mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-11-08 00:44:57 +00:00
9fc2f99030
Two significant security enhancements are part of this release:
* NFSD's RPC header encoding and decoding, including RPCSEC GSS
and gssproxy header parsing, has been overhauled to make it
more memory-safe.
* Support for Kerberos AES-SHA2-based encryption types has been
added for both the NFS client and server. This provides a clean
path for deprecating and removing insecure encryption types
based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so
that NFS with Kerberos may now be used on systems with fips
enabled.
In addition to these, NFSD is now able to handle crossing into an
auto-mounted mount point on an exported NFS mount. A number of
fixes have been made to NFSD's server-side copy implementation.
RPC metrics have been converted to per-CPU variables. This helps
reduce unnecessary cross-CPU and cross-node memory bus traffic,
and significantly reduces noise when KCSAN is enabled.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmPzgiYACgkQM2qzM29m
f5dB2A//eqjpj+FgAN+UjygrwMC4ahAsPX3Sc3FG8/lTAiao3NFVFY2gxAiCPyVE
CFk+tUyfL23oXvbyfIBe3LhxSBOf621xU6up2OzqAzJqh1Q9iUWB6as3I14to8ZU
sWpxXo5ofwk1hzkbrvOAVkyfY0emwsr00iBeWMawkpBe8FZEQA31OYj3/xHr6bBI
zEVlZPBZAZlp0DZ74tb+bBLs/EOnqKj+XLWcogCH13JB3sn2umF6cQNkYgsxvHGa
TNQi4LEdzWZGme242LfBRiGGwm1xuVIjlAhYV/R1wIjaknE3QBzqfXc6lJx74WII
HaqpRJGrKqdo7B+1gaXCl/AMS7YluED1CBrxuej0wBG7l2JEB7m2MFMQ4LTQjgsn
nrr3P70DgbB4LuPCPyUS7dtsMmUXabIqP7niiCR4T1toH6lBmHAgEi4cFmkzg7Cd
EoFzn888mtDpfx4fghcsRWS5oKXEzbPJfu5+IZOD63+UB+NGpi0Xo2s23sJPK8vz
kqK/X63JYOUxWUvK0zkj/c/wW1cLqIaBwnSKbShou5/BL+cZVI+uJYrnEesgpoB2
5fh/cZv3hdcoOPO7OfcjCLQYy4J6RCWajptnk/hcS3lMvBTBrnq697iAqCVURDKU
Xfmlf7XbBwje+sk4eHgqVGEqqVjrEmoqbmA2OS44WSS5LDvxXdI=
=ZG/7
-----END PGP SIGNATURE-----
Merge tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
Pull nfsd updates from Chuck Lever:
"Two significant security enhancements are part of this release:
- NFSD's RPC header encoding and decoding, including RPCSEC GSS and
gssproxy header parsing, has been overhauled to make it more
memory-safe.
- Support for Kerberos AES-SHA2-based encryption types has been added
for both the NFS client and server. This provides a clean path for
deprecating and removing insecure encryption types based on DES and
SHA-1. AES-SHA2 is also FIPS-140 compliant, so that NFS with
Kerberos may now be used on systems with fips enabled.
In addition to these, NFSD is now able to handle crossing into an
auto-mounted mount point on an exported NFS mount. A number of fixes
have been made to NFSD's server-side copy implementation.
RPC metrics have been converted to per-CPU variables. This helps
reduce unnecessary cross-CPU and cross-node memory bus traffic, and
significantly reduces noise when KCSAN is enabled"
* tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (121 commits)
NFSD: Clean up nfsd_symlink()
NFSD: copy the whole verifier in nfsd_copy_write_verifier
nfsd: don't fsync nfsd_files on last close
SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes
nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
NFSD: fix problems with cleanup on errors in nfsd4_copy
nfsd: fix race to check ls_layouts
nfsd: don't hand out delegation on setuid files being opened for write
SUNRPC: Remove ->xpo_secure_port()
SUNRPC: Clean up the svc_xprt_flags() macro
nfsd: remove fs/nfsd/fault_inject.c
NFSD: fix leaked reference count of nfsd4_ssc_umount_item
nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
nfsd: zero out pointers after putting nfsd_files on COPY setup error
SUNRPC: Fix whitespace damage in svcauth_unix.c
nfsd: eliminate __nfs4_get_fd
nfsd: add some kerneldoc comments for stateid preprocessing functions
nfsd: eliminate find_deleg_file_locked
nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS
SUNRPC: Add encryption self-tests
...
110 lines
4.1 KiB
C
110 lines
4.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_NAMEI_H
|
|
#define _LINUX_NAMEI_H
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/path.h>
|
|
#include <linux/fcntl.h>
|
|
#include <linux/errno.h>
|
|
|
|
enum { MAX_NESTED_LINKS = 8 };
|
|
|
|
#define MAXSYMLINKS 40
|
|
|
|
/*
|
|
* Type of the last component on LOOKUP_PARENT
|
|
*/
|
|
enum {LAST_NORM, LAST_ROOT, LAST_DOT, LAST_DOTDOT};
|
|
|
|
/* pathwalk mode */
|
|
#define LOOKUP_FOLLOW 0x0001 /* follow links at the end */
|
|
#define LOOKUP_DIRECTORY 0x0002 /* require a directory */
|
|
#define LOOKUP_AUTOMOUNT 0x0004 /* force terminal automount */
|
|
#define LOOKUP_EMPTY 0x4000 /* accept empty path [user_... only] */
|
|
#define LOOKUP_DOWN 0x8000 /* follow mounts in the starting point */
|
|
#define LOOKUP_MOUNTPOINT 0x0080 /* follow mounts in the end */
|
|
|
|
#define LOOKUP_REVAL 0x0020 /* tell ->d_revalidate() to trust no cache */
|
|
#define LOOKUP_RCU 0x0040 /* RCU pathwalk mode; semi-internal */
|
|
|
|
/* These tell filesystem methods that we are dealing with the final component... */
|
|
#define LOOKUP_OPEN 0x0100 /* ... in open */
|
|
#define LOOKUP_CREATE 0x0200 /* ... in object creation */
|
|
#define LOOKUP_EXCL 0x0400 /* ... in exclusive creation */
|
|
#define LOOKUP_RENAME_TARGET 0x0800 /* ... in destination of rename() */
|
|
|
|
/* internal use only */
|
|
#define LOOKUP_PARENT 0x0010
|
|
|
|
/* Scoping flags for lookup. */
|
|
#define LOOKUP_NO_SYMLINKS 0x010000 /* No symlink crossing. */
|
|
#define LOOKUP_NO_MAGICLINKS 0x020000 /* No nd_jump_link() crossing. */
|
|
#define LOOKUP_NO_XDEV 0x040000 /* No mountpoint crossing. */
|
|
#define LOOKUP_BENEATH 0x080000 /* No escaping from starting point. */
|
|
#define LOOKUP_IN_ROOT 0x100000 /* Treat dirfd as fs root. */
|
|
#define LOOKUP_CACHED 0x200000 /* Only do cached lookup */
|
|
/* LOOKUP_* flags which do scope-related checks based on the dirfd. */
|
|
#define LOOKUP_IS_SCOPED (LOOKUP_BENEATH | LOOKUP_IN_ROOT)
|
|
|
|
extern int path_pts(struct path *path);
|
|
|
|
extern int user_path_at_empty(int, const char __user *, unsigned, struct path *, int *empty);
|
|
|
|
static inline int user_path_at(int dfd, const char __user *name, unsigned flags,
|
|
struct path *path)
|
|
{
|
|
return user_path_at_empty(dfd, name, flags, path, NULL);
|
|
}
|
|
|
|
extern int kern_path(const char *, unsigned, struct path *);
|
|
|
|
extern struct dentry *kern_path_create(int, const char *, struct path *, unsigned int);
|
|
extern struct dentry *user_path_create(int, const char __user *, struct path *, unsigned int);
|
|
extern void done_path_create(struct path *, struct dentry *);
|
|
extern struct dentry *kern_path_locked(const char *, struct path *);
|
|
|
|
extern struct dentry *try_lookup_one_len(const char *, struct dentry *, int);
|
|
extern struct dentry *lookup_one_len(const char *, struct dentry *, int);
|
|
extern struct dentry *lookup_one_len_unlocked(const char *, struct dentry *, int);
|
|
extern struct dentry *lookup_positive_unlocked(const char *, struct dentry *, int);
|
|
struct dentry *lookup_one(struct mnt_idmap *, const char *, struct dentry *, int);
|
|
struct dentry *lookup_one_unlocked(struct mnt_idmap *idmap,
|
|
const char *name, struct dentry *base,
|
|
int len);
|
|
struct dentry *lookup_one_positive_unlocked(struct mnt_idmap *idmap,
|
|
const char *name,
|
|
struct dentry *base, int len);
|
|
|
|
extern int follow_down_one(struct path *);
|
|
extern int follow_down(struct path *path, unsigned int flags);
|
|
extern int follow_up(struct path *);
|
|
|
|
extern struct dentry *lock_rename(struct dentry *, struct dentry *);
|
|
extern void unlock_rename(struct dentry *, struct dentry *);
|
|
|
|
extern int __must_check nd_jump_link(const struct path *path);
|
|
|
|
static inline void nd_terminate_link(void *name, size_t len, size_t maxlen)
|
|
{
|
|
((char *) name)[min(len, maxlen)] = '\0';
|
|
}
|
|
|
|
/**
|
|
* retry_estale - determine whether the caller should retry an operation
|
|
* @error: the error that would currently be returned
|
|
* @flags: flags being used for next lookup attempt
|
|
*
|
|
* Check to see if the error code was -ESTALE, and then determine whether
|
|
* to retry the call based on whether "flags" already has LOOKUP_REVAL set.
|
|
*
|
|
* Returns true if the caller should try the operation again.
|
|
*/
|
|
static inline bool
|
|
retry_estale(const long error, const unsigned int flags)
|
|
{
|
|
return error == -ESTALE && !(flags & LOOKUP_REVAL);
|
|
}
|
|
|
|
#endif /* _LINUX_NAMEI_H */
|