From: "J. Bruce Fields" <bfields@fieldses.org>
To: Christoph Hellwig <hch@lst.de>
Cc: akpm@osdl.org, neilb@cse.unsw.edu.au, andros@citi.umich.edu,
linux-fsdevel@vger.kernel.org
Subject: Re: NFS4 crack
Date: Mon, 19 Sep 2005 16:31:43 -0400 [thread overview]
Message-ID: <20050919203143.GC26122@fieldses.org> (raw)
In-Reply-To: <20050919103547.GA8998@lst.de>
On Mon, Sep 19, 2005 at 12:35:47PM +0200, Christoph Hellwig wrote:
> On Sun, Sep 18, 2005 at 10:36:15AM -0400, J. Bruce Fields wrote:
> > On Sun, Sep 18, 2005 at 12:21:00PM +0200, Christoph Hellwig wrote:
> > > The fs handling in fs/nfs/nfs4recovery.c is rather broken in addition.
> >
> > For example?
>
> - opens a directory O_RDWR which open_namei wouldn't even allow
OK, thanks, fixed locally.
> - tries to build dentry list from vfs_readdir callback, leading to
> deadlocks on filesystems that take the same lock from readdir
> and lookup
So it appears that nfsd has long made the requirement that filesystems
not do this. Does this need to be documented somehwere?
> - resets fsuid/fsgids without checks, synchronization or callouts
> into subsystems that care (security, keys, ptrace)
I think the model here was nfsd_setuser(), which does essentially the
same thing. Is this an nfsd bug?
> - looks up /var/lib/nfs/v4recovery without ensuring it's a directory
Oops, thanks.
> and probably a few more if one tried to look at it for more than five
> minutes. This is code that could be a third of the size if written
> in userpsace and actually had a chance to be correct there, nevermind
> the policy violations.
That's a couple good bugs identified, thanks, but I'm not convinced that
this would be significantly simpler from userspace.
We'd need two pieces of user<->kernel interface:
1. An upcall to userspace to tell it about new client state. We
also need to be able to wait for userspace to commit something
to disk, as the information has to survive a reboot.
2. A way for userspace to dump recorded state to the kernel the
next time nfsd starts up.
Number 1 could be done with something like hotplug, I guess. (It can be
told to wait for the userspace helper to exit, right?)
Another file in the nfsd filesystem might work for the second interface.
We also considered accomplishing number 1 by appending records to a log
file. Userspace could hand in a file descriptor to use for this
purpose. We'd still need the second interface.
--b.
next prev parent reply other threads:[~2005-09-19 20:31 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-18 10:21 NFS4 crack Christoph Hellwig
2005-09-18 14:36 ` J. Bruce Fields
2005-09-19 10:35 ` Christoph Hellwig
2005-09-19 13:04 ` Anton Altaparmakov
2005-09-19 13:35 ` J. Bruce Fields
2005-09-19 13:39 ` Christoph Hellwig
2005-09-19 14:07 ` J. Bruce Fields
2005-09-19 14:11 ` Christoph Hellwig
2005-09-19 17:13 ` Bryan Henderson
2005-09-19 17:16 ` Randy.Dunlap
2005-09-19 21:57 ` Bryan Henderson
2005-09-19 22:11 ` Randy.Dunlap
2005-09-20 0:17 ` Bryan Henderson
2005-09-19 18:02 ` Christoph Hellwig
2005-09-19 18:53 ` William A.(Andy) Adamson
2005-09-19 18:59 ` Christoph Hellwig
2005-09-19 22:04 ` Bryan Henderson
2005-09-19 19:01 ` J. Bruce Fields
2005-09-19 19:05 ` Christoph Hellwig
2005-09-19 20:31 ` J. Bruce Fields [this message]
2005-09-20 12:49 ` Greg KH
2005-09-20 15:10 ` William A.(Andy) Adamson
2005-09-20 18:37 ` Neil Brown
2005-09-21 7:44 ` Andrew Morton
2005-09-22 20:58 ` William A.(Andy) Adamson
2005-09-21 13:41 ` Trond Myklebust
2005-09-21 14:40 ` J. Bruce Fields
2005-09-22 16:28 ` Bryan Henderson
2005-09-22 16:52 ` Trond Myklebust
2005-09-22 17:38 ` Peter Staubach
2005-09-22 17:52 ` Trond Myklebust
2005-09-22 18:07 ` Peter Staubach
2005-09-22 21:08 ` Bryan Henderson
2005-09-23 12:17 ` Peter Staubach
2005-09-23 20:50 ` Bryan Henderson
2005-09-23 21:02 ` NFS4 crack\ Al Viro
2005-09-26 16:29 ` Bryan Henderson
2005-09-26 17:13 ` Peter Staubach
2005-09-22 21:48 ` NFS4 crack Nicholas Miell
2005-09-22 22:50 ` Greg Banks
2005-09-22 21:19 ` Bryan Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050919203143.GC26122@fieldses.org \
--to=bfields@fieldses.org \
--cc=akpm@osdl.org \
--cc=andros@citi.umich.edu \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=neilb@cse.unsw.edu.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).