Return-Path: linux-nfs-owner@vger.kernel.org Received: from cantor2.suse.de ([195.135.220.15]:51556 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754614Ab3KLWPw (ORCPT ); Tue, 12 Nov 2013 17:15:52 -0500 Date: Wed, 13 Nov 2013 09:15:37 +1100 From: NeilBrown To: Steve Dickson Cc: Jeff Layton , trond.myklebust@netapp.com, linux-nfs@vger.kernel.org Subject: Re: [PATCH 0/2] sunrpc: more reliable detection of running gssd Message-ID: <20131113091537.059162de@notabene.brown> In-Reply-To: <52824784.4080901@RedHat.com> References: <1384261225-28559-1-git-send-email-jlayton@redhat.com> <52824784.4080901@RedHat.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/HNANzcjp88UJ2tW1mNj.Ab1"; protocol="application/pgp-signature" Sender: linux-nfs-owner@vger.kernel.org List-ID: --Sig_/HNANzcjp88UJ2tW1mNj.Ab1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 12 Nov 2013 10:21:40 -0500 Steve Dickson wrote: > On 12/11/13 08:00, Jeff Layton wrote: > > We've gotten a lot of complaints recently about the 15s delay when > > doing a sec=3Dsys mount without gssd running. > >=20 > > A large part of the problem is that the kernel isn't able to reliably > > detect when rpc.gssd is running. What we currently have is a > > gssd_running flag that is initially set to 1. When an upcall times out, > > that gets set to 0, and subsequent upcalls get a much shorter timeout > > (1/4s instead of 15s). It's reset back to '1' when a pipe is reopened. > >=20 > > The approach of using a flag like this is pretty inadequate. First, it > > doesn't eliminate the long delay on the initial upcall attempt. Also, > > if gssd spontaneously dies, then the flag will still be set to 1 until > > the next upcall attempt times out. Finally, it currently requires that > > the pipe be reopened in order to reset the flag back to true. > >=20 > > This patchset replaces that flag with a more reliable mechanism for > > detecting when gssd is running. When rpc_pipefs is mounted, it creates a > > new "dummy" pipe that gssd will naturally find and hold open. We'll > > never send an upcall down this pipe, and writing to it always fails. > > But, since we can detect when something is holding it open, we can use > > that to determine whether gssd is running. > >=20 > > The current patch just uses this mechanism to replace the gssd_running > > flag with this new mechanism. This shortens the long delay when mounting > > without gssd running, but does not silence these warnings: > >=20 > > RPC: AUTH_GSS upcall timed out. > > Please check user daemon is running. > >=20 > > I'm willing to add a patch to do that, but I'm a little unclear on the > > best way to do so. Those messages are generated by the auth_gss code. We > > probably do want to print them if someone mounted with sec=3Dkrb5, but > > suppress them when mounting with sec=3Dsys. > >=20 > > Do we need to somehow pass down that intent to auth_gss? Another idea > > would be to call gssd_running() from the nfs mount code and use that to > > determine whether to try and use krb5 at all... > >=20 > > Discuss! > I've just verified that a mount, with these patches, takes about=20 > 1.2 seconds when rpc.gssd is not running.... With rpc.gssd it=20 > take about .2 seconds. >=20 > Tested-by: Steve Dickson > Still sounds like about one second too long. In that patch I see: timeout =3D 15 * HZ; - if (!sn->gssd_running) + if (!gssd_running(sn)) timeout =3D HZ >> 2; Given that "!gssd_running(sn)" is now certain knowledge rather than a hint, can't we just skip the upcall and any timeout? i.e. timeout =3D 15 * HZ; - if (!sn->gssd_running) + if (!gssd_running(sn)) - timeout =3D HZ >> 2; + return -EACCES; ?? NeilBrown --Sig_/HNANzcjp88UJ2tW1mNj.Ab1 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQIVAwUBUoKoiTnsnt1WYoG5AQJ+pxAAiuJhR5/hLChQDR0SVplAm8G14vAKRTia 6atPrJ2aeDT1Y2kvLnv5QzZUvtk+dpmpMlHYl+bUOwTT2vyDTofx5Kuiktjz89Cf CHGN2odSnF6u4H4SxecjobEx06zfA7CMTflmK/u7NntUMHvYRirDRQQlDy0uc3Nn nmM7nflC/mhVsGDfKjk4a1rDcFJ5p7Mg8Lv4wD1X45y8g87eY/tR0JRNZJdT14hu 8qVr1htlvQipOcrCyIsTh74+3yjGDV/AEhDFN8B79PTp/qYhpb/2iiSrDwekaxHz ffjjdWjVUV0loZCq6Ryoj9AWjPA2ePnBR1VqVYw2/pl9sDcDmRhp7pDu2Wt1mnl+ bl0Q4W6RdfZmo2cVmJ+waeC6wo+J9qupHf1AIaDS9wiKapWggesG9UzwAosVSMXz 7rQJUh7y97+fkJ6qOKlMqNXNKXmZtxQI+J0kWFta1F9+jzZ4/4f2xMD0bvDGTLR3 DGW6krPnTbMZqT4iZVkfO2XEJwNoMzMUUhuyfafXwh1dSI4SFA+BVTGXxNKTfNg9 8qsOkunJILa05+CzodZj8G8kZQIfOYCrxoAaySdoDNRiUVmidy7cY5CX4UbItOkK 9SuqHIhztJeJkO6/XyBRcSrN3d28DLCCteN7N17UvzGKMxk8rRhEGDD6gcRlnw2k oQfRLutsWT0= =W1nn -----END PGP SIGNATURE----- --Sig_/HNANzcjp88UJ2tW1mNj.Ab1--