[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2ED142CE-6E37-42B8-AB2D-602772AAEE2D@oracle.com>
Date: Tue, 28 Mar 2023 15:09:43 +0000
From: Chuck Lever III <chuck.lever@...cle.com>
To: Trond Myklebust <trondmy@...merspace.com>
CC: Geert Uytterhoeven <geert+renesas@...der.be>,
Anna Schumaker <anna@...nel.org>,
Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
"linux-renesas-soc@...r.kernel.org"
<linux-renesas-soc@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
kernel test robot <lkp@...el.com>,
Niklas Söderlund
<niklas.soderlund@...natech.se>
Subject: Re: [PATCH] NFSv4: Fix NFS_V4 select RPCSEC_GSS_KRB5
> On Mar 28, 2023, at 11:02 AM, Trond Myklebust <trondmy@...merspace.com> wrote:
>
>
>
>> On Mar 28, 2023, at 09:40, Chuck Lever III <chuck.lever@...cle.com> wrote:
>>
>>
>>
>>> On Mar 28, 2023, at 3:25 AM, Geert Uytterhoeven <geert+renesas@...der.be> wrote:
>>>
>>> If CONFIG_CRYPTO=n (e.g. arm/shmobile_defconfig):
>>>
>>> WARNING: unmet direct dependencies detected for RPCSEC_GSS_KRB5
>>> Depends on [n]: NETWORK_FILESYSTEMS [=y] && SUNRPC [=y] && CRYPTO [=n]
>>> Selected by [y]:
>>> - NFS_V4 [=y] && NETWORK_FILESYSTEMS [=y] && NFS_FS [=y]
>>>
>>> As NFSv4 can work without crypto enabled, fix this by making the
>>> selection of RPCSEC_GSS_KRB5 conditional on CRYPTO.
>>>
>>> Fixes: e57d065277387980 ("NFS & NFSD: Update GSS dependencies")
>>> Reported-by: kernel test robot <lkp@...el.com>
>>> Link: https://lore.kernel.org/oe-kbuild-all/202303241307.f6NeW9gZ-lkp@intel.com/
>>> Reported-by: Niklas Söderlund <niklas.soderlund@...natech.se>
>>> Link: https://lore.kernel.org/r/ZCG6tIoz0VN6d+oy@sleipner.dyn.berto.se
>>> Signed-off-by: Geert Uytterhoeven <geert+renesas@...der.be>
>>> ---
>>> Nfsroot ("root=/dev/nfs rw nfsroot=aaa.bbb.ccc.ddd:/path/to/fs,tcp,v4")
>>> works fine without CRYPTO and RPCSEC_GSS_KRB5.
>>> CONFIG_NFSD_V4 selects CRYPTO, so was not affected by the similar change.
>>
>> Makes sense to me.
>>
>> I can quickly take this through nfsd-fixes if the NFS maintainers
>> can send me an Acked-by.
>>
>>
>>> ---
>>> fs/nfs/Kconfig | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
>>> index 450d6c3bc05e27dd..f05c13ce0155bd69 100644
>>> --- a/fs/nfs/Kconfig
>>> +++ b/fs/nfs/Kconfig
>>> @@ -75,7 +75,7 @@ config NFS_V3_ACL
>>> config NFS_V4
>>> tristate "NFS client support for NFS version 4"
>>> depends on NFS_FS
>>> - select RPCSEC_GSS_KRB5
>>> + select RPCSEC_GSS_KRB5 if CRYPTO
>>> select KEYS
>>> help
>>> This option enables support for version 4 of the NFS protocol
>>> --
>>> 2.34.1
>>>
>
> Hmm… Perhaps it is time to just remove the above RPCSEC_GSS_KRB5 dependency altogether?
This is the other reason I was hesitating to address this
issue immediately: we might want to take a different
approach to dealing with these dependencies, and that
new approach might take some time to develop and test.
I agree that removing the "select" clause is a good
thing to try.
> It is possible to use the NFSv4.1 client with just AUTH_SYS, and in fact there are plenty of people out there using only that. The fact that RFC5661 gets its knickers in a twist about RPCSEC_GSS support is largely irrelevant to those people.
>
> The other issue is that ’select’ enforces the strict dependency that if the NFS client is compiled into the kernel, then the RPCSEC_GSS and kerberos code needs to be compiled in as well: they cannot exist as modules.
--
Chuck Lever
Powered by blists - more mailing lists