On Thu, 07 Nov 2013 16:40:18 -0500 Steve Dickson <SteveD@xxxxxxxxxx> wrote: > > > On 07/11/13 16:01, Jeff Layton wrote: > > On Thu, 7 Nov 2013 11:25:19 -0800 > > Chuck Lever <chuck.lever@xxxxxxxxxx> wrote: > > > >> Hi Steve- > >> > >> On Nov 7, 2013, at 11:09 AM, Steve Dickson <steved@xxxxxxxxxx> wrote: > >> > >>> This new module parameter makes the v4 client > >>> use the minimal authentication flavor (AUTH_UNIX) > >>> when establishing NFSV4 state and doing the > >>> pseudoroot lookup > >> > >> The patch description doesn't say, but is this change to work around the 15 second GSSD upcall timeout? Have we completely given up on fixing the upcall? > >> > > > > That would be my preferred solution too. The whole problem is that this > > upcall takes too damned long to time out. > > > > But...how can it be fixed? > > > > Due to the way that rpc_pipefs interface works, there's no way that I > > can see to make that fail immediately if no one is listening on the > > pipe. You could reduce the timeout I guess but that's sort of a > > half-assed solution. > > > > IMO, we're long past due for a new upcall that uses a different design > > altogether. Maybe something based on call_usermodehelper that doesn't > > require a running daemon? > Bingo! I think it would be huge for all these upcalls to work like the idmapping > does on the client (aka via call_usermodehelper)... but which the likes > of Kerberos it may not be possible... > No, it's possible. We don't currently handle multi-stage GSSAPI negotiation across the kernel/userland boundary anyway, so there's no problem with state preservation across upcalls or anything. The tricky part is how to handle the downcall. call_usermodehelper doesn't have a way to pass anything but a return code back to the kernel, so you'd need to send the context handle and such via another mechanism. Hmm...and containers too. The UMH infrastructure is not container-aware, whereas rpc_pipefs is. I guess you could make the program use setns(), but you have to come up with some way to pass a fd to it. Either way, not a trivial task. It'd be best to get everyone on board with the design before trying to do the work. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
