From patchwork Sun Jan 19 22:08:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8434 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YbngF5BbCz3x3f for ; Sun, 19 Jan 2025 22:08:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YbngB1v1Yz2Tn; Sun, 19 Jan 2025 22:08:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Ybng96LqQz33dN; Sun, 19 Jan 2025 22:08:53 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Ybng642J4z33dN for ; Sun, 19 Jan 2025 22:08:50 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Ybng62XTwz1x0; Sun, 19 Jan 2025 22:08:50 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1737324530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8giheHPCjMmMjm6LDibE6JNPKapMQAvWmZTIXF5c1ZU=; b=+WjXd3PDrALeEaeujep4OySW3GVbfarnllJq5WWwYfgPKoVkg9yIaHMHZ/pntars6nh/07 wFQkSTCGw6ZItfAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1737324530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8giheHPCjMmMjm6LDibE6JNPKapMQAvWmZTIXF5c1ZU=; b=DOitf9n1sbJP6krtWIoYduNCzP3MdTbS8tPyMrfTMIfY8BzdxET32DmKL70xtk/W+0dkkD p5Qq5Rm+efdxXr4UdDtjbnV/+uGGebtqQ86ydeb2aaexLS4cxMHCrUdSxpcJGrIYLxPpLD 6/bIbi3a7sGwodX8ksmMnuAXctkv5npc1EVONC3Ra0LpWmZnzOzs6oZzG0cz/bmrzQnxtD oMsKSgcjJI9uvnhaQ5LaJxkpCcu7V7fWW1QZ/f0uPYKSdtQpm5mOwtlZAWohUamX2M9UvX 2nKUV0CmQ16dAf2EPJoGuypKPXunoq4i6KGy+SspJEvoNw3ASRCujzBeZ8uXgg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] nfs: Update to version number 2.8.2 Date: Sun, 19 Jan 2025 23:08:41 +0100 Message-ID: <20250119220844.3292084-2-adolf.belka@ipfire.org> In-Reply-To: <20250119220844.3292084-1-adolf.belka@ipfire.org> References: <20250119220844.3292084-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: A4X4SLMLN6TGVYNGXMH3ELGN3XINFYE5 X-Message-ID-Hash: A4X4SLMLN6TGVYNGXMH3ELGN3XINFYE5 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from versionj number 2.7.1 to 2.8.2 - Update of rootfile - Changelog 2.8.2 exports: Fix referrals when --enable-junction=no Commit 15dc0bea ("exportd: Moved cache upcalls routines into libexport.a") caused write_fsloc() to be elided when junction support is disabled. Remove the not needed #ifdef HAVE_JUNCTION_SUPPORT which blocks the referrals from working when --enable-junction=no is set. (only the #ifdef HAVE_JUNCTION_SUPPORT should be around actual junction code). Fixes: 15dc0bea ("exportd: Moved cache upcalls routines into libexport.a") Link: https://bugs.debian.org/1035908 Link: https://bugs.debian.org/1083098 nfsidmap(v2): Add guards around [nfsidmap] usages of [sysconf]. sysconf(_SC_GETPW_R_SIZE_MAX) and sysconf(_SC_GETGR_R_SIZE_MAX) return -1 on musl, which causes either segmentation faults or ENOMEM errors. Replace all usages of sysconf with dedicated methods that guard against a result of -1. libnsm(v2): fix the safer atomic filenames fix Commit 9f7a91b51ffc ("libnsm: safer atomic filenames") messed up the length arguement to snprintf() in nsm_make_temp_pathname such that the length is longer than the computed string. When compiled with "-O -D_FORTIFY_SOURCE=3", __snprintf_chk will fail and abort statd. The fix is to correct the original size calculation, then pull one from the snprintf length for the final "/". Revert "libnsm: fix the safer atomic filenames fix" This reverts commit 8fcddae4437510137baf108f477d116ce345ce80. libnsm: fix the safer atomic filenames fix Commit 9f7a91b51ffc ("libnsm: safer atomic filenames") messed up the length arguement to snprintf() in nsm_make_temp_pathname such that the length is longer than the computed string. When compiled with "-O -D_FORTIFY_SOURCE=3", __snprintf_chk will fail and abort statd. The fix is to correct the original size calculation, then pull one from the snprintf length for the final "/". nfsd: dump default number of threads to 16 nfsdctl defaults to 16 threads. Since the nfs-server.service file first tries nfsdctl and then falls back to rpc.nfsd, it would probably be wise to make the default in rpc.nfsd and nfs.conf 16, for the sake of consistency and to avoid surprises. autoconf: don't build nfsdcltrack by default Now that we've started the process to remove legacy v4 client tracking methods, let's stop building nfsdcltrack by default. nfs(5): Update rsize/wsize options The rsize/wsize values are not multiples of 1024 but multiples of the system's page size or powers of 2 if < system's page size as defined in fs/nfs/internal.h:nfs_io_size(). nfsdctl: clarify when versions can be set on the man page Attempting to make version changes while there are nfsd threads running fails with -EBUSY, so make note of it on the man page. nfsdctl: fix up the help text in version_usage() The help text in version_usage() has examples with a 'v' character in the version string, but the format string in the sscanf() call in version_func() doesn't contain a 'v' character. libnsm: safer atomic filenames We've gotten a report of reboot notifications being sent to domains that end in '.new', which can happen if the NSM temporary pathname code leaves a file behind. Let's fix this up by prepending a single '.' to the temp path which will never be resolvable as a DNS record. https://lore.kernel.org/linux-nfs/04D30B5A-C53E-4920-ADCB-C77F5577669E@oracle.com/T/#t nfs-utils: fixup statd testing simulator host arg The getopt setup for the host arg was not expecing a value, update it as expected reexport.h: Include unistd.h to compile with musl Makefile.am: allow mount.nfs to be writeable by owner On Red Hat-based systems, the debug symbol files are built with a .gdb_index section to speed up gdb initialization. The gdb-add-index program calls objcopy to merge the index file into the object file. That fails if the object file isn't writeable by the owner. mount.nfs: retry NFSv3 mount after NFSv4 failure in auto negotiation The problem happens when a v3 mount fails with ETIMEDOUT after the v4 mount failed with EPROTONOSUPPORT, in mount auto negotiation. It immediately breaks from the "for" loop in nfsmount_fg() or nfsmount_child() due to EPROTONOSUPPORT, never doing the expected retries until timeout. 2.8.1 nfs-utils: use getpwuid_r() and getpwnam_r() in gssd gssd uses getpwuid(3) and getpwnam(3) in a pthreads context but these functions are not thread safe. nfsdcld: prevent from accessing /var/lib/nfs/nfsdcld in read-only file system during boot I saw a VMWare guest that hit a rare condition during boot; nfsdcld started too early to check access on /var/lib/nfs/nfsdcld which were still in read-only file system as follows: nfsdcld[...]: Unexpected error when checking access on /var/lib/nfs/nfsdcld: Read-only file system systemd[1]: nfsdcld.service: Main process exited, code=exited, status=226/NAMESPACE systemd[1]: nfsdcld.service: Failed with result 'exit-code'. nfsdcld.service needs to wait the root file system to be remounted at least. systemd: use nfsdctl to start and stop the nfs server Attempt to use nfsdctl to start and stop the nfs-server. If that fails for any reason, use rpc.nfsd to do it instead. nfsdctl: asciidoc source for the manpage Convert to manpage with: asciidoctor -b manpage nfsdctl.adoc nfsdctl: add the nfsdctl utility to nfs-utils This tool is based on Lorenzo's original nfsdctl tool [1]. His original tool used getopt_long to indicate the command, but that's somewhat limiting. This converts it to a subcommand-based interface, where each subcommand can take its own options, in the spirit of commands like nmcli or virsh. There are currently 6 different subcommands: pool-mode get/set current pool mode setting listener get/set listener info version get/set supported NFS versions threads get/set nfsd thread settings status get current RPC processing info autostart start server with settings from /etc/nfs.conf Each can take different options, and we can expand this interface later with more commands as necessary. This is based on Lorenzo's original userland tool: https://github.com/LorenzoBianconi/nfsdctl rpc.idmapd: nfsopen() failures should not be fatal dirscancb() loops over all clnt* subdirectories of /run/rpc_pipefs/nfs/. Some of these directories contain /idmap files, others don't. nfsopen() returns -1 for the latter; we then want to skip the directory, not abort the entire scan. mount.nfs: improve EPROTO error message for RDMA mounts When mounting NFS shares using RDMA, users may encounter this rather unclear error message: mount.nfs: Protocol error Often there are either no RDMA interfaces existing, or that routing is being done via other interfaces. This patch enhances the `mount_error` function to provide a more informative message in such cases. support/junction/path.c: Fix buld for musl Fixed: path.c:164:24: error: implicit declaration of function 'strchrnul'; did you mean 'strchr'? [-Wimplicit-function-declaration] [snip] path.c:239:27: error: 'NAME_MAX' undeclared (first use in this function); did you mean 'AF_MAX'? support/include/junction.h: Define macros for musl Fixed 1: In file included from cache.c:1217: ../../support/include/junction.h:128:21: error: expected ';' before 'char' 128 | __attribute_malloc__ | ^ | ; 129 | char **nfs_dup_string_array(char **array); Fixed 2: junction.c: In function 'junction_set_sticky_bit': junction.c:164:39: error: 'ALLPERMS' undeclared (first use in this function) 164 | stb.st_mode &= (unsigned int)~ALLPERMS; nfsdcld: don't send null client ids to the kernel It's apparently possible for the sqlite database to get corrupted and cause one or more rows to have null in the id column. The knfsd fix was posted here: https://lore.kernel.org/linux-nfs/20240903111446.659884-1-lilingfeng3@huawei.com/ nfsdcld should have a similar fix. If we encounter a client record with a null id, just skip it instead of sending it to the kernel. Signed-off-by: Adolf Belka --- config/rootfiles/packages/nfs | 4 ++-- lfs/nfs | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/packages/nfs b/config/rootfiles/packages/nfs index 2090e30e5..b8acffb58 100644 --- a/config/rootfiles/packages/nfs +++ b/config/rootfiles/packages/nfs @@ -1,7 +1,6 @@ etc/rc.d/init.d/nfs-server sbin/mount.nfs sbin/mount.nfs4 -sbin/nfsdcltrack sbin/umount.nfs sbin/umount.nfs4 #usr/include/nfsidmap.h @@ -35,6 +34,7 @@ usr/sbin/nfsconf usr/sbin/nfsdcld usr/sbin/nfsdclddb usr/sbin/nfsdclnts +usr/sbin/nfsdctl usr/sbin/nfsidmap usr/sbin/nfsiostat usr/sbin/nfsref @@ -68,7 +68,7 @@ usr/sbin/start-statd #usr/share/man/man8/nfsdcld.8 #usr/share/man/man8/nfsdclddb.8 #usr/share/man/man8/nfsdclnts.8 -#usr/share/man/man8/nfsdcltrack.8 +#usr/share/man/man8/nfsdctl.8 #usr/share/man/man8/nfsidmap.8 #usr/share/man/man8/nfsiostat.8 #usr/share/man/man8/nfsref.8 diff --git a/lfs/nfs b/lfs/nfs index 3c7766645..a81586514 100644 --- a/lfs/nfs +++ b/lfs/nfs @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Support Utilities for Kernel nfsd -VER = 2.7.1 +VER = 2.8.2 THISAPP = nfs-utils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nfs -PAK_VER = 24 +PAK_VER = 25 DEPS = rpcbind @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 0b62f9e86c687c5608947b667526b23cb480c1c526a4303db4d3e551383e5d482ea5b088e26d7f70240abcac405db3668f71377679294bd80796b42717d05f3b +$(DL_FILE)_BLAKE2 = b3b876dd1b4c745f4fe26b6ae9ec4690f7a946f5616276ce543a7cf0504156408e59682499b80aca4d09fe819de75c6499a11726bec0a392a277685199b56ac6 install : $(TARGET)