git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 17 Apr 2025 14:45:55 +0000 (16:45 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Tue, 27 May 2025 04:05:30 +0000 (04:05 +0000)
commit	6048050c5f5d5c6d1e69ed6fd740f34660b16552
tree	98509cda0a398f345d2839e262ab1f000a9ca559	tree \| snapshot
parent	58acb22072a917cbc16cccffae1de5e3f2962d52	commit \| diff

LU-18933 gss: allow expired ctx from server for LDLM callback

When a client receives an ldlm callback request to release a lock,
the server might use an expired reverse context to send this request.
The server might not have any other choice, as it only has a reverse
context and cannot refresh it explicitly. And if the client refuses to
use the associated gss context, it fails to reply to the ldlm callback
request and gets evicted.
In order to avoid this eviction, the client needs to accept the
expired gss context associated with the server request. The client
cannot refresh its own context immediately, as it would not match the
reverse context used by the server. But the client context is going to
be refreshed right after that, along with the subsequent ldlm cancel
request.

sanity-krb5 test_201 is added to exercise this use case.

Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I9bc82731cb7013e07cc09295cb488f52a0034ea9
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/58840
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/include/upcall_cache.h		diff \| blob \| history
lustre/obdclass/upcall_cache.c		diff \| blob \| history
lustre/ptlrpc/gss/gss_svc_upcall.c		diff \| blob \| history
lustre/tests/sanity-krb5.sh		diff \| blob \| history