[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-nfs
Subject:    Re: [PATCH] NFSv4: Fix NFS_V4 select RPCSEC_GSS_KRB5
From:       Chuck Lever III <chuck.lever () oracle ! com>
Date:       2023-03-28 15:09:43
Message-ID: 2ED142CE-6E37-42B8-AB2D-602772AAEE2D () oracle ! com
[Download RAW message or body]



> On Mar 28, 2023, at 11:02 AM, Trond Myklebust <trondmy@hammerspace.com> wrote:
> 
> 
> 
> > On Mar 28, 2023, at 09:40, Chuck Lever III <chuck.lever@oracle.com> wrote:
> > 
> > 
> > 
> > > On Mar 28, 2023, at 3:25 AM, Geert Uytterhoeven <geert+renesas@glider.be> \
> > > wrote: 
> > > If CONFIG_CRYPTO=n (e.g. arm/shmobile_defconfig):
> > > 
> > > WARNING: unmet direct dependencies detected for RPCSEC_GSS_KRB5
> > > Depends on [n]: NETWORK_FILESYSTEMS [=y] && SUNRPC [=y] && CRYPTO [=n]
> > > Selected by [y]:
> > > - NFS_V4 [=y] && NETWORK_FILESYSTEMS [=y] && NFS_FS [=y]
> > > 
> > > As NFSv4 can work without crypto enabled, fix this by making the
> > > selection of RPCSEC_GSS_KRB5 conditional on CRYPTO.
> > > 
> > > Fixes: e57d065277387980 ("NFS & NFSD: Update GSS dependencies")
> > > Reported-by: kernel test robot <lkp@intel.com>
> > > Link: https://lore.kernel.org/oe-kbuild-all/202303241307.f6NeW9gZ-lkp@intel.com/
> > >                 
> > > Reported-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
> > > Link: https://lore.kernel.org/r/ZCG6tIoz0VN6d+oy@sleipner.dyn.berto.se
> > > Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> > > ---
> > > Nfsroot ("root=/dev/nfs rw nfsroot=aaa.bbb.ccc.ddd:/path/to/fs,tcp,v4")
> > > works fine without CRYPTO and RPCSEC_GSS_KRB5.
> > > CONFIG_NFSD_V4 selects CRYPTO, so was not affected by the similar change.
> > 
> > Makes sense to me.
> > 
> > I can quickly take this through nfsd-fixes if the NFS maintainers
> > can send me an Acked-by.
> > 
> > 
> > > ---
> > > fs/nfs/Kconfig | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
> > > index 450d6c3bc05e27dd..f05c13ce0155bd69 100644
> > > --- a/fs/nfs/Kconfig
> > > +++ b/fs/nfs/Kconfig
> > > @@ -75,7 +75,7 @@ config NFS_V3_ACL
> > > config NFS_V4
> > > tristate "NFS client support for NFS version 4"
> > > depends on NFS_FS
> > > - select RPCSEC_GSS_KRB5
> > > + select RPCSEC_GSS_KRB5 if CRYPTO
> > > select KEYS
> > > help
> > > This option enables support for version 4 of the NFS protocol
> > > -- 
> > > 2.34.1
> > > 
> 
> Hmm… Perhaps it is time to just remove the above RPCSEC_GSS_KRB5 dependency \
> altogether?

This is the other reason I was hesitating to address this
issue immediately: we might want to take a different
approach to dealing with these dependencies, and that
new approach might take some time to develop and test.

I agree that removing the "select" clause is a good
thing to try.


> It is possible to use the NFSv4.1 client with just AUTH_SYS, and in fact there are \
> plenty of people out there using only that. The fact that RFC5661 gets its knickers \
> in a twist about RPCSEC_GSS support is largely irrelevant to those people. 
> The other issue is that 'select' enforces the strict dependency that if the NFS \
> client is compiled into the kernel, then the RPCSEC_GSS and kerberos code needs to \
> be compiled in as well: they cannot exist as modules.



--
Chuck Lever


[prev in list] [next in list] [prev in thread] [next in thread]