1. 07 6月, 2013 11 次提交
  2. 31 5月, 2013 1 次提交
    • C
      NFS: Fix security flavor negotiation with legacy binary mounts · eb54d437
      Chuck Lever 提交于
      Darrick J. Wong <darrick.wong@oracle.com> reports:
      > I have a kvm-based testing setup that netboots VMs over NFS, the
      > client end of which seems to have broken somehow in 3.10-rc1.  The
      > server's exports file looks like this:
      >
      > /storage/mtr/x64	192.168.122.0/24(ro,sync,no_root_squash,no_subtree_check)
      >
      > On the client end (inside the VM), the initrd runs the following
      > command to try to mount the rootfs over NFS:
      >
      > # mount -o nolock -o ro -o retrans=10 192.168.122.1:/storage/mtr/x64/ /root
      >
      > (Note: This is the busybox mount command.)
      >
      > The mount fails with -EINVAL.
      
      Commit 4580a92d "NFS: Use server-recommended security flavor by
      default (NFSv3)" introduced a behavior regression for NFS mounts
      done via a legacy binary mount(2) call.
      
      Ensure that a default security flavor is specified for legacy binary
      mount requests, since they do not invoke nfs_select_flavor() in the
      kernel.
      
      Busybox uses klibc's nfsmount command, which performs NFS mounts
      using the legacy binary mount data format.  /sbin/mount.nfs is not
      affected by this regression.
      Reported-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Tested-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Acked-by: NWeston Andros Adamson <dros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      eb54d437
  3. 30 5月, 2013 1 次提交
  4. 24 5月, 2013 1 次提交
  5. 21 5月, 2013 1 次提交
    • A
      NFSv4.1 Fix a pNFS session draining deadlock · 774d5f14
      Andy Adamson 提交于
      On a CB_RECALL the callback service thread flushes the inode using
      filemap_flush prior to scheduling the state manager thread to return the
      delegation. When pNFS is used and I/O has not yet gone to the data server
      servicing the inode, a LAYOUTGET can preceed the I/O. Unlike the async
      filemap_flush call, the LAYOUTGET must proceed to completion.
      
      If the state manager starts to recover data while the inode flush is sending
      the LAYOUTGET, a deadlock occurs as the callback service thread holds the
      single callback session slot until the flushing is done which blocks the state
      manager thread, and the state manager thread has set the session draining bit
      which puts the inode flush LAYOUTGET RPC to sleep on the forechannel slot
      table waitq.
      
      Separate the draining of the back channel from the draining of the fore channel
      by moving the NFS4_SESSION_DRAINING bit from session scope into the fore
      and back slot tables.  Drain the back channel first allowing the LAYOUTGET
      call to proceed (and fail) so the callback service thread frees the callback
      slot. Then proceed with draining the forechannel.
      Signed-off-by: NAndy Adamson <andros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      774d5f14
  6. 09 5月, 2013 1 次提交
    • A
      NFS4.1 Fix data server connection race · c23266d5
      Andy Adamson 提交于
      Unlike meta data server mounts which support multiple mount points to
      the same server via struct nfs_server, data servers support a single connection.
      
      Concurrent calls to setup the data server connection can race where the first
      call allocates the nfs_client struct, and before the cache struct nfs_client
      pointer can be set, a second call also tries to setup the connection, finds the
      already allocated nfs_client, bumps the reference count, re-initializes the
      session,etc. This results in a hanging data server session after umount.
      Signed-off-by: NAndy Adamson <andros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      c23266d5
  7. 07 5月, 2013 4 次提交
    • A
      make blkdev_put() return void · 4385bab1
      Al Viro 提交于
      same story as with the previous patches - note that return
      value of blkdev_close() is lost, since there's nowhere the
      caller (__fput()) could return it to.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      4385bab1
    • W
      NFSv3: match sec= flavor against server list · d497ab97
      Weston Andros Adamson 提交于
      Older linux clients match the 'sec=' mount option flavor against the server's
      flavor list (if available) and return EPERM if the specified flavor or AUTH_NULL
      (which "matches" any flavor) is not found.
      
      Recent changes skip this step and allow the vfs mount even though no operations
      will succeed, creating a 'dud' mount.
      
      This patch reverts back to the old behavior of matching specified flavors
      against the server list and also returns EPERM when no sec= is specified and
      none of the flavors returned by the server are supported by the client.
      
      Example of behavior change:
      
      the server's /etc/exports:
      
      /export/krb5      *(sec=krb5,rw,no_root_squash)
      
      old client behavior:
      
      $ uname -a
      Linux one.apikia.fake 3.8.8-202.fc18.x86_64 #1 SMP Wed Apr 17 23:25:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
      $ sudo mount -v -o sec=sys,vers=3 zero:/export/krb5 /mnt
      mount.nfs: timeout set for Sun May  5 17:32:04 2013
      mount.nfs: trying text-based options 'sec=sys,vers=3,addr=192.168.100.10'
      mount.nfs: prog 100003, trying vers=3, prot=6
      mount.nfs: trying 192.168.100.10 prog 100003 vers 3 prot TCP port 2049
      mount.nfs: prog 100005, trying vers=3, prot=17
      mount.nfs: trying 192.168.100.10 prog 100005 vers 3 prot UDP port 20048
      mount.nfs: mount(2): Permission denied
      mount.nfs: access denied by server while mounting zero:/export/krb5
      
      recently changed behavior:
      
      $ uname -a
      Linux one.apikia.fake 3.9.0-testing+ #2 SMP Fri May 3 20:29:32 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux
      $ sudo mount -v -o sec=sys,vers=3 zero:/export/krb5 /mnt
      mount.nfs: timeout set for Sun May  5 17:37:17 2013
      mount.nfs: trying text-based options 'sec=sys,vers=3,addr=192.168.100.10'
      mount.nfs: prog 100003, trying vers=3, prot=6
      mount.nfs: trying 192.168.100.10 prog 100003 vers 3 prot TCP port 2049
      mount.nfs: prog 100005, trying vers=3, prot=17
      mount.nfs: trying 192.168.100.10 prog 100005 vers 3 prot UDP port 20048
      $ ls /mnt
      ls: cannot open directory /mnt: Permission denied
      $ sudo ls /mnt
      ls: cannot open directory /mnt: Permission denied
      $ sudo df /mnt
      df: ‘/mnt’: Permission denied
      df: no file systems processed
      $ sudo umount /mnt
      $
      Signed-off-by: NWeston Andros Adamson <dros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      d497ab97
    • T
      NFSv4.1: Ensure that we free the lock stateid on the server · c8b2d0bf
      Trond Myklebust 提交于
      This ensures that the server doesn't need to keep huge numbers of
      lock stateids waiting around for the final CLOSE.
      See section 8.2.4 in RFC5661.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      c8b2d0bf
    • T
      NFSv4: Convert nfs41_free_stateid to use an asynchronous RPC call · 7c1d5fae
      Trond Myklebust 提交于
      The main reason for doing this is will be to allow for an asynchronous
      RPC mode that we can use for freeing lock stateids as per section
      8.2.4 of RFC5661.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      7c1d5fae
  8. 04 5月, 2013 1 次提交
  9. 29 4月, 2013 2 次提交
  10. 24 4月, 2013 3 次提交
  11. 23 4月, 2013 1 次提交
    • C
      NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE · 79d852bf
      Chuck Lever 提交于
      Recently I changed the SETCLIENTID code to use AUTH_GSS(krb5i), and
      then retry with AUTH_NONE if that didn't work.  This was to enable
      Kerberos NFS mounts to work without forcing Linux NFS clients to
      have a keytab on hand.
      
      Rick Macklem reports that the FreeBSD server accepts AUTH_NONE only
      for NULL operations (thus certainly not for SETCLIENTID).  Falling
      back to AUTH_NONE means our proposed 3.10 NFS client will not
      interoperate with FreeBSD servers over NFSv4 unless Kerberos is
      fully configured on both ends.
      
      If the Linux client falls back to using AUTH_SYS instead for
      SETCLIENTID, all should work fine as long as the NFS server is
      configured to allow AUTH_SYS for SETCLIENTID.
      
      This may still prevent access to Kerberos-only FreeBSD servers by
      Linux clients with no keytab.  Rick is of the opinion that the
      security settings the server applies to its pseudo-fs should also
      apply to the SETCLIENTID operation.
      
      Linux and Solaris NFS servers do not place that limitation on
      SETCLIENTID.  The security settings for the server's pseudo-fs are
      determined automatically as the union of security flavors allowed on
      real exports, as recommended by RFC 3530bis; and the flavors allowed
      for SETCLIENTID are all flavors supported by the respective server
      implementation.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      79d852bf
  12. 22 4月, 2013 1 次提交
  13. 20 4月, 2013 3 次提交
  14. 17 4月, 2013 1 次提交
  15. 15 4月, 2013 1 次提交
  16. 13 4月, 2013 1 次提交
  17. 12 4月, 2013 1 次提交
  18. 11 4月, 2013 3 次提交
  19. 10 4月, 2013 1 次提交
  20. 09 4月, 2013 1 次提交