netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "bfields@fieldses.org" <bfields@fieldses.org>
To: "wanghai (M)" <wanghai38@huawei.com>
Cc: Trond Myklebust <trondmy@hammerspace.com>,
	"neilb@suse.com" <neilb@suse.com>,
	"jakub.kicinski@netronome.com" <jakub.kicinski@netronome.com>,
	"willy@infradead.org" <willy@infradead.org>,
	"tyhicks@canonical.com" <tyhicks@canonical.com>,
	"davem@davemloft.net" <davem@davemloft.net>,
	"nicolas.dichtel@6wind.com" <nicolas.dichtel@6wind.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"edumazet@google.com" <edumazet@google.com>,
	"jlayton@kernel.org" <jlayton@kernel.org>,
	"ast@kernel.org" <ast@kernel.org>,
	"christian.brauner@ubuntu.com" <christian.brauner@ubuntu.com>,
	"chuck.lever@oracle.com" <chuck.lever@oracle.com>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
	"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>,
	"tom@talpey.com" <tom@talpey.com>,
	"kuba@kernel.org" <kuba@kernel.org>,
	"cong.wang@bytedance.com" <cong.wang@bytedance.com>,
	"dsahern@gmail.com" <dsahern@gmail.com>,
	"timo@rothenpieler.org" <timo@rothenpieler.org>,
	"jiang.wang@bytedance.com" <jiang.wang@bytedance.com>,
	"kuniyu@amazon.co.jp" <kuniyu@amazon.co.jp>,
	"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	"Rao.Shoaib@oracle.com" <Rao.Shoaib@oracle.com>,
	"wenbin.zeng@gmail.com" <wenbin.zeng@gmail.com>,
	"kolga@netapp.com" <kolga@netapp.com>
Subject: Re: [PATCH net 2/2] auth_gss: Fix deadlock that blocks rpcsec_gss_exit_net when use-gss-proxy==1
Date: Tue, 9 Nov 2021 12:21:11 -0500	[thread overview]
Message-ID: <20211109172111.GA5227@fieldses.org> (raw)
In-Reply-To: <ba12c503-401d-9b22-be83-7645c619d9d1@huawei.com>

On Thu, Sep 30, 2021 at 09:56:03AM +0800, wanghai (M) wrote:
> 
> 在 2021/9/30 5:12, bfields@fieldses.org 写道:
> >On Tue, Sep 28, 2021 at 11:43:00AM -0400, bfields@fieldses.org wrote:
> >>On Tue, Sep 28, 2021 at 03:36:58PM +0000, Trond Myklebust wrote:
> >>>What is the use case here? Starting the gssd daemon or knfsd in
> >>>separate chrooted environments? We already know that they have to be
> >>>started in the same net namespace, which pretty much ensures it has to
> >>>be the same container.
> >>Somehow I forgot that knfsd startup is happening in some real process's
> >>context too (not just a kthread).
> >>
> >>OK, great, I agree, that sounds like it should work.

Ugh, took me a while to get back to this and I went down a couple dead
ends.

The result from selinux's point of view is that rpc.nfsd is doing things
it previously only expected gssproxy to do.  Fixable with an update to
selinux policy.  And easily fixed in the meantime by cut-and-pasting the
suggestions from the logs.

Still, the result's that mounts fail when you update the kernel, which
seems a violation of our usual rules about regressions.  I'd like to do
better.

--b.

  reply	other threads:[~2021-11-09 17:21 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-28  3:14 [PATCH net 0/2] auth_gss: Fix netns refcount leaks when use-gss-proxy==1 Wang Hai
2021-09-28  3:14 ` [PATCH net 1/2] net: Modify unix_stream_connect to not reference count the netns of kernel sockets Wang Hai
2021-09-28 12:50   ` Kuniyuki Iwashima
2021-09-28  3:14 ` [PATCH net 2/2] auth_gss: Fix deadlock that blocks rpcsec_gss_exit_net when use-gss-proxy==1 Wang Hai
2021-09-28 13:30   ` Trond Myklebust
2021-09-28 13:49     ` bfields
2021-09-28 14:04       ` Trond Myklebust
2021-09-28 14:17         ` bfields
2021-09-28 14:27           ` Trond Myklebust
2021-09-28 14:57             ` bfields
2021-09-28 15:36               ` Trond Myklebust
2021-09-28 15:43                 ` bfields
2021-09-29 21:12                   ` bfields
2021-09-30  1:56                     ` wanghai (M)
2021-11-09 17:21                       ` bfields [this message]
2021-11-17 19:19                         ` bfields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211109172111.GA5227@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Rao.Shoaib@oracle.com \
    --cc=anna.schumaker@netapp.com \
    --cc=ast@kernel.org \
    --cc=christian.brauner@ubuntu.com \
    --cc=chuck.lever@oracle.com \
    --cc=cong.wang@bytedance.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=edumazet@google.com \
    --cc=jakub.kicinski@netronome.com \
    --cc=jiang.wang@bytedance.com \
    --cc=jlayton@kernel.org \
    --cc=kolga@netapp.com \
    --cc=kuba@kernel.org \
    --cc=kuniyu@amazon.co.jp \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.com \
    --cc=netdev@vger.kernel.org \
    --cc=nicolas.dichtel@6wind.com \
    --cc=timo@rothenpieler.org \
    --cc=tom@talpey.com \
    --cc=trondmy@hammerspace.com \
    --cc=tyhicks@canonical.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=wanghai38@huawei.com \
    --cc=wenbin.zeng@gmail.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).