diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2012-09-14 17:24:02 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-10-01 18:33:33 -0400 |
| commit | ba9b584c1dc37851d9c6ca6d0d2ccba55d9aad04 (patch) | |
| tree | d74fa5a04f928d5c508594f285381b41bfe4ac3c /fs/nfs/client.c | |
| parent | 1b63a75180c6c65c71655c250a4e6b578ba7d1c0 (diff) | |
SUNRPC: Introduce rpc_clone_client_set_auth()
An ULP is supposed to be able to replace a GSS rpc_auth object with
another GSS rpc_auth object using rpcauth_create(). However,
rpcauth_create() in 3.5 reliably fails with -EEXIST in this case.
This is because when gss_create() attempts to create the upcall pipes,
sometimes they are already there. For example if a pipe FS mount
event occurs, or a previous GSS flavor was in use for this rpc_clnt.
It turns out that's not the only problem here. While working on a
fix for the above problem, we noticed that replacing an rpc_clnt's
rpc_auth is not safe, since dereferencing the cl_auth field is not
protected in any way.
So we're deprecating the ability of rpcauth_create() to switch an
rpc_clnt's security flavor during normal operation. Instead, let's
add a fresh API that clones an rpc_clnt and gives the clone a new
flavor before it's used.
This makes immediate use of the new __rpc_clone_client() helper.
This can be used in a similar fashion to rpcauth_create() when a
client is hunting for the correct security flavor. Instead of
replacing an rpc_clnt's security flavor in a loop, the ULP replaces
the whole rpc_clnt.
To fix the -EEXIST problem, any ULP logic that relies on replacing
an rpc_clnt's rpc_auth with rpcauth_create() must be changed to use
this API instead.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs/client.c')
| -rw-r--r-- | fs/nfs/client.c | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/fs/nfs/client.c b/fs/nfs/client.c index 99694442b93f..143149db3440 100644 --- a/fs/nfs/client.c +++ b/fs/nfs/client.c | |||
| @@ -668,7 +668,8 @@ int nfs_init_server_rpcclient(struct nfs_server *server, | |||
| 668 | { | 668 | { |
| 669 | struct nfs_client *clp = server->nfs_client; | 669 | struct nfs_client *clp = server->nfs_client; |
| 670 | 670 | ||
| 671 | server->client = rpc_clone_client(clp->cl_rpcclient); | 671 | server->client = rpc_clone_client_set_auth(clp->cl_rpcclient, |
| 672 | pseudoflavour); | ||
| 672 | if (IS_ERR(server->client)) { | 673 | if (IS_ERR(server->client)) { |
| 673 | dprintk("%s: couldn't create rpc_client!\n", __func__); | 674 | dprintk("%s: couldn't create rpc_client!\n", __func__); |
| 674 | return PTR_ERR(server->client); | 675 | return PTR_ERR(server->client); |
| @@ -678,16 +679,6 @@ int nfs_init_server_rpcclient(struct nfs_server *server, | |||
| 678 | timeo, | 679 | timeo, |
| 679 | sizeof(server->client->cl_timeout_default)); | 680 | sizeof(server->client->cl_timeout_default)); |
| 680 | server->client->cl_timeout = &server->client->cl_timeout_default; | 681 | server->client->cl_timeout = &server->client->cl_timeout_default; |
| 681 | |||
| 682 | if (pseudoflavour != clp->cl_rpcclient->cl_auth->au_flavor) { | ||
| 683 | struct rpc_auth *auth; | ||
| 684 | |||
| 685 | auth = rpcauth_create(pseudoflavour, server->client); | ||
| 686 | if (IS_ERR(auth)) { | ||
| 687 | dprintk("%s: couldn't create credcache!\n", __func__); | ||
| 688 | return PTR_ERR(auth); | ||
| 689 | } | ||
| 690 | } | ||
| 691 | server->client->cl_softrtry = 0; | 682 | server->client->cl_softrtry = 0; |
| 692 | if (server->flags & NFS_MOUNT_SOFT) | 683 | if (server->flags & NFS_MOUNT_SOFT) |
| 693 | server->client->cl_softrtry = 1; | 684 | server->client->cl_softrtry = 1; |