Return-Path: linux-nfs-owner@vger.kernel.org Received: from mx11.netapp.com ([216.240.18.76]:40244 "EHLO mx11.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754734Ab3KMB06 convert rfc822-to-8bit (ORCPT ); Tue, 12 Nov 2013 20:26:58 -0500 From: "Myklebust, Trond" To: NeilBrown CC: "J. Bruce Fields" , Charles Edward Lever , Steve Dickson , "Linux NFS Mailing List" Subject: Re: [PATCH] Adding the nfs4_secure_mounts bool Date: Wed, 13 Nov 2013 01:26:56 +0000 Message-ID: <1384306012.15992.9.camel@leira.trondhjem.org> References: <1384037221-7224-1-git-send-email-steved@redhat.com> <52811CBB.3070204@RedHat.com> <5281290B.6000201@RedHat.com> <20131112161135.25a487da@notabene.brown> <20131112161634.GC15060@fieldses.org> <20131113112346.3f5f3bd0@notabene.brown> <1384302651.15992.3.camel@leira.trondhjem.org> <20131113121333.2a16f646@notabene.brown> In-Reply-To: <20131113121333.2a16f646@notabene.brown> Content-Type: text/plain; charset="utf-7" MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org List-ID: On Wed, 2013-11-13 at 12:13 +-1100, NeilBrown wrote: +AD4- On Wed, 13 Nov 2013 00:30:53 +-0000 +ACI-Myklebust, Trond+ACI- +AD4- +ADw-Trond.Myklebust+AEA-netapp.com+AD4- wrote: +AD4- +AD4- +AD4- On Wed, 2013-11-13 at 11:23 +-1100, NeilBrown wrote: +AD4- +AD4- +AD4- But back to my problem: Following Trond's suggestion I've come up with the +AD4- +AD4- +AD4- following patch. Does it look right? +AD4- +AD4- +AD4- +AD4- +AD4- +AD4- The +ACI-fd +AD0- -1+ACI- is just to stop us trying to close a non-open fd in an error +AD4- +AD4- +AD4- path. +AD4- +AD4- +AD4- +AD4- +AD4- +AD4- The change from testing -+AD4-servicename to -+AD4-prog stops us from repeating the +AD4- +AD4- +AD4- failed DNS lookup on every request, not that the failure isn't fatal. +AD4- +AD4- +AD4- +AD4- +AD4- +AD4- The last stanza makes sure we always reply to an upcall, with EINVAL if +AD4- +AD4- +AD4- nothing else seems appropriate. +AD4- +AD4- +AD4- +AD4- Wouldn't EACCES be more appropriate as a default? +AD4- +AD4- +AD4- +AD4- Maybe. And that is what you suggested before and I mis-remembered - sorry. +AD4- +AD4- However EACCES is +ACI-Permission denied+ACI- which doesn't quite seem right to me. +AD4- It isn't really +ACI-you aren't allowed to do that+ACI-, but +ACI-your question doesn't +AD4- make sense+ACI-. +AD4- +AD4- However I'm not fussed. If you prefer EACCES, then I'll make it EACCES. If you look at gss+AF8-pipe+AF8-downcall(), then you'll note that it treats EINVAL as a temporary error, and converts it to EAGAIN. That again causes call+AF8-refreshresult to retry the upcall 2 more times before failing with EACCES anyway... -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust+AEA-netapp.com www.netapp.com