All of lore.kernel.org
 help / color / mirror / Atom feed
From: Simo Sorce <simo@redhat.com>
To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Cc: Nico Williams <nico@cryptonector.com>,
	dhowells <dhowells@redhat.com>,
	linux-nfs@vger.kernel.org, krbdev <krbdev@mit.edu>
Subject: RE: GSSAPI Proxy initiative
Date: Thu, 03 Nov 2011 19:47:04 -0400	[thread overview]
Message-ID: <1320364024.7734.705.camel@willson.li.ssimo.org> (raw)
In-Reply-To: <2E1EB2CF9ED1CB4AA966F0EB76EAB4430BFA90EE@SACMVEXC2-PRD.hq.netapp.com>

On Thu, 2011-11-03 at 15:16 -0700, Myklebust, Trond wrote:

[..]

> No, but we still need to be able to do recovery of rpcsec_gss contexts
> once they are broken, and right now we have a major flaw due to the
> fact that recovery depends on a lot of small processes and data that
> is allowed to be swapped out at the moment when we need them the most
> (i.e. in a memory reclaim situation).
> 
> If the server reboots while our client is in the middle of writing
> back a file (or several files), then the client needs to recover those
> rpcsec_gss contexts that authenticate the processes which own any
> dirty pages that remain to be written out.
> Key security is an irrelevant concern once your kernel deadlocks in an
> OOM state.

[..]

> > Currently credential caches are stored in files, is there a problem
> > with that model ? Do you need access to credential caches from the
> > kernel when under memory pressure ?

> Yes, there is a major problem with that model, and yes we do
> potentially need access to credential caches when in a recovery
> situation (which is a situation when we are usually under memory
> pressure).

This sounds like a catch 22 situation.
Even if the keys are pinned in kernel memory you still need the GSSAPI
Proxy daemon in order to re-establish the security context, and that
process could have been swapped off too.

I am not sure I see a way out here.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York


  reply	other threads:[~2011-11-03 23:47 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-02 21:26 GSSAPI Proxy initiative Simo Sorce
2011-11-02 23:05 ` Simo Sorce
2011-11-03  3:24 ` Nico Williams
2011-11-03 14:58   ` Simo Sorce
2011-11-03 16:05     ` Nico Williams
2011-11-03 16:31       ` Simo Sorce
2011-11-03 18:57         ` Nico Williams
2011-11-03 20:39           ` Trond Myklebust
2011-11-03 20:53             ` Nico Williams
2011-11-03 21:30               ` Simo Sorce
2011-11-03 21:46                 ` Trond Myklebust
2011-11-03 22:00                   ` Simo Sorce
2011-11-03 22:16                     ` Myklebust, Trond
2011-11-03 23:47                       ` Simo Sorce [this message]
2011-11-04 14:34                         ` J. Bruce Fields
2011-11-04 15:13                       ` Nico Williams
2011-11-04 15:36                         ` Nico Williams
2011-11-04 15:55                         ` Adamson, Andy
2011-11-04 16:20                           ` Nico Williams
2011-11-04 16:25                             ` Simo Sorce
2011-11-04 16:43                               ` Nico Williams
2011-11-04 16:30                             ` Adamson, Andy
2011-11-04 16:42                               ` Nico Williams
2011-11-04 14:51                   ` Nico Williams
2011-11-03 21:58             ` Tom Yu
2011-11-03 15:42 ` Nico Williams
2011-11-03 16:10   ` Simo Sorce

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1320364024.7734.705.camel@willson.li.ssimo.org \
    --to=simo@redhat.com \
    --cc=Trond.Myklebust@netapp.com \
    --cc=dhowells@redhat.com \
    --cc=krbdev@mit.edu \
    --cc=linux-nfs@vger.kernel.org \
    --cc=nico@cryptonector.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.