From: David Chinner <dgc@sgi.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: David Chinner <dgc@sgi.com>, Greg Banks <gnb@melbourne.sgi.com>,
xfs-dev <xfs-dev@sgi.com>, xfs-oss <xfs@oss.sgi.com>
Subject: Re: [PATCH] Don't initialise new inode generation numbers to zero V2
Date: Mon, 28 Apr 2008 13:11:20 +1000 [thread overview]
Message-ID: <20080428031120.GD103491721@sgi.com> (raw)
In-Reply-To: <20080425085750.GA6395@infradead.org>
On Fri, Apr 25, 2008 at 04:57:50AM -0400, Christoph Hellwig wrote:
> On Tue, Apr 22, 2008 at 03:04:48PM +1000, David Chinner wrote:
> > > I'm confused, why would an NFS client be trying to guess the generation
> > > number? AFAICS the important thing is to ensure that the (inode,gen)
> > > tuple isn't reused for a long time to prevent accidental filehandle
> > > identity issues on clients; whether the gen is predictable or not
> > > doesn't matter at all.
> >
> > Yeah, that's exactly what I said to Christoph, but that's the issue he
> > raised w.r.t a malicious client triggering inode/gen collisions
> > intentionally. If that's not a problem, then I can just use random32()
> > for the inode number. If it is a real problem, then it needs to be
> > a cryptographically secure random number. Personally, I don't care
> > either way - I just want to get the issue fixed.
> >
> > Christoph, care to explain how and why this is a problem to everyone?
>
> XFS has some heuristics for inode placement and of course for removing
> the inode cluster and re-allocting it. I have a gut feeling that there
> is a small chance to trigger a re-use via nfs operations. Making the
> initial generation number random means we remove one of the major
> user-triggerable inputs from the equation.
Ok, so is random32() good enough or does it need to be get_random_int()?
Cheers,
Dave.
--
Dave Chinner
Principal Engineer
SGI Australian Software Group
next prev parent reply other threads:[~2008-04-28 3:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-22 1:58 [PATCH] Don't initialise new inode generation numbers to zero V2 David Chinner
2008-04-22 4:05 ` Greg Banks
2008-04-22 5:04 ` David Chinner
2008-04-25 8:57 ` Christoph Hellwig
2008-04-28 3:11 ` David Chinner [this message]
2008-04-28 5:59 ` Christoph Hellwig
2008-04-28 6:20 ` David Chinner
2008-04-28 6:25 ` Christoph Hellwig
2008-04-28 3:24 ` Greg Banks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080428031120.GD103491721@sgi.com \
--to=dgc@sgi.com \
--cc=gnb@melbourne.sgi.com \
--cc=hch@infradead.org \
--cc=xfs-dev@sgi.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.