Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp742337pxb; Fri, 21 Jan 2022 02:06:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJzKPmZV+t+lTkFNID8lOyQAspmNVr6CORTA8zekTwOvVCtcAaU5f73mUbwKtbPlR8dXZTd5 X-Received: by 2002:a05:6a00:98c:b0:4be:c059:8e3 with SMTP id u12-20020a056a00098c00b004bec05908e3mr3260434pfg.10.1642759613871; Fri, 21 Jan 2022 02:06:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642759613; cv=none; d=google.com; s=arc-20160816; b=Tpb0tIl25CFEjwJDWgGitWhizpeN2Ot/VDOAFXIoCVrYai9fdjNs73TeQxsD0p7Goo LbsXE3Gr/ZmJIzH1H8c+KOT7pVe0Bj/u5beQtnz/rkGKEYBJT71r6Fk6WF2noxfwkAsu HWanWPiXExuW31GaMTbqZyFTFWsgRDsvaZz+z4pGada3v4DE39pzFTt70BpJXsnb0KGH ge5MKslmuMoADwtZffsX/eej1vb7Qc2MVdtazvIhpAgyjkQR4R1eixP2PdhVMMF8Q3D2 6qEsjq+NQVv5ONl4CMbqKeMua86NlwUP4jSaYidKyUVLw31AajNIn4QoUfjrlzN0+evr F+CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:references:in-reply-to:subject :cc:to:from:mime-version:content-transfer-encoding:dkim-signature :dkim-signature; bh=AAHvca2bpoYeHXHo+BMAx7zj5Lkev8D5VT+5PlIT8ec=; b=a391ttdTjdDnKzOoWx9Mj9KEEJXKrg9YZU6P515b/DFp/WG6ECtj/zFDUZwhI4n7C+ 5fwIN0anNPT8pb5jJR0ZHw0sBWitH3sj06G8aZbNwyVg78ntOTJrFv2wh7jNxTLtcibY /ayZXFAQgsEbT4D5fozCP1O5v3Qb1vpSz9A9+NNSUUF7/As5xHrqeDnHFgK9uNVBN+v1 r3tRZwyDs//yxDsLlSw8aTz6vEvgQUdvAEWk8/ECu3hAKlG2LuhOYjVfJ4F2ilUqi+dX ciPrjjRop54uUndNi7sW6WQZek8Fh/vh7IprQQBcK0NaVgbyvm2CvxAg55py175e9n33 NrEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=OT4sSt4G; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b="4r/8QtGn"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gg4si5832227pjb.113.2022.01.21.02.06.24; Fri, 21 Jan 2022 02:06:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=OT4sSt4G; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b="4r/8QtGn"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343825AbiARWNr (ORCPT + 99 others); Tue, 18 Jan 2022 17:13:47 -0500 Received: from smtp-out2.suse.de ([195.135.220.29]:50492 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343663AbiARWNq (ORCPT ); Tue, 18 Jan 2022 17:13:46 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 79C5A1F37E; Tue, 18 Jan 2022 22:13:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1642544024; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AAHvca2bpoYeHXHo+BMAx7zj5Lkev8D5VT+5PlIT8ec=; b=OT4sSt4GojfmivoxgbSzf3kcx6BhT9Wz2GnqgxB5rHsSgMVnm709x6CX+f1f2/1JNNI7ge wcQpayQRI7np0jcvd5N1znxArTQPEq1aebZRoE6hmMHE4FXEgDU6utOkmEErOtmE3C8jN6 p4IHVPqvH1enkMxyGjjlJa68Ww8alDw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1642544024; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AAHvca2bpoYeHXHo+BMAx7zj5Lkev8D5VT+5PlIT8ec=; b=4r/8QtGnoQrcptONNaqaCvzG/YBhIRAQhKGym1kxw0LQ0vRdSv6bliofXkqQt1N9mpWOvm brZbD4LXD9rdcuDQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 5E83E13AD9; Tue, 18 Jan 2022 22:13:41 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id y6sfB5U752HnGQAAMHmgww (envelope-from ); Tue, 18 Jan 2022 22:13:41 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 From: "NeilBrown" To: "Nikita Yushchenko" Cc: "Petr Vorel" , linux-nfs@vger.kernel.org, "J. Bruce Fields" , "Chuck Lever" , "Trond Myklebust" , "Anna Schumaker" , "Steve Dickson" , ltp@lists.linux.it, kernel@openvz.org Subject: Re: LTP nfslock01 test failing on NFS v3 (lockd: cannot monitor 10.0.0.2) In-reply-to: References: , Date: Wed, 19 Jan 2022 09:13:35 +1100 Message-id: <164254401568.24166.883582030601071761@noble.neil.brown.name> Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, 19 Jan 2022, Nikita Yushchenko wrote: > 18.01.2022 18:26, Petr Vorel wrote: > > Hi all, > >=20 > > this is a test failure posted by Nikita Yushchenko [1]. LTP NFS test nfsl= ock01 > > looks to be failing on NFS v3: > >=20 > > "not unsharing /var makes AF_UNIX socket for host's rpcbind to become ava= ilable > > inside ltpns. Then, at nfs3 mount time, kernel creates an instance of loc= kd for > > ltpns, and ports for that instance leak to host's rpcbind and overwrite p= orts > > for lockd already active for root namespace. This breaks nfs3 file lockin= g." >=20 > What exactly happens is: >=20 > Test runs 'mount' in non-root netns, trying to mount a directory from root = netns of the same host via nfsv3 >=20 > (Part of) call chain inside the kernel >=20 > nfs_try_get_tree() > nfs3_create_server() > nfs_create_server() > nfs_init_server() > nfs_start_lockd() > nlmclnt_init() > lockd_up() > svc_bind() > svc_rpcb_setup() > rpcb_create_local() >=20 > ... and at this point it tries AF_UNIX connection to /var/run/rpcbind.sock >=20 > AF_UNIX is not netns-aware. > So it connects to host's rpcbind. > And overwrites ports registered in host's rpcbind by lockd instance for roo= t namespace. Since this=20 > point, lockd instance for root namespace becomes no longer accessible (it s= till listens but nobody can=20 > learn the ports). Thus nfs locks don't work. >=20 > I'm not sure what is the correct behavior here. >=20 > Maybe rpcb_create_local() shall detect that it is not in root netns, and on= ly try AF_INET connection to=20 > localhost in that case. That would be simple and might be sensible. IF changing the AF_UNIX path to "/run/rpcbind.sock" isn't sufficient, then testing for the root_ns is probably the best second option. Thanks, NeilBrown