Record when a client presents a different boot verifier than the
one we know about. Typically this is a sign the client has
rebooted, but sometimes it signals a conflicting client ID, which
the client's administrator will need to address.
Signed-off-by: Chuck Lever <[email protected]>
---
fs/nfsd/nfs4state.c | 11 ++++++++---
fs/nfsd/trace.h | 32 ++++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 4feadb683a2d..56ca79f55da4 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3193,6 +3193,7 @@ nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
goto out_copy;
}
/* case 5, client reboot */
+ trace_nfsd_clid_verf_mismatch(conf, rqstp, &verf);
conf = NULL;
goto out_new;
}
@@ -3988,9 +3989,13 @@ nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
if (unconf)
unhash_client_locked(unconf);
/* We need to handle only case 1: probable callback update */
- if (conf && same_verf(&conf->cl_verifier, &clverifier)) {
- copy_clid(new, conf);
- gen_confirm(new, nn);
+ if (conf) {
+ if (same_verf(&conf->cl_verifier, &clverifier)) {
+ copy_clid(new, conf);
+ gen_confirm(new, nn);
+ } else
+ trace_nfsd_clid_verf_mismatch(conf, rqstp,
+ &clverifier);
}
new->cl_minorversion = 0;
gen_callback(new, setclid, rqstp);
diff --git a/fs/nfsd/trace.h b/fs/nfsd/trace.h
index 80fd6ca6ae46..2c0392f30a86 100644
--- a/fs/nfsd/trace.h
+++ b/fs/nfsd/trace.h
@@ -592,6 +592,38 @@ TRACE_EVENT(nfsd_clid_cred_mismatch,
)
)
+TRACE_EVENT(nfsd_clid_verf_mismatch,
+ TP_PROTO(
+ const struct nfs4_client *clp,
+ const struct svc_rqst *rqstp,
+ const nfs4_verifier *verf
+ ),
+ TP_ARGS(clp, rqstp, verf),
+ TP_STRUCT__entry(
+ __field(u32, cl_boot)
+ __field(u32, cl_id)
+ __array(unsigned char, cl_verifier, NFS4_VERIFIER_SIZE)
+ __array(unsigned char, new_verifier, NFS4_VERIFIER_SIZE)
+ __array(unsigned char, addr, sizeof(struct sockaddr_in6))
+ ),
+ TP_fast_assign(
+ __entry->cl_boot = clp->cl_clientid.cl_boot;
+ __entry->cl_id = clp->cl_clientid.cl_id;
+ memcpy(__entry->cl_verifier, (void *)&clp->cl_verifier,
+ NFS4_VERIFIER_SIZE);
+ memcpy(__entry->new_verifier, (void *)verf,
+ NFS4_VERIFIER_SIZE);
+ memcpy(__entry->addr, &rqstp->rq_xprt->xpt_remote,
+ sizeof(struct sockaddr_in6));
+ ),
+ TP_printk("client %08x:%08x verf=0x%s, updated=0x%s from addr=%pISpc",
+ __entry->cl_boot, __entry->cl_id,
+ __print_hex_str(__entry->cl_verifier, NFS4_VERIFIER_SIZE),
+ __print_hex_str(__entry->new_verifier, NFS4_VERIFIER_SIZE),
+ __entry->addr
+ )
+);
+
TRACE_EVENT(nfsd_clid_inuse_err,
TP_PROTO(const struct nfs4_client *clp),
TP_ARGS(clp),
On Mon, May 10, 2021 at 11:53:10AM -0400, Chuck Lever wrote:
> Record when a client presents a different boot verifier than the
> one we know about. Typically this is a sign the client has
> rebooted, but sometimes it signals a conflicting client ID, which
> the client's administrator will need to address.
Yes. I suspect this is much more common that the cred mismatch case,
unfortunately. Without kerberos, we just don't have much to go
on--we're not supposed to use IP address, and the auth_unix cred itself
probably doesn't vary much across clients.
(Patch looks fine, just commenting on that because it's a confusing
point.)
--b.
>
> Signed-off-by: Chuck Lever <[email protected]>
> ---
> fs/nfsd/nfs4state.c | 11 ++++++++---
> fs/nfsd/trace.h | 32 ++++++++++++++++++++++++++++++++
> 2 files changed, 40 insertions(+), 3 deletions(-)
>
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 4feadb683a2d..56ca79f55da4 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -3193,6 +3193,7 @@ nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
> goto out_copy;
> }
> /* case 5, client reboot */
> + trace_nfsd_clid_verf_mismatch(conf, rqstp, &verf);
> conf = NULL;
> goto out_new;
> }
> @@ -3988,9 +3989,13 @@ nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
> if (unconf)
> unhash_client_locked(unconf);
> /* We need to handle only case 1: probable callback update */
> - if (conf && same_verf(&conf->cl_verifier, &clverifier)) {
> - copy_clid(new, conf);
> - gen_confirm(new, nn);
> + if (conf) {
> + if (same_verf(&conf->cl_verifier, &clverifier)) {
> + copy_clid(new, conf);
> + gen_confirm(new, nn);
> + } else
> + trace_nfsd_clid_verf_mismatch(conf, rqstp,
> + &clverifier);
> }
> new->cl_minorversion = 0;
> gen_callback(new, setclid, rqstp);
> diff --git a/fs/nfsd/trace.h b/fs/nfsd/trace.h
> index 80fd6ca6ae46..2c0392f30a86 100644
> --- a/fs/nfsd/trace.h
> +++ b/fs/nfsd/trace.h
> @@ -592,6 +592,38 @@ TRACE_EVENT(nfsd_clid_cred_mismatch,
> )
> )
>
> +TRACE_EVENT(nfsd_clid_verf_mismatch,
> + TP_PROTO(
> + const struct nfs4_client *clp,
> + const struct svc_rqst *rqstp,
> + const nfs4_verifier *verf
> + ),
> + TP_ARGS(clp, rqstp, verf),
> + TP_STRUCT__entry(
> + __field(u32, cl_boot)
> + __field(u32, cl_id)
> + __array(unsigned char, cl_verifier, NFS4_VERIFIER_SIZE)
> + __array(unsigned char, new_verifier, NFS4_VERIFIER_SIZE)
> + __array(unsigned char, addr, sizeof(struct sockaddr_in6))
> + ),
> + TP_fast_assign(
> + __entry->cl_boot = clp->cl_clientid.cl_boot;
> + __entry->cl_id = clp->cl_clientid.cl_id;
> + memcpy(__entry->cl_verifier, (void *)&clp->cl_verifier,
> + NFS4_VERIFIER_SIZE);
> + memcpy(__entry->new_verifier, (void *)verf,
> + NFS4_VERIFIER_SIZE);
> + memcpy(__entry->addr, &rqstp->rq_xprt->xpt_remote,
> + sizeof(struct sockaddr_in6));
> + ),
> + TP_printk("client %08x:%08x verf=0x%s, updated=0x%s from addr=%pISpc",
> + __entry->cl_boot, __entry->cl_id,
> + __print_hex_str(__entry->cl_verifier, NFS4_VERIFIER_SIZE),
> + __print_hex_str(__entry->new_verifier, NFS4_VERIFIER_SIZE),
> + __entry->addr
> + )
> +);
> +
> TRACE_EVENT(nfsd_clid_inuse_err,
> TP_PROTO(const struct nfs4_client *clp),
> TP_ARGS(clp),
>