kgss: de-virtualize kgss_gssd_handle
ClosedPublic
Actions

Authored by glebius on Apr 21 2026, 5:55 PM.

Details

Reviewers

rmacklem

Commits

rGb5f4d40951c3: kgss: de-virtualize kgss_gssd_handle
rG4602d45eb3b1: kgss: de-virtualize kgss_gssd_handle

Summary

The RPC client is more of a class rather than an instance. RPCs from
different VNETs are served by the same client. This makes the kgss layer
fully transparent to VIMAGE and not even required to be aware of it.

It is responsibility of the rpcsec_gss module to have curvnet set on the
calling thread when doing RPC calls via kgssapi.

This change should enable proper operation of an NFS server with gssd(8)
in a VIMAGE jail.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

glebius created this revision.Apr 21 2026, 5:55 PM

Herald added a subscriber: imp. · View Herald TranscriptApr 21 2026, 5:55 PM

glebius requested review of this revision.Apr 21 2026, 5:55 PM

Harbormaster completed remote builds in B72424: Diff 176024.Apr 21 2026, 5:55 PM

glebius added a parent revision: D56561: kgss: remove unnecessary CURVNET_SET() and kgss_gssd_handle checks.Apr 21 2026, 5:55 PM

This looks fine to me.

For the old way done in FreeBSD-14, the kgss_gssd_handle
would be set NULL when the gssd daemon terminated, at least
when it happened gracefully.

I assume that, for netlink, this never happens?
(ie. Once clnt_nl_create() creates it, it lives forever.)
--> Which means checking for it being non-NULL is a waste

of time?

This revision is now accepted and ready to land.Apr 21 2026, 10:12 PM

In D56562#1294701, @rmacklem wrote:
For the old way done in FreeBSD-14, the kgss_gssd_handle
would be set NULL when the gssd daemon terminated, at least
when it happened gracefully.

I assume that, for netlink, this never happens?
(ie. Once clnt_nl_create() creates it, it lives forever.)
--> Which means checking for it being non-NULL is a waste
of time?

We have code under #if 0 that implements module unload. It actually should set client to NULL after clnt_destroy(). That's why I left these checks as is, keeping it one change at a time.

However, I agree that we should most likely remove them. As we have rpc_gss module as a proper depend on kggsapi module, and the rpc_gss module always grabs the pointer with kgss_gssd_client() that does CLNT_ACQUIRE()we can actually implement the unload in a manner that through the module lifetime the pointer is never NULL. And module allows unload only when there are no references and no depending modules. But that's definitely a separate patch not to be mixed with this one.

In D56562#1295197, @glebius wrote:
In D56562#1294701, @rmacklem wrote:
For the old way done in FreeBSD-14, the kgss_gssd_handle
would be set NULL when the gssd daemon terminated, at least
when it happened gracefully.

I assume that, for netlink, this never happens?
(ie. Once clnt_nl_create() creates it, it lives forever.)
--> Which means checking for it being non-NULL is a waste
of time?
We have code under #if 0 that implements module unload. It actually should set client to NULL after clnt_destroy(). That's why I left these checks as is, keeping it one change at a time.

However, I agree that we should most likely remove them. As we have rpc_gss module as a proper depend on kggsapi module, and the rpc_gss module always grabs the pointer with kgss_gssd_client() that does CLNT_ACQUIRE()we can actually implement the unload in a manner that through the module lifetime the pointer is never NULL. And module allows unload only when there are no references and no depending modules. But that's definitely a separate patch not to be mixed with this one.