commit 188354e57dd8476e66ce30d647180a106da29b88 Author: NeilBrown Date: Wed Aug 3 14:22:04 2016 -0400 mountd: fail nfsd.export lookup for path to unmounted exportpoint If an export point should be mounted ("mountpoint" option set) but isn't, then an attempt to mount using the MOUNT protocol for NFSv3 will fail and an attempt to access the filesystem using a pre-existing filehandle will block because nfsd_fh wont tell the kernel about it. However a lookup from the parent, as happens with an NFSv4 mount request, will pass the name to nfsd_export(), and it doesn't check the mointpoint option, and so exports the underlying (typically "/") filesystem. So change nfsd_export() to refused to export that exportpoint, but instead to explictly say that it isn't exported. This will cause an 'ls' in the parent pseudo-root directory to not show the name and will cause a "mount" attempt which walks down through the pseudo root to fail in the same way that it does with NFSv3. An access from a pre-existing NFSv4 mount will still hang until the filesystem is mounted, just like it does with NFSv3. In order to be a bit more responsive to the filesystem getting mounted, just a short timeout (1 minutes) on exports of missing "mountpoint" exportpoints. Acked-by: J. Bruce Fields Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 2375c47bd7ee1935d5d3ff603f7e346e4ff03088 Author: NeilBrown Date: Wed Aug 3 14:08:11 2016 -0400 mountd: allow alternate ttl to be specified for dump_to_cache. The default will not always be best. Acked-by: J. Bruce Fields Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 3a6174984dae93827dcbd269eb990f106f0ba2ed Author: NeilBrown Date: Wed Aug 3 13:17:47 2016 -0400 mount: fix memory leak in v4root_add_parents If pseudofs_update failed, we weren't freeing 'path'. Acked-by: J. Bruce Fields Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 2d0683f3843446a479cd9c451ea01e005937eebb Author: NeilBrown Date: Wed Aug 3 13:13:49 2016 -0400 mount: use a public address for IPv6 callback. If IPv6 address privacy is active, the "clientaddr" given to the server will likely be a temporary address which will eventually expire, thus breaking callback. So ask for a public address to ensure continued service. Acked-by: J. Bruce Fields Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 8cd75bc7b179294347f88baa25e12df0461d8f29 Author: NeilBrown Date: Wed Aug 3 13:07:37 2016 -0400 mount: don't treat temporary name resolution failure as permanent If getaddrinfo() returns EAI_AGAIN, we shouldn't just give up, but should continue normal retries as the nameserver may be unavailable for the same reason as the NFS server. So move the getaddrinfo() call from nfs_validate_options() into nfs_try_mount() which is always called soon after, except in the 'remount' case when we don't want it anyway. If EAI_AGAIN is returned, set errno to EAGAIN and allow this to be a temporary failure. Otherwise report error and set errno to EALREADY so no further message is given. Acked-by: J. Bruce Fields Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 89dff32a664e0b8a7777156e642d31e2dfa52e71 Author: NeilBrown Date: Wed Aug 3 13:01:08 2016 -0400 mountd: remove the --exports-file option It is completely ineffective. Acked-by: J. Bruce Fields Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 7ebf6d00315faf3cc9e17dbdfdf28220788968ac Author: NeilBrown Date: Wed Aug 3 12:55:36 2016 -0400 nfs.man: clarify effect of 'retry' option The total timeout for a "mount" attempt to a non-responsive server will always be a multiple of the time a single mount attempt in the kernel takes, which for TCP defaults to about 4 minutes. The documentation for the "retry" option seems to suggest that this can be used to set a maximum but it really sets a time after which to stop retrying. The total can be as much as "retry" plus the time for a single attempt. So clarify the documentation a bit, and also note that retrans defaults are different for UDP and TCP: #define NFS_DEF_UDP_RETRANS (3) #define NFS_DEF_TCP_RETRANS (2) Reported-by: Howard Guo Acked-by: J. Bruce Fields Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit d4b2d066b0dac218fbd1471492b7575d55a413e5 Author: Kinglong Mee Date: Wed Jul 20 11:08:29 2016 -0400 blkmapd: unlink pid file when error out Fix some error out without unlink pid file. Signed-off-by: Kinglong Mee Signed-off-by: Steve Dickson commit 6e79a74d7936fc1d1bbe20e2a7abd6def40c00ea Author: Kinglong Mee Date: Wed Jul 20 11:02:03 2016 -0400 blkmapd: Let running correctly when pid file exists Blkmapd cannot run until blkmapd.pid is unlinked. This patch lets checking exists based on lockf without stat. Signed-off-by: Kinglong Mee Signed-off-by: Steve Dickson commit 0018969f7814d95abe6a1eda40218fd374b064fa Author: Kinglong Mee Date: Wed Jul 20 10:56:50 2016 -0400 Gssd: Avoid compiling warning and simplify codes krb5_util.c: In function gssd_acquire_user_cred: krb5_util.c:1389:4: warning: this if clause does not guard... Signed-off-by: Kinglong Mee Signed-off-by: Steve Dickson commit 5107d06ad9eac68bcc6f0f85341e0e1cc5e67213 Author: Jianhong Yin Date: Mon Jul 18 12:03:22 2016 -0400 exportfs: fix export point checking NFS does not support file and symbolic export, if the export point is regular file should give warning to user. Signed-off-by: Jianhong Yin Signed-off-by: Steve Dickson commit 2dca98711b55079a7c915b0d1f5ed06bed6284a5 Author: Chuck Lever Date: Mon Jul 18 11:08:23 2016 -0400 nfs(5): Add lease management security considerations Several years ago, the kernel Linux NFS client was changed to attempt to use strong security for lease management operations that are shared by all NFSv4 mounts of a server on that client. This forces the client to use a consistent security flavor and principal for lease management, even across reboots, to ensure that state recovery works, independent of what mounts have been done, what order they were done, and with what sec= option. The use of krb5i for lease management does not affect the flavor used for RPCs done on behalf of individual users, but sometimes it means krb5i is used for certain operations even when "sec=sys" is specified. This has occasionally been surprising. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1334510 Signed-off-by: Chuck Lever Signed-off-by: Steve Dickson commit 8fef90084f3d19e90ba1bb22b8cd1d58ddaf6ef3 Author: Steve Dickson Date: Tue Jun 21 12:06:06 2016 -0400 start-statd: Use flock to serialize the running of this script To once and for all stop multiple rpc.statd from being started (mostly in HA environments), use flock to serialize the running of the script Signed-off-by: Steve Dickson commit fd2e0c51fed171f3a639fdfc106731c0ff6f9757 Author: Yongcheng Yang Date: Tue Jun 21 11:55:26 2016 -0400 nfsdcltrack: fix a typo in the manpage Turned "nfsdcltack" into "nfsdcltrack" Signed-off-by: Steve Dickson commit 0aeb65f5f52903907451cdce7dbf0b4be21d46a3 Author: Scott Mayhew Date: Tue Jun 21 11:51:40 2016 -0400 statd: suppress a benign log message in nsm_delete_host() Commit 76f8ce8c (statd: Update existing record if we receive SM_MON with new cookie) added some logic to unconditionally delete some existing on-disk monitor records. That works fine in an HA-NFS setup where there's a good chance of monitor files being left around after service failovers, but in the case where there isn't an existing monitor file statd emits a scary looking message like this: Jun 15 14:14:59 hostname rpc.statd[1368]: Failed to delete: could not stat original file /var/lib/nfs/statd/sm/nfs.smayhew.test: No such file or directory That message can be suppressed. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 6a648d46c0fcf28d76e80c4d7eb6509373f3e024 Author: Steve Dickson Date: Wed Jun 8 09:18:35 2016 -0400 nfsidmap: added the -h option Use the correct exit code when an invalid option use or the -h option. Signed-off-by: Steve Dickson commit a5f1e5797f465d326043eb9daa5f1ad3750d4c9d Author: Steve Dickson Date: Tue Jun 7 16:07:27 2016 -0400 umount: fixed typo in usage message Signed-off-by: Steve Dickson commit a528ad3147815bfc05c21a7ae69fbdbe83fddefd Author: Steve Dickson Date: Tue Jun 7 14:32:21 2016 -0400 mount.nfs: added usage output when no arguemnts are given Signed-off-by: Steve Dickson commit c25b8f845f16fa12216cfb0975344ef908154c46 Author: Steve Dickson Date: Fri May 20 11:25:51 2016 -0400 mountd: cleaned up usage message. Fixed the -H and --ha-callout usage message Signed-off-by: Steve Dickson commit 959efe8fe0f5cf8882b6401efddf02cba033cb32 Author: Chuck Lever Date: Mon May 16 07:42:38 2016 -0400 gssd: Convert 'rdma' to 'tcp' protocol The kernel NFS client specifies 'rdma' as the transport protocol for NFS/RDMA mounts. This is a generic display token, probably not something the kernel should lie about. The kernel uses it to form NFSv4 client IDs, for example. Until gssd can speak RPC-over-RDMA, convert 'rdma' to 'tcp' in kernel gss upcalls. This means that the Linux NFS client requires an NFS/TCP service on an NFS/RDMA server when establishing a GSS context for proto=rdma mount points. This is probably not an onerous requirement for the time being. Eventually user space support for RPC-over-RDMA might be introduced, and gssd can use that for context establishment. Signed-off-by: Chuck Lever Signed-off-by: Steve Dickson commit bfe62c85f3101a1840d184d82b1cf958c4fbb9c3 Author: Yongcheng Yang Date: Sat May 14 12:34:03 2016 -0400 blkmapd: Add the -h flag on the man page Update SYNOPSIS and OPTIONS for the -h flag. Signed-off-by: Yongcheng Yang Signed-off-by: Steve Dickson commit c5dbf414ddd2fe272ac7602cd182c73ebeb090b1 Author: Olga Kornievskaia Date: Sat May 14 12:19:15 2016 -0400 gssd: no longer needed pid logic with threads, we don't need to distinguish zero uid. Signed-off-by: Olga Kornievskaia Signed-off-by: Steve Dickson commit d9ba9eede533fed6dde146f891d5d596016b314b Author: Olga Kornievskaia Date: Sat May 14 12:13:29 2016 -0400 gssd: move read of upcall into main thread This patch moves reading of the upcall information from the child thread into the main thread. It removes the need to synchronize between the parent and child thread before processing upcall. Also it creates the thread in a detached state. Signed-off-by: Olga Kornievskaia Signed-off-by: Steve Dickson commit 28e244eb8eb986b75261a48c2e49685be2f2f005 Author: Scott Mayhew Date: Mon May 2 11:57:31 2016 -0400 exportfs: replace one xlog(D_GENERAL) in host_canonname() If we fall back to using the numeric host then we shouldn't call xlog with D_GENERAL. That can cause 'exportfs -u' to exit with a 1 if, for example, you have exports using ip addresses that can't be resolved to hostnames. Use D_PARSE instead. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit c304a49c7a4afe146848b6f98795880e70f3bbf8 Author: Scott Mayhew Date: Mon May 2 10:53:01 2016 -0400 exportfs: add the debug option Since calling xlog(D_GENERAL) will cause exportfs to exit with a status of 1, there really should be a way to see those messages for debugging purposes. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 91da135f243d6f87fcea8b8a3ce28a589917b0e4 Author: NeilBrown Date: Mon May 2 08:54:13 2016 -0400 systemd unit files: fix up dependencies on rpcbind. The dependencies on rpcbind have been changed a few times and I think they are still wrong. So I'll go into some detail to justify this change. Firstly: rpcbind.target rpcbind.socket or rpcbind.service? The systemd documentation talks about targets as "synchronization points" and likens them to SysV init run levels. Run levels are about ordering but not dependencies. The systemd.special man page describes rpcbind.target as intended explicitly for ordering sysvinit scripts, with "After=" dependencies. So while I think it is valid to use rpcbind.target for ordering (before/after) it shouldn't be used for dependencies (Wants/Requires). The rpcbind.target file included in systemd does not "Require" the actual service, so requiring rpcbind.target itself is pointless. I think we shouldn't use rpcbind.target at all. Leave it for sysvinit synchronization. So: .socket or .service? I think nfs only needs the socket to be active. On first connection the service will be started. But nfs does not need to wait for the service to start, only the socket. So I think we should exclusively use rpcbind.socket. Next: Wants or Requires. rpc.statd definitely Requires rpcbind. It needs to register to be useful, and without rpcbind it cannot register. nfs-server does not necesarily require rpcbind. Specifically if configured for NFSv4 only, nfs-server will work quite happily without rpcbind. Someone with an NFSv4 only setup who wants rpcbind to not run can use systemctl mask rpcbind.socket to ensure it never runs. So nfs-server should only "Wants: rpcbind.socket". I think Commit: 4fabfcd08206 ("systemd: Decouple the starting and stopping of rpcbind/nfs-server") should have changed "Requires" to "Wants" rather than "server" to "target" to fix the dependency problem. Finally: After? It only makes sense to declare an ordering relation as "After:" something that will actually be started. If "foo.service" is not part of the systemd transaction, then "After: foo.service" has no effect. So having: Requires: rpcbind.target After: rpcbind.socket doesn't make much sense unless there is some relationship between rpcbind.target and rpcbind.socket, and there is no general guarantee of that (though what individual distros do, I don't know). So the "After" should match the "Wants" or "Requires". It might make sense to Requires: rpcbind.socket After: rpcbind.target as it is reasonable to assume that rpcbind.target will be ordered with rpcbind.socket, but as we can use rpcbind.socket explictly, that is clearer. So my conclusion is that nfs-server should: Wants: rpcbind.socket After: rpcbind.socket and rpc-statd should Requires: rpcbind.socket After: rpcbind.socket which is what this patch puts into effect. Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 85c5c16d29d50c1f798d60e57641cd21cec2e905 Author: Olga Kornievskaia Date: Thu Apr 28 16:51:54 2016 -0400 gssd: always call gss_krb5_ccache_name Previously the location of the credential cache was passed in either using environment variable KRB5CCNAME or gss_krb5_ccache_name() if supported. For threaded-gssd, we can't use an environment variable as it's shared among all thread. Thus always use the api call. Reviewed-by: Steve Dickson Signed-off-by: Olga Kornievskaia Signed-off-by: Steve Dickson commit 792c2a597c770738cf5c4433724504a5fc4ff7f5 Author: Olga Kornievskaia Date: Thu Apr 28 16:27:14 2016 -0400 gssd: using syscalls directly to change thread's identity For the threaded version we have to set uid,gid per thread instead of per process. glibc setresuid() when called from a thread, it'll send a signal to all other threads to synchronize the uid in all other threads. To bypass this, we have to call syscall() directly. Reviewed-by: Jeff Layton Reviewed-by: Steve Dickson Signed-off-by: Olga Kornievskaia commit 8c34e538ef7492fda87b640343996dd33a2fde1d Author: Olga Kornievskaia Date: Thu Apr 28 16:21:41 2016 -0400 gssd: use pthreads to handle upcalls Currently, to persevere global data over multiple mounts, the root process does not fork when handling an upcall. Instead on not-forking create a pthread to handle the upcall since global data can be shared among threads. Reviewed-by: Jeff Layton Signed-off-by: Olga Kornievskaia Signed-off-by: Steve Dickson commit bf97c20a6c3b8d037663e23a39bcf2f003ec12ee Author: Steve Dickson Date: Wed Apr 27 11:53:02 2016 -0400 Remove rpcsecgss library support librpcsecgss has not been used in years so and there is no longer an upstream for it so the support for the library has been removed Signed-off-by: Steve Dickson commit 31ca7d4f6aaa799fce013ea1d6ab3a44bf4baa9e Author: NeilBrown Date: Wed Apr 27 13:06:55 2016 -0400 mount: run START_STATD fully as root If a "user" mount is the first NFSv3 mount, mount.nfs will be running setuid to root (with non-root as the real-uid) when it executes START_STATD. start-statd is a shell script and many shells refuse to run setuid, dropping privileges immediately. This results in start-statd running as an unprivileged user and so statd fails to start. To fix this, call "setuid(0)" to set real uid to zero. Also call "setgid(0)" for consistency. The behaviour of a shell can often be affected by the environment, such as the "shell functions" that bash includes from the environment. To avoid the user being able to pass such environment to the shell, explicitly pass an empty environment. The start-statd script explicitly sets the PATH which is all it really needs. Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 4ac4b4f74dcec30dcb23aab827eed152db08daea Author: Mike Frysinger Date: Wed Apr 27 12:57:08 2016 -0400 fix building w/newer C libraries Linux C libraries are moving away from implicitly including the header sys/sysmacros.h via sys/types.h. We would like to do this for glibc now, but others (musl/etc...) have been doing it already. This means any code using major/minor/makedevs functions will fail to build when they don't include that header. Leverage the AC_HEADER_MAJOR macro that configure is already using to pull in the right header. Signed-off-by: Mike Frysinger Signed-off-by: Steve Dickson commit 623f537916a67f96decda3ce9ed8d70edf92c0cd Author: Benjamin Coddington Date: Wed Apr 27 12:53:04 2016 -0400 mount.nfs: skip server address resolution on remount A remount might fail if name resolution returns a different server address, as might occur if there are multiple name records for the server. Since we cannot change the server's address on a remount anyway, skip the lookup and remove any set addresses in the options. Reviewed-by: Chuck Lever Signed-off-by: Benjamin Coddington Signed-off-by: Steve Dickson commit bf12e1fa9f48e8ee91a2869e69484c70595b5160 Author: Steve Dickson Date: Sat Mar 19 15:05:58 2016 -0400 Move nfs-utils_env.sh to a more appropriate directory Currently nfs-utils_env.sh is installed in a directory that is own by systemd. They requested via https://bugzilla.redhat.com/show_bug.cgi?id=1303113 to move the script into /usr/libexec/nfs-utils Signed-off-by: Steve Dickson commit e0eb6ebb5265af7b43262761524510f473a30ff9 Author: Steve Dickson Date: Sat Mar 19 13:13:10 2016 -0400 gssd: ignore pipe directories that do not exist Back when commit aba5ea5c and commit 55197c98 happen that replaced dnotify with inotify the ignoring of non-existent upcall directories got dropped. The patch adds it back and stops following error log ERROR: inotify_add_watch failed for nfs/clntXX: No such file or directory Signed-off-by: Steve Dickson commit c4940fad2a73481cad67732746a4e2bb74e8d32e Author: NeilBrown Date: Wed Mar 16 12:18:40 2016 -0400 systemd: ensure nfs-config service is re-run as needed. The nfs-config service translates distro-specific startup configuration into "environment" variable read and used by systemd unit files. Currently it is only run once, so subsequent changes to the distro-specific files do not take effect when an nfs service is restarted. If we change "RemainAfterExit=yes" to "RemainAfterExit=no" then the service will be restarted before any dependant service is started, so the environment file will always be up to date. Reported-and-tested-by: Benjamin Coddington Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit d0f9df9761d5fc63327fcaa0bc4515e739ca6f0e Author: Yongcheng Yang Date: Wed Mar 16 12:15:32 2016 -0400 mountd.man: Update to change -P option as an alias for -p From: Yongcheng Yang Signed-off-by: Yongcheng Yang Signed-off-by: Steve Dickson commit 425f81f82a1743465480599d2bf761d92f0aacf3 Author: Toshiaki Makita Date: Wed Mar 16 12:11:50 2016 -0400 statd: Don't unregister statd service on failing to execute callout statd calls atexit(statd_unregister) to unregister statd service on exit, which actually has a side-effect that ha_callout() unregisters statd service even when the child callout process exits on execl() failure. Certain clustering software's deployment script adds -H option with its specified file non-existent, when it is configured not to use callout. In other words, -H seems to be used no matter if callout is needed or not, but when callout is unnecessary, the specified callout program is not deployed. This causes statd not to work once a lock is requested by its NFS client, as execl() in ha_callout() results in ENOENT and exit() of the child process calls exit-handler statd_unregister(). Eventually, the NFS client gets stuck with messages "lockd: cannot monitor xxx" on the NFS server. Also, execl() could fail for other reasons like ENFILE or EIO as well. A forked child must not unregister the statd RPC server, so use _exit(), which does not call any exit-handlers, instead of exit(). Reviewed-by: Chuck Lever Signed-off-by: Toshiaki Makita Signed-off-by: Steve Dickson commit 55c12c837feaa909de8cbd6d5fe23378b85efeff Author: Benjamin Coddington Date: Wed Mar 16 11:31:40 2016 -0400 gssd: Fix inner-loop variable reuse The var "i" is already in use iterating realmnames. Fixes: "6597e391 gssd: Don't assume the machine account will be in uppercase" Signed-off-by: Benjamin Coddington Signed-off-by: Steve Dickson commit 02e10f64f923cd90e2e20b4b19cf149d53bc564e Author: Stefan Hajnoczi Date: Wed Mar 16 11:05:54 2016 -0400 libexport.a: fix missing brace in host_ntop() fallback An if statement has been missing a brace since host_ntop() was added in commit 94ce1eb94babb4c587b2826452fb053cba745098 ("libexport.a: Add helpers to manage DNS lookups"). Signed-off-by: Stefan Hajnoczi Signed-off-by: Steve Dickson commit 3904d8102cbc76b26feccd573cb475fbf346c977 Author: NeilBrown Date: Wed Mar 16 11:01:18 2016 -0400 mount.nfs - hide EBUSY errors Linux only returns EBUSY for a non-remount mount if the exact requested filesystem is already mounted. Arguably this is not an error. "mount -a" tries to see if each requested filesystem is already mounted. Sometimes it gets it wrong - e.g. hostname aliases can confuse it. So "mount -a" will report a failure "already mounted", which is wrong because it should filter those out. An easy fix it just to be silent about EBUSY. As the requested result (a given filesystem being mounted at a given location) is in effect after the EBUSY return, we can just treat it as success. This removes the confusing "already mounted" errors. Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 1412314d3d4f096144f5293724f5c894dbfabb06 Author: Steve Dickson Date: Sat Feb 13 07:51:13 2016 -0500 nfsidmapd: allow the usage message to be displayed xlog_err() never returns. Change the xlog_err(), when invalid arguments are use, to xlog_warn() so the second xlog_warn, displaying the usage, will be called. Signed-off-by: Steve Dickson commit 75232900ecc0a06eb3079417470d403b14bd1255 Author: Steve Dickson Date: Sat Feb 13 07:34:23 2016 -0500 nfsidmapd: Let verbose determent whether stderr logging should be done Use the verbose command flag to turn on or off logging to stderr. Signed-off-by: Steve Dickson commit a59788d9de9333294c885b044b4dbc003c17db71 Author: Steve Dickson Date: Tue Mar 8 17:24:31 2016 -0500 gssd: Corrected some types in the debugging code Change some debugging levels in populate_port() to make easier to follow the code. Signed-off-by: Steve Dickson commit 692081fea67bcb8abdfe079327c06bd37abd469d Author: Steve Dickson Date: Mon Mar 7 17:35:22 2016 -0500 krb5_use_machine_creds: Fixed the format of some debugging messages commit 1201d5d8 introduced some new debugging messages that needed some formatting Signed-off-by: Steve Dickson commit 269b74437be92b6a3f2e02242c893b258965953f Author: Steve Dickson Date: Tue Mar 1 12:23:00 2016 -0500 nfsd: use correct byte order on rdma port The returned port from getservbyname() is in network order. Convert the port to host order before writing it to the portlist file. Reported-by: Chuck Lever Reviewed-by: Chuck Lever Signed-off-by: Steve Dickson commit 3a2747736666dab2c266efa07dd5a453bf9b7482 Author: Steve Dickson Date: Wed Jan 20 14:56:54 2016 -0500 blkmapd: Added a usage routine Show the correct arguments when invalid arguments are used. Signed-off-by: Steve Dickson commit e57642c50c9b2e409d1fc2775bdf88f64b344dd3 Author: Steve Dickson Date: Wed Jan 20 14:41:58 2016 -0500 rpc.idmapd: Added the -h flag In general the -h flag should at least show a usage message Signed-off-by: Steve Dickson commit 6ec0d58fbff7c1a814a21cf8c7fe0ef5106a04c1 Author: Steve Dickson Date: Wed Jan 20 14:16:08 2016 -0500 mountd: print an error message when no versions are specified Signed-off-by: Steve Dickson commit 0c43a3e1ce8b2103e9c89aea0322367a22d6a491 Author: Steve Dickson Date: Wed Jan 20 12:07:13 2016 -0500 mountd: added missing argument to usage string The "-r | --reverse-lookup" arguments were missing from the usage string. Signed-off-by: Steve Dickson commit a69fe66a504e60e6ef7133f9bee4408da2ee7455 Author: Olga Kornievskaia Date: Sat Jan 16 12:25:46 2016 -0500 nfs_connect_nb: handle EINTR during connection establishment both connect() and select() can receive EINTR signals that we need to recover from. In Unix Network Programming, volume 1, section 5.9, W. Richard Stevens states: What we are doing [?] is restarting the interrupted system call ourself. This is fine for accept, along with the functions such as read, write, select and open. But there is one function that we cannot restart ourself: connect. If this function returns EINTR, we cannot call it again, as doing so will return an immediate error. When connect is interrupted by a caught signal and is not automatically restarted, we must call select to wait for the connection to complete, Thus for connect() treat both EINPROGRESS and EINTR the same -- call select(). For select(), it should be re-tried again upon receiving EINTR. Signed-off-by: Olga Kornievskaia Signed-off-by: Steve Dickson commit 2f8f24e617b9d3c20fe798fa00f268364e0aa7cc Author: Kinglong Mee Date: Sat Jan 16 12:22:37 2016 -0500 nfsstat: show client rpc information correctly There are 59 client rpc procedures, not 60. The order of rpc name must be the same as define of NFSPROC4_CLNT_xx in include/linux/nfs4.h, not nfs4_procedures in nfs4xdr.c. Drop duplicate rpc name "getdevlist". Reviewed-by: Benjamin Coddington Signed-off-by: Kinglong Mee Signed-off-by: Steve Dickson commit 612581573ba104404b86242ca35c2ff35abd5e72 Author: Rinku Kothiya Date: Sat Jan 16 12:19:40 2016 -0500 Set right error after getaddrinfo fails URL: https://bugzilla.redhat.com/show_bug.cgi?id=1287468 Signed-off-by: Rinku Kothiya Signed-off-by: Mohit Agrawal Signed-off-by: Steve Dickson commit d92017cccaffb02f7f4e00d0fdd6ef5042bb6341 Author: NeilBrown Date: Sat Jan 16 12:09:50 2016 -0500 start-statd: don't run multiple rpc.statds on the one host. If rpc.statd is running but slow to respond, mount.nfs will run "start-statd" which might start a new statd. This is not a good ideas as can result in lots of rpc.statds. So inf start-statd check the pid file and if rpc.statd seems to be running, exit with success. (also "cd /" before running rpc.statd, just in case). Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 37cd45cb913403b9f3b0c2aaa705e06cd70cc1d7 Author: NeilBrown Date: Sat Jan 16 12:06:32 2016 -0500 mount.nfs: trust the exit status of "start_statd". If DNS service is particularly slow, nfs_probe_statd() can fail even though rpc.statd is actually running. This happens because rpc.statd is single threaded and could be waiting longer for DNS than nfs_probe_statd() will wait for it. This causes problems when mount.nfs uses nfs_probe_statd() to see if statd is running, as is needed for NFSv3. Currently in these circumstances there are two possible outcomes. 1/ if systemd is in use, it will be told to start rpc-statd, which is already running so no change. mount.nfs will try pinging rpc.statd a few more times and could eventually give up and fail the mount. While slow DNS may well result in slow service, it shouldn't cause a mount attempt to fail. 2/ if systemd is not in use, a new rpc.statd will be started. This can (and has) lead to a large number of rpc.statd processes running on the one machine. This patch addresses the first scenario. If START_STATD is run and exits with a success status, mount.nfs assumes statd is running and allows the mount to succeed. A separate patch will address the other scenario. Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 78bb645a42c216b37b8d930c7c849a3fa89babf8 Author: Takashi Iwai Date: Sat Jan 16 12:02:30 2016 -0500 Fix protocol minor version fall-back mount.nfs currently expects mount(2) to fail with EPROTONOSUPPORT if the kernel doesn't understand the requested NFS version. Unfortunately if the requested minor is not known to the kernel it returns -EINVAL. In kernels since 3.11 this can happen in nfs4_alloc_client(), if compiled without NFS_V4_2. More generally it can happen in in nfs_validate_text_mount_data() when nfs_parse_mount_options() returns 0 because nfs_parse_version_string() didn't recognise the version. EPROTONOSUPPORT is only returned if NFSv4 support is completely compiled out. So nfs_autonegotiate needs to check for EINVAL as well as EPROTONOSUPPORT. URL: https://bugzilla.opensuse.org/show_bug.cgi?id=959211 Reported-by: Takashi Iwai Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 58fc4a61147019183b9a760092d84a713bb0aef4 Author: Andreas Schwab Date: Sat Jan 16 11:59:09 2016 -0500 Fix uninitialised variable usage in nfs_options2pmap Commit 5bea22e33b7a introduced a regression. Prior to that commit nfs_nfs_version would set *version to 0 if NFS version wasn't specified. Since that commit, version.v_mode is set to V_DEFAULT if the NFS version isn't specified, but nfs_options2pmap uses version.major without checking v_mode. This can lead to incorrect behaviour. In particular fall-ack to v3 if server doesn't support v4 can fail. So test v_mode before using version.major. URL: https://bugzilla.opensuse.org/show_bug.cgi?id=956743 Fixes: 5bea22e33b7a ("mount.nfs: Add struct nfs_version and generalize version parsing") Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 4b5bd85481a45957122357feebfcd514550fc219 Author: Frank Sorenson Date: Wed Dec 16 10:12:38 2015 -0500 mountd: fix netgroup lookup for short hostnames Commit 9a92ef6f to add netgroup lookup of resolvable IP addresses inadvertently broke the netgroup check for short hostnames. This patch fixes that breakage by changing the IP address lookup to use a separate variable. Signed-off-by: Frank Sorenson Signed-off-by: Steve Dickson commit 24c8c849a0118a8a204640433c4dc2c3c6ae133d Author: Scott Mayhew Date: Fri Dec 11 11:19:17 2015 -0500 mountstats: add missing v4.2 operations Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit b92f1b94b6a1cc8460a7f11b1b3f5f6f62701145 Author: Scott Mayhew Date: Fri Dec 11 11:16:38 2015 -0500 mountstats: handle KeyError in accumulate_iostats() This will prevent a backtrace like this from occurring in 'mountstats nfsstat' if a new NFSv4 operation is added to the kernel but not to the Nfsv4ops list in mountstats.py: Traceback (most recent call last): File "/sbin/mountstats", line 988, in res = main() File "/sbin/mountstats", line 977, in main return args.func(args) File "/sbin/mountstats", line 792, in nfsstat_command v4stats.accumulate_iostats(acc_stats) File "/sbin/mountstats", line 566, in accumulate_iostats self.__rpc_data[op] = list(map(add, self.__rpc_data[op], new_stats.__rpc_data[op])) KeyError: 'SEEK' Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 6c39d9946a6fbe9a65a1194d72268fc4b75b0c6c Author: Benjamin Coddington Date: Fri Dec 11 11:14:49 2015 -0500 nfsstat: update nfs server operations Signed-off-by: Benjamin Coddington Signed-off-by: Steve Dickson commit 2755d666b39ef50aa93df3d08438f604f2469eed Author: Benjamin Coddington Date: Fri Dec 11 11:13:45 2015 -0500 nfsstat: update nfs client operations FSID_PRESENT was missing, and LAYOUTGET and GETDEVICEINFO were switched. Update all the client operations. Also, increase the output width a bit and pull out a column for these longer new operation names. Signed-off-by: Benjamin Coddington Signed-off-by: Steve Dickson commit 02a96e351d403fc7caf4deed6b890b2e41ff9020 Author: Steve Dickson Date: Fri Dec 11 11:11:19 2015 -0500 rpc.idmapd: Added the -C and -S flags The C and S flags were missing for the SYNOPSIS Signed-off-by: Steve Dickson Signed-off-by: Steve Dickson commit d91d3c0b4754284808dfd2c7faf64d0cd96c5ae7 Author: Steve Dickson Date: Fri Dec 11 11:10:12 2015 -0500 rpc.idmapd: Added a usage routine Show the correct arguments when invalid arguments are used. Signed-off-by: Steve Dickson commit 51f51533155f70ce623bfeed2514512eb9473b63 Author: Scott Mayhew Date: Fri Dec 11 11:03:31 2015 -0500 statd: make statd_canonical_name return the presentation address if it maps to an empty Certain name resolution misconfigurations (for example, a hosts file entry with an ip address but no hostnames) can cause get_nameinfo() to return an empty string in buf, which will lead to this cryptic failure: Dec 7 09:37:44 hostname rpc.statd[8024]: Failed to insert: creating /var/lib/nfs/statd/sm/: Is a directory Dec 7 09:37:44 hostname rpc.statd[8024]: STAT_FAIL to hostname.example.com for SM_MON of 192.168.1.2 Dec 7 09:37:44 hostname kernel: lockd: cannot monitor 192.168.1.2 It's better in that case to just go ahead and use the presentation address instead. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit a9a7728d874398c855e386d9583cf05e681ecc1c Author: Yongcheng Yang Date: Fri Dec 11 11:01:17 2015 -0500 exportfs: Deal with path's trailing "/" in unexportfs_parsed() When unexport directory, it's possible that the specified path ends with a '/'. So we need to deal with it to find the matched entry. If not, there will be error like "Could not find '*:/some_path/' to unexport." Signed-off-by: Yongcheng Yang Signed-off-by: Steve Dickson commit 9c3d8687c96b7fe4a7920dc474e91f190b6d8f37 Author: Vivek Trivedi Date: Fri Dec 11 10:58:01 2015 -0500 mount.nfs: fix null pointer derefernce in nfs_parse_simple_hostname In function nfs_parse_simple_hostname, hostname can be NULL, dereferncing it while passing it to free(*hostname) may result in segfault. Signed-off-by: Vivek Trivedi Signed-off-by: Steve Dickson commit 6f7a1d75f948f8d914e63f4ba4a24c97225689dc Author: Vivek Trivedi Date: Fri Dec 11 10:54:56 2015 -0500 libnsm.a: do not close file if open failed If file open failed, no need to issue close system call in nsm_get_state and closeall. Signed-off-by: Vivek Trivedi Signed-off-by: Steve Dickson commit 4c3f97bb8ea409651491113a43a6d2b9d752d1e7 Author: Chuck Lever Date: Fri Dec 11 10:48:19 2015 -0500 nfsidmap: keyring_clear() should succeed if id_resolver keyring not found If the id_resolver keyring doesn't exist, the kernel has no cached idmap information to expunge. AFAIK it's not an error. If nfsidmap is run by a non-privileged user, the id_resolver keyring is never visible. IMO that should be reported, but the error message should report the privilege problem, not the missing keyring. Reported-by: Amy Shi Fixes: 69aa69e7de80 ('nfsidmap: Allow keys to be cleared from the ') Signed-off-by: Chuck Lever Signed-off-by: Steve Dickson commit 76f8ce8ce02868490ddfc5686bd48562fa73eab1 Author: Scott Mayhew Date: Mon Nov 23 10:43:03 2015 -0500 statd: Update existing record if we receive SM_MON with new cookie This prevents rpc.statd's in-memory (and on-disk) monitor lists from winding up with multiple records for the same peer with outdated cookie values. This happens in some HA-NFS configurations where rpc.statd is always running. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 685d63db0e91efd48c05453cf35434f22f1b1d26 Author: Steve Dickson Date: Fri Nov 20 10:19:19 2015 -0500 mount.nfs: Teach mount.nfs about the mountversion option When the mountversion option is used, there should not be any mount negotiations with the server. Also, when the option is used, its know that the mount is a v4 mount and a V_SPECFIC type. Signed-off-by: Steve Dickson commit 1d8d4e469d02aa574cb8529651809c0be90c3923 Author: Steve Dickson Date: Wed Nov 18 11:44:27 2015 -0500 svc_create.c: Make sure errors are logged To help debug rpcbind failures, make sure all errors are logged and log as much info about the error as possible. Signed-off-by: Steve Dickson commit be40202f194877306c19929479114b90a08363c1 Author: Steve Dickson Date: Sat Nov 7 12:51:37 2015 -0500 gssd: reworked second level of debugging Trimmed down the number messages being logged by moving them into level 3 or 4 of debugging Signed-off-by: Steve Dickson commit f1172857775d7be47b9ffb51825001cf39e23e70 Author: Steve Dickson Date: Sat Nov 7 11:31:40 2015 -0500 gssd: log all fatal errors When gssd exist ensure a error message is logged. Signed-off-by: Steve Dickson commit 329d4685ace7659a50517cc2f4d8c926d6aec500 Author: Steve Dickson Date: Sat Nov 7 11:24:30 2015 -0500 gssd: reworked first level of debugging Cleaned up first level of debugging. Only errors and warnings are logged. Signed-off-by: Steve Dickson commit 4fabfcd082069a16ea8769b9ea9344fc15011366 Author: Steve Dickson Date: Mon Nov 9 11:28:30 2015 -0500 systemd: Decouple the starting and stopping of rpcbind/nfs-server Commit b98f2af15 introduced a regression that cause the starting and stop of rpcbind and the nfs-server to be depended on each other The starting of the NFS server should start rpcbind but bring rpcbind down should not bring the NFS server down. Signed-off-by: Steve Dickson commit 67a0768370a54100c77e58f611e1d1fceb93e2c0 Author: Jianhong Yin Date: Wed Nov 4 16:28:47 2015 -0500 exportfs: Fix buf size in test_export() dump() From: Jianhong Yin The buf[] size in test_export() is not enough for NFS_MAXPATHLEN + prefix/suffix proto string. Fix it and same issue in dump(). And just to be on the safe side, %s/sprintf/snprintf/ Signed-off-by: Steve Dickson commit 19e6ba690c7e9674dae006cfce89f638c8d8edab Author: Steve Dickson Date: Wed Nov 4 16:25:28 2015 -0500 mydaemon.c: Removed a warning Commit 273b4647 introduced the following warning: mydaemon.c:125:2: warning: implicit declaration of function 'closelog' [-Wimplicit-function-declaration] Signed-off-by: Steve Dickson commit 42536414deb28ba41079b9dc01be2834fd5d4a26 Author: Juergen Daubert Date: Mon Nov 2 08:49:54 2015 -0500 nfsd: Fix message when creating NFSD listener sockets When the kernel's IPv6 module isn't loaded: rpc.nfsd: knfsd is currently down rpc.nfsd: Writing version string to kernel: -2 +3 +4 rpc.nfsd: Creating AF_INET TCP socket. rpc.nfsd: Creating AF_INET UDP socket. rpc.nfsd: Creating AF_INET6 TCP socket. rpc.nfsd: Creating AF_INET6 UDP socket. The last two messages are misleading, since creation of AF_INET6 sockets now fails silently without kernel IPv6 support. Fixes: c31fef7f4beb ('nfsd: ignore unsupported address types') Signed-off-by: Juergen Daubert Signed-off-by: Steve Dickson commit 1ee2184248251ff44ae1ba557f12151cb8cf93ff Author: Chuck Lever Date: Mon Nov 2 08:47:41 2015 -0500 gssd: Make TCP the default protocol for GSSD connections. No failure case if gssd doesn't recognize the kernel's requested protocol. Caught with "protocol=rdma" upcall. Signed-off-by: Chuck Lever Signed-off-by: Steve Dickson commit 23d26f9c9fd94406d0c1f4365e6180d59b744861 Author: Scott Mayhew Date: Mon Nov 2 08:45:09 2015 -0500 exportfs: Restore the EAI_NONAME check in host_pton() Commit d89e3fc7 removed the EAI_NONAME check altogether instead of just moving the NULL check. This causes exportfs -u to incorrectly exit with 1 whenever there's more than one MCL_FQDN export in the exportlist. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 602da10c87ea40f693aa4fc81968bb2a92bb52f9 Author: Malahal Naineni Date: Mon Nov 2 08:35:25 2015 -0500 Close etab file's file descriptor on stat error. Also, fixed erroneously closing file descriptor 0 at init time. Signed-off-by: Malahal Naineni Signed-off-by: Steve Dickson commit 9a92ef6f194926904b1289e0ce1daecb42bd5e8b Author: Frank Sorenson Date: Mon Nov 2 08:31:29 2015 -0500 mountd: fix netgroup lookup for resolvable IP addresses If a netgroup entry specifies an IP address, and that IP address can be resolved to a name, mountd will currently only test whether the canonical name and any aliases are in the netgroup, and does not test whether the IP address is in the netgroup (IP addresses which do not resolve to a name are already checked against the netgroup). This patch adds the check to see whether the IP addresses are in the netgroup. Signed-off-by: Frank Sorenson Signed-off-by: Steve Dickson commit bbcb9b79fbe77e133fddf921c09dc757947c031b Author: NeilBrown Date: Mon Nov 2 08:27:59 2015 -0500 systemd/Makefile: only install rpc-svcgssd.service if it is required. If we build without rpc-svcgssd (the default), don't install matching .service file. Signed-off-by: NeilBrown Signed-off-by: Steve Dickson commit 6597e3910b39a052dc98a32d43fe0900ec81643e Author: Scott Mayhew Date: Mon Nov 2 08:24:03 2015 -0500 gssd: Don't assume the machine account will be in uppercase find_keytab_entry() first looks for an entry of the form $@, which corresponds to the Active Directory machine account. It assumes that will be in uppercase because that's how the entry is created if the machine is joined to the domain using Samba. But that's not necessarily the case if the another identity management solution is used... for example a keytab entry for a machine account created by Centrify will match the actual computer account in Active Directory, whether that be in upper case, lower case, or mixed case. So first look for an entry that matches the unmodified hostname and then convert it to uppercase and try again only if that failed. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 1cc193508435b67c362c4e99d3f84d1bd0f342a4 Author: Scott Mayhew Date: Mon Nov 2 08:11:31 2015 -0500 Allow gssd and svcgssd to set the libtirpc debug level The interface for controlling the debug level in libtirpc was added over a year ago, but nothing's taking advantage of it. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 273b46473594b8aa4e55f682577d1dd94d44ad50 Author: Scott Mayhew Date: Mon Nov 2 08:07:11 2015 -0500 close the syslog fd in daemon_init() Commit 7addf9d (cleanup daemonization code) added the following line to mydaemon_init(): dup2(pipefds[1], 3); If we've already called vsyslog() before the fork(), then chances are fd 3 was being used for the syslog socket. In that case the next vsyslog() call will cause the data to appear on the read end of the pipe, causing the parent to exit with a nonzero status. If systemd is running, it will see the parent's nonzero exit status and will terminate the child as well. So just call closelog() to close the fd. The next call to vsyslog() will open a new one if need be. Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 7f62e37fcd25f09949a547b93c35d9e324211102 Author: Shan Hai Date: Mon Nov 2 08:03:24 2015 -0500 statd: fix a segfault caused by improper usage of RPC interface There is a hack which uses the bottom-level RPC improperly as below in the current statd implementation: insert a socket in the svc_fdset without a corresponding transport handle and passes the socket to the svc_getreqset subroutine, this usage causes a segfault of statd on a huge amount of sm-notifications. Fix the issue by separating the non-RPC-server socket from RPC dispatcher. Signed-off-by: Shan Hai Signed-off-by: Steve Dickson commit c31fef7f4beb736f6cfe29a2de6d769c7c1e780d Author: Christoph Hellwig Date: Fri Oct 30 09:18:21 2015 -0400 nfsd: ignore unsupported address types in nfssvc_setfds Just continue and try a different record returned from getaddrinfo if the kernel does not support an address family. This fixes nfsd startup on kernels without IPv6 support. Suggested-by: Chuck Lever Signed-off-by: Christoph Hellwig Signed-off-by: Steve Dickson