From: andros@netapp.com
To: trond.myklebust@netapp.com
Cc: bfields@redhat.com, linux-nfs@vger.kernel.org
Subject: [PATCH_V8 0/12] NFSv4 find client fix Version 8
Date: Wed, 5 Jan 2011 15:51:18 -0500 [thread overview]
Message-ID: <1294260690-3095-1-git-send-email-andros@netapp.com> (raw)
Version 8 of these patches
Applies to Tronds nfs-for-next branch
New for Version 8:
- moved the reg/unregistration of the back channel transport to the RPC layer.
- Use the small id to pointer translator service to provide a unique callback
identifier.
-->Andy
The back channel server svc_process_common RPC layer pg_authenticate call
[nfs_callback_authenticate] is shared by both the NFSv4.0 and the NFSv4.1
callback threads. It authenticates the incoming request by finding (and
referencing) an nfs_client struct based on the incoming request address
and the NFS version (4). This is akin to the NFS server which authenticates
requests by matching the server address to the exports file client list.
Since there is no minorversion in the search, it may find the wrong
nfs_client struct. For the nfsv4.0 callback service thread, this means it
could find an NFSv4.1 nfs_client. For the NFSv4.1 callback service thread, it
could find an NFSv4.0 instead of v4.1, or find an NFSv4.1 nfs_client with the
wrong session.
The nfs_client is dereferenced at the end of pg_authenticate. Another
nfs_find_client call is done in the NFS layouer per operation dispatcher
routines for NFSv4.0 and in the cb_sequence operation dispatcher routine for
NFSv4.1 after decoding.
This means the callback server could start processing a callback, passing
the pg_authenticate test, and have the nfs_client struct freed between the
pg_authenticate call and the dispatcher operation call. Or, it could have
found the wrong nfs_client in the pg_authenticate call.
The current code has this behavior: If the nfs_client is not found in
pg_authenticate, the request is simply dropped (SVC_DROP). If an nfs_client
is not found in the dispatcher routines NFS4ERR_BADSESSION is returned for
v4.1 requests and NFS4ERR_BADHANDLE for v4.0 requests.
The fix is to implement the v4.0 SETCLIENTID callback_ident and use it to find
the one and only client for v4.0 callbacks, and to associate the sessionid
with the sessions based callback service (v4.1) and use it to identify the
one and only client. This can be done in the NFS layer, in CB_COMPOUND header
processing for v4.0 and in CB_SEQUENCE processing in v4.1.
In both cases, a reference to the found client is held across CB_COMPOUND
processing.
The pg_authenticate method does not have the callback_ident for CB_NULL or
CB_COMPOUND v4.0 processing, so just the server address, nfsversion and
minorversion is used for the client search
For sessions based callback service, the sessionID can't be set until the
return of the CREATE_SESSION call, yet the CB_NULL ping from a server can
be initiated by the server at the receipt of the CREATE_SESSION call before
the response is sent. So for CB_NULL, the sessionid is (usually) not set, and
the sessionid is not used for CB_NULL pg_authenticate client searches.
next reply other threads:[~2011-01-05 20:51 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-05 20:51 andros [this message]
2011-01-05 20:51 ` [PATCH_V8 01/13] SUNRPC move svc_drop to caller of svc_process_common andros
2011-01-05 20:51 ` [PATCH_V8 02/13] SUNRPC fix bc_send print andros
2011-01-05 20:51 ` [PATCH_V8 03/13] SUNRPC new transport for the NFSv4.1 shared back channel andros
2011-01-05 20:51 ` [PATCH_V8 04/13] SUNRPC register and unregister the back channel transport andros
2011-01-05 20:51 ` [PATCH_V8 05/13] NFS use svc_create_xprt for NFSv4.1 callback service andros
2011-01-05 20:51 ` [PATCH_V8 06/13] NFS do not clear minor version at nfs_client free andros
2011-01-05 20:51 ` [PATCH_V8 07/13] NFS implement v4.0 callback_ident andros
2011-01-05 20:51 ` [PATCH_V8 08/13] NFS associate sessionid with callback connection andros
2011-01-05 20:51 ` [PATCH_V8 09/13] NFS refactor nfs_find_client and reference client across callback processing andros
2011-01-05 20:51 ` [PATCH_V8 10/13] NFS RPC_AUTH_GSS unsupported on v4.1 back channel andros
2011-01-05 20:51 ` [PATCH_V8 11/13] NFS add session back channel draining andros
2011-01-05 20:51 ` [PATCH_V8 12/13] NFS rename client back channel transport field andros
2011-01-05 21:19 ` [PATCH_V8 09/13] NFS refactor nfs_find_client and reference client across callback processing Fred Isaman
2011-01-05 21:37 ` Andy Adamson
2011-01-06 0:06 ` [PATCH_V8 08/13] NFS associate sessionid with callback connection Trond Myklebust
2011-01-06 0:13 ` Andy Adamson
2011-01-05 21:52 ` [PATCH_V8 07/13] NFS implement v4.0 callback_ident Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1294260690-3095-1-git-send-email-andros@netapp.com \
--to=andros@netapp.com \
--cc=bfields@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.