On Wed, Apr 10, 2013 at 12:11:20PM +0100, Jose Castillo wrote:
> On 04/09/2013 08:11 PM, J. Bruce Fields wrote:
> > Could you explain a little more?
> >
> > I assume this is something I forgot to do as part of
> > c2544b77566690ebec32a2d47c9249548b1a0941 "mountd: prepend '$' to
> > make use_ipaddr clients self-describing" but I haven't thought
> > about that in a while....
> >
>
> Hello,
>
> Yes, sorry, a bit more of background: We found this problem because
> NFS clients to a RHEL6 NFS server were experiencing periods of ESTALE
> errors after being mounted and initially working successfully.
> Tests were run which snapshotted the nfs/sunrpc caches before and
> after the issue, and it was found that the '$' character at the
> beginning of the ID strings, used when in use_ipaddr mode, was getting
> lost:
>
> GOOD, while mount was working:
> #class IP domain
> # expiry=1362416801 refcnt=2 flags=1
> nfsd 1.2.3.4 $1.2.3.4
>
> BAD, after mount started returning ESTALE:
> #class IP domain
> # expiry=1362418641 refcnt=2 flags=1
> nfsd 1.2.3.4 1.2.3.4
>
> This would then cause the export checks to fail by passing '1.2.3.4'
> instead of '$1.2.3.4' up to rpc.mountd.
Oh, I see--and this stuff probably never worked for v4 either since it
can't depend on mountd to fill the cache at all....
Thanks!
Acked-by: J. Bruce Fields <bfields@xxxxxxxxxx>
(Could you just add the extra details to the commit message and resend
to steved?
Also, is there a RHEL bug for this?)
--b.
>
> The problem appears to be in the auth_unix_ip() function when renewing
> the auth.unix.ip cache entry. It would fail to add the '$' character
> back to the beginning of the string used for the domain string,
> breaking the use_ipaddr mode.
>
> The issue is reliably repeatable with large numbers of exports and
> netgroups to cause rpc.mountd to enter use_ipaddr mode.
>
> Steps to reproduce:
>
> 1. Export several hundred exports each with its own unique netgroup
> 2. Mount from a client (NFS3). check
> /proc/net/rpc/auth.unix.ip/content to ensure the '$' character is
> there from use_ipaddr mode.
> 3. Wait long enough for the entry to expire (1 hour was used), and try
> and access a file from the client. It returned ESTALE and the
> /proc/net/rpc/auth.unix.ip/content was now missing the '$' character.
>
> Actual results:
> Mount returns ESTALE on the client after being mounted for an extended
> period of time.
>
> Expected results:
> File access should succeed on the mount.
>
> The patch was tested in a reproduction environment, and the issue
> could no longer be reproduced.
>
> > --b.
> >
> > On Tue, Apr 09, 2013 at 04:54:59PM +0100, Jose Castillo wrote:
> >> Signed-off-by: Jose Castillo <jcastillo@xxxxxxxxxx> ---
> >> utils/mountd/cache.c | 10 ++++++---- 1 file changed, 6
> >> insertions(+), 4 deletions(-)
> >>
> >> diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c index
> >> 978698d..e1027f3 100644 --- a/utils/mountd/cache.c +++
> >> b/utils/mountd/cache.c @@ -80,7 +80,7 @@ static void
> >> auth_unix_ip(FILE *f) */ char *cp; char class[20]; - char
> >> ipaddr[INET6_ADDRSTRLEN]; + char ipaddr[INET6_ADDRSTRLEN + 1];
> >> char *client = NULL; struct addrinfo *tmp = NULL; if
> >> (readline(fileno(f), &lbuf, &lbuflen) != 1) @@ -94,7 +94,7 @@
> >> static void auth_unix_ip(FILE *f) strcmp(class, "nfsd") != 0)
> >> return;
> >>
> >> - if (qword_get(&cp, ipaddr, sizeof(ipaddr)) <= 0) + if
> >> (qword_get(&cp, ipaddr, sizeof(ipaddr) - 1) <= 0) return;
> >>
> >> tmp = host_pton(ipaddr); @@ -116,9 +116,11 @@ static void
> >> auth_unix_ip(FILE *f) qword_print(f, "nfsd"); qword_print(f,
> >> ipaddr); qword_printtimefrom(f, DEFAULT_TTL); - if (use_ipaddr) +
> >> if (use_ipaddr) { + memmove(ipaddr + 1, ipaddr, strlen(ipaddr) +
> >> 1); + ipaddr[0] = '$'; qword_print(f, ipaddr); - else if
> >> (client) + } else if (client) qword_print(f,
> >> *client?client:"DEFAULT"); qword_eol(f); xlog(D_CALL,
> >> "auth_unix_ip: client %p '%s'", client, client?client:
> >> "DEFAULT"); -- 1.7.11.7
> >>
> >> -- To unsubscribe from this list: send the line "unsubscribe
> >> linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> More majordomo info at
> >> http://vger.kernel.org/majordomo-info.html
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
