Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2683061imu; Tue, 6 Nov 2018 20:14:17 -0800 (PST) X-Google-Smtp-Source: AJdET5dRwq/22m25oogsleXynZeozNEo5GS6Lfn0aAqhJ/YXfM+a80dmVKAi6lJ8clcC9566sM5z X-Received: by 2002:a17:902:64c1:: with SMTP id y1-v6mr387067pli.210.1541564057428; Tue, 06 Nov 2018 20:14:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541564057; cv=none; d=google.com; s=arc-20160816; b=iBIYOAroHbrmTCYoAvKTOF9SeBSlwsEFZsONqlTps87zA1PbgXpbDtyx+DN4Zq7taI 8cxDdH4K55eUx+QfiuFG+tTqYMyDbFLR6/MOwVYORjDDjnfho7fQa7j5FP/9R019QC6O AWU4LOqBCAU8r1hqxA8NuQ74xGQCqlChcW5KXY56BwabH52RO+aAk4pgzNOjDDqttmmk n42EINFdRJEmNHWwtHw25izw0AWaDhhACAMa4sCOomHT++k6LLqoeVe4o60SfXIA8EnS XSGxJ8I6tBUdU9wRv/wMDk+8zkSclJ/y9WpV5sy17n9Rhrm2K01MJ8LjgN5DH97ej7AR ssmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:message-id:cc:subject:date:to:from; bh=Gbjsewybe1ZCw9hvKmjfHgy3PkjvVjyEYUGW1hCmIfs=; b=AteuJkSHGRASkAhtGN89/t2owWKuY6gge2O1tfWSB0dxT+CGrnSk2O1tteL+RipKww AsaHcIAYJHHy9cMkuLk+bQEY25C+32p7xgF9xFrZ2hA0FoxO3poL81pTnIBe7GyyaQi2 Zo3XdYTj+zNEjXDU6N/1FIcNARJpTwNwiSQ2FDZ/hS29F44L8gth77UJvbMWfefIi3cf nCrZwwAMP8EE8ug5XH3wgfR2F+d9PeuWw8zMDuodeVTOIgrcu0h+W6DPXK8DmdRYnawJ rXVDsvdriyA+RgF9PfDwry1V1VB483Acm0Z4S7OrXwGiVcSG13k6wXg2dTakPOdpPGBR W6cg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 20-v6si50130672pgk.190.2018.11.06.20.14.01; Tue, 06 Nov 2018 20:14:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730813AbeKGNmH (ORCPT + 99 others); Wed, 7 Nov 2018 08:42:07 -0500 Received: from mx2.suse.de ([195.135.220.15]:56176 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726671AbeKGNmH (ORCPT ); Wed, 7 Nov 2018 08:42:07 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 7D2F0B176; Wed, 7 Nov 2018 04:13:29 +0000 (UTC) From: NeilBrown To: "J. Bruce Fields" , Chuck Lever , Jeff Layton , Trond Myklebust , Anna Schumaker Date: Wed, 07 Nov 2018 15:12:30 +1100 Subject: [PATCH 00/23 - V4] NFS: Remove generic RPC credentials. Cc: Linux NFS Mailing List , linux-kernel@vger.kernel.org Message-ID: <154156285766.24086.14262073575778354276.stgit@noble> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an updated version of a series I sent in Feb of this year. Since then there have only been minor improvement and updates to sync with the changing kernel. There doesn't seem to be a maintainer for the 'cred' code, so I don't know who to ask to approve the first 4 patches. Maybe if the NFS team like them, they can just go to Linus with a note for him to look at them if he wants to. The original motivation for this was performance. In some circumstances the cred caches can get big and particularly can get long chains. The hash function has been changed at least once to improve the hashing and it still isn't perfect. Rather than improving pruning of the cache, or resizing the hashtable etc, it is easiest to just get rid of it. As well as discarding generic credentials completely (using 'struct cred' instead), we also stop storing AUTH_UNIX credentials in a hash table - that brings no value. Just allocate as needed and discard when finished with. So the only hash table will still have is for AUTH_GSS. One of the main triggers for hashtable problems was users changing groups a lot, so there would be many entries for the one user, each with a different set of groups. That doesn't apply for AUTH_GSS as the groupids on the client are ignored. That was the original motivation, but as I worked on it, I realized that it was making a log of code simpler. 44 files changed, 550 insertions(+), 925 deletions(-) That is sufficient motivation in itself I think. Review comments most welcome. Thanks, NeilBrown --- NeilBrown (23): cred: add cred_fscmp() for comparing creds. cred: add get_cred_rcu() cred: export get_task_cred(). cred: allow get_cred() and put_cred() to be given NULL. SUNRPC: add 'struct cred *' to auth_cred and rpc_cred SUNRPC: remove groupinfo from struct auth_cred. SUNRPC: remove uid and gid from struct auth_cred SUNRPC: remove machine_cred field from struct auth_cred NFSv4: add cl_root_cred for use when machine cred is not available. NFSv4: don't require lock for get_renew_cred or get_machine_cred SUNRPC: discard RPC_DO_ROOTOVERRIDE() NFS/SUNRPC: don't lookup machine credential until rpcauth_bindcred(). SUNRPC: introduce RPC_TASK_NULLCREDS to request auth_none SUNRPC: add side channel to use non-generic cred for rpc call. NFS: move credential expiry tracking out of SUNRPC into NFS. SUNRPC: remove RPCAUTH_AUTH_NO_CRKEY_TIMEOUT NFS: change access cache to use 'struct cred'. NFS: struct nfs_open_dir_context: convert rpc_cred pointer to cred. NFS/NFSD/SUNRPC: replace generic creds with 'struct cred'. SUNRPC: remove generic cred code. SUNRPC: remove crbind rpc_cred operation SUNRPC: simplify auth_unix. SUNRPC discard cr_uid from struct rpc_cred. fs/lockd/clntproc.c | 6 - fs/nfs/blocklayout/blocklayout.c | 2 fs/nfs/client.c | 9 - fs/nfs/delegation.c | 28 +-- fs/nfs/delegation.h | 10 - fs/nfs/dir.c | 59 ++---- fs/nfs/flexfilelayout/flexfilelayout.c | 64 +++--- fs/nfs/flexfilelayout/flexfilelayout.h | 8 - fs/nfs/flexfilelayout/flexfilelayoutdev.c | 16 +- fs/nfs/inode.c | 13 + fs/nfs/internal.h | 8 - fs/nfs/nfs3proc.c | 4 fs/nfs/nfs4_fs.h | 65 +++--- fs/nfs/nfs4client.c | 4 fs/nfs/nfs4proc.c | 150 +++++++-------- fs/nfs/nfs4renewd.c | 9 - fs/nfs/nfs4session.c | 5 fs/nfs/nfs4state.c | 129 ++++++------- fs/nfs/pagelist.c | 2 fs/nfs/pnfs.c | 14 + fs/nfs/pnfs.h | 10 - fs/nfs/pnfs_dev.c | 4 fs/nfs/pnfs_nfs.c | 2 fs/nfs/proc.c | 2 fs/nfs/unlink.c | 15 - fs/nfs/write.c | 24 ++ fs/nfsd/nfs4callback.c | 31 +-- fs/nfsd/state.h | 2 include/linux/cred.h | 26 ++- include/linux/nfs_fs.h | 13 + include/linux/nfs_fs_sb.h | 2 include/linux/nfs_xdr.h | 16 +- include/linux/sunrpc/auth.h | 51 ----- include/linux/sunrpc/clnt.h | 1 include/linux/sunrpc/sched.h | 6 - kernel/cred.c | 58 ++++++ net/sunrpc/Makefile | 2 net/sunrpc/auth.c | 116 ++++++----- net/sunrpc/auth_generic.c | 299 ----------------------------- net/sunrpc/auth_gss/auth_gss.c | 45 +--- net/sunrpc/auth_null.c | 4 net/sunrpc/auth_unix.c | 110 +++-------- net/sunrpc/clnt.c | 26 +-- net/sunrpc/sched.c | 5 44 files changed, 550 insertions(+), 925 deletions(-) delete mode 100644 net/sunrpc/auth_generic.c -- Signature