SUNRPC: Enforce atomic updates of rpc_cred->cr_flags

	struct hlist_node	cr_hash;	/* hash chain */

	struct hlist_node	cr_hash;	/* hash chain */

	struct rpc_auth *	cr_auth;

	struct rpc_auth *	cr_auth;

	const struct rpc_credops *cr_ops;

	const struct rpc_credops *cr_ops;

	unsigned long		cr_expire;	/* when to gc */

	atomic_t		cr_count;	/* ref count */

	unsigned short		cr_flags;	/* various flags */

#ifdef RPC_DEBUG

#ifdef RPC_DEBUG

	unsigned long		cr_magic;	/* 0x0f4aa4f0 */

	unsigned long		cr_magic;	/* 0x0f4aa4f0 */

#endif

#endif

	unsigned long		cr_expire;	/* when to gc */

	unsigned long		cr_flags;	/* various flags */

	atomic_t		cr_count;	/* ref count */

	uid_t			cr_uid;

	uid_t			cr_uid;

	/* per-flavor data */

	/* per-flavor data */

};

};

#define RPCAUTH_CRED_NEW	0x0001

#define RPCAUTH_CRED_NEW	0

#define RPCAUTH_CRED_UPTODATE	0x0002

#define RPCAUTH_CRED_UPTODATE	1

#define RPCAUTH_CRED_MAGIC	0x0f4aa4f0

#define RPCAUTH_CRED_MAGIC	0x0f4aa4f0

	if (atomic_read(&cred->cr_count) != 1)

	if (atomic_read(&cred->cr_count) != 1)

	       return;

	       return;

	if (time_after(jiffies, cred->cr_expire + auth->au_credcache->expire))

	if (time_after(jiffies, cred->cr_expire + auth->au_credcache->expire))

		cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	if (!(cred->cr_flags & RPCAUTH_CRED_UPTODATE)) {

	if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0) {

		__hlist_del(&cred->cr_hash);

		__hlist_del(&cred->cr_hash);

		hlist_add_head(&cred->cr_hash, free);

		hlist_add_head(&cred->cr_hash, free);

	}

	}

		if (!IS_ERR(new))

		if (!IS_ERR(new))

			goto retry;

			goto retry;

		cred = new;

		cred = new;

	} else if ((cred->cr_flags & RPCAUTH_CRED_NEW)

	} else if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags)

			&& cred->cr_ops->cr_init != NULL

			&& cred->cr_ops->cr_init != NULL

			&& !(flags & RPCAUTH_LOOKUP_NEW)) {

			&& !(flags & RPCAUTH_LOOKUP_NEW)) {

		int res = cred->cr_ops->cr_init(auth, cred);

		int res = cred->cr_ops->cr_init(auth, cred);

void

void

rpcauth_invalcred(struct rpc_task *task)

rpcauth_invalcred(struct rpc_task *task)

{

{

	struct rpc_cred *cred = task->tk_msg.rpc_cred;

	dprintk("RPC: %5u invalidating %s cred %p\n",

	dprintk("RPC: %5u invalidating %s cred %p\n",

		task->tk_pid, task->tk_auth->au_ops->au_name, task->tk_msg.rpc_cred);

		task->tk_pid, task->tk_auth->au_ops->au_name, cred);

	spin_lock(&rpc_credcache_lock);

	if (cred)

	if (task->tk_msg.rpc_cred)

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

		task->tk_msg.rpc_cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

	spin_unlock(&rpc_credcache_lock);

}

}

int

int

rpcauth_uptodatecred(struct rpc_task *task)

rpcauth_uptodatecred(struct rpc_task *task)

{

{

	return !(task->tk_msg.rpc_cred) ||

	struct rpc_cred *cred = task->tk_msg.rpc_cred;

		(task->tk_msg.rpc_cred->cr_flags & RPCAUTH_CRED_UPTODATE);

	return cred == NULL ||

		test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0;

}

}

	write_lock(&gss_ctx_lock);

	write_lock(&gss_ctx_lock);

	old = gss_cred->gc_ctx;

	old = gss_cred->gc_ctx;

	gss_cred->gc_ctx = ctx;

	gss_cred->gc_ctx = ctx;

	cred->cr_flags |= RPCAUTH_CRED_UPTODATE;

	set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	cred->cr_flags &= ~RPCAUTH_CRED_NEW;

	clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);

	write_unlock(&gss_ctx_lock);

	write_unlock(&gss_ctx_lock);

	if (old)

	if (old)

		gss_put_ctx(old);

		gss_put_ctx(old);

	int res = 0;

	int res = 0;

	read_lock(&gss_ctx_lock);

	read_lock(&gss_ctx_lock);

	if ((cred->cr_flags & RPCAUTH_CRED_UPTODATE) && gss_cred->gc_ctx)

	if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) && gss_cred->gc_ctx)

		res = 1;

		res = 1;

	read_unlock(&gss_ctx_lock);

	read_unlock(&gss_ctx_lock);

	return res;

	return res;

	 * Note: in order to force a call to call_refresh(), we deliberately

	 * Note: in order to force a call to call_refresh(), we deliberately

	 * fail to flag the credential as RPCAUTH_CRED_UPTODATE.

	 * fail to flag the credential as RPCAUTH_CRED_UPTODATE.

	 */

	 */

	cred->gc_base.cr_flags = RPCAUTH_CRED_NEW;

	cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;

	cred->gc_service = gss_auth->service;

	cred->gc_service = gss_auth->service;

	return &cred->gc_base;

	return &cred->gc_base;

	 * we don't really care if the credential has expired or not,

	 * we don't really care if the credential has expired or not,

	 * since the caller should be prepared to reinitialise it.

	 * since the caller should be prepared to reinitialise it.

	 */

	 */

	if ((flags & RPCAUTH_LOOKUP_NEW) && (rc->cr_flags & RPCAUTH_CRED_NEW))

	if ((flags & RPCAUTH_LOOKUP_NEW) && test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))

		goto out;

		goto out;

	/* Don't match with creds that have expired. */

	/* Don't match with creds that have expired. */

	if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry))

	if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry))

	mic.data = (u8 *)(p + 1);

	mic.data = (u8 *)(p + 1);

	maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);

	maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);

	if (maj_stat == GSS_S_CONTEXT_EXPIRED) {

	if (maj_stat == GSS_S_CONTEXT_EXPIRED) {

		cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	} else if (maj_stat != 0) {

	} else if (maj_stat != 0) {

		printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);

		printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);

		goto out_put_ctx;

		goto out_put_ctx;

	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);

	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

		cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	if (maj_stat)

	if (maj_stat)

		goto out_bad;

		goto out_bad;

	/* We leave it to unwrap to calculate au_rslack. For now we just

	/* We leave it to unwrap to calculate au_rslack. For now we just

	maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);

	maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);

	status = -EIO; /* XXX? */

	status = -EIO; /* XXX? */

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

		cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	else if (maj_stat)

	else if (maj_stat)

		return status;

		return status;

	q = xdr_encode_opaque(p, NULL, mic.len);

	q = xdr_encode_opaque(p, NULL, mic.len);

	/* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was

	/* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was

	 * done anyway, so it's safe to put the request on the wire: */

	 * done anyway, so it's safe to put the request on the wire: */

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

		cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	else if (maj_stat)

	else if (maj_stat)

		return status;

		return status;

	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);

	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

		cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	if (maj_stat != GSS_S_COMPLETE)

	if (maj_stat != GSS_S_COMPLETE)

		return status;

		return status;

	return 0;

	return 0;

	maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);

	maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

	if (maj_stat == GSS_S_CONTEXT_EXPIRED)

		cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;

		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);

	if (maj_stat != GSS_S_COMPLETE)

	if (maj_stat != GSS_S_COMPLETE)

		return status;

		return status;

	if (ntohl(*(*p)++) != rqstp->rq_seqno)

	if (ntohl(*(*p)++) != rqstp->rq_seqno)

static int

static int

nul_refresh(struct rpc_task *task)

nul_refresh(struct rpc_task *task)

{

{

	task->tk_msg.rpc_cred->cr_flags |= RPCAUTH_CRED_UPTODATE;

	set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_msg.rpc_cred->cr_flags);

	return 0;

	return 0;

}

}

	.cr_auth	= &null_auth,

	.cr_auth	= &null_auth,

	.cr_ops		= &null_credops,

	.cr_ops		= &null_credops,

	.cr_count	= ATOMIC_INIT(1),

	.cr_count	= ATOMIC_INIT(1),

	.cr_flags	= RPCAUTH_CRED_UPTODATE,

	.cr_flags	= 1UL << RPCAUTH_CRED_UPTODATE,

#ifdef RPC_DEBUG

#ifdef RPC_DEBUG

	.cr_magic	= RPCAUTH_CRED_MAGIC,

	.cr_magic	= RPCAUTH_CRED_MAGIC,

#endif

#endif

		return ERR_PTR(-ENOMEM);

		return ERR_PTR(-ENOMEM);

	rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops);

	rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops);

	cred->uc_base.cr_flags = RPCAUTH_CRED_UPTODATE;

	cred->uc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;

	if (flags & RPCAUTH_LOOKUP_ROOTCREDS) {

	if (flags & RPCAUTH_LOOKUP_ROOTCREDS) {

		cred->uc_uid = 0;

		cred->uc_uid = 0;

		cred->uc_gid = 0;

		cred->uc_gid = 0;

static int

static int

unx_refresh(struct rpc_task *task)

unx_refresh(struct rpc_task *task)

{

{

	task->tk_msg.rpc_cred->cr_flags |= RPCAUTH_CRED_UPTODATE;

	set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_msg.rpc_cred->cr_flags);

	return 0;

	return 0;

}

}