summaryrefslogtreecommitdiffstats
path: root/fs/nfs/nfs4state.c
Commit message (Collapse)AuthorAgeFilesLines
* SUNRPC handle EKEYEXPIRED in call_refreshresultAndy Adamson2012-12-121-23/+0
| | | | | | | | | | | | | | | | | | Currently, when an RPCSEC_GSS context has expired or is non-existent and the users (Kerberos) credentials have also expired or are non-existent, the client receives the -EKEYEXPIRED error and tries to refresh the context forever. If an application is performing I/O, or other work against the share, the application hangs, and the user is not prompted to refresh/establish their credentials. This can result in a denial of service for other users. Users are expected to manage their Kerberos credential lifetimes to mitigate this issue. Move the -EKEYEXPIRED handling into the RPC layer. Try tk_cred_retry number of times to refresh the gss_context, and then return -EACCES to the application. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Ensure smooth handover of slots from one task to the next waitingTrond Myklebust2012-12-061-5/+1
| | | | | | | | Currently, we see a lot of bouncing for the value of highest_used_slotid due to the fact that slots are getting freed, instead of getting instantly transmitted to the next waiting task. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Remove the 'FIFO' behaviour for nfs41_setup_sequenceTrond Myklebust2012-12-061-3/+1
| | | | | | | | It is more important to preserve the task priority behaviour, which ensures that things like reclaim writes take precedence over background and kupdate writes. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Ping server when our session table limits are too highTrond Myklebust2012-12-061-0/+5
| | | | | | | | | If the server requests a lower target_highest_slotid, then ensure that we ping it with at least one RPC call containing an appropriate SEQUENCE op. This ensures that the server won't need to send a recall callback in order to shrink the slot table. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Move slot table and session struct definitions to nfs4session.hTrond Myklebust2012-12-061-0/+1
| | | | | | Clean up. Gather NFSv4.1 slot definitions in fs/nfs/nfs4session.h. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Move nfs4_wait_clnt_recover and nfs4_client_recover_expired_leaseTrond Myklebust2012-12-061-0/+34
| | | | | | | | nfs4_wait_clnt_recover and nfs4_client_recover_expired_lease are both generic state related functions. As such, they belong in nfs4state.c, and not nfs4proc.c Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Clean up session drainingTrond Myklebust2012-12-061-0/+10
| | | | | | | | | Coalesce nfs4_check_drain_bc_complete and nfs4_check_drain_fc_complete into a single function that can be called when the slot table is known to be empty, then change nfs4_callback_free_slot() and nfs4_free_slot() to use it. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: CB_RECALL_SLOT must schedule a sequence op after updating targetsTrond Myklebust2012-12-061-0/+12
| | | | | | | | | | RFC5661 requires us to make sure that the server knows we've updated our slot table size by sending at least one SEQUENCE op containing the new 'highest_slotid' value. We can do so using the 'CHECK_LEASE' functionality of the state manager. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Remove the state manager code to resize the slot tableTrond Myklebust2012-12-061-33/+0
| | | | | | | | The state manager no longer needs any special machinery to stop the session flow and resize the slot table. It is all done on the fly by the SEQUENCE op code now. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Allow SEQUENCE to resize the slot table on the flyTrond Myklebust2012-12-061-18/+4
| | | | | | | Instead of an array of slots, use a singly linked list of slots that can be dynamically appended to or shrunk. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Support dynamic resizing of the session slot tableTrond Myklebust2012-12-061-3/+3
| | | | | | | | Allow the server to control the size of the session slot table by adjusting the value of sr_target_max_slots in the reply to the SEQUENCE operation. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Ensure that the client tracks the server target_highest_slotidTrond Myklebust2012-12-061-4/+3
| | | | | | | | | | | | | | | | | Dynamic slot allocation in NFSv4.1 depends on the client being able to track the server's target value for the highest slotid in the slot table. See the reference in Section 2.10.6.1 of RFC5661. To avoid ordering problems in the case where 2 SEQUENCE replies contain conflicting updates to this target value, we also introduce a generation counter, to track whether or not an RPC containing a SEQUENCE operation was launched before or after the last update. Also rename the nfs4_slot_table target_max_slots field to 'target_highest_slotid' to avoid confusion with a slot table size or number of slots. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Shrink struct nfs4_sequence_res by moving the session pointerTrond Myklebust2012-11-261-1/+1
| | | | | | | Move the session pointer into the slot table, then have struct nfs4_slot point to that slot table. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slotsTrond Myklebust2012-11-211-2/+1
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Handle session reset and bind_conn_to_session before lease checkTrond Myklebust2012-11-211-9/+8
| | | | | | | | We can't send a SEQUENCE op unless the session is OK, so it is pointless to handle the CHECK_LEASE state before we've dealt with SESSION_RESET and BIND_CONN_TO_SESSION. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Get rid of unnecessary BUG_ON()sTrond Myklebust2012-11-041-1/+0
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: don't do two EXCHANGE_IDs on mountWeston Andros Adamson2012-10-021-0/+1
| | | | | | | | | | | | Since the addition of NFSv4 server trunking detection the mount context calls nfs4_proc_exchange_id then schedules the state manager, which also calls nfs4_proc_exchange_id. Setting the NFS4CLNT_LEASE_CONFIRM bit makes the state manager skip the unneeded EXCHANGE_ID and continue on with session creation. Reported-by: Jorge Mora <mora@netapp.com> Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.0 reclaim reboot state when re-establishing clientidAndy Adamson2012-10-011-2/+6
| | | | | | | We should reclaim reboot state when the clientid is stale. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Fix up a merge conflict between migration and container changesTrond Myklebust2012-10-011-2/+3
| | | | | | nfs_callback_tcpport is now per-net_namespace. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Discover NFSv4 server trunking when mountingChuck Lever2012-10-011-1/+181
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "Server trunking" is a fancy named for a multi-homed NFS server. Trunking might occur if a client sends NFS requests for a single workload to multiple network interfaces on the same server. There are some implications for NFSv4 state management that make it useful for a client to know if a single NFSv4 server instance is multi-homed. (Note this is only a consideration for NFSv4, not for legacy versions of NFS, which are stateless). If a client cares about server trunking, no NFSv4 operations can proceed until that client determines who it is talking to. Thus server IP trunking discovery must be done when the client first encounters an unfamiliar server IP address. The nfs_get_client() function walks the nfs_client_list and matches on server IP address. The outcome of that walk tells us immediately if we have an unfamiliar server IP address. It invokes nfs_init_client() in this case. Thus, nfs4_init_client() is a good spot to perform trunking discovery. Discovery requires a client to establish a fresh client ID, so our client will now send SETCLIENTID or EXCHANGE_ID as the first NFS operation after a successful ping, rather than waiting for an application to perform an operation that requires NFSv4 state. The exact process for detecting trunking is different for NFSv4.0 and NFSv4.1, so a minorversion-specific init_client callout method is introduced. CLID_INUSE recovery is important for the trunking discovery process. CLID_INUSE is a sign the server recognizes the client's nfs_client_id4 id string, but the client is using the wrong principal this time for the SETCLIENTID operation. The SETCLIENTID must be retried with a series of different principals until one works, and then the rest of trunking discovery can proceed. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Slow down state manager after an unhandled errorChuck Lever2012-10-011-0/+1
| | | | | | | | | | | | | | | | | | If the state manager thread is not actually able to fully recover from some situation, it wakes up waiters, who kick off a new state manager thread. Quite often the fresh invocation of the state manager is just as successful. This results in a livelock as the client dumps thousands of NFS requests a second on the network in a vain attempt to recover. Not very friendly. To mitigate this situation, add a delay in the state manager after an unhandled error, so that the client sends just a few requests every second in this case. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: make nfs_callback_tcpport6 per network contextStanislav Kinsbursky2012-10-011-1/+1
| | | | | Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: make nfs_callback_tcpport per network contextStanislav Kinsbursky2012-10-011-1/+3
| | | | | Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Simplify the pNFS return-on-close codeTrond Myklebust2012-09-281-5/+2
| | | | | | Confine it to the nfs4_do_close() code. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Convert the nfs4_lock_state->ls_flags to a bit fieldTrond Myklebust2012-09-281-4/+4
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Clean up helper function nfs4_select_rw_stateid()Trond Myklebust2012-09-281-3/+11
| | | | | | | | | | | We want to be able to pass on the information that the page was not dirtied under a lock. Instead of adding a flag parameter, do this by passing a pointer to a 'struct nfs_lock_owner' that may be NULL. Also reuse this structure in struct nfs_lock_context to carry the fl_owner_t and pid_t. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Clean up nfs4_proc_setclientid() and friendsChuck Lever2012-07-161-0/+4
| | | | | | | Add documenting comments and appropriate debugging messages. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Treat NFS4ERR_CLID_INUSE as a fatal errorChuck Lever2012-07-161-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For NFSv4 minor version 0, currently the cl_id_uniquifier allows the Linux client to generate a unique nfs_client_id4 string whenever a server replies with NFS4ERR_CLID_INUSE. This implementation seems to be based on a flawed reading of RFC 3530. NFS4ERR_CLID_INUSE actually means that the client has presented this nfs_client_id4 string with a different principal at some time in the past, and that lease is still in use on the server. For a Linux client this might be rather difficult to achieve: the authentication flavor is named right in the nfs_client_id4.id string. If we change flavors, we change strings automatically. So, practically speaking, NFS4ERR_CLID_INUSE means there is some other client using our string. There is not much that can be done to recover automatically. Let's make it a permanent error. Remove the recovery logic in nfs4_proc_setclientid(), and remove the cl_id_uniquifier field from the nfs_client data structure. And, remove the authentication flavor from the nfs_client_id4 string. Keeping the authentication flavor in the nfs_client_id4.id string means that we could have a separate lease for each authentication flavor used by mounts on the client. But we want just one lease for all the mounts on this client. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Clean up nfs4_reclaim_leaseTrond Myklebust2012-06-281-17/+35
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Cleanup - move nfs4_has_session tests out of state manager loopTrond Myklebust2012-06-281-3/+6
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Clean up nfs4_recall_slot()Trond Myklebust2012-06-281-5/+6
| | | | | | Move the test for nfs4_has_session out of the nfs4_state_manager() Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Handle slot recalls before doing state recoveryTrond Myklebust2012-06-281-11/+10
| | | | | | | Handling a slot recall situation should always takes precedence over state recovery to allow the server to manage its resources. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: add more context to state manager error mesgsWeston Andros Adamson2012-06-281-2/+14
| | | | | Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Ensure we clear session state flags after a session creationTrond Myklebust2012-06-051-10/+12
| | | | | | | Both nfs4_reset_session and nfs41_init_clientid need to clear all the session related state flags on success. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Add debugging printks to state managerTrond Myklebust2012-05-281-0/+33
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: nfs4_reset_session should use nfs4_handle_reclaim_lease_errorTrond Myklebust2012-05-271-1/+1
| | | | | | | | The results from a call to nfs4_proc_create_session() should always be fed into nfs4_handle_reclaim_lease_error, so that we can handle errors such as NFS4ERR_SEQ_MISORDERED correctly. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Handle other occurrences of NFS4ERR_CONN_NOT_BOUND_TO_SESSIONTrond Myklebust2012-05-271-2/+8
| | | | | | | Let nfs4_schedule_session_recovery() handle the details of choosing between resetting the session, and other session related recovery. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION in the state managerTrond Myklebust2012-05-271-1/+3
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Handle errors in nfs4_bind_conn_to_sessionTrond Myklebust2012-05-271-1/+12
| | | | | | | Ensure that we handle NFS4ERR_DELAY errors separately, and then let nfs4_recovery_handle_error() handle all other cases. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: nfs4_bind_conn_to_session should drain the sessionTrond Myklebust2012-05-271-0/+2
| | | | | | | In order to avoid races with other RPC calls that end up setting the NFS4CLNT_BIND_CONN_TO_SESSION flag. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Ensure we use the correct credentials for bind_conn_to_sessionTrond Myklebust2012-05-251-1/+8
| | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Weston Andros Adamson <dros@netapp.com>
* NFSv4.1: Ensure we use the correct credentials for session create/destroyTrond Myklebust2012-05-251-3/+7
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4.1: Handle NFS4ERR_SEQ_MISORDERED when confirming the leaseTrond Myklebust2012-05-251-0/+5
| | | | | | | | | | | | | Apparently the patch "NFS: Always use the same SETCLIENTID boot verifier" is tickling a Linux nfs server bug, and causing a regression: the server can get into a situation where it keeps replying NFS4ERR_SEQ_MISORDERED to our CREATE_SESSION request even when we are sending the correct sequence ID. Fix this by purging the lease and then retrying. Reported-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: When purging the lease, we must clear NFS4CLNT_LEASE_CONFIRMTrond Myklebust2012-05-251-0/+1
| | | | | | Otherwise we can end up not sending a new exchange-id/setclientid Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Clean up the error handling for nfs4_reclaim_leaseTrond Myklebust2012-05-251-49/+50
| | | | | | | | | Try to consolidate the error handling for nfs4_reclaim_lease into a single function instead of doing a bit here, and a bit there... Also ensure that NFS4CLNT_PURGE_STATE handles errors correctly. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* nfs41: Use BIND_CONN_TO_SESSION for CB_PATH_DOWN*Weston Andros Adamson2012-05-241-4/+30
| | | | | | | | The state manager can handle SEQ4_STATUS_CB_PATH_DOWN* flags with a BIND_CONN_TO_SESSION instead of destroying the session and creating a new one. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Force server to drop NFSv4 stateChuck Lever2012-05-221-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nfs4_reset_all_state() refreshes the boot verifier a server sees to trigger that server to wipe this client's state. This function is invoked when an NFSv4.1 server reports that it has revoked some or all of a client's NFSv4 state. To facilitate server trunking discovery, we will eventually want to move the cl_boot_time field to a more global structure. The Uniform Client String model (and specifically, server trunking detection) requires that all servers see the same boot verifier until the client actually does reboot, and not a fresh verifier every time the client unmounts and remounts the server. Without the cl_boot_time field, however, nfs4_reset_all_state() will have to find some other way to force the server to purge the client's NFSv4 state. Because these verifiers are opaque (ie, the server doesn't know or care that they happen to be timestamps), we can force the server to wipe NFSv4 state by updating the boot verifier as we do now, then immediately afterwards establish a fresh client ID using the old boot verifier again. Hopefully there are no extra paranoid server implementations that keep track of the client's boot verifiers and prevent clients from reusing a previous one. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Add NFSDBG_STATEChuck Lever2012-05-221-0/+2
| | | | | | | | fs/nfs/nfs4state.c does not yet have any dprintk() call sites, and I'm about to introduce some. We will need a new flag for enabling them. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Keep dropped state owners on the LRU list for a whileTrond Myklebust2012-04-211-9/+11
| | | | | | To ensure that we don't reuse their identifiers. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Ensure that we don't drop a state owner more than onceTrond Myklebust2012-04-211-3/+7
| | | | | | | | Retest the RB_EMPTY_NODE() condition under the spin lock to ensure that we don't call rb_erase() more than once on the same state owner. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
OpenPOWER on IntegriCloud