Re: [PATCH] NFSv4: Fix NFS_V4 select RPCSEC_GSS_KRB5

From: Trond Myklebust
Date: Tue Mar 28 2023 - 11:05:24 EST

Next message: Simon Horman: "Re: [PATCH net-next v2] Revert "sh_eth: remove open coded netif_running()""
Previous message: Naresh Solanki: "[PATCH v2 3/3] hwmon: (pmbus/core): Notify regulator events"
In reply to: Chuck Lever III: "Re: [PATCH] NFSv4: Fix NFS_V4 select RPCSEC_GSS_KRB5"
Next in thread: Chuck Lever III: "Re: [PATCH] NFSv4: Fix NFS_V4 select RPCSEC_GSS_KRB5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Mar 28, 2023, at 09:40, Chuck Lever III <chuck.lever@xxxxxxxxxx> wrote:
>
>
>
>> On Mar 28, 2023, at 3:25 AM, Geert Uytterhoeven <geert+renesas@xxxxxxxxx> wrote:
>>
>> If CONFIG_CRYPTO=n (e.g. arm/shmobile_defconfig):
>>
>> WARNING: unmet direct dependencies detected for RPCSEC_GSS_KRB5
>> Depends on [n]: NETWORK_FILESYSTEMS [=y] && SUNRPC [=y] && CRYPTO [=n]
>> Selected by [y]:
>> - NFS_V4 [=y] && NETWORK_FILESYSTEMS [=y] && NFS_FS [=y]
>>
>> As NFSv4 can work without crypto enabled, fix this by making the
>> selection of RPCSEC_GSS_KRB5 conditional on CRYPTO.
>>
>> Fixes: e57d065277387980 ("NFS & NFSD: Update GSS dependencies")
>> Reported-by: kernel test robot <lkp@xxxxxxxxx>
>> Link: https://lore.kernel.org/oe-kbuild-all/202303241307.f6NeW9gZ-lkp@xxxxxxxxx/
>> Reported-by: Niklas Söderlund <niklas.soderlund@xxxxxxxxxxxx>
>> Link: https://lore.kernel.org/r/ZCG6tIoz0VN6d+oy@xxxxxxxxxxxxxxxxxxxxx
>> Signed-off-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
>> ---
>> Nfsroot ("root=/dev/nfs rw nfsroot=aaa.bbb.ccc.ddd:/path/to/fs,tcp,v4")
>> works fine without CRYPTO and RPCSEC_GSS_KRB5.
>> CONFIG_NFSD_V4 selects CRYPTO, so was not affected by the similar change.
>
> Makes sense to me.
>
> I can quickly take this through nfsd-fixes if the NFS maintainers
> can send me an Acked-by.
>
>
>> ---
>> fs/nfs/Kconfig | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
>> index 450d6c3bc05e27dd..f05c13ce0155bd69 100644
>> --- a/fs/nfs/Kconfig
>> +++ b/fs/nfs/Kconfig
>> @@ -75,7 +75,7 @@ config NFS_V3_ACL
>> config NFS_V4
>> tristate "NFS client support for NFS version 4"
>> depends on NFS_FS
>> - select RPCSEC_GSS_KRB5
>> + select RPCSEC_GSS_KRB5 if CRYPTO
>> select KEYS
>> help
>> This option enables support for version 4 of the NFS protocol
>> --
>> 2.34.1
>>

Hmm… Perhaps it is time to just remove the above RPCSEC_GSS_KRB5 dependency altogether? It is possible to use the NFSv4.1 client with just AUTH_SYS, and in fact there are plenty of people out there using only that. The fact that RFC5661 gets its knickers in a twist about RPCSEC_GSS support is largely irrelevant to those people.

The other issue is that ’select’ enforces the strict dependency that if the NFS client is compiled into the kernel, then the RPCSEC_GSS and kerberos code needs to be compiled in as well: they cannot exist as modules.

_________________________________
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@xxxxxxxxxxxxxxx

Next message: Simon Horman: "Re: [PATCH net-next v2] Revert "sh_eth: remove open coded netif_running()""
Previous message: Naresh Solanki: "[PATCH v2 3/3] hwmon: (pmbus/core): Notify regulator events"
In reply to: Chuck Lever III: "Re: [PATCH] NFSv4: Fix NFS_V4 select RPCSEC_GSS_KRB5"
Next in thread: Chuck Lever III: "Re: [PATCH] NFSv4: Fix NFS_V4 select RPCSEC_GSS_KRB5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]