[PATCH 1/4] NFSv4.1 Use the mount point rpc_clnt for layoutreturn

[PATCH 1/4] NFSv4.1 Use the mount point rpc_clnt for layoutreturn

[andros]

From: Andy Adamson <andros@netapp.com>

Should not use the clientid maintenance rpc_clnt.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 fs/nfs/nfs4proc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index cf11799..7a846b6 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6876,7 +6876,7 @@ int nfs4_proc_layoutreturn(struct nfs4_layoutreturn *lrp)
 		.rpc_cred = lrp->cred,
 	};
 	struct rpc_task_setup task_setup_data = {
-		.rpc_client = lrp->clp->cl_rpcclient,
+		.rpc_client = NFS_SERVER(lrp->args.inode)->client,
 		.rpc_message = &msg,
 		.callback_ops = &nfs4_layoutreturn_call_ops,
 		.callback_data = lrp,
-- 
1.8.3.1

[PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[andros]

From: Andy Adamson <andros@netapp.com>

As per RFC 3530 and RFC 5661 Security Considerations.

Commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible"
uses the nfs_client cl_rpcclient for all clientid management operations.

Remove un-needed rpc_clnt parameter from nfs4_proc_fs_locations and friends.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 fs/nfs/nfs4_fs.h       |  2 +-
 fs/nfs/nfs4namespace.c |  2 +-
 fs/nfs/nfs4proc.c      | 13 +++++++------
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h
index ee81e35..97feff2 100644
--- a/fs/nfs/nfs4_fs.h
+++ b/fs/nfs/nfs4_fs.h
@@ -231,7 +231,7 @@ extern int nfs4_init_clientid(struct nfs_client *, struct rpc_cred *);
 extern int nfs41_init_clientid(struct nfs_client *, struct rpc_cred *);
 extern int nfs4_do_close(struct nfs4_state *state, gfp_t gfp_mask, int wait);
 extern int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle);
-extern int nfs4_proc_fs_locations(struct rpc_clnt *, struct inode *, const struct qstr *,
+extern int nfs4_proc_fs_locations(struct inode *, const struct qstr *,
 				  struct nfs4_fs_locations *, struct page *);
 extern struct rpc_clnt *nfs4_proc_lookup_mountpoint(struct inode *, struct qstr *,
 			    struct nfs_fh *, struct nfs_fattr *);
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
index cdb0b41..dca2f3a 100644
--- a/fs/nfs/nfs4namespace.c
+++ b/fs/nfs/nfs4namespace.c
@@ -350,7 +350,7 @@ static struct vfsmount *nfs_do_refmount(struct rpc_clnt *client, struct dentry *
 	dprintk("%s: getting locations for %s/%s\n",
 		__func__, parent->d_name.name, dentry->d_name.name);
 
-	err = nfs4_proc_fs_locations(client, parent->d_inode, &dentry->d_name, fs_locations, page);
+	err = nfs4_proc_fs_locations(parent->d_inode, &dentry->d_name, fs_locations, page);
 	dput(parent);
 	if (err != 0 ||
 	    fs_locations->nlocations <= 0 ||
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 7a846b6..7761802 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -2831,7 +2831,7 @@ err_free_label:
  * Note that we'll actually follow the referral later when
  * we detect fsid mismatch in inode revalidation
  */
-static int nfs4_get_referral(struct rpc_clnt *client, struct inode *dir,
+static int nfs4_get_referral(struct inode *dir,
 			     const struct qstr *name, struct nfs_fattr *fattr,
 			     struct nfs_fh *fhandle)
 {
@@ -2846,7 +2846,7 @@ static int nfs4_get_referral(struct rpc_clnt *client, struct inode *dir,
 	if (locations == NULL)
 		goto out;
 
-	status = nfs4_proc_fs_locations(client, dir, name, locations, page);
+	status = nfs4_proc_fs_locations(dir, name, locations, page);
 	if (status != 0)
 		goto out;
 	/* Make sure server returned a different fsid for the referral */
@@ -3025,7 +3025,7 @@ static int nfs4_proc_lookup_common(struct rpc_clnt **clnt, struct inode *dir,
 			err = -ENOENT;
 			goto out;
 		case -NFS4ERR_MOVED:
-			err = nfs4_get_referral(client, dir, name, fattr, fhandle);
+			err = nfs4_get_referral(dir, name, fattr, fhandle);
 			goto out;
 		case -NFS4ERR_WRONGSEC:
 			err = -EPERM;
@@ -5733,7 +5733,7 @@ static void nfs_fixup_referral_attributes(struct nfs_fattr *fattr)
 	fattr->nlink = 2;
 }
 
-static int _nfs4_proc_fs_locations(struct rpc_clnt *client, struct inode *dir,
+static int _nfs4_proc_fs_locations(struct inode *dir,
 				   const struct qstr *name,
 				   struct nfs4_fs_locations *fs_locations,
 				   struct page *page)
@@ -5756,6 +5756,7 @@ static int _nfs4_proc_fs_locations(struct rpc_clnt *client, struct inode *dir,
 		.rpc_argp = &args,
 		.rpc_resp = &res,
 	};
+	struct rpc_clnt *client = NFS_SERVER(dir)->nfs_client->cl_rpcclient;
 	int status;
 
 	dprintk("%s: start\n", __func__);
@@ -5775,7 +5776,7 @@ static int _nfs4_proc_fs_locations(struct rpc_clnt *client, struct inode *dir,
 	return status;
 }
 
-int nfs4_proc_fs_locations(struct rpc_clnt *client, struct inode *dir,
+int nfs4_proc_fs_locations(struct inode *dir,
 			   const struct qstr *name,
 			   struct nfs4_fs_locations *fs_locations,
 			   struct page *page)
@@ -5784,7 +5785,7 @@ int nfs4_proc_fs_locations(struct rpc_clnt *client, struct inode *dir,
 	int err;
 	do {
 		err = nfs4_handle_exception(NFS_SERVER(dir),
-				_nfs4_proc_fs_locations(client, dir, name, fs_locations, page),
+				_nfs4_proc_fs_locations(dir, name, fs_locations, page),
 				&exception);
 	} while (exception.retry);
 	return err;
-- 
1.8.3.1

[PATCH 3/4] NFSv4.1 Use clientid management rpc_clnt for secinfo

[andros]

From: Andy Adamson <andros@netapp.com>

As per RFC 3530 and RFC 5661 Security Considerations

Commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible"
uses the nfs_client cl_rpcclient for all clientid management operations.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 fs/nfs/nfs4proc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 7761802..6a30a72 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -5806,9 +5806,10 @@ static int _nfs4_proc_secinfo(struct inode *dir, const struct qstr *name, struct
 		.rpc_argp = &args,
 		.rpc_resp = &res,
 	};
+	struct rpc_clnt *clnt = NFS_SERVER(dir)->nfs_client->cl_rpcclient;
 
 	dprintk("NFS call  secinfo %s\n", name->name);
-	status = nfs4_call_sync(NFS_SERVER(dir)->client, NFS_SERVER(dir), &msg, &args.seq_args, &res.seq_res, 0);
+	status = nfs4_call_sync(clnt, NFS_SERVER(dir), &msg, &args.seq_args, &res.seq_res, 0);
 	dprintk("NFS reply  secinfo: %d\n", status);
 	return status;
 }
-- 
1.8.3.1

[PATCH 4/4] NFSv4.1 Use clientid management rpc_clnt for secinfo_no_name

[andros]

From: Andy Adamson <andros@netapp.com>

As per RFC 5661 Security Considerations

Commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible"
uses the nfs_client cl_rpcclient for all clientid management operations.

Signed-off-by: Andy Adamson <andros@netapp.com>
---
 fs/nfs/nfs4proc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 6a30a72..0452b61 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -7098,7 +7098,8 @@ _nfs41_proc_secinfo_no_name(struct nfs_server *server, struct nfs_fh *fhandle,
 		.rpc_argp = &args,
 		.rpc_resp = &res,
 	};
-	return nfs4_call_sync(server->client, server, &msg, &args.seq_args, &res.seq_res, 0);
+	return nfs4_call_sync(server->nfs_client->cl_rpcclient, server, &msg,
+				&args.seq_args, &res.seq_res, 0);
 }
 
 static int
-- 
1.8.3.1

Re: [PATCH 1/4] NFSv4.1 Use the mount point rpc_clnt for layoutreturn

[Myklebust, Trond]

T24gTW9uLCAyMDEzLTA3LTIyIGF0IDEyOjQyIC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IFNob3Vs
ZCBub3QgdXNlIHRoZSBjbGllbnRpZCBtYWludGVuYW5jZSBycGNfY2xudC4NCj4gDQo+IFNpZ25l
ZC1vZmYtYnk6IEFuZHkgQWRhbXNvbiA8YW5kcm9zQG5ldGFwcC5jb20+DQo+IC0tLQ0KPiAgZnMv
bmZzL25mczRwcm9jLmMgfCAyICstDQo+ICAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24oKyks
IDEgZGVsZXRpb24oLSkNCj4gDQo+IGRpZmYgLS1naXQgYS9mcy9uZnMvbmZzNHByb2MuYyBiL2Zz
L25mcy9uZnM0cHJvYy5jDQo+IGluZGV4IGNmMTE3OTkuLjdhODQ2YjYgMTAwNjQ0DQo+IC0tLSBh
L2ZzL25mcy9uZnM0cHJvYy5jDQo+ICsrKyBiL2ZzL25mcy9uZnM0cHJvYy5jDQo+IEBAIC02ODc2
LDcgKzY4NzYsNyBAQCBpbnQgbmZzNF9wcm9jX2xheW91dHJldHVybihzdHJ1Y3QgbmZzNF9sYXlv
dXRyZXR1cm4gKmxycCkNCj4gIAkJLnJwY19jcmVkID0gbHJwLT5jcmVkLA0KPiAgCX07DQo+ICAJ
c3RydWN0IHJwY190YXNrX3NldHVwIHRhc2tfc2V0dXBfZGF0YSA9IHsNCj4gLQkJLnJwY19jbGll
bnQgPSBscnAtPmNscC0+Y2xfcnBjY2xpZW50LA0KPiArCQkucnBjX2NsaWVudCA9IE5GU19TRVJW
RVIobHJwLT5hcmdzLmlub2RlKS0+Y2xpZW50LA0KPiAgCQkucnBjX21lc3NhZ2UgPSAmbXNnLA0K
PiAgCQkuY2FsbGJhY2tfb3BzID0gJm5mczRfbGF5b3V0cmV0dXJuX2NhbGxfb3BzLA0KPiAgCQku
Y2FsbGJhY2tfZGF0YSA9IGxycCwNCg0KTkFDSy4gTEFZT1VUUkVUVVJOIG5lZWRzIHRvIHVzZSB0
aGUgc2FtZSBjcmVkZW50aWFsIGFzIExBWU9VVEdFVC4NCg0KLS0gDQpUcm9uZCBNeWtsZWJ1c3QN
CkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5lcg0KDQpOZXRBcHANClRyb25kLk15a2xlYnVzdEBu
ZXRhcHAuY29tDQp3d3cubmV0YXBwLmNvbQ0K

Re: [PATCH 1/4] NFSv4.1 Use the mount point rpc_clnt for layoutreturn

[Myklebust, Trond]

T24gTW9uLCAyMDEzLTA3LTIyIGF0IDEyOjQ0IC0wNDAwLCBUcm9uZCBNeWtsZWJ1c3Qgd3JvdGU6
DQo+IE9uIE1vbiwgMjAxMy0wNy0yMiBhdCAxMjo0MiAtMDQwMCwgYW5kcm9zQG5ldGFwcC5jb20g
d3JvdGU6DQo+ID4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gPiAN
Cj4gPiBTaG91bGQgbm90IHVzZSB0aGUgY2xpZW50aWQgbWFpbnRlbmFuY2UgcnBjX2NsbnQuDQo+
ID4gDQo+ID4gU2lnbmVkLW9mZi1ieTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4N
Cj4gPiAtLS0NCj4gPiAgZnMvbmZzL25mczRwcm9jLmMgfCAyICstDQo+ID4gIDEgZmlsZSBjaGFu
Z2VkLCAxIGluc2VydGlvbigrKSwgMSBkZWxldGlvbigtKQ0KPiA+IA0KPiA+IGRpZmYgLS1naXQg
YS9mcy9uZnMvbmZzNHByb2MuYyBiL2ZzL25mcy9uZnM0cHJvYy5jDQo+ID4gaW5kZXggY2YxMTc5
OS4uN2E4NDZiNiAxMDA2NDQNCj4gPiAtLS0gYS9mcy9uZnMvbmZzNHByb2MuYw0KPiA+ICsrKyBi
L2ZzL25mcy9uZnM0cHJvYy5jDQo+ID4gQEAgLTY4NzYsNyArNjg3Niw3IEBAIGludCBuZnM0X3By
b2NfbGF5b3V0cmV0dXJuKHN0cnVjdCBuZnM0X2xheW91dHJldHVybiAqbHJwKQ0KPiA+ICAJCS5y
cGNfY3JlZCA9IGxycC0+Y3JlZCwNCj4gPiAgCX07DQo+ID4gIAlzdHJ1Y3QgcnBjX3Rhc2tfc2V0
dXAgdGFza19zZXR1cF9kYXRhID0gew0KPiA+IC0JCS5ycGNfY2xpZW50ID0gbHJwLT5jbHAtPmNs
X3JwY2NsaWVudCwNCj4gPiArCQkucnBjX2NsaWVudCA9IE5GU19TRVJWRVIobHJwLT5hcmdzLmlu
b2RlKS0+Y2xpZW50LA0KPiA+ICAJCS5ycGNfbWVzc2FnZSA9ICZtc2csDQo+ID4gIAkJLmNhbGxi
YWNrX29wcyA9ICZuZnM0X2xheW91dHJldHVybl9jYWxsX29wcywNCj4gPiAgCQkuY2FsbGJhY2tf
ZGF0YSA9IGxycCwNCj4gDQo+IE5BQ0suIExBWU9VVFJFVFVSTiBuZWVkcyB0byB1c2UgdGhlIHNh
bWUgY3JlZGVudGlhbCBhcyBMQVlPVVRHRVQuDQo+IA0KDQpOZXZlciBtaW5kLiBJIGNvbXBsZXRl
bHkgbWlzcmVhZCB0aGUgcGF0Y2guDQoNCkFncmVlZCB0aGF0IHRoaXMgaXMgdGhlIHJpZ2h0IHRo
aW5nIHRvIGRvLg0KLS0gDQpUcm9uZCBNeWtsZWJ1c3QNCkxpbnV4IE5GUyBjbGllbnQgbWFpbnRh
aW5lcg0KDQpOZXRBcHANClRyb25kLk15a2xlYnVzdEBuZXRhcHAuY29tDQp3d3cubmV0YXBwLmNv
bQ0K

Re: [PATCH 3/4] NFSv4.1 Use clientid management rpc_clnt for secinfo

[Myklebust, Trond]

T24gTW9uLCAyMDEzLTA3LTIyIGF0IDEyOjQyIC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IEFzIHBl
ciBSRkMgMzUzMCBhbmQgUkZDIDU2NjEgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMNCg0KUkZDMzUz
MC1iaXMsIG5vdCBSRkMzNTMwLi4uDQoNCj4gQ29tbWl0IDRlZGFhMzA4ICJORlM6IFVzZSAia3Ji
NWkiIHRvIGVzdGFibGlzaCBORlN2NCBzdGF0ZSB3aGVuZXZlciBwb3NzaWJsZSINCj4gdXNlcyB0
aGUgbmZzX2NsaWVudCBjbF9ycGNjbGllbnQgZm9yIGFsbCBjbGllbnRpZCBtYW5hZ2VtZW50IG9w
ZXJhdGlvbnMuDQo+IA0KPiBTaWduZWQtb2ZmLWJ5OiBBbmR5IEFkYW1zb24gPGFuZHJvc0BuZXRh
cHAuY29tPg0KPiAtLS0NCj4gIGZzL25mcy9uZnM0cHJvYy5jIHwgMyArKy0NCj4gIDEgZmlsZSBj
aGFuZ2VkLCAyIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkNCj4gDQo+IGRpZmYgLS1naXQg
YS9mcy9uZnMvbmZzNHByb2MuYyBiL2ZzL25mcy9uZnM0cHJvYy5jDQo+IGluZGV4IDc3NjE4MDIu
LjZhMzBhNzIgMTAwNjQ0DQo+IC0tLSBhL2ZzL25mcy9uZnM0cHJvYy5jDQo+ICsrKyBiL2ZzL25m
cy9uZnM0cHJvYy5jDQo+IEBAIC01ODA2LDkgKzU4MDYsMTAgQEAgc3RhdGljIGludCBfbmZzNF9w
cm9jX3NlY2luZm8oc3RydWN0IGlub2RlICpkaXIsIGNvbnN0IHN0cnVjdCBxc3RyICpuYW1lLCBz
dHJ1Y3QNCj4gIAkJLnJwY19hcmdwID0gJmFyZ3MsDQo+ICAJCS5ycGNfcmVzcCA9ICZyZXMsDQo+
ICAJfTsNCj4gKwlzdHJ1Y3QgcnBjX2NsbnQgKmNsbnQgPSBORlNfU0VSVkVSKGRpciktPm5mc19j
bGllbnQtPmNsX3JwY2NsaWVudDsNCj4gIA0KPiAgCWRwcmludGsoIk5GUyBjYWxsICBzZWNpbmZv
ICVzXG4iLCBuYW1lLT5uYW1lKTsNCj4gLQlzdGF0dXMgPSBuZnM0X2NhbGxfc3luYyhORlNfU0VS
VkVSKGRpciktPmNsaWVudCwgTkZTX1NFUlZFUihkaXIpLCAmbXNnLCAmYXJncy5zZXFfYXJncywg
JnJlcy5zZXFfcmVzLCAwKTsNCj4gKwlzdGF0dXMgPSBuZnM0X2NhbGxfc3luYyhjbG50LCBORlNf
U0VSVkVSKGRpciksICZtc2csICZhcmdzLnNlcV9hcmdzLCAmcmVzLnNlcV9yZXMsIDApOw0KPiAg
CWRwcmludGsoIk5GUyByZXBseSAgc2VjaW5mbzogJWRcbiIsIHN0YXR1cyk7DQo+ICAJcmV0dXJu
IHN0YXR1czsNCj4gIH0NCg0KSGFzIHRoaXMgYmVlbiB0ZXN0ZWQgYWdhaW5zdCBhIHZhcmlldHkg
b2Ygc2VydmVyIGltcGxlbWVudGF0aW9ucz8gSSBrbm93DQp3aGF0IHRoZSBzcGVjIHNheXMsIGJ1
dCB0aGUgYmVoYXZpb3VyIHdlJ3JlIHJlbHlpbmcgb24gaGVyZSBpcyBzdWJ0bHkNCmNoYW5nZWQg
ZnJvbSB3aGF0IHdhcyBvcmlnaW5hbGx5IGRvY3VtZW50ZWQgaW4gUkZDMzUzMC4NCg0KLS0gDQpU
cm9uZCBNeWtsZWJ1c3QNCkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5lcg0KDQpOZXRBcHANClRy
b25kLk15a2xlYnVzdEBuZXRhcHAuY29tDQp3d3cubmV0YXBwLmNvbQ0K

Re: [PATCH 3/4] NFSv4.1 Use clientid management rpc_clnt for secinfo

[Adamson, Andy]

On Jul 22, 2013, at 12:58 PM, "Myklebust, Trond" <Trond.Myklebust@netapp.com>
 wrote:

> On Mon, 2013-07-22 at 12:42 -0400, andros@netapp.com wrote:
>> From: Andy Adamson <andros@netapp.com>
>> 
>> As per RFC 3530 and RFC 5661 Security Considerations
> 
> RFC3530-bis, not RFC3530...
> 
>> Commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible"
>> uses the nfs_client cl_rpcclient for all clientid management operations.
>> 
>> Signed-off-by: Andy Adamson <andros@netapp.com>
>> ---
>> fs/nfs/nfs4proc.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>> 
>> diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
>> index 7761802..6a30a72 100644
>> --- a/fs/nfs/nfs4proc.c
>> +++ b/fs/nfs/nfs4proc.c
>> @@ -5806,9 +5806,10 @@ static int _nfs4_proc_secinfo(struct inode *dir, const struct qstr *name, struct
>> 		.rpc_argp = &args,
>> 		.rpc_resp = &res,
>> 	};
>> +	struct rpc_clnt *clnt = NFS_SERVER(dir)->nfs_client->cl_rpcclient;
>> 
>> 	dprintk("NFS call  secinfo %s\n", name->name);
>> -	status = nfs4_call_sync(NFS_SERVER(dir)->client, NFS_SERVER(dir), &msg, &args.seq_args, &res.seq_res, 0);
>> +	status = nfs4_call_sync(clnt, NFS_SERVER(dir), &msg, &args.seq_args, &res.seq_res, 0);
>> 	dprintk("NFS reply  secinfo: %d\n", status);
>> 	return status;
>> }
> 
> Has this been tested against a variety of server implementations? I know
> what the spec says, but the behaviour we're relying on here is subtly
> changed from what was originally documented in RFC3530.


Not yet. I'll set up some tests.

-->Andy

> 
> -- 
> Trond Myklebust
> Linux NFS client maintainer
> 
> NetApp
> Trond.Myklebust@netapp.com
> www.netapp.com

Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Myklebust, Trond]

T24gTW9uLCAyMDEzLTA3LTIyIGF0IDEyOjQyIC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IEFzIHBl
ciBSRkMgMzUzMCBhbmQgUkZDIDU2NjEgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMuDQo+IA0KPiBD
b21taXQgNGVkYWEzMDggIk5GUzogVXNlICJrcmI1aSIgdG8gZXN0YWJsaXNoIE5GU3Y0IHN0YXRl
IHdoZW5ldmVyIHBvc3NpYmxlIg0KPiB1c2VzIHRoZSBuZnNfY2xpZW50IGNsX3JwY2NsaWVudCBm
b3IgYWxsIGNsaWVudGlkIG1hbmFnZW1lbnQgb3BlcmF0aW9ucy4NCg0KV2h5PyBGcm9tIGEgc2Vj
dXJpdHkgcGVyc3BlY3RpdmUsIGhvdyBpcyB0aGlzIGFueSBkaWZmZXJlbnQgZnJvbSBkb2luZyBh
DQpSRUFETElOSywgZm9yIGluc3RhbmNlPw0KDQotLSANClRyb25kIE15a2xlYnVzdA0KTGludXgg
TkZTIGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5j
b20NCnd3dy5uZXRhcHAuY29tDQo=

Re: [PATCH 3/4] NFSv4.1 Use clientid management rpc_clnt for secinfo

[Myklebust, Trond]

T24gTW9uLCAyMDEzLTA3LTIyIGF0IDEyOjQyIC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IEFzIHBl
ciBSRkMgMzUzMCBhbmQgUkZDIDU2NjEgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMNCj4gDQo+IENv
bW1pdCA0ZWRhYTMwOCAiTkZTOiBVc2UgImtyYjVpIiB0byBlc3RhYmxpc2ggTkZTdjQgc3RhdGUg
d2hlbmV2ZXIgcG9zc2libGUiDQo+IHVzZXMgdGhlIG5mc19jbGllbnQgY2xfcnBjY2xpZW50IGZv
ciBhbGwgY2xpZW50aWQgbWFuYWdlbWVudCBvcGVyYXRpb25zLg0KPiANCj4gU2lnbmVkLW9mZi1i
eTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gLS0tDQo+ICBmcy9uZnMvbmZz
NHByb2MuYyB8IDMgKystDQo+ICAxIGZpbGUgY2hhbmdlZCwgMiBpbnNlcnRpb25zKCspLCAxIGRl
bGV0aW9uKC0pDQo+IA0KPiBkaWZmIC0tZ2l0IGEvZnMvbmZzL25mczRwcm9jLmMgYi9mcy9uZnMv
bmZzNHByb2MuYw0KPiBpbmRleCA3NzYxODAyLi42YTMwYTcyIDEwMDY0NA0KPiAtLS0gYS9mcy9u
ZnMvbmZzNHByb2MuYw0KPiArKysgYi9mcy9uZnMvbmZzNHByb2MuYw0KPiBAQCAtNTgwNiw5ICs1
ODA2LDEwIEBAIHN0YXRpYyBpbnQgX25mczRfcHJvY19zZWNpbmZvKHN0cnVjdCBpbm9kZSAqZGly
LCBjb25zdCBzdHJ1Y3QgcXN0ciAqbmFtZSwgc3RydWN0DQo+ICAJCS5ycGNfYXJncCA9ICZhcmdz
LA0KPiAgCQkucnBjX3Jlc3AgPSAmcmVzLA0KPiAgCX07DQo+ICsJc3RydWN0IHJwY19jbG50ICpj
bG50ID0gTkZTX1NFUlZFUihkaXIpLT5uZnNfY2xpZW50LT5jbF9ycGNjbGllbnQ7DQo+ICANCj4g
IAlkcHJpbnRrKCJORlMgY2FsbCAgc2VjaW5mbyAlc1xuIiwgbmFtZS0+bmFtZSk7DQo+IC0Jc3Rh
dHVzID0gbmZzNF9jYWxsX3N5bmMoTkZTX1NFUlZFUihkaXIpLT5jbGllbnQsIE5GU19TRVJWRVIo
ZGlyKSwgJm1zZywgJmFyZ3Muc2VxX2FyZ3MsICZyZXMuc2VxX3JlcywgMCk7DQo+ICsJc3RhdHVz
ID0gbmZzNF9jYWxsX3N5bmMoY2xudCwgTkZTX1NFUlZFUihkaXIpLCAmbXNnLCAmYXJncy5zZXFf
YXJncywgJnJlcy5zZXFfcmVzLCAwKTsNCj4gIAlkcHJpbnRrKCJORlMgcmVwbHkgIHNlY2luZm86
ICVkXG4iLCBzdGF0dXMpOw0KPiAgCXJldHVybiBzdGF0dXM7DQo+ICB9DQoNClRoaXMgbmVlZHMg
YSBjb21tZW50IGluIHRoZSBjb2RlLg0KDQotLSANClRyb25kIE15a2xlYnVzdA0KTGludXggTkZT
IGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5jb20N
Cnd3dy5uZXRhcHAuY29tDQo=

Re: [PATCH 4/4] NFSv4.1 Use clientid management rpc_clnt for secinfo_no_name

[Myklebust, Trond]

T24gTW9uLCAyMDEzLTA3LTIyIGF0IDEyOjQyIC0wNDAwLCBhbmRyb3NAbmV0YXBwLmNvbSB3cm90
ZToNCj4gRnJvbTogQW5keSBBZGFtc29uIDxhbmRyb3NAbmV0YXBwLmNvbT4NCj4gDQo+IEFzIHBl
ciBSRkMgNTY2MSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucw0KPiANCj4gQ29tbWl0IDRlZGFhMzA4
ICJORlM6IFVzZSAia3JiNWkiIHRvIGVzdGFibGlzaCBORlN2NCBzdGF0ZSB3aGVuZXZlciBwb3Nz
aWJsZSINCj4gdXNlcyB0aGUgbmZzX2NsaWVudCBjbF9ycGNjbGllbnQgZm9yIGFsbCBjbGllbnRp
ZCBtYW5hZ2VtZW50IG9wZXJhdGlvbnMuDQo+IA0KPiBTaWduZWQtb2ZmLWJ5OiBBbmR5IEFkYW1z
b24gPGFuZHJvc0BuZXRhcHAuY29tPg0KPiAtLS0NCj4gIGZzL25mcy9uZnM0cHJvYy5jIHwgMyAr
Ky0NCj4gIDEgZmlsZSBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkNCj4g
DQo+IGRpZmYgLS1naXQgYS9mcy9uZnMvbmZzNHByb2MuYyBiL2ZzL25mcy9uZnM0cHJvYy5jDQo+
IGluZGV4IDZhMzBhNzIuLjA0NTJiNjEgMTAwNjQ0DQo+IC0tLSBhL2ZzL25mcy9uZnM0cHJvYy5j
DQo+ICsrKyBiL2ZzL25mcy9uZnM0cHJvYy5jDQo+IEBAIC03MDk4LDcgKzcwOTgsOCBAQCBfbmZz
NDFfcHJvY19zZWNpbmZvX25vX25hbWUoc3RydWN0IG5mc19zZXJ2ZXIgKnNlcnZlciwgc3RydWN0
IG5mc19maCAqZmhhbmRsZSwNCj4gIAkJLnJwY19hcmdwID0gJmFyZ3MsDQo+ICAJCS5ycGNfcmVz
cCA9ICZyZXMsDQo+ICAJfTsNCj4gLQlyZXR1cm4gbmZzNF9jYWxsX3N5bmMoc2VydmVyLT5jbGll
bnQsIHNlcnZlciwgJm1zZywgJmFyZ3Muc2VxX2FyZ3MsICZyZXMuc2VxX3JlcywgMCk7DQo+ICsJ
cmV0dXJuIG5mczRfY2FsbF9zeW5jKHNlcnZlci0+bmZzX2NsaWVudC0+Y2xfcnBjY2xpZW50LCBz
ZXJ2ZXIsICZtc2csDQo+ICsJCQkJJmFyZ3Muc2VxX2FyZ3MsICZyZXMuc2VxX3JlcywgMCk7DQo+
ICB9DQo+ICANCj4gIHN0YXRpYyBpbnQNCg0KRGl0dG86IFRoaXMgbmVlZHMgYSBjb2RlIGNvbW1l
bnQuDQoNCi0tIA0KVHJvbmQgTXlrbGVidXN0DQpMaW51eCBORlMgY2xpZW50IG1haW50YWluZXIN
Cg0KTmV0QXBwDQpUcm9uZC5NeWtsZWJ1c3RAbmV0YXBwLmNvbQ0Kd3d3Lm5ldGFwcC5jb20NCg==

Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Myklebust, Trond]

T24gV2VkLCAyMDEzLTA4LTA3IGF0IDE4OjAxICswMDAwLCBBZGFtc29uLCBBbmR5IHdyb3RlOg0K
PiANCj4gT24gQXVnIDcsIDIwMTMsIGF0IDEyOjU0IFBNLCAiTXlrbGVidXN0LCBUcm9uZCINCj4g
PFRyb25kLk15a2xlYnVzdEBuZXRhcHAuY29tPg0KPiAgd3JvdGU6DQo+IA0KPiA+IE9uIE1vbiwg
MjAxMy0wNy0yMiBhdCAxMjo0MiAtMDQwMCwgYW5kcm9zQG5ldGFwcC5jb20gd3JvdGU6DQo+ID4g
PiBGcm9tOiBBbmR5IEFkYW1zb24gPGFuZHJvc0BuZXRhcHAuY29tPg0KPiA+ID4gDQo+ID4gPiBB
cyBwZXIgUkZDIDM1MzAgYW5kIFJGQyA1NjYxIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zLg0KPiA+
ID4gDQo+ID4gPiBDb21taXQgNGVkYWEzMDggIk5GUzogVXNlICJrcmI1aSIgdG8gZXN0YWJsaXNo
IE5GU3Y0IHN0YXRlDQo+ID4gPiB3aGVuZXZlciBwb3NzaWJsZSINCj4gPiA+IHVzZXMgdGhlIG5m
c19jbGllbnQgY2xfcnBjY2xpZW50IGZvciBhbGwgY2xpZW50aWQgbWFuYWdlbWVudA0KPiA+ID4g
b3BlcmF0aW9ucy4NCj4gPiANCj4gPiBXaHk/IA0KPiANCj4gDQo+IFRvIHByb3RlY3QgdGhlIGlu
dGVncml0eSBvZiB0aGUgZnNfbG9jYXRpb25zIHNlcnZlciBsaXN0Lg0KPiANCj4gPiBGcm9tIGEg
c2VjdXJpdHkgcGVyc3BlY3RpdmUsIGhvdyBpcyB0aGlzIGFueSBkaWZmZXJlbnQgZnJvbSBkb2lu
ZyBhDQo+ID4gUkVBRExJTkssIGZvciBpbnN0YW5jZT8NCj4gDQo+IA0KPiBmc19sb2NhdGlvbnMg
ZGlmZmVycyBmcm9tIFJFQURMSU5LIGluIHRoYXQgY29tcHJvbWlzaW5nIHRoZQ0KPiBmc19sb2Nh
dGlvbnMgYXR0cmlidXRlIHNlcnZlciBsaXN0IGNhbiByZXN1bHQgaW4gYWxsIG9mIHRoZSBjbGll
bnQNCj4gdHJhZmZpYyB1bmRlciBhIGp1bmN0aW9uIHJlZGlyZWN0ZWQgYnkgYW4gYXR0YWNrZXIu
DQoNCkkgcmVwZWF0OiBob3cgaXMgdGhpcyBpbiBhbnkgd2F5LCBzaGFwZSBvciBmb3JtIGRpZmZl
cmVudCBmcm9tIFJFQURMSU5LPw0KDQo+IA0KPiBIZXJlIGlzIHRoZSBhdHRhY2sgYXMgZGVzY3Jp
YmVkIGluIDM1MzBiaXMgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMNCj4gc2VjdGlvbjoNCj4gDQo+
IA0KPiAgICBUaGUgc2Vjb25kIG9wZXJhdGlvbiB0aGF0IHNob3VsZCBkZWZpbml0ZWx5IHVzZSBp
bnRlZ3JpdHkgcHJvdGVjdGlvbg0KPiAgICBpcyBhbnkgR0VUQVRUUiBmb3IgdGhlIGZzX2xvY2F0
aW9ucyBhdHRyaWJ1dGUuICBUaGUgYXR0YWNrIGhhcyB0d28NCj4gICAgc3RlcHMuICBGaXJzdCB0
aGUgYXR0YWNrZXIgbW9kaWZpZXMgdGhlIHVucHJvdGVjdGVkIHJlc3VsdHMgb2Ygc29tZQ0KPiAg
ICBvcGVyYXRpb24gdG8gcmV0dXJuIE5GUzRFUlJfTU9WRUQuICBTZWNvbmQsIHdoZW4gdGhlIGNs
aWVudCBmb2xsb3dzDQo+ICAgIHVwIHdpdGggYSBHRVRBVFRSIGZvciB0aGUgZnNfbG9jYXRpb25z
IGF0dHJpYnV0ZSwgdGhlIGF0dGFja2VyDQo+ICAgIG1vZGlmaWVzIHRoZSByZXN1bHRzIHRvIGNh
dXNlIHRoZSBjbGllbnQgbWlncmF0ZSBpdHMgdHJhZmZpYyB0byBhDQo+ICAgIHNlcnZlciBjb250
cm9sbGVkIGJ5IHRoZSBhdHRhY2tlci4NCg0KWW91IGNhbiB0aGUgZXhhY3Qgc2FtZSB0aGluZyBi
eSBjaGFuZ2luZyB0aGUgUkVBRExJTksgcmVzdWx0cy4NCg0KDQotLSANClRyb25kIE15a2xlYnVz
dA0KTGludXggTkZTIGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0
QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAuY29tDQo=

Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Myklebust, Trond]

T24gV2VkLCAyMDEzLTA4LTA3IGF0IDE0OjA0IC0wNDAwLCBUcm9uZCBNeWtsZWJ1c3Qgd3JvdGU6
DQo+IE9uIFdlZCwgMjAxMy0wOC0wNyBhdCAxODowMSArMDAwMCwgQWRhbXNvbiwgQW5keSB3cm90
ZToNCj4gPiANCj4gPiBIZXJlIGlzIHRoZSBhdHRhY2sgYXMgZGVzY3JpYmVkIGluIDM1MzBiaXMg
U2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMNCj4gPiBzZWN0aW9uOg0KPiA+IA0KPiA+IA0KPiA+ICAg
IFRoZSBzZWNvbmQgb3BlcmF0aW9uIHRoYXQgc2hvdWxkIGRlZmluaXRlbHkgdXNlIGludGVncml0
eSBwcm90ZWN0aW9uDQo+ID4gICAgaXMgYW55IEdFVEFUVFIgZm9yIHRoZSBmc19sb2NhdGlvbnMg
YXR0cmlidXRlLiAgVGhlIGF0dGFjayBoYXMgdHdvDQo+ID4gICAgc3RlcHMuICBGaXJzdCB0aGUg
YXR0YWNrZXIgbW9kaWZpZXMgdGhlIHVucHJvdGVjdGVkIHJlc3VsdHMgb2Ygc29tZQ0KPiA+ICAg
IG9wZXJhdGlvbiB0byByZXR1cm4gTkZTNEVSUl9NT1ZFRC4gIFNlY29uZCwgd2hlbiB0aGUgY2xp
ZW50IGZvbGxvd3MNCj4gPiAgICB1cCB3aXRoIGEgR0VUQVRUUiBmb3IgdGhlIGZzX2xvY2F0aW9u
cyBhdHRyaWJ1dGUsIHRoZSBhdHRhY2tlcg0KPiA+ICAgIG1vZGlmaWVzIHRoZSByZXN1bHRzIHRv
IGNhdXNlIHRoZSBjbGllbnQgbWlncmF0ZSBpdHMgdHJhZmZpYyB0byBhDQo+ID4gICAgc2VydmVy
IGNvbnRyb2xsZWQgYnkgdGhlIGF0dGFja2VyLg0KPiANCj4gWW91IGNhbiB0aGUgZXhhY3Qgc2Ft
ZSB0aGluZyBieSBjaGFuZ2luZyB0aGUgUkVBRExJTksgcmVzdWx0cy4NCg0KVGhlIGF0dGFjayBp
czogY2hhbmdlIHRoZSB1bnByb3RlY3RlZCBMT09LVVAgcmVzdWx0cyB0byBwb2ludCB0byBhDQpz
eW1saW5rLCB0aGVuIGZlZWQgJy9uZXQvPGV2aWwtaXAtYWRkcmVzcz4vbXkvZXZpbC9wYXRobmFt
ZScgaW50bw0KUkVBRExJTksuDQoNCk15IHBvaW50IGlzIHRoYXQgaWYgeW91J3JlIG9uIGEgbmV0
d29yayB3aGVyZSB0aGUgYWJvdmUgaXMgYSBwb3RlbnRpYWwNCnRocmVhdCwgdGhlbiB5b3Ugc2hv
dWxkIGJlIHVzaW5nIGtyYjVpIG9yLCBiZXR0ZXIgeWV0LCBrcmI1cCBmb3IgX2FsbF8NCm9wZXJh
dGlvbnMuIEl0J3Mgbm90IHN1ZmZpY2llbnQgdG8gc2luZ2xlIG91dCBmc19sb2NhdGlvbnMgZm9y
IHNwZWNpYWwNCnRyZWF0bWVudC4NCg0KLS0gDQpUcm9uZCBNeWtsZWJ1c3QNCkxpbnV4IE5GUyBj
bGllbnQgbWFpbnRhaW5lcg0KDQpOZXRBcHANClRyb25kLk15a2xlYnVzdEBuZXRhcHAuY29tDQp3
d3cubmV0YXBwLmNvbQ0K

Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Adamson, Andy]

On Aug 7, 2013, at 2:19 PM, "Myklebust, Trond" <Trond.Myklebust@netapp.com>
 wrote:

> On Wed, 2013-08-07 at 14:04 -0400, Trond Myklebust wrote:
>> On Wed, 2013-08-07 at 18:01 +0000, Adamson, Andy wrote:
>>> 
>>> Here is the attack as described in 3530bis Security Considerations
>>> section:
>>> 
>>> 
>>>   The second operation that should definitely use integrity protection
>>>   is any GETATTR for the fs_locations attribute.  The attack has two
>>>   steps.  First the attacker modifies the unprotected results of some
>>>   operation to return NFS4ERR_MOVED.  Second, when the client follows
>>>   up with a GETATTR for the fs_locations attribute, the attacker
>>>   modifies the results to cause the client migrate its traffic to a
>>>   server controlled by the attacker.
>> 
>> You can the exact same thing by changing the READLINK results.
> 
> The attack is: change the unprotected LOOKUP results to point to a
> symlink, then feed '/net/<evil-ip-address>/my/evil/pathname' into
> READLINK.
> 
> My point is that if you're on a network where the above is a potential
> threat, then you should be using krb5i or, better yet, krb5p for _all_
> operations. It's not sufficient to single out fs_locations for special
> treatment.

In that case, why did you accept commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible" ?

-->Andy

> 
> -- 
> Trond Myklebust
> Linux NFS client maintainer
> 
> NetApp
> Trond.Myklebust@netapp.com
> www.netapp.com

Fwd: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Adamson, Andy]

Re-send due to my mailer adding html to the message, and thus being rejected by linux-nfs@vger.kernel.org

-->Andy

Begin forwarded message:

> From: "Adamson, Andy" <William.Adamson@netapp.com>
> Subject: Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations
> Date: August 7, 2013 2:24:31 PM EDT
> To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
> Cc: "Adamson, Andy" <William.Adamson@netapp.com>, "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
> 
> 
> On Aug 7, 2013, at 2:19 PM, "Myklebust, Trond" <Trond.Myklebust@netapp.com>
> wrote:
> 
>> On Wed, 2013-08-07 at 14:04 -0400, Trond Myklebust wrote:
>>> On Wed, 2013-08-07 at 18:01 +0000, Adamson, Andy wrote:
>>>> 
>>>> Here is the attack as described in 3530bis Security Considerations
>>>> section:
>>>> 
>>>> 
>>>>  The second operation that should definitely use integrity protection
>>>>  is any GETATTR for the fs_locations attribute.  The attack has two
>>>>  steps.  First the attacker modifies the unprotected results of some
>>>>  operation to return NFS4ERR_MOVED.  Second, when the client follows
>>>>  up with a GETATTR for the fs_locations attribute, the attacker
>>>>  modifies the results to cause the client migrate its traffic to a
>>>>  server controlled by the attacker.
>>> 
>>> You can the exact same thing by changing the READLINK results.
>> 
>> The attack is: change the unprotected LOOKUP results to point to a
>> symlink, then feed '/net/<evil-ip-address>/my/evil/pathname' into
>> READLINK.
>> 
>> My point is that if you're on a network where the above is a potential
>> threat, then you should be using krb5i or, better yet, krb5p for _all_
>> operations. It's not sufficient to single out fs_locations for special
>> treatment.
> 
> In that case, why did you accept commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible" ?
> 
> -->Andy
> 
>> 
>> -- 
>> Trond Myklebust
>> Linux NFS client maintainer
>> 
>> NetApp
>> Trond.Myklebust@netapp.com
>> www.netapp.com
> 

Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Adamson, Andy]

On Aug 7, 2013, at 2:19 PM, "Myklebust, Trond" <Trond.Myklebust@netapp.com>
 wrote:

> On Wed, 2013-08-07 at 14:04 -0400, Trond Myklebust wrote:
>> On Wed, 2013-08-07 at 18:01 +0000, Adamson, Andy wrote:
>>> 
>>> Here is the attack as described in 3530bis Security Considerations
>>> section:
>>> 
>>> 
>>>   The second operation that should definitely use integrity protection
>>>   is any GETATTR for the fs_locations attribute.  The attack has two
>>>   steps.  First the attacker modifies the unprotected results of some
>>>   operation to return NFS4ERR_MOVED.  Second, when the client follows
>>>   up with a GETATTR for the fs_locations attribute, the attacker
>>>   modifies the results to cause the client migrate its traffic to a
>>>   server controlled by the attacker.
>> 
>> You can the exact same thing by changing the READLINK results.
> 
> The attack is: change the unprotected LOOKUP results to point to a
> symlink, then feed '/net/<evil-ip-address>/my/evil/pathname' into
> READLINK.

Does the linux client actually follow links with embedded IP addresses?

-->Andy

> 
> My point is that if you're on a network where the above is a potential
> threat, then you should be using krb5i or, better yet, krb5p for _all_
> operations. It's not sufficient to single out fs_locations for special
> treatment.
> 
> -- 
> Trond Myklebust
> Linux NFS client maintainer
> 
> NetApp
> Trond.Myklebust@netapp.com
> www.netapp.com

Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Myklebust, Trond]

T24gV2VkLCAyMDEzLTA4LTA3IGF0IDE4OjI0ICswMDAwLCBBZGFtc29uLCBBbmR5IHdyb3RlOg0K
PiBPbiBBdWcgNywgMjAxMywgYXQgMjoxOSBQTSwgIk15a2xlYnVzdCwgVHJvbmQiIDxUcm9uZC5N
eWtsZWJ1c3RAbmV0YXBwLmNvbT4NCj4gIHdyb3RlOg0KPiANCj4gPiBPbiBXZWQsIDIwMTMtMDgt
MDcgYXQgMTQ6MDQgLTA0MDAsIFRyb25kIE15a2xlYnVzdCB3cm90ZToNCj4gPj4gT24gV2VkLCAy
MDEzLTA4LTA3IGF0IDE4OjAxICswMDAwLCBBZGFtc29uLCBBbmR5IHdyb3RlOg0KPiA+Pj4gDQo+
ID4+PiBIZXJlIGlzIHRoZSBhdHRhY2sgYXMgZGVzY3JpYmVkIGluIDM1MzBiaXMgU2VjdXJpdHkg
Q29uc2lkZXJhdGlvbnMNCj4gPj4+IHNlY3Rpb246DQo+ID4+PiANCj4gPj4+IA0KPiA+Pj4gICBU
aGUgc2Vjb25kIG9wZXJhdGlvbiB0aGF0IHNob3VsZCBkZWZpbml0ZWx5IHVzZSBpbnRlZ3JpdHkg
cHJvdGVjdGlvbg0KPiA+Pj4gICBpcyBhbnkgR0VUQVRUUiBmb3IgdGhlIGZzX2xvY2F0aW9ucyBh
dHRyaWJ1dGUuICBUaGUgYXR0YWNrIGhhcyB0d28NCj4gPj4+ICAgc3RlcHMuICBGaXJzdCB0aGUg
YXR0YWNrZXIgbW9kaWZpZXMgdGhlIHVucHJvdGVjdGVkIHJlc3VsdHMgb2Ygc29tZQ0KPiA+Pj4g
ICBvcGVyYXRpb24gdG8gcmV0dXJuIE5GUzRFUlJfTU9WRUQuICBTZWNvbmQsIHdoZW4gdGhlIGNs
aWVudCBmb2xsb3dzDQo+ID4+PiAgIHVwIHdpdGggYSBHRVRBVFRSIGZvciB0aGUgZnNfbG9jYXRp
b25zIGF0dHJpYnV0ZSwgdGhlIGF0dGFja2VyDQo+ID4+PiAgIG1vZGlmaWVzIHRoZSByZXN1bHRz
IHRvIGNhdXNlIHRoZSBjbGllbnQgbWlncmF0ZSBpdHMgdHJhZmZpYyB0byBhDQo+ID4+PiAgIHNl
cnZlciBjb250cm9sbGVkIGJ5IHRoZSBhdHRhY2tlci4NCj4gPj4gDQo+ID4+IFlvdSBjYW4gdGhl
IGV4YWN0IHNhbWUgdGhpbmcgYnkgY2hhbmdpbmcgdGhlIFJFQURMSU5LIHJlc3VsdHMuDQo+ID4g
DQo+ID4gVGhlIGF0dGFjayBpczogY2hhbmdlIHRoZSB1bnByb3RlY3RlZCBMT09LVVAgcmVzdWx0
cyB0byBwb2ludCB0byBhDQo+ID4gc3ltbGluaywgdGhlbiBmZWVkICcvbmV0LzxldmlsLWlwLWFk
ZHJlc3M+L215L2V2aWwvcGF0aG5hbWUnIGludG8NCj4gPiBSRUFETElOSy4NCj4gPiANCj4gPiBN
eSBwb2ludCBpcyB0aGF0IGlmIHlvdSdyZSBvbiBhIG5ldHdvcmsgd2hlcmUgdGhlIGFib3ZlIGlz
IGEgcG90ZW50aWFsDQo+ID4gdGhyZWF0LCB0aGVuIHlvdSBzaG91bGQgYmUgdXNpbmcga3JiNWkg
b3IsIGJldHRlciB5ZXQsIGtyYjVwIGZvciBfYWxsXw0KPiA+IG9wZXJhdGlvbnMuIEl0J3Mgbm90
IHN1ZmZpY2llbnQgdG8gc2luZ2xlIG91dCBmc19sb2NhdGlvbnMgZm9yIHNwZWNpYWwNCj4gPiB0
cmVhdG1lbnQuDQo+IA0KPiBJbiB0aGF0IGNhc2UsIHdoeSBkaWQgeW91IGFjY2VwdCBjb21taXQg
NGVkYWEzMDggIk5GUzogVXNlICJrcmI1aSIgdG8gZXN0YWJsaXNoIE5GU3Y0IHN0YXRlIHdoZW5l
dmVyIHBvc3NpYmxlIiA/DQoNCiAgICAgMS4gVG8gYXZvaWQgdGhlIE5GUzRFUlJfQ0xJRF9JTl9V
U0UgcHJvYmxlbSB3aGVuIHlvdSBjaGFuZ2UgZnJvbQ0KICAgICAgICBvbmUgbW91bnQgYXV0aCBm
bGF2b3VyIHRvIGFub3RoZXIuDQogICAgIDIuIEluIHNjZW5hcmlvcyB3aGVyZSBtaXhlZCBzZWN1
cml0eSBpcyBpbiB1c2UsIHRoZSBzdGF0ZSBtYW5hZ2VyDQogICAgICAgIHNob3VsZCBhbHdheXMg
dXNlIHRoZSBzdHJvbmdlc3Qgc2VjdXJpdHkuIFByZXZpb3VzbHksIHdlIGp1c3QNCiAgICAgICAg
Y2hvc2Ugd2hhdGV2ZXIgc2VjdXJpdHkgZmxhdm91ciB0aGF0IHdhcyB1c2VkIGZpcnN0Lg0KDQot
LSANClRyb25kIE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFw
cA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAuY29tDQo=

Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations

[Myklebust, Trond]

T24gV2VkLCAyMDEzLTA4LTA3IGF0IDE4OjMyICswMDAwLCBBZGFtc29uLCBBbmR5IHdyb3RlOg0K
PiBPbiBBdWcgNywgMjAxMywgYXQgMjoxOSBQTSwgIk15a2xlYnVzdCwgVHJvbmQiIDxUcm9uZC5N
eWtsZWJ1c3RAbmV0YXBwLmNvbT4NCj4gIHdyb3RlOg0KPiANCj4gPiBPbiBXZWQsIDIwMTMtMDgt
MDcgYXQgMTQ6MDQgLTA0MDAsIFRyb25kIE15a2xlYnVzdCB3cm90ZToNCj4gPj4gT24gV2VkLCAy
MDEzLTA4LTA3IGF0IDE4OjAxICswMDAwLCBBZGFtc29uLCBBbmR5IHdyb3RlOg0KPiA+Pj4gDQo+
ID4+PiBIZXJlIGlzIHRoZSBhdHRhY2sgYXMgZGVzY3JpYmVkIGluIDM1MzBiaXMgU2VjdXJpdHkg
Q29uc2lkZXJhdGlvbnMNCj4gPj4+IHNlY3Rpb246DQo+ID4+PiANCj4gPj4+IA0KPiA+Pj4gICBU
aGUgc2Vjb25kIG9wZXJhdGlvbiB0aGF0IHNob3VsZCBkZWZpbml0ZWx5IHVzZSBpbnRlZ3JpdHkg
cHJvdGVjdGlvbg0KPiA+Pj4gICBpcyBhbnkgR0VUQVRUUiBmb3IgdGhlIGZzX2xvY2F0aW9ucyBh
dHRyaWJ1dGUuICBUaGUgYXR0YWNrIGhhcyB0d28NCj4gPj4+ICAgc3RlcHMuICBGaXJzdCB0aGUg
YXR0YWNrZXIgbW9kaWZpZXMgdGhlIHVucHJvdGVjdGVkIHJlc3VsdHMgb2Ygc29tZQ0KPiA+Pj4g
ICBvcGVyYXRpb24gdG8gcmV0dXJuIE5GUzRFUlJfTU9WRUQuICBTZWNvbmQsIHdoZW4gdGhlIGNs
aWVudCBmb2xsb3dzDQo+ID4+PiAgIHVwIHdpdGggYSBHRVRBVFRSIGZvciB0aGUgZnNfbG9jYXRp
b25zIGF0dHJpYnV0ZSwgdGhlIGF0dGFja2VyDQo+ID4+PiAgIG1vZGlmaWVzIHRoZSByZXN1bHRz
IHRvIGNhdXNlIHRoZSBjbGllbnQgbWlncmF0ZSBpdHMgdHJhZmZpYyB0byBhDQo+ID4+PiAgIHNl
cnZlciBjb250cm9sbGVkIGJ5IHRoZSBhdHRhY2tlci4NCj4gPj4gDQo+ID4+IFlvdSBjYW4gdGhl
IGV4YWN0IHNhbWUgdGhpbmcgYnkgY2hhbmdpbmcgdGhlIFJFQURMSU5LIHJlc3VsdHMuDQo+ID4g
DQo+ID4gVGhlIGF0dGFjayBpczogY2hhbmdlIHRoZSB1bnByb3RlY3RlZCBMT09LVVAgcmVzdWx0
cyB0byBwb2ludCB0byBhDQo+ID4gc3ltbGluaywgdGhlbiBmZWVkICcvbmV0LzxldmlsLWlwLWFk
ZHJlc3M+L215L2V2aWwvcGF0aG5hbWUnIGludG8NCj4gPiBSRUFETElOSy4NCj4gDQo+IERvZXMg
dGhlIGxpbnV4IGNsaWVudCBhY3R1YWxseSBmb2xsb3cgbGlua3Mgd2l0aCBlbWJlZGRlZCBJUCBh
ZGRyZXNzZXM/DQoNCklmIHlvdSBoYXZlIGF1dG9mcyBvciBhbWQgcnVubmluZyBvbiB5b3VyIGNs
aWVudCwgdGhlbiBzdXJlLi4uDQoNCi0tIA0KVHJvbmQgTXlrbGVidXN0DQpMaW51eCBORlMgY2xp
ZW50IG1haW50YWluZXINCg0KTmV0QXBwDQpUcm9uZC5NeWtsZWJ1c3RAbmV0YXBwLmNvbQ0Kd3d3
Lm5ldGFwcC5jb20NCg==