From: "J. Bruce Fields" <bfields@fieldses.org>
To: andros@netapp.com
Cc: trond.myklebust@netapp.com, bfields@redhat.com,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH_V7 0/12] NFSv4 find client fix Version 7
Date: Tue, 4 Jan 2011 15:57:13 -0500 [thread overview]
Message-ID: <20110104205713.GA7908@fieldses.org> (raw)
In-Reply-To: <1294173766-5573-1-git-send-email-andros@netapp.com>
On Tue, Jan 04, 2011 at 03:42:34PM -0500, andros@netapp.com wrote:
>
>
> Version 7 of these patches
> Applies to Tronds nfs-for-next branch
>
> Already acked by bfields
> ------------------------
> 0001-SUNRPC-move-svc_drop-to-caller-of-svc_process_common.patch
> 0002-SUNRPC-fix-bc_send-print.patch
> 0010-NFS-RPC_AUTH_GSS-unsupported-on-v4.1-back-channel.patch
> 0012-NFS-rename-client-back-channel-transport-field.patch
In future, if you don't mind actually adding the "Acked-by"'s to those
patches with your signed-off-by's, that'll help remind me which ones
I've read before as I'm looking through them....
(Well, unless you've changed them in some non-trivial way and want me to
reread them.)
--b.
>
> Responded to Version 6 comments from bfields.
> ---------------------------------------------
> 0003-SUNRPC-new-transport-for-the-NFSv4.1-shared-back-cha.patch
> 0004-NFS-register-and-unregister-back-channel-transport.patch
>
> Unchanged:
> ----------
> 0005-NFS-use-svc_create_xprt-for-NFSv4.1-callback-service.patch
> 0006-NFS-do-not-clear-minor-version-at-nfs_client-free.patch
> 0007-NFS-implement-v4.0-callback_ident.patch
> 0008-NFS-associate-sessionid-with-callback-connection.patch
> 0009-NFS-refactor-nfs_find_client-and-reference-client-ac.patch
> 0011-NFS-add-session-back-channel-draining.patch
>
>
> The back channel server svc_process_common RPC layer pg_authenticate call
> [nfs_callback_authenticate] is shared by both the NFSv4.0 and the NFSv4.1
> callback threads. It authenticates the incoming request by finding (and
> referencing) an nfs_client struct based on the incoming request address
> and the NFS version (4). This is akin to the NFS server which authenticates
> requests by matching the server address to the exports file client list.
>
> Since there is no minorversion in the search, it may find the wrong
> nfs_client struct. For the nfsv4.0 callback service thread, this means it
> could find an NFSv4.1 nfs_client. For the NFSv4.1 callback service thread, it
> could find an NFSv4.0 instead of v4.1, or find an NFSv4.1 nfs_client with the
> wrong session.
>
> The nfs_client is dereferenced at the end of pg_authenticate. Another
> nfs_find_client call is done in the NFS layouer per operation dispatcher
> routines for NFSv4.0 and in the cb_sequence operation dispatcher routine for
> NFSv4.1 after decoding.
>
> This means the callback server could start processing a callback, passing
> the pg_authenticate test, and have the nfs_client struct freed between the
> pg_authenticate call and the dispatcher operation call. Or, it could have
> found the wrong nfs_client in the pg_authenticate call.
>
> The current code has this behavior: If the nfs_client is not found in
> pg_authenticate, the request is simply dropped (SVC_DROP). If an nfs_client
> is not found in the dispatcher routines NFS4ERR_BADSESSION is returned for
> v4.1 requests and NFS4ERR_BADHANDLE for v4.0 requests.
>
> The fix is to implement the v4.0 SETCLIENTID callback_ident and use it to find
> the one and only client for v4.0 callbacks, and to associate the sessionid
> with the sessions based callback service (v4.1) and use it to identify the
> one and only client. This can be done in the NFS layer, in CB_COMPOUND header
> processing for v4.0 and in CB_SEQUENCE processing in v4.1.
> In both cases, a reference to the found client is held across CB_COMPOUND
> processing.
>
> The pg_authenticate method does not have the callback_ident for CB_NULL or
> CB_COMPOUND v4.0 processing, so just the server address, nfsversion and
> minorversion is used for the client search
>
> For sessions based callback service, the sessionID can't be set until the
> return of the CREATE_SESSION call, yet the CB_NULL ping from a server can
> be initiated by the server at the receipt of the CREATE_SESSION call before
> the response is sent. So for CB_NULL, the sessionid is (usually) not set, and
> the sessionid is not used for CB_NULL pg_authenticate client searches.
>
> -->Andy
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-01-04 20:57 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-04 20:42 [PATCH_V7 0/12] NFSv4 find client fix Version 7 andros
2011-01-04 20:42 ` [PATCH_V7 01/12] SUNRPC move svc_drop to caller of svc_process_common andros
2011-01-04 20:42 ` [PATCH_V7 02/12] SUNRPC fix bc_send print andros
2011-01-04 20:42 ` [PATCH_V7 03/12] SUNRPC new transport for the NFSv4.1 shared back channel andros
2011-01-04 20:42 ` [PATCH_V7 04/12] NFS register and unregister back channel transport andros
2011-01-04 20:42 ` [PATCH_V7 05/12] NFS use svc_create_xprt for NFSv4.1 callback service andros
2011-01-04 20:42 ` [PATCH_V7 06/12] NFS do not clear minor version at nfs_client free andros
2011-01-04 20:42 ` [PATCH_V7 07/12] NFS implement v4.0 callback_ident andros
2011-01-04 20:42 ` [PATCH_V7 08/12] NFS associate sessionid with callback connection andros
2011-01-04 20:42 ` [PATCH_V7 09/12] NFS refactor nfs_find_client and reference client across callback processing andros
2011-01-04 20:42 ` [PATCH_V7 10/12] NFS RPC_AUTH_GSS unsupported on v4.1 back channel andros
2011-01-04 20:42 ` [PATCH_V7 11/12] NFS add session back channel draining andros
2011-01-04 20:42 ` [PATCH_V7 12/12] NFS rename client back channel transport field andros
2011-01-04 20:57 ` [PATCH_V7 07/12] NFS implement v4.0 callback_ident Trond Myklebust
2011-01-04 21:03 ` Trond Myklebust
2011-01-04 21:47 ` Andy Adamson
2011-01-04 21:55 ` Trond Myklebust
[not found] ` <1294178130.5896.30.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2011-01-04 22:11 ` Andy Adamson
2011-01-04 20:53 ` [PATCH_V7 04/12] NFS register and unregister back channel transport Trond Myklebust
[not found] ` <1294174414.5896.13.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2011-01-04 21:04 ` Andy Adamson
2011-01-04 21:05 ` J. Bruce Fields
2011-01-04 21:00 ` [PATCH_V7 03/12] SUNRPC new transport for the NFSv4.1 shared back channel J. Bruce Fields
2011-01-04 20:57 ` J. Bruce Fields [this message]
2011-01-04 21:01 ` [PATCH_V7 0/12] NFSv4 find client fix Version 7 Andy Adamson
2011-01-04 21:06 ` J. Bruce Fields
2011-01-04 22:12 ` Andy Adamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110104205713.GA7908@fieldses.org \
--to=bfields@fieldses.org \
--cc=andros@netapp.com \
--cc=bfields@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).