From nobody Thu Jan 26 03:03:33 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P2QWn2vVBz3b93q; Thu, 26 Jan 2023 03:03:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P2QWn2SwMz3Hh8; Thu, 26 Jan 2023 03:03:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1674702213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IN0aO9a+rhCQK4BYyIPW6COUn1iM/VUszOPjbrZjF9Y=; b=EAA9sle7pyOdFK3aZNsx3er3kBJY9TsviWt4C9c223hNAHAiGjtIJKJgWjTQg8IC5vB7lA 0Jq9pIrMCrVGVoinzzfUgRGCeZoRR/LWq/Cpka488OQ3XTvV1faUsdNOXHWEEqicXyluq6 6QwuGmjPHrvUUpsvhz0sSPadG5VMGt2OtWUuRX0Q0d0gg/zaw0SeMfmUZJ263qUdpvoZ+F gi2R+ajmkNEZFfpu3Zb7PoYMXBv/ojY8/yGmitQIPnLtY2n4+4YYq6LZaXTxLXtKrz53lw JXnjMk3OfLzIRUOOPrhCeDSI/JQydxN9sM7K5fxWLRDMhJQom57Tj82s67I7Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1674702213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IN0aO9a+rhCQK4BYyIPW6COUn1iM/VUszOPjbrZjF9Y=; b=vajBBILx4h5FEG10MliiKnDMrJ7FIh0l4OFNXFx/Bm9yHGq+EBE7hAP9aPIdE4QOV4tTW7 bn3XYmzIOAW/7aH7Xd4IK578MWfFD11XMO/H00I1dYvNzmewZc7xFiiu0sjl3MPfnS47MB Rxnf90o+LYORF/d9gxTG/anH/+/bv3mDzwgnknEuHHZcv+RSk6X77/Q34VIbypzET8Rd9T sGxPieLH159LU6D/W1KuRLZPwA/vvjTJDakWrKhmTg7pBZqlhNYdeFJxnbpv3tSMwSAbR9 7JeMZCd74OP7g1XfitmzzfyrUpeEvKXHejJvMftb4BjU+utCT2Am9tddNi5hwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674702213; a=rsa-sha256; cv=none; b=KosXymAmebwEH1jS0JNjm7ZT9XIs5HjXzxR5euvIXvmTV5mEuqEqUl9z3XiacJwsOG92L9 aQMYYdnPCNw75TMVMjCsPntHUuH+VnvF/Q/Eri+VvWx6ObdNiWJflf+vNCue5QFTYnobCR +z0rBHTT5wCsie8AKhU4t7pMVpoBBZPLguTRr8pIld+LZ+6jW4tDIHeByIbyCHOa1VOWDB eU/6ZKrc8TPvJ3hCIxZnuf6IHBzy+KRv1tGqzSp5DgSdpFu3+5fbscg4q4PVxYwyFcFSMJ vqh33AO2+pRmkFQrr4i/rjttLCS7brj07pSNiHgmoVtjq0VveOUzUJiEcIQ0qQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P2QWn1Wj6zF7S; Thu, 26 Jan 2023 03:03:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30Q33X13081167; Thu, 26 Jan 2023 03:03:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30Q33XDw081165; Thu, 26 Jan 2023 03:03:33 GMT (envelope-from git) Date: Thu, 26 Jan 2023 03:03:33 GMT Message-Id: <202301260303.30Q33XDw081165@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 08b2c7770703 - stable/13 - kgssapi: Increase timeout for kernel to gssd(8) upcalls List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 08b2c77707036768099e7df66222f75da877ebb7 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=08b2c77707036768099e7df66222f75da877ebb7 commit 08b2c77707036768099e7df66222f75da877ebb7 Author: Rick Macklem AuthorDate: 2023-01-11 21:20:31 +0000 Commit: Rick Macklem CommitDate: 2023-01-26 03:02:18 +0000 kgssapi: Increase timeout for kernel to gssd(8) upcalls It turns out that the underlying problem that caused a Kerberized NFS mount with the "gssname" option to fail was that the kernel upcall to the gssd(8) daemon would time out prematurely after 25 seconds. The gss_acquire_cred() GSSAPI library call takes about 27 seconds for the case where a desired_name argument is specified. A similarly long delay occurs when the gss_init_sec_context() call is made and the user principal's TGT has expired. Once the upcall timed out, the kernel code assumed that the gssd(8) daemon had died and closed the socket. Ironically, closing the socket did cause the gssd(8) daemon to terminate via a SIGPIPE signal. This patch increases the timeout to 5 minutes. Since a timeout should only occur when the gssd(8) daemon has died, a long timeout should be ok and seems to fix this problem. I still think that commit c33509d49a should remain in the system, since it allows the mount to complete quickly and not take nearly 30 seconds. PR: 268823 (cherry picked from commit e3c26ce5cb410e4e58e131dfea7054e0bf11e3ca) --- sys/kgssapi/gss_impl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sys/kgssapi/gss_impl.c b/sys/kgssapi/gss_impl.c index 07e10d0999c4..9b1277298e32 100644 --- a/sys/kgssapi/gss_impl.c +++ b/sys/kgssapi/gss_impl.c @@ -119,7 +119,17 @@ sys_gssd_syscall(struct thread *td, struct gssd_syscall_args *uap) */ if (cl != NULL) { int retry_count = 5; + struct timeval timo; CLNT_CONTROL(cl, CLSET_RETRIES, &retry_count); + + /* + * Set the timeout for an upcall to 5 minutes. The + * default of 25 seconds is not long enough for some + * gss_XXX() calls done by the gssd(8) daemon. + */ + timo.tv_sec = 5 * 60; + timo.tv_usec = 0; + CLNT_CONTROL(cl, CLSET_TIMEOUT, &timo); } } else cl = NULL;