summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 GRANTED_MSG procedureChuck Lever
Continue the xdrgen migration by converting NLMv3 GRANTED_MSG, the async counterpart to GRANTED that a remote NLM uses to tell this lockd that a previously blocked client lock request has become available. The procedure now uses nlm_svc_decode_nlm_testargs and nlm_svc_encode_void, generated from the NLM version 3 protocol specification. The procedure handler reaches the xdrgen types through the nlm_testargs_wrapper structure, which bridges between generated code and the legacy lockd_lock representation. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in __nlmsvc_proc_granted_msg() by nlm_lock_to_lockd_lock() rather than relying on zero-initialization. The NLM async callback mechanism uses client-side functions which continue to take legacy results like struct lockd_res, preventing GRANTED and GRANTED_MSG from sharing code for now. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 UNLOCK_MSG procedureChuck Lever
Continue the xdrgen migration by converting NLMv3 UNLOCK_MSG, the async counterpart to UNLOCK that clients use to release locks without waiting for a reply. The procedure now uses nlm_svc_decode_nlm_unlockargs and nlm_svc_encode_void, generated from the NLM version 3 protocol specification. The procedure handler reaches the xdrgen types through the nlm_unlockargs_wrapper structure, which bridges between generated code and the legacy lockd_lock representation. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in nlm3svc_lookup_file() rather than relying on zero-initialization. The NLM async callback mechanism uses client-side functions which continue to take legacy results like struct lockd_res, preventing UNLOCK and UNLOCK_MSG from sharing code for now. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 CANCEL_MSG procedureChuck Lever
The CANCEL_MSG procedure is part of NLM's asynchronous lock request flow, where clients send CANCEL_MSG to cancel pending lock requests. This patch continues the xdrgen migration by converting CANCEL_MSG to use generated XDR functions. This patch converts the CANCEL_MSG procedure to use xdrgen functions nlm_svc_decode_nlm_cancargs and nlm_svc_encode_void generated from the NLM version 3 protocol specification. The procedure handler uses xdrgen types through the nlm_cancargs_wrapper structure that bridges between generated code and the legacy lockd_lock representation. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in nlm3svc_lookup_file() rather than relying on zero-initialization. The previous hand-written decoder in svcxdr_decode_cookie() rewrote a zero-length NLM cookie into a four-byte zero cookie, with a comment attributing the substitution to HP-UX clients. The xdrgen-generated netobj decoder performs no such rewrite, so a zero-length request cookie now round-trips unchanged into the CANCEL_RES reply. HP-UX has reached end of support, and CANCEL_MSG is fire-and-forget with no client-side reply matching on the NLM cookie, so the workaround is dropped intentionally here. The NLM async callback mechanism uses client-side functions which continue to take legacy results like struct lockd_res, preventing CANCEL and CANCEL_MSG from sharing code for now. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 LOCK_MSG procedureChuck Lever
Continue the xdrgen migration by converting NLMv3 LOCK_MSG, the async counterpart to LOCK that clients use to request locks that may block. The procedure now uses nlm_svc_decode_nlm_lockargs and nlm_svc_encode_void, generated from the NLM version 3 protocol specification. The procedure handler reaches the xdrgen types through the nlm_lockargs_wrapper structure, which bridges between generated code and the legacy lockd_lock representation. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in nlm3svc_lookup_file() rather than relying on zero-initialization. The NLM async callback mechanism uses client-side functions which continue to take legacy results like struct lockd_res, preventing LOCK and LOCK_MSG from sharing code for now. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 TEST_MSG procedureChuck Lever
Continue the xdrgen migration by converting NLMv3 TEST_MSG, the async counterpart to TEST that clients use to check lock availability without blocking. The procedure now uses nlm_svc_decode_nlm_testargs and nlm_svc_encode_void, generated from the NLM version 3 protocol specification. The procedure handler reaches the xdrgen types through the nlm_testargs_wrapper structure, which bridges between generated code and the legacy lockd_lock representation. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in nlm3svc_lookup_file() rather than relying on zero-initialization. The NLM async callback mechanism uses client-side functions which continue to take legacy results like struct lockd_res, preventing TEST and TEST_MSG from sharing code for now. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Refactor nlmsvc_callback()Chuck Lever
The xdrgen-based XDR conversion requires each RPC procedure to extract its own arguments, since xdrgen generates distinct argument structures for each procedure rather than using a single shared type. Move the host lookup logic from nlmsvc_callback() into each of the five MSG procedure handlers (TEST_MSG, LOCK_MSG, CANCEL_MSG, UNLOCK_MSG, and GRANTED_MSG). Each handler now performs its own host lookup from rqstp->rq_argp and passes the resulting host pointer to nlmsvc_callback(). This establishes the per-procedure argument-handling pattern that the subsequent xdrgen conversion patches require. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 GRANTED procedureChuck Lever
The NLM GRANTED procedure allows servers to notify clients when a previously blocked lock request has been granted, completing the asynchronous lock request flow. This patch converts the NLMv3 GRANTED procedure to use xdrgen-generated XDR functions. The conversion replaces the legacy decoder with the xdrgen functions nlm_svc_decode_nlm_testargs and nlm_svc_encode_nlm_res generated from the NLM version 3 protocol specification. The procedure handler accesses xdrgen types through a wrapper structure that bridges between generated code and the legacy lockd_lock representation still used by the core lockd logic. A new helper function nlm_lock_to_lockd_lock() converts an xdrgen nlm_lock into the legacy lockd_lock format. The helper complements the existing nlm3svc_lookup_host() and nlm3svc_lookup_file() functions used throughout this series. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The helper populates each field of the wrapper's lock member that any downstream consumer reads: fh, oh, svid, and the file_lock byte range. Because pc_argzero no longer scrubs the rq_argp slot, the shared nlmclnt_lock_event tracepoint class is updated to source its byte-range fields from lock->fl.fl_start and lock->fl.fl_end, which both the client and server populate unconditionally; the old lock_start and lock_len fields are no longer required by the trace. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 UNLOCK procedureChuck Lever
The NLM UNLOCK procedure allows clients to release held locks, completing the basic lock lifecycle alongside TEST, LOCK, and CANCEL procedures already converted in this series. Convert UNLOCK to use the xdrgen functions nlm_svc_decode_nlm_unlockargs and nlm_svc_encode_nlm_res generated from the NLM version 3 protocol specification, reusing the nlm3svc_lookup_host() and nlm3svc_lookup_file() helpers introduced earlier in the series. The procedure handler uses xdrgen types through a wrapper structure that bridges between generated code and the legacy lockd_lock representation still used by the core lockd logic. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in nlm3svc_lookup_file() rather than relying on zero-initialization. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 CANCEL procedureChuck Lever
The NLM CANCEL procedure allows clients to cancel outstanding blocked lock requests. This patch continues the xdrgen migration by converting the CANCEL procedure. CANCEL reuses the nlm3svc_lookup_host() and nlm3svc_lookup_file() helpers established in the TEST procedure conversion. This patch converts the CANCEL procedure to use xdrgen functions nlm_svc_decode_nlm_cancargs and nlm_svc_encode_nlm_res generated from the NLM version 3 protocol specification. The procedure handler uses xdrgen types through a wrapper structure that bridges between generated code and the legacy lockd_lock representation still used by the core lockd logic. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in nlm3svc_lookup_file() rather than relying on zero-initialization. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 LOCK procedureChuck Lever
The NLM LOCK procedure requires the same host and file lookup operations established in the TEST procedure conversion. This patch extends the xdrgen migration to the LOCK procedure, leveraging the shared nlm3svc_lookup_host() and nlm3svc_lookup_file() helpers to establish consistent patterns across the series. This patch converts the LOCK procedure to use xdrgen functions nlm_svc_decode_nlm_lockargs and nlm_svc_encode_nlm_res generated from the NLM version 3 protocol specification. The procedure handler uses xdrgen types through wrapper structures that bridge between generated code and the legacy lockd_lock representation still used by the core lockd logic. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The cookie and lock members of the wrapper are populated explicitly in nlm_netobj_to_cookie() and nlm3svc_lookup_file() rather than relying on zero-initialization. The hand-rolled svcxdr_decode_cookie() previously substituted a four-byte zero cookie when a zero-length cookie arrived on the wire, a compatibility shim for HP-UX clients that had been carried in fs/lockd/ since the original import. The xdrgen decoder reproduces the cookie verbatim, and nlm_netobj_to_cookie() copies whatever length the peer sent. As subsequent patches replace the remaining call sites of svcxdr_decode_cookie(), this series retires that HP-UX compat behavior on the server side. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 TEST procedureChuck Lever
The NLM TEST procedure requires host and file lookups to check lock state, operations that will be common across multiple NLM procedures being migrated to xdrgen. Introducing the nlm3svc_lookup_host() and nlm3svc_lookup_file() helpers now keeps these common patterns in one place for subsequent conversions in this series. This patch converts the TEST procedure to use xdrgen functions nlm_svc_decode_nlm_testargs and nlm_svc_encode_nlm_testres generated from the NLM version 3 protocol specification. The procedure handler is rewritten to use xdrgen types through wrapper structures that bridge between generated code and the legacy lockd_lock representation still used by the core lockd logic. Setting pc_argzero to zero is safe because the generated decoder fills the argp->xdrgen subfields before the procedure runs, so the zeroing memset performed by the dispatch layer is not needed. The lock member of the wrapper is populated explicitly in nlm3svc_lookup_file() rather than relying on zero-initialization. The conflicting holder's offset and length are saturated to NLM_OFFSET_MAX when constructing the reply. A conflicting lock established by an NLMv4 client or by a local process can sit beyond the NLMv3 signed 32-bit range, and copying fl_start and fl_end straight into the unsigned 32-bit XDR fields would wrap and report a bogus range. The previous hand-written encoder in svcxdr_encode_holder() used loff_t_to_s32() for the same reason, but this patch series intends to separate the concerns of data conversion (XDR) from dealing with local byte range constraints, so clamping is hoisted into the proc function. The previous hand-written decoder in svcxdr_decode_cookie() rewrote a zero-length NLM cookie into a four-byte zero cookie, with a comment attributing the substitution to HP-UX clients. The xdrgen-generated netobj decoder performs no such rewrite, so a zero-length request cookie now round-trips unchanged into the reply. HP-UX has reached end of support, and NLM_TEST reply matching relies on the RPC XID rather than the NLM cookie, so the workaround is dropped intentionally here. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Use xdrgen XDR functions for the NLMv3 NULL procedureChuck Lever
Hand-written XDR encoders and decoders are difficult to maintain and can diverge from protocol specifications. Migrating to xdrgen-generated code improves type safety and ensures the implementation matches the NLM version 3 protocol specification exactly. Convert the NULL procedure to use nlm_svc_decode_void and nlm_svc_encode_void, generated from Documentation/sunrpc/xdr/nlm3.x. NULL has no arguments or results, so it is the first procedure converted. NULL returns no XDR-encoded data, so pc_xdrressize is set to XDR_void. The argzero field is also set to zero since xdrgen decoders initialize all decoded values. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Rename struct nlm_share to lockd_shareChuck Lever
As part of the effort to enable lockd's server-side XDR functions to be generated from the NLM protocol specification (using xdrgen), the internal type names must be changed to avoid conflicts with the machine-generated type names. Rename struct nlm_share to struct lockd_share to avoid conflicts with the NLMv3 XDR type definitions that will be introduced when svcproc.c is converted to use xdrgen. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Rename struct nlm_reboot to lockd_rebootChuck Lever
As part of the effort to enable lockd's server-side XDR functions to be generated from the NLM protocol specification (using xdrgen), the internal type names must be changed to avoid conflicts with the machine-generated type names. Rename struct nlm_reboot to struct lockd_reboot for consistency with the other renamed internal types. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Rename struct nlm_res to lockd_resChuck Lever
As part of the effort to enable lockd's server-side XDR functions to be generated from the NLM protocol specification (using xdrgen), the internal type names must be changed to avoid conflicts with the machine-generated type names. Rename struct nlm_res to struct lockd_res to avoid conflicts with the NLMv3 XDR type definitions that will be introduced when svcproc.c is converted to use xdrgen. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Rename struct nlm_args to lockd_argsChuck Lever
As part of the effort to enable lockd's server-side XDR functions to be generated from the NLM protocol specification (using xdrgen), the internal type names must be changed to avoid conflicts with the machine-generated type names. Rename struct nlm_args to struct lockd_args to avoid conflicts with the NLMv3 XDR type definitions that will be introduced when svcproc.c is converted to use xdrgen. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Rename struct nlm_lock to lockd_lockChuck Lever
A subsequent patch will convert fs/lockd/svcproc.c to use machine-generated XDR encoding and decoding functions in a manner similar to fs/lockd/svc4proc.c. Machine-generated types derived from the NLM specification will conflict with the internal types of the same name. Rename the internal struct nlm_lock type to lockd_lock to avoid such naming conflicts. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Rename struct nlm_cookie to lockd_cookieChuck Lever
Machine-generated XDR types derived from the NLM specification use names that match the protocol. Internal lockd types with identical names cause compilation failures when machine-generated encoders replace hand-coded ones. Rename the internal struct nlm_cookie type to lockd_cookie to prevent such collisions. The "lockd_" prefix distinguishes implementation-specific types from specified NLM protocol types. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09Documentation: Add the RPC language description of NLM version 3Chuck Lever
In order to generate source code to encode and decode NLMv3 protocol elements, include a copy of the RPC language description of NLMv3 for xdrgen to process. The language description is derived from the Open Group's XNFS specification: https://pubs.opengroup.org/onlinepubs/9629799/chap10.htm#tagcjh_11_03 The C code committed here was generated from the new nlm3.x file using tools/net/sunrpc/xdrgen/xdrgen. The goals of replacing hand-written XDR functions with ones that are tool-generated are to improve memory safety and make XDR encoding and decoding less brittle to maintain. Parts of the NFSv4 protocol are still being extended actively. Tool-generated XDR code reduces the time it takes to get a working implementation of new protocol elements. The xdrgen utility derives both the type definitions and the encode/decode functions directly from protocol specifications, using names and symbols familiar to anyone who knows those specs. Unlike hand-written code that can inadvertently diverge from the specification, xdrgen guarantees that the generated code matches the specification exactly. We would eventually like xdrgen to generate Rust code as well, making the conversion of the kernel's NFS stacks to use Rust just a little easier for us. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Do not monitor when looking up the LOCK_MSG callback hostChuck Lever
A LOCK_MSG handler that fails to obtain a host returns rpc_system_err, which causes the dispatcher to send an RPC-level error rather than an NLM LOCK_RES denial. Before the xdrgen conversion, the outer host lookup was unmonitored, so an NSM upcall failure was reported back to the client through LOCK_RES with status nlm_lck_denied_nolocks generated by the inner helper. The xdrgen conversion replaced the unmonitored lookup with nlm4svc_lookup_host(..., true). When nsm_monitor() fails, the outer lookup now returns NULL, so the procedure short-circuits to rpc_system_err and __nlm4svc_proc_lock_msg() never runs. The client therefore receives no LOCK_RES, regressing the legacy behavior. The inner helper still performs a monitored lookup while building the LOCK_RES, so the outer call only needs an unmonitored host reference for the callback path. Pass false here to restore the previous semantics. Fixes: b2be4e28c23a ("lockd: Use xdrgen XDR functions for the NLMv4 LOCK_MSG procedure") Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Translate nlm__int__deadlock in __nlm4svc_proc_lock_msg()Chuck Lever
When nlmsvc_lock() detects a deadlock it returns the internal sentinel nlm__int__deadlock (30001), which version-specific handlers must translate to a wire-valid status before the reply is encoded. The xdrgen LOCK_MSG handler stores the sentinel unmodified in resp->status; the LOCK_RES callback then places 30001 on the v4 wire, where the client rejects the reply. Commit 9e0d0c619407 ("lockd: Introduce nlm__int__deadlock") established the translation boundary and updated the synchronous v4 path nlm4svc_do_lock(), but the xdrgen LOCK_MSG handler added later in commit b2be4e28c23a ("lockd: Use xdrgen XDR functions for the NLMv4 LOCK_MSG procedure") missed the corresponding remap. Apply the same translation in __nlm4svc_proc_lock_msg() so deadlock results are reported as nlm4_deadlock on LOCK_RES. Fixes: b2be4e28c23a ("lockd: Use xdrgen XDR functions for the NLMv4 LOCK_MSG procedure") Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Drop locks_init_lock() from nlm4_lock_to_lockd_lock()Chuck Lever
The NLMv4 GRANTED helper passes the wrapper's lock to nlmclnt_grant(), which compares only fl_start, fl_end, svid, and fh, and the shared nlmclnt_lock_event tracepoint now sources its byte-range fields from fl_start and fl_end as well. Both fl_start and fl_end are set unconditionally by lockd_set_file_lock_range4() on the line below, so the locks_init_lock() call left no observable effect: every other field of struct file_lock is unread on the GRANTED path. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Correct kernel-doc status descriptions for NLMv4 GRANTEDChuck Lever
NLM_GRANTED is a server-to-client callback; the local node responds in the role of the client. The kernel-doc for nlm4svc_proc_granted attributes NLM4_DENIED and NLM4_DENIED_GRACE_PERIOD to "the server", but per the Open Group XNFS specification the responder for this procedure is the client host, and NLM4_DENIED_GRACE_PERIOD identifies the client's own grace period after a reboot, not the server's. Rewrite the descriptions to match the spec: NLM4_DENIED reflects the generic internal-resource-constraint failure, and NLM4_DENIED_GRACE_PERIOD attributes the grace period to the client host that received the callback. Fixes: 7a9f7c8f934e ("lockd: Use xdrgen XDR functions for the NLMv4 GRANTED procedure") Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09lockd: Stop warning on nlm__int__drop_reply in !V4 cast_statusChuck Lever
cast_status folds internal lock-daemon sentinels into NLMv1/v3 wire status codes. The !CONFIG_LOCKD_V4 variant warns when an unrecognized status falls into the internal-sentinel range, gated by be32_to_cpu(status) >= 30000. nlm__int__drop_reply is defined as cpu_to_be32(30000), so it sits at the lower edge of that range and trips pr_warn_once ("lockd: unhandled internal status %u"). The status is returned unchanged so the reply is still dropped, but every dropped reply on a !CONFIG_LOCKD_V4 build emits a spurious warning. Compare against nlm__int__drop_reply directly so the warning still catches the genuinely unexpected sentinels deadlock, stale_fh, and failed (30001 through 30003) but excludes the legitimate dropped-reply marker. Fixes: d343fce148a4 ("[PATCH] knfsd: Allow lockd to drop replies as appropriate") Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09svcrdma: Defer send context release to xpo_release_ctxtChuck Lever
Send completion currently queues a work item to an unbound workqueue for each completed send context. Under load, the Send Completion handlers contend for the shared workqueue pool lock. Replace the workqueue with a per-transport lock-free list (llist). The Send completion handler appends the send_ctxt to sc_send_release_list and does no further teardown. The nfsd thread drains the list in xpo_release_ctxt between RPCs, performing DMA unmapping, chunk I/O resource release, and page release in a batch. This eliminates both the workqueue pool lock and the DMA unmap cost from the Send completion path. DMA unmapping can be expensive when an IOMMU is present in strict mode, as each unmap triggers a synchronous hardware IOTLB invalidation. Moving it to the nfsd thread, where that latency is harmless, avoids penalizing completion handler throughput. The nfsd threads absorb the release cost at a point where the client is no longer waiting on a reply, and natural batching amortizes the overhead when completions arrive faster than RPCs complete. A self-enqueue backstops drain on a quiescing transport. When svc_rdma_send_ctxt_put() observes that its llist_add() transitions sc_send_release_list from empty to non-empty, it sets XPT_DATA and calls svc_xprt_enqueue() so that svc_xprt_ready() schedules an nfsd thread. The thread enters svc_rdma_recvfrom(), finds no pending receive, clears XPT_DATA, and returns 0; svc_xprt_release() then runs xpo_release_ctxt and drains the list. Under steady load the foreground drain keeps the list non-empty between adds and no enqueue fires; only the trailing edge of a burst pays for a wakeup. Without this path, a Send completion arriving after the last xpo_release_ctxt on an idle connection would leave the send_ctxt's DMA mappings and reply pages pinned until the next RPC, send-context exhaustion, or transport close. Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09svcrdma: Release write chunk resources without re-queuingChuck Lever
Each RDMA Send completion triggers a cascade of work items on the svcrdma_wq unbound workqueue: ib_cq_poll_work (on ib_comp_wq, per-CPU) -> svc_rdma_send_ctxt_put -> queue_work [work item 1] -> svc_rdma_write_info_free -> queue_work [work item 2] Every transition through queue_work contends on the unbound pool's spinlock. Profiling an 8KB NFSv3 read/write workload over RDMA shows about 4% of total CPU cycles spent on this lock, with the cascading re-queue of write_info release contributing roughly 1%. The initial queue_work in svc_rdma_send_ctxt_put is needed to move release work off the CQ completion context (which runs on a per-CPU bound workqueue). However, once executing on svcrdma_wq, there is no need to re-queue for each write_info structure. svc_rdma_reply_chunk_release already calls svc_rdma_cc_release inline from the same svcrdma_wq context, and svc_rdma_recv_ctxt_put does the same from nfsd thread context. Release write chunk resources inline in svc_rdma_write_info_free, removing the intermediate svc_rdma_write_info_free_async work item and the wi_work field from struct svc_rdma_write_info. Reviewed-by: Mike Snitzer <snitzer@kernel.org> Tested-by: Jonathan Flynn <jonathan.flynn@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove dead rpcsec_gss_krb5 definitionsChuck Lever
The migration to crypto/krb5 eliminated the per-enctype function dispatch and direct crypto API usage, leaving behind a number of orphaned definitions. Remove the following from gss_krb5.h: - GSS_KRB5_K5CLENGTH, used only by removed key derivation - KG_TOK_MIC_MSG and KG_TOK_WRAP_MSG (Kerberos v1 token types; v1 support was dropped earlier) - KG2_TOK_INITIAL and KG2_TOK_RESPONSE (context establishment token types; no remaining users) - KG2_RESP_FLAG_ERROR and KG2_RESP_FLAG_DELEG_OK - enum sgn_alg and enum seal_alg (v1 algorithm constants) - All CKSUMTYPE_* definitions, now duplicated by KRB5_CKSUMTYPE_* in <crypto/krb5.h> - The KG_ error constants from gssapi_err_krb5.h, which have no remaining users - The ENCTYPE_* constant block, replaced by KRB5_ENCTYPE_* from <crypto/krb5.h> - KG_USAGE_SEAL/SIGN/SEQ (3DES usage constants) - KEY_USAGE_SEED_CHECKSUM/ENCRYPTION/INTEGRITY, duplicated by <crypto/krb5.h> - #include <crypto/skcipher.h>, no longer needed Remove the cksum[] field from struct krb5_ctx in gss_krb5_internal.h; no code reads or writes it after the key derivation removal. Switch gss_krb5_enctypes[] in gss_krb5_mech.c to the canonical KRB5_ENCTYPE_* names from <crypto/krb5.h>. Remove stale #include directives: - <crypto/skcipher.h> from gss_krb5_wrap.c - <linux/random.h> and <linux/crypto.h> from gss_krb5_seal.c Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove redundant crypto Kconfig dependenciesChuck Lever
With all per-message crypto operations now routed through crypto/krb5, rpcsec_gss_krb5 no longer calls individual crypto algorithms directly. The CRYPTO_KRB5 symbol already selects CRYPTO_SKCIPHER and CRYPTO_HASH (the latter transitively via CRYPTO_HMAC). Drop the top-level select CRYPTO_SKCIPHER and select CRYPTO_HASH from RPCSEC_GSS_KRB5, as these are redundant with CRYPTO_KRB5's own dependencies. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove per-enctype Kconfig optionsChuck Lever
The RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1, RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA, and RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 Kconfig options originally gated both algorithm availability and the advertised enctype list. Now that per-message crypto operations are routed through crypto/krb5, these options control only which enctype numbers appear in the gssd upcall string; the underlying algorithms are always present. Remove the per-enctype Kconfig options and replace the ifdef-gated enctype table with a candidate list looked up in the crypto/krb5 enctype table at module init time. Each enctype is included in the advertised list only if crypto_krb5_find_enctype() finds it in the library's enctype table. When a new enctype is added to crypto/krb5, adding its constant to the candidate array is sufficient to begin advertising it. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove dead code from rpcsec_gss_krb5Chuck Lever
With all per-message crypto operations routed through crypto/krb5, a substantial body of code in rpcsec_gss_krb5 has no remaining callers. The internal key derivation functions (krb5_derive_key_v2, krb5_kdf_hmac_sha2, krb5_kdf_feedback_cmac) and the low-level crypto primitives (krb5_encrypt, gss_krb5_checksum, krb5_cbc_cts_ encrypt/decrypt, krb5_etm_checksum) are unreachable because their only call sites were the per-enctype function pointers removed in previous patches. Delete gss_krb5_keys.c entirely and strip the dead functions from gss_krb5_crypto.c. The KUnit test suite in gss_krb5_test.c exercised exactly these internal functions: RFC 3961 n-fold, RFC 3962 key derivation, RFC 6803 Camellia key derivation, and RFC 8009 AES-SHA2 key derivation, plus encryption self-tests that drove the now-removed encrypt routines. The corresponding test coverage is provided by the crypto/krb5 selftests in crypto/krb5/selftest.c. Remove the test file, the RPCSEC_GSS_KRB5_KUNIT_TEST Kconfig symbol, the .kunitconfig, and all VISIBLE_IF_KUNIT / EXPORT_SYMBOL_IF_KUNIT annotations. xdr_process_buf() walked xdr_buf segments through a per-segment callback and existed solely for the crypto routines in gss_krb5_crypto.c. With that file removed, xdr_process_buf() has no remaining callers. Its successor, xdr_buf_to_sg(), populates a scatterlist directly from an xdr_buf byte range and was introduced earlier in this series. With every consumer of struct gss_krb5_enctype removed, replace its remaining uses with the equivalent fields from struct krb5_enctype (key_len). Remove struct gss_krb5_enctype, the supported_gss_krb5_enctypes[] table, gss_krb5_lookup_enctype(), and the gk5e pointer from krb5_ctx. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove legacy skcipher/ahash handles from krb5_ctxChuck Lever
Previous patches switched all per-message crypto operations (encrypt, decrypt, get_mic, verify_mic) from the internal skcipher/ahash primitives to crypto/krb5 AEAD and shash handles. The old crypto_sync_skcipher and crypto_ahash fields in struct krb5_ctx are no longer referenced at runtime. Remove the ten legacy handle fields from struct krb5_ctx along with the key derivation and handle allocation code in gss_krb5_import_ctx_v2() that populated them. Context import now prepares only the four crypto/krb5 handles (two AEAD for encryption, two shash for checksums). The corresponding cleanup in gss_krb5_delete_sec_context() and the error path is likewise reduced. The krb5_derive_key() inline wrapper, gss_krb5_alloc_cipher_v2(), and gss_krb5_alloc_hash_v2() become unused and are removed. The per-enctype encrypt/decrypt functions (gss_krb5_aes_encrypt, gss_krb5_aes_decrypt, krb5_etm_encrypt, krb5_etm_decrypt) that were the sole remaining consumers of these fields are also removed; their function-pointer call sites were already deleted in earlier patches. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove encrypt/decrypt function pointers from enctype tableChuck Lever
All enctypes now route through gss_krb5_aead_encrypt() and gss_krb5_aead_decrypt(). The per-enctype .encrypt and .decrypt function pointers served the same purpose as .get_mic and .wrap before them: dispatching v1 versus v2 implementations. With v1 support long removed and the Camellia decrypt path migrated in a preceding patch, every table entry points to the same pair of functions. Call gss_krb5_aead_encrypt() and gss_krb5_aead_decrypt() directly from gss_krb5_wrap_v2() and gss_krb5_unwrap_v2(), and drop the function pointers from struct gss_krb5_enctype. While here, propagate the GSS status code returned by gss_krb5_aead_decrypt() instead of discarding it. The old indirect call sites returned GSS_S_FAILURE unconditionally, losing the distinction between an integrity failure (GSS_S_BAD_SIG) and a structural error (GSS_S_DEFECTIVE_TOKEN). Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove wrap/unwrap function pointers from enctype tableChuck Lever
Every enctype points .wrap and .unwrap at gss_krb5_wrap_v2() and gss_krb5_unwrap_v2(). As with get_mic/verify_mic, the indirection dates from when v1 enctypes had different wrap implementations. Call the functions directly and remove the pointers from struct gss_krb5_enctype. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Remove get_mic/verify_mic function pointers from enctype tableChuck Lever
Every enctype in the table points .get_mic and .verify_mic at the same pair of functions. The indirection served no purpose after the v1 enctype support was removed. Call gss_krb5_get_mic_v2() and gss_krb5_verify_mic_v2() directly from the GSS mechanism dispatch and drop the function pointers from struct gss_krb5_enctype. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Switch MIC token verification to crypto/krb5Chuck Lever
gss_krb5_verify_mic_v2() currently recomputes a checksum using gss_krb5_checksum() and then compares it against the received checksum with memcmp(). Replace this with a call to crypto_krb5_verify_mic(), which performs the hash, comparison, and offset/length adjustment in a single operation through the crypto/krb5 library. The scatterlist layout required by RFC 4121 Section 4.2.4 is constructed via gss_krb5_mic_build_sg(), the shared helper introduced in the preceding commit. The received checksum occupies the first scatterlist entry, pointing directly into the token buffer. The errno result from crypto_krb5_verify_mic() is mapped to a GSS major status code via gss_krb5_errno_to_status(), which returns GSS_S_BAD_SIG for -EBADMSG (checksum mismatch). Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Switch MIC token generation to crypto/krb5Chuck Lever
gss_krb5_get_mic_v2() currently computes the MIC checksum by driving a crypto_ahash directly, calling gss_krb5_checksum() with the message body and GSS token header. Replace this with a call to crypto_krb5_get_mic(), which performs the same keyed hash operation through the crypto/krb5 library. RFC 4121 Section 4.2.4 specifies that the checksum covers the message body followed by the token header. Because the crypto/krb5 metadata parameter is hashed before the data, the GSS header cannot be passed as metadata. Instead, the header is appended to the scatterlist after the body data, producing the correct hash input ordering without using the metadata parameter. The scatterlist layout is: [checksum_output | message_body | gss_header] The first scatterlist entry points directly into the token buffer, so the checksum is written in place. A shared helper, gss_krb5_mic_build_sg(), is introduced in gss_krb5_crypto.c to construct this scatterlist layout. The helper handles overflow allocation and scatterlist chaining for large xdr_buf page arrays. It is reused by the verify_mic counterpart in the following commit. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Switch Camellia decrypt to crypto/krb5Chuck Lever
The Camellia enctypes (RFC 6803) use the same MtE authenticated encryption construction as AES-SHA1 (RFC 3962), implemented in crypto/krb5 by the rfc3961_simplified profile. The encrypt path already uses gss_krb5_aead_encrypt() for Camellia, but the decrypt path was left on the old gss_krb5_aes_decrypt() code when the AES enctypes were migrated. Switch the Camellia .decrypt callback to gss_krb5_aead_decrypt() to complete the AEAD migration for all enctypes. The conf_len and cksum_len values in crypto/krb5's Camellia enctype descriptors match the block size and checksum length that gss_krb5_aes_decrypt() was using, so the headskip and tailskip returned to the unwrap layer are unchanged. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Switch wrap token decryption to crypto/krb5Chuck Lever
Replace the per-enctype .decrypt callbacks (gss_krb5_aes_decrypt and krb5_etm_decrypt) with a single gss_krb5_aead_decrypt() wrapper that delegates to crypto_krb5_decrypt(). The new wrapper builds a scatterlist covering the secured region (confounder through checksum), passes it to the AEAD decrypt operation, and derives the confounder and checksum lengths from the data offset and length that crypto_krb5_decrypt() reports. The caller's token header verification and buffer adjustment logic is unchanged. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Switch wrap token encryption to crypto/krb5Chuck Lever
Replace the per-enctype .encrypt callbacks (gss_krb5_aes_encrypt and krb5_etm_encrypt) with a single gss_krb5_aead_encrypt() wrapper that delegates to crypto_krb5_encrypt(). The xdr_buf setup -- GSS header insertion, confounder space allocation, and token header copy -- remains unchanged. The difference is that the CBC-CTS encryption and HMAC computation are now a single AEAD operation through the crypto/krb5 library. Both the MtE construction (RFC 3962) and the EtM construction (RFC 8009) are handled transparently by the AEAD transform. The plaintext page data must be copied from the page cache pages to the scratch output pages before building the scatterlist, since the AEAD operates in-place rather than using separate input and output scatterlists. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Prepare crypto/krb5 encryption and checksum handlesChuck Lever
Allocate crypto_aead handles for encryption (one per direction) and crypto_shash handles for checksumming (one per direction) using the crypto/krb5 library's key preparation functions. These four handles derive their subkeys from the session key and the RFC 4121 usage numbers and are ready for use in encrypt, decrypt, get_mic, and verify_mic operations. The existing crypto_sync_skcipher and crypto_ahash handles remain in place for now; subsequent patches switch the per-message operations to the new handles and then remove the old ones. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Add errno-to-GSS status conversion helperChuck Lever
The crypto/krb5 library returns standard negative errno values, but the GSS mechanism layer reports results as GSS_S_* major status codes. A translation is needed at each call site that will be switched to the new library. Rather than open-coding the mapping in every wrapper, provide a single helper function. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Add helpers to convert xdr_buf byte ranges to scatterlistsChuck Lever
The crypto/krb5 library accepts data in scatterlist form, but the GSS-API layer presents RPC payloads as struct xdr_buf. Bridge that gap with a pair of helper functions: xdr_buf_to_sg() - populate a caller-supplied scatterlist array from a byte range xdr_buf_to_sg_alloc() - populate a caller-supplied inline scatterlist, chaining to a heap- allocated overflow for large payloads The inline array (typically stack-allocated at eight entries) covers the common case of small RPCs with no heap allocation on the encrypt/decrypt path. Only buffers spanning many pages incur a kmalloc for the chained extension. The segment-walking logic follows the same head, page array, tail traversal as xdr_process_buf(), but populates a scatterlist directly rather than invoking a per-segment callback. sg_next() traversal makes the walker safe for chained scatterlists. Once subsequent patches reroute all per-message crypto operations through crypto/krb5, xdr_process_buf() loses its last callers and is removed. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Add crypto/krb5 enctype lookup to krb5_ctxChuck Lever
Each krb5_ctx currently points to a gss_krb5_enctype, the rpcsec_gss_krb5 module's own enctype descriptor. To begin using the common crypto/krb5 library, store a pointer to the corresponding struct krb5_enctype (from <crypto/krb5.h>) as well. The lookup is performed in gss_import_v2_context() immediately after the existing gss_krb5_lookup_enctype() call. If crypto_krb5_find_enctype() cannot find a matching enctype the context import fails, ensuring the module never operates with a partially-initialized krb5_ctx. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09SUNRPC: Add Kconfig dependency on CRYPTO_KRB5Chuck Lever
The rpcsec_gss_krb5 module currently contains its own Kerberos 5 crypto implementation (key derivation, encryption, checksumming) that duplicates functionality available in the common crypto/krb5 library. As a first step toward migrating to that library, add a Kconfig select so that building rpcsec_gss_krb5 pulls in the common Kerberos 5 crypto support. The per-enctype Kconfig options (AES_SHA1, CAMELLIA, AES_SHA2) remain: they continue to gate which encryption types are offered by the GSS mechanism. The individual crypto algorithm selects they carry become redundant once the migration is complete, since CRYPTO_KRB5 already selects all needed ciphers and hashes. Assisted-by: Claude:claude-opus-4-6 Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Anna Schumaker <anna.schumaker@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09NFSD: Increase the default max_block_size to 4MBChuck Lever
Commit 8a81f16de64f ("NFSD: Add a "default" block size") introduced NFSSVC_DEFBLKSIZE at 1MB, well below the 4MB NFSSVC_MAXBLKSIZE ceiling, with the stated intent that a later change would raise the default. Raising the default reduces per-RPC overhead on fast networks by amortizing header processing and scheduling costs across larger payloads. The halving loop in nfsd_get_default_max_blksize() constrains the returned value to 1/4096 of available RAM, so the new 4MB default takes effect only on systems with at least 16GB of RAM. Smaller machines continue to receive the same computed value as before. Administrators can still override the computed value through /proc/fs/nfsd/max_block_size. On systems where the new default takes effect, svc_sock_setbufsize() sizes each service socket's send and receive buffers as nreqs * max_mesg * 2. Quadrupling max_mesg therefore quadruples the per-socket buffer reservation at a fixed thread count, which operators tuning large thread pools should account for. Note well: Your NFS client implementation must support large read and write size settings to benefit from this change. Reviewed-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: Roland Mainz <roland.mainz@nrubsig.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09NFSD: Close cached file handles when revoking export stateChuck Lever
When NFSD_CMD_UNLOCK_EXPORT revokes NFSv4 state for an export path, GC-managed nfsd_file entries for files under that path may remain in the file cache. These cached handles hold the underlying filesystem busy, preventing a subsequent unmount. Add nfsd_file_close_export(), which walks the nfsd_file hash table and closes GC-eligible entries whose underlying file resides on the same filesystem and is a descendant of the export path. Because nfsd_file entries do not carry an export reference, the ancestry check uses is_subdir() on the file's dentry. False positives -- closing a cached handle that did not originate from the target export -- are harmless; the handle is simply reopened on the next access. The handler calls nfsd_file_close_export() before revoking NFSv4 state, mirroring the order used by NFSD_CMD_UNLOCK_FILESYSTEM (which cancels copies and releases NLM locks before revoking state). Both calls run under nfsd_mutex. Reviewed-by: Jeff Layton <jlayton@kernel.org> Tested-by: Dai Ngo <dai.ngo@oracle.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09NFSD: Add NFSD_CMD_UNLOCK_EXPORT netlink commandChuck Lever
When a filesystem is exported to NFS clients, NFSv4 state (opens, locks, delegations, layouts) holds references that prevent the underlying filesystem from being unmounted. NFSD_CMD_UNLOCK_FILESYSTEM addresses this at superblock granularity, but administrators unexporting a single path on a shared filesystem (e.g., one of several exports on the same device) need finer control. Add NFSD_CMD_UNLOCK_EXPORT, which revokes NFSv4 state acquired through exports of a specific path. Matching is by path identity (dentry + vfsmount) via the sc_export field on each nfs4_stid, so multiple svc_export objects for the same path -- one per auth_domain -- are handled correctly without requiring the caller to name a specific client. The command takes a single "path" attribute. Userspace (exportfs -u) sends this after removing the last client for a given path, enabling the underlying filesystem to be unmounted. When multiple clients share an export path, individual unexports do not trigger state revocation; only the final one does. Reviewed-by: Jeff Layton <jlayton@kernel.org> Tested-by: Dai Ngo <dai.ngo@oracle.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09NFSD: Track svc_export in nfs4_stidChuck Lever
Add an sc_export field to struct nfs4_stid so that each stateid records the export under which it was acquired. The export reference is taken via exp_get() at stateid creation and released via exp_put() in nfs4_put_stid(). Open stateids record the export from current_fh->fh_export. Lock stateids and delegations inherit the export from their parent open stateid. Layout stateids inherit from their parent stateid. Directory delegations record the export from cstate->current_fh. A subsequent commit uses sc_export to scope state revocation to a specific export, avoiding the need to walk inode dentry aliases at revocation time. Reviewed-by: Jeff Layton <jlayton@kernel.org> Tested-by: Dai Ngo <dai.ngo@oracle.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09NFSD: Replace idr_for_each_entry_ul in find_one_sb_stid()Chuck Lever
Replace idr_for_each_entry_ul() with a while loop over idr_get_next_ul() for consistency with find_one_export_stid(), added in a subsequent commit. No change in behavior. Reviewed-by: Jeff Layton <jlayton@kernel.org> Tested-by: Dai Ngo <dai.ngo@oracle.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-09NFSD: Add NFSD_CMD_UNLOCK_FILESYSTEM netlink commandChuck Lever
Add NFSD_CMD_UNLOCK_FILESYSTEM as a dedicated netlink command for revoking NFS state under a filesystem path, providing a netlink equivalent of /proc/fs/nfsd/unlock_fs. The command requires a "path" string attribute containing the filesystem path whose state should be released. The handler resolves the path to its superblock, then cancels async copies, releases NLM locks, and revokes NFSv4 state on that superblock. Reviewed-by: Jeff Layton <jlayton@kernel.org> Tested-by: Dai Ngo <dai.ngo@oracle.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>