From a0668fa819dbbf94eea6e1c5803508cb0fc99934 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Feb 08 2012 13:48:17 +0000 Subject: Add new upstream NFS id mapping patches from Steve Dickson --- diff --git a/kernel.spec b/kernel.spec index 172deb8..7be1fcf 100644 --- a/kernel.spec +++ b/kernel.spec @@ -718,6 +718,9 @@ Patch2901: linux-2.6-v4l-dvb-experimental.patch # NFSv4 Patch1101: linux-3.1-keys-remove-special-keyring.patch +Patch1102: linux-3.3-newidmapper-01.patch +Patch1103: linux-3.3-newidmapper-02.patch +Patch1104: linux-3.3-newidmapper-03.patch # patches headed upstream Patch12016: disable-i8042-check-on-apple-mac.patch @@ -1327,6 +1330,9 @@ ApplyPatch arm-smsc-support-reading-mac-address-from-device-tree.patch # NFSv4 ApplyPatch linux-3.1-keys-remove-special-keyring.patch +ApplyPatch linux-3.3-newidmapper-01.patch +ApplyPatch linux-3.3-newidmapper-02.patch +ApplyPatch linux-3.3-newidmapper-03.patch # USB @@ -2313,6 +2319,7 @@ fi * Wed Feb 08 2012 Josh Boyer - CVE-2011-4086 jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS (rhbz 788260) +- Add new upstream NFS id mapping patches from Steve Dickson * Tue Feb 07 2012 Josh Boyer - Linux 3.3-rc2-git6 (upstream 6bd113f1f4a8c0d05c4dbadb300319e0e3526db4) diff --git a/linux-3.3-newidmapper-01.patch b/linux-3.3-newidmapper-01.patch new file mode 100644 index 0000000..9afbb93 --- /dev/null +++ b/linux-3.3-newidmapper-01.patch @@ -0,0 +1,217 @@ +commit e6499c6f4b5f56a16f8b8ef60529c1da28b13aea +Author: Bryan Schumaker +Date: Thu Jan 26 16:54:23 2012 -0500 + + NFS: Fall back on old idmapper if request_key() fails + + This patch removes the CONFIG_NFS_USE_NEW_IDMAPPER compile option. + First, the idmapper will attempt to map the id using /sbin/request-key + and nfsidmap. If this fails (if /etc/request-key.conf is not configured + properly) then the idmapper will call the legacy code to perform the + mapping. I left a comment stating where the legacy code begins to make + it easier for somebody to remove in the future. + + Signed-off-by: Bryan Schumaker + Signed-off-by: Trond Myklebust + +diff -up linux-3.2.noarch/fs/nfs/idmap.c.orig linux-3.2.noarch/fs/nfs/idmap.c +--- linux-3.2.noarch/fs/nfs/idmap.c.orig 2012-01-27 10:07:07.209851446 -0500 ++++ linux-3.2.noarch/fs/nfs/idmap.c 2012-01-27 10:15:42.914563082 -0500 +@@ -142,8 +142,6 @@ static int nfs_map_numeric_to_string(__u + return snprintf(buf, buflen, "%u", id); + } + +-#ifdef CONFIG_NFS_USE_NEW_IDMAPPER +- + #include + #include + #include +@@ -328,43 +326,7 @@ static int nfs_idmap_lookup_id(const cha + return ret; + } + +-int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid) +-{ +- if (nfs_map_string_to_numeric(name, namelen, uid)) +- return 0; +- return nfs_idmap_lookup_id(name, namelen, "uid", uid); +-} +- +-int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *gid) +-{ +- if (nfs_map_string_to_numeric(name, namelen, gid)) +- return 0; +- return nfs_idmap_lookup_id(name, namelen, "gid", gid); +-} +- +-int nfs_map_uid_to_name(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen) +-{ +- int ret = -EINVAL; +- +- if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) +- ret = nfs_idmap_lookup_name(uid, "user", buf, buflen); +- if (ret < 0) +- ret = nfs_map_numeric_to_string(uid, buf, buflen); +- return ret; +-} +-int nfs_map_gid_to_group(const struct nfs_server *server, __u32 gid, char *buf, size_t buflen) +-{ +- int ret = -EINVAL; +- +- if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) +- ret = nfs_idmap_lookup_name(gid, "group", buf, buflen); +- if (ret < 0) +- ret = nfs_map_numeric_to_string(gid, buf, buflen); +- return ret; +-} +- +-#else /* CONFIG_NFS_USE_NEW_IDMAPPER not defined */ +- ++/* idmap classic begins here */ + #include + #include + #include +@@ -796,19 +758,27 @@ static unsigned int fnvhash32(const void + int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid) + { + struct idmap *idmap = server->nfs_client->cl_idmap; ++ int ret = -EINVAL; + + if (nfs_map_string_to_numeric(name, namelen, uid)) + return 0; +- return nfs_idmap_id(idmap, &idmap->idmap_user_hash, name, namelen, uid); ++ ret = nfs_idmap_lookup_id(name, namelen, "uid", uid); ++ if (ret < 0) ++ ret = nfs_idmap_id(idmap, &idmap->idmap_user_hash, name, namelen, uid); ++ return ret; + } + +-int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid) ++int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *gid) + { + struct idmap *idmap = server->nfs_client->cl_idmap; ++ int ret = -EINVAL; + +- if (nfs_map_string_to_numeric(name, namelen, uid)) ++ if (nfs_map_string_to_numeric(name, namelen, gid)) + return 0; +- return nfs_idmap_id(idmap, &idmap->idmap_group_hash, name, namelen, uid); ++ ret = nfs_idmap_lookup_id(name, namelen, "gid", gid); ++ if (ret < 0) ++ ret = nfs_idmap_id(idmap, &idmap->idmap_group_hash, name, namelen, gid); ++ return ret; + } + + int nfs_map_uid_to_name(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen) +@@ -816,22 +786,26 @@ int nfs_map_uid_to_name(const struct nfs + struct idmap *idmap = server->nfs_client->cl_idmap; + int ret = -EINVAL; + +- if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) +- ret = nfs_idmap_name(idmap, &idmap->idmap_user_hash, uid, buf); ++ if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) { ++ ret = nfs_idmap_lookup_name(uid, "user", buf, buflen); ++ if (ret < 0) ++ ret = nfs_idmap_name(idmap, &idmap->idmap_user_hash, uid, buf); ++ } + if (ret < 0) + ret = nfs_map_numeric_to_string(uid, buf, buflen); + return ret; + } +-int nfs_map_gid_to_group(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen) ++int nfs_map_gid_to_group(const struct nfs_server *server, __u32 gid, char *buf, size_t buflen) + { + struct idmap *idmap = server->nfs_client->cl_idmap; + int ret = -EINVAL; + +- if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) +- ret = nfs_idmap_name(idmap, &idmap->idmap_group_hash, uid, buf); ++ if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) { ++ ret = nfs_idmap_lookup_name(gid, "group", buf, buflen); ++ if (ret < 0) ++ ret = nfs_idmap_name(idmap, &idmap->idmap_group_hash, gid, buf); ++ } + if (ret < 0) +- ret = nfs_map_numeric_to_string(uid, buf, buflen); ++ ret = nfs_map_numeric_to_string(gid, buf, buflen); + return ret; + } +- +-#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */ +diff -up linux-3.2.noarch/fs/nfs/Kconfig.orig linux-3.2.noarch/fs/nfs/Kconfig +--- linux-3.2.noarch/fs/nfs/Kconfig.orig 2012-01-04 18:55:44.000000000 -0500 ++++ linux-3.2.noarch/fs/nfs/Kconfig 2012-01-27 10:15:42.913562572 -0500 +@@ -132,14 +132,3 @@ config NFS_USE_KERNEL_DNS + select DNS_RESOLVER + select KEYS + default y +- +-config NFS_USE_NEW_IDMAPPER +- bool "Use the new idmapper upcall routine" +- depends on NFS_V4 && KEYS +- help +- Say Y here if you want NFS to use the new idmapper upcall functions. +- You will need /sbin/request-key (usually provided by the keyutils +- package). For details, read +- . +- +- If you are unsure, say N. +diff -up linux-3.2.noarch/fs/nfs/sysctl.c.orig linux-3.2.noarch/fs/nfs/sysctl.c +--- linux-3.2.noarch/fs/nfs/sysctl.c.orig 2012-01-04 18:55:44.000000000 -0500 ++++ linux-3.2.noarch/fs/nfs/sysctl.c 2012-01-27 10:15:42.914563082 -0500 +@@ -32,7 +32,6 @@ static ctl_table nfs_cb_sysctls[] = { + .extra1 = (int *)&nfs_set_port_min, + .extra2 = (int *)&nfs_set_port_max, + }, +-#ifndef CONFIG_NFS_USE_NEW_IDMAPPER + { + .procname = "idmap_cache_timeout", + .data = &nfs_idmap_cache_timeout, +@@ -40,7 +39,6 @@ static ctl_table nfs_cb_sysctls[] = { + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, +-#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */ + #endif + { + .procname = "nfs_mountpoint_timeout", +diff -up linux-3.2.noarch/include/linux/nfs_idmap.h.orig linux-3.2.noarch/include/linux/nfs_idmap.h +--- linux-3.2.noarch/include/linux/nfs_idmap.h.orig 2012-01-27 10:06:46.783643915 -0500 ++++ linux-3.2.noarch/include/linux/nfs_idmap.h 2012-01-27 10:15:42.915563594 -0500 +@@ -69,36 +69,11 @@ struct nfs_server; + struct nfs_fattr; + struct nfs4_string; + +-#ifdef CONFIG_NFS_USE_NEW_IDMAPPER +- + int nfs_idmap_init(void); + void nfs_idmap_quit(void); +- +-static inline int nfs_idmap_new(struct nfs_client *clp) +-{ +- return 0; +-} +- +-static inline void nfs_idmap_delete(struct nfs_client *clp) +-{ +-} +- +-#else /* CONFIG_NFS_USE_NEW_IDMAPPER not set */ +- +-static inline int nfs_idmap_init(void) +-{ +- return 0; +-} +- +-static inline void nfs_idmap_quit(void) +-{ +-} +- + int nfs_idmap_new(struct nfs_client *); + void nfs_idmap_delete(struct nfs_client *); + +-#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */ +- + void nfs_fattr_init_names(struct nfs_fattr *fattr, + struct nfs4_string *owner_name, + struct nfs4_string *group_name); diff --git a/linux-3.3-newidmapper-02.patch b/linux-3.3-newidmapper-02.patch new file mode 100644 index 0000000..9307ee0 --- /dev/null +++ b/linux-3.3-newidmapper-02.patch @@ -0,0 +1,97 @@ +commit 3cd0f37a2cc9e4d6188df10041a2441eaa41d991 +Author: Bryan Schumaker +Date: Thu Jan 26 16:54:24 2012 -0500 + + NFS: Keep idmapper include files in one place + + Signed-off-by: Bryan Schumaker + Signed-off-by: Trond Myklebust + +diff -up linux-3.2.noarch/fs/nfs/idmap.c.orig linux-3.2.noarch/fs/nfs/idmap.c +--- linux-3.2.noarch/fs/nfs/idmap.c.orig 2012-01-27 10:15:42.914563082 -0500 ++++ linux-3.2.noarch/fs/nfs/idmap.c 2012-01-27 10:19:22.711401559 -0500 +@@ -39,6 +39,36 @@ + #include + #include + #include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* include files needed by legacy idmapper */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "nfs4_fs.h" ++ ++#define NFS_UINT_MAXLEN 11 ++#define IDMAP_HASH_SZ 128 ++ ++/* Default cache timeout is 10 minutes */ ++unsigned int nfs_idmap_cache_timeout = 600 * HZ; ++const struct cred *id_resolver_cache; ++ + + /** + * nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields +@@ -142,21 +172,6 @@ static int nfs_map_numeric_to_string(__u + return snprintf(buf, buflen, "%u", id); + } + +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +- +-#define NFS_UINT_MAXLEN 11 +- +-const struct cred *id_resolver_cache; +- + struct key_type key_type_id_resolver = { + .name = "id_resolver", + .instantiate = user_instantiate, +@@ -327,25 +342,6 @@ static int nfs_idmap_lookup_id(const cha + } + + /* idmap classic begins here */ +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +- +-#include "nfs4_fs.h" +- +-#define IDMAP_HASH_SZ 128 +- +-/* Default cache timeout is 10 minutes */ +-unsigned int nfs_idmap_cache_timeout = 600 * HZ; +- + static int param_set_idmap_timeout(const char *val, struct kernel_param *kp) + { + char *endp; diff --git a/linux-3.3-newidmapper-03.patch b/linux-3.3-newidmapper-03.patch new file mode 100644 index 0000000..7018e35 --- /dev/null +++ b/linux-3.3-newidmapper-03.patch @@ -0,0 +1,40 @@ +commit a602bea3e7ccc5ce3da61d2c18245c4058983926 +Author: Bryan Schumaker +Date: Thu Jan 26 16:54:25 2012 -0500 + + NFS: Update idmapper documentation + + Signed-off-by: Bryan Schumaker + Signed-off-by: Trond Myklebust + +diff -up linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt.orig linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt +--- linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt.orig 2012-01-04 18:55:44.000000000 -0500 ++++ linux-3.2.noarch/Documentation/filesystems/nfs/idmapper.txt 2012-01-27 10:19:55.406740364 -0500 +@@ -4,13 +4,21 @@ ID Mapper + ========= + Id mapper is used by NFS to translate user and group ids into names, and to + translate user and group names into ids. Part of this translation involves +-performing an upcall to userspace to request the information. Id mapper will +-user request-key to perform this upcall and cache the result. The program +-/usr/sbin/nfs.idmap should be called by request-key, and will perform the +-translation and initialize a key with the resulting information. ++performing an upcall to userspace to request the information. There are two ++ways NFS could obtain this information: placing a call to /sbin/request-key ++or by placing a call to the rpc.idmap daemon. ++ ++NFS will attempt to call /sbin/request-key first. If this succeeds, the ++result will be cached using the generic request-key cache. This call should ++only fail if /etc/request-key.conf is not configured for the id_resolver key ++type, see the "Configuring" section below if you wish to use the request-key ++method. ++ ++If the call to /sbin/request-key fails (if /etc/request-key.conf is not ++configured with the id_resolver key type), then the idmapper will ask the ++legacy rpc.idmap daemon for the id mapping. This result will be stored ++in a custom NFS idmap cache. + +- NFS_USE_NEW_IDMAPPER must be selected when configuring the kernel to use this +- feature. + + =========== + Configuring