From: Chuck Lever <chuck.lever@oracle.com>
To: Trond.Myklebust@netapp.com
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 13/20] NFS: Fix recovery from NFS4ERR_CLID_INUSE
Date: Thu, 26 Apr 2012 12:24:04 -0400 [thread overview]
Message-ID: <D6859152-CF45-44CC-BB3C-B40CB9FD0BE8@oracle.com> (raw)
In-Reply-To: <20120423205505.11446.28437.stgit@degas.1015granger.net>
On Apr 23, 2012, at 4:55 PM, Chuck Lever wrote:
> For NFSv4 minor version 0, currently the cl_id_uniquifier allows the
> Linux client to generate a unique nfs_client_id4 string whenever a
> server replies with NFS4ERR_CLID_INUSE.
>
> NFS4ERR_CLID_INUSE actually means that the client has presented this
> nfs_client_id4 string with a different authentication flavor in the
> past. Retrying with a different nfs_client_id4 string means the
> client orphans NFSv4 state on the server. This state will take at
> least a whole lease period to be purged.
>
> Change recovery to try the identification operation again with a
> different auth flavor until it works. The retry loop is factored
> out of nfs4_proc_setclientid() and into the state manager, so that
> both mv0 and mv1 client ID establishment is covered by the same
> CLID_INUSE recovery logic.
>
> XXX: On further review, I'm not sure how it would be possible to
> send an nfs_client_id4 with the wrong authentication flavor, since
> the au_name is part of the string itself...
I'm having other doubts about this whole approach.
In the loop in nfs4_reclaim_lease(), the client will need to replace the RPC transport for each retried flavor, and then continue using the transport that worked. New mounts clone their transport from the nfs_client, even if its authentication flavor does not match what might have been specified on the mount. (I haven't checked this, is it true?)
What's more, there's no way a server can identify a re-used nfs_client_id4, since we currently plant the authentication flavor in the nfs_client_id4 string…
In fact, because we generate nfs_client_id4 strings with the flavor built in, won't each flavor used on a mount generate a separate lease on the server?
Talk me down?
>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>
> fs/nfs/nfs4proc.c | 75 ++++++++++++++++++++++++++++++---------------
> fs/nfs/nfs4state.c | 37 ++++++++++++++++++----
> include/linux/nfs_fs_sb.h | 3 +-
> 3 files changed, 81 insertions(+), 34 deletions(-)
>
> diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
> index 8bdc6fd..7ec1b68 100644
> --- a/fs/nfs/nfs4proc.c
> +++ b/fs/nfs/nfs4proc.c
> @@ -3890,6 +3890,37 @@ static void nfs4_init_boot_verifier(const struct nfs_client *clp,
> memcpy(bootverf->data, verf, sizeof(bootverf->data));
> }
>
> +static unsigned int
> +nfs4_init_nonuniform_client_string(const struct nfs_client *clp,
> + char *buf, size_t len)
> +{
> + unsigned int result;
> +
> + rcu_read_lock();
> + result = scnprintf(buf, len, "%s/%s %s %s non-uniform",
> + clp->cl_ipaddr,
> + rpc_peeraddr2str(clp->cl_rpcclient,
> + RPC_DISPLAY_ADDR),
> + rpc_peeraddr2str(clp->cl_rpcclient,
> + RPC_DISPLAY_PROTO),
> + clp->cl_rpcclient->cl_auth->au_ops->au_name);
> + rcu_read_unlock();
> + return result;
> +}
> +
> +/**
> + * nfs4_proc_setclientid - Negotiate client ID
> + * @clp: state data structure
> + * @program: RPC program for NFSv4 callback service
> + * @port: IP port number for NFS4 callback service
> + * @cred: RPC credential to use for this call
> + * @res: where to place the result
> + *
> + * Returns zero or a negative NFS4ERR status code.
> + *
> + * A status of -NFS4ERR_CLID_INUSE means the caller should try
> + * again with a different authentication flavor.
> + */
> int nfs4_proc_setclientid(struct nfs_client *clp, u32 program,
> unsigned short port, struct rpc_cred *cred,
> struct nfs4_setclientid_res *res)
> @@ -3906,41 +3937,30 @@ int nfs4_proc_setclientid(struct nfs_client *clp, u32 program,
> .rpc_resp = res,
> .rpc_cred = cred,
> };
> - int loop = 0;
> int status;
>
> + /* Client ID */
> nfs4_init_boot_verifier(clp, &sc_verifier);
> + setclientid.sc_name_len = nfs4_init_nonuniform_client_string(clp,
> + setclientid.sc_name,
> + sizeof(setclientid.sc_name));
>
> - for(;;) {
> - rcu_read_lock();
> - setclientid.sc_name_len = scnprintf(setclientid.sc_name,
> - sizeof(setclientid.sc_name), "%s/%s %s %s %u",
> - clp->cl_ipaddr,
> - rpc_peeraddr2str(clp->cl_rpcclient,
> - RPC_DISPLAY_ADDR),
> - rpc_peeraddr2str(clp->cl_rpcclient,
> - RPC_DISPLAY_PROTO),
> - clp->cl_rpcclient->cl_auth->au_ops->au_name,
> - clp->cl_id_uniquifier);
> - setclientid.sc_netid_len = scnprintf(setclientid.sc_netid,
> + /* Callback info */
> + rcu_read_lock();
> + setclientid.sc_netid_len = scnprintf(setclientid.sc_netid,
> sizeof(setclientid.sc_netid),
> rpc_peeraddr2str(clp->cl_rpcclient,
> RPC_DISPLAY_NETID));
> - setclientid.sc_uaddr_len = scnprintf(setclientid.sc_uaddr,
> + rcu_read_unlock();
> + setclientid.sc_uaddr_len = scnprintf(setclientid.sc_uaddr,
> sizeof(setclientid.sc_uaddr), "%s.%u.%u",
> clp->cl_ipaddr, port >> 8, port & 255);
> - rcu_read_unlock();
>
> - status = rpc_call_sync(clp->cl_rpcclient, &msg, RPC_TASK_TIMEOUT);
> - if (status != -NFS4ERR_CLID_INUSE)
> - break;
> - if (loop != 0) {
> - ++clp->cl_id_uniquifier;
> - break;
> - }
> - ++loop;
> - ssleep(clp->cl_lease_time / HZ + 1);
> - }
> + status = rpc_call_sync(clp->cl_rpcclient, &msg, RPC_TASK_TIMEOUT);
> +
> + dprintk("%s: nfs_client_id4 '%.*s' (status %d)\n",
> + __func__, setclientid.sc_name_len, setclientid.sc_name,
> + status);
> return status;
> }
>
> @@ -5008,6 +5028,11 @@ nfs41_same_server_scope(struct nfs41_server_scope *a,
> /*
> * nfs4_proc_exchange_id()
> *
> + * Returns zero or a negative NFS4ERR status code.
> + *
> + * A status of -NFS4ERR_CLID_INUSE means the caller should try
> + * again with a different authentication flavor.
> + *
> * Since the clientid has expired, all compounds using sessions
> * associated with the stale clientid will be returning
> * NFS4ERR_BADSESSION in the sequence operation, and will therefore
> diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
> index 7f56502..6a1a305 100644
> --- a/fs/nfs/nfs4state.c
> +++ b/fs/nfs/nfs4state.c
> @@ -1576,19 +1576,42 @@ static int nfs4_reclaim_lease(struct nfs_client *clp)
> struct rpc_cred *cred;
> const struct nfs4_state_recovery_ops *ops =
> clp->cl_mvops->reboot_recovery_ops;
> - int status = -ENOENT;
> + rpc_authflavor_t flavors[NFS_MAX_SECFLAVORS];
> + int i, len, status;
>
> + i = 0;
> + len = gss_mech_list_pseudoflavors(flavors);
> +
> +again:
> + status = -ENOENT;
> cred = ops->get_clid_cred(clp);
> if (cred != NULL) {
> status = ops->establish_clid(clp, cred);
> put_rpccred(cred);
> - /* Handle case where the user hasn't set up machine creds */
> - if (status == -EACCES && cred == clp->cl_machine_cred) {
> - nfs4_clear_machine_cred(clp);
> - status = -EAGAIN;
> - }
> - if (status == -NFS4ERR_MINOR_VERS_MISMATCH)
> + switch (status) {
> + case 0:
> + break;
> + case -EACCES: /* the user hasn't set up machine creds */
> + if (cred == clp->cl_machine_cred) {
> + nfs4_clear_machine_cred(clp);
> + status = -EAGAIN;
> + }
> + break;
> + case -NFS4ERR_CLID_INUSE:
> + case -NFS4ERR_WRONGSEC:
> + /*
> + * XXX: "flavors" is unordered; the client should
> + * prefer krb5p for this transport
> + */
> + if (i < len && rpcauth_create(flavors[i++],
> + clp->cl_rpcclient) != NULL)
> + goto again;
> + status = -EPERM;
> + break;
> + case -NFS4ERR_MINOR_VERS_MISMATCH:
> status = -EPROTONOSUPPORT;
> + break;
> + }
> }
> return status;
> }
> diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h
> index b246582..1c4c174 100644
> --- a/include/linux/nfs_fs_sb.h
> +++ b/include/linux/nfs_fs_sb.h
> @@ -65,10 +65,9 @@ struct nfs_client {
> struct idmap * cl_idmap;
>
> /* Our own IP address, as a null-terminated string.
> - * This is used to generate the clientid, and the callback address.
> + * This is used to generate the mv0 callback address.
> */
> char cl_ipaddr[48];
> - unsigned char cl_id_uniquifier;
> u32 cl_cb_ident; /* v4.0 callback identifier */
> const struct nfs4_minor_version_ops *cl_mvops;
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
next prev parent reply other threads:[~2012-04-26 16:24 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-23 20:53 [PATCH 01/20] NFS: Fix comment misspelling in struct nfs_client definition Chuck Lever
2012-04-23 20:53 ` [PATCH 02/20] NFS: Use proper naming conventions for NFSv4.1 server scope fields Chuck Lever
2012-04-23 20:53 ` [PATCH 03/20] NFS: Use proper naming conventions for nfs_client.impl_id field Chuck Lever
2012-04-23 20:53 ` [PATCH 04/20] NFS: Use proper naming conventions for the nfs_client.net field Chuck Lever
2012-04-23 20:53 ` [PATCH 05/20] NFS: Clean up return code checking in nfs4_proc_exchange_id() Chuck Lever
2012-04-23 21:07 ` Myklebust, Trond
2012-04-23 20:54 ` [PATCH 06/20] NFS: Remove nfs_unique_id Chuck Lever
2012-04-23 20:54 ` [PATCH 07/20] NFS: Don't swap bytes in nfs4_construct_boot_verifier() Chuck Lever
2012-04-23 20:54 ` [PATCH 08/20] NFS: Fix NFSv4 BAD_SEQID recovery Chuck Lever
2012-04-23 20:54 ` [PATCH 09/20] NFS: Force server to drop NFSv4 state Chuck Lever
2012-04-23 21:13 ` Myklebust, Trond
2012-04-23 21:18 ` Chuck Lever
2012-04-23 20:54 ` [PATCH 10/20] NFS: Always use the same SETCLIENTID boot verifier Chuck Lever
2012-04-23 20:54 ` [PATCH 11/20] NFS: Refactor nfs_get_client(): add nfs_found_client() Chuck Lever
2012-04-23 20:54 ` [PATCH 12/20] NFS: Refactor nfs_get_client(): initialize nfs_client Chuck Lever
2012-04-23 20:55 ` [PATCH 13/20] NFS: Fix recovery from NFS4ERR_CLID_INUSE Chuck Lever
2012-04-26 16:24 ` Chuck Lever [this message]
2012-04-26 16:55 ` Myklebust, Trond
2012-04-26 18:43 ` Chuck Lever
2012-04-26 18:53 ` Myklebust, Trond
2012-04-26 18:57 ` Myklebust, Trond
2012-04-26 19:04 ` Chuck Lever
2012-04-26 19:14 ` Myklebust, Trond
2012-04-26 19:46 ` Chuck Lever
2012-04-26 19:57 ` Myklebust, Trond
2012-04-23 20:55 ` [PATCH 14/20] NFS: Add nfs_client behavior flags Chuck Lever
2012-04-23 20:55 ` [PATCH 15/20] NFS: Introduce "migration" mount option Chuck Lever
2012-04-23 20:55 ` [PATCH 16/20] NFS: Use the same nfs_client_id4 for every server Chuck Lever
2012-04-23 20:55 ` [PATCH 17/20] NFS: EXCHANGE_ID should save the server major and minor ID Chuck Lever
2012-04-23 20:55 ` [PATCH 18/20] NFS: Detect NFSv4 server trunking when mounting Chuck Lever
2012-04-23 21:27 ` Myklebust, Trond
2012-04-23 21:43 ` Chuck Lever
2012-04-23 21:47 ` Chuck Lever
2012-04-23 21:56 ` Myklebust, Trond
2012-04-23 20:56 ` [PATCH 19/20] NFS: Add nfs4_unique_id boot parameter Chuck Lever
2012-04-23 20:56 ` [PATCH 20/20] NFS: Clean up debugging messages in fs/nfs/client.c Chuck Lever
2012-04-23 21:23 ` Malahal Naineni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D6859152-CF45-44CC-BB3C-B40CB9FD0BE8@oracle.com \
--to=chuck.lever@oracle.com \
--cc=Trond.Myklebust@netapp.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.