[RFC PATCH] SUNRPC: connect local transports synchronously

[RFC PATCH] SUNRPC: connect local transports synchronously

[Stanislav Kinsbursky]

Local tranports uses UNIX sockets and connecting of these sockets is done in
context of file system namespace (i.e. task file system root).
Currenly, all sockets connect operations are performed by rpciod work queue,
which actually means, that any service will be registered in the same rpcbind
instance regardless to process file system root.
This is not containers, which usually have it's own nested root. There are 2
approaches, how to solve the problem. First one is to store proper root in
tranport and switch to it in rpciod workqueue function for connect operations.
But this looks ugly. The second one is to connect to unix sockets
synchronously. This aptch implements the last one.

Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>

---
 net/sunrpc/xprtsock.c |   22 +++++++++++++++++++++-
 1 files changed, 21 insertions(+), 1 deletions(-)

diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 55472c4..365cd6d 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -2177,6 +2177,26 @@ out:
 }
 
 /**
+ * xs_local_connect - connect a local (unix) socket to a remote endpoint
+ * @task: address of RPC task that manages state of connect request
+ *
+ * We have to connect unix sockets synchronously. Otherwise this connection
+ * will be done in file system context of rpciod queue, which is not suitable
+ * for processes with other root (changed root is a usual part of environment
+ * for containers).
+ */
+
+static void xs_local_connect(struct rpc_task *task)
+{
+	struct rpc_xprt *xprt = task->tk_xprt;
+	struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
+	struct work_struct *work = &transport->connect_worker.work;
+
+	dprintk("RPC:       xs_local_connect xprt %p\n", xprt);
+	work->func(work);
+}
+
+/**
  * xs_connect - connect a socket to a remote endpoint
  * @task: address of RPC task that manages state of connect request
  *
@@ -2414,7 +2434,7 @@ static struct rpc_xprt_ops xs_local_ops = {
 	.release_xprt		= xs_tcp_release_xprt,
 	.rpcbind		= xs_local_rpcbind,
 	.set_port		= xs_local_set_port,
-	.connect		= xs_connect,
+	.connect		= xs_local_connect,
 	.buf_alloc		= rpc_malloc,
 	.buf_free		= rpc_free,
 	.send_request		= xs_local_send_request,

Re: [RFC PATCH] SUNRPC: connect local transports synchronously

[Myklebust, Trond]

T24gVGh1LCAyMDEyLTAyLTE2IGF0IDE5OjA2ICswNDAwLCBTdGFuaXNsYXYgS2luc2J1cnNreSB3
cm90ZToNCj4gTG9jYWwgdHJhbnBvcnRzIHVzZXMgVU5JWCBzb2NrZXRzIGFuZCBjb25uZWN0aW5n
IG9mIHRoZXNlIHNvY2tldHMgaXMgZG9uZSBpbg0KPiBjb250ZXh0IG9mIGZpbGUgc3lzdGVtIG5h
bWVzcGFjZSAoaS5lLiB0YXNrIGZpbGUgc3lzdGVtIHJvb3QpLg0KPiBDdXJyZW5seSwgYWxsIHNv
Y2tldHMgY29ubmVjdCBvcGVyYXRpb25zIGFyZSBwZXJmb3JtZWQgYnkgcnBjaW9kIHdvcmsgcXVl
dWUsDQo+IHdoaWNoIGFjdHVhbGx5IG1lYW5zLCB0aGF0IGFueSBzZXJ2aWNlIHdpbGwgYmUgcmVn
aXN0ZXJlZCBpbiB0aGUgc2FtZSBycGNiaW5kDQo+IGluc3RhbmNlIHJlZ2FyZGxlc3MgdG8gcHJv
Y2VzcyBmaWxlIHN5c3RlbSByb290Lg0KPiBUaGlzIGlzIG5vdCBjb250YWluZXJzLCB3aGljaCB1
c3VhbGx5IGhhdmUgaXQncyBvd24gbmVzdGVkIHJvb3QuIFRoZXJlIGFyZSAyDQo+IGFwcHJvYWNo
ZXMsIGhvdyB0byBzb2x2ZSB0aGUgcHJvYmxlbS4gRmlyc3Qgb25lIGlzIHRvIHN0b3JlIHByb3Bl
ciByb290IGluDQo+IHRyYW5wb3J0IGFuZCBzd2l0Y2ggdG8gaXQgaW4gcnBjaW9kIHdvcmtxdWV1
ZSBmdW5jdGlvbiBmb3IgY29ubmVjdCBvcGVyYXRpb25zLg0KPiBCdXQgdGhpcyBsb29rcyB1Z2x5
LiBUaGUgc2Vjb25kIG9uZSBpcyB0byBjb25uZWN0IHRvIHVuaXggc29ja2V0cw0KPiBzeW5jaHJv
bm91c2x5LiBUaGlzIGFwdGNoIGltcGxlbWVudHMgdGhlIGxhc3Qgb25lLg0KDQpUaGF0IGFwcHJv
YWNoIGNhbiBmYWxsIGFmb3VsIG9mIHRoZSBzZWxpbnV4IHJlc3RyaWN0aW9ucyBvbiB0aGUgcHJv
Y2Vzcw0KY29udGV4dC4gUHJvY2Vzc2VzIHRoYXQgYXJlIGFsbG93ZWQgdG8gd3JpdGUgZGF0YSwg
bWF5IG5vdCBiZSBhbGxvd2VkIHRvDQpjcmVhdGUgc29ja2V0cyBvciBjYWxsIGNvbm5lY3QoKS4g
VGhhdCBpcyB0aGUgbWFpbiByZWFzb24gZm9yIGRvaW5nIGl0DQppbiB0aGUgcnBjaW9kIGNvbnRl
eHQsIHdoaWNoIGlzIGEgY2xlYW4ga2VybmVsIHByb2Nlc3MgY29udGV4dC4NCg0KLS0gDQpUcm9u
ZCBNeWtsZWJ1c3QNCkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5lcg0KDQpOZXRBcHANClRyb25k
Lk15a2xlYnVzdEBuZXRhcHAuY29tDQp3d3cubmV0YXBwLmNvbQ0KDQo=

Re: [RFC PATCH] SUNRPC: connect local transports synchronously

[Myklebust, Trond]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 1316 bytes --]

On Thu, 2012-02-16 at 19:06 +0400, Stanislav Kinsbursky wrote:
> Local tranports uses UNIX sockets and connecting of these sockets is done in
> context of file system namespace (i.e. task file system root).
> Currenly, all sockets connect operations are performed by rpciod work queue,
> which actually means, that any service will be registered in the same rpcbind
> instance regardless to process file system root.
> This is not containers, which usually have it's own nested root. There are 2
> approaches, how to solve the problem. First one is to store proper root in
> tranport and switch to it in rpciod workqueue function for connect operations.
> But this looks ugly. The second one is to connect to unix sockets
> synchronously. This aptch implements the last one.

That approach can fall afoul of the selinux restrictions on the process
context. Processes that are allowed to write data, may not be allowed to
create sockets or call connect(). That is the main reason for doing it
in the rpciod context, which is a clean kernel process context.

-- 
Trond Myklebust
Linux NFS client maintainer

NetApp
Trond.Myklebust@netapp.com
www.netapp.com

ÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a­¢f£¢·hšïêÿ‘êçz_è®\x03(­éšŽŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥

Re: [RFC PATCH] SUNRPC: connect local transports synchronously

[Myklebust, Trond]

On Thu, 2012-02-16 at 19:06 +0400, Stanislav Kinsbursky wrote:
> Local tranports uses UNIX sockets and connecting of these sockets is done in
> context of file system namespace (i.e. task file system root).
> Currenly, all sockets connect operations are performed by rpciod work queue,
> which actually means, that any service will be registered in the same rpcbind
> instance regardless to process file system root.
> This is not containers, which usually have it's own nested root. There are 2
> approaches, how to solve the problem. First one is to store proper root in
> tranport and switch to it in rpciod workqueue function for connect operations.
> But this looks ugly. The second one is to connect to unix sockets
> synchronously. This aptch implements the last one.

That approach can fall afoul of the selinux restrictions on the process
context. Processes that are allowed to write data, may not be allowed to
create sockets or call connect(). That is the main reason for doing it
in the rpciod context, which is a clean kernel process context.

-- 
Trond Myklebust
Linux NFS client maintainer

NetApp
Trond.Myklebust@netapp.com
www.netapp.com

Re: [RFC PATCH] SUNRPC: connect local transports synchronously

[Stanislav Kinsbursky]

16.02.2012 19:13, Myklebust, Trond пишет:
> On Thu, 2012-02-16 at 19:06 +0400, Stanislav Kinsbursky wrote:
>> Local tranports uses UNIX sockets and connecting of these sockets is done in
>> context of file system namespace (i.e. task file system root).
>> Currenly, all sockets connect operations are performed by rpciod work queue,
>> which actually means, that any service will be registered in the same rpcbind
>> instance regardless to process file system root.
>> This is not containers, which usually have it's own nested root. There are 2
>> approaches, how to solve the problem. First one is to store proper root in
>> tranport and switch to it in rpciod workqueue function for connect operations.
>> But this looks ugly. The second one is to connect to unix sockets
>> synchronously. This aptch implements the last one.
>
> That approach can fall afoul of the selinux restrictions on the process
> context. Processes that are allowed to write data, may not be allowed to
> create sockets or call connect(). That is the main reason for doing it
> in the rpciod context, which is a clean kernel process context.
>

Thanks for explanation, Trond.
So, this connect have to be done in kernel process context.
Now I can see 2 ways how to meet this requirement and reach the goal:

1) Change the fs root for rpciod while connecting.
2) Do not touch rpciod and launch special "connect" kernel thread to perform 
connect operations for unix sockets.

What do you think about this 2 ways above? Which one is less worse from your POW?
Maybe you have even a better solution for the problem?

-- 
Best regards,
Stanislav Kinsbursky