* Re: [REGRESSION PATCH] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO
2010-08-30 12:10 ` Uwe Kleine-König
@ 2010-08-30 12:33 ` Uwe Kleine-König
2010-08-30 13:50 ` Trond Myklebust
2010-09-01 8:52 ` [REGRESSION PATCH v2] " Uwe Kleine-König
2 siblings, 0 replies; 10+ messages in thread
From: Uwe Kleine-König @ 2010-08-30 12:33 UTC (permalink / raw)
To: Neil Brown
Cc: Randy Dunlap, Trond Myklebust, Linus Torvalds, akpm, linux-kernel,
J. Bruce Fields, linux-nfs
On Mon, Aug 30, 2010 at 02:10:22PM +0200, Uwe Kleine-König wrote:
> On Mon, Aug 30, 2010 at 08:36:59PM +1000, Neil Brown wrote:
> > On Mon, 30 Aug 2010 10:26:18 +0200
> > Uwe Kleine-König <u.kleine-koenig@pengutronix.de> wrote:
> >
> > > [extending Cc: to contain Neil and linux-nfs]
> > >
> > > On Fri, Aug 27, 2010 at 08:11:39AM +0200, Uwe Kleine-König wrote:
> > > > On Wed, Aug 25, 2010 at 11:05:19AM +0200, Uwe Kleine-König wrote:
> >
> > I would tend to wait more than 2 days between pings..
>
> ukl@octopus:~/gsrc/linux-2.6$ git rev-parse linus/master
> 2bfc96a127bc1cc94d26bfaa40159966064f9c8c
> ukl@octopus:~/gsrc/linux-2.6$ git grep -E CRYPTO= linus/master arch/arm/configs/ | wc -l
> 6
> ukl@octopus:~/gsrc/linux-2.6$ git grep -E NFSD?_V4 linus/master arch/arm/configs/ | wc -l
> 37
This is wrong, because the last line counts configs having both NFSD_V4
and NFS_V4 twice. There are "only" 31 that have at least one of NFSD_V4
and NFS_V4. But only one of these (at572d940hfek_defconfig) has CRYPTO
set, too.
> So I think that at least 31 arm-defconfigs don't build because of this
> issue. And as this kind of error greatly hurts automatic bisection I
> thought this to be critical enough to be a bit impatient.
To extend the test to non-ARM land:
ukl@octopus:~/gsrc/linux-2.6$ git ls-tree -r --name-only linus/master | grep defconfig | xargs grep -l -E 'CONFIG_NFSD?_V4=' | xargs grep -L CONFIG_CRYPTO= | wc -l
108
(Thinking about it again probably not all of them are broken, because
there might be other symbols selecting CRYPTO.)
Best regards
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | http://www.pengutronix.de/ |
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [REGRESSION PATCH] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO
2010-08-30 12:10 ` Uwe Kleine-König
2010-08-30 12:33 ` Uwe Kleine-König
@ 2010-08-30 13:50 ` Trond Myklebust
2010-08-30 14:36 ` Uwe Kleine-König
2010-09-01 8:52 ` [REGRESSION PATCH v2] " Uwe Kleine-König
2 siblings, 1 reply; 10+ messages in thread
From: Trond Myklebust @ 2010-08-30 13:50 UTC (permalink / raw)
To: Uwe Kleine-König
Cc: Neil Brown, Randy Dunlap, Linus Torvalds, akpm, linux-kernel,
J. Bruce Fields, linux-nfs
On Mon, 2010-08-30 at 14:10 +0200, Uwe Kleine-König wrote:
> On Mon, Aug 30, 2010 at 08:36:59PM +1000, Neil Brown wrote:
> > On Mon, 30 Aug 2010 10:26:18 +0200
> > Uwe Kleine-König <u.kleine-koenig@pengutronix.de> wrote:
> >
> > > [extending Cc: to contain Neil and linux-nfs]
> > >
> > > On Fri, Aug 27, 2010 at 08:11:39AM +0200, Uwe Kleine-König wrote:
> > > > On Wed, Aug 25, 2010 at 11:05:19AM +0200, Uwe Kleine-König wrote:
> >
> > I would tend to wait more than 2 days between pings..
>
> ukl@octopus:~/gsrc/linux-2.6$ git rev-parse linus/master
> 2bfc96a127bc1cc94d26bfaa40159966064f9c8c
> ukl@octopus:~/gsrc/linux-2.6$ git grep -E CRYPTO= linus/master arch/arm/configs/ | wc -l
> 6
> ukl@octopus:~/gsrc/linux-2.6$ git grep -E NFSD?_V4 linus/master arch/arm/configs/ | wc -l
> 37
>
> So I think that at least 31 arm-defconfigs don't build because of this
> issue. And as this kind of error greatly hurts automatic bisection I
> thought this to be critical enough to be a bit impatient.
So, why aren't you first and foremost fixing the damned arm-defconfigs?
They are clearly broken if they are auto-selecting NFSv4 without CRYPTO
and RPCSEC_GSS.
> > > > > This is a follow up to
> > > > >
> > > > > df486a2 (NFS: Fix the selection of security flavours in Kconfig)
> > > > >
> > > > > which broke (among others) arm/mx1_defconfig.
> > > > >
> > > > > Moreover let NFS_V4 select RPCSEC_GSS_KRB5 again as it was before
> > > > > df486a2. This make the dependency more explicit than relying on the no
> > > > > prompt + default y if !(NFS_V4 || NFSD_V4).
> >
> > Maybe if you said a little bit about how it broke?
> LD .tmp_vmlinux1
> fs/built-in.o: In function `nfs_callback_authenticate':
> compr_zlib.c:(.text+0x7c040): undefined reference to `svc_gss_principal'
> make[2]: *** [.tmp_vmlinux1] Error 1
> make[1]: *** [sub-make] Error 2
> make: *** [all] Error 2
>
> I can add this to the commit log.
This is exactly the problem that Randy was seeing _before_ commit
df486a2, so just reverting that patch by adding the selects back into
NFSv4 is wrong.
The right thing to do here (aside from fixing the crummy defconfigs) is
rather to fix nfs_callback_authenticate() to stop depending on GSS
private interfaces such as svc_gss_principal().
> > And I'm not sure of the point of the "recursive dependency" comment below...
> I added this because if kconfig were a bit smarter it would select
> CRYPTO, too, if asked to select RPCSEC_GSS_KRB5. On the
> linux-arm-kernel ML Catalin Marinas already thought about making kconfig
> smarter and so I wanted to mark the symbol.
>
> > I don't fully understand all the issues behind choosing between 'depends' and
> > 'select' (why isn't is 'selects' I wonder - that would be more consistent...)
> I think it's an imperative, not a normal present tense?! And note this
> is different. Here it's not depend vs. select but select vs.
>
> config SOMESYMBOL
> prompt "sometext" if !(NFS_V4 || NFSD_V4)
> default y
>
> So a dependency for NFS_V4 is hidden in net/sunrpc/Kconfig.
You are simply not supposed to be given the option of turning it off if
NFSv4 is selected.
Trond
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [REGRESSION PATCH] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO
2010-08-30 13:50 ` Trond Myklebust
@ 2010-08-30 14:36 ` Uwe Kleine-König
0 siblings, 0 replies; 10+ messages in thread
From: Uwe Kleine-König @ 2010-08-30 14:36 UTC (permalink / raw)
To: Trond Myklebust
Cc: Neil Brown, Randy Dunlap, Linus Torvalds, akpm, linux-kernel,
J. Bruce Fields, linux-nfs
Hello Trond,
On Mon, Aug 30, 2010 at 09:50:24AM -0400, Trond Myklebust wrote:
> On Mon, 2010-08-30 at 14:10 +0200, Uwe Kleine-König wrote:
> > On Mon, Aug 30, 2010 at 08:36:59PM +1000, Neil Brown wrote:
> > > On Mon, 30 Aug 2010 10:26:18 +0200
> > > Uwe Kleine-König <u.kleine-koenig@pengutronix.de> wrote:
> > >
> > > > [extending Cc: to contain Neil and linux-nfs]
> > > >
> > > > On Fri, Aug 27, 2010 at 08:11:39AM +0200, Uwe Kleine-König wrote:
> > > > > On Wed, Aug 25, 2010 at 11:05:19AM +0200, Uwe Kleine-König wrote:
> > >
> > > I would tend to wait more than 2 days between pings..
> >
> > ukl@octopus:~/gsrc/linux-2.6$ git rev-parse linus/master
> > 2bfc96a127bc1cc94d26bfaa40159966064f9c8c
> > ukl@octopus:~/gsrc/linux-2.6$ git grep -E CRYPTO= linus/master arch/arm/configs/ | wc -l
> > 6
> > ukl@octopus:~/gsrc/linux-2.6$ git grep -E NFSD?_V4 linus/master arch/arm/configs/ | wc -l
> > 37
> >
> > So I think that at least 31 arm-defconfigs don't build because of this
> > issue. And as this kind of error greatly hurts automatic bisection I
> > thought this to be critical enough to be a bit impatient.
>
> So, why aren't you first and foremost fixing the damned arm-defconfigs?
They are not broken. The problem is that it's possible to configure a
kernel that doesn't build. Note the config resulting from the
mx1_defconfig target fully conform to the restrictions expressed in the
Kconfig files even if arch/arm/configs/mx1_defconfig doesn't. So if
NFS_V4 was selecting CRYPTO (or CRYPTO would default to y in the
presence of NFS_V4) mx1_defconfig would enable it implicitly.
> They are clearly broken if they are auto-selecting NFSv4 without CRYPTO
> and RPCSEC_GSS.
>
> > > > > > This is a follow up to
> > > > > >
> > > > > > df486a2 (NFS: Fix the selection of security flavours in Kconfig)
> > > > > >
> > > > > > which broke (among others) arm/mx1_defconfig.
> > > > > >
> > > > > > Moreover let NFS_V4 select RPCSEC_GSS_KRB5 again as it was before
> > > > > > df486a2. This make the dependency more explicit than relying on the no
> > > > > > prompt + default y if !(NFS_V4 || NFSD_V4).
> > >
> > > Maybe if you said a little bit about how it broke?
> > LD .tmp_vmlinux1
> > fs/built-in.o: In function `nfs_callback_authenticate':
> > compr_zlib.c:(.text+0x7c040): undefined reference to `svc_gss_principal'
> > make[2]: *** [.tmp_vmlinux1] Error 1
> > make[1]: *** [sub-make] Error 2
> > make: *** [all] Error 2
> >
> > I can add this to the commit log.
>
> This is exactly the problem that Randy was seeing _before_ commit
> df486a2, so just reverting that patch by adding the selects back into
> NFSv4 is wrong.
If NFSD_V4 selects RPCSEC_GSS_KRB5 which in turn selects SUNRPC_GSS the
latter should be enabled in all builds that have NFSD_V4=y (assuming all
dependencies are fulfilled), no?
The problem that needed fixing before your commit was that
RPCSEC_GSS_KRB5 depended on EXPERIMENTAL while NFS_V4 did not (and so
the select RPCSEC_GSS_KRB5 done by NFS_V4 didn't work if EXPERIMENTAL
was unset.) So the minimal fix would have been to remove the "&&
EXPERIMENTAL" from RPCSEC_GSS_KRB5.
Your commit additionally did the following:
- change the default of RPCSEC_GSS_KRB5 to y if !(NFS_V4 || NFSD_V4)
- let RPCSEC_GSS_KRB5 depend on CRYPTO (was *select* CRYPTO before)
- express the dependency NFSD_V4 -> RPCSEC_GSS_KRB5 at the latter
symbol (was expressed at NFSD_V4 before)
So because of the second change listed above now my situation is similar
to Randy's earlier, but my problem is I don't have CRYPTO while Randy's
was that he didn't have EXPERIMENTAL. (That's what I guess, I didn't
read the corresponding thread.)
Subsuming the situation your commit fixed a problem but introduced a
very similar one.
> The right thing to do here (aside from fixing the crummy defconfigs) is
> rather to fix nfs_callback_authenticate() to stop depending on GSS
> private interfaces such as svc_gss_principal().
That would be OK for me, too. Do you do it? I guess this has to wait
for the next merge window, so I suggest to still take my patch.
> > > And I'm not sure of the point of the "recursive dependency" comment below...
> > I added this because if kconfig were a bit smarter it would select
> > CRYPTO, too, if asked to select RPCSEC_GSS_KRB5. On the
> > linux-arm-kernel ML Catalin Marinas already thought about making kconfig
> > smarter and so I wanted to mark the symbol.
> >
> > > I don't fully understand all the issues behind choosing between 'depends' and
> > > 'select' (why isn't is 'selects' I wonder - that would be more consistent...)
> > I think it's an imperative, not a normal present tense?! And note this
> > is different. Here it's not depend vs. select but select vs.
> >
> > config SOMESYMBOL
> > prompt "sometext" if !(NFS_V4 || NFSD_V4)
> > default y
> >
> > So a dependency for NFS_V4 is hidden in net/sunrpc/Kconfig.
>
> You are simply not supposed to be given the option of turning it off if
> NFSv4 is selected.
I understand your construct, but I think it's non sensible to do it this
way. You're hiding a dependency of NFS_V4 this way (to the developper,
not the user configuring the kernel).
Best regards
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | http://www.pengutronix.de/ |
^ permalink raw reply [flat|nested] 10+ messages in thread
* [REGRESSION PATCH v2] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO
2010-08-30 12:10 ` Uwe Kleine-König
2010-08-30 12:33 ` Uwe Kleine-König
2010-08-30 13:50 ` Trond Myklebust
@ 2010-09-01 8:52 ` Uwe Kleine-König
2010-09-01 13:17 ` Trond Myklebust
2 siblings, 1 reply; 10+ messages in thread
From: Uwe Kleine-König @ 2010-09-01 8:52 UTC (permalink / raw)
To: linux-nfs, linux-kernel
Cc: akpm, J. Bruce Fields, Trond Myklebust, Randy Dunlap, Neil Brown,
Linus Torvalds
Hello,
here comes a v2 of the patch that improves the commit log with a more
detailed analysis of the breakage introduced by df486a2
(= v2.6.36-rc2~34^2~1 BTW) and additionally undoes the "default y" for
RPCSEC_GSS_KRB5.
So compared to the state before df486a2 the changes are:
NFS_V4 selects CRYPTO
NFSD_V4 selects CRYPTO
RPCSEC_GSS_KRB5 doesn't depend on EXPERIMENTAL anymore
RPCSEC_GSS_KRB5 now depends on CRYPTO instead of selecting it
Best regards
Uwe
----------------------------->8----------------------------
This is a follow up to
df486a2 (NFS: Fix the selection of security flavours in Kconfig)
Before df486a2 NFS_V4 selected RPCSEC_GSS_KRB5 but didn't enforce the
latter's dependency EXPERIMENTAL. df486a2 removed RPCSEC_GSS_KRB5's
dependency on EXPERIMENTAL but additionally let it depend on CRYPTO
(instead of select CRYPTO before). So it was still possible to have a
config that has NFS_V4 but not RPCSEC_GSS_KRB5. Moreover df486a2
changed the dependency of NFS_V4 and NFSD_V4 on RPCSEC_GSS_KRB5 from
config NFS_V4
...
select RPCSEC_GSS_KRB5
to
config RPCSEC_GSS_KRB5
...
prompt "..." if !(NFS_V4 || NFSD_V4)
default y
This works but is ugly as it hides the dependencies of NFSD?_V4 in a
different Kconfig file. So this is undone here, too.
The following ARM defconfigs were affected by this problem:
mx1 pxa3xx qil-a9260 usb-a9260 usb-a9263
These builds ended in:
LD init/built-in.o
LD .tmp_vmlinux1
fs/built-in.o: In function `nfs_callback_authenticate':
compr_zlib.c:(.text+0x7c040): undefined reference to `svc_gss_principal'
make[2]: *** [.tmp_vmlinux1] Error 1
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
---
fs/nfs/Kconfig | 2 ++
fs/nfsd/Kconfig | 2 ++
net/sunrpc/Kconfig | 6 ++----
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
index 6c2aad4..5b9f870 100644
--- a/fs/nfs/Kconfig
+++ b/fs/nfs/Kconfig
@@ -63,6 +63,8 @@ config NFS_V3_ACL
config NFS_V4
bool "NFS client support for NFS version 4"
depends on NFS_FS
+ select CRYPTO # recursive select: RPCSEC_GSS_KRB5 depends on CRYPTO
+ select RPCSEC_GSS_KRB5
help
This option enables support for version 4 of the NFS protocol
(RFC 3530) in the kernel's NFS client.
diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
index 95932f5..3678a16 100644
--- a/fs/nfsd/Kconfig
+++ b/fs/nfsd/Kconfig
@@ -69,6 +69,8 @@ config NFSD_V4
depends on NFSD && PROC_FS && EXPERIMENTAL
select NFSD_V3
select FS_POSIX_ACL
+ select CRYPTO # recursive select: RPCSEC_GSS_KRB5 depends on CRYPTO
+ select RPCSEC_GSS_KRB5
help
This option enables support in your system's NFS server for
version 4 of the NFS protocol (RFC 3530).
diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig
index 3376d76..523be24 100644
--- a/net/sunrpc/Kconfig
+++ b/net/sunrpc/Kconfig
@@ -18,10 +18,8 @@ config SUNRPC_XPRT_RDMA
If unsure, say N.
config RPCSEC_GSS_KRB5
- tristate
+ tristate "Secure RPC: Kerberos V mechanism"
depends on SUNRPC && CRYPTO
- prompt "Secure RPC: Kerberos V mechanism" if !(NFS_V4 || NFSD_V4)
- default y
select SUNRPC_GSS
select CRYPTO_MD5
select CRYPTO_DES
@@ -35,7 +33,7 @@ config RPCSEC_GSS_KRB5
available from http://linux-nfs.org/. In addition, user-space
Kerberos support should be installed.
- If unsure, say Y.
+ If unsure, say N.
config RPCSEC_GSS_SPKM3
tristate "Secure RPC: SPKM3 mechanism (EXPERIMENTAL)"
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [REGRESSION PATCH v2] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO
2010-09-01 8:52 ` [REGRESSION PATCH v2] " Uwe Kleine-König
@ 2010-09-01 13:17 ` Trond Myklebust
2010-09-01 13:50 ` Uwe Kleine-König
0 siblings, 1 reply; 10+ messages in thread
From: Trond Myklebust @ 2010-09-01 13:17 UTC (permalink / raw)
To: Uwe Kleine-König
Cc: linux-nfs, linux-kernel, akpm, J. Bruce Fields, Randy Dunlap,
Neil Brown, Linus Torvalds
On Wed, 2010-09-01 at 10:52 +0200, Uwe Kleine-König wrote:
> Hello,
>
> here comes a v2 of the patch that improves the commit log with a more
> detailed analysis of the breakage introduced by df486a2
> (= v2.6.36-rc2~34^2~1 BTW) and additionally undoes the "default y" for
> RPCSEC_GSS_KRB5.
>
> So compared to the state before df486a2 the changes are:
>
> NFS_V4 selects CRYPTO
> NFSD_V4 selects CRYPTO
> RPCSEC_GSS_KRB5 doesn't depend on EXPERIMENTAL anymore
> RPCSEC_GSS_KRB5 now depends on CRYPTO instead of selecting it
>
> Best regards
> Uwe
>
> ----------------------------->8----------------------------
>
> This is a follow up to
>
> df486a2 (NFS: Fix the selection of security flavours in Kconfig)
>
> Before df486a2 NFS_V4 selected RPCSEC_GSS_KRB5 but didn't enforce the
> latter's dependency EXPERIMENTAL. df486a2 removed RPCSEC_GSS_KRB5's
> dependency on EXPERIMENTAL but additionally let it depend on CRYPTO
> (instead of select CRYPTO before). So it was still possible to have a
> config that has NFS_V4 but not RPCSEC_GSS_KRB5. Moreover df486a2
> changed the dependency of NFS_V4 and NFSD_V4 on RPCSEC_GSS_KRB5 from
As I said, the fix is to remove that dependency. I have a fix for the
NFS client, but the server has more insidious dependencies on RPCSEC_GSS
due to a poorly designed SECINFO implementation.
Trond
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [REGRESSION PATCH v2] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO
2010-09-01 13:17 ` Trond Myklebust
@ 2010-09-01 13:50 ` Uwe Kleine-König
2010-09-03 20:24 ` Uwe Kleine-König
0 siblings, 1 reply; 10+ messages in thread
From: Uwe Kleine-König @ 2010-09-01 13:50 UTC (permalink / raw)
To: Trond Myklebust
Cc: linux-nfs, linux-kernel, akpm, J. Bruce Fields, Randy Dunlap,
Neil Brown, Linus Torvalds
On Wed, Sep 01, 2010 at 09:17:04AM -0400, Trond Myklebust wrote:
> On Wed, 2010-09-01 at 10:52 +0200, Uwe Kleine-König wrote:
> > Hello,
> >
> > here comes a v2 of the patch that improves the commit log with a more
> > detailed analysis of the breakage introduced by df486a2
> > (= v2.6.36-rc2~34^2~1 BTW) and additionally undoes the "default y" for
> > RPCSEC_GSS_KRB5.
> >
> > So compared to the state before df486a2 the changes are:
> >
> > NFS_V4 selects CRYPTO
> > NFSD_V4 selects CRYPTO
> > RPCSEC_GSS_KRB5 doesn't depend on EXPERIMENTAL anymore
> > RPCSEC_GSS_KRB5 now depends on CRYPTO instead of selecting it
> >
> > Best regards
> > Uwe
> >
> > ----------------------------->8----------------------------
> >
> > This is a follow up to
> >
> > df486a2 (NFS: Fix the selection of security flavours in Kconfig)
> >
> > Before df486a2 NFS_V4 selected RPCSEC_GSS_KRB5 but didn't enforce the
> > latter's dependency EXPERIMENTAL. df486a2 removed RPCSEC_GSS_KRB5's
> > dependency on EXPERIMENTAL but additionally let it depend on CRYPTO
> > (instead of select CRYPTO before). So it was still possible to have a
> > config that has NFS_V4 but not RPCSEC_GSS_KRB5. Moreover df486a2
> > changed the dependency of NFS_V4 and NFSD_V4 on RPCSEC_GSS_KRB5 from
>
> As I said, the fix is to remove that dependency. I have a fix for the
> NFS client, but the server has more insidious dependencies on RPCSEC_GSS
> due to a poorly designed SECINFO implementation.
Yes, I still remember this, so I suggest to take my patch before 2.6.36
and you can fix it in the merge window for 2.6.37, no?
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | http://www.pengutronix.de/ |
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [REGRESSION PATCH v2] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO
2010-09-01 13:50 ` Uwe Kleine-König
@ 2010-09-03 20:24 ` Uwe Kleine-König
0 siblings, 0 replies; 10+ messages in thread
From: Uwe Kleine-König @ 2010-09-03 20:24 UTC (permalink / raw)
To: Trond Myklebust
Cc: linux-nfs, linux-kernel, akpm, J. Bruce Fields, Randy Dunlap,
Neil Brown, Linus Torvalds
Hello Trond,
On Wed, Sep 01, 2010 at 03:50:41PM +0200, Uwe Kleine-K=F6nig wrote:
> On Wed, Sep 01, 2010 at 09:17:04AM -0400, Trond Myklebust wrote:
> > On Wed, 2010-09-01 at 10:52 +0200, Uwe Kleine-K=F6nig wrote:
> > > Hello,
> > >=20
> > > here comes a v2 of the patch that improves the commit log with a =
more
> > > detailed analysis of the breakage introduced by df486a2
> > > (=3D v2.6.36-rc2~34^2~1 BTW) and additionally undoes the "default=
y" for
> > > RPCSEC_GSS_KRB5.
> > >=20
> > > So compared to the state before df486a2 the changes are:
> > >=20
> > > NFS_V4 selects CRYPTO
> > > NFSD_V4 selects CRYPTO
> > > RPCSEC_GSS_KRB5 doesn't depend on EXPERIMENTAL anymore
> > > RPCSEC_GSS_KRB5 now depends on CRYPTO instead of selecting it
> > >=20
> > > Best regards
> > > Uwe
> > >=20
> > > ----------------------------->8----------------------------
> > >=20
> > > This is a follow up to
> > >=20
> > > df486a2 (NFS: Fix the selection of security flavours in Kconfig)
> > >=20
> > > Before df486a2 NFS_V4 selected RPCSEC_GSS_KRB5 but didn't enforce=
the
> > > latter's dependency EXPERIMENTAL. df486a2 removed RPCSEC_GSS_KRB=
5's
> > > dependency on EXPERIMENTAL but additionally let it depend on CRYP=
TO
> > > (instead of select CRYPTO before). So it was still possible to h=
ave a
> > > config that has NFS_V4 but not RPCSEC_GSS_KRB5. Moreover df486a2
> > > changed the dependency of NFS_V4 and NFSD_V4 on RPCSEC_GSS_KRB5 f=
rom
> >=20
> > As I said, the fix is to remove that dependency. I have a fix for t=
he
> > NFS client, but the server has more insidious dependencies on RPCSE=
C_GSS
> > due to a poorly designed SECINFO implementation.
> Yes, I still remember this, so I suggest to take my patch before 2.6.=
36
> and you can fix it in the merge window for 2.6.37, no?
ping
Best regards
Uwe
--=20
Pengutronix e.K. | Uwe Kleine-K=F6nig =
|
Industrial Linux Solutions | http://www.pengutronix.de/=
|
^ permalink raw reply [flat|nested] 10+ messages in thread