| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tastky <tastky@gmail.com> reports:
> There appears to be a bug in nfs-utils exposed by musl, which
> makes rpc.statd loop with:
>
> my_svc_run() - select: Bad file descriptor
OpenGroup says getservbyport(3) is supposed to return NULL when
no entry exists for the specified port. But musl's getservbyport(3)
never returns NULL (likely a bug).
Thus statd_get_socket() tries bindresvport(3) 100 times, then gives
up and returns the last socket it created. This should work fine,
but there's a bug in the retry loop:
Rich Felker <dalias@libc.org> says:
> The logic bug is the count-down loop that closes all the temp
> sockets. In the case where the loop terminates via break, it
> leaves the last one open and only closes the extras. But in the
> case where where the loop terminates via the end condition in the
> for statement, the close loop closes all the sockets _including_
> the one it intends to use.
(emphasis mine). The closed socket fd is then passed to select(2).
See also: http://www.openwall.com/lists/musl/2015/08
The fix is to perform the loop termination test before adding sockfd
to the set of fds to be closed. As additional clean ups, remove the
use of the variable-length stack array, and switch to variable names
that better document the purpose of this logic.
Reported-by: Tastky <tastky@gmail.com>
Fixes: eb8229338f06 ("rpc.statd: Fix socket binding loop.")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix mount issue due to comparison of uninitialized variable
u(uuid) with parsed->fhuuid when uuid_by_path return 0.
/tmp/usb
192.168.1.0/16(ro,no_root_squash,no_subtree_check,fsid=0)
/tmp/usb/sda1 192.168.1.0/16(ro,no_root_squash,no_subtree_check)
/tmp/usb/sdb1 192.168.1.0/16(ro,no_root_squash,no_subtree_check)
mount -t nfs -o nolock,nfsvers=3 192.168.1.2:/tmp/usb/sda1 /tmp/sda1
mount -t nfs -o nolock,nfsvers=3 192.168.1.2:/tmp/usb/sdb1 /tmp/sdb1
results in below mountd error:
mountd: /tmp/usb and /tmp/usb/sdb1 have same filehandle for
192.168.1.0/16, using first
when uuid_by_path returned 0, by chance, garbage value of u was same as
parsed->fhuuid(of sdb1), and comparison of these resulted in above
error.
Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Reviewed-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Make it unambiguous where 0 or 1 represent an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As near as I can tell, the exit status of nfsidmap is supposed to be
zero (success) or one (failure).
The return value of name_lookup() becomes the exit status, so it
should return only zero or one.
The libnfsidmap calls return a signed integer, either 0 or negative
errno values. These have to be translated to an exit status.
libkeyutils calls return a signed long, either 0 or -1. These also
have to be translated to an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As near as I can tell, the exit status of nfsidmap is supposed to be
zero (success) or one (failure).
The return value of id_lookup() becomes the exit status, so it
should return only zero or one.
The libnfsidmap calls return a signed integer, either 0 or negative
errno values. These have to be translated to an exit status.
libkeyutils calls return a signed long, either 0 or -1. These also
have to be translated to an exit status.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
User space can see the keys, but not their contents.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Recent versions of libkeyutils have find_key_by_type_and_desc()
which replaces the open-coded keyring search in keyring_clear().
I don't quite understand what's going on in key_invalidate(),
so I didn't touch it.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Sorry for the extensive man page changes. I added the description
for the new "-d" option, then realized there was no explanation
about what an "NFSv4 domain name" is.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
This reverts commit 21f10369965bb183d1a72df1da0c2811cd2b1d5c
due to child processes not exiting on upcalls.
|
| |
|
|
|
|
|
|
|
|
|
| |
From: Andy Adamson <andros@netapp.com>
exit(0) silenty reaps the gssd_k5_kt_princ struct, the in-memory
rpc.gssd cache which means that rpc.gssd will get a new TGT and TGS for
each upcall, ignoring a valid TGT in the kerberos credential cache.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
In gssd_search_krb5_keytab() an error code can be
cleared by blindly setting retval to zero.
Reported-by: Jianhong Yin <jiyin@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In vmware linux, the iscsi device contains more than one SCSI ID,
and the second one's data length is zero.
If there are two iSCSI devices with the second SCSI ID's data length
is zero, the first iSCSI device will record with an invalid SCSI ID
as zero length, the second one will be treat as the first one for
the SCSI ID is zero length too.
It means the only the first iSCSI device is exist in blkmapd's cache,
the request for the second iSCSI device will failed as,
"blkmapd: Could not find disk for device" and,
"bl_resolve_deviceid failed to decode device: 2".
v2, update comments
v3, add a comment in the code
v4, update comment as Christoph's suggestion
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sean Elble <elbles@sessys.com> says:
> [rpc.nfsd --host] throws an error/warning (where nfs-server is
> defined in /etc/hosts for the IPv4 address of the interface I wish
> for TCP port 2049 to be opened on):
>
> rpc.nfsd: unable to resolve nfs-server:nfs to inet6 address: Name
> or service not known
I think we can simplify the use of getaddrinfo(3) so that only one
call is needed to gather both IPv4 and IPv6 addresses. The call
should fail, and an error should be reported, only when there are
_no_ addresses bound to a hostname.
Reported-by: Sean Elble <elbles@sessys.com>
Reviewed-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
If (dev_id->ids & 0xf) < current_id, must updates pos when continue.
Otherwise an infinite loop.
No other places use the pos value, just move to the top of while.
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Add nfsmount.conf to both the FILES and SEE ALSO
sections
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Add nfsmount.conf to both the FILES and SEE ALSO
sections
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It's caused by commit 4a1ad4aa30,
"mountd: Enable all auth flavors on pseudofs exports"
This patch removes duplicate secinfo and invalid secinfo (zero).
Acked-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When mounting nfs with -overs=4,minorversion=2, want getting
nfs mounts with vers=4.2, but got vers=4.0 as,
It's caused by mount.nfs writing bad vers to kernel. This patch
lets mount.nfs writing signal number to kernel as command line.
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
mount -t nfs -ov4 192.168.31.12:/ /testidr/
mount.nfs: access denied by server while mounting 192.168.31.12:/
Fixes: f980298853 "mount.nfs: configurable minor version defaults"
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Detect when a given argument is invalid. Log
the error and exit gracefully
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This goes along with the patch just sent to Bruce to make pnfs
support conditional.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
From: Ben Hutchings <ben@decadent.org.uk>
this is a resync of the man page updates in the Debian
package with mainline nfs-utils.
Acked-By: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
From: Cyril Brulebois <kibi@debian.org>
It'd be nice if one could notice nfsd(7) when reading nfsd(8) and the
other way round, without having to have to resort to dpkg -L $pkg to
figure out what documentation is available.
Acked-By: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the current mountd code it's possible to craft exports in such a
manner that clients will be unable to mount exports that they *should*
be able to mount.
Consider the following example:
/foo *(rw,insecure,no_root_squash,sec=krb5p)
/bar client.example.com(rw,insecure,no_root_squash)
Initially, client.example.com will be able to mount the /foo export
using sec=krb5p, but attempts to mount /bar using sec=sys will return
EPERM. Once the nfsd.export cache entry expires, client.example.com
will then be able to mount /bar using sec=sys but attempts to mount /foo
using sec=krb5p will return EPERM.
The reason this happens is because the initial nfsd.export cache entry
is actually pre-populated by nfsd_fh(), which is the handler for the
nfsd.fh cache, while later cache requests (once the initial entry
expires) are handled by nfsd_export(). These functions have slightly
different logic in how they select a v4root export from the cache --
nfsd_fh() takes last matching v4root export it finds, while
nfsd_export() (actually lookup_export()) takes the first. Either way
it's wrong because the client should be able to mount both exports.
Both rfc3503bis and rfc5661 say:
A common and convenient practice, unless strong security requirements
dictate otherwise, is to make the entire pseudo file system
accessible by all of the valid security mechanisms.
...so lets do that.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you try to mount and NFSv3 filesystem, and statd is not running
and cannot be started (maybe rpcbind isn't running either), the
error message is:
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: an incorrect mount option was specified
That last line is incorrect and misleading: no incorret mount option was
specified.
This line comes from mount_error() in error.c. In this case that
function doesn't really need to provide any more information.
So introduce a concention that EALREADY means an error message has
already been printed, and use it to suppress that message.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When testing pnfs in virtual linux based on VirtualBox,
blkmapd gets dev_root->len == 0, which causes it Segmentation fault.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpc.statd may crash if it receives both a notification reply and a
client connection at the same time. It crashes because it adds
sockfd to SVC_FDSET and that violates the API contract.
The SVC_FDSET is to be considered read-only and must not be modified
by user code. The daemon modifies it for expediency to avoid
having to maintain two distinct fd lists and select on each one.
It is a practical choice that makes sense.
Thus, if a notification reply arrives by itself everything works,
or if a client connection arrives by itself everything works. Both
must arrive at the same time for sockfd to be set in SVC_FDSET
and to be processed by svc_getreqset because more than one of
readfds is ready.
It is the processing by svc_getreqset that will crash when it finds an
unregistered fd in the list that doesn't correlate to any of the
internal book keeping done by the library. At present the glibc
SunRPC library will crash, but TIRPC does not (it is robust against
invalid API usage in this case). However, future RPC libraries
may be implemented differently, and the questionable API usage
should be fixed.
The simplest fix is for process_reply to *clear* sockfd from the
ready-to-read fds, since it was never registered with xprt_register.
This works because the code always calls process_reply before handing
the fd set to the RPC layer for processing.
Compile-tested on x86_64 against master.
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
- note that 'nohide' is irrelevant for NFSv4
- note that children on a 'crossmnt' filesystem cannot be unexported
- note that 'nocrossmnt' is a valid option, but probably not useful.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the (exported) path passed to next_mnt() is simply "/", next_mnt()
will not report any children, as none start with "/" followed by a '/'.
So make a special case for strlen(p)==1. In that case, return all
children.
This gives correct handling if only "/" is exported.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
daemon_init parameter has the opposite sense
to code removed in commit 7addf9d
Signed-off-by: Chris Mayo <aklhfex@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Stumbled across this function, just had to simplify it. No mallocs
necessary, one quick loop to find the parameters. Much simpler.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Make full use of inotify by not rescanning the whole tree on each change,
instead keep track of the inotify events and make sure that the minimum
work (scan/create/delete) clients is done in most cases. Still detect
anomalies and perform a full rescan in those cases.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Save some more memory by using relative pathnames.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is just the first step, replacing dnotify with an inotify
implementation that is not much better (still does a complete
rescan of the whole rpc_pipefs tree on each change).
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
There's a lot of fixed buffers in use here. Clean up the code and
add more documentation on the different formats that have been
used by the kernel.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Simplify the code responsible for the client dir scanning. This
is also in preparation for the inotify patches.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Simplify and refactor the code that does the topdir scanning, this
is in preparation for the inotify patches.
Signed-off-by: David H?rdeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Using more relative paths saves memory and lets us get rid of more
PATH_MAX fixed arrays.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Keep the rpc_pipefs dir open and just do a rewind/rescan when
necessary.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This makes it easier to keep track of which client belongs
to which topdir.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This code is mostly just confusing. Close the fds immediately
instead of doing so later.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Using libevent (which is already in use in idmap) saves about a hundred
lines of hand-rolled event loop code.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Move all rpc_pipefs scanning code from gssd_proc.c to gssd.c in
preparation for later patches.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
By chdir():ing to the root of the rpc_pipefs dir and making paths
relative from there (gssd already keeps a number of files open
in rpc_pipefs so chdir doesn't suddenly make it impossible to
umount rpc_pipefs because of this patch).
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Get rid of another arbitrary limitation and PATH_MAX array.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Using PATH_MAX in modern code is almost always a bad idea. Simplify
the code and remove that arbitrary limitation at the same time.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Having all the main loop code in one file is important in preparation
for later patches which add inotify and libevent.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
