aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
authorLinus Torvalds <torvalds@linux-foundation.org>2026-06-18 09:14:15 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2026-06-18 09:14:15 -0700
commit3dc7c001169d112b3e514cacff6c93091c57af9a (patch)
treebc3afccf5791c512b2e3965b4435319ba1e04324 /Documentation
parent6edc20078ad0b05ab2dc2693965d373628d65f80 (diff)
parente5248a7426030db1e126363f72afdb3b71339a5c (diff)
downloadath-3dc7c001169d112b3e514cacff6c93091c57af9a.tar.gz
Merge tag 'nfsd-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
Pull nfsd updates from Chuck Lever: "Jeff Layton wired up netlink upcalls for the auth.unix.ip and auth.unix.gid caches in SunRPC and the svc_export and nfsd.fh caches in NFSD. The new kernel-user API is more extensible and lays the groundwork for retiring the old pipe interface. The default NFS r/w block size rises to 4MB on hosts with at least 16GB of RAM, reducing per-RPC overhead on fast networks. Smaller machines keep their previously computed default, and the value remains tunable through /proc/fs/nfsd/max_block_size. Chuck Lever converted the server's RPCSEC GSS Kerberos code to the kernel's shared crypto/krb5 library. The conversion retires and removes SunRPC's bespoke implementation of Kerberos v5, but keeps RPCSEC GSS-API. Continuing the xdrgen migration that converted the NLMv4 server XDR layer in v7.1, Chuck Lever converted the NLM version 3 server-side XDR layer from hand-written C to xdrgen-generated code. As with the NLMv4 conversion in v7.1, the goals are improved memory safety, lower maintenance burden, and groundwork for generation of Rust code for this layer instead of C. Chuck Lever fixed an issue where lingering NFSv4 state pins a mounted file system after it is unexported. A new netlink-based mechanism can now release NLM locks and NFSv4 state by client address, by filesystem, and by export. Now an administrator can quiesce an export cleanly before unmounting it. The remaining patches are bug fixes, clean-ups, and minor optimizations, including a batch of memory-leak and use-after-free fixes in the ACL, lockd, and TLS handshake paths, many of them reported by Chris Mason. Sincere thanks to all contributors, reviewers, testers, and bug reporters who participated in the v7.2 NFSD development cycle" * tag 'nfsd-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (106 commits) svcrdma: wake sq waiters when the transport closes nfsd: reset write verifier on deferred writeback errors nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race sunrpc: wait for in-flight TLS handshake callback when cancel loses race sunrpc: pin svc_xprt across the asynchronous TLS handshake callback nfsd: fix posix_acl leak on SETACL decode failure nfsd: fix posix_acl leak and ignored error in nfsd4_create_file nfsd: check get_user() return when reading princhashlen nfsd: fix inverted cp_ttl check in async copy reaper nfsd: fix dead ACL conflict guard in nfsd4_create NFSD: Fix SECINFO_NO_NAME decode error cleanup sunrpc: harden rq_procinfo lifecycle to prevent double-free SUNRPC: Return an error from xdr_buf_to_bvec() on overflow SUNRPC: Bound-check xdr_buf_to_bvec() stores before writing nfsd: release layout stid on setlease failure lockd: Avoid hashing uninitialized bytes in nlm4svc_lookup_file() lockd: Plug nlm_file refcount leak on cached nlm_do_fopen() failure lockd: Plug nlm_file leak when nlm_do_fopen() fails Revert "NFSD: Defer sub-object cleanup in export put callbacks" Revert "svcrdma: Use contiguous pages for RDMA Read sink buffers" ...
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/netlink/specs/nfsd.yaml290
-rw-r--r--Documentation/netlink/specs/sunrpc_cache.yaml149
-rw-r--r--Documentation/sunrpc/xdr/nlm3.x168
3 files changed, 607 insertions, 0 deletions
diff --git a/Documentation/netlink/specs/nfsd.yaml b/Documentation/netlink/specs/nfsd.yaml
index 8ab43c8253b2e..8f36fadd68f75 100644
--- a/Documentation/netlink/specs/nfsd.yaml
+++ b/Documentation/netlink/specs/nfsd.yaml
@@ -6,8 +6,52 @@ uapi-header: linux/nfsd_netlink.h
doc: NFSD configuration over generic netlink.
+definitions:
+ -
+ type: flags
+ name: cache-type
+ entries: [svc_export, expkey]
+ -
+ type: flags
+ name: export-flags
+ doc: These flags are ordered to match the NFSEXP_* flags in include/linux/nfsd/export.h
+ entries:
+ - readonly
+ - insecure-port
+ - rootsquash
+ - allsquash
+ - async
+ - gathered-writes
+ - noreaddirplus
+ - security-label
+ - sign-fh
+ - nohide
+ - nosubtreecheck
+ - noauthnlm
+ - msnfs
+ - fsid
+ - crossmount
+ - noacl
+ - v4root
+ - pnfs
+ -
+ type: flags
+ name: xprtsec-mode
+ doc: These flags are ordered to match the NFSEXP_XPRTSEC_* flags in include/linux/nfsd/export.h
+ entries:
+ - none
+ - tls
+ - mtls
+
attribute-sets:
-
+ name: cache-notify
+ attributes:
+ -
+ name: cache-type
+ type: u32
+ enum: cache-type
+ -
name: rpc-status
attributes:
-
@@ -132,6 +176,160 @@ attribute-sets:
-
name: npools
type: u32
+ -
+ name: fslocation
+ attributes:
+ -
+ name: host
+ type: string
+ -
+ name: path
+ type: string
+ -
+ name: fslocations
+ attributes:
+ -
+ name: location
+ type: nest
+ nested-attributes: fslocation
+ multi-attr: true
+ -
+ name: auth-flavor
+ attributes:
+ -
+ name: pseudoflavor
+ type: u32
+ -
+ name: flags
+ type: u32
+ enum: export-flags
+ enum-as-flags: true
+ -
+ name: svc-export
+ attributes:
+ -
+ name: seqno
+ type: u64
+ -
+ name: client
+ type: string
+ -
+ name: path
+ type: string
+ -
+ name: negative
+ type: flag
+ -
+ name: expiry
+ type: u64
+ -
+ name: anon-uid
+ type: u32
+ -
+ name: anon-gid
+ type: u32
+ -
+ name: fslocations
+ type: nest
+ nested-attributes: fslocations
+ -
+ name: uuid
+ type: binary
+ -
+ name: secinfo
+ type: nest
+ nested-attributes: auth-flavor
+ multi-attr: true
+ -
+ name: xprtsec
+ type: u32
+ enum: xprtsec-mode
+ multi-attr: true
+ -
+ name: flags
+ type: u32
+ enum: export-flags
+ enum-as-flags: true
+ -
+ name: fsid
+ type: s32
+ -
+ name: svc-export-reqs
+ attributes:
+ -
+ name: requests
+ type: nest
+ nested-attributes: svc-export
+ multi-attr: true
+ -
+ name: expkey
+ attributes:
+ -
+ name: seqno
+ type: u64
+ -
+ name: client
+ type: string
+ -
+ name: fsidtype
+ type: u8
+ -
+ name: fsid
+ type: binary
+ -
+ name: negative
+ type: flag
+ -
+ name: expiry
+ type: u64
+ -
+ name: path
+ type: string
+ -
+ name: expkey-reqs
+ attributes:
+ -
+ name: requests
+ type: nest
+ nested-attributes: expkey
+ multi-attr: true
+ -
+ name: cache-flush
+ attributes:
+ -
+ name: mask
+ type: u32
+ enum: cache-type
+ enum-as-flags: true
+ -
+ name: unlock-ip
+ attributes:
+ -
+ name: address
+ type: binary
+ doc: struct sockaddr_in or struct sockaddr_in6.
+ checks:
+ min-len: 16
+ -
+ name: unlock-filesystem
+ attributes:
+ -
+ name: path
+ type: string
+ doc: Filesystem path whose state should be released.
+ -
+ name: unlock-export
+ attributes:
+ -
+ name: path
+ type: string
+ doc: >-
+ Export path whose NFSv4 state should be revoked.
+ All state (opens, locks, delegations, layouts) acquired
+ through any export of this path is revoked, regardless
+ of which client holds the state. Intended for use after
+ all clients have been unexported from a given path,
+ enabling the underlying filesystem to be unmounted.
operations:
list:
@@ -233,3 +431,95 @@ operations:
attributes:
- mode
- npools
+ -
+ name: cache-notify
+ doc: Notification that there are cache requests that need servicing
+ attribute-set: cache-notify
+ mcgrp: exportd
+ event:
+ attributes:
+ - cache-type
+ -
+ name: svc-export-get-reqs
+ doc: Dump all pending svc_export requests
+ attribute-set: svc-export-reqs
+ flags: [admin-perm]
+ dump:
+ reply:
+ attributes:
+ - requests
+ -
+ name: svc-export-set-reqs
+ doc: Respond to one or more svc_export requests
+ attribute-set: svc-export-reqs
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - requests
+ -
+ name: expkey-get-reqs
+ doc: Dump all pending expkey requests
+ attribute-set: expkey-reqs
+ flags: [admin-perm]
+ dump:
+ reply:
+ attributes:
+ - requests
+ -
+ name: expkey-set-reqs
+ doc: Respond to one or more expkey requests
+ attribute-set: expkey-reqs
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - requests
+ -
+ name: cache-flush
+ doc: Flush nfsd caches (svc_export and/or expkey)
+ attribute-set: cache-flush
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - mask
+ -
+ name: unlock-ip
+ doc: release NLM locks held by an IP address
+ attribute-set: unlock-ip
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - address
+ -
+ name: unlock-filesystem
+ doc: revoke NFS state under a filesystem path
+ attribute-set: unlock-filesystem
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - path
+ -
+ name: unlock-export
+ doc: >-
+ Revoke NFSv4 state acquired through exports of a given path.
+ Unlike unlock-filesystem, which operates at superblock granularity,
+ this command targets only state associated with a specific export
+ path. Userspace (exportfs -u) sends this after removing the last
+ client for a path so the underlying filesystem can be unmounted.
+ attribute-set: unlock-export
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - path
+
+mcast-groups:
+ list:
+ -
+ name: none
+ -
+ name: exportd
diff --git a/Documentation/netlink/specs/sunrpc_cache.yaml b/Documentation/netlink/specs/sunrpc_cache.yaml
new file mode 100644
index 0000000000000..f22ff22b9418f
--- /dev/null
+++ b/Documentation/netlink/specs/sunrpc_cache.yaml
@@ -0,0 +1,149 @@
+# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
+---
+name: sunrpc
+protocol: genetlink
+uapi-header: linux/sunrpc_netlink.h
+
+doc: SUNRPC cache upcall support over generic netlink.
+
+definitions:
+ -
+ type: flags
+ name: cache-type
+ entries: [ip_map, unix_gid]
+
+attribute-sets:
+ -
+ name: cache-notify
+ attributes:
+ -
+ name: cache-type
+ type: u32
+ enum: cache-type
+ -
+ name: ip-map
+ attributes:
+ -
+ name: seqno
+ type: u64
+ -
+ name: class
+ type: string
+ -
+ name: addr
+ type: string
+ -
+ name: domain
+ type: string
+ -
+ name: negative
+ type: flag
+ -
+ name: expiry
+ type: u64
+ -
+ name: ip-map-reqs
+ attributes:
+ -
+ name: requests
+ type: nest
+ nested-attributes: ip-map
+ multi-attr: true
+ -
+ name: unix-gid
+ attributes:
+ -
+ name: seqno
+ type: u64
+ -
+ name: uid
+ type: u32
+ -
+ name: gids
+ type: u32
+ multi-attr: true
+ -
+ name: negative
+ type: flag
+ -
+ name: expiry
+ type: u64
+ -
+ name: unix-gid-reqs
+ attributes:
+ -
+ name: requests
+ type: nest
+ nested-attributes: unix-gid
+ multi-attr: true
+ -
+ name: cache-flush
+ attributes:
+ -
+ name: mask
+ type: u32
+ enum: cache-type
+ enum-as-flags: true
+
+operations:
+ list:
+ -
+ name: cache-notify
+ doc: Notification that there are cache requests that need servicing
+ attribute-set: cache-notify
+ mcgrp: exportd
+ event:
+ attributes:
+ - cache-type
+ -
+ name: ip-map-get-reqs
+ doc: Dump all pending ip_map requests
+ attribute-set: ip-map-reqs
+ flags: [admin-perm]
+ dump:
+ reply:
+ attributes:
+ - requests
+ -
+ name: ip-map-set-reqs
+ doc: Respond to one or more ip_map requests
+ attribute-set: ip-map-reqs
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - requests
+ -
+ name: unix-gid-get-reqs
+ doc: Dump all pending unix_gid requests
+ attribute-set: unix-gid-reqs
+ flags: [admin-perm]
+ dump:
+ reply:
+ attributes:
+ - requests
+ -
+ name: unix-gid-set-reqs
+ doc: Respond to one or more unix_gid requests
+ attribute-set: unix-gid-reqs
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - requests
+ -
+ name: cache-flush
+ doc: Flush sunrpc caches (ip_map and/or unix_gid)
+ attribute-set: cache-flush
+ flags: [admin-perm]
+ do:
+ request:
+ attributes:
+ - mask
+
+mcast-groups:
+ list:
+ -
+ name: none
+ -
+ name: exportd
diff --git a/Documentation/sunrpc/xdr/nlm3.x b/Documentation/sunrpc/xdr/nlm3.x
new file mode 100644
index 0000000000000..b2e704f7b8649
--- /dev/null
+++ b/Documentation/sunrpc/xdr/nlm3.x
@@ -0,0 +1,168 @@
+/*
+ * This file was extracted by hand from
+ * https://pubs.opengroup.org/onlinepubs/9629799/chap10.htm#tagcjh_11_03
+ */
+
+/*
+ * The NLMv3 protocol
+ */
+
+pragma header nlm3;
+
+const LM_MAXSTRLEN = 1024;
+
+const LM_MAXNAMELEN = 1025;
+
+const MAXNETOBJ_SZ = 1024;
+
+typedef opaque netobj<MAXNETOBJ_SZ>;
+
+enum nlm_stats {
+ LCK_GRANTED = 0,
+ LCK_DENIED = 1,
+ LCK_DENIED_NOLOCKS = 2,
+ LCK_BLOCKED = 3,
+ LCK_DENIED_GRACE_PERIOD = 4
+};
+
+pragma big_endian nlm_stats;
+
+struct nlm_stat {
+ nlm_stats stat;
+};
+
+struct nlm_res {
+ netobj cookie;
+ nlm_stat stat;
+};
+
+struct nlm_holder {
+ bool exclusive;
+ int uppid;
+ netobj oh;
+ unsigned int l_offset;
+ unsigned int l_len;
+};
+
+union nlm_testrply switch (nlm_stats stat) {
+ case LCK_DENIED:
+ nlm_holder holder;
+ default:
+ void;
+};
+
+struct nlm_testres {
+ netobj cookie;
+ nlm_testrply test_stat;
+};
+
+struct nlm_lock {
+ string caller_name<LM_MAXSTRLEN>;
+ netobj fh;
+ netobj oh;
+ int uppid;
+ unsigned int l_offset;
+ unsigned int l_len;
+};
+
+struct nlm_lockargs {
+ netobj cookie;
+ bool block;
+ bool exclusive;
+ nlm_lock alock;
+ bool reclaim;
+ int state;
+};
+
+struct nlm_cancargs {
+ netobj cookie;
+ bool block;
+ bool exclusive;
+ nlm_lock alock;
+};
+
+struct nlm_testargs {
+ netobj cookie;
+ bool exclusive;
+ nlm_lock alock;
+};
+
+struct nlm_unlockargs {
+ netobj cookie;
+ nlm_lock alock;
+};
+
+enum fsh_mode {
+ fsm_DN = 0,
+ fsm_DR = 1,
+ fsm_DW = 2,
+ fsm_DRW = 3
+};
+
+enum fsh_access {
+ fsa_NONE = 0,
+ fsa_R = 1,
+ fsa_W = 2,
+ fsa_RW = 3
+};
+
+struct nlm_share {
+ string caller_name<LM_MAXSTRLEN>;
+ netobj fh;
+ netobj oh;
+ fsh_mode mode;
+ fsh_access access;
+};
+
+struct nlm_shareargs {
+ netobj cookie;
+ nlm_share share;
+ bool reclaim;
+};
+
+struct nlm_shareres {
+ netobj cookie;
+ nlm_stats stat;
+ int sequence;
+};
+
+struct nlm_notify {
+ string name<LM_MAXNAMELEN>;
+ long state;
+};
+
+/*
+ * Argument for the Linux-private SM_NOTIFY procedure
+ */
+const SM_PRIV_SIZE = 16;
+
+struct nlm_notifyargs {
+ nlm_notify notify;
+ opaque private[SM_PRIV_SIZE];
+};
+
+program NLM_PROG {
+ version NLM_VERS {
+ void NLM_NULL(void) = 0;
+ nlm_testres NLM_TEST(nlm_testargs) = 1;
+ nlm_res NLM_LOCK(nlm_lockargs) = 2;
+ nlm_res NLM_CANCEL(nlm_cancargs) = 3;
+ nlm_res NLM_UNLOCK(nlm_unlockargs) = 4;
+ nlm_res NLM_GRANTED(nlm_testargs) = 5;
+ void NLM_TEST_MSG(nlm_testargs) = 6;
+ void NLM_LOCK_MSG(nlm_lockargs) = 7;
+ void NLM_CANCEL_MSG(nlm_cancargs) = 8;
+ void NLM_UNLOCK_MSG(nlm_unlockargs) = 9;
+ void NLM_GRANTED_MSG(nlm_testargs) = 10;
+ void NLM_TEST_RES(nlm_testres) = 11;
+ void NLM_LOCK_RES(nlm_res) = 12;
+ void NLM_CANCEL_RES(nlm_res) = 13;
+ void NLM_UNLOCK_RES(nlm_res) = 14;
+ void NLM_GRANTED_RES(nlm_res) = 15;
+ void NLM_SM_NOTIFY(nlm_notifyargs) = 16;
+ nlm_shareres NLM_SHARE(nlm_shareargs) = 20;
+ nlm_shareres NLM_UNSHARE(nlm_shareargs) = 21;
+ nlm_res NLM_NM_LOCK(nlm_lockargs) = 22;
+ void NLM_FREE_ALL(nlm_notify) = 23;
+ } = 3;
+} = 100021;