Summary: | NFSv4.1/4.2 client does not do a BindConnectionToSession for new TCP connections | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Rick Macklem <rmacklem> | ||||||
Component: | kern | Assignee: | Rick Macklem <rmacklem> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Some People | Flags: | rmacklem:
mfc-stable13+
rmacklem: mfc-stable12+ rmacklem: mfc-stable11? |
||||||
Priority: | --- | ||||||||
Version: | Unspecified | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Created attachment 224005 [details] same as fix NFSv4.1/4.2 ... but for FreeBSD12 Same as attachment 223883 [details], but for FreeBSD12 instead of FreeBSD13/current. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=7763814fc9c27a98fefcbf582d7a936ea43af23a commit 7763814fc9c27a98fefcbf582d7a936ea43af23a Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2021-04-11 21:34:57 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2021-04-11 21:34:57 +0000 nfsv4 client: do the BindConnectionToSession as required During a recent testing event, it was reported that the NFSv4.1/4.2 server erroneously bound the back channel to a new TCP connection. RFC5661 specifies that the fore channel is implicitly bound to a new TCP connection when an RPC with Sequence (almost any of them) is done on it. For the back channel to be bound to the new TCP connection, an explicit BindConnectionToSession must be done as the first RPC on the new connection. Since new TCP connections are created by the "reconnect" layer (sys/rpc/clnt_rc.c) of the krpc, this patch adds an optional upcall done by the krpc whenever a new connection is created. The patch also adds the specific upcall function that does a BindConnectionToSession and configures the krpc to call it when required. This is necessary for correct interoperability with NFSv4.1/NFSv4.2 servers when the nfscbd daemon is running. If doing NFSv4.1/NFSv4.2 mounts without this patch, it is recommended that the nfscbd daemon not be running and that the "pnfs" mount option not be specified. PR: 254840 Comments by: asomers MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D29475 sys/fs/nfs/nfs_commonsubs.c | 5 ++- sys/fs/nfs/nfs_var.h | 1 + sys/fs/nfs/nfscl.h | 5 +++ sys/fs/nfs/nfsport.h | 9 +++-- sys/fs/nfs/nfsproto.h | 5 ++- sys/fs/nfsclient/nfs_clrpcops.c | 90 +++++++++++++++++++++++++++++++++++++++++ sys/rpc/clnt.h | 6 +++ sys/rpc/clnt_rc.c | 15 +++++++ sys/rpc/krpc.h | 3 ++ 9 files changed, 133 insertions(+), 6 deletions(-) A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=5a45802b3c8c3962649f47b01453c819dd137da1 commit 5a45802b3c8c3962649f47b01453c819dd137da1 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2021-04-11 21:34:57 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2021-04-30 00:43:50 +0000 nfsv4 client: do the BindConnectionToSession as required During a recent testing event, it was reported that the NFSv4.1/4.2 server erroneously bound the back channel to a new TCP connection. RFC5661 specifies that the fore channel is implicitly bound to a new TCP connection when an RPC with Sequence (almost any of them) is done on it. For the back channel to be bound to the new TCP connection, an explicit BindConnectionToSession must be done as the first RPC on the new connection. Since new TCP connections are created by the "reconnect" layer (sys/rpc/clnt_rc.c) of the krpc, this patch adds an optional upcall done by the krpc whenever a new connection is created. The patch also adds the specific upcall function that does a BindConnectionToSession and configures the krpc to call it when required. This is necessary for correct interoperability with NFSv4.1/NFSv4.2 servers when the nfscbd daemon is running. If doing NFSv4.1/NFSv4.2 mounts without this patch, it is recommended that the nfscbd daemon not be running and that the "pnfs" mount option not be specified. PR: 254840 (cherry picked from commit 7763814fc9c27a98fefcbf582d7a936ea43af23a) sys/fs/nfs/nfs_commonsubs.c | 5 ++- sys/fs/nfs/nfs_var.h | 1 + sys/fs/nfs/nfscl.h | 5 +++ sys/fs/nfs/nfsport.h | 9 +++-- sys/fs/nfs/nfsproto.h | 5 ++- sys/fs/nfsclient/nfs_clrpcops.c | 90 +++++++++++++++++++++++++++++++++++++++++ sys/rpc/clnt.h | 6 +++ sys/rpc/clnt_rc.c | 15 +++++++ sys/rpc/krpc.h | 3 ++ 9 files changed, 133 insertions(+), 6 deletions(-) A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=0a1fdb867c72a1009b4a194deb9978289cf5a3cd commit 0a1fdb867c72a1009b4a194deb9978289cf5a3cd Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2021-04-11 21:34:57 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2021-04-30 23:16:11 +0000 nfsv4 client: do the BindConnectionToSession as required During a recent testing event, it was reported that the NFSv4.1 server erroneously bound the back channel to a new TCP connection. RFC5661 specifies that the fore channel is implicitly bound to a new TCP connection when an RPC with Sequence (almost any of them) is done on it. For the back channel to be bound to the new TCP connection, an explicit BindConnectionToSession must be done as the first RPC on the new connection. Since new TCP connections are created by the "reconnect" layer (sys/rpc/clnt_rc.c) of the krpc, this patch adds an optional upcall done by the krpc whenever a new connection is created. The patch also adds the specific upcall function that does a BindConnectionToSession and configures the krpc to call it when required. This is necessary for correct interoperability with NFSv4.1 servers when the nfscbd daemon is running. If doing NFSv4.1 mounts without this patch, it is recommended that the nfscbd daemon not be running and that the "pnfs" mount option not be specified. PR: 254840 (cherry picked from commit 7763814fc9c27a98fefcbf582d7a936ea43af23a) sys/fs/nfs/nfs_commonsubs.c | 5 ++- sys/fs/nfs/nfs_var.h | 1 + sys/fs/nfs/nfscl.h | 5 +++ sys/fs/nfs/nfsport.h | 7 +++- sys/fs/nfs/nfsproto.h | 5 ++- sys/fs/nfsclient/nfs_clrpcops.c | 89 +++++++++++++++++++++++++++++++++++++++++ sys/rpc/clnt.h | 6 +++ sys/rpc/clnt_rc.c | 15 +++++++ sys/rpc/krpc.h | 3 ++ 9 files changed, 131 insertions(+), 5 deletions(-) Patch has been MFC'd to stable/12 and stable/13. I do not plan on MFC'ng to stable/11 at this time, but will not close the patch yet, in case that becomes necessary. Doing mounts without the nfscbd(8) daemon running avoids ay need for this patch, so long as the "pnfs" mount option is not used. Since the 13.1 release has this fix, close the PR. |
Created attachment 223883 [details] fix NFSv4.1/4.2 client to do a BindConnectionToSession to maintain the backchannel When the FreeBSD NFS client does a 4.1/4.2 mount and the nfscbd(8) daemon is running, it binds the TCP connection to both the fore (client->server RPCs) and back (server->client callback RPCs) via CreateSession. When the client finds the NFS server unresponsive, it creates a new TCP connection. It then does an RPC with a Sequence operation in it, binding the new connection to the fore channel, but not the back channel. --> callback RPCs can no longer work. The attachment patch modifies the client so that the krpc does a BindConnectionToSession RPC as the first RPC on the new connection, so that both the fore and back channels are bound, as the were for the original connection. Loss of a back channel/ability to do callback RPCs only affects delegations and pNFS. --> Until patched the workaround is to not run the nfscbd(8) daemon on the client so that callbacks are never enabled and the NFSv4.n server should never issue delegations to the client.