diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2026-06-18 09:14:15 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2026-06-18 09:14:15 -0700 |
| commit | 3dc7c001169d112b3e514cacff6c93091c57af9a (patch) | |
| tree | bc3afccf5791c512b2e3965b4435319ba1e04324 /Documentation | |
| parent | 6edc20078ad0b05ab2dc2693965d373628d65f80 (diff) | |
| parent | e5248a7426030db1e126363f72afdb3b71339a5c (diff) | |
| download | ath-3dc7c001169d112b3e514cacff6c93091c57af9a.tar.gz | |
Merge tag 'nfsd-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
Pull nfsd updates from Chuck Lever:
"Jeff Layton wired up netlink upcalls for the auth.unix.ip and
auth.unix.gid caches in SunRPC and the svc_export and nfsd.fh caches
in NFSD. The new kernel-user API is more extensible and lays the
groundwork for retiring the old pipe interface.
The default NFS r/w block size rises to 4MB on hosts with at least
16GB of RAM, reducing per-RPC overhead on fast networks. Smaller
machines keep their previously computed default, and the value remains
tunable through /proc/fs/nfsd/max_block_size.
Chuck Lever converted the server's RPCSEC GSS Kerberos code to the
kernel's shared crypto/krb5 library. The conversion retires and
removes SunRPC's bespoke implementation of Kerberos v5, but keeps
RPCSEC GSS-API.
Continuing the xdrgen migration that converted the NLMv4 server XDR
layer in v7.1, Chuck Lever converted the NLM version 3 server-side XDR
layer from hand-written C to xdrgen-generated code. As with the NLMv4
conversion in v7.1, the goals are improved memory safety, lower
maintenance burden, and groundwork for generation of Rust code for
this layer instead of C.
Chuck Lever fixed an issue where lingering NFSv4 state pins a mounted
file system after it is unexported. A new netlink-based mechanism can
now release NLM locks and NFSv4 state by client address, by
filesystem, and by export. Now an administrator can quiesce an export
cleanly before unmounting it.
The remaining patches are bug fixes, clean-ups, and minor
optimizations, including a batch of memory-leak and use-after-free
fixes in the ACL, lockd, and TLS handshake paths, many of them
reported by Chris Mason. Sincere thanks to all contributors,
reviewers, testers, and bug reporters who participated in the v7.2
NFSD development cycle"
* tag 'nfsd-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (106 commits)
svcrdma: wake sq waiters when the transport closes
nfsd: reset write verifier on deferred writeback errors
nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race
sunrpc: wait for in-flight TLS handshake callback when cancel loses race
sunrpc: pin svc_xprt across the asynchronous TLS handshake callback
nfsd: fix posix_acl leak on SETACL decode failure
nfsd: fix posix_acl leak and ignored error in nfsd4_create_file
nfsd: check get_user() return when reading princhashlen
nfsd: fix inverted cp_ttl check in async copy reaper
nfsd: fix dead ACL conflict guard in nfsd4_create
NFSD: Fix SECINFO_NO_NAME decode error cleanup
sunrpc: harden rq_procinfo lifecycle to prevent double-free
SUNRPC: Return an error from xdr_buf_to_bvec() on overflow
SUNRPC: Bound-check xdr_buf_to_bvec() stores before writing
nfsd: release layout stid on setlease failure
lockd: Avoid hashing uninitialized bytes in nlm4svc_lookup_file()
lockd: Plug nlm_file refcount leak on cached nlm_do_fopen() failure
lockd: Plug nlm_file leak when nlm_do_fopen() fails
Revert "NFSD: Defer sub-object cleanup in export put callbacks"
Revert "svcrdma: Use contiguous pages for RDMA Read sink buffers"
...
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/netlink/specs/nfsd.yaml | 290 | ||||
| -rw-r--r-- | Documentation/netlink/specs/sunrpc_cache.yaml | 149 | ||||
| -rw-r--r-- | Documentation/sunrpc/xdr/nlm3.x | 168 |
3 files changed, 607 insertions, 0 deletions
diff --git a/Documentation/netlink/specs/nfsd.yaml b/Documentation/netlink/specs/nfsd.yaml index 8ab43c8253b2e..8f36fadd68f75 100644 --- a/Documentation/netlink/specs/nfsd.yaml +++ b/Documentation/netlink/specs/nfsd.yaml @@ -6,8 +6,52 @@ uapi-header: linux/nfsd_netlink.h doc: NFSD configuration over generic netlink. +definitions: + - + type: flags + name: cache-type + entries: [svc_export, expkey] + - + type: flags + name: export-flags + doc: These flags are ordered to match the NFSEXP_* flags in include/linux/nfsd/export.h + entries: + - readonly + - insecure-port + - rootsquash + - allsquash + - async + - gathered-writes + - noreaddirplus + - security-label + - sign-fh + - nohide + - nosubtreecheck + - noauthnlm + - msnfs + - fsid + - crossmount + - noacl + - v4root + - pnfs + - + type: flags + name: xprtsec-mode + doc: These flags are ordered to match the NFSEXP_XPRTSEC_* flags in include/linux/nfsd/export.h + entries: + - none + - tls + - mtls + attribute-sets: - + name: cache-notify + attributes: + - + name: cache-type + type: u32 + enum: cache-type + - name: rpc-status attributes: - @@ -132,6 +176,160 @@ attribute-sets: - name: npools type: u32 + - + name: fslocation + attributes: + - + name: host + type: string + - + name: path + type: string + - + name: fslocations + attributes: + - + name: location + type: nest + nested-attributes: fslocation + multi-attr: true + - + name: auth-flavor + attributes: + - + name: pseudoflavor + type: u32 + - + name: flags + type: u32 + enum: export-flags + enum-as-flags: true + - + name: svc-export + attributes: + - + name: seqno + type: u64 + - + name: client + type: string + - + name: path + type: string + - + name: negative + type: flag + - + name: expiry + type: u64 + - + name: anon-uid + type: u32 + - + name: anon-gid + type: u32 + - + name: fslocations + type: nest + nested-attributes: fslocations + - + name: uuid + type: binary + - + name: secinfo + type: nest + nested-attributes: auth-flavor + multi-attr: true + - + name: xprtsec + type: u32 + enum: xprtsec-mode + multi-attr: true + - + name: flags + type: u32 + enum: export-flags + enum-as-flags: true + - + name: fsid + type: s32 + - + name: svc-export-reqs + attributes: + - + name: requests + type: nest + nested-attributes: svc-export + multi-attr: true + - + name: expkey + attributes: + - + name: seqno + type: u64 + - + name: client + type: string + - + name: fsidtype + type: u8 + - + name: fsid + type: binary + - + name: negative + type: flag + - + name: expiry + type: u64 + - + name: path + type: string + - + name: expkey-reqs + attributes: + - + name: requests + type: nest + nested-attributes: expkey + multi-attr: true + - + name: cache-flush + attributes: + - + name: mask + type: u32 + enum: cache-type + enum-as-flags: true + - + name: unlock-ip + attributes: + - + name: address + type: binary + doc: struct sockaddr_in or struct sockaddr_in6. + checks: + min-len: 16 + - + name: unlock-filesystem + attributes: + - + name: path + type: string + doc: Filesystem path whose state should be released. + - + name: unlock-export + attributes: + - + name: path + type: string + doc: >- + Export path whose NFSv4 state should be revoked. + All state (opens, locks, delegations, layouts) acquired + through any export of this path is revoked, regardless + of which client holds the state. Intended for use after + all clients have been unexported from a given path, + enabling the underlying filesystem to be unmounted. operations: list: @@ -233,3 +431,95 @@ operations: attributes: - mode - npools + - + name: cache-notify + doc: Notification that there are cache requests that need servicing + attribute-set: cache-notify + mcgrp: exportd + event: + attributes: + - cache-type + - + name: svc-export-get-reqs + doc: Dump all pending svc_export requests + attribute-set: svc-export-reqs + flags: [admin-perm] + dump: + reply: + attributes: + - requests + - + name: svc-export-set-reqs + doc: Respond to one or more svc_export requests + attribute-set: svc-export-reqs + flags: [admin-perm] + do: + request: + attributes: + - requests + - + name: expkey-get-reqs + doc: Dump all pending expkey requests + attribute-set: expkey-reqs + flags: [admin-perm] + dump: + reply: + attributes: + - requests + - + name: expkey-set-reqs + doc: Respond to one or more expkey requests + attribute-set: expkey-reqs + flags: [admin-perm] + do: + request: + attributes: + - requests + - + name: cache-flush + doc: Flush nfsd caches (svc_export and/or expkey) + attribute-set: cache-flush + flags: [admin-perm] + do: + request: + attributes: + - mask + - + name: unlock-ip + doc: release NLM locks held by an IP address + attribute-set: unlock-ip + flags: [admin-perm] + do: + request: + attributes: + - address + - + name: unlock-filesystem + doc: revoke NFS state under a filesystem path + attribute-set: unlock-filesystem + flags: [admin-perm] + do: + request: + attributes: + - path + - + name: unlock-export + doc: >- + Revoke NFSv4 state acquired through exports of a given path. + Unlike unlock-filesystem, which operates at superblock granularity, + this command targets only state associated with a specific export + path. Userspace (exportfs -u) sends this after removing the last + client for a path so the underlying filesystem can be unmounted. + attribute-set: unlock-export + flags: [admin-perm] + do: + request: + attributes: + - path + +mcast-groups: + list: + - + name: none + - + name: exportd diff --git a/Documentation/netlink/specs/sunrpc_cache.yaml b/Documentation/netlink/specs/sunrpc_cache.yaml new file mode 100644 index 0000000000000..f22ff22b9418f --- /dev/null +++ b/Documentation/netlink/specs/sunrpc_cache.yaml @@ -0,0 +1,149 @@ +# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) +--- +name: sunrpc +protocol: genetlink +uapi-header: linux/sunrpc_netlink.h + +doc: SUNRPC cache upcall support over generic netlink. + +definitions: + - + type: flags + name: cache-type + entries: [ip_map, unix_gid] + +attribute-sets: + - + name: cache-notify + attributes: + - + name: cache-type + type: u32 + enum: cache-type + - + name: ip-map + attributes: + - + name: seqno + type: u64 + - + name: class + type: string + - + name: addr + type: string + - + name: domain + type: string + - + name: negative + type: flag + - + name: expiry + type: u64 + - + name: ip-map-reqs + attributes: + - + name: requests + type: nest + nested-attributes: ip-map + multi-attr: true + - + name: unix-gid + attributes: + - + name: seqno + type: u64 + - + name: uid + type: u32 + - + name: gids + type: u32 + multi-attr: true + - + name: negative + type: flag + - + name: expiry + type: u64 + - + name: unix-gid-reqs + attributes: + - + name: requests + type: nest + nested-attributes: unix-gid + multi-attr: true + - + name: cache-flush + attributes: + - + name: mask + type: u32 + enum: cache-type + enum-as-flags: true + +operations: + list: + - + name: cache-notify + doc: Notification that there are cache requests that need servicing + attribute-set: cache-notify + mcgrp: exportd + event: + attributes: + - cache-type + - + name: ip-map-get-reqs + doc: Dump all pending ip_map requests + attribute-set: ip-map-reqs + flags: [admin-perm] + dump: + reply: + attributes: + - requests + - + name: ip-map-set-reqs + doc: Respond to one or more ip_map requests + attribute-set: ip-map-reqs + flags: [admin-perm] + do: + request: + attributes: + - requests + - + name: unix-gid-get-reqs + doc: Dump all pending unix_gid requests + attribute-set: unix-gid-reqs + flags: [admin-perm] + dump: + reply: + attributes: + - requests + - + name: unix-gid-set-reqs + doc: Respond to one or more unix_gid requests + attribute-set: unix-gid-reqs + flags: [admin-perm] + do: + request: + attributes: + - requests + - + name: cache-flush + doc: Flush sunrpc caches (ip_map and/or unix_gid) + attribute-set: cache-flush + flags: [admin-perm] + do: + request: + attributes: + - mask + +mcast-groups: + list: + - + name: none + - + name: exportd diff --git a/Documentation/sunrpc/xdr/nlm3.x b/Documentation/sunrpc/xdr/nlm3.x new file mode 100644 index 0000000000000..b2e704f7b8649 --- /dev/null +++ b/Documentation/sunrpc/xdr/nlm3.x @@ -0,0 +1,168 @@ +/* + * This file was extracted by hand from + * https://pubs.opengroup.org/onlinepubs/9629799/chap10.htm#tagcjh_11_03 + */ + +/* + * The NLMv3 protocol + */ + +pragma header nlm3; + +const LM_MAXSTRLEN = 1024; + +const LM_MAXNAMELEN = 1025; + +const MAXNETOBJ_SZ = 1024; + +typedef opaque netobj<MAXNETOBJ_SZ>; + +enum nlm_stats { + LCK_GRANTED = 0, + LCK_DENIED = 1, + LCK_DENIED_NOLOCKS = 2, + LCK_BLOCKED = 3, + LCK_DENIED_GRACE_PERIOD = 4 +}; + +pragma big_endian nlm_stats; + +struct nlm_stat { + nlm_stats stat; +}; + +struct nlm_res { + netobj cookie; + nlm_stat stat; +}; + +struct nlm_holder { + bool exclusive; + int uppid; + netobj oh; + unsigned int l_offset; + unsigned int l_len; +}; + +union nlm_testrply switch (nlm_stats stat) { + case LCK_DENIED: + nlm_holder holder; + default: + void; +}; + +struct nlm_testres { + netobj cookie; + nlm_testrply test_stat; +}; + +struct nlm_lock { + string caller_name<LM_MAXSTRLEN>; + netobj fh; + netobj oh; + int uppid; + unsigned int l_offset; + unsigned int l_len; +}; + +struct nlm_lockargs { + netobj cookie; + bool block; + bool exclusive; + nlm_lock alock; + bool reclaim; + int state; +}; + +struct nlm_cancargs { + netobj cookie; + bool block; + bool exclusive; + nlm_lock alock; +}; + +struct nlm_testargs { + netobj cookie; + bool exclusive; + nlm_lock alock; +}; + +struct nlm_unlockargs { + netobj cookie; + nlm_lock alock; +}; + +enum fsh_mode { + fsm_DN = 0, + fsm_DR = 1, + fsm_DW = 2, + fsm_DRW = 3 +}; + +enum fsh_access { + fsa_NONE = 0, + fsa_R = 1, + fsa_W = 2, + fsa_RW = 3 +}; + +struct nlm_share { + string caller_name<LM_MAXSTRLEN>; + netobj fh; + netobj oh; + fsh_mode mode; + fsh_access access; +}; + +struct nlm_shareargs { + netobj cookie; + nlm_share share; + bool reclaim; +}; + +struct nlm_shareres { + netobj cookie; + nlm_stats stat; + int sequence; +}; + +struct nlm_notify { + string name<LM_MAXNAMELEN>; + long state; +}; + +/* + * Argument for the Linux-private SM_NOTIFY procedure + */ +const SM_PRIV_SIZE = 16; + +struct nlm_notifyargs { + nlm_notify notify; + opaque private[SM_PRIV_SIZE]; +}; + +program NLM_PROG { + version NLM_VERS { + void NLM_NULL(void) = 0; + nlm_testres NLM_TEST(nlm_testargs) = 1; + nlm_res NLM_LOCK(nlm_lockargs) = 2; + nlm_res NLM_CANCEL(nlm_cancargs) = 3; + nlm_res NLM_UNLOCK(nlm_unlockargs) = 4; + nlm_res NLM_GRANTED(nlm_testargs) = 5; + void NLM_TEST_MSG(nlm_testargs) = 6; + void NLM_LOCK_MSG(nlm_lockargs) = 7; + void NLM_CANCEL_MSG(nlm_cancargs) = 8; + void NLM_UNLOCK_MSG(nlm_unlockargs) = 9; + void NLM_GRANTED_MSG(nlm_testargs) = 10; + void NLM_TEST_RES(nlm_testres) = 11; + void NLM_LOCK_RES(nlm_res) = 12; + void NLM_CANCEL_RES(nlm_res) = 13; + void NLM_UNLOCK_RES(nlm_res) = 14; + void NLM_GRANTED_RES(nlm_res) = 15; + void NLM_SM_NOTIFY(nlm_notifyargs) = 16; + nlm_shareres NLM_SHARE(nlm_shareargs) = 20; + nlm_shareres NLM_UNSHARE(nlm_shareargs) = 21; + nlm_res NLM_NM_LOCK(nlm_lockargs) = 22; + void NLM_FREE_ALL(nlm_notify) = 23; + } = 3; +} = 100021; |
