Setclientid / Definition of client

Felix Engel Felix.Engel at iss.rwth-aachen.de
Mon Dec 4 10:33:45 EST 2006 

Hello list,

while testing an nfsv4 based setup we ran into some problems which
raised some general questions about the current implementation and the
correct interpretation of RFC 3530. We have a fileserver running a
Debian/Testing distribution with a custom built vanilla 2.6.18.2 kernel.
The clients are FC4 installations running the FC4-shipped kernel
(2.6.17-1.2143_FC4smp). We are also running system monitoring tasks
which open sessions as users "nagios" and "stats" in 5 minute intervals.
For our tests we did use AUTH_UNIX as the rpc authentication system.

After a time between 10 mins and two hours, the clients would all be
unable to access the nfs shares. Unmounting them was also impossible. At
the time of the first failed access the following appeared in the
server's kernel output:
 NFSD: setclientid: string in use by client(clientid 456fe889/000003bd)

We have since found out that the race condition causing the lockup has
been fixed since, and with newer kernels the client recovers.
We have then further investigated what happenened and have seen that the
server returns an NFS4ERR_CLID_INUSE error to the client, because the
rpc credentials used for the SETCLIENTID call to renew the lease are
different from the credentials used for the original call to
SETCLIENTID. The line in the kernel sourcecode looks as follows (this is
taken from a vanilla 2.6.19 kernel):
fs/nfsd/nfs4state.c: line 750

	if (!cmp_creds(&conf->cl_cred, &rqstp->rq_cred)
			|| conf->cl_addr != ip_addr) {
		printk("NFSD: setclientid: string in use by
				client"
				"(clientid
			%08x/%08x)\n",
				conf->cl_clientid.cl_boot,
				conf->cl_clientid.cl_id);
		goto out;
	}

This implies that on the client side, for every system user (i.e. for
everyone making calls with unique credentials), a separate "nfs4 client"
as per the RFC should be generated.

However it seems that on the client machine, a separate client is only
generated per machine. 

My question therefore is whether the client code is faulty by not
creating a new "nfs4 client" for each user, whether the server code is
faulty by checking the credentials in setclientid_proc even though they
might be different or whether we just have  missed some important part.

Regards, 
	Felix

More information about the NFSv4 mailing list