nfsd4: better reservation of head space for krb5

RPC_MAX_AUTH_SIZE is scattered around several places.  Better to set it
once in the auth code, where this kind of estimate should be made.  And
while we're at it we can leave it zero when we're not using krb5i or
krb5p.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 2d786b813c7ef5a054bd814f2951c7bd39aede3b..16e71d033ea5d7393d8b2342e4076ea326dd1265 100644 (file)
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1261,13 +1261,13 @@ static void svcxdr_init_encode(struct svc_rqst *rqstp,
        xdr->buf = buf;
        xdr->iov = head;
        xdr->p   = head->iov_base + head->iov_len;
-       xdr->end = head->iov_base + PAGE_SIZE - 2 * RPC_MAX_AUTH_SIZE;
+       xdr->end = head->iov_base + PAGE_SIZE - rqstp->rq_auth_slack;
        /* Tail and page_len should be zero at this point: */
        buf->len = buf->head[0].iov_len;
        xdr->scratch.iov_len = 0;
        xdr->page_ptr = buf->pages;
        buf->buflen = PAGE_SIZE * (1 + rqstp->rq_page_end - buf->pages)
-               - 2 * RPC_MAX_AUTH_SIZE;
+               - rqstp->rq_auth_slack;
 }
 
 /*

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 62b882dc48ec2e011610e3163d5cc91c94130c73..d0a016a502becb71e549546876220f8f35ba7626 100644 (file)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -2288,7 +2288,7 @@ nfsd4_sequence(struct svc_rqst *rqstp,
                        session->se_fchannel.maxresp_sz;
        status = (seq->cachethis) ? nfserr_rep_too_big_to_cache :
                                    nfserr_rep_too_big;
-       if (xdr_restrict_buflen(xdr, buflen - 2 * RPC_MAX_AUTH_SIZE))
+       if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack))
                goto out_put_session;
        svc_reserve(rqstp, buflen);
 

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 3e347a1caec49f3d00c0b7eaeede28ad6f396019..470fe8998c9b820352e234c0aa9e2bd267804863 100644 (file)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1611,7 +1611,8 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
        DECODE_HEAD;
        struct nfsd4_op *op;
        bool cachethis = false;
-       int max_reply = 2 * RPC_MAX_AUTH_SIZE + 8; /* opcnt, status */
+       int auth_slack= argp->rqstp->rq_auth_slack;
+       int max_reply = auth_slack + 8; /* opcnt, status */
        int readcount = 0;
        int readbytes = 0;
        int i;
@@ -1677,7 +1678,7 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
        svc_reserve(argp->rqstp, max_reply + readbytes);
        argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
 
-       if (readcount > 1 || max_reply > PAGE_SIZE - 2*RPC_MAX_AUTH_SIZE)
+       if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
                argp->rqstp->rq_splice_ok = false;
 
        DECODE_TAIL;

diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
index 85cb6472a423d0fcc55966168779a5aed017d73d..1bc7cd05b22e0eaf44854b0181d9349e65794be7 100644 (file)
--- a/include/linux/sunrpc/svc.h
+++ b/include/linux/sunrpc/svc.h
@@ -260,7 +260,10 @@ struct svc_rqst {
        void *                  rq_argp;        /* decoded arguments */
        void *                  rq_resp;        /* xdr'd results */
        void *                  rq_auth_data;   /* flavor-specific data */
-
+       int                     rq_auth_slack;  /* extra space xdr code
+                                                * should leave in head
+                                                * for krb5i, krb5p.
+                                                */
        int                     rq_reserved;    /* space on socket outq
                                                 * reserved for this request
                                                 */
@@ -456,11 +459,7 @@ char *                svc_print_addr(struct svc_rqst *, char *, size_t);
  */
 static inline void svc_reserve_auth(struct svc_rqst *rqstp, int space)
 {
-       int added_space = 0;
-
-       if (rqstp->rq_authop->flavour)
-               added_space = RPC_MAX_AUTH_SIZE;
-       svc_reserve(rqstp, space + added_space);
+       svc_reserve(rqstp, space + rqstp->rq_auth_slack);
 }
 
 #endif /* SUNRPC_SVC_H */

diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 0f73f450774675da7666d10cb50c57571a11c27a..4ce5eccec1f64c27f70422a6c489e7b1074fb1d2 100644 (file)
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1503,6 +1503,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
                        if (unwrap_integ_data(rqstp, &rqstp->rq_arg,
                                        gc->gc_seq, rsci->mechctx))
                                goto garbage_args;
+                       rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE;
                        break;
                case RPC_GSS_SVC_PRIVACY:
                        /* placeholders for length and seq. number: */
@@ -1511,6 +1512,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
                        if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
                                        gc->gc_seq, rsci->mechctx))
                                goto garbage_args;
+                       rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE * 2;
                        break;
                default:
                        goto auth_err;

diff --git a/net/sunrpc/svcauth.c b/net/sunrpc/svcauth.c
index 2af7b0cba43aee5cc03588ca129860e831e6e4ec..79c0f3459b5c300ea4447d9f86f0ef7c28796447 100644 (file)
--- a/net/sunrpc/svcauth.c
+++ b/net/sunrpc/svcauth.c
@@ -54,6 +54,8 @@ svc_authenticate(struct svc_rqst *rqstp, __be32 *authp)
        }
        spin_unlock(&authtab_lock);
 
+       rqstp->rq_auth_slack = 0;
+
        rqstp->rq_authop = aops;
        return aops->accept(rqstp, authp);
 }