Accepting request 207415 from Base:System

- nfsserver.init: fix typo in "--nfs-version 4".
  (bnc#849476)

- gssd-mount-hang-fix: An nfs mount will hang
  indefinitely if mounted by IP address and there
  is no reverse mapping available.  This is
  caused by a bug in gssd.
  (bnc#833543)

OBS-URL: https://build.opensuse.org/request/show/207415
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nfs-utils?expand=0&rev=109

gssd-mount-hang-fix

@@ -0,0 +1,88 @@
+From: Neil Brown <neilb@suse.de>
+Date: Thu, 14 Nov 2013 11:50:38 +1100
+Subject: [PATCH] gssd: always reply to rpc-pipe requests from kernel.
+References: bnc#833543
+
+Sometimes gssd will open a new rpc-pipe but never read requests from it
+or reply to them.  This causes the kernel to wait forever for a reply.
+
+In particular, if a filesystem is mounted by IP, and the IP has no
+hostname recorded in /etc/hosts or DNS, then gssd will not listen to
+requests and the mount will hang indefinitely.
+
+The comment in process_clnt_dir() for the "fail_keep_client:" branch
+suggests that it is for the case where we couldn't open some
+subdirectories.  However it is currently also taken if reverse DNS
+lookup fails (as well as some other lookup failures).  Those failures
+should not be treated the same as failure-to-open directories.
+
+So this patch causes a failure from read_service_info() to *not* be
+reported by process_clnt_dir_files.  This ensures that insert_clnt_poll()
+will be called and requests will be handled.
+
+In handle_gssd_upcall, the current error path (taken when the mech is
+not "krb5") does not reply to the upcall.  This is wrong.  A reply is
+always appropriate.  The only replies which aren't treated as
+transient errors are EACCES and EKEYEXPIRED, so we return the former.
+
+If read_service_info() fails then ->servicename will be NULL which will
+cause process_krb5_upcall() (quite reasonably) to become confused.  So
+in that case we don't even try to process the up-call but just reply
+with EACCES.
+
+As clp->servicename==NULL is no longer treated as fatal, it is not
+appropraite to use it to test if read_service_info() has been already
+called on a client.  Instread test clp->prog.
+
+Finally, the error path of read_service_info() will close 'fd' if it
+isn't -1, so when we close it, we should set fd to -1.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index b48d1637cd36..00b4bc779b7c 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -256,6 +256,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
+ 	if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
+ 		goto fail;
+ 	close(fd);
++	fd = -1;
+ 	buf[nbytes] = '\0';
+ 
+ 	numfields = sscanf(buf,"RPC server: %127s\n"
+@@ -403,11 +404,10 @@ process_clnt_dir_files(struct clnt_info * clp)
+ 		return -1;
+ 	snprintf(info_file_name, sizeof(info_file_name), "%s/info",
+ 			clp->dirname);
+-	if ((clp->servicename == NULL) &&
+-	     read_service_info(info_file_name, &clp->servicename,
+-				&clp->servername, &clp->prog, &clp->vers,
+-				&clp->protocol, (struct sockaddr *) &clp->addr))
+-		return -1;
++	if (clp->prog == 0)
++		read_service_info(info_file_name, &clp->servicename,
++				  &clp->servername, &clp->prog, &clp->vers,
++				  &clp->protocol, (struct sockaddr *) &clp->addr);
+ 	return 0;
+ }
+ 
+@@ -1320,11 +1320,14 @@ handle_gssd_upcall(struct clnt_info *clp)
+ 		}
+ 	}
+ 
+-	if (strcmp(mech, "krb5") == 0)
++	if (strcmp(mech, "krb5") == 0 && clp->servername)
+ 		process_krb5_upcall(clp, uid, clp->gssd_fd, target, service);
+-	else
+-		printerr(0, "WARNING: handle_gssd_upcall: "
+-			    "received unknown gss mech '%s'\n", mech);
++	else {
++		if (clp->servername)
++			printerr(0, "WARNING: handle_gssd_upcall: "
++				 "received unknown gss mech '%s'\n", mech);
++		do_error_downcall(clp->gssd_fd, uid, -EACCES);
++	}
+ 
+ out:
+ 	free(lbuf);

nfs-utils.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Mon Nov 18 03:35:45 UTC 2013 - nfbrown@suse.com
+
+- nfsserver.init: fix typo in "--nfs-version 4".
+  (bnc#849476)
+
+-------------------------------------------------------------------
+Sun Nov 17 23:06:16 UTC 2013 - nfbrown@suse.com
+
+- gssd-mount-hang-fix: An nfs mount will hang
+  indefinitely if mounted by IP address and there
+  is no reverse mapping available.  This is
+  caused by a bug in gssd.
+  (bnc#833543)
+
 -------------------------------------------------------------------
 Wed Nov  6 02:06:45 UTC 2013 - nfbrown@suse.com
 

nfs-utils.spec

@@ -81,6 +81,8 @@ Patch8:         mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch
 Patch9:         exportfs-exit-with-error-code-if-there-was-any-error.patch
 # PATCH-FIX_UPSTREAM exportfs-report-failure-if-asked-to-unexport-somethi.patch nfbrown@suse.de
 Patch10:        exportfs-report-failure-if-asked-to-unexport-somethi.patch
+# PATCH-FIX-UPSTRAM gssd-mount-hang-fix bnc#833543 nfbrown@suse.de
+Patch11:        gssd-mount-hang-fix
 Suggests:       python-base
 
 %description
@@ -141,6 +143,7 @@ This package contains additional NFS documentation.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 cp %{S:6} .
 
 %build

nfsserver.init

@@ -87,6 +87,11 @@ if [ -z "$RPC_PIPEFS_DIR" ]; then
     RPC_PIPEFS_DIR=/var/lib/nfs/rpc_pipefs
 fi
 
+case "$NFS4_SERVER_MINOR_VERSION" in
+    [0123456789] ) ;;
+    * ) NFS4_SERVER_MINOR_VERSION=0
+esac
+
 check_for_nfsdfs() {
     HAVE_NFSDFS="no"
     while read dummy type ; do
@@ -205,7 +210,7 @@ case "$1" in
        VERSION_PARAMS="--no-nfs-version 4"
       fi
       if [ "$NFS4_SERVER_MINOR_VERSION" != "0" ]; then
-       VERSION_PARAMS="$VERSION_PARAMS -nfs-version 4 -nfs-version 4.$NFS4_SERVER_MINOR_VERSION"
+       VERSION_PARAMS="$VERSION_PARAMS --nfs-version 4 -nfs-version 4.$NFS4_SERVER_MINOR_VERSION"
       fi
       if [ -n "$NFSV4LEASETIME" -a -f /proc/fs/nfsd/nfsv4leasetime ]; then
         echo "$NFSV4LEASETIME" > /proc/fs/nfsd/nfsv4leasetime