diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-05-15 14:28:54 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-05-16 09:15:41 -0400 |
| commit | abfdbd53a4e28844ad953b313f017f55edbb85b7 (patch) | |
| tree | e75cce0ff477831f77a5cb4be6984a7a9248132b /net/sunrpc/auth_gss | |
| parent | d36ccb9cec22a09a12d9ef8234d634f840d7ae4b (diff) | |
SUNRPC: Faster detection if gssd is actually running
Recent changes to the NFS security flavour negotiation mean that
we have a stronger dependency on rpc.gssd. If the latter is not
running, because the user failed to start it, then we time out
and mark the container as not having an instance. We then
use that information to time out faster the next time.
If, on the other hand, the rpc.gssd successfully binds to an rpc_pipe,
then we mark the container as having an rpc.gssd instance.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
| -rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index f17f3c581ff4..3aff72f78bf2 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
| @@ -52,6 +52,8 @@ | |||
| 52 | #include <linux/sunrpc/gss_api.h> | 52 | #include <linux/sunrpc/gss_api.h> |
| 53 | #include <asm/uaccess.h> | 53 | #include <asm/uaccess.h> |
| 54 | 54 | ||
| 55 | #include "../netns.h" | ||
| 56 | |||
| 55 | static const struct rpc_authops authgss_ops; | 57 | static const struct rpc_authops authgss_ops; |
| 56 | 58 | ||
| 57 | static const struct rpc_credops gss_credops; | 59 | static const struct rpc_credops gss_credops; |
| @@ -559,9 +561,12 @@ out: | |||
| 559 | static inline int | 561 | static inline int |
| 560 | gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) | 562 | gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) |
| 561 | { | 563 | { |
| 564 | struct net *net = rpc_net_ns(gss_auth->client); | ||
| 565 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | ||
| 562 | struct rpc_pipe *pipe; | 566 | struct rpc_pipe *pipe; |
| 563 | struct rpc_cred *cred = &gss_cred->gc_base; | 567 | struct rpc_cred *cred = &gss_cred->gc_base; |
| 564 | struct gss_upcall_msg *gss_msg; | 568 | struct gss_upcall_msg *gss_msg; |
| 569 | unsigned long timeout; | ||
| 565 | DEFINE_WAIT(wait); | 570 | DEFINE_WAIT(wait); |
| 566 | int err; | 571 | int err; |
| 567 | 572 | ||
| @@ -569,11 +574,17 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) | |||
| 569 | __func__, from_kuid(&init_user_ns, cred->cr_uid)); | 574 | __func__, from_kuid(&init_user_ns, cred->cr_uid)); |
| 570 | retry: | 575 | retry: |
| 571 | err = 0; | 576 | err = 0; |
| 577 | /* Default timeout is 15s unless we know that gssd is not running */ | ||
| 578 | timeout = 15 * HZ; | ||
| 579 | if (!sn->gssd_running) | ||
| 580 | timeout = HZ >> 2; | ||
| 572 | gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred); | 581 | gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred); |
| 573 | if (PTR_ERR(gss_msg) == -EAGAIN) { | 582 | if (PTR_ERR(gss_msg) == -EAGAIN) { |
| 574 | err = wait_event_interruptible_timeout(pipe_version_waitqueue, | 583 | err = wait_event_interruptible_timeout(pipe_version_waitqueue, |
| 575 | pipe_version >= 0, 15*HZ); | 584 | pipe_version >= 0, timeout); |
| 576 | if (pipe_version < 0) { | 585 | if (pipe_version < 0) { |
| 586 | if (err == 0) | ||
| 587 | sn->gssd_running = 0; | ||
| 577 | warn_gssd(); | 588 | warn_gssd(); |
| 578 | err = -EACCES; | 589 | err = -EACCES; |
| 579 | } | 590 | } |