Bug 514684
| Summary: | NFS: mounted NFSv4/krb5 export inaccessible following an NFS server reboot | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Harshula Jayasuriya <harshula> | ||||
| Component: | kernel | Assignee: | Harshula Jayasuriya <harshula> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Boris Ranto <branto> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 4.7 | CC: | branto, jlayton, rwheeler, staubach, steved, tao | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-02-16 15:50:15 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 355646 [details]
Tested patch
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Committed in 89.36.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/ An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0263.html |
Description of problem: When an NFS server is rebooted while an NFS client has an NFSv4/krb5 export mounted, the NFS client can not access the content of the mountpoint even a few minutes after the NFS server has completed the reboot. Following the reboot of the NFS server, it receives RPC_GSS_PROC_DATA packets from the NFS client. In svcauth_gss_accept(): ------------------------------------------------------------ 830 case RPC_GSS_PROC_DATA: 831 case RPC_GSS_PROC_DESTROY: 832 *authp = rpcsec_gsserr_credproblem; 833 rsci = gss_svc_searchbyctx(&gc->gc_ctx); 834 if (!rsci) 835 goto auth_err; 937 auth_err: 938 /* Restore write pointer to original value: */ 939 xdr_ressize_check(rqstp, reject_stat); 940 ret = SVC_DENIED; 941 goto out; ------------------------------------------------------------ gss_svc_searchbyctx() returns NULL which results in authp being set to rpcsec_gsserr_credproblem and svcauth_gss_accept() returning SVC_DENIED. Eventually svc_authenticate() returns SVC_DENIED and auth_stat is set to rpcsec_gsserr_credproblem: ------------------------------------------------------------ 255 int 256 svc_process(struct svc_serv *serv, struct svc_rqst *rqstp) 257 { 320 auth_res = svc_authenticate(rqstp, &auth_stat); 328 switch (auth_res) { 329 case SVC_OK: 330 break; 331 case SVC_GARBAGE: 332 rpc_stat = rpc_garbage_args; 333 goto err_bad; 334 case SVC_SYSERR: 335 rpc_stat = rpc_system_err; 336 goto err_bad; 337 case SVC_DENIED: => 338 auth_stat = rpc_autherr_badcred; 339 goto err_bad_auth; 340 case SVC_DROP: 341 goto dropit; 342 case SVC_COMPLETE: 343 goto sendit; 344 } ------------------------------------------------------------ In RHEL4 the auth_stat value of rpcsec_gsserr_credproblem is overwritten and set to rpc_autherr_badcred. If the NFS server returns RPCSEC_GSS_CREDPROBLEM, then the NFS client calls call_refresh() and refreshes the credentials, which is the RHEL5 behaviour. An RPC_AUTH_BADCRED results in the NFS client doing a retry instead. Version-Release number of selected component (if applicable): * Red Hat Enterprise Linux AS release 4 (Nahant Update 7) * Kernel 2.6.9-78 How reproducible: * Always Steps to Reproduce: 0. Setup a kerberized NFS environment. 1. On the NFS client, mount the NFSv4/krb5 export at /mnt/test 2. Do an ls /mnt/test 3. Reboot the NFS server. Wait till the NFS server restarts. 4. Do an ls /mnt/test Actual results: ls: /mnt/test: Permission denied Expected results: * The content of the directory. Additional info: * If you wait ~ 45 minutes, the ls /mnt/test will succeed. I suspect there is a timeout on the NFS client that results in the NFS client sending an RPC_GSS_PROC_INIT packet. Regards, Harshula