| Message ID | 20130204201903.1518.91133.stgit@seurat.1015granger.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Mon, 2013-02-04 at 15:19 -0500, Chuck Lever wrote: > Commit f344f6df "SUNRPC: Auto-load RPC authentication kernel > modules", Mon Mar 20 13:44:08 2006, adds a request_module() call > in rpcauth_create() to auto-load RPC security modules when a ULP > tries to create a credential of that flavor. > > In rpcauth_create(), the name of the module to load is built like > this: > > request_module("rpc-auth-%u", flavor); > > This means that for, say, RPC_AUTH_GSS, request_module() is looking > for a module or alias called "rpc-auth-6". > > The GSS module is named "auth_rpcgss", and commit f344f6df does not > add any new module aliases. There is also no such alias provided in > /etc/modprobe.d on my system (Fedora 16). Without this alias, the > GSS module is not loaded on demand. Wait... Why do we want to load the auth_rpcgss module on its own? It doesn't provide any authentication or security mechanisms of its own. All it does is to provide support for the other security mechanisms. As far as I can see, calling rpcauth_create() with a pseudoflavour value of '6' is a bug... > Signed-off-by: Chuck Lever <chuck.lever@oracle.com> > --- > > net/sunrpc/auth_gss/auth_gss.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c > index 6e5c824..4db065d 100644 > --- a/net/sunrpc/auth_gss/auth_gss.c > +++ b/net/sunrpc/auth_gss/auth_gss.c > @@ -1721,6 +1721,7 @@ static void __exit exit_rpcsec_gss(void) > rcu_barrier(); /* Wait for completion of call_rcu()'s */ > } > > +MODULE_ALIAS("rpc-auth-6"); > MODULE_LICENSE("GPL"); > module_param_named(expired_cred_retry_delay, > gss_expired_cred_retry_delay, >
On Feb 18, 2013, at 1:42 PM, "Myklebust, Trond" <Trond.Myklebust@netapp.com> wrote: > On Mon, 2013-02-04 at 15:19 -0500, Chuck Lever wrote: >> Commit f344f6df "SUNRPC: Auto-load RPC authentication kernel >> modules", Mon Mar 20 13:44:08 2006, adds a request_module() call >> in rpcauth_create() to auto-load RPC security modules when a ULP >> tries to create a credential of that flavor. >> >> In rpcauth_create(), the name of the module to load is built like >> this: >> >> request_module("rpc-auth-%u", flavor); >> >> This means that for, say, RPC_AUTH_GSS, request_module() is looking >> for a module or alias called "rpc-auth-6". >> >> The GSS module is named "auth_rpcgss", and commit f344f6df does not >> add any new module aliases. There is also no such alias provided in >> /etc/modprobe.d on my system (Fedora 16). Without this alias, the >> GSS module is not loaded on demand. > > Wait... Why do we want to load the auth_rpcgss module on its own? It > doesn't provide any authentication or security mechanisms of its own. > All it does is to provide support for the other security mechanisms. This is a bootstrap. Have a look at the logic in rpcauth_create(). Suppose auth_rpcgss.ko has not been loaded, and some caller wants to create an rpc_auth with pseudoflavor RPC_AUTH_GSS_KRB5. pseudoflavor_to_flavor() converts RPC_AUTH_GSS_KRB5 to RPC_AUTH_GSS. RPC_AUTH_GSS is used to index the auth_flavors[] array, where the ops pointer is found to be NULL. In that case request_module() is invoked with the argument "rpc-auth-6". Without the module alias, nothing happens: at line 194, the ops pointer at index "flavor" is still NULL, and rpcauth_create() exits with -EINVAL. With the module alias, authrpc_gss.ko is loaded. This makes ops->create() for GSS available, which is then invoked with the argument RPC_AUTH_GSS_KRB5. authrpc_gss.ko in turn loads rpcsec_gss_krb5.ko, and the bootstrap is complete. All of this logic has been in here since Olaf added it, but has lain fallow without the "rpc-auth-6" module alias. We've not hit a problem before, I believe, because distributions have worked around the missing modules by loading them via init scripts.
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 6e5c824..4db065d 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -1721,6 +1721,7 @@ static void __exit exit_rpcsec_gss(void) rcu_barrier(); /* Wait for completion of call_rcu()'s */ } +MODULE_ALIAS("rpc-auth-6"); MODULE_LICENSE("GPL"); module_param_named(expired_cred_retry_delay, gss_expired_cred_retry_delay,
Commit f344f6df "SUNRPC: Auto-load RPC authentication kernel modules", Mon Mar 20 13:44:08 2006, adds a request_module() call in rpcauth_create() to auto-load RPC security modules when a ULP tries to create a credential of that flavor. In rpcauth_create(), the name of the module to load is built like this: request_module("rpc-auth-%u", flavor); This means that for, say, RPC_AUTH_GSS, request_module() is looking for a module or alias called "rpc-auth-6". The GSS module is named "auth_rpcgss", and commit f344f6df does not add any new module aliases. There is also no such alias provided in /etc/modprobe.d on my system (Fedora 16). Without this alias, the GSS module is not loaded on demand. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- net/sunrpc/auth_gss/auth_gss.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html