stat = rpc_autherr_badcred;
5c2465df CL	417
1da177e4	418	switch (rqstp->rq_authop->flavour) {
778be232 AA	419	case RPC_AUTH_NULL:
778be232 AA	420	if (rqstp->rq_proc != CB_NULL)
6f02dc88	421	return SVC_DENIED;
778be232 AA	422	break;
	423	case RPC_AUTH_GSS:
	424	/* No RPC_AUTH_GSS support yet in NFSv4.1 */
	425	if (svc_is_backchannel(rqstp))
6f02dc88	426	return SVC_DENIED;
1da177e4	427	}
5c2465df CL	428
5c2465df CL	429	rqstp->rq_auth_stat = rpc_auth_ok;
778be232	430	return SVC_OK;
1da177e4 LT	431	}
	432
	433	/*
	434	* Define NFS4 callback program
	435	*/
e9679189	436	static const struct svc_version *nfs4_callback_version[] = {
1da177e4	437	[1] = &nfs4_callback_version1,
07bccc2d	438	[4] = &nfs4_callback_version4,
1da177e4 LT	439	};
	440
	441	static struct svc_stat nfs4_callback_stats;
	442
	443	static struct svc_program nfs4_callback_program = {
	444	.pg_prog = NFS4_CALLBACK, /* RPC service number */
	445	.pg_nvers = ARRAY_SIZE(nfs4_callback_version), /* Number of entries */
	446	.pg_vers = nfs4_callback_version, /* version table */
	447	.pg_name = "NFSv4 callback", /* service name */
	448	.pg_class = "nfs", /* authentication class */
	449	.pg_stats = &nfs4_callback_stats,
	450	.pg_authenticate = nfs_callback_authenticate,
8e5b6773	451	.pg_init_request = svc_generic_init_request,
642ee6b2	452	.pg_rpcbind_set = svc_generic_rpcbind_set,
1da177e4	453	};