summaryrefslogtreecommitdiffstats
path: root/fs/nfs/nfs4proc.c
AgeCommit message (Collapse)Author
2013-07-09Merge tag 'nfs-for-3.11-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds
Pull NFS client updates from Trond Myklebust: "Feature highlights include: - Add basic client support for NFSv4.2 - Add basic client support for Labeled NFS (selinux for NFSv4.2) - Fix the use of credentials in NFSv4.1 stateful operations, and add support for NFSv4.1 state protection. Bugfix highlights: - Fix another NFSv4 open state recovery race - Fix an NFSv4.1 back channel session regression - Various rpc_pipefs races - Fix another issue with NFSv3 auth negotiation Please note that Labeled NFS does require some additional support from the security subsystem. The relevant changesets have all been reviewed and acked by James Morris." * tag 'nfs-for-3.11-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (54 commits) NFS: Set NFS_CS_MIGRATION for NFSv4 mounts NFSv4.1 Refactor nfs4_init_session and nfs4_init_channel_attrs nfs: have NFSv3 try server-specified auth flavors in turn nfs: have nfs_mount fake up a auth_flavs list when the server didn't provide it nfs: move server_authlist into nfs_try_mount_request nfs: refactor "need_mount" code out of nfs_try_mount SUNRPC: PipeFS MOUNT notification optimization for dying clients SUNRPC: split client creation routine into setup and registration SUNRPC: fix races on PipeFS UMOUNT notifications SUNRPC: fix races on PipeFS MOUNT notifications NFSv4.1 use pnfs_device maxcount for the objectlayout gdia_maxcount NFSv4.1 use pnfs_device maxcount for the blocklayout gdia_maxcount NFSv4.1 Fix gdia_maxcount calculation to fit in ca_maxresponsesize NFS: Improve legacy idmapping fallback NFSv4.1 end back channel session draining NFS: Apply v4.1 capabilities to v4.2 NFSv4.1: Clean up layout segment comparison helper names NFSv4.1: layout segment comparison helpers should take 'const' parameters NFSv4: Move the DNS resolver into the NFSv4 module rpc_pipefs: only set rpc_dentry_ops if d_op isn't already set ...
2013-06-28Merge branch 'labeled-nfs' into linux-nextTrond Myklebust
* labeled-nfs: NFS: Apply v4.1 capabilities to v4.2 NFS: Add in v4.2 callback operation NFS: Make callbacks minor version generic Kconfig: Add Kconfig entry for Labeled NFS V4 client NFS: Extend NFS xattr handlers to accept the security namespace NFS: Client implementation of Labeled-NFS NFS: Add label lifecycle management NFS:Add labels to client function prototypes NFSv4: Extend fattr bitmaps to support all 3 words NFSv4: Introduce new label structure NFSv4: Add label recommended attribute and NFSv4 flags NFSv4.2: Added NFS v4.2 support to the NFS client SELinux: Add new labeling type native labels LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data. Security: Add Hook to test if the particular xattr is part of a MAC model. Security: Add hook to calculate context based on a negative dentry. NFS: Add NFSv4.2 protocol constants Conflicts: fs/nfs/nfs4proc.c
2013-06-28NFSv4.1 Refactor nfs4_init_session and nfs4_init_channel_attrsAndy Adamson
nfs4_init_session was originally written to be called prior to nfs4_init_channel_attrs, setting the session target_max response and request sizes that nfs4_init_channel_attrs would pay attention to. In the current code flow, nfs4_init_session, just like nfs4_init_ds_session for the data server case, is called after the session is all negotiated, and is actually used in a RECLAIM COMPLETE call to the server. Remove the un-needed fc_target_max response and request fields from nfs4_session and just set the max_resp_sz and max_rqst_sz in nfs4_init_channel_attrs. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-28Merge branch 'freezer'Rafael J. Wysocki
* freezer: af_unix: use freezable blocking calls in read sigtimedwait: use freezable blocking call nanosleep: use freezable blocking call futex: use freezable blocking call select: use freezable blocking call epoll: use freezable blocking call binder: use freezable blocking calls freezer: add new freezable helpers using freezer_do_not_count() freezer: convert freezable helpers to static inline where possible freezer: convert freezable helpers to freezer_do_not_count() freezer: skip waking up tasks with PF_FREEZER_SKIP set freezer: shorten freezer sleep time using exponential backoff lockdep: check that no locks held at freeze time lockdep: remove task argument from debug_check_no_locks_held freezer: add unsafe versions of freezable helpers for CIFS freezer: add unsafe versions of freezable helpers for NFS
2013-06-19NFS: Apply v4.1 capabilities to v4.2Bryan Schumaker
This fixes POSIX locks and possibly a few other v4.2 features, like readdir plus. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-18NFSv4: SETCLIENTID add the format string for the NETIDDjalal Harouni
Make sure that NFSv4 SETCLIENTID does not parse the NETID as a format string. Signed-off-by: Djalal Harouni <tixxdz@opendz.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-08NFS: Extend NFS xattr handlers to accept the security namespaceDavid Quigley
The existing NFSv4 xattr handlers do not accept xattr calls to the security namespace. This patch extends these handlers to accept xattrs from the security namespace in addition to the default NFSv4 ACL namespace. Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-08NFS: Client implementation of Labeled-NFSDavid Quigley
This patch implements the client transport and handling support for labeled NFS. The patch adds two functions to encode and decode the security label recommended attribute which makes use of the LSM hooks added earlier. It also adds code to grab the label from the file attribute structures and encode the label to be sent back to the server. Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-08NFS: Add label lifecycle managementDavid Quigley
This patch adds the lifecycle management for the security label structure introduced in an earlier patch. The label is not used yet but allocations and freeing of the structure is handled. Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-08NFS:Add labels to client function prototypesDavid Quigley
After looking at all of the nfsv4 operations the label structure has been added to the prototypes of the functions which can transmit label data. Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-08NFSv4: Extend fattr bitmaps to support all 3 wordsDavid Quigley
The fattr handling bitmap code only uses the first two fattr words sofar. This patch adds the 3rd word to being sent but doesn't populate it yet. Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-08NFSv4.2: Added NFS v4.2 support to the NFS clientSteve Dickson
This enable NFSv4.2 support. To enable this code the CONFIG_NFS_V4_2 Kconfig define needs to be set and the -o v4.2 mount option need to be used. Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4: Close another NFSv4 recovery raceTrond Myklebust
State recovery currently relies on being able to find a valid nfs_open_context in the inode->open_files list. We therefore need to put the nfs_open_context on the list while we're still protected by the sp->so_reclaim_seqcount in order to avoid reboot races. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4: Move dentry instantiation into the NFSv4-specific atomic open codeTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4: Refactor _nfs4_open_and_get_state to set ctx->stateTrond Myklebust
Instead of having the callers set ctx->state, do it inside _nfs4_open_and_get_state. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4: Cleanup: pass the nfs_open_context to nfs4_do_openTrond Myklebust
All the callers have an open_context at this point, and since we always need one in order to do state recovery, it makes sense to use it as the basis for the nfs4_do_open() call. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4.1: Enable state protectionTrond Myklebust
Use the EXCHGID4_FLAG_BIND_PRINC_STATEID exchange_id flag to enable stateid protection. This means that if we create a stateid using a particular principal, then we must use the same principal if we want to change that state. IOW: if we OPEN a file using a particular credential, then we have to use the same credential in subsequent OPEN_DOWNGRADE, CLOSE, or DELEGRETURN operations that use that stateid. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4.1: Use layout credentials for get_deviceinfo callsTrond Myklebust
This is not strictly needed, since get_deviceinfo is not allowed to return NFS4ERR_ACCESS or NFS4ERR_WRONG_CRED, but lets do it anyway for consistency with other pNFS operations. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4.1: Ensure that test_stateid and free_stateid use correct credentialsTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4.1: Ensure that reclaim_complete uses the right credentialTrond Myklebust
We want to use the same credential for reclaim_complete as we used for the exchange_id call. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4.1: Ensure that layoutreturn uses the correct credentialTrond Myklebust
We need to use the same credential as was used for the layoutget and/or layoutcommit operations. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-06-06NFSv4.1: Ensure that layoutget is called using the layout credentialTrond Myklebust
Ensure that we use the same credential for layoutget, layoutcommit and layoutreturn. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-05-29NFSv4: Fix a thinko in nfs4_try_open_cachedTrond Myklebust
We need to pass the full open mode flags to nfs_may_open() when doing a delegated open. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@vger.kernel.org
2013-05-20NFSv4.1 Fix a pNFS session draining deadlockAndy Adamson
On a CB_RECALL the callback service thread flushes the inode using filemap_flush prior to scheduling the state manager thread to return the delegation. When pNFS is used and I/O has not yet gone to the data server servicing the inode, a LAYOUTGET can preceed the I/O. Unlike the async filemap_flush call, the LAYOUTGET must proceed to completion. If the state manager starts to recover data while the inode flush is sending the LAYOUTGET, a deadlock occurs as the callback service thread holds the single callback session slot until the flushing is done which blocks the state manager thread, and the state manager thread has set the session draining bit which puts the inode flush LAYOUTGET RPC to sleep on the forechannel slot table waitq. Separate the draining of the back channel from the draining of the fore channel by moving the NFS4_SESSION_DRAINING bit from session scope into the fore and back slot tables. Drain the back channel first allowing the LAYOUTGET call to proceed (and fail) so the callback service thread frees the callback slot. Then proceed with draining the forechannel. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-05-12freezer: add unsafe versions of freezable helpers for NFSColin Cross
NFS calls the freezable helpers with locks held, which is unsafe and will cause lockdep warnings when 6aa9707 "lockdep: check that no locks held at freeze time" is reapplied (it was reverted in dbf520a). NFS shouldn't be doing this, but it has long-running syscalls that must hold a lock but also shouldn't block suspend. Until NFS freeze handling is rewritten to use a signal to exit out of the critical section, add new *_unsafe versions of the helpers that will not run the lockdep test when 6aa9707 is reapplied, and call them from NFS. In practice the likley result of holding the lock while freezing is that a second task blocked on the lock will never freeze, aborting suspend, but it is possible to manufacture a case using the cgroup freezer, the lock, and the suspend freezer to create a deadlock. Silencing the lockdep warning here will allow problems to be found in other drivers that may have a more serious deadlock risk, and prevent new problems from being added. Signed-off-by: Colin Cross <ccross@android.com> Acked-by: Pavel Machek <pavel@ucw.cz> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-05-06NFSv4.1: Ensure that we free the lock stateid on the serverTrond Myklebust
This ensures that the server doesn't need to keep huge numbers of lock stateids waiting around for the final CLOSE. See section 8.2.4 in RFC5661. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-05-06NFSv4: Convert nfs41_free_stateid to use an asynchronous RPC callTrond Myklebust
The main reason for doing this is will be to allow for an asynchronous RPC mode that we can use for freeing lock stateids as per section 8.2.4 of RFC5661. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-05-03NFSv4.x: Fix handling of partially delegated locksTrond Myklebust
If a NFS client receives a delegation for a file after it has taken a lock on that file, we can currently end up in a situation where we mistakenly skip unlocking that file. The following patch swaps an erroneous check in nfs4_proc_unlck for whether or not the file has a delegation to one which checks whether or not we hold a lock stateid for that file. Reported-by: Chuck Lever <Chuck.Lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@vger.kernel.org [>=3.7] Tested-by: Chuck Lever <Chuck.Lever@oracle.com>
2013-04-29NFSv4: Warn once about servers that incorrectly apply open mode to setattrTrond Myklebust
Debugging aid to help identify servers that incorrectly apply open mode checks to setattr requests that are not changing the file size. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-29NFSv4: Servers should only check SETATTR stateid open mode on size changeTrond Myklebust
The NFSv4 and NFSv4.1 specs are both clear that the server should only check stateid open mode if a SETATTR specifies the size attribute. If the open mode is not one that allows writing, then it returns NFS4ERR_OPENMODE. In the case where the SETATTR is not changing the size, the client will still pass it the delegation stateid to ensure that the server does not recall that delegation. In that case, the server should _ignore_ the delegation open mode, and simply apply standard permission checks. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-23Merge branch 'bugfixes' into linux-nextTrond Myklebust
Fix up a conflict between the linux-next branch and mainline. Conflicts: fs/nfs/nfs4proc.c
2013-04-23Merge branch 'rpcsec_gss-from_cel' into linux-nextTrond Myklebust
* rpcsec_gss-from_cel: (21 commits) NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE NFSv4: Don't clear the machine cred when client establish returns EACCES NFSv4: Fix issues in nfs4_discover_server_trunking NFSv4: Fix the fallback to AUTH_NULL if krb5i is not available NFS: Use server-recommended security flavor by default (NFSv3) SUNRPC: Don't recognize RPC_AUTH_MAXFLAVOR NFS: Use "krb5i" to establish NFSv4 state whenever possible NFS: Try AUTH_UNIX when PUTROOTFH gets NFS4ERR_WRONGSEC NFS: Use static list of security flavors during root FH lookup recovery NFS: Avoid PUTROOTFH when managing leases NFS: Clean up nfs4_proc_get_rootfh NFS: Handle missing rpc.gssd when looking up root FH SUNRPC: Remove EXPORT_SYMBOL_GPL() from GSS mech switch SUNRPC: Make gss_mech_get() static SUNRPC: Refactor nfsd4_do_encode_secinfo() SUNRPC: Consider qop when looking up pseudoflavors SUNRPC: Load GSS kernel module by OID SUNRPC: Introduce rpcauth_get_pseudoflavor() SUNRPC: Define rpcsec_gss_info structure NFS: Remove unneeded forward declaration ...
2013-04-23NFSv4: Don't recheck permissions on open in case of recovery cached openTrond Myklebust
If we already checked the user access permissions on the original open, then don't bother checking again on recovery. Doing so can cause a deadlock with NFSv4.1, since the may_open() operation is not privileged. Furthermore, we can't report an access permission failure here anyway. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-23NFSv4.1: Don't do a delegated open for NFS4_OPEN_CLAIM_DELEG_CUR_FH modesTrond Myklebust
If we're in a delegation recall situation, we can't do a delegated open. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-23NFSv4.1: Use the more efficient open_noattr call for open-by-filehandleTrond Myklebust
When we're doing open-by-filehandle in NFSv4.1, we shouldn't need to do the cache consistency revalidation on the directory. It is therefore more efficient to just use open_noattr, which returns the file attributes, but not the directory attributes. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-22NFSv4: Ensure that we clear the NFS_OPEN_STATE flag when appropriateTrond Myklebust
We should always clear it before initiating file recovery. Also ensure that we clear it after a CLOSE and/or after TEST_STATEID fails. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-20NFSv4: Ensure the LOCK call cannot use the delegation stateidTrond Myklebust
Defensive patch to ensure that we copy the state->open_stateid, which can never be set to the delegation stateid. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-20NFSv4: Use the open stateid if the delegation has the wrong modeTrond Myklebust
Fix nfs4_select_rw_stateid() so that it chooses the open stateid (or an all-zero stateid) if the delegation does not match the selected read/write mode. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-16NFSv4: Record the OPEN create mode used in the nfs4_opendata structureTrond Myklebust
If we're doing NFSv4.1 against a server that has persistent sessions, then we should not need to call SETATTR in order to reset the file attributes immediately after doing an exclusive create. Note that since the create mode depends on the type of session that has been negotiated with the server, we should not choose the mode until after we've got a session slot. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-12NFSv4: Fix handling of revoked delegations by setattrTrond Myklebust
Currently, _nfs4_do_setattr() will use the delegation stateid if no writeable open file stateid is available. If the server revokes that delegation stateid, then the call to nfs4_handle_exception() will fail to handle the error due to the lack of a struct nfs4_state, and will just convert the error into an EIO. This patch just removes the requirement that we must have a struct nfs4_state in order to invalidate the delegation and retry. Reported-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-11NFSv4 release the sequence id in the return on close caseAndy Adamson
Otherwise we deadlock if state recovery is initiated while we sleep. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-09NFSv4: Fix another potential state manager deadlockTrond Myklebust
Don't hold the NFSv4 sequence id while we check for open permission. The call to ACCESS may block due to reboot recovery. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-08NFSv4: Handle timeouts correctly when probing for lease validityTrond Myklebust
When we send a RENEW or SEQUENCE operation in order to probe if the lease is still valid, we want it to be able to time out since the lease we are probing is likely to time out too. Currently, because we use soft mount semantics for these RPC calls, the return value is EIO, which causes the state manager to exit with an "unhandled error" message. This patch changes the call semantics, so that the RPC layer returns ETIMEDOUT instead of EIO. We then have the state manager default to a simple retry instead of exiting. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-05NFSv4: Clean up delegation recall error handlingTrond Myklebust
Unify the error handling in nfs4_open_delegation_recall and nfs4_lock_delegation_recall. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-05NFSv4: Clean up nfs4_open_delegation_recallTrond Myklebust
Make it symmetric with nfs4_lock_delegation_recall Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-05NFSv4: Clean up nfs4_lock_delegation_recallTrond Myklebust
All error cases are handled by the switch() statement, meaning that the call to nfs4_handle_exception() is unreachable. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-05NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_open_delegation_recallTrond Myklebust
A server shouldn't normally return NFS4ERR_GRACE if the client holds a delegation, since no conflicting lock reclaims can be granted, however the spec does not require the server to grant the open in this instance Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@vger.kernel.org
2013-04-05NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_lock_delegation_recallTrond Myklebust
A server shouldn't normally return NFS4ERR_GRACE if the client holds a delegation, since no conflicting lock reclaims can be granted, however the spec does not require the server to grant the lock in this instance. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@vger.kernel.org
2013-03-29NFS: Try AUTH_UNIX when PUTROOTFH gets NFS4ERR_WRONGSECChuck Lever
Most NFSv4 servers implement AUTH_UNIX, and administrators will prefer this over AUTH_NULL. It is harmless for our client to try this flavor in addition to the flavors mandated by RFC 3530/5661. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-03-29NFS: Use static list of security flavors during root FH lookup recoveryChuck Lever
If the Linux NFS client receives an NFS4ERR_WRONGSEC error while trying to look up an NFS server's root file handle, it retries the lookup operation with various security flavors to see what flavor the NFS server will accept for pseudo-fs access. The list of flavors the client uses during retry consists only of flavors that are currently registered in the kernel RPC client. This list may not include any GSS pseudoflavors if auth_rpcgss.ko has not yet been loaded. Let's instead use a static list of security flavors that the NFS standard requires the server to implement (RFC 3530bis, section 3.2.1). The RPC client should now be able to load support for these dynamically; if not, they are skipped. Recovery behavior here is prescribed by RFC 3530bis, section 15.33.5: > For LOOKUPP, PUTROOTFH and PUTPUBFH, the client will be unable to > use the SECINFO operation since SECINFO requires a current > filehandle and none exist for these two [sic] operations. Therefore, > the client must iterate through the security triples available at > the client and reattempt the PUTROOTFH or PUTPUBFH operation. In > the unfortunate event none of the MANDATORY security triples are > supported by the client and server, the client SHOULD try using > others that support integrity. Failing that, the client can try > using AUTH_NONE, but because such forms lack integrity checks, > this puts the client at risk. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>