This project is mirrored from Pull mirroring updated .
  1. 28 May, 2016 1 commit
    • George Spelvin's avatar
      <linux/sunrpc/svcauth.h>: Define hash_str() in terms of hashlen_string() · 917ea166
      George Spelvin authored
      Finally, the first use of previous two patches: eliminate the
      separate ad-hoc string hash functions in the sunrpc code.
      Now hash_str() is a wrapper around hash_string(), and hash_mem() is
      likewise a wrapper around full_name_hash().
      Note that sunrpc code *does* call hash_mem() with a zero length, which
      is why the previous patch needed to handle that in full_name_hash().
      (Thanks, Bruce, for finding that!)
      This also eliminates the only caller of hash_long which asks for
      more than 32 bits of output.
      The comment about the quality of hashlen_string() and full_name_hash()
      is jumping the gun by a few patches; they aren't very impressive now,
      but will be improved greatly later in the series.
      Signed-off-by: default avatarGeorge Spelvin <>
      Tested-by: default avatarJ. Bruce Fields <>
      Acked-by: default avatarJ. Bruce Fields <>
      Cc: Jeff Layton <>
  2. 24 Nov, 2015 1 commit
    • J. Bruce Fields's avatar
      nfsd4: fix gss-proxy 4.1 mounts for some AD principals · 414ca017
      J. Bruce Fields authored
      The principal name on a gss cred is used to setup the NFSv4.0 callback,
      which has to have a client principal name to authenticate to.
      That code wants the name to be in the form servicetype@hostname.
      rpc.svcgssd passes down such names (and passes down no principal name at
      all in the case the principal isn't a service principal).
      gss-proxy always passes down the principal name, and passes it down in
      the form servicetype/hostname@REALM.  So we've been munging the name
      gss-proxy passes down into the format the NFSv4.0 callback code expects,
      or throwing away the name if we can't.
      Since the introduction of the MACH_CRED enforcement in NFSv4.1, we've
      also been using the principal name to verify that certain operations are
      done as the same principal as was used on the original EXCHANGE_ID call.
      For that application, the original name passed down by gss-proxy is also
      Lack of that name in some cases was causing some kerberized NFSv4.1
      mount failures in an Active Directory environment.
      This fix only works in the gss-proxy case.  The fix for legacy
      rpc.svcgssd would be more involved, and rpc.svcgssd already has other
      problems in the AD case.
      Reported-and-tested-by: default avatarJames Ralston <>
      Acked-by: default avatarSimo Sorce <>
      Signed-off-by: default avatarJ. Bruce Fields <>
  3. 01 Jul, 2013 2 commits
  4. 13 Feb, 2013 1 commit
  5. 01 Jun, 2012 2 commits
  6. 12 Apr, 2012 1 commit
  7. 11 Apr, 2012 1 commit
  8. 11 Mar, 2012 1 commit
    • Trond Myklebust's avatar
      SUNRPC: Fix a few sparse warnings · 09acfea5
      Trond Myklebust authored
      net/sunrpc/svcsock.c:412:22: warning: incorrect type in assignment
      (different address spaces)
       - svc_partial_recvfrom now takes a struct kvec, so the variable
         save_iovbase needs to be an ordinary (void *)
      Make a bunch of variables in net/sunrpc/xprtsock.c static
      Fix a couple of "warning: symbol 'foo' was not declared. Should it be
      static?" reports.
      Fix a couple of conflicting function declarations.
      Signed-off-by: default avatarTrond Myklebust <>
  9. 27 Sep, 2010 2 commits
  10. 21 Sep, 2010 1 commit
  11. 23 Apr, 2008 1 commit
  12. 17 Jul, 2007 1 commit
    • J. Bruce Fields's avatar
      knfsd: nfsd: set rq_client to ip-address-determined-domain · 3ab4d8b1
      J. Bruce Fields authored
      We want it to be possible for users to restrict exports both by IP address and
      by pseudoflavor.  The pseudoflavor information has previously been passed
      using special auth_domains stored in the rq_client field.  After the preceding
      patch that stored the pseudoflavor in rq_pflavor, that's now superfluous; so
      now we use rq_client for the ip information, as auth_null and auth_unix do.
      However, we keep around the special auth_domain in the rq_gssclient field for
      backwards compatibility purposes, so we can still do upcalls using the old
      "gss/pseudoflavor" auth_domain if upcalls using the unix domain to give us an
      appropriate export.  This allows us to continue supporting old mountd.
      In fact, for this first patch, we always use the "gss/pseudoflavor"
      auth_domain (and only it) if it is available; thus rq_client is ignored in the
      auth_gss case, and this patch on its own makes no change in behavior; that
      will be left to later patches.
      Note on idmap: I'm almost tempted to just replace the auth_domain in the idmap
      upcall by a dummy value--no version of idmapd has ever used it, and it's
      unlikely anyone really wants to perform idmapping differently depending on the
      where the client is (they may want to perform *credential* mapping
      differently, but that's a different matter--the idmapper just handles id's
      used in getattr and setattr).  But I'm updating the idmapd code anyway, just
      out of general backwards-compatibility paranoia.
      Signed-off-by: default avatar"J. Bruce Fields" <>
      Signed-off-by: default avatarNeil Brown <>
      Signed-off-by: default avatarAndrew Morton <>
      Signed-off-by: default avatarLinus Torvalds <>
  13. 04 Oct, 2006 1 commit
    • Greg Banks's avatar
      [PATCH] knfsd: knfsd: cache ipmap per TCP socket · 7b2b1fee
      Greg Banks authored
      Speed up high call-rate workloads by caching the struct ip_map for the peer on
      the connected struct svc_sock instead of looking it up in the ip_map cache
      hashtable on every call.  This helps workloads using AUTH_SYS authentication
      over TCP.
      Testing was on a 4 CPU 4 NIC Altix using 4 IRIX clients, each with 16
      synthetic client threads simulating an rsync (i.e.  recursive directory
      listing) workload reading from an i386 RH9 install image (161480 regular files
      in 10841 directories) on the server.  That tree is small enough to fill in the
      server's RAM so no disk traffic was involved.  This setup gives a sustained
      call rate in excess of 60000 calls/sec before being CPU-bound on the server.
      Profiling showed strcmp(), called from ip_map_match(), was taking 4.8% of each
      CPU, and ip_map_lookup() was taking 2.9%.  This patch drops both contribution
      into the profile noise.
      Note that the above result overstates this value of this patch for most
      workloads.  The synthetic clients are all using separate IP addresses, so
      there are 64 entries in the ip_map cache hash.  Because the kernel measured
      contained the bug fixed in commit
      commit 1f1e030b
      and was running on 64bit little-endian machine, probably all of those 64
      entries were on a single chain, thus increasing the cost of ip_map_lookup().
      With a modern kernel you would need more clients to see the same amount of
      performance improvement.  This patch has helped to scale knfsd to handle a
      deployment with 2000 NFS clients.
      Signed-off-by: default avatarGreg Banks <>
      Signed-off-by: default avatarNeil Brown <>
      Signed-off-by: default avatarAndrew Morton <>
      Signed-off-by: default avatarLinus Torvalds <>
  14. 29 Sep, 2006 1 commit
  15. 27 Mar, 2006 1 commit
  16. 16 Apr, 2005 1 commit
    • Linus Torvalds's avatar
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds authored
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      Let it rip!