Hi Andrew,
nfsd is still broken in 2.6.14-rc2-mm1; the following procedure is
reproducable:
rabbit:~# echo 2 >/proc/fs/nfsd/threads
... /var/log/daemon.log says:
Sep 22 13:52:55 rabbit kernel: NFSD: Using /var/lib/nfs/v4recovery as
the NFSv4 state recovery directory
Sep 22 13:52:55 rabbit kernel: NFSD: starting 90-second grace period
Sep 22 13:52:55 rabbit portmap[3191]: connect from 127.0.0.1 to
set(nfs): request from unprivileged port
Your -mm patches make the sunrpc client connect to the portmapper with
a non-privileged source port. This is due to a change in
net/sunrpc/pmap_clnt.c, which manually resets the xprt->resvport
field. My tiny patch removes this line. I have no idea why the line
was added in the first place, does somebody know better?
Max
Max Kellermann wrote:
> Your -mm patches make the sunrpc client connect to the portmapper with
> a non-privileged source port. This is due to a change in
> net/sunrpc/pmap_clnt.c, which manually resets the xprt->resvport
> field. My tiny patch removes this line. I have no idea why the line
> was added in the first place, does somebody know better?
Yes this is a bug, since most Linux portmapper will not
allow ports to be set or unset using non-privilege ports.
But non-privilege ports can be used to get ports information.
So I would suggest the following patch that stops the
use of privileges ports on only get port requests.
steved.
Max Kellermann <[email protected]> wrote:
>
> nfsd is still broken in 2.6.14-rc2-mm1; the following procedure is
> reproducable:
>
> rabbit:~# echo 2 >/proc/fs/nfsd/threads
>
> ... /var/log/daemon.log says:
>
> Sep 22 13:52:55 rabbit kernel: NFSD: Using /var/lib/nfs/v4recovery as
> the NFSv4 state recovery directory
> Sep 22 13:52:55 rabbit kernel: NFSD: starting 90-second grace period
> Sep 22 13:52:55 rabbit portmap[3191]: connect from 127.0.0.1 to
> set(nfs): request from unprivileged port
>
> Your -mm patches make the sunrpc client connect to the portmapper with
> a non-privileged source port. This is due to a change in
> net/sunrpc/pmap_clnt.c, which manually resets the xprt->resvport
> field. My tiny patch removes this line. I have no idea why the line
> was added in the first place, does somebody know better?
>
That change comes from Trond's git tree. I don't know why the change was
made.
Trond, rsync://client.linux-nfs.org/pub/linux/nfs-2.6.git hasn't been
updated in quite some time, I think. I still need to revert the oopsy
rpc_mkdir() change. Am I using the right tree?
>
> [nfsd-pmap-fix-privileged-port.patch text/plain (522 bytes)]
> --- linux-2.6.14-rc2-mm1/net/sunrpc/pmap_clnt.c.orig 2005-09-22 14:58:14.000000000 +0200
> +++ linux-2.6.14-rc2-mm1/net/sunrpc/pmap_clnt.c 2005-09-22 14:58:16.000000000 +0200
> @@ -208,7 +208,6 @@
> if (IS_ERR(xprt))
> return (struct rpc_clnt *)xprt;
> xprt->addr.sin_port = htons(RPC_PMAP_PORT);
> - xprt->resvport = 0;
>
> /* printk("pmap: create clnt\n"); */
> clnt = rpc_new_client(xprt, hostname,