Add new upstream NFS id mapping patches from Steve Dickson

2012-02-08 08:48:02 -05:00 · 2012-02-08 08:48:02 -05:00 · a0668fa819
commit a0668fa819
parent 32e0cc2b97
4 changed files with 361 additions and 0 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -718,6 +718,9 @@ Patch2901: linux-2.6-v4l-dvb-experimental.patch

 # NFSv4
 Patch1101: linux-3.1-keys-remove-special-keyring.patch
+Patch1102: linux-3.3-newidmapper-01.patch
+Patch1103: linux-3.3-newidmapper-02.patch
+Patch1104: linux-3.3-newidmapper-03.patch

 # patches headed upstream
 Patch12016: disable-i8042-check-on-apple-mac.patch
@ -1327,6 +1330,9 @@ ApplyPatch arm-smsc-support-reading-mac-address-from-device-tree.patch

 # NFSv4
 ApplyPatch linux-3.1-keys-remove-special-keyring.patch
+ApplyPatch linux-3.3-newidmapper-01.patch
+ApplyPatch linux-3.3-newidmapper-02.patch
+ApplyPatch linux-3.3-newidmapper-03.patch

 # USB

@ -2313,6 +2319,7 @@ fi
 * Wed Feb 08 2012 Josh Boyer <jwboyer@redhat.com>
 - CVE-2011-4086 jbd2: unmapped buffer with _Unwritten or _Delay flags set can
  lead to DoS (rhbz 788260)
+- Add new upstream NFS id mapping patches from Steve Dickson

 * Tue Feb 07 2012 Josh Boyer <jwboyer@redhat.com>
 - Linux 3.3-rc2-git6 (upstream 6bd113f1f4a8c0d05c4dbadb300319e0e3526db4)
--- a/linux-3.3-newidmapper-01.patch
+++ b/linux-3.3-newidmapper-01.patch
@ -0,0 +1,217 @@
+commit e6499c6f4b5f56a16f8b8ef60529c1da28b13aea
+Author: Bryan Schumaker <bjschuma@netapp.com>
+Date:   Thu Jan 26 16:54:23 2012 -0500
+
+    NFS: Fall back on old idmapper if request_key() fails
+    
+    This patch removes the CONFIG_NFS_USE_NEW_IDMAPPER compile option.
+    First, the idmapper will attempt to map the id using /sbin/request-key
+    and nfsidmap.  If this fails (if /etc/request-key.conf is not configured
+    properly) then the idmapper will call the legacy code to perform the
+    mapping.  I left a comment stating where the legacy code begins to make
+    it easier for somebody to remove in the future.
+    
+    Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
+    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+diff -up linux-3.2.noarch/fs/nfs/idmap.c.orig linux-3.2.noarch/fs/nfs/idmap.c
+--- linux-3.2.noarch/fs/nfs/idmap.c.orig	2012-01-27 10:07:07.209851446 -0500
+++ linux-3.2.noarch/fs/nfs/idmap.c	2012-01-27 10:15:42.914563082 -0500
+@@ -142,8 +142,6 @@ static int nfs_map_numeric_to_string(__u
+ 	return snprintf(buf, buflen, "%u", id);
+ }
+ 
+-#ifdef CONFIG_NFS_USE_NEW_IDMAPPER
+-
+ #include <linux/cred.h>
+ #include <linux/sunrpc/sched.h>
+ #include <linux/nfs4.h>
+@@ -328,43 +326,7 @@ static int nfs_idmap_lookup_id(const cha
+ 	return ret;
+ }
+ 
+-int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid)
+-{
+-	if (nfs_map_string_to_numeric(name, namelen, uid))
+-		return 0;
+-	return nfs_idmap_lookup_id(name, namelen, "uid", uid);
+-}
+-
+-int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *gid)
+-{
+-	if (nfs_map_string_to_numeric(name, namelen, gid))
+-		return 0;
+-	return nfs_idmap_lookup_id(name, namelen, "gid", gid);
+-}
+-
+-int nfs_map_uid_to_name(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen)
+-{
+-	int ret = -EINVAL;
+-
+-	if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
+-		ret = nfs_idmap_lookup_name(uid, "user", buf, buflen);
+-	if (ret < 0)
+-		ret = nfs_map_numeric_to_string(uid, buf, buflen);
+-	return ret;
+-}
+-int nfs_map_gid_to_group(const struct nfs_server *server, __u32 gid, char *buf, size_t buflen)
+-{
+-	int ret = -EINVAL;
+-
+-	if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
+-		ret = nfs_idmap_lookup_name(gid, "group", buf, buflen);
+-	if (ret < 0)
+-		ret = nfs_map_numeric_to_string(gid, buf, buflen);
+-	return ret;
+-}
+-
+-#else  /* CONFIG_NFS_USE_NEW_IDMAPPER not defined */
+-
+/* idmap classic begins here */
+ #include <linux/module.h>
+ #include <linux/mutex.h>
+ #include <linux/init.h>
+@@ -796,19 +758,27 @@ static unsigned int fnvhash32(const void
+ int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid)
+ {
+ 	struct idmap *idmap = server->nfs_client->cl_idmap;
+	int ret = -EINVAL;
+ 
+ 	if (nfs_map_string_to_numeric(name, namelen, uid))
+ 		return 0;
+-	return nfs_idmap_id(idmap, &idmap->idmap_user_hash, name, namelen, uid);
+	ret = nfs_idmap_lookup_id(name, namelen, "uid", uid);
+	if (ret < 0)
+		ret = nfs_idmap_id(idmap, &idmap->idmap_user_hash, name, namelen, uid);
+	return ret;
+ }
+ 
+-int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid)
+int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *gid)
+ {
+ 	struct idmap *idmap = server->nfs_client->cl_idmap;
+	int ret = -EINVAL;
+ 
+-	if (nfs_map_string_to_numeric(name, namelen, uid))
+	if (nfs_map_string_to_numeric(name, namelen, gid))
+ 		return 0;
+-	return nfs_idmap_id(idmap, &idmap->idmap_group_hash, name, namelen, uid);
+	ret = nfs_idmap_lookup_id(name, namelen, "gid", gid);
+	if (ret < 0)
+		ret = nfs_idmap_id(idmap, &idmap->idmap_group_hash, name, namelen, gid);
+	return ret;
+ }
+ 
+ int nfs_map_uid_to_name(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen)
+@@ -816,22 +786,26 @@ int nfs_map_uid_to_name(const struct nfs
+ 	struct idmap *idmap = server->nfs_client->cl_idmap;
+ 	int ret = -EINVAL;
+ 
+-	if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
+-		ret = nfs_idmap_name(idmap, &idmap->idmap_user_hash, uid, buf);
+	if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) {
+		ret = nfs_idmap_lookup_name(uid, "user", buf, buflen);
+		if (ret < 0)
+			ret = nfs_idmap_name(idmap, &idmap->idmap_user_hash, uid, buf);
+	}
+ 	if (ret < 0)
+ 		ret = nfs_map_numeric_to_string(uid, buf, buflen);
+ 	return ret;
+ }
+-int nfs_map_gid_to_group(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen)
+int nfs_map_gid_to_group(const struct nfs_server *server, __u32 gid, char *buf, size_t buflen)
+ {
+ 	struct idmap *idmap = server->nfs_client->cl_idmap;
+ 	int ret = -EINVAL;
+ 
+-	if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
+-		ret = nfs_idmap_name(idmap, &idmap->idmap_group_hash, uid, buf);
+	if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) {
+		ret = nfs_idmap_lookup_name(gid, "group", buf, buflen);
+		if (ret < 0)
+			ret = nfs_idmap_name(idmap, &idmap->idmap_group_hash, gid, buf);
+	}
+ 	if (ret < 0)
+-		ret = nfs_map_numeric_to_string(uid, buf, buflen);
+		ret = nfs_map_numeric_to_string(gid, buf, buflen);
+ 	return ret;
+ }
+-
+-#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */
+diff -up linux-3.2.noarch/fs/nfs/Kconfig.orig linux-3.2.noarch/fs/nfs/Kconfig
+--- linux-3.2.noarch/fs/nfs/Kconfig.orig	2012-01-04 18:55:44.000000000 -0500
+++ linux-3.2.noarch/fs/nfs/Kconfig	2012-01-27 10:15:42.913562572 -0500
+@@ -132,14 +132,3 @@ config NFS_USE_KERNEL_DNS
+ 	select DNS_RESOLVER
+ 	select KEYS
+ 	default y
+-
+-config NFS_USE_NEW_IDMAPPER
+-	bool "Use the new idmapper upcall routine"
+-	depends on NFS_V4 && KEYS
+-	help
+-	  Say Y here if you want NFS to use the new idmapper upcall functions.
+-	  You will need /sbin/request-key (usually provided by the keyutils
+-	  package).  For details, read
+-	  <file:Documentation/filesystems/nfs/idmapper.txt>.
+-
+-	  If you are unsure, say N.
+diff -up linux-3.2.noarch/fs/nfs/sysctl.c.orig linux-3.2.noarch/fs/nfs/sysctl.c
+--- linux-3.2.noarch/fs/nfs/sysctl.c.orig	2012-01-04 18:55:44.000000000 -0500
+++ linux-3.2.noarch/fs/nfs/sysctl.c	2012-01-27 10:15:42.914563082 -0500
+@@ -32,7 +32,6 @@ static ctl_table nfs_cb_sysctls[] = {
+ 		.extra1 = (int *)&nfs_set_port_min,
+ 		.extra2 = (int *)&nfs_set_port_max,
+ 	},
+-#ifndef CONFIG_NFS_USE_NEW_IDMAPPER
+ 	{
+ 		.procname = "idmap_cache_timeout",
+ 		.data = &nfs_idmap_cache_timeout,
+@@ -40,7 +39,6 @@ static ctl_table nfs_cb_sysctls[] = {
+ 		.mode = 0644,
+ 		.proc_handler = proc_dointvec_jiffies,
+ 	},
+-#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */
+ #endif
+ 	{
+ 		.procname	= "nfs_mountpoint_timeout",
+diff -up linux-3.2.noarch/include/linux/nfs_idmap.h.orig linux-3.2.noarch/include/linux/nfs_idmap.h
+--- linux-3.2.noarch/include/linux/nfs_idmap.h.orig	2012-01-27 10:06:46.783643915 -0500
+++ linux-3.2.noarch/include/linux/nfs_idmap.h	2012-01-27 10:15:42.915563594 -0500
+@@ -69,36 +69,11 @@ struct nfs_server;
+ struct nfs_fattr;
+ struct nfs4_string;
+ 
+-#ifdef CONFIG_NFS_USE_NEW_IDMAPPER
+-
+ int nfs_idmap_init(void);
+ void nfs_idmap_quit(void);
+-
+-static inline int nfs_idmap_new(struct nfs_client *clp)
+-{
+-	return 0;
+-}
+-
+-static inline void nfs_idmap_delete(struct nfs_client *clp)
+-{
+-}
+-
+-#else /* CONFIG_NFS_USE_NEW_IDMAPPER not set */
+-
+-static inline int nfs_idmap_init(void)
+-{
+-	return 0;
+-}
+-
+-static inline void nfs_idmap_quit(void)
+-{
+-}
+-
+ int nfs_idmap_new(struct nfs_client *);
+ void nfs_idmap_delete(struct nfs_client *);
+ 
+-#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */
+-
+ void nfs_fattr_init_names(struct nfs_fattr *fattr,
+ 		struct nfs4_string *owner_name,
+ 		struct nfs4_string *group_name);
--- a/linux-3.3-newidmapper-02.patch
+++ b/linux-3.3-newidmapper-02.patch
@ -0,0 +1,97 @@
+commit 3cd0f37a2cc9e4d6188df10041a2441eaa41d991
+Author: Bryan Schumaker <bjschuma@netapp.com>
+Date:   Thu Jan 26 16:54:24 2012 -0500
+
+    NFS: Keep idmapper include files in one place
+    
+    Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
+    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+diff -up linux-3.2.noarch/fs/nfs/idmap.c.orig linux-3.2.noarch/fs/nfs/idmap.c
+--- linux-3.2.noarch/fs/nfs/idmap.c.orig	2012-01-27 10:15:42.914563082 -0500
+++ linux-3.2.noarch/fs/nfs/idmap.c	2012-01-27 10:19:22.711401559 -0500
+@@ -39,6 +39,36 @@
+ #include <linux/slab.h>
+ #include <linux/nfs_idmap.h>
+ #include <linux/nfs_fs.h>
+#include <linux/cred.h>
+#include <linux/sunrpc/sched.h>
+#include <linux/nfs4.h>
+#include <linux/nfs_fs_sb.h>
+#include <linux/keyctl.h>
+#include <linux/key-type.h>
+#include <linux/rcupdate.h>
+#include <linux/err.h>
+#include <keys/user-type.h>
+
+/* include files needed by legacy idmapper */
+#include <linux/module.h>
+#include <linux/mutex.h>
+#include <linux/init.h>
+#include <linux/socket.h>
+#include <linux/in.h>
+#include <linux/sched.h>
+#include <linux/sunrpc/clnt.h>
+#include <linux/workqueue.h>
+#include <linux/sunrpc/rpc_pipe_fs.h>
+#include <linux/nfs_fs.h>
+#include "nfs4_fs.h"
+
+#define NFS_UINT_MAXLEN 11
+#define IDMAP_HASH_SZ          128
+
+/* Default cache timeout is 10 minutes */
+unsigned int nfs_idmap_cache_timeout = 600 * HZ;
+const struct cred *id_resolver_cache;
+
+ 
+ /**
+  * nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields
+@@ -142,21 +172,6 @@ static int nfs_map_numeric_to_string(__u
+ 	return snprintf(buf, buflen, "%u", id);
+ }
+ 
+-#include <linux/cred.h>
+-#include <linux/sunrpc/sched.h>
+-#include <linux/nfs4.h>
+-#include <linux/nfs_fs_sb.h>
+-#include <linux/keyctl.h>
+-#include <linux/key-type.h>
+-#include <linux/rcupdate.h>
+-#include <linux/err.h>
+-
+-#include <keys/user-type.h>
+-
+-#define NFS_UINT_MAXLEN 11
+-
+-const struct cred *id_resolver_cache;
+-
+ struct key_type key_type_id_resolver = {
+ 	.name		= "id_resolver",
+ 	.instantiate	= user_instantiate,
+@@ -327,25 +342,6 @@ static int nfs_idmap_lookup_id(const cha
+ }
+ 
+ /* idmap classic begins here */
+-#include <linux/module.h>
+-#include <linux/mutex.h>
+-#include <linux/init.h>
+-#include <linux/socket.h>
+-#include <linux/in.h>
+-#include <linux/sched.h>
+-#include <linux/sunrpc/clnt.h>
+-#include <linux/workqueue.h>
+-#include <linux/sunrpc/rpc_pipe_fs.h>
+-
+-#include <linux/nfs_fs.h>
+-
+-#include "nfs4_fs.h"
+-
+-#define IDMAP_HASH_SZ          128
+-
+-/* Default cache timeout is 10 minutes */
+-unsigned int nfs_idmap_cache_timeout = 600 * HZ;
+-
+ static int param_set_idmap_timeout(const char *val, struct kernel_param *kp)
+ {
+ 	char *endp;
--- a/linux-3.3-newidmapper-03.patch
+++ b/linux-3.3-newidmapper-03.patch
@ -0,0 +1,40 @@
+commit a602bea3e7ccc5ce3da61d2c18245c4058983926
+Author: Bryan Schumaker <bjschuma@netapp.com>
+Date:   Thu Jan 26 16:54:25 2012 -0500
+
+    NFS: Update idmapper documentation
+    
+    Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
+    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+diff -up linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt.orig linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt
+--- linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt.orig	2012-01-04 18:55:44.000000000 -0500
+++ linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt	2012-01-27 10:19:55.406740364 -0500
+@@ -4,13 +4,21 @@ ID Mapper
+ =========
+ Id mapper is used by NFS to translate user and group ids into names, and to
+ translate user and group names into ids.  Part of this translation involves
+-performing an upcall to userspace to request the information.  Id mapper will
+-user request-key to perform this upcall and cache the result.  The program
+-/usr/sbin/nfs.idmap should be called by request-key, and will perform the
+-translation and initialize a key with the resulting information.
+performing an upcall to userspace to request the information.  There are two
+ways NFS could obtain this information: placing a call to /sbin/request-key
+or by placing a call to the rpc.idmap daemon.
+
+NFS will attempt to call /sbin/request-key first.  If this succeeds, the
+result will be cached using the generic request-key cache.  This call should
+only fail if /etc/request-key.conf is not configured for the id_resolver key
+type, see the "Configuring" section below if you wish to use the request-key
+method.
+
+If the call to /sbin/request-key fails (if /etc/request-key.conf is not
+configured with the id_resolver key type), then the idmapper will ask the
+legacy rpc.idmap daemon for the id mapping.  This result will be stored
+in a custom NFS idmap cache.
+ 
+- NFS_USE_NEW_IDMAPPER must be selected when configuring the kernel to use this
+- feature.
+ 
+ ===========
+ Configuring