From: Trond Myklebust <Trond.Myklebust@netapp.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org, nfsv4@linux-nfs.org
Subject: Re: [PATCH] sunrpc: on successful gss error pipe write, don't return error
Date: Fri, 18 Dec 2009 09:47:52 -0500 [thread overview]
Message-ID: <1261147672.3229.14.camel@localhost> (raw)
In-Reply-To: <20091218093912.1c426ad6-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
On Fri, 2009-12-18 at 09:39 -0500, Jeff Layton wrote:
> Yeah, we could do that with the existing code. I sort of don't like
> that because it's hard to know if other functions could eventually
> return an EACCES for another reason and then that error would bubble up
> to this function. If you think it's the right thing to do though, I'm
> OK with it.
The error EACCES means 'you are not authorised'. I don't see how it can
be ambiguous here.
> FWIW: The reason I'm poking around in here is because I'm taking a stab
> at fixing the problem where syscalls start returning errors when a krb5
> ticket expires.
>
> As part of that, I want to have gssd send a more granular error code
> and have the kernel adjust what it does accordingly. I'd like to have
> it retry the upcall indefinitely when there's an expired credcache, and
> return an error when there's no credcache at all).
That makes sense.
> Without a separate downcall error field, we'll need to special case at
> least 2 different errors -- one for a "real" EACCES and one that
> indicates that the ticket expired and the upcall should be retried
> instead.
We can find another error for the 'ticket expired' case. EKEYEXPIRED
springs to mind...
> > BTW: while looking at this, I spotted a nasty bug in
> > gss_import_sec_context_kerberos(). If the kzalloc() call fails, we will
> > return a random error code since 'p' still points to a valid memory
> > location...
>
> Good catch. Do you want fix that one, or should I?
>
I can do it, if you like.
Trond
next prev parent reply other threads:[~2009-12-18 14:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-18 13:56 [PATCH] sunrpc: on successful gss error pipe write, don't return error Jeff Layton
2009-12-18 14:11 ` Trond Myklebust
2009-12-18 14:39 ` Jeff Layton
[not found] ` <20091218093912.1c426ad6-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2009-12-18 14:47 ` Trond Myklebust [this message]
2009-12-18 15:12 ` Trond Myklebust
2009-12-18 15:37 ` Jeff Layton
[not found] ` <20091218103723.38510cce-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2009-12-18 18:30 ` Trond Myklebust
2009-12-18 19:14 ` Jeff Layton
2009-12-18 19:42 ` Trond Myklebust
2009-12-18 15:25 ` Jeff Layton
2009-12-18 16:25 ` Jeff Layton
2009-12-18 19:33 ` Trond Myklebust
2009-12-18 20:14 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1261147672.3229.14.camel@localhost \
--to=trond.myklebust@netapp.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=nfsv4@linux-nfs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.