NLM: allow lockd requests from an unprivileged port
authorChuck Lever <chuck.lever@oracle.com>
Tue, 23 Dec 2008 20:21:38 +0000 (15:21 -0500)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Tue, 23 Dec 2008 20:21:38 +0000 (15:21 -0500)
If the admin has specified the "noresvport" option for an NFS mount
point, the kernel's NFS client uses an unprivileged source port for
the main NFS transport.  The kernel's lockd client should use an
unprivileged port in this case as well.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fs/lockd/clntlock.c
fs/lockd/host.c
fs/nfs/client.c
include/linux/lockd/bind.h
include/linux/lockd/lockd.h

index 94d42cc4e3939002def673653f356be80538fe88..1f3b0fc0d351de0f6bd6ea7f48e3344e99f1fe56 100644 (file)
@@ -61,7 +61,7 @@ struct nlm_host *nlmclnt_init(const struct nlmclnt_initdata *nlm_init)
 
        host = nlmclnt_lookup_host(nlm_init->address, nlm_init->addrlen,
                                   nlm_init->protocol, nlm_version,
-                                  nlm_init->hostname);
+                                  nlm_init->hostname, nlm_init->noresvport);
        if (host == NULL) {
                lockd_down();
                return ERR_PTR(-ENOLCK);
index 70fc63a1727b131f496bc9a98186d61a022dc975..acc2aa5021d1a8e8c6dee3b0392059b75d08e015 100644 (file)
@@ -48,6 +48,7 @@ struct nlm_lookup_host_info {
        const size_t            hostname_len;   /* it's length */
        const struct sockaddr   *src_sap;       /* our address (optional) */
        const size_t            src_len;        /* it's length */
+       const int               noresvport;     /* use non-priv port */
 };
 
 /*
@@ -222,6 +223,7 @@ static struct nlm_host *nlm_lookup_host(struct nlm_lookup_host_info *ni)
        host->h_nsmstate   = 0;                 /* real NSM state */
        host->h_nsmhandle  = nsm;
        host->h_server     = ni->server;
+       host->h_noresvport = ni->noresvport;
        hlist_add_head(&host->h_hash, chain);
        INIT_LIST_HEAD(&host->h_lockowners);
        spin_lock_init(&host->h_lock);
@@ -272,6 +274,7 @@ nlm_destroy_host(struct nlm_host *host)
  * @protocol: transport protocol to use
  * @version: NLM protocol version
  * @hostname: '\0'-terminated hostname of server
+ * @noresvport: 1 if non-privileged port should be used
  *
  * Returns an nlm_host structure that matches the passed-in
  * [server address, transport protocol, NLM version, server hostname].
@@ -281,7 +284,9 @@ nlm_destroy_host(struct nlm_host *host)
 struct nlm_host *nlmclnt_lookup_host(const struct sockaddr *sap,
                                     const size_t salen,
                                     const unsigned short protocol,
-                                    const u32 version, const char *hostname)
+                                    const u32 version,
+                                    const char *hostname,
+                                    int noresvport)
 {
        const struct sockaddr source = {
                .sa_family      = AF_UNSPEC,
@@ -296,6 +301,7 @@ struct nlm_host *nlmclnt_lookup_host(const struct sockaddr *sap,
                .hostname_len   = strlen(hostname),
                .src_sap        = &source,
                .src_len        = sizeof(source),
+               .noresvport     = noresvport,
        };
 
        dprintk("lockd: %s(host='%s', vers=%u, proto=%s)\n", __func__,
@@ -417,6 +423,8 @@ nlm_bind_host(struct nlm_host *host)
                 */
                if (!host->h_server)
                        args.flags |= RPC_CLNT_CREATE_HARDRTRY;
+               if (host->h_noresvport)
+                       args.flags |= RPC_CLNT_CREATE_NONPRIVPORT;
 
                clnt = rpc_create(&args);
                if (!IS_ERR(clnt))
index 3a69cacc4fa4181c74dcae896a74e9f73747ff76..70b6d9e8517d5330de3ca41c7d1ff5f69112130f 100644 (file)
@@ -526,6 +526,8 @@ static int nfs_start_lockd(struct nfs_server *server)
                .protocol       = server->flags & NFS_MOUNT_TCP ?
                                                IPPROTO_TCP : IPPROTO_UDP,
                .nfs_version    = clp->rpc_ops->version,
+               .noresvport     = server->flags & NFS_MOUNT_NORESVPORT ?
+                                       1 : 0,
        };
 
        if (nlm_init.nfs_version > 3)
index e5872dc994c0a0761d601229ced0d77676756397..fbc48f898521c1a24492c8eb782c12301e341568 100644 (file)
@@ -41,6 +41,7 @@ struct nlmclnt_initdata {
        size_t                  addrlen;
        unsigned short          protocol;
        u32                     nfs_version;
+       int                     noresvport;
 };
 
 /*
index b56d5aa9b194c0d87296b303874d331b84246413..23da3fa69efa9bf261a4e5bad76b31b9bc2258ec 100644 (file)
@@ -49,6 +49,7 @@ struct nlm_host {
        unsigned short          h_proto;        /* transport proto */
        unsigned short          h_reclaiming : 1,
                                h_server     : 1, /* server side, not client side */
+                               h_noresvport : 1,
                                h_inuse      : 1;
        wait_queue_head_t       h_gracewait;    /* wait while reclaiming */
        struct rw_semaphore     h_rwsem;        /* Reboot recovery lock */
@@ -220,7 +221,8 @@ struct nlm_host  *nlmclnt_lookup_host(const struct sockaddr *sap,
                                        const size_t salen,
                                        const unsigned short protocol,
                                        const u32 version,
-                                       const char *hostname);
+                                       const char *hostname,
+                                       int noresvport);
 struct nlm_host  *nlmsvc_lookup_host(const struct svc_rqst *rqstp,
                                        const char *hostname,
                                        const size_t hostname_len);