If you have wildcard exports, then any individual client is only added to the
kernel's list of authenticated hosts when it makes a mount request.
When the server is restarted, it's supposed to remember which clients were
mounted, but sometimes it doesn't, especially if the server crashes and loses
its xtab file.
So you end up in a state where the client thinks it's mounted, but the server
doesn't agree.
There are other ways of reproducing this which don't require a server crash:
>From behind an IP masquerading firewall, mount the server from one client, then
from another client behind the same firewall. Unmount it from the first, then
the second won't be able to access it any more because the unmount removed the
firewall's IP address from the server's export list.
However, it's possible to make the server recover automatically from this
state. The logic is as follows:
When an NFS request is due to be dropped by the kernel nfsd because it's from
a host which isn't listed in the exports list, we don't just drop it.
Instead, we make a callback to the user-space mountd, which can decide whether
we should actually honour the request or not.
This is out of the normal path for processing requests, so it's not an extra
overhead on normal operation; it only comes into play when the request was
going to be dropped anyway.
I have a distinct recollection of having written the code to do all this
already. I'll go dig it out and make it work against 2.2.1[23].
---- ---- ----
David Woodhouse David.Woodhouse@mvhi.com Office: (+44) 1223 810302
Project Leader, Process Information Systems Mobile: (+44) 976 658355
Axiom (Cambridge) Ltd., Swaffham Bulbeck, Cambridge, CB5 0NA, UK.
finger dwmw2@ferret.lmh.ox.ac.uk for PGP key.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/