callback.c 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * linux/fs/nfs/callback.c
  4. *
  5. * Copyright (C) 2004 Trond Myklebust
  6. *
  7. * NFSv4 callback handling
  8. */
  9. #include <linux/completion.h>
  10. #include <linux/ip.h>
  11. #include <linux/module.h>
  12. #include <linux/sched/signal.h>
  13. #include <linux/sunrpc/svc.h>
  14. #include <linux/sunrpc/svcsock.h>
  15. #include <linux/nfs_fs.h>
  16. #include <linux/errno.h>
  17. #include <linux/mutex.h>
  18. #include <linux/freezer.h>
  19. #include <linux/sunrpc/svcauth_gss.h>
  20. #include <linux/sunrpc/bc_xprt.h>
  21. #include <net/inet_sock.h>
  22. #include "nfs4_fs.h"
  23. #include "callback.h"
  24. #include "internal.h"
  25. #include "netns.h"
  26. #define NFSDBG_FACILITY NFSDBG_CALLBACK
  27. struct nfs_callback_data {
  28. unsigned int users;
  29. struct svc_serv *serv;
  30. };
  31. static struct nfs_callback_data nfs_callback_info[NFS4_MAX_MINOR_VERSION + 1];
  32. static DEFINE_MUTEX(nfs_callback_mutex);
  33. static struct svc_program nfs4_callback_program;
  34. static int nfs4_callback_up_net(struct svc_serv *serv, struct net *net)
  35. {
  36. const struct cred *cred = current_cred();
  37. int ret;
  38. struct nfs_net *nn = net_generic(net, nfs_net_id);
  39. ret = svc_xprt_create(serv, "tcp", net, PF_INET,
  40. nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS,
  41. cred);
  42. if (ret <= 0)
  43. goto out_err;
  44. nn->nfs_callback_tcpport = ret;
  45. dprintk("NFS: Callback listener port = %u (af %u, net %x)\n",
  46. nn->nfs_callback_tcpport, PF_INET, net->ns.inum);
  47. ret = svc_xprt_create(serv, "tcp", net, PF_INET6,
  48. nfs_callback_set_tcpport, SVC_SOCK_ANONYMOUS,
  49. cred);
  50. if (ret > 0) {
  51. nn->nfs_callback_tcpport6 = ret;
  52. dprintk("NFS: Callback listener port = %u (af %u, net %x)\n",
  53. nn->nfs_callback_tcpport6, PF_INET6, net->ns.inum);
  54. } else if (ret != -EAFNOSUPPORT)
  55. goto out_err;
  56. return 0;
  57. out_err:
  58. return (ret) ? ret : -ENOMEM;
  59. }
  60. /*
  61. * This is the NFSv4 callback kernel thread.
  62. */
  63. static int
  64. nfs4_callback_svc(void *vrqstp)
  65. {
  66. struct svc_rqst *rqstp = vrqstp;
  67. svc_thread_init_status(rqstp, 0);
  68. set_freezable();
  69. while (!svc_thread_should_stop(rqstp))
  70. svc_recv(rqstp, 0);
  71. svc_exit_thread(rqstp);
  72. return 0;
  73. }
  74. static inline void nfs_callback_bc_serv(u32 minorversion, struct rpc_xprt *xprt,
  75. struct svc_serv *serv)
  76. {
  77. if (minorversion)
  78. /*
  79. * Save the svc_serv in the transport so that it can
  80. * be referenced when the session backchannel is initialized
  81. */
  82. xprt->bc_serv = serv;
  83. }
  84. static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
  85. struct svc_serv *serv)
  86. {
  87. int nrservs = nfs_callback_nr_threads;
  88. int ret;
  89. nfs_callback_bc_serv(minorversion, xprt, serv);
  90. if (nrservs < NFS4_MIN_NR_CALLBACK_THREADS)
  91. nrservs = NFS4_MIN_NR_CALLBACK_THREADS;
  92. if (serv->sv_nrthreads == nrservs)
  93. return 0;
  94. ret = svc_set_num_threads(serv, 0, nrservs);
  95. if (ret) {
  96. svc_set_num_threads(serv, 0, 0);
  97. return ret;
  98. }
  99. dprintk("nfs_callback_up: service started\n");
  100. return 0;
  101. }
  102. static void nfs_callback_down_net(u32 minorversion, struct svc_serv *serv, struct net *net)
  103. {
  104. struct nfs_net *nn = net_generic(net, nfs_net_id);
  105. if (--nn->cb_users[minorversion])
  106. return;
  107. dprintk("NFS: destroy per-net callback data; net=%x\n", net->ns.inum);
  108. svc_xprt_destroy_all(serv, net, false);
  109. }
  110. static int nfs_callback_up_net(int minorversion, struct svc_serv *serv,
  111. struct net *net, struct rpc_xprt *xprt)
  112. {
  113. struct nfs_net *nn = net_generic(net, nfs_net_id);
  114. int ret;
  115. if (nn->cb_users[minorversion]++)
  116. return 0;
  117. dprintk("NFS: create per-net callback data; net=%x\n", net->ns.inum);
  118. ret = svc_bind(serv, net);
  119. if (ret < 0) {
  120. printk(KERN_WARNING "NFS: bind callback service failed\n");
  121. goto err;
  122. }
  123. ret = 0;
  124. if (minorversion == 0)
  125. ret = nfs4_callback_up_net(serv, net);
  126. else if (xprt->ops->bc_setup)
  127. set_bc_enabled(serv);
  128. else
  129. ret = -EPROTONOSUPPORT;
  130. if (ret < 0) {
  131. printk(KERN_ERR "NFS: callback service start failed\n");
  132. goto err;
  133. }
  134. return 0;
  135. err:
  136. nn->cb_users[minorversion]--;
  137. dprintk("NFS: Couldn't create callback socket: err = %d; "
  138. "net = %x\n", ret, net->ns.inum);
  139. return ret;
  140. }
  141. static struct svc_serv *nfs_callback_create_svc(int minorversion)
  142. {
  143. struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
  144. int (*threadfn)(void *data);
  145. struct svc_serv *serv;
  146. /*
  147. * Check whether we're already up and running.
  148. */
  149. if (cb_info->serv)
  150. return cb_info->serv;
  151. /*
  152. * Sanity check: if there's no task,
  153. * we should be the first user ...
  154. */
  155. if (cb_info->users)
  156. printk(KERN_WARNING "nfs_callback_create_svc: no kthread, %d users??\n",
  157. cb_info->users);
  158. threadfn = nfs4_callback_svc;
  159. serv = svc_create(&nfs4_callback_program, NFS4_CALLBACK_BUFSIZE,
  160. threadfn);
  161. if (!serv) {
  162. printk(KERN_ERR "nfs_callback_create_svc: create service failed\n");
  163. return ERR_PTR(-ENOMEM);
  164. }
  165. cb_info->serv = serv;
  166. dprintk("nfs_callback_create_svc: service created\n");
  167. return serv;
  168. }
  169. /*
  170. * Bring up the callback thread if it is not already up.
  171. */
  172. int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt)
  173. {
  174. struct svc_serv *serv;
  175. struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
  176. int ret;
  177. struct net *net = xprt->xprt_net;
  178. mutex_lock(&nfs_callback_mutex);
  179. serv = nfs_callback_create_svc(minorversion);
  180. if (IS_ERR(serv)) {
  181. ret = PTR_ERR(serv);
  182. goto err_create;
  183. }
  184. ret = nfs_callback_up_net(minorversion, serv, net, xprt);
  185. if (ret < 0)
  186. goto err_net;
  187. ret = nfs_callback_start_svc(minorversion, xprt, serv);
  188. if (ret < 0)
  189. goto err_start;
  190. cb_info->users++;
  191. err_net:
  192. if (!cb_info->users) {
  193. svc_set_num_threads(cb_info->serv, 0, 0);
  194. svc_destroy(&cb_info->serv);
  195. }
  196. err_create:
  197. mutex_unlock(&nfs_callback_mutex);
  198. return ret;
  199. err_start:
  200. nfs_callback_down_net(minorversion, serv, net);
  201. dprintk("NFS: Couldn't create server thread; err = %d\n", ret);
  202. goto err_net;
  203. }
  204. /*
  205. * Kill the callback thread if it's no longer being used.
  206. */
  207. void nfs_callback_down(int minorversion, struct net *net, struct rpc_xprt *xprt)
  208. {
  209. struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
  210. struct svc_serv *serv;
  211. mutex_lock(&nfs_callback_mutex);
  212. serv = cb_info->serv;
  213. nfs_callback_down_net(minorversion, serv, net);
  214. cb_info->users--;
  215. if (cb_info->users == 0) {
  216. svc_set_num_threads(serv, 0, 0);
  217. dprintk("nfs_callback_down: service destroyed\n");
  218. xprt_svc_destroy_nullify_bc(xprt, &cb_info->serv);
  219. }
  220. mutex_unlock(&nfs_callback_mutex);
  221. }
  222. /* Boolean check of RPC_AUTH_GSS principal */
  223. int
  224. check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp)
  225. {
  226. char *p = rqstp->rq_cred.cr_principal;
  227. if (rqstp->rq_authop->flavour != RPC_AUTH_GSS)
  228. return 1;
  229. /* No RPC_AUTH_GSS on NFSv4.1 back channel yet */
  230. if (clp->cl_minorversion != 0)
  231. return 0;
  232. /*
  233. * It might just be a normal user principal, in which case
  234. * userspace won't bother to tell us the name at all.
  235. */
  236. if (p == NULL)
  237. return 0;
  238. /*
  239. * Did we get the acceptor from userland during the SETCLIENID
  240. * negotiation?
  241. */
  242. if (clp->cl_acceptor)
  243. return !strcmp(p, clp->cl_acceptor);
  244. /*
  245. * Otherwise try to verify it using the cl_hostname. Note that this
  246. * doesn't work if a non-canonical hostname was used in the devname.
  247. */
  248. /* Expect a GSS_C_NT_HOSTBASED_NAME like "nfs@serverhostname" */
  249. if (memcmp(p, "nfs@", 4) != 0)
  250. return 0;
  251. p += 4;
  252. if (strcmp(p, clp->cl_hostname) != 0)
  253. return 0;
  254. return 1;
  255. }
  256. /*
  257. * pg_authenticate method for nfsv4 callback threads.
  258. *
  259. * The authflavor has been negotiated, so an incorrect flavor is a server
  260. * bug. Deny packets with incorrect authflavor.
  261. *
  262. * All other checking done after NFS decoding where the nfs_client can be
  263. * found in nfs4_callback_compound
  264. */
  265. static enum svc_auth_status nfs_callback_authenticate(struct svc_rqst *rqstp)
  266. {
  267. rqstp->rq_auth_stat = rpc_autherr_badcred;
  268. switch (rqstp->rq_authop->flavour) {
  269. case RPC_AUTH_NULL:
  270. if (rqstp->rq_proc != CB_NULL)
  271. return SVC_DENIED;
  272. break;
  273. case RPC_AUTH_GSS:
  274. /* No RPC_AUTH_GSS support yet in NFSv4.1 */
  275. if (svc_is_backchannel(rqstp))
  276. return SVC_DENIED;
  277. }
  278. rqstp->rq_auth_stat = rpc_auth_ok;
  279. return SVC_OK;
  280. }
  281. /*
  282. * Define NFS4 callback program
  283. */
  284. static const struct svc_version *nfs4_callback_version[] = {
  285. [1] = &nfs4_callback_version1,
  286. [4] = &nfs4_callback_version4,
  287. };
  288. static struct svc_program nfs4_callback_program = {
  289. .pg_prog = NFS4_CALLBACK, /* RPC service number */
  290. .pg_nvers = ARRAY_SIZE(nfs4_callback_version), /* Number of entries */
  291. .pg_vers = nfs4_callback_version, /* version table */
  292. .pg_name = "NFSv4 callback", /* service name */
  293. .pg_class = "nfs", /* authentication class */
  294. .pg_authenticate = nfs_callback_authenticate,
  295. .pg_init_request = svc_generic_init_request,
  296. .pg_rpcbind_set = svc_generic_rpcbind_set,
  297. };