From: Greg Banks <gnb@melbourne.sgi.com>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] Re: [NFS] [PATCH 0/3] NLM lock failover
Date: Mon, 07 Aug 2006 14:05:57 +1000 [thread overview]
Message-ID: <1154923557.29877.106.camel@hole.melbourne.sgi.com> (raw)
In-Reply-To: <1154756682.3384.34.camel@localhost.localdomain>
On Sat, 2006-08-05 at 15:44, Wendy Cheng wrote:
> On Fri, 2006-08-04 at 11:51 -0400, Trond Myklebust wrote:
> > On Fri, 2006-08-04 at 10:56 -0400, Wendy Cheng wrote:
> Note that before patch 3-3, the kernel always sets 2-b to
> system_utsname.nodename. For rpc.statd, if RESTRICTED_STATD flag is on,
> the rpc.statd always set 4-b to 127.0.0.1. Without RESTRICTED_STATD on,
> it sets 4-b with whatever was passed by kernel (via 2-b). What (kernel)
> patch 3-3 does is setting 2-b to the floating ip so rpc.statd could get
> the correct ip and pass it into 4-b.
>
> Greg said (I havn't figured out how) without setting 4-b to 127.0.0.1,
> we "may" open a security hole.
Aha, I see what you needed. You could have changed the logic
in the RESTRICTED_STATD case of sm_mon_1_svc() not to ignore the
passed my_addr.s_addr if svc_getcaller(rqstp->rq_xprt) is a
privileged port on localhost. This would probably give you your
logic without reopening the security hole.
> take-over server:
> B-1. mount the subject filesystem
> B-2. "echo 1234 > /proc/fs/nfsd/nlm_set_ip_grace"
> B-3. "rpc.statd -n 10.10.1.1 -N -P /shared_storage/sm_10.10.1.1"
> B-4. bring up 10.10.1.1
> B-5. re-export the filesystem
Umm, don't you want to do B-3 after B-4 and B-5 ? Otherwise
clients might racily fail on the first try.
Also, just curious here, when do you purge the clients' ARP caches?
Greg.
--
Greg Banks, R&D Software Engineer, SGI Australian Software Group.
I don't speak for SGI.
next prev parent reply other threads:[~2006-08-07 4:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-29 17:47 [Cluster-devel] [RFC PATCH 0/3] NLM lock failover Wendy Cheng
2006-08-01 1:55 ` [Cluster-devel] [PATCH " Wendy Cheng
[not found] ` <message from Wendy Cheng on Monday July 31>
2006-08-03 4:14 ` [Cluster-devel] Re: [NFS] " Neil Brown
2006-08-03 21:34 ` Wendy Cheng
2006-08-07 22:38 ` Wendy Cheng
2006-08-04 9:27 ` Greg Banks
2006-08-04 13:27 ` Wendy Cheng
2006-08-04 14:56 ` Wendy Cheng
2006-08-04 15:51 ` Trond Myklebust
2006-08-05 5:44 ` Wendy Cheng
2006-08-07 4:05 ` Greg Banks [this message]
2006-08-07 20:14 ` James Yarbrough
2006-08-07 21:03 ` Wendy Cheng
2006-08-07 4:05 ` Greg Banks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1154923557.29877.106.camel@hole.melbourne.sgi.com \
--to=gnb@melbourne.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).