Loading...
1/*
2 * linux/fs/lockd/svc.c
3 *
4 * This is the central lockd service.
5 *
6 * FIXME: Separate the lockd NFS server functionality from the lockd NFS
7 * client functionality. Oh why didn't Sun create two separate
8 * services in the first place?
9 *
10 * Authors: Olaf Kirch (okir@monad.swb.de)
11 *
12 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
13 */
14
15#include <linux/module.h>
16#include <linux/init.h>
17#include <linux/sysctl.h>
18#include <linux/moduleparam.h>
19
20#include <linux/sched/signal.h>
21#include <linux/errno.h>
22#include <linux/in.h>
23#include <linux/uio.h>
24#include <linux/smp.h>
25#include <linux/mutex.h>
26#include <linux/kthread.h>
27#include <linux/freezer.h>
28#include <linux/inetdevice.h>
29
30#include <linux/sunrpc/types.h>
31#include <linux/sunrpc/stats.h>
32#include <linux/sunrpc/clnt.h>
33#include <linux/sunrpc/svc.h>
34#include <linux/sunrpc/svcsock.h>
35#include <linux/sunrpc/svc_xprt.h>
36#include <net/ip.h>
37#include <net/addrconf.h>
38#include <net/ipv6.h>
39#include <linux/lockd/lockd.h>
40#include <linux/nfs.h>
41
42#include "netns.h"
43#include "procfs.h"
44
45#define NLMDBG_FACILITY NLMDBG_SVC
46#define LOCKD_BUFSIZE (1024 + NLMSVC_XDRSIZE)
47#define ALLOWED_SIGS (sigmask(SIGKILL))
48
49static struct svc_program nlmsvc_program;
50
51const struct nlmsvc_binding *nlmsvc_ops;
52EXPORT_SYMBOL_GPL(nlmsvc_ops);
53
54static DEFINE_MUTEX(nlmsvc_mutex);
55static unsigned int nlmsvc_users;
56static struct task_struct *nlmsvc_task;
57static struct svc_rqst *nlmsvc_rqst;
58unsigned long nlmsvc_timeout;
59
60static atomic_t nlm_ntf_refcnt = ATOMIC_INIT(0);
61static DECLARE_WAIT_QUEUE_HEAD(nlm_ntf_wq);
62
63unsigned int lockd_net_id;
64
65/*
66 * These can be set at insmod time (useful for NFS as root filesystem),
67 * and also changed through the sysctl interface. -- Jamie Lokier, Aug 2003
68 */
69static unsigned long nlm_grace_period;
70static unsigned long nlm_timeout = LOCKD_DFLT_TIMEO;
71static int nlm_udpport, nlm_tcpport;
72
73/* RLIM_NOFILE defaults to 1024. That seems like a reasonable default here. */
74static unsigned int nlm_max_connections = 1024;
75
76/*
77 * Constants needed for the sysctl interface.
78 */
79static const unsigned long nlm_grace_period_min = 0;
80static const unsigned long nlm_grace_period_max = 240;
81static const unsigned long nlm_timeout_min = 3;
82static const unsigned long nlm_timeout_max = 20;
83static const int nlm_port_min = 0, nlm_port_max = 65535;
84
85#ifdef CONFIG_SYSCTL
86static struct ctl_table_header * nlm_sysctl_table;
87#endif
88
89static unsigned long get_lockd_grace_period(void)
90{
91 /* Note: nlm_timeout should always be nonzero */
92 if (nlm_grace_period)
93 return roundup(nlm_grace_period, nlm_timeout) * HZ;
94 else
95 return nlm_timeout * 5 * HZ;
96}
97
98static void grace_ender(struct work_struct *grace)
99{
100 struct delayed_work *dwork = to_delayed_work(grace);
101 struct lockd_net *ln = container_of(dwork, struct lockd_net,
102 grace_period_end);
103
104 locks_end_grace(&ln->lockd_manager);
105}
106
107static void set_grace_period(struct net *net)
108{
109 unsigned long grace_period = get_lockd_grace_period();
110 struct lockd_net *ln = net_generic(net, lockd_net_id);
111
112 locks_start_grace(net, &ln->lockd_manager);
113 cancel_delayed_work_sync(&ln->grace_period_end);
114 schedule_delayed_work(&ln->grace_period_end, grace_period);
115}
116
117static void restart_grace(void)
118{
119 if (nlmsvc_ops) {
120 struct net *net = &init_net;
121 struct lockd_net *ln = net_generic(net, lockd_net_id);
122
123 cancel_delayed_work_sync(&ln->grace_period_end);
124 locks_end_grace(&ln->lockd_manager);
125 nlmsvc_invalidate_all();
126 set_grace_period(net);
127 }
128}
129
130/*
131 * This is the lockd kernel thread
132 */
133static int
134lockd(void *vrqstp)
135{
136 int err = 0;
137 struct svc_rqst *rqstp = vrqstp;
138 struct net *net = &init_net;
139 struct lockd_net *ln = net_generic(net, lockd_net_id);
140
141 /* try_to_freeze() is called from svc_recv() */
142 set_freezable();
143
144 /* Allow SIGKILL to tell lockd to drop all of its locks */
145 allow_signal(SIGKILL);
146
147 dprintk("NFS locking service started (ver " LOCKD_VERSION ").\n");
148
149 /*
150 * The main request loop. We don't terminate until the last
151 * NFS mount or NFS daemon has gone away.
152 */
153 while (!kthread_should_stop()) {
154 long timeout = MAX_SCHEDULE_TIMEOUT;
155 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
156
157 /* update sv_maxconn if it has changed */
158 rqstp->rq_server->sv_maxconn = nlm_max_connections;
159
160 if (signalled()) {
161 flush_signals(current);
162 restart_grace();
163 continue;
164 }
165
166 timeout = nlmsvc_retry_blocked();
167
168 /*
169 * Find a socket with data available and call its
170 * recvfrom routine.
171 */
172 err = svc_recv(rqstp, timeout);
173 if (err == -EAGAIN || err == -EINTR)
174 continue;
175 dprintk("lockd: request from %s\n",
176 svc_print_addr(rqstp, buf, sizeof(buf)));
177
178 svc_process(rqstp);
179 }
180 flush_signals(current);
181 if (nlmsvc_ops)
182 nlmsvc_invalidate_all();
183 nlm_shutdown_hosts();
184 cancel_delayed_work_sync(&ln->grace_period_end);
185 locks_end_grace(&ln->lockd_manager);
186 return 0;
187}
188
189static int create_lockd_listener(struct svc_serv *serv, const char *name,
190 struct net *net, const int family,
191 const unsigned short port)
192{
193 struct svc_xprt *xprt;
194
195 xprt = svc_find_xprt(serv, name, net, family, 0);
196 if (xprt == NULL)
197 return svc_create_xprt(serv, name, net, family, port,
198 SVC_SOCK_DEFAULTS);
199 svc_xprt_put(xprt);
200 return 0;
201}
202
203static int create_lockd_family(struct svc_serv *serv, struct net *net,
204 const int family)
205{
206 int err;
207
208 err = create_lockd_listener(serv, "udp", net, family, nlm_udpport);
209 if (err < 0)
210 return err;
211
212 return create_lockd_listener(serv, "tcp", net, family, nlm_tcpport);
213}
214
215/*
216 * Ensure there are active UDP and TCP listeners for lockd.
217 *
218 * Even if we have only TCP NFS mounts and/or TCP NFSDs, some
219 * local services (such as rpc.statd) still require UDP, and
220 * some NFS servers do not yet support NLM over TCP.
221 *
222 * Returns zero if all listeners are available; otherwise a
223 * negative errno value is returned.
224 */
225static int make_socks(struct svc_serv *serv, struct net *net)
226{
227 static int warned;
228 int err;
229
230 err = create_lockd_family(serv, net, PF_INET);
231 if (err < 0)
232 goto out_err;
233
234 err = create_lockd_family(serv, net, PF_INET6);
235 if (err < 0 && err != -EAFNOSUPPORT)
236 goto out_err;
237
238 warned = 0;
239 return 0;
240
241out_err:
242 if (warned++ == 0)
243 printk(KERN_WARNING
244 "lockd_up: makesock failed, error=%d\n", err);
245 svc_shutdown_net(serv, net);
246 return err;
247}
248
249static int lockd_up_net(struct svc_serv *serv, struct net *net)
250{
251 struct lockd_net *ln = net_generic(net, lockd_net_id);
252 int error;
253
254 if (ln->nlmsvc_users++)
255 return 0;
256
257 error = svc_bind(serv, net);
258 if (error)
259 goto err_bind;
260
261 error = make_socks(serv, net);
262 if (error < 0)
263 goto err_bind;
264 set_grace_period(net);
265 dprintk("%s: per-net data created; net=%x\n", __func__, net->ns.inum);
266 return 0;
267
268err_bind:
269 ln->nlmsvc_users--;
270 return error;
271}
272
273static void lockd_down_net(struct svc_serv *serv, struct net *net)
274{
275 struct lockd_net *ln = net_generic(net, lockd_net_id);
276
277 if (ln->nlmsvc_users) {
278 if (--ln->nlmsvc_users == 0) {
279 nlm_shutdown_hosts_net(net);
280 cancel_delayed_work_sync(&ln->grace_period_end);
281 locks_end_grace(&ln->lockd_manager);
282 svc_shutdown_net(serv, net);
283 dprintk("%s: per-net data destroyed; net=%x\n",
284 __func__, net->ns.inum);
285 }
286 } else {
287 pr_err("%s: no users! task=%p, net=%x\n",
288 __func__, nlmsvc_task, net->ns.inum);
289 BUG();
290 }
291}
292
293static int lockd_inetaddr_event(struct notifier_block *this,
294 unsigned long event, void *ptr)
295{
296 struct in_ifaddr *ifa = (struct in_ifaddr *)ptr;
297 struct sockaddr_in sin;
298
299 if ((event != NETDEV_DOWN) ||
300 !atomic_inc_not_zero(&nlm_ntf_refcnt))
301 goto out;
302
303 if (nlmsvc_rqst) {
304 dprintk("lockd_inetaddr_event: removed %pI4\n",
305 &ifa->ifa_local);
306 sin.sin_family = AF_INET;
307 sin.sin_addr.s_addr = ifa->ifa_local;
308 svc_age_temp_xprts_now(nlmsvc_rqst->rq_server,
309 (struct sockaddr *)&sin);
310 }
311 atomic_dec(&nlm_ntf_refcnt);
312 wake_up(&nlm_ntf_wq);
313
314out:
315 return NOTIFY_DONE;
316}
317
318static struct notifier_block lockd_inetaddr_notifier = {
319 .notifier_call = lockd_inetaddr_event,
320};
321
322#if IS_ENABLED(CONFIG_IPV6)
323static int lockd_inet6addr_event(struct notifier_block *this,
324 unsigned long event, void *ptr)
325{
326 struct inet6_ifaddr *ifa = (struct inet6_ifaddr *)ptr;
327 struct sockaddr_in6 sin6;
328
329 if ((event != NETDEV_DOWN) ||
330 !atomic_inc_not_zero(&nlm_ntf_refcnt))
331 goto out;
332
333 if (nlmsvc_rqst) {
334 dprintk("lockd_inet6addr_event: removed %pI6\n", &ifa->addr);
335 sin6.sin6_family = AF_INET6;
336 sin6.sin6_addr = ifa->addr;
337 if (ipv6_addr_type(&sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL)
338 sin6.sin6_scope_id = ifa->idev->dev->ifindex;
339 svc_age_temp_xprts_now(nlmsvc_rqst->rq_server,
340 (struct sockaddr *)&sin6);
341 }
342 atomic_dec(&nlm_ntf_refcnt);
343 wake_up(&nlm_ntf_wq);
344
345out:
346 return NOTIFY_DONE;
347}
348
349static struct notifier_block lockd_inet6addr_notifier = {
350 .notifier_call = lockd_inet6addr_event,
351};
352#endif
353
354static void lockd_unregister_notifiers(void)
355{
356 unregister_inetaddr_notifier(&lockd_inetaddr_notifier);
357#if IS_ENABLED(CONFIG_IPV6)
358 unregister_inet6addr_notifier(&lockd_inet6addr_notifier);
359#endif
360 wait_event(nlm_ntf_wq, atomic_read(&nlm_ntf_refcnt) == 0);
361}
362
363static void lockd_svc_exit_thread(void)
364{
365 atomic_dec(&nlm_ntf_refcnt);
366 lockd_unregister_notifiers();
367 svc_exit_thread(nlmsvc_rqst);
368}
369
370static int lockd_start_svc(struct svc_serv *serv)
371{
372 int error;
373
374 if (nlmsvc_rqst)
375 return 0;
376
377 /*
378 * Create the kernel thread and wait for it to start.
379 */
380 nlmsvc_rqst = svc_prepare_thread(serv, &serv->sv_pools[0], NUMA_NO_NODE);
381 if (IS_ERR(nlmsvc_rqst)) {
382 error = PTR_ERR(nlmsvc_rqst);
383 printk(KERN_WARNING
384 "lockd_up: svc_rqst allocation failed, error=%d\n",
385 error);
386 lockd_unregister_notifiers();
387 goto out_rqst;
388 }
389
390 atomic_inc(&nlm_ntf_refcnt);
391 svc_sock_update_bufs(serv);
392 serv->sv_maxconn = nlm_max_connections;
393
394 nlmsvc_task = kthread_create(lockd, nlmsvc_rqst, "%s", serv->sv_name);
395 if (IS_ERR(nlmsvc_task)) {
396 error = PTR_ERR(nlmsvc_task);
397 printk(KERN_WARNING
398 "lockd_up: kthread_run failed, error=%d\n", error);
399 goto out_task;
400 }
401 nlmsvc_rqst->rq_task = nlmsvc_task;
402 wake_up_process(nlmsvc_task);
403
404 dprintk("lockd_up: service started\n");
405 return 0;
406
407out_task:
408 lockd_svc_exit_thread();
409 nlmsvc_task = NULL;
410out_rqst:
411 nlmsvc_rqst = NULL;
412 return error;
413}
414
415static const struct svc_serv_ops lockd_sv_ops = {
416 .svo_shutdown = svc_rpcb_cleanup,
417 .svo_enqueue_xprt = svc_xprt_do_enqueue,
418};
419
420static struct svc_serv *lockd_create_svc(void)
421{
422 struct svc_serv *serv;
423
424 /*
425 * Check whether we're already up and running.
426 */
427 if (nlmsvc_rqst) {
428 /*
429 * Note: increase service usage, because later in case of error
430 * svc_destroy() will be called.
431 */
432 svc_get(nlmsvc_rqst->rq_server);
433 return nlmsvc_rqst->rq_server;
434 }
435
436 /*
437 * Sanity check: if there's no pid,
438 * we should be the first user ...
439 */
440 if (nlmsvc_users)
441 printk(KERN_WARNING
442 "lockd_up: no pid, %d users??\n", nlmsvc_users);
443
444 if (!nlm_timeout)
445 nlm_timeout = LOCKD_DFLT_TIMEO;
446 nlmsvc_timeout = nlm_timeout * HZ;
447
448 serv = svc_create(&nlmsvc_program, LOCKD_BUFSIZE, &lockd_sv_ops);
449 if (!serv) {
450 printk(KERN_WARNING "lockd_up: create service failed\n");
451 return ERR_PTR(-ENOMEM);
452 }
453 register_inetaddr_notifier(&lockd_inetaddr_notifier);
454#if IS_ENABLED(CONFIG_IPV6)
455 register_inet6addr_notifier(&lockd_inet6addr_notifier);
456#endif
457 dprintk("lockd_up: service created\n");
458 return serv;
459}
460
461/*
462 * Bring up the lockd process if it's not already up.
463 */
464int lockd_up(struct net *net)
465{
466 struct svc_serv *serv;
467 int error;
468
469 mutex_lock(&nlmsvc_mutex);
470
471 serv = lockd_create_svc();
472 if (IS_ERR(serv)) {
473 error = PTR_ERR(serv);
474 goto err_create;
475 }
476
477 error = lockd_up_net(serv, net);
478 if (error < 0) {
479 lockd_unregister_notifiers();
480 goto err_put;
481 }
482
483 error = lockd_start_svc(serv);
484 if (error < 0) {
485 lockd_down_net(serv, net);
486 goto err_put;
487 }
488 nlmsvc_users++;
489 /*
490 * Note: svc_serv structures have an initial use count of 1,
491 * so we exit through here on both success and failure.
492 */
493err_put:
494 svc_destroy(serv);
495err_create:
496 mutex_unlock(&nlmsvc_mutex);
497 return error;
498}
499EXPORT_SYMBOL_GPL(lockd_up);
500
501/*
502 * Decrement the user count and bring down lockd if we're the last.
503 */
504void
505lockd_down(struct net *net)
506{
507 mutex_lock(&nlmsvc_mutex);
508 lockd_down_net(nlmsvc_rqst->rq_server, net);
509 if (nlmsvc_users) {
510 if (--nlmsvc_users)
511 goto out;
512 } else {
513 printk(KERN_ERR "lockd_down: no users! task=%p\n",
514 nlmsvc_task);
515 BUG();
516 }
517
518 if (!nlmsvc_task) {
519 printk(KERN_ERR "lockd_down: no lockd running.\n");
520 BUG();
521 }
522 kthread_stop(nlmsvc_task);
523 dprintk("lockd_down: service stopped\n");
524 lockd_svc_exit_thread();
525 dprintk("lockd_down: service destroyed\n");
526 nlmsvc_task = NULL;
527 nlmsvc_rqst = NULL;
528out:
529 mutex_unlock(&nlmsvc_mutex);
530}
531EXPORT_SYMBOL_GPL(lockd_down);
532
533#ifdef CONFIG_SYSCTL
534
535/*
536 * Sysctl parameters (same as module parameters, different interface).
537 */
538
539static struct ctl_table nlm_sysctls[] = {
540 {
541 .procname = "nlm_grace_period",
542 .data = &nlm_grace_period,
543 .maxlen = sizeof(unsigned long),
544 .mode = 0644,
545 .proc_handler = proc_doulongvec_minmax,
546 .extra1 = (unsigned long *) &nlm_grace_period_min,
547 .extra2 = (unsigned long *) &nlm_grace_period_max,
548 },
549 {
550 .procname = "nlm_timeout",
551 .data = &nlm_timeout,
552 .maxlen = sizeof(unsigned long),
553 .mode = 0644,
554 .proc_handler = proc_doulongvec_minmax,
555 .extra1 = (unsigned long *) &nlm_timeout_min,
556 .extra2 = (unsigned long *) &nlm_timeout_max,
557 },
558 {
559 .procname = "nlm_udpport",
560 .data = &nlm_udpport,
561 .maxlen = sizeof(int),
562 .mode = 0644,
563 .proc_handler = proc_dointvec_minmax,
564 .extra1 = (int *) &nlm_port_min,
565 .extra2 = (int *) &nlm_port_max,
566 },
567 {
568 .procname = "nlm_tcpport",
569 .data = &nlm_tcpport,
570 .maxlen = sizeof(int),
571 .mode = 0644,
572 .proc_handler = proc_dointvec_minmax,
573 .extra1 = (int *) &nlm_port_min,
574 .extra2 = (int *) &nlm_port_max,
575 },
576 {
577 .procname = "nsm_use_hostnames",
578 .data = &nsm_use_hostnames,
579 .maxlen = sizeof(int),
580 .mode = 0644,
581 .proc_handler = proc_dointvec,
582 },
583 {
584 .procname = "nsm_local_state",
585 .data = &nsm_local_state,
586 .maxlen = sizeof(int),
587 .mode = 0644,
588 .proc_handler = proc_dointvec,
589 },
590 { }
591};
592
593static struct ctl_table nlm_sysctl_dir[] = {
594 {
595 .procname = "nfs",
596 .mode = 0555,
597 .child = nlm_sysctls,
598 },
599 { }
600};
601
602static struct ctl_table nlm_sysctl_root[] = {
603 {
604 .procname = "fs",
605 .mode = 0555,
606 .child = nlm_sysctl_dir,
607 },
608 { }
609};
610
611#endif /* CONFIG_SYSCTL */
612
613/*
614 * Module (and sysfs) parameters.
615 */
616
617#define param_set_min_max(name, type, which_strtol, min, max) \
618static int param_set_##name(const char *val, const struct kernel_param *kp) \
619{ \
620 char *endp; \
621 __typeof__(type) num = which_strtol(val, &endp, 0); \
622 if (endp == val || *endp || num < (min) || num > (max)) \
623 return -EINVAL; \
624 *((type *) kp->arg) = num; \
625 return 0; \
626}
627
628static inline int is_callback(u32 proc)
629{
630 return proc == NLMPROC_GRANTED
631 || proc == NLMPROC_GRANTED_MSG
632 || proc == NLMPROC_TEST_RES
633 || proc == NLMPROC_LOCK_RES
634 || proc == NLMPROC_CANCEL_RES
635 || proc == NLMPROC_UNLOCK_RES
636 || proc == NLMPROC_NSM_NOTIFY;
637}
638
639
640static int lockd_authenticate(struct svc_rqst *rqstp)
641{
642 rqstp->rq_client = NULL;
643 switch (rqstp->rq_authop->flavour) {
644 case RPC_AUTH_NULL:
645 case RPC_AUTH_UNIX:
646 if (rqstp->rq_proc == 0)
647 return SVC_OK;
648 if (is_callback(rqstp->rq_proc)) {
649 /* Leave it to individual procedures to
650 * call nlmsvc_lookup_host(rqstp)
651 */
652 return SVC_OK;
653 }
654 return svc_set_client(rqstp);
655 }
656 return SVC_DENIED;
657}
658
659
660param_set_min_max(port, int, simple_strtol, 0, 65535)
661param_set_min_max(grace_period, unsigned long, simple_strtoul,
662 nlm_grace_period_min, nlm_grace_period_max)
663param_set_min_max(timeout, unsigned long, simple_strtoul,
664 nlm_timeout_min, nlm_timeout_max)
665
666MODULE_AUTHOR("Olaf Kirch <okir@monad.swb.de>");
667MODULE_DESCRIPTION("NFS file locking service version " LOCKD_VERSION ".");
668MODULE_LICENSE("GPL");
669
670module_param_call(nlm_grace_period, param_set_grace_period, param_get_ulong,
671 &nlm_grace_period, 0644);
672module_param_call(nlm_timeout, param_set_timeout, param_get_ulong,
673 &nlm_timeout, 0644);
674module_param_call(nlm_udpport, param_set_port, param_get_int,
675 &nlm_udpport, 0644);
676module_param_call(nlm_tcpport, param_set_port, param_get_int,
677 &nlm_tcpport, 0644);
678module_param(nsm_use_hostnames, bool, 0644);
679module_param(nlm_max_connections, uint, 0644);
680
681static int lockd_init_net(struct net *net)
682{
683 struct lockd_net *ln = net_generic(net, lockd_net_id);
684
685 INIT_DELAYED_WORK(&ln->grace_period_end, grace_ender);
686 INIT_LIST_HEAD(&ln->lockd_manager.list);
687 ln->lockd_manager.block_opens = false;
688 INIT_LIST_HEAD(&ln->nsm_handles);
689 return 0;
690}
691
692static void lockd_exit_net(struct net *net)
693{
694 struct lockd_net *ln = net_generic(net, lockd_net_id);
695
696 WARN_ONCE(!list_empty(&ln->lockd_manager.list),
697 "net %x %s: lockd_manager.list is not empty\n",
698 net->ns.inum, __func__);
699 WARN_ONCE(!list_empty(&ln->nsm_handles),
700 "net %x %s: nsm_handles list is not empty\n",
701 net->ns.inum, __func__);
702 WARN_ONCE(delayed_work_pending(&ln->grace_period_end),
703 "net %x %s: grace_period_end was not cancelled\n",
704 net->ns.inum, __func__);
705}
706
707static struct pernet_operations lockd_net_ops = {
708 .init = lockd_init_net,
709 .exit = lockd_exit_net,
710 .id = &lockd_net_id,
711 .size = sizeof(struct lockd_net),
712};
713
714
715/*
716 * Initialising and terminating the module.
717 */
718
719static int __init init_nlm(void)
720{
721 int err;
722
723#ifdef CONFIG_SYSCTL
724 err = -ENOMEM;
725 nlm_sysctl_table = register_sysctl_table(nlm_sysctl_root);
726 if (nlm_sysctl_table == NULL)
727 goto err_sysctl;
728#endif
729 err = register_pernet_subsys(&lockd_net_ops);
730 if (err)
731 goto err_pernet;
732
733 err = lockd_create_procfs();
734 if (err)
735 goto err_procfs;
736
737 return 0;
738
739err_procfs:
740 unregister_pernet_subsys(&lockd_net_ops);
741err_pernet:
742#ifdef CONFIG_SYSCTL
743 unregister_sysctl_table(nlm_sysctl_table);
744err_sysctl:
745#endif
746 return err;
747}
748
749static void __exit exit_nlm(void)
750{
751 /* FIXME: delete all NLM clients */
752 nlm_shutdown_hosts();
753 lockd_remove_procfs();
754 unregister_pernet_subsys(&lockd_net_ops);
755#ifdef CONFIG_SYSCTL
756 unregister_sysctl_table(nlm_sysctl_table);
757#endif
758}
759
760module_init(init_nlm);
761module_exit(exit_nlm);
762
763/*
764 * Define NLM program and procedures
765 */
766static unsigned int nlmsvc_version1_count[17];
767static const struct svc_version nlmsvc_version1 = {
768 .vs_vers = 1,
769 .vs_nproc = 17,
770 .vs_proc = nlmsvc_procedures,
771 .vs_count = nlmsvc_version1_count,
772 .vs_xdrsize = NLMSVC_XDRSIZE,
773};
774static unsigned int nlmsvc_version3_count[24];
775static const struct svc_version nlmsvc_version3 = {
776 .vs_vers = 3,
777 .vs_nproc = 24,
778 .vs_proc = nlmsvc_procedures,
779 .vs_count = nlmsvc_version3_count,
780 .vs_xdrsize = NLMSVC_XDRSIZE,
781};
782#ifdef CONFIG_LOCKD_V4
783static unsigned int nlmsvc_version4_count[24];
784static const struct svc_version nlmsvc_version4 = {
785 .vs_vers = 4,
786 .vs_nproc = 24,
787 .vs_proc = nlmsvc_procedures4,
788 .vs_count = nlmsvc_version4_count,
789 .vs_xdrsize = NLMSVC_XDRSIZE,
790};
791#endif
792static const struct svc_version *nlmsvc_version[] = {
793 [1] = &nlmsvc_version1,
794 [3] = &nlmsvc_version3,
795#ifdef CONFIG_LOCKD_V4
796 [4] = &nlmsvc_version4,
797#endif
798};
799
800static struct svc_stat nlmsvc_stats;
801
802#define NLM_NRVERS ARRAY_SIZE(nlmsvc_version)
803static struct svc_program nlmsvc_program = {
804 .pg_prog = NLM_PROGRAM, /* program number */
805 .pg_nvers = NLM_NRVERS, /* number of entries in nlmsvc_version */
806 .pg_vers = nlmsvc_version, /* version table */
807 .pg_name = "lockd", /* service name */
808 .pg_class = "nfsd", /* share authentication with nfsd */
809 .pg_stats = &nlmsvc_stats, /* stats table */
810 .pg_authenticate = &lockd_authenticate /* export authentication */
811};
1/*
2 * linux/fs/lockd/svc.c
3 *
4 * This is the central lockd service.
5 *
6 * FIXME: Separate the lockd NFS server functionality from the lockd NFS
7 * client functionality. Oh why didn't Sun create two separate
8 * services in the first place?
9 *
10 * Authors: Olaf Kirch (okir@monad.swb.de)
11 *
12 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
13 */
14
15#include <linux/module.h>
16#include <linux/init.h>
17#include <linux/sysctl.h>
18#include <linux/moduleparam.h>
19
20#include <linux/sched.h>
21#include <linux/errno.h>
22#include <linux/in.h>
23#include <linux/uio.h>
24#include <linux/smp.h>
25#include <linux/mutex.h>
26#include <linux/kthread.h>
27#include <linux/freezer.h>
28
29#include <linux/sunrpc/types.h>
30#include <linux/sunrpc/stats.h>
31#include <linux/sunrpc/clnt.h>
32#include <linux/sunrpc/svc.h>
33#include <linux/sunrpc/svcsock.h>
34#include <net/ip.h>
35#include <linux/lockd/lockd.h>
36#include <linux/nfs.h>
37
38#include "netns.h"
39
40#define NLMDBG_FACILITY NLMDBG_SVC
41#define LOCKD_BUFSIZE (1024 + NLMSVC_XDRSIZE)
42#define ALLOWED_SIGS (sigmask(SIGKILL))
43
44static struct svc_program nlmsvc_program;
45
46struct nlmsvc_binding * nlmsvc_ops;
47EXPORT_SYMBOL_GPL(nlmsvc_ops);
48
49static DEFINE_MUTEX(nlmsvc_mutex);
50static unsigned int nlmsvc_users;
51static struct task_struct *nlmsvc_task;
52static struct svc_rqst *nlmsvc_rqst;
53unsigned long nlmsvc_timeout;
54
55int lockd_net_id;
56
57/*
58 * These can be set at insmod time (useful for NFS as root filesystem),
59 * and also changed through the sysctl interface. -- Jamie Lokier, Aug 2003
60 */
61static unsigned long nlm_grace_period;
62static unsigned long nlm_timeout = LOCKD_DFLT_TIMEO;
63static int nlm_udpport, nlm_tcpport;
64
65/* RLIM_NOFILE defaults to 1024. That seems like a reasonable default here. */
66static unsigned int nlm_max_connections = 1024;
67
68/*
69 * Constants needed for the sysctl interface.
70 */
71static const unsigned long nlm_grace_period_min = 0;
72static const unsigned long nlm_grace_period_max = 240;
73static const unsigned long nlm_timeout_min = 3;
74static const unsigned long nlm_timeout_max = 20;
75static const int nlm_port_min = 0, nlm_port_max = 65535;
76
77#ifdef CONFIG_SYSCTL
78static struct ctl_table_header * nlm_sysctl_table;
79#endif
80
81static unsigned long get_lockd_grace_period(void)
82{
83 /* Note: nlm_timeout should always be nonzero */
84 if (nlm_grace_period)
85 return roundup(nlm_grace_period, nlm_timeout) * HZ;
86 else
87 return nlm_timeout * 5 * HZ;
88}
89
90static void grace_ender(struct work_struct *grace)
91{
92 struct delayed_work *dwork = container_of(grace, struct delayed_work,
93 work);
94 struct lockd_net *ln = container_of(dwork, struct lockd_net,
95 grace_period_end);
96
97 locks_end_grace(&ln->lockd_manager);
98}
99
100static void set_grace_period(struct net *net)
101{
102 unsigned long grace_period = get_lockd_grace_period();
103 struct lockd_net *ln = net_generic(net, lockd_net_id);
104
105 locks_start_grace(net, &ln->lockd_manager);
106 cancel_delayed_work_sync(&ln->grace_period_end);
107 schedule_delayed_work(&ln->grace_period_end, grace_period);
108}
109
110static void restart_grace(void)
111{
112 if (nlmsvc_ops) {
113 struct net *net = &init_net;
114 struct lockd_net *ln = net_generic(net, lockd_net_id);
115
116 cancel_delayed_work_sync(&ln->grace_period_end);
117 locks_end_grace(&ln->lockd_manager);
118 nlmsvc_invalidate_all();
119 set_grace_period(net);
120 }
121}
122
123/*
124 * This is the lockd kernel thread
125 */
126static int
127lockd(void *vrqstp)
128{
129 int err = 0;
130 struct svc_rqst *rqstp = vrqstp;
131
132 /* try_to_freeze() is called from svc_recv() */
133 set_freezable();
134
135 /* Allow SIGKILL to tell lockd to drop all of its locks */
136 allow_signal(SIGKILL);
137
138 dprintk("NFS locking service started (ver " LOCKD_VERSION ").\n");
139
140 if (!nlm_timeout)
141 nlm_timeout = LOCKD_DFLT_TIMEO;
142 nlmsvc_timeout = nlm_timeout * HZ;
143
144 /*
145 * The main request loop. We don't terminate until the last
146 * NFS mount or NFS daemon has gone away.
147 */
148 while (!kthread_should_stop()) {
149 long timeout = MAX_SCHEDULE_TIMEOUT;
150 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
151
152 /* update sv_maxconn if it has changed */
153 rqstp->rq_server->sv_maxconn = nlm_max_connections;
154
155 if (signalled()) {
156 flush_signals(current);
157 restart_grace();
158 continue;
159 }
160
161 timeout = nlmsvc_retry_blocked();
162
163 /*
164 * Find a socket with data available and call its
165 * recvfrom routine.
166 */
167 err = svc_recv(rqstp, timeout);
168 if (err == -EAGAIN || err == -EINTR)
169 continue;
170 dprintk("lockd: request from %s\n",
171 svc_print_addr(rqstp, buf, sizeof(buf)));
172
173 svc_process(rqstp);
174 }
175 flush_signals(current);
176 if (nlmsvc_ops)
177 nlmsvc_invalidate_all();
178 nlm_shutdown_hosts();
179 return 0;
180}
181
182static int create_lockd_listener(struct svc_serv *serv, const char *name,
183 struct net *net, const int family,
184 const unsigned short port)
185{
186 struct svc_xprt *xprt;
187
188 xprt = svc_find_xprt(serv, name, net, family, 0);
189 if (xprt == NULL)
190 return svc_create_xprt(serv, name, net, family, port,
191 SVC_SOCK_DEFAULTS);
192 svc_xprt_put(xprt);
193 return 0;
194}
195
196static int create_lockd_family(struct svc_serv *serv, struct net *net,
197 const int family)
198{
199 int err;
200
201 err = create_lockd_listener(serv, "udp", net, family, nlm_udpport);
202 if (err < 0)
203 return err;
204
205 return create_lockd_listener(serv, "tcp", net, family, nlm_tcpport);
206}
207
208/*
209 * Ensure there are active UDP and TCP listeners for lockd.
210 *
211 * Even if we have only TCP NFS mounts and/or TCP NFSDs, some
212 * local services (such as rpc.statd) still require UDP, and
213 * some NFS servers do not yet support NLM over TCP.
214 *
215 * Returns zero if all listeners are available; otherwise a
216 * negative errno value is returned.
217 */
218static int make_socks(struct svc_serv *serv, struct net *net)
219{
220 static int warned;
221 int err;
222
223 err = create_lockd_family(serv, net, PF_INET);
224 if (err < 0)
225 goto out_err;
226
227 err = create_lockd_family(serv, net, PF_INET6);
228 if (err < 0 && err != -EAFNOSUPPORT)
229 goto out_err;
230
231 warned = 0;
232 return 0;
233
234out_err:
235 if (warned++ == 0)
236 printk(KERN_WARNING
237 "lockd_up: makesock failed, error=%d\n", err);
238 svc_shutdown_net(serv, net);
239 return err;
240}
241
242static int lockd_up_net(struct svc_serv *serv, struct net *net)
243{
244 struct lockd_net *ln = net_generic(net, lockd_net_id);
245 int error;
246
247 if (ln->nlmsvc_users++)
248 return 0;
249
250 error = svc_bind(serv, net);
251 if (error)
252 goto err_bind;
253
254 error = make_socks(serv, net);
255 if (error < 0)
256 goto err_socks;
257 set_grace_period(net);
258 dprintk("lockd_up_net: per-net data created; net=%p\n", net);
259 return 0;
260
261err_socks:
262 svc_rpcb_cleanup(serv, net);
263err_bind:
264 ln->nlmsvc_users--;
265 return error;
266}
267
268static void lockd_down_net(struct svc_serv *serv, struct net *net)
269{
270 struct lockd_net *ln = net_generic(net, lockd_net_id);
271
272 if (ln->nlmsvc_users) {
273 if (--ln->nlmsvc_users == 0) {
274 nlm_shutdown_hosts_net(net);
275 cancel_delayed_work_sync(&ln->grace_period_end);
276 locks_end_grace(&ln->lockd_manager);
277 svc_shutdown_net(serv, net);
278 dprintk("lockd_down_net: per-net data destroyed; net=%p\n", net);
279 }
280 } else {
281 printk(KERN_ERR "lockd_down_net: no users! task=%p, net=%p\n",
282 nlmsvc_task, net);
283 BUG();
284 }
285}
286
287static int lockd_start_svc(struct svc_serv *serv)
288{
289 int error;
290
291 if (nlmsvc_rqst)
292 return 0;
293
294 /*
295 * Create the kernel thread and wait for it to start.
296 */
297 nlmsvc_rqst = svc_prepare_thread(serv, &serv->sv_pools[0], NUMA_NO_NODE);
298 if (IS_ERR(nlmsvc_rqst)) {
299 error = PTR_ERR(nlmsvc_rqst);
300 printk(KERN_WARNING
301 "lockd_up: svc_rqst allocation failed, error=%d\n",
302 error);
303 goto out_rqst;
304 }
305
306 svc_sock_update_bufs(serv);
307 serv->sv_maxconn = nlm_max_connections;
308
309 nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name);
310 if (IS_ERR(nlmsvc_task)) {
311 error = PTR_ERR(nlmsvc_task);
312 printk(KERN_WARNING
313 "lockd_up: kthread_run failed, error=%d\n", error);
314 goto out_task;
315 }
316 dprintk("lockd_up: service started\n");
317 return 0;
318
319out_task:
320 svc_exit_thread(nlmsvc_rqst);
321 nlmsvc_task = NULL;
322out_rqst:
323 nlmsvc_rqst = NULL;
324 return error;
325}
326
327static struct svc_serv *lockd_create_svc(void)
328{
329 struct svc_serv *serv;
330
331 /*
332 * Check whether we're already up and running.
333 */
334 if (nlmsvc_rqst) {
335 /*
336 * Note: increase service usage, because later in case of error
337 * svc_destroy() will be called.
338 */
339 svc_get(nlmsvc_rqst->rq_server);
340 return nlmsvc_rqst->rq_server;
341 }
342
343 /*
344 * Sanity check: if there's no pid,
345 * we should be the first user ...
346 */
347 if (nlmsvc_users)
348 printk(KERN_WARNING
349 "lockd_up: no pid, %d users??\n", nlmsvc_users);
350
351 serv = svc_create(&nlmsvc_program, LOCKD_BUFSIZE, NULL);
352 if (!serv) {
353 printk(KERN_WARNING "lockd_up: create service failed\n");
354 return ERR_PTR(-ENOMEM);
355 }
356 dprintk("lockd_up: service created\n");
357 return serv;
358}
359
360/*
361 * Bring up the lockd process if it's not already up.
362 */
363int lockd_up(struct net *net)
364{
365 struct svc_serv *serv;
366 int error;
367
368 mutex_lock(&nlmsvc_mutex);
369
370 serv = lockd_create_svc();
371 if (IS_ERR(serv)) {
372 error = PTR_ERR(serv);
373 goto err_create;
374 }
375
376 error = lockd_up_net(serv, net);
377 if (error < 0)
378 goto err_net;
379
380 error = lockd_start_svc(serv);
381 if (error < 0)
382 goto err_start;
383
384 nlmsvc_users++;
385 /*
386 * Note: svc_serv structures have an initial use count of 1,
387 * so we exit through here on both success and failure.
388 */
389err_net:
390 svc_destroy(serv);
391err_create:
392 mutex_unlock(&nlmsvc_mutex);
393 return error;
394
395err_start:
396 lockd_down_net(serv, net);
397 goto err_net;
398}
399EXPORT_SYMBOL_GPL(lockd_up);
400
401/*
402 * Decrement the user count and bring down lockd if we're the last.
403 */
404void
405lockd_down(struct net *net)
406{
407 mutex_lock(&nlmsvc_mutex);
408 lockd_down_net(nlmsvc_rqst->rq_server, net);
409 if (nlmsvc_users) {
410 if (--nlmsvc_users)
411 goto out;
412 } else {
413 printk(KERN_ERR "lockd_down: no users! task=%p\n",
414 nlmsvc_task);
415 BUG();
416 }
417
418 if (!nlmsvc_task) {
419 printk(KERN_ERR "lockd_down: no lockd running.\n");
420 BUG();
421 }
422 kthread_stop(nlmsvc_task);
423 dprintk("lockd_down: service stopped\n");
424 svc_exit_thread(nlmsvc_rqst);
425 dprintk("lockd_down: service destroyed\n");
426 nlmsvc_task = NULL;
427 nlmsvc_rqst = NULL;
428out:
429 mutex_unlock(&nlmsvc_mutex);
430}
431EXPORT_SYMBOL_GPL(lockd_down);
432
433#ifdef CONFIG_SYSCTL
434
435/*
436 * Sysctl parameters (same as module parameters, different interface).
437 */
438
439static ctl_table nlm_sysctls[] = {
440 {
441 .procname = "nlm_grace_period",
442 .data = &nlm_grace_period,
443 .maxlen = sizeof(unsigned long),
444 .mode = 0644,
445 .proc_handler = proc_doulongvec_minmax,
446 .extra1 = (unsigned long *) &nlm_grace_period_min,
447 .extra2 = (unsigned long *) &nlm_grace_period_max,
448 },
449 {
450 .procname = "nlm_timeout",
451 .data = &nlm_timeout,
452 .maxlen = sizeof(unsigned long),
453 .mode = 0644,
454 .proc_handler = proc_doulongvec_minmax,
455 .extra1 = (unsigned long *) &nlm_timeout_min,
456 .extra2 = (unsigned long *) &nlm_timeout_max,
457 },
458 {
459 .procname = "nlm_udpport",
460 .data = &nlm_udpport,
461 .maxlen = sizeof(int),
462 .mode = 0644,
463 .proc_handler = proc_dointvec_minmax,
464 .extra1 = (int *) &nlm_port_min,
465 .extra2 = (int *) &nlm_port_max,
466 },
467 {
468 .procname = "nlm_tcpport",
469 .data = &nlm_tcpport,
470 .maxlen = sizeof(int),
471 .mode = 0644,
472 .proc_handler = proc_dointvec_minmax,
473 .extra1 = (int *) &nlm_port_min,
474 .extra2 = (int *) &nlm_port_max,
475 },
476 {
477 .procname = "nsm_use_hostnames",
478 .data = &nsm_use_hostnames,
479 .maxlen = sizeof(int),
480 .mode = 0644,
481 .proc_handler = proc_dointvec,
482 },
483 {
484 .procname = "nsm_local_state",
485 .data = &nsm_local_state,
486 .maxlen = sizeof(int),
487 .mode = 0644,
488 .proc_handler = proc_dointvec,
489 },
490 { }
491};
492
493static ctl_table nlm_sysctl_dir[] = {
494 {
495 .procname = "nfs",
496 .mode = 0555,
497 .child = nlm_sysctls,
498 },
499 { }
500};
501
502static ctl_table nlm_sysctl_root[] = {
503 {
504 .procname = "fs",
505 .mode = 0555,
506 .child = nlm_sysctl_dir,
507 },
508 { }
509};
510
511#endif /* CONFIG_SYSCTL */
512
513/*
514 * Module (and sysfs) parameters.
515 */
516
517#define param_set_min_max(name, type, which_strtol, min, max) \
518static int param_set_##name(const char *val, struct kernel_param *kp) \
519{ \
520 char *endp; \
521 __typeof__(type) num = which_strtol(val, &endp, 0); \
522 if (endp == val || *endp || num < (min) || num > (max)) \
523 return -EINVAL; \
524 *((type *) kp->arg) = num; \
525 return 0; \
526}
527
528static inline int is_callback(u32 proc)
529{
530 return proc == NLMPROC_GRANTED
531 || proc == NLMPROC_GRANTED_MSG
532 || proc == NLMPROC_TEST_RES
533 || proc == NLMPROC_LOCK_RES
534 || proc == NLMPROC_CANCEL_RES
535 || proc == NLMPROC_UNLOCK_RES
536 || proc == NLMPROC_NSM_NOTIFY;
537}
538
539
540static int lockd_authenticate(struct svc_rqst *rqstp)
541{
542 rqstp->rq_client = NULL;
543 switch (rqstp->rq_authop->flavour) {
544 case RPC_AUTH_NULL:
545 case RPC_AUTH_UNIX:
546 if (rqstp->rq_proc == 0)
547 return SVC_OK;
548 if (is_callback(rqstp->rq_proc)) {
549 /* Leave it to individual procedures to
550 * call nlmsvc_lookup_host(rqstp)
551 */
552 return SVC_OK;
553 }
554 return svc_set_client(rqstp);
555 }
556 return SVC_DENIED;
557}
558
559
560param_set_min_max(port, int, simple_strtol, 0, 65535)
561param_set_min_max(grace_period, unsigned long, simple_strtoul,
562 nlm_grace_period_min, nlm_grace_period_max)
563param_set_min_max(timeout, unsigned long, simple_strtoul,
564 nlm_timeout_min, nlm_timeout_max)
565
566MODULE_AUTHOR("Olaf Kirch <okir@monad.swb.de>");
567MODULE_DESCRIPTION("NFS file locking service version " LOCKD_VERSION ".");
568MODULE_LICENSE("GPL");
569
570module_param_call(nlm_grace_period, param_set_grace_period, param_get_ulong,
571 &nlm_grace_period, 0644);
572module_param_call(nlm_timeout, param_set_timeout, param_get_ulong,
573 &nlm_timeout, 0644);
574module_param_call(nlm_udpport, param_set_port, param_get_int,
575 &nlm_udpport, 0644);
576module_param_call(nlm_tcpport, param_set_port, param_get_int,
577 &nlm_tcpport, 0644);
578module_param(nsm_use_hostnames, bool, 0644);
579module_param(nlm_max_connections, uint, 0644);
580
581static int lockd_init_net(struct net *net)
582{
583 struct lockd_net *ln = net_generic(net, lockd_net_id);
584
585 INIT_DELAYED_WORK(&ln->grace_period_end, grace_ender);
586 INIT_LIST_HEAD(&ln->grace_list);
587 spin_lock_init(&ln->nsm_clnt_lock);
588 return 0;
589}
590
591static void lockd_exit_net(struct net *net)
592{
593}
594
595static struct pernet_operations lockd_net_ops = {
596 .init = lockd_init_net,
597 .exit = lockd_exit_net,
598 .id = &lockd_net_id,
599 .size = sizeof(struct lockd_net),
600};
601
602
603/*
604 * Initialising and terminating the module.
605 */
606
607static int __init init_nlm(void)
608{
609 int err;
610
611#ifdef CONFIG_SYSCTL
612 err = -ENOMEM;
613 nlm_sysctl_table = register_sysctl_table(nlm_sysctl_root);
614 if (nlm_sysctl_table == NULL)
615 goto err_sysctl;
616#endif
617 err = register_pernet_subsys(&lockd_net_ops);
618 if (err)
619 goto err_pernet;
620 return 0;
621
622err_pernet:
623#ifdef CONFIG_SYSCTL
624 unregister_sysctl_table(nlm_sysctl_table);
625#endif
626err_sysctl:
627 return err;
628}
629
630static void __exit exit_nlm(void)
631{
632 /* FIXME: delete all NLM clients */
633 nlm_shutdown_hosts();
634 unregister_pernet_subsys(&lockd_net_ops);
635#ifdef CONFIG_SYSCTL
636 unregister_sysctl_table(nlm_sysctl_table);
637#endif
638}
639
640module_init(init_nlm);
641module_exit(exit_nlm);
642
643/*
644 * Define NLM program and procedures
645 */
646static struct svc_version nlmsvc_version1 = {
647 .vs_vers = 1,
648 .vs_nproc = 17,
649 .vs_proc = nlmsvc_procedures,
650 .vs_xdrsize = NLMSVC_XDRSIZE,
651};
652static struct svc_version nlmsvc_version3 = {
653 .vs_vers = 3,
654 .vs_nproc = 24,
655 .vs_proc = nlmsvc_procedures,
656 .vs_xdrsize = NLMSVC_XDRSIZE,
657};
658#ifdef CONFIG_LOCKD_V4
659static struct svc_version nlmsvc_version4 = {
660 .vs_vers = 4,
661 .vs_nproc = 24,
662 .vs_proc = nlmsvc_procedures4,
663 .vs_xdrsize = NLMSVC_XDRSIZE,
664};
665#endif
666static struct svc_version * nlmsvc_version[] = {
667 [1] = &nlmsvc_version1,
668 [3] = &nlmsvc_version3,
669#ifdef CONFIG_LOCKD_V4
670 [4] = &nlmsvc_version4,
671#endif
672};
673
674static struct svc_stat nlmsvc_stats;
675
676#define NLM_NRVERS ARRAY_SIZE(nlmsvc_version)
677static struct svc_program nlmsvc_program = {
678 .pg_prog = NLM_PROGRAM, /* program number */
679 .pg_nvers = NLM_NRVERS, /* number of entries in nlmsvc_version */
680 .pg_vers = nlmsvc_version, /* version table */
681 .pg_name = "lockd", /* service name */
682 .pg_class = "nfsd", /* share authentication with nfsd */
683 .pg_stats = &nlmsvc_stats, /* stats table */
684 .pg_authenticate = &lockd_authenticate /* export authentication */
685};