From owner-dev-commits-src-branches@freebsd.org Sun Apr 11 22:29:31 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 276325E0AFC; Sun, 11 Apr 2021 22:29:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FJRPQ6Dvbz4hk4; Sun, 11 Apr 2021 22:29:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C4DC3412B; Sun, 11 Apr 2021 22:29:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13BMTUtr021107; Sun, 11 Apr 2021 22:29:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13BMTUDa021106; Sun, 11 Apr 2021 22:29:30 GMT (envelope-from git) Date: Sun, 11 Apr 2021 22:29:30 GMT Message-Id: <202104112229.13BMTUDa021106@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 09d112c8a015 - stable/13 - nfsd: do not implicitly bind the back channel for NFSv4.1/4.2 mounts MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 09d112c8a015e41e728864b967c1666cc1c40c93 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Apr 2021 22:29:31 -0000 The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=09d112c8a015e41e728864b967c1666cc1c40c93 commit 09d112c8a015e41e728864b967c1666cc1c40c93 Author: Rick Macklem AuthorDate: 2021-03-30 21:31:05 +0000 Commit: Rick Macklem CommitDate: 2021-04-11 22:26:14 +0000 nfsd: do not implicitly bind the back channel for NFSv4.1/4.2 mounts The NFSv4.1 (and 4.2 on 13) server incorrectly binds a new TCP connection to the back channel when first used by an RPC with a Sequence op in it (almost all of them). RFC5661 specifies that only the fore channel should be bound. This was done because early clients (including FreeBSD) did not do the required BindConnectionToSession RPC. Unfortunately, this breaks the Linux client when the "nconnects" mount option is used, since the server may do a callback on the incorrect TCP connection. This patch converts the server behaviour to that required by the RFC. It also makes the server test/indicate failure of the back channel more aggressively. Until this patch is applied to the server, the "nconnects" mount option is not recommended for a Linux NFSv4.1/4.2 client mount to the FreeBSD server. (cherry picked from commit 01ae8969a9eed652fbd894faa5b31b1593079ed8) --- sys/fs/nfsserver/nfs_nfsdstate.c | 33 ++++----------------------------- 1 file changed, 4 insertions(+), 29 deletions(-) diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 1f6e8b7ef526..5ac37ed07cae 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -6209,7 +6209,6 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_t sequenceid, struct nfsdsession *sep; struct nfssessionhash *shp; int error; - SVCXPRT *savxprt; shp = NFSSESSIONHASH(nd->nd_sessionid); NFSLOCKSESSION(shp); @@ -6235,36 +6234,11 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_t sequenceid, nd->nd_maxreq = sep->sess_maxreq; nd->nd_maxresp = sep->sess_maxresp; - /* - * If this session handles the backchannel, save the nd_xprt for this - * RPC, since this is the one being used. - * RFC-5661 specifies that the fore channel will be implicitly - * bound by a Sequence operation. However, since some NFSv4.1 clients - * erroneously assumed that the back channel would be implicitly - * bound as well, do the implicit binding unless a - * BindConnectiontoSession has already been done on the session. - */ - savxprt = NULL; - if (sep->sess_clp->lc_req.nr_client != NULL && - sep->sess_cbsess.nfsess_xprt != nd->nd_xprt && - (sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0 && - (sep->sess_clp->lc_flags & LCL_DONEBINDCONN) == 0) { - NFSD_DEBUG(2, - "nfsrv_checksequence: implicit back channel bind\n"); - savxprt = sep->sess_cbsess.nfsess_xprt; - SVC_ACQUIRE(nd->nd_xprt); - nd->nd_xprt->xp_p2 = - sep->sess_clp->lc_req.nr_client->cl_private; - nd->nd_xprt->xp_idletimeout = 0; /* Disable timeout. */ - sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - } - *sflagsp = 0; - if (sep->sess_clp->lc_req.nr_client == NULL) + if (sep->sess_clp->lc_req.nr_client == NULL || + (sep->sess_clp->lc_flags & LCL_CBDOWN) != 0) *sflagsp |= NFSV4SEQ_CBPATHDOWN; NFSUNLOCKSESSION(shp); - if (savxprt != NULL) - SVC_RELEASE(savxprt); if (error == NFSERR_EXPIRED) { *sflagsp |= NFSV4SEQ_EXPIREDALLSTATEREVOKED; error = 0; @@ -6464,7 +6438,8 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t *sessionid, int *foreaftp) nd->nd_xprt->xp_idletimeout = 0; sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; sep->sess_crflags |= NFSV4CRSESS_CONNBACKCHAN; - clp->lc_flags |= LCL_DONEBINDCONN; + clp->lc_flags |= LCL_DONEBINDCONN | + LCL_NEEDSCBNULL; if (*foreaftp == NFSCDFS4_BACK) *foreaftp = NFSCDFS4_BACK; else