NFS: Don't use GFP_KERNEL in rpcsec_gss downcalls

		const void*		input_token,

		const void*		input_token,

		size_t			bufsize,

		size_t			bufsize,

		struct gss_api_mech	*mech,

		struct gss_api_mech	*mech,

		struct gss_ctx		**ctx_id);

		struct gss_ctx		**ctx_id,

		gfp_t			gfp_mask);

u32 gss_get_mic(

u32 gss_get_mic(

		struct gss_ctx		*ctx_id,

		struct gss_ctx		*ctx_id,

		struct xdr_buf		*message,

		struct xdr_buf		*message,

	int (*gss_import_sec_context)(

	int (*gss_import_sec_context)(

			const void		*input_token,

			const void		*input_token,

			size_t			bufsize,

			size_t			bufsize,

			struct gss_ctx		*ctx_id);

			struct gss_ctx		*ctx_id,

			gfp_t			gfp_mask);

	u32 (*gss_get_mic)(

	u32 (*gss_get_mic)(

			struct gss_ctx		*ctx_id,

			struct gss_ctx		*ctx_id,

			struct xdr_buf		*message,

			struct xdr_buf		*message,

krb5_derive_key(const struct gss_krb5_enctype *gk5e,

krb5_derive_key(const struct gss_krb5_enctype *gk5e,

		const struct xdr_netobj *inkey,

		const struct xdr_netobj *inkey,

		struct xdr_netobj *outkey,

		struct xdr_netobj *outkey,

		const struct xdr_netobj *in_constant);

		const struct xdr_netobj *in_constant,

		gfp_t gfp_mask);

u32

u32

gss_krb5_des3_make_key(const struct gss_krb5_enctype *gk5e,

gss_krb5_des3_make_key(const struct gss_krb5_enctype *gk5e,

		p = ERR_PTR(-EFAULT);

		p = ERR_PTR(-EFAULT);

		goto err;

		goto err;

	}

	}

	ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx);

	ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, GFP_NOFS);

	if (ret < 0) {

	if (ret < 0) {

		p = ERR_PTR(ret);

		p = ERR_PTR(ret);

		goto err;

		goto err;

u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,

u32 krb5_derive_key(const struct gss_krb5_enctype *gk5e,

		    const struct xdr_netobj *inkey,

		    const struct xdr_netobj *inkey,

		    struct xdr_netobj *outkey,

		    struct xdr_netobj *outkey,

		    const struct xdr_netobj *in_constant)

		    const struct xdr_netobj *in_constant,

		    gfp_t gfp_mask)

{

{

	size_t blocksize, keybytes, keylength, n;

	size_t blocksize, keybytes, keylength, n;

	unsigned char *inblockdata, *outblockdata, *rawkey;

	unsigned char *inblockdata, *outblockdata, *rawkey;

	/* allocate and set up buffers */

	/* allocate and set up buffers */

	ret = ENOMEM;

	ret = ENOMEM;

	inblockdata = kmalloc(blocksize, GFP_KERNEL);

	inblockdata = kmalloc(blocksize, gfp_mask);

	if (inblockdata == NULL)

	if (inblockdata == NULL)

		goto err_free_cipher;

		goto err_free_cipher;

	outblockdata = kmalloc(blocksize, GFP_KERNEL);

	outblockdata = kmalloc(blocksize, gfp_mask);

	if (outblockdata == NULL)

	if (outblockdata == NULL)

		goto err_free_in;

		goto err_free_in;

	rawkey = kmalloc(keybytes, GFP_KERNEL);

	rawkey = kmalloc(keybytes, gfp_mask);

	if (rawkey == NULL)

	if (rawkey == NULL)

		goto err_free_out;

		goto err_free_out;

}

}

static int

static int

context_derive_keys_des3(struct krb5_ctx *ctx)

context_derive_keys_des3(struct krb5_ctx *ctx, gfp_t gfp_mask)

{

{

	struct xdr_netobj c, keyin, keyout;

	struct xdr_netobj c, keyin, keyout;

	u8 cdata[GSS_KRB5_K5CLENGTH];

	u8 cdata[GSS_KRB5_K5CLENGTH];

	/* derive cksum */

	/* derive cksum */

	set_cdata(cdata, KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM);

	set_cdata(cdata, KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM);

	keyout.data = ctx->cksum;

	keyout.data = ctx->cksum;

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c);

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);

	if (err) {

	if (err) {

		dprintk("%s: Error %d deriving cksum key\n",

		dprintk("%s: Error %d deriving cksum key\n",

			__func__, err);

			__func__, err);

}

}

static int

static int

context_derive_keys_new(struct krb5_ctx *ctx)

context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask)

{

{

	struct xdr_netobj c, keyin, keyout;

	struct xdr_netobj c, keyin, keyout;

	u8 cdata[GSS_KRB5_K5CLENGTH];

	u8 cdata[GSS_KRB5_K5CLENGTH];

	/* initiator seal encryption */

	/* initiator seal encryption */

	set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);

	set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);

	keyout.data = ctx->initiator_seal;

	keyout.data = ctx->initiator_seal;

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c);

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);

	if (err) {

	if (err) {

		dprintk("%s: Error %d deriving initiator_seal key\n",

		dprintk("%s: Error %d deriving initiator_seal key\n",

			__func__, err);

			__func__, err);

	/* acceptor seal encryption */

	/* acceptor seal encryption */

	set_cdata(cdata, KG_USAGE_ACCEPTOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);

	set_cdata(cdata, KG_USAGE_ACCEPTOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);

	keyout.data = ctx->acceptor_seal;

	keyout.data = ctx->acceptor_seal;

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c);

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);

	if (err) {

	if (err) {

		dprintk("%s: Error %d deriving acceptor_seal key\n",

		dprintk("%s: Error %d deriving acceptor_seal key\n",

			__func__, err);

			__func__, err);

	/* initiator sign checksum */

	/* initiator sign checksum */

	set_cdata(cdata, KG_USAGE_INITIATOR_SIGN, KEY_USAGE_SEED_CHECKSUM);

	set_cdata(cdata, KG_USAGE_INITIATOR_SIGN, KEY_USAGE_SEED_CHECKSUM);

	keyout.data = ctx->initiator_sign;

	keyout.data = ctx->initiator_sign;

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c);

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);

	if (err) {

	if (err) {

		dprintk("%s: Error %d deriving initiator_sign key\n",

		dprintk("%s: Error %d deriving initiator_sign key\n",

			__func__, err);

			__func__, err);

	/* acceptor sign checksum */

	/* acceptor sign checksum */

	set_cdata(cdata, KG_USAGE_ACCEPTOR_SIGN, KEY_USAGE_SEED_CHECKSUM);

	set_cdata(cdata, KG_USAGE_ACCEPTOR_SIGN, KEY_USAGE_SEED_CHECKSUM);

	keyout.data = ctx->acceptor_sign;

	keyout.data = ctx->acceptor_sign;

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c);

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);

	if (err) {

	if (err) {

		dprintk("%s: Error %d deriving acceptor_sign key\n",

		dprintk("%s: Error %d deriving acceptor_sign key\n",

			__func__, err);

			__func__, err);

	/* initiator seal integrity */

	/* initiator seal integrity */

	set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_INTEGRITY);

	set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_INTEGRITY);

	keyout.data = ctx->initiator_integ;

	keyout.data = ctx->initiator_integ;

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c);

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);

	if (err) {

	if (err) {

		dprintk("%s: Error %d deriving initiator_integ key\n",

		dprintk("%s: Error %d deriving initiator_integ key\n",

			__func__, err);

			__func__, err);

	/* acceptor seal integrity */

	/* acceptor seal integrity */

	set_cdata(cdata, KG_USAGE_ACCEPTOR_SEAL, KEY_USAGE_SEED_INTEGRITY);

	set_cdata(cdata, KG_USAGE_ACCEPTOR_SEAL, KEY_USAGE_SEED_INTEGRITY);

	keyout.data = ctx->acceptor_integ;

	keyout.data = ctx->acceptor_integ;

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c);

	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);

	if (err) {

	if (err) {

		dprintk("%s: Error %d deriving acceptor_integ key\n",

		dprintk("%s: Error %d deriving acceptor_integ key\n",

			__func__, err);

			__func__, err);

}

}

static int

static int

gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx)

gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,

		gfp_t gfp_mask)

{

{

	int keylen;

	int keylen;

	}

	}

	ctx->mech_used.data = kmemdup(gss_kerberos_mech.gm_oid.data,

	ctx->mech_used.data = kmemdup(gss_kerberos_mech.gm_oid.data,

				      gss_kerberos_mech.gm_oid.len, GFP_KERNEL);

				      gss_kerberos_mech.gm_oid.len, gfp_mask);

	if (unlikely(ctx->mech_used.data == NULL)) {

	if (unlikely(ctx->mech_used.data == NULL)) {

		p = ERR_PTR(-ENOMEM);

		p = ERR_PTR(-ENOMEM);

		goto out_err;

		goto out_err;

	switch (ctx->enctype) {

	switch (ctx->enctype) {

	case ENCTYPE_DES3_CBC_RAW:

	case ENCTYPE_DES3_CBC_RAW:

		return context_derive_keys_des3(ctx);

		return context_derive_keys_des3(ctx, gfp_mask);

	case ENCTYPE_ARCFOUR_HMAC:

	case ENCTYPE_ARCFOUR_HMAC:

		return context_derive_keys_rc4(ctx);

		return context_derive_keys_rc4(ctx);

	case ENCTYPE_AES128_CTS_HMAC_SHA1_96:

	case ENCTYPE_AES128_CTS_HMAC_SHA1_96:

	case ENCTYPE_AES256_CTS_HMAC_SHA1_96:

	case ENCTYPE_AES256_CTS_HMAC_SHA1_96:

		return context_derive_keys_new(ctx);

		return context_derive_keys_new(ctx, gfp_mask);

	default:

	default:

		return -EINVAL;

		return -EINVAL;

	}

	}

static int

static int

gss_import_sec_context_kerberos(const void *p, size_t len,

gss_import_sec_context_kerberos(const void *p, size_t len,

				struct gss_ctx *ctx_id)

				struct gss_ctx *ctx_id,

				gfp_t gfp_mask)

{

{

	const void *end = (const void *)((const char *)p + len);

	const void *end = (const void *)((const char *)p + len);

	struct  krb5_ctx *ctx;

	struct  krb5_ctx *ctx;

	int ret;

	int ret;

	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);

	ctx = kzalloc(sizeof(*ctx), gfp_mask);

	if (ctx == NULL)

	if (ctx == NULL)

		return -ENOMEM;

		return -ENOMEM;

	if (len == 85)

	if (len == 85)

		ret = gss_import_v1_context(p, end, ctx);

		ret = gss_import_v1_context(p, end, ctx);

	else

	else

		ret = gss_import_v2_context(p, end, ctx);

		ret = gss_import_v2_context(p, end, ctx, gfp_mask);

	if (ret == 0)

	if (ret == 0)

		ctx_id->internal_ctx_id = ctx;

		ctx_id->internal_ctx_id = ctx;