Return-Path: linux-nfs-owner@vger.kernel.org
Received: from cantor2.suse.de ([195.135.220.15]:51556 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754614Ab3KLWPw (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Tue, 12 Nov 2013 17:15:52 -0500
Date: Wed, 13 Nov 2013 09:15:37 +1100
From: NeilBrown <neilb@suse.de>
To: Steve Dickson <SteveD@redhat.com>
Cc: Jeff Layton <jlayton@redhat.com>, trond.myklebust@netapp.com,
        linux-nfs@vger.kernel.org
Subject: Re: [PATCH 0/2] sunrpc: more reliable detection of running gssd
Message-ID: <20131113091537.059162de@notabene.brown>
In-Reply-To: <52824784.4080901@RedHat.com>
References: <1384261225-28559-1-git-send-email-jlayton@redhat.com>
	<52824784.4080901@RedHat.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=PGP-SHA1;
 boundary="Sig_/HNANzcjp88UJ2tW1mNj.Ab1"; protocol="application/pgp-signature"
Sender: linux-nfs-owner@vger.kernel.org
List-ID: <linux-nfs.vger.kernel.org>

--Sig_/HNANzcjp88UJ2tW1mNj.Ab1
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Tue, 12 Nov 2013 10:21:40 -0500 Steve Dickson <SteveD@redhat.com> wrote:

> On 12/11/13 08:00, Jeff Layton wrote:
> > We've gotten a lot of complaints recently about the 15s delay when
> > doing a sec=3Dsys mount without gssd running.
> >=20
> > A large part of the problem is that the kernel isn't able to reliably
> > detect when rpc.gssd is running. What we currently have is a
> > gssd_running flag that is initially set to 1. When an upcall times out,
> > that gets set to 0, and subsequent upcalls get a much shorter timeout
> > (1/4s instead of 15s). It's reset back to '1' when a pipe is reopened.
> >=20
> > The approach of using a flag like this is pretty inadequate. First, it
> > doesn't eliminate the long delay on the initial upcall attempt. Also,
> > if gssd spontaneously dies, then the flag will still be set to 1 until
> > the next upcall attempt times out. Finally, it currently requires that
> > the pipe be reopened in order to reset the flag back to true.
> >=20
> > This patchset replaces that flag with a more reliable mechanism for
> > detecting when gssd is running. When rpc_pipefs is mounted, it creates a
> > new "dummy" pipe that gssd will naturally find and hold open. We'll
> > never send an upcall down this pipe, and writing to it always fails.
> > But, since we can detect when something is holding it open, we can use
> > that to determine whether gssd is running.
> >=20
> > The current patch just uses this mechanism to replace the gssd_running
> > flag with this new mechanism. This shortens the long delay when mounting
> > without gssd running, but does not silence these warnings:
> >=20
> >     RPC: AUTH_GSS upcall timed out.
> >     Please check user daemon is running.
> >=20
> > I'm willing to add a patch to do that, but I'm a little unclear on the
> > best way to do so. Those messages are generated by the auth_gss code. We
> > probably do want to print them if someone mounted with sec=3Dkrb5, but
> > suppress them when mounting with sec=3Dsys.
> >=20
> > Do we need to somehow pass down that intent to auth_gss? Another idea
> > would be to call gssd_running() from the nfs mount code and use that to
> > determine whether to try and use krb5 at all...
> >=20
> > Discuss!
> I've just verified that a mount, with these patches, takes about=20
> 1.2 seconds when rpc.gssd is not running.... With rpc.gssd it=20
> take about .2 seconds.
>=20
> Tested-by: Steve Dickson <steved@redhat.com>
>

Still sounds like about one second too long.

In that patch I see:

 	timeout =3D 15 * HZ;
-	if (!sn->gssd_running)
+	if (!gssd_running(sn))
 		timeout =3D HZ >> 2;

Given that "!gssd_running(sn)" is now certain knowledge rather than a hint,
can't we just skip the upcall and any timeout?
i.e.
 	timeout =3D 15 * HZ;
-	if (!sn->gssd_running)
+	if (!gssd_running(sn))
- 		timeout =3D HZ >> 2;
+		return -EACCES;

??

NeilBrown


--Sig_/HNANzcjp88UJ2tW1mNj.Ab1
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIVAwUBUoKoiTnsnt1WYoG5AQJ+pxAAiuJhR5/hLChQDR0SVplAm8G14vAKRTia
6atPrJ2aeDT1Y2kvLnv5QzZUvtk+dpmpMlHYl+bUOwTT2vyDTofx5Kuiktjz89Cf
CHGN2odSnF6u4H4SxecjobEx06zfA7CMTflmK/u7NntUMHvYRirDRQQlDy0uc3Nn
nmM7nflC/mhVsGDfKjk4a1rDcFJ5p7Mg8Lv4wD1X45y8g87eY/tR0JRNZJdT14hu
8qVr1htlvQipOcrCyIsTh74+3yjGDV/AEhDFN8B79PTp/qYhpb/2iiSrDwekaxHz
ffjjdWjVUV0loZCq6Ryoj9AWjPA2ePnBR1VqVYw2/pl9sDcDmRhp7pDu2Wt1mnl+
bl0Q4W6RdfZmo2cVmJ+waeC6wo+J9qupHf1AIaDS9wiKapWggesG9UzwAosVSMXz
7rQJUh7y97+fkJ6qOKlMqNXNKXmZtxQI+J0kWFta1F9+jzZ4/4f2xMD0bvDGTLR3
DGW6krPnTbMZqT4iZVkfO2XEJwNoMzMUUhuyfafXwh1dSI4SFA+BVTGXxNKTfNg9
8qsOkunJILa05+CzodZj8G8kZQIfOYCrxoAaySdoDNRiUVmidy7cY5CX4UbItOkK
9SuqHIhztJeJkO6/XyBRcSrN3d28DLCCteN7N17UvzGKMxk8rRhEGDD6gcRlnw2k
oQfRLutsWT0=
=W1nn
-----END PGP SIGNATURE-----

--Sig_/HNANzcjp88UJ2tW1mNj.Ab1--