Re: [PATCH 2/3] SUNRPC: Faster detection if gssd is actually running

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 2/3] SUNRPC: Faster detection if gssd is actually running
Date: Thu, 16 May 2013 21:03:44 -0400	[thread overview]
Message-ID: <20130517010344.GA6579@fieldses.org> (raw)
In-Reply-To: <20130516201954.GA3216@fieldses.org>

On Thu, May 16, 2013 at 04:19:54PM -0400, bfields wrote:
> On Wed, May 15, 2013 at 12:50:40PM -0700, Trond Myklebust wrote:
> > Recent changes to the NFS security flavour negotiation mean that
> > we have a stronger dependency on rpc.gssd. If the latter is not
> > running, because the user failed to start it, then we time out
> > and mark the container as not having an instance. We then
> > use that information to time out faster the next time.
> > 
> > If, on the other hand, the rpc.gssd successfully binds to an rpc_pipe,
> > then we mark the container as having an rpc.gssd instance.
> 
> So it's still a 15 second delay on the first mount, then 7 on the
> second, then 3, 1, and no delay thereafter.  Is that right?
> 
> Why not be harsher and go straight to 0 after the first failure?

Chuck points out I'm confused, it's actually 15s then 1/4s (why 1/4s?).

(Apologies, somehow I saw a ">> 2" in there and my brain shut down and
jumped to the "exponential delay" conclusion.)

Still sort of curious how we're choosing these delays, though.

Hard to imagine people won't still notice the delay on first mount.
Given there's a workaround (run gssd), maybe that's just good enough for
now, I don't know.

--b.


> 
> --b.
> 
> > 
> > Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
> > ---
> >  net/sunrpc/auth_gss/auth_gss.c | 13 ++++++++++++-
> >  net/sunrpc/netns.h             |  2 ++
> >  net/sunrpc/rpc_pipe.c          |  4 ++++
> >  3 files changed, 18 insertions(+), 1 deletion(-)
> > 
> > diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> > index f17f3c5..3aff72f 100644
> > --- a/net/sunrpc/auth_gss/auth_gss.c
> > +++ b/net/sunrpc/auth_gss/auth_gss.c
> > @@ -52,6 +52,8 @@
> >  #include <linux/sunrpc/gss_api.h>
> >  #include <asm/uaccess.h>
> >  
> > +#include "../netns.h"
> > +
> >  static const struct rpc_authops authgss_ops;
> >  
> >  static const struct rpc_credops gss_credops;
> > @@ -559,9 +561,12 @@ out:
> >  static inline int
> >  gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
> >  {
> > +	struct net *net = rpc_net_ns(gss_auth->client);
> > +	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> >  	struct rpc_pipe *pipe;
> >  	struct rpc_cred *cred = &gss_cred->gc_base;
> >  	struct gss_upcall_msg *gss_msg;
> > +	unsigned long timeout;
> >  	DEFINE_WAIT(wait);
> >  	int err;
> >  
> > @@ -569,11 +574,17 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
> >  		__func__, from_kuid(&init_user_ns, cred->cr_uid));
> >  retry:
> >  	err = 0;
> > +	/* Default timeout is 15s unless we know that gssd is not running */
> > +	timeout = 15 * HZ;
> > +	if (!sn->gssd_running)
> > +		timeout = HZ >> 2;
> >  	gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
> >  	if (PTR_ERR(gss_msg) == -EAGAIN) {
> >  		err = wait_event_interruptible_timeout(pipe_version_waitqueue,
> > -				pipe_version >= 0, 15*HZ);
> > +				pipe_version >= 0, timeout);
> >  		if (pipe_version < 0) {
> > +			if (err == 0)
> > +				sn->gssd_running = 0;
> >  			warn_gssd();
> >  			err = -EACCES;
> >  		}
> > diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h
> > index 7111a4c..0827f64 100644
> > --- a/net/sunrpc/netns.h
> > +++ b/net/sunrpc/netns.h
> > @@ -29,6 +29,8 @@ struct sunrpc_net {
> >  	struct rpc_clnt *gssp_clnt;
> >  	int use_gss_proxy;
> >  	struct proc_dir_entry *use_gssp_proc;
> > +
> > +	unsigned int gssd_running;
> >  };
> >  
> >  extern int sunrpc_net_id;
> > diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
> > index a9129f8..415b705 100644
> > --- a/net/sunrpc/rpc_pipe.c
> > +++ b/net/sunrpc/rpc_pipe.c
> > @@ -216,11 +216,14 @@ rpc_destroy_inode(struct inode *inode)
> >  static int
> >  rpc_pipe_open(struct inode *inode, struct file *filp)
> >  {
> > +	struct net *net = inode->i_sb->s_fs_info;
> > +	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> >  	struct rpc_pipe *pipe;
> >  	int first_open;
> >  	int res = -ENXIO;
> >  
> >  	mutex_lock(&inode->i_mutex);
> > +	sn->gssd_running = 1;
> >  	pipe = RPC_I(inode)->pipe;
> >  	if (pipe == NULL)
> >  		goto out;
> > @@ -1069,6 +1072,7 @@ void rpc_pipefs_init_net(struct net *net)
> >  	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
> >  
> >  	mutex_init(&sn->pipefs_sb_lock);
> > +	sn->gssd_running = -1;
> >  }
> >  
> >  /*
> > -- 
> > 1.8.1.4
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2013-05-17  1:03 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-15 19:50 [PATCH 0/3] Speed up detection of whether or not rpc.gssd is running Trond Myklebust
2013-05-15 19:50 ` [PATCH 1/3] SUNRPC: Fix a bug in gss_create_upcall Trond Myklebust
2013-05-15 19:50   ` [PATCH 2/3] SUNRPC: Faster detection if gssd is actually running Trond Myklebust
2013-05-15 19:50     ` [PATCH 3/3] SUNRPC: Convert auth_gss pipe detection to work in namespaces Trond Myklebust
2013-05-16 20:21       ` J. Bruce Fields
2013-05-17 17:55         ` Myklebust, Trond
2013-05-16 20:19     ` [PATCH 2/3] SUNRPC: Faster detection if gssd is actually running J. Bruce Fields
2013-05-17  1:03       ` J. Bruce Fields [this message]
2013-05-17 17:52         ` Myklebust, Trond
2013-05-16 13:55 ` [PATCH 0/3] Speed up detection of whether or not rpc.gssd is running Chuck Lever
2013-05-16 20:22   ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130517010344.GA6579@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Trond.Myklebust@netapp.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).