git: 5fb6cfadcd9d - stable/12 - nfsd: do not implicitly bind the back channel for NFSv4.1/4.2 mounts
Rick Macklem
rmacklem at FreeBSD.org
Sun Apr 11 22:46:41 UTC 2021
The branch stable/12 has been updated by rmacklem:
URL: https://cgit.FreeBSD.org/src/commit/?id=5fb6cfadcd9dbc850a018a3690a2b775c01fff8f
commit 5fb6cfadcd9dbc850a018a3690a2b775c01fff8f
Author: Rick Macklem <rmacklem at FreeBSD.org>
AuthorDate: 2021-03-30 21:31:05 +0000
Commit: Rick Macklem <rmacklem at FreeBSD.org>
CommitDate: 2021-04-11 22:43:20 +0000
nfsd: do not implicitly bind the back channel for NFSv4.1/4.2 mounts
The NFSv4.1 (and 4.2 on 13) server incorrectly binds
a new TCP connection to the back channel when first
used by an RPC with a Sequence op in it (almost all of them).
RFC5661 specifies that only the fore channel should be bound.
This was done because early clients (including FreeBSD)
did not do the required BindConnectionToSession RPC.
Unfortunately, this breaks the Linux client when the
"nconnects" mount option is used, since the server
may do a callback on the incorrect TCP connection.
This patch converts the server behaviour to that
required by the RFC. It also makes the server test/indicate
failure of the back channel more aggressively.
Until this patch is applied to the server, the
"nconnects" mount option is not recommended for a Linux
NFSv4.1/4.2 client mount to the FreeBSD server.
PR: 254560
(cherry picked from commit 01ae8969a9eed652fbd894faa5b31b1593079ed8)
---
sys/fs/nfsserver/nfs_nfsdstate.c | 33 ++++-----------------------------
1 file changed, 4 insertions(+), 29 deletions(-)
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c
index 5b92e7c297fa..d9fd1bbb588d 100644
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -6189,7 +6189,6 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_t sequenceid,
struct nfsdsession *sep;
struct nfssessionhash *shp;
int error;
- SVCXPRT *savxprt;
shp = NFSSESSIONHASH(nd->nd_sessionid);
NFSLOCKSESSION(shp);
@@ -6211,36 +6210,11 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_t sequenceid,
nd->nd_clientid.qval = sep->sess_clp->lc_clientid.qval;
nd->nd_flag |= ND_IMPLIEDCLID;
- /*
- * If this session handles the backchannel, save the nd_xprt for this
- * RPC, since this is the one being used.
- * RFC-5661 specifies that the fore channel will be implicitly
- * bound by a Sequence operation. However, since some NFSv4.1 clients
- * erroneously assumed that the back channel would be implicitly
- * bound as well, do the implicit binding unless a
- * BindConnectiontoSession has already been done on the session.
- */
- savxprt = NULL;
- if (sep->sess_clp->lc_req.nr_client != NULL &&
- sep->sess_cbsess.nfsess_xprt != nd->nd_xprt &&
- (sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0 &&
- (sep->sess_clp->lc_flags & LCL_DONEBINDCONN) == 0) {
- NFSD_DEBUG(2,
- "nfsrv_checksequence: implicit back channel bind\n");
- savxprt = sep->sess_cbsess.nfsess_xprt;
- SVC_ACQUIRE(nd->nd_xprt);
- nd->nd_xprt->xp_p2 =
- sep->sess_clp->lc_req.nr_client->cl_private;
- nd->nd_xprt->xp_idletimeout = 0; /* Disable timeout. */
- sep->sess_cbsess.nfsess_xprt = nd->nd_xprt;
- }
-
*sflagsp = 0;
- if (sep->sess_clp->lc_req.nr_client == NULL)
+ if (sep->sess_clp->lc_req.nr_client == NULL ||
+ (sep->sess_clp->lc_flags & LCL_CBDOWN) != 0)
*sflagsp |= NFSV4SEQ_CBPATHDOWN;
NFSUNLOCKSESSION(shp);
- if (savxprt != NULL)
- SVC_RELEASE(savxprt);
if (error == NFSERR_EXPIRED) {
*sflagsp |= NFSV4SEQ_EXPIREDALLSTATEREVOKED;
error = 0;
@@ -6440,7 +6414,8 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t *sessionid, int *foreaftp)
nd->nd_xprt->xp_idletimeout = 0;
sep->sess_cbsess.nfsess_xprt = nd->nd_xprt;
sep->sess_crflags |= NFSV4CRSESS_CONNBACKCHAN;
- clp->lc_flags |= LCL_DONEBINDCONN;
+ clp->lc_flags |= LCL_DONEBINDCONN |
+ LCL_NEEDSCBNULL;
if (*foreaftp == NFSCDFS4_BACK)
*foreaftp = NFSCDFS4_BACK;
else
More information about the dev-commits-src-all
mailing list