#15184 closed enhancement (fixed)
nfs-utils-2.5.4
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | normal | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (4)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
comment:3 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
exportd: server-side gid management Ported manage-gids option from mountd gssd: Add options to rpc.gssd to allow for the use of $HOME/.k5identity files Since commit 2f682f25c642fcfe7c511d04bc9d67e732282348 $HOME has been set to '/' to avoid a deadlock when accessing Kerberized NFS shares. While this works for most use cases, users who depend on the use of $HOME/.k5identity files are negatively impacted by this commit. This patch allows for users to use their $HOME/.k5identity to access subsequent Kerberized resources based on the credentials in said file. The default set by commit 2f682f25c still remains the same, but a user can pass '-H' to change rpc.gssd behavior to not set $HOME to '/'. Setting 'set-home=0' in /etc/nfs.conf has the same effect as passing '-H' directly to rpc.gssd. mountd: reject unknown client IP when !use_ipaddr. When use_ipaddr is not in effect, an auth_unix_ip lookup request from the kernel for an unknown client will be rejected. When it IS in effect, these requests are always granted with the IP address being mapped to a string form of the address, preceded by a '$'. This is inconsistent behaviour and could present a small information leak. It means that, for example, a SETCLIENT NFSv4 request may or may not succeed depending on an internal setting in rpc.mountd. This is easily rectified by always checking if the client is known. mountd: Don't proactively add export info when fh info is requested. When an "nfsd.fh" request is received from the kernel, we map the file-handle prefix to a path name and report that (as required) and then also add "nfsd.export" information with export flags applicable to that path. This is not necessary and was added as a perceived optimisation. When updating data already in the kernel, it is unlikely to help as the kernel can be expected to ask for both details at much the same time. With NFSv3, new information is normally added by a MOUNT rpc request, so this is irrelevant. With NFSv4, the kernel requests the "nfsd.export" information when walking down from ROOT, *before* requesting the nfsd.fh information, so this "optimisation" causes unnecessary work. A future patch will add logging of authentication requests, and this double-handling would result in extra unnecessary log messages. As this "optimisation" appears to have no practical value and some (small) cost, let's remove it. mountd/exports: update man page The text in the manpages about the export table is a bit outdated, and doesn't mention the in-kernel cache which is an import part of that table. As a future patch will enable logging of updates to that cache, it is important to have the caching behaviour documented. So update that section of both man pages, and make a few other minor improvements. mountd: add logging for authentication results for accesses. When NFSv3 is used to mount a filesystem, success/failure messages are logged by mountd and can be used for auditing. When NFSv4 is used, there is no distinct "MOUNT" request, and nothing is logged. We can instead log authentication requests from the kernel. These will happen regularly - typically every 15 minutes of ongoing access - so they may be too noisy, or might be more useful. As they might not be wanted, make them selectable with the "AUTH" facility in xlog(). Add a "-l" to enable these logs. Alternately "debug = auth" will have the same effect. The same changes are made to both rpc.mountd and nfsv4.exportd. mountd: add --cache-use-ipaddr option to force use_ipaddr When logging authentication requests, it can be easier to read the logs if clients are always identified by IP address, not intermediate names like netgroups or subnets. To allow this, add --cache-use-ipaddr or -i which tell mountd to always enable use_ipaddr. mountd: make default ttl settable by option The DEFAULT_TTL affects the rate at which authentication messages are logged. So it is useful to make it settable. Add "-ttl" and "-T", and add clear statement in the documentation of both the benefits and the possible negative effects of choosing a larger value mountd: add logging of NFSv4 clients attaching and detaching. NFSv4 does not have a MOUNT request like NFSv3 does (via the MOUNT protocol). So these cannot be logged. NFSv4 does have SETCLIENTID and EXCHANGE_ID. These are indirectly visible though changes in /proc/fs/nfsd/clients. When a new client attaches, a directory appears. When the client detaches, through a timeout (v4.0) or DESTROY_SESSION (v4.1+) the directory disappears. This patch adds tracking of these changes using inotify, with log messages when a client attaches or detaches. Unfortuantely clients are created in two steps, the second being a confirmation. This results in a temporary client appearing and disappearing. It is not possible (in Linux 5.10) to detect the unconfirmed client, so extra attach/detach messages are generated. This patch also moves some cache* function declarations into a header file, and makes a few related changes to #includes. nfsdclnts: Ignore SIGPIPE signal exportfs: fix unexporting of '/' The code that has been added to strip trailing slashes from path in unexportfs_parsed() forgot to account for the case of the root directory, which is simply '/'. In that case it accesses path[-1] and reduces the path to an empty string, which then fails to match any export. Fix it by stopping the stripping when the path is just a single character - it doesn't matter if it's a '/' or not, we want to keep it either way in that case. Reproducer: exportfs localhost:/ exportfs -u localhost:/ Without this patch, the unexport step fails with "exportfs: Could not find 'localhost:/' to unexport." mountd/exportd: only log confirmed clients, and poll for updates It is possible (and common with the Linux NFS client) for the nfs server to receive multiple SET_CLIENT_ID or EXCHANGE_ID requests when starting a connection. This results in some clients appearing in /proc/fs/nfsd/clients which never get confirmed. mountd currently logs these, but they aren't really helpful. If the kernel supports the reporting of the confirmation status of clients, we can suppress the message until a client is confirmed. With this patch we: - record if the client is confirmed, assuming it is if the status is not reported - don't log unconfirmed clients - request MODIFY notification from unconfirmed clients. - recheck an info file when it is modified. NFS server should enable RDMA by default Product is shipped with NFS/RDMA disabled by default. An extra step is needed when setting up an NFS server to support NFS/RDMA clients. mountd/exports: Fix typo in the man page Fix `statx()` emulation breaking exports Ever since commit 76c21e3f (mountd: Check the stat() return values in match_fsid(), 2020-05-08), it wasn't possible to export filesystems on my musl based system anymore. The root cause of this is the innocuous-looking change to decide based on `errno` whether `is_mountpoint()` raised a real error or whether it simply didn't match. The issue is that `is_mountpoint()` transitively calls into our `xlstat()` wrapper, which either executes `statx()` if the system supports it or otherwise falls back to `fstatat()`. But if `statx()` is not supported, then we'll always first set `errno = ENOSYS` before calling `fstatat()`. So effectively, all systems which do not have `statx()` and whose `fstatat()` doesn't reset `errno` will cause us to end up with errno set to `ENOSYS`. Fix the issue by resetting `errno` before calling `fstatat()` in both `xlstat()` and `xstat()`. Replace all /var/run with /run FHS 3.0 deprecated /var/run in favour of /run. FHS 3.0 was released over 5 years ago. I think it is time for nfs-utils to catch up. Note that some places, particularly systemd unit files, already use just "/run". nfs-utils: Factor out common structure cleanup calls nfs-utils: Enable the retrieval of raw config settings without expansion Config entries sometimes contain variable expansions, this adds options to retrieve the config entry rather than its current expanded value. gssd: use mutex to protect decrement of refcount The decrement of the "ple" refcount is not protected so it can race with increments or decrements from other threads. An increment could be lost and then the ple would be freed early, leading to memory corruption. So use the mutex to protect decrements (increments are already protected). As gssd_destroy_krb5_principals() calls release_ple() while holding the mutex, we need a "release_pte_locked()" which doesn't take the mutex. Fix NFSv4 export of tmpfs filesystems Some filesystems cannot be exported without an fsid or uuid. tmpfs is the main example. When mountd (or exportd) creates nfsv4 pseudo-root exports for the path leading down to an export point it exports each directory without any fsid or uuid. If one of these directories is on tmpfs, that will fail. The net result is that exporting a subdirectory of a tmpfs filesystem will not work over NFSv4 as the parents within the filesystem cannot be exported. It will either fail, or fall-back to NFSv3 (depending on the version of the mount.nfs program). To fix this we need to provide an fsid or uuid for these pseudo-root exports. This patch does that by creating an RFC-4122 V5 compatible UUID based on an arbitrary seed and the path to the export. To check if an export needs a uuid, text_export() is moved from exportfs to libexport.a, modified slightly and renamed to export_test(). Remove 'force' arg from cache_flush() Since v4.17 the timestamp written to 'flush' is ignored, so there isn't much point choosing too precisely. For kernels since v4.3-rc3-13-g778620364ef5 it is safe to write 1 second beyond the current time. For earlier kernels, nothing is really safe (even the current behaviour), but writing one second beyond the current time isn't too bad in the unlikely case the people use a new nfs-utils on a 5 year old kernel. This remove a dependency for libnfs.a on 'etab' being declare, so svcgssd no longer needs to declare it. Move declaration of etab and rmtab into libraries There are two global "struct stat_paths" structures: etab and rmtab. They are currently needed by some library code so any program which is linked with that library code needs to declare the structures even if it doesn't use the functionality. This is clumsy and error-prone. Instead: have the library declare the structure and put the definition in a header file. Now programs only need to know about these structures if they use the functionality. 'rmtab' is now declared in libnfs.a (rmtab.c). 'etab' is declared in export.a (xtab.c). README: update git repository URL The old URL is no longer available. Update to the new URL that is mentioned on https://linux-nfs.org. configure: check for rpc/rpc.h presence Recent versions of glibc (since 2.26?) no longer supply rpc/rpc.h, and in previous versions, RPC was optional. Detect such cases and prompt the user to build with libtirpc instead. gssd: deal with failed thread creation If we fail to create a thread to handle an upcall, we still need to do a downcall to tell the kernel about the failure, otherwise the process that is trying to establish gss credentials will hang. This patch shifts the thread creation down a level in the call chain so now the main thread does a little more work up front (reading & parsing the data from the pipefs file) so it has the info it needs to be able to do the error downcall. gssd: add timeout for upcall threads Add a global list of active upcalls and a watchdog thread that walks the list, looking for threads running longer than timeout seconds. By default, an error message will by logged to the syslog. The upcall timeout can be specified by passing the -U option or by setting the upcall-timeout parameter in nfs.conf. Passing the -C option or setting cancel-timed-out-upcalls=1 in nfs.conf causes the watchdog thread to also cancel timed-out upcall threads and report an error of -ETIMEDOUT to the kernel. nfs(5): Fix missing mentions of "rdma6" netid nfs(5): Correct the spelling of "kernel_source" mount.nfs: insert 'sloppy' at beginning of the options Previously, the 'sloppy' option was appended to other options so that when kernel parses the options sequentially, the 'sloppy' option will not work if there's a invalid option in front of it. use 'po_insert' instead 'po_append' gssd: Cleaned up debug messages Added tids to a number of statements Broke the lifetime_rec secs into a readable format Printed tids out correctly Trim down the output of both '-v' and '-vv'