J. Bruce Fields [Tue, 29 May 2012 18:40:38 +0000 (14:40 -0400)]
mountd: Honor the no_root_squash flag on pseudo roots
From: "J. Bruce Fields" <bfields@redhat.com>
If root squashing is turned off on a export that
has multiple directories, the parent directories
of the pseudo exports that's built, also needs to
have root squashing turned off.
Tested-by: Steve Dickson <steved@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 29 May 2012 18:27:24 +0000 (14:27 -0400)]
nfsidmap: Allow verbosity level to be set in the config file
To make it easier to enable ID mapping debugging, nfsidmap
should read /etc/idmap.conf to see if the verbosity level
is set, similar to what rpc.idmapd does
Jeff Layton [Tue, 29 May 2012 18:23:18 +0000 (14:23 -0400)]
statd: drop all capabilities from the bounding set as well
statd drops all capabilities except for CAP_NET_BIND when it starts.
It's possible though that if it ever had a compromise that an attacker would
be able to invoke a setuid process (or something with file capabilities) in
order to reinstate some caps.
This could happen as a result of the daemon becoming compromised, or
possibly as a result of the ha-callout program becoming compromised.
In order to prevent that, have statd also prune the capability bounding
set to nothing prior to dropping capabilities. That ensures that the
process won't be able to reacquire capabilities via any means --
including exec'ing a setuid program.
We do however need to be cognizant of the fact that PR_CAPBSET_DROP was
only added in 2.6.25, so check to make sure that #define exists via
autoconf before we rely on it. In order to do that, we must add
ax_check_define.m4 from the GNU autoconf macro archive.
Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound
exists before attempting to clear the bounding set. If it does, then
don't bother trying since it won't work. In that event though, do
throw a warning however since the presence of that file indicates that
there is a disconnect between the build and runtime environments.
Acked-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
build: avoid AM_CONDITIONAL in conditional execution.
Automake does not support conditional AM_CONDITIONAL calls; what that
means is that you always have to execute AM_CONDITIONAL one way or the
other. Both the libsqlite3.m4 file and the nfsdcld conditionals are
executed only when NFSv4 is enabled, which breaks building with
--disable-nfsv4.
Remove the SQLite3 conditional altogether as it's never used, and move
the nfsdcld conditional outside of the conditional code.
Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Tue, 29 May 2012 17:53:09 +0000 (13:53 -0400)]
autoconf: make the test for prctl have an effect
We currently test to ensure that prctl() is available, but the results
of that test are a no-op either way. statd calls prctl()
unconditionally, so make configure bail out if prctl() isn't available
since the build will fail in that event anyway.
Cc: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Thu, 17 May 2012 12:14:57 +0000 (08:14 -0400)]
osd_login - ensure /sbin is created before installation.
If we use a more standard approach to describing the osd_login
script, the automake infrastructure will create /sbin before
attempting installation.
This is important for: make DESTDIR=/empty-dir install
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Jim Rees [Tue, 15 May 2012 14:10:01 +0000 (10:10 -0400)]
blkmapd: remove pretty_sig()
This really only works against EMC servers. There is at least one server
that returns unprintable signatures, which fill the log with garbage (the
spec does not mandate printable signatures). It could be made more generic,
for example by checking each byte for isprint(). But the signatures are
really only of interest to developers, not admins, so it seems better to
just remove it.
Signed-off-by: Jim Rees <rees@umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Wed, 9 May 2012 18:12:16 +0000 (14:12 -0400)]
Manpage: Add a warning to the nfs manpage regarding using NFS over UDP on
high-speed links
* Using NFS over UDP on high-speed links such as Gigabit can cause
silent data corruption.
* The man page text was written by Olaf Kirch and committed to (but not
upstream):
https://build.opensuse.org/package/view_file?file=warn-nfs-udp.patch&package=nfs-utils&project=openSUSE%3AFactory&rev=8e3e60c70e8270cd4afa036e13f6b2bb
Signed-off-by: Harshula Jayasuriya <harshula@redhat.com> Acked-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Olaf Kirch <okir@suse.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 9 May 2012 17:25:34 +0000 (13:25 -0400)]
nfsdcld: add support for dropping capabilities
As a long running daemon, we need to be security-conscious with nfsdcld,
so let's prune what it can do down to nearly nothing.
We want the daemon to run as root so that it has access to open and
reopen the rpc_pipefs pipe, but we don't actually need any of the
superuser caps that come with it. Have it drop all capabilities early
on. We don't need any of them as long as the fsuid continues to be 0.
Once we do that though, check to ensure that the db dir is actually
usable by root w/o CAP_DAC_OVERRIDE. Do an access() check on it and
throw a warning if it's not. Hopefully that will assist users in
debugging if they get the ownership of the DB dir wrong.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 9 May 2012 16:36:02 +0000 (12:36 -0400)]
nfsdcld: demote pipe opening error to D_GENERAL
It's actually expected that this will fail initially when we start the
daemon. Until knfsd has been started, the pipe doesn't exist, and we
generally want to start nfsdcld before starting knfsd.
Avoid the scary error message by demoting this message to D_GENERAL.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
J. Bruce Fields [Thu, 3 May 2012 19:06:21 +0000 (15:06 -0400)]
mountd: prepend '$' to make use_ipaddr clients self-describing
From: "J. Bruce Fields" <bfields@redhat.com>
Mountd is responsible for filling three interrelated kernel caches:
- auth_unix_ip maps an incoming ip addresses to a "domain".
- nfsd_fh maps (domain, filehandle-fragment) pairs to paths.
- nfsd_export maps (domain, path) pairs to export options.
Note that each export is assocated with a "client" string--the part
before the parentheses in an /etc/export line--which may be a domain
name, a netgroup, etc.
The "domain" string in the above three caches may be either:
- in the !use_ipaddr case, a comma-separated list of client
strings.
- in the use_ipaddr case, an ip address.
In the former case, mountd does the hard work of matching an ip address
to the clients when doing the auth_unix_ip mapping. In the latter case,
it delays that until the nfsd_fh or nfsd_export upcall.
We're currently depending on being able to flush the kernel caches
completely when switching between the use_ipaddr and !use_ipaddr cases.
However, the kernel's cache-flushing doesn't really provide reliable
guarantees on return; it's still possible we could see nfsd_fh or
nfsd_export upcalls with the old domain-type after flushing.
So, instead, make the two domain types self-describing by prepending a
"$" in the use_ipaddr case.
Reviewed-by: NeilBrown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
J. Bruce Fields [Thu, 3 May 2012 18:59:27 +0000 (14:59 -0400)]
mountd: parse ip address earlier
I don't see the point of waiting to the last minute to parse the ip
address. If the client name isn't a legal ip address then this will
fail fairly quickly, so there's not much of a performance penalty.
Also, note the previous code incorrectly assumed client_resolve would
always return non-NULL.
Also factor out some common code.
Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
J. Bruce Fields [Thu, 3 May 2012 18:56:19 +0000 (14:56 -0400)]
mountd: fix export upcall failure in use_ipaddr case
After 0509d3428f523 "mountd: Replace "struct hostent" with "struct
addinfo"", the export upcall fails in the use_ipaddr case.
I think we never noticed because a) the use_ipaddr case is rarer than
the !use_ipaddr case, and b) the nfsd_fh upcall does a preemptive export
downcall that renders the nfsd export call unnecessary in some cases.
Cc: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 1 May 2012 19:34:34 +0000 (15:34 -0400)]
mounts.nfs: v2 and v3 background mounts should retry when server is down.
The point of background mounts is to have the mount
retried if the mount fails. This patch allows the v2/v3
background mount to proceed in the case when the server
is down by not making EOPNOTSUPP a permanent error.
NeilBrown [Tue, 1 May 2012 19:26:54 +0000 (15:26 -0400)]
v4_root_add_parents: remove a possible buffer overflow.
The loop in v4root_add_parents() is a little odd.
The first time through, 'ptr' points immediately "beyond"
a '/' character (the first). For every other iterration it points
directly "at" a '/' character.
Such inconsistency is error prone and infact there is an error.
If "path" is precisely "/", then the first call to
ptr = strchr(ptr, '/')
will be given a 'ptr' which is beyond the '\0' at the end of
"path". This could potentially contain anything and the strchr()
could search well beyond a buffer (though this depends on exactly how
the string is set up which depends on separate code).
So change the loop to have 'ptr' always point at a '/', and
handle the special case of "/" explicitly.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Tue, 1 May 2012 19:25:17 +0000 (15:25 -0400)]
v4root: set the time-to-live for V4ROOT exports to the DEFAULT.
e_ttl is set to the default in init_exportent().
However V4ROOT exports never see init_exportent() as they are created
with dupexportent from a template. So e_ttl does not get set and
export entries expire immediately.
This results in an upcall to mountd every time a V4ROOT directory
in accessed.
So set e_ttl in the template.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Tue, 1 May 2012 19:24:39 +0000 (15:24 -0400)]
4set_root: force "fsid=0" for all exports of '/'
When "fsid=0" is not explicitly given in /etc/exports,
v4set_root creates a pseudo (NFSEXP_V4ROOT) export for '/'
with fsid 0 so that an NFSv4 client can find the root.
However if '/' is explicitly exported to the client, then that
explicit export must be used, and it will not have fsid=0.
So we must impose fsid=0 on all exports of '/'.
Without this, if '/' is exported to a client, that client will
not be able to mount '/' with NFSv4.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Tue, 1 May 2012 19:22:57 +0000 (15:22 -0400)]
nfsd_fh: if two exports are possible, choose the one without V4ROOT
When nfsd_fh it looking for an export for a particular
client and file-handle, it might find two exports for the same path:
one with NFSEXP_V4ROOT, one with out.
As nfsd_fh calls cache_export_ent to give the export information to
the kernel it much choose the same export that auth_authenticate
chooses for get_rootfh which it also passes cache_export_ent (via
cache_export).
i.e. it must choose the non-V4ROOT on where possible.
Also change
strcmp(foo, bar)
to
strcmp(foo, bar) == 0
because I have a pathological fear of the former.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Tue, 1 May 2012 19:20:31 +0000 (15:20 -0400)]
auth_authenticate_newcache: prefer non-V4ROOT export over V4ROOT exports
Currently auth_authenticate_internal finds an export and if it
is a V4ROOT export, it reports that there is no match. Unlike
lookup_export() it doesn't keep looking for an acceptable export.
So remove the test from auth_authenticate_internal(), and add it to
auth_authenticate_newcache(), where the search can be allowed to
continue.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
NeilBrown [Tue, 1 May 2012 19:14:43 +0000 (15:14 -0400)]
lookup_export: really prefer nonV4ROOT exports.
lookup_export() claims to "Always prefer non-V4ROOT mounts" (meaning
"exports") but actually prefers V4ROOT exports - once it has 'found'
one it will never replace it.
So fix that inversion, and add code so that it proactively prefers a
non-V4ROOT whether it is found before or after a V4ROOT.
Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
mountd uses colons to split fsloc hosts, but this doesn't work with IPv6
addresses (they contain ':').
To fix this, mountd is changed to expect all IPv6 addresses to be escaped
by '[' and ']' so colons that are part of the address may be skipped.
To fix IPv6 referrals, this patch must be used with the nfsd patch that
properly parses escaped IPv6 addresses in fs_location->hosts.
Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Sachin Bhamare [Tue, 1 May 2012 18:36:51 +0000 (14:36 -0400)]
osd_login: Add autologin script for objlayoutdriver
From: Sachin Bhamare <sbhamare@panasas.com>
This script is part of the autologin feature mandated by the
pnfs-objects standard.
It is called from objlayoutdriver.ko in the kernel.
It invokes iscsiadm program to perform the iscsi login to OSDs.
It also features a watchdog which will make sure that control
returns to kernel after 15s timeout.
Jeff Layton [Thu, 26 Apr 2012 15:54:37 +0000 (11:54 -0400)]
nfsdcld: make it watch for inotify events in the containing directory
Before opening the pipe, set an inotify watch on the containing dir and
then try to open the pipe. If it succeeds, then set up pipe and inotify
events and return success. If it fails with -ENOENT, then just set up
the inotify event and return success. If it fails with any other error
then return the error and the caller can then abort the program.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Thu, 26 Apr 2012 15:48:52 +0000 (11:48 -0400)]
nfsdcld: add function to remove unreclaimed client records
This should remove any client record that has a timestamp prior to
the given time.
Eventually, this call will need to be made cluster aware when this is
run in a clustered configuration. For now, this is only suitable for
single-host configurations.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Thu, 26 Apr 2012 15:47:58 +0000 (11:47 -0400)]
nfsdcld: add check/update functionality
Add functions to check whether a client is allowed to reclaim, and
update its timestamp in the DB if so. If either the query or update
fails, then the host is not allowed to reclaim state.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Thu, 26 Apr 2012 15:43:30 +0000 (11:43 -0400)]
nfsdcld: add routines for a sqlite backend database
Rather than roll our own "storage engine", use sqlite instead. It fits
the bill nicely as it does:
- durable on-disk storage
- the ability to constrain record uniqueness
- a facility for collating and searching the host records
...it does add a build dependency to nfs-utils, but almost all modern
distros provide those packages.
The current incarnation of this code dynamically links against a
provided sqlite library, but we could also consider including their
single-file "amalgamation" to reduce dependencies (though with all
the caveats that that entails).
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Thu, 26 Apr 2012 15:29:22 +0000 (11:29 -0400)]
nfsdcld: add autoconf goop for sqlite
Mostly cribbed from Chuck Lever's new-statd rewrite a few years ago...
This adds an autoconf test for the sqlite3 library and includes. If
they're not working properly and nfsdcld was enabled, then configure
will error out.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Thu, 26 Apr 2012 15:22:46 +0000 (11:22 -0400)]
nfsdcld: add client tracking daemon stub
This program opens and "listens" on the new nfsd/cld rpc_pipefs pipe.
The code here doesn't actually do anything on stable storage yet. That
will be added in a later patch.
The patch also adds a autoconf enable switch for the new daemon that
defaults to "no", and a test for the upcall description header file.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Michael Weiser [Mon, 16 Apr 2012 10:49:21 +0000 (06:49 -0400)]
Add -l option to gssd to force legacy behaviour
Implement a new option -l to force gssd to ignore its kernel's crypto
capabilities and use just the Single DES legacy encryption types to be
compatible with old servers. This is only relevant if those servers have
strong keys in their keytab.
Signed-off-by: Steve Dickson <steved@redhat.com> Tested-by: Michael Weiser <weiser@science-computing.de>
Steve Dickson [Thu, 26 Jan 2012 19:56:13 +0000 (14:56 -0500)]
rpc.gssd: Links directly with libgssapi_krb5 which not needed.
rpc.gssd and rpc.svcgssd both link with the libgssapi_krb5 and
libgssglue libraries which is not needed since libgssglue
will dynamically load the gssapi interface defined in the
/etc/gssapi_mech.conf. Most likely the libgssapi_krb5 library.
Steve Dickson [Thu, 22 Mar 2012 15:02:46 +0000 (11:02 -0400)]
gssd: Look for user creds in user defined directory
The user credential cache currently is kept in /tmp.
In upcoming Kerberos release that will be moved to
/run/user/<username>/. This patch enables gssd to
look in both the old and new caches
Noah Friedman [Thu, 15 Mar 2012 16:52:50 +0000 (12:52 -0400)]
rpc.idmap: Hide global symbols from libidmap plugins
This patch limits the visibility of the symbols in the nfs-utils
conffile.c so that they are only visible to programs linked directly to
it. This forces the objects dynamically loaded via libnfsidmap to use
the functions defined in that shared library instead.
Steve Dickson [Mon, 12 Mar 2012 17:17:15 +0000 (13:17 -0400)]
exportfs: Stop racing exportfs on clusters
This problem can occur when multiple cluster services fail over
at the same time, causing missing high-available exports.
Having a lot of nfs-exports will trigger this issue easier.
Steve Dickson [Tue, 6 Mar 2012 16:03:38 +0000 (11:03 -0500)]
nfsmount: Fixed parsing error in the nfsmount.conf code.
When the options where prefixed with spaces (instead of tabs)
the second option in the list was missed to so a miscalculation
the the nfsmount.conf parsing code.
Signed-off-by: Harshula Jayasuriya <harshula@redhat.com> Acked-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Mon, 16 Jan 2012 19:39:25 +0000 (14:39 -0500)]
autoconf: only link binaries that need it to libtirpc
This patch is essentially the same as the previous version, but has
been respun to fix up some merge conflicts with some of Chuck's
recent changes.
When we first added tirpc support, we took a "big hammer" approach, and
had it add libtirpc to $LIBS. That had the effect of making it so that
that library was linked into every binary. That's unnecessary, and
wasteful with memory.
Don't let AC_CHECK_LIB add -ltirpc to $LIBS. Instead, have the autoconf
tests set $(LIBTIRPC) in the makefiles, and have the programs that
need it explicitly include that library. In the event that we're not
using libtirpc, then set $LIBTIRPC to a blank string.
This necessitates a change to the bindresvport_sa check too. Since that
library is no longer included in $LIBS, we need to convert that check
to use AC_CHECK_LIB instead of AC_CHECK_FUNCS.
This patch also fixes a subtle bug. If the library was usable, but the
includes were not, the test would set $enable_tirpc to "no", but
HAVE_LIBTIRPC would still be true. That configuration would likely
fail to build.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 12 Jan 2012 20:09:49 +0000 (15:09 -0500)]
nfsidmap: Purge the keyring when its full.
When a key can not be added to a keyring because
the keyring is full or there is no memory for
the playload, keyctl_instantiate() will fail
and set the errno to -EDQUOT, -ENFILE or
-ENOMEM
When this happens, purge the keyring to
free things up and then try to re-add
the key.
Chuck Lever [Thu, 5 Jan 2012 21:24:16 +0000 (16:24 -0500)]
mountd: Support junction management plug-ins
To support FedFS and NFS junctions without introducing additional
build-time or run-time dependencies on nfs-utils, the community has
chosen to use a dynamically loadable library to handle junction
resolution.
There is one plug-in library for mountd that will handle any NFS-
related junction type. Currently there are two types:
o nfs-basic locally stored file set location data, and
o nfs-fedfs file set location data stored on an LDAP server
mountd's support for this library is enabled at build time by the
presence of the junction API definition header:
/usr/include/nfs-plugin.h
If this header is not found on the build system, mountd will build
without junction support, and will operate as before.
Note that mountd does not cache junction resolution results. NFSD
already caches these results in its exports cache. Thus each time
NFSD calls up to mountd, it is, in essence, requesting a fresh
junction resolution operation, not a cached response.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 5 Jan 2012 21:03:08 +0000 (16:03 -0500)]
mountd: remove newline from xlog() format specifier strings
Clean up: xlog() already adds a newline to the end of each line of
output. Remove the superfluous newline from a number of xlog()
call sites in mountd.
Chuck Lever [Thu, 5 Jan 2012 21:01:22 +0000 (16:01 -0500)]
mountd: Plug v4root memory leak
Valgrind reports that the memory allocated for eep's e_hostname field
was not being freed. eep is not visible outside of v4root_create(),
so we don't need to strdup() that string.
Introduced by commit 3b777b0 "exports: NFSv4 pseudoroot support
routines" (Dec 1, 2009).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Thu, 5 Jan 2012 20:54:00 +0000 (15:54 -0500)]
configure.ac: Don't check for AI_ADDRCONFIG
Commit 1ea2c3be: "nfs-utils: Remove all uses of AI_ADDRCONFIG,"
(October 28, 2010) removed the last use of AI_ADDRCONFIG. Even so,
ipv6.m4 uses this check to ensure that the local getaddrinfo(3)
implementation is recent. Maybe we shouldn't bother.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Karel Zak [Thu, 5 Jan 2012 18:32:26 +0000 (13:32 -0500)]
mount.nfs: don't overwrite mount options from /etc/nfsmount.conf
The libmount (as well as mount(8)) ignores mount options from command
line if running in restricted mode (suid, non-root-user) and all
options are read from fstab only.
It means that all options are replaced with stuff from fstab,
including mount options from nfsmount.conf. This is bug.
We have to apply fstab and then nfsmount.conf.
Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 5 Dec 2011 14:48:46 +0000 (09:48 -0500)]
mount.nfs: Background mounts failing on time out errors.
Mounting with the "-o v3,bg,proto=udp" options will
fail, instead of retrying, when the server is down.
The reason being nfs_rewrite_pmap_mount_options()
does not interrupt RPC timeouts correctly.
Steve Dickson [Mon, 14 Nov 2011 14:47:21 +0000 (09:47 -0500)]
nfsidmap: Added -v and -t flags
To aid in debugging, the -v flag can now be specified,
multiple time, on the command line to enable verbose
logging in both the nfsidmap command and libnfsidmap
library routines.
Also converted the timeout argument to use a -t flag.
Yang Bai [Tue, 18 Oct 2011 15:53:11 +0000 (11:53 -0400)]
mount.nfs: Mount should really return from errno test
We should only try next address family if we meet ECONNREFUSED or
EHOSTUNREACH for v4 or ECONNREFUSED or EOPNOTSUPP or EHOSTUNREACH for v3v2.
Before, only a break in swich can not make the program out of for loop.
Signed-off-by: Yang Bai <hamo.by@gmail.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Luca Giuzzi [Tue, 4 Oct 2011 17:35:06 +0000 (13:35 -0400)]
rpc.idmapd: Dies with 'I/O possible'
We have had problems on some of our machines (all Fedora 14), where
rpc.idmapd used to die with an `I/O possible' message at (basically)
random times. A strace suggested the issue being in nfsopen() where a
signal type is reset before notification is disabled; a signal at just
the right time might be the cause of the problem; see
https://bugzilla.redhat.com/show_bug.cgi?id=684308
Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Luk Claes [Mon, 3 Oct 2011 12:42:20 +0000 (08:42 -0400)]
blkmapd: Use getconf(_SC_PAGE_SIZE)
PAGE_SIZE is not exported by all architectures as it is not fixed: it
can depend on the model of the machine. So it's better to query the
system configuration for the actual page size on the machine.
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 21 Sep 2011 18:05:07 +0000 (14:05 -0400)]
mountstats: Breaks on 3.1 kernels
mountstats depend on all devices entries in /proc/self/mountstats
to start with the word 'device'. With 3.1 kernels, NFS entries
start with the actual device (i.e. server:/export) not
the word 'device'. This change confused mountstats parsing.
Steve Dickson [Wed, 21 Sep 2011 17:52:49 +0000 (13:52 -0400)]
nfsiostat: Breaks on 3.1 kernels
nfsiostat depend on all devices entries in /proc/self/mountstats
to start with the word 'device'. With 3.1 kernels, NFS entries
start with the actual device (i.e. server:/export) not
the word 'device'. This change confused nfsiostat parsing.
The decoded octal will always be positive and (char) -1 is negative. Any
field containing an encoded octal will be rejected.
As the encoded value should be an unsigned char, fix the check to reject
all values > (unsigned char) -1 = UCHAR_MAX, as this indicate an error
in the encoding.
Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 20 Sep 2011 16:52:46 +0000 (12:52 -0400)]
statd: Decouple statd's state directory from the NFS state directory
To allow greater flexibility to where statd's state is kept,
statd's state path can now be decoupled from the normal
NFS state directory.
In configure.ac, the NSM_DEFAULT_STATEDIR definition will now define
the path to where the state information is kept. The default
value, /var/lib/nfs, can be redefined with the --with-statdpath
flag.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
J. Bruce Fields [Tue, 20 Sep 2011 11:40:15 +0000 (07:40 -0400)]
nfsd: allow choosing server 41 support at runtime
In the case where -N 4.1 is left off the commandline, the current code
explicitly turns it on or off anyway, depending on configure options.
Instead, just leave 4.1 support alone. This allows a user to add an
"echo +4.1 >/proc/fs/nfsd/versions" to their init scripts, if they want.
Otherwise they will get the kernel's default (currently to leave 4.1
off, as long as 4.1 support is experimental).
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 19 Sep 2011 18:23:54 +0000 (14:23 -0400)]
sm-notify: sm-notify leaves monitor records in sm.bak
sm-notify fails to remove monitor records from sm.bak when it has
finally notified a host. This is because of a recent change to send
two SM_NOTIFY requests for each monitored peer: one with the local
host's FQDN, and one with an unqualified version of same. This was
commit baa41b2c: "sm-notify: Send fully-qualified and unqualified
mon_names" (March 19, 2010).
Because of the March 2010 commit, sm-notify modifies the "my_name"
string during notification, but then uses this modified string to try
to find the monitor record to remove. Of course the search for the
record fails. So a persistent monitor record is left in sm.bak.
Aside from leaving trash around, this causes the same hosts to be
notified after every reboot, even if they successfully responded to
the previous SM_NOTIFY and they had no contact with us during the last
boot.
I also noticed that the trick of truncating the argument of SM_NOTIFY
doesn't work at all if a substitute "my_name" was specified via the "-v"
command line option. This patch attempts to address that as well.
sm-notify should preserve the original my_name string so that
nsm_delete_host() can find the correct monitor record to delete. Also
add some degree of protection to the mon_name and my_name strings in
each nsm_host record to prevent a future change from breaking this
dependency.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 19 Sep 2011 18:20:25 +0000 (14:20 -0400)]
sm-notify: Avoid extra rpcbind queries
The logic in notify_host() watches the host->retries counter to see if
progress is not being made. If progress stalls, notify_host() tries
another IP address. This means sm-notify will generate a fresh
rpcbind query.
After an RPC succeeds, be sure to reset host->retries so sm-notify
doesn't start walking down the host's addrinfo list when we _are_
making progress. In the common case, if the host responds, we avoid
extra rpcbind queries and send all requests for the host to the same
IP address.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 19 Sep 2011 18:18:47 +0000 (14:18 -0400)]
sm-notify: Use correct retransmit timeout when sending a fresh RPC
An RPC retransmit timeout should start out the same for each new RPC
request. Don't increase the retransmit timeout after receiving the
reply to the rpcbind query.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 19 Sep 2011 18:10:08 +0000 (14:10 -0400)]
nfsumount: Squelch compiler warning
nfsumount.c: In function nfs_umount_is_vers4:
nfsumount.c:164: warning: conversion to int from size_t may alter its value
nfsumount.c:173: warning: conversion to ?size_t? from int may change the sign of the result
Chuck Lever [Mon, 19 Sep 2011 18:02:10 +0000 (14:02 -0400)]
configure.ac: Fix help string for --with-statedir= option
The help string for --with-statedir attempts to show "/var/lib/nfs" in
square brackets, but they don't appear on my system (Fedora 13). Use
the AC_HELP_STRING macro to display the help string properly, like all
the other "with" and "enable" options specified in our configure.ac.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>