NFS: Have struct nfs_client carry a TLS policy field

author Chuck Lever <chuck.lever@oracle.com>

Wed, 7 Jun 2023 13:59:42 +0000 (09:59 -0400)

committer Trond Myklebust <trond.myklebust@hammerspace.com>

Mon, 19 Jun 2023 16:29:23 +0000 (12:29 -0400)
author Chuck Lever <chuck.lever@oracle.com>
Wed, 7 Jun 2023 13:59:42 +0000 (09:59 -0400)
committer Trond Myklebust <trond.myklebust@hammerspace.com>
Mon, 19 Jun 2023 16:29:23 +0000 (12:29 -0400)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c

index f50e025ae40640f14e3d79771c576f6ea1a8246f..9bfdade0f6e63347372d1da3cbe5baa0c1adbf9c 100644 (file)
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -184,6 +184,7 @@ struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_init)
         clp->cl_net = get_net(cl_init->net);
  
         clp->cl_principal = "*";
+       clp->cl_xprtsec = cl_init->xprtsec;
         return clp;
  
  error_cleanup:
@@ -326,6 +327,10 @@ again:
                                                            sap))
                                 continue;
  
+               /* Match the xprt security policy */
+               if (clp->cl_xprtsec.policy != data->xprtsec.policy)
+                       continue;
+
                 refcount_inc(&clp->cl_count);
                 return clp;
         }
@@ -675,6 +680,9 @@ static int nfs_init_server(struct nfs_server *server,
                 .cred = server->cred,
                 .nconnect = ctx->nfs_server.nconnect,
                 .init_flags = (1UL << NFS_CS_REUSEPORT),
+               .xprtsec = {
+                       .policy = RPC_XPRTSEC_NONE,
+               },
         };
         struct nfs_client *clp;
         int error;
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h

index 3cc027d3bd588a0631be6b3ee4efd057ccc8dfa1..5c986c0d3cceea846b56d1313720dc78a89cf893 100644 (file)
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -81,6 +81,7 @@ struct nfs_client_initdata {
         struct net *net;
         const struct rpc_timeout *timeparms;
         const struct cred *cred;
+       struct xprtsec_parms xprtsec;
  };
  
  /*
diff --git a/fs/nfs/nfs3client.c b/fs/nfs/nfs3client.c

index 669cda757a5cec083948ab07ece258b50eb4ddd6..8fa187a9c46dcfe6f98f57539aa3612df8f562c9 100644 (file)
--- a/fs/nfs/nfs3client.c
+++ b/fs/nfs/nfs3client.c
@@ -93,6 +93,7 @@ struct nfs_client *nfs3_set_ds_client(struct nfs_server *mds_srv,
                 .net = mds_clp->cl_net,
                 .timeparms = &ds_timeout,
                 .cred = mds_srv->cred,
+               .xprtsec = mds_clp->cl_xprtsec,
         };
         struct nfs_client *clp;
         char buf[INET6_ADDRSTRLEN + 1];
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c

index d3051b051a5640d98827f1fb246fb65dd8499086..75ed8354576be6e7f0523aaee49754691255a20c 100644 (file)
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -896,7 +896,8 @@ static int nfs4_set_client(struct nfs_server *server,
                 int proto, const struct rpc_timeout *timeparms,
                 u32 minorversion, unsigned int nconnect,
                 unsigned int max_connect,
-               struct net *net)
+               struct net *net,
+               struct xprtsec_parms *xprtsec)
  {
         struct nfs_client_initdata cl_init = {
                 .hostname = hostname,
@@ -909,6 +910,7 @@ static int nfs4_set_client(struct nfs_server *server,
                 .net = net,
                 .timeparms = timeparms,
                 .cred = server->cred,
+               .xprtsec = *xprtsec,
         };
         struct nfs_client *clp;
  
@@ -978,6 +980,7 @@ struct nfs_client *nfs4_set_ds_client(struct nfs_server *mds_srv,
                 .net = mds_clp->cl_net,
                 .timeparms = &ds_timeout,
                 .cred = mds_srv->cred,
+               .xprtsec = mds_srv->nfs_client->cl_xprtsec,
         };
         char buf[INET6_ADDRSTRLEN + 1];
  
@@ -1127,6 +1130,9 @@ out:
  static int nfs4_init_server(struct nfs_server *server, struct fs_context *fc)
  {
         struct nfs_fs_context *ctx = nfs_fc2context(fc);
+       struct xprtsec_parms xprtsec = {
+               .policy         = RPC_XPRTSEC_NONE,
+       };
         struct rpc_timeout timeparms;
         int error;
  
@@ -1157,7 +1163,8 @@ static int nfs4_init_server(struct nfs_server *server, struct fs_context *fc)
                                 ctx->minorversion,
                                 ctx->nfs_server.nconnect,
                                 ctx->nfs_server.max_connect,
-                               fc->net_ns);
+                               fc->net_ns,
+                               &xprtsec);
         if (error < 0)
                 return error;
  
@@ -1247,7 +1254,8 @@ struct nfs_server *nfs4_create_referral_server(struct fs_context *fc)
                                 parent_client->cl_mvops->minor_version,
                                 parent_client->cl_nconnect,
                                 parent_client->cl_max_connect,
-                               parent_client->cl_net);
+                               parent_client->cl_net,
+                               &parent_client->cl_xprtsec);
         if (!error)
                 goto init_server;
  #endif /* IS_ENABLED(CONFIG_SUNRPC_XPRT_RDMA) */
@@ -1263,7 +1271,8 @@ struct nfs_server *nfs4_create_referral_server(struct fs_context *fc)
                                 parent_client->cl_mvops->minor_version,
                                 parent_client->cl_nconnect,
                                 parent_client->cl_max_connect,
-                               parent_client->cl_net);
+                               parent_client->cl_net,
+                               &parent_client->cl_xprtsec);
         if (error < 0)
                 goto error;
  
@@ -1336,7 +1345,8 @@ int nfs4_update_server(struct nfs_server *server, const char *hostname,
         error = nfs4_set_client(server, hostname, sap, salen, buf,
                                 clp->cl_proto, clnt->cl_timeout,
                                 clp->cl_minorversion,
-                               clp->cl_nconnect, clp->cl_max_connect, net);
+                               clp->cl_nconnect, clp->cl_max_connect,
+                               net, &clp->cl_xprtsec);
         clear_bit(NFS_MIG_TSM_POSSIBLE, &server->mig_status);
         if (error != 0) {
                 nfs_server_insert_lists(server);
diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h

index ea2f7e6b1b0b58e49f4ec8e5f63155ee766eef0b..fa5a592de7980d83f2cd6ad273fd3b0dff9a62a8 100644 (file)
--- a/include/linux/nfs_fs_sb.h
+++ b/include/linux/nfs_fs_sb.h
@@ -63,7 +63,8 @@ struct nfs_client {
         u32                     cl_minorversion;/* NFSv4 minorversion */
         unsigned int            cl_nconnect;    /* Number of connections */
         unsigned int            cl_max_connect; /* max number of xprts allowed */
-       const char *            cl_principal;  /* used for machine cred */
+       const char *            cl_principal;   /* used for machine cred */
+       struct xprtsec_parms    cl_xprtsec;     /* xprt security policy */
  
  #if IS_ENABLED(CONFIG_NFS_V4)
         struct list_head        cl_ds_clients; /* auth flavor data servers */
author	Chuck Lever <chuck.lever@oracle.com>
	Wed, 7 Jun 2023 13:59:42 +0000 (09:59 -0400)
committer	Trond Myklebust <trond.myklebust@hammerspace.com>
	Mon, 19 Jun 2023 16:29:23 +0000 (12:29 -0400)
fs/nfs/client.c		patch \| blob \| blame \| history
fs/nfs/internal.h		patch \| blob \| blame \| history
fs/nfs/nfs3client.c		patch \| blob \| blame \| history
fs/nfs/nfs4client.c		patch \| blob \| blame \| history
include/linux/nfs_fs_sb.h		patch \| blob \| blame \| history