On Tue, 2024-05-21 at 11:55 +0200, Paul Menzel wrote: > #regzbot ^introduced: 74fd48739d04 > > Dear Jeff, > > > Am 19.04.24 um 18:50 schrieb Paul Menzel: > > > Since at least Linux 6.8-rc6, Linux logs the warning below: > > > > NFSD: Unable to initialize client recovery tracking! (-110) > > > > I haven’t had time to bisect yet, so if you have an idea, that’d be great. > > 74fd48739d0488e39ae18b0168720f449a06690c is the first bad commit > commit 74fd48739d0488e39ae18b0168720f449a06690c > Author: Jeff Layton <jlayton@xxxxxxxxxx> > Date: Fri Oct 13 09:03:53 2023 -0400 > > nfsd: new Kconfig option for legacy client tracking > > We've had a number of attempts at different NFSv4 client tracking > methods over the years, but now nfsdcld has emerged as the clear winner > since the others (recoverydir and the usermodehelper upcall) are > problematic. > > As a case in point, the recoverydir backend uses MD5 hashes to encode > long form clientid strings, which means that nfsd repeatedly gets > dinged > on FIPS audits, since MD5 isn't considered secure. Its use of MD5 > is not > cryptographically significant, so there is no danger there, but > allowing > us to compile that out allows us to sidestep the issue entirely. > > As a prelude to eventually removing support for these client tracking > methods, add a new Kconfig option that enables them. Mark it deprecated > and make it default to N. > > Acked-by: NeilBrown <neilb@xxxxxxx> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> > Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> > > fs/nfsd/Kconfig | 16 +++++++++ > fs/nfsd/nfs4recover.c | 97 > +++++++++++++++++++++++++++++++++------------------ > fs/nfsd/nfsctl.c | 6 ++++ > 3 files changed, 85 insertions(+), 34 deletions(-) > > `NFSD_LEGACY_CLIENT_TRACKING` is not set: > > # CONFIG_NFSD_LEGACY_CLIENT_TRACKING is not set > > It sounds like you need to enable nfsdcld in your environment. The old recovery tracking methods are deprecated. The only surviving one requires the nfsdcld daemon to be running when recovery tracking is started. Alternately, you can enable this option in your kernels if you want to keep using the deprecated methods in the interim. -- Jeff Layton <jlayton@xxxxxxxxxx>
