From: Sage Weil <sage@newdream.net>
To: Andi Kleen <andi@firstfloor.org>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/20] ceph: Ceph distributed file system client v0.10
Date: Thu, 16 Jul 2009 10:11:48 -0700 (PDT) [thread overview]
Message-ID: <Pine.LNX.4.64.0907161004080.8026@cobra.newdream.net> (raw)
In-Reply-To: <87hbxcx182.fsf@basil.nowhere.org>
On Thu, 16 Jul 2009, Andi Kleen wrote:
> Sage Weil <sage@newdream.net> writes:
>
> > This is v0.10 of the Ceph distributed file system client.
> >
> > Changes since v0.9:
> > - fixed unaligned memory access (thanks for heads up to Stefan Richter)
> > - a few code cleanups
> > - MDS reconnect and op replay bugfixes. (The main milestone here is
> > stable handling of MDS server failures and restarts, tested by
> > running various workloads with the servers in restart loops.)
> >
> > What would people like to see for this to be merged into fs/?
>
> Some more comments in the code probably wouldn't help. e.g. each
> file should have some description at the top what it does.
Will do.
> What I always wonder with new complex networking protocols
> (which ceph essentially is): has there been some auditing/testing
> what happens when a server feeds unexpected/out of bounds data
> to the client? e.g. a security audit would be good. Otherwise
> you might end up with remote exploits.
There are some macros I use for parsing incoming messages that check the
message bounds, so there's no danger of walking past the end of the
message (see decode.h in patch 15/20).
I don't always verify that things like element counts are "sane", though,
so there's currently the possibility of trying to allocate large chunks of
memory. Protecting against that sort of malicious data from the server is
difficult in general, and I'm not sure what the best approach is. The
server needs to be trusted to some extent or another. Client and server
authentication isn't implemented yet, but the plan is for the client to
have a cryptographic key (or keys) to authenticate both itself and the
server before exchanging any meaningful data.
sage
next prev parent reply other threads:[~2009-07-16 17:11 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-15 21:24 [PATCH 00/20] ceph: Ceph distributed file system client v0.10 Sage Weil
2009-07-15 21:24 ` [PATCH 01/20] ceph: documentation Sage Weil
2009-07-15 21:24 ` [PATCH 02/20] ceph: on-wire types Sage Weil
2009-07-15 21:24 ` [PATCH 03/20] ceph: client types Sage Weil
2009-07-15 21:24 ` [PATCH 04/20] ceph: super.c Sage Weil
2009-07-15 21:24 ` [PATCH 05/20] ceph: inode operations Sage Weil
2009-07-15 21:24 ` [PATCH 06/20] ceph: directory operations Sage Weil
2009-07-15 21:24 ` [PATCH 07/20] ceph: file operations Sage Weil
2009-07-15 21:24 ` [PATCH 08/20] ceph: address space operations Sage Weil
2009-07-15 21:24 ` [PATCH 09/20] ceph: MDS client Sage Weil
2009-07-15 21:24 ` [PATCH 10/20] ceph: OSD client Sage Weil
2009-07-15 21:24 ` [PATCH 11/20] ceph: CRUSH mapping algorithm Sage Weil
2009-07-15 21:24 ` [PATCH 12/20] ceph: monitor client Sage Weil
2009-07-15 21:24 ` [PATCH 13/20] ceph: capability management Sage Weil
2009-07-15 21:24 ` [PATCH 14/20] ceph: snapshot management Sage Weil
2009-07-15 21:24 ` [PATCH 15/20] ceph: messenger library Sage Weil
2009-07-15 21:24 ` [PATCH 16/20] ceph: nfs re-export support Sage Weil
2009-07-15 21:24 ` [PATCH 17/20] ceph: ioctls Sage Weil
2009-07-15 21:24 ` [PATCH 18/20] ceph: debugging Sage Weil
2009-07-15 21:24 ` [PATCH 19/20] ceph: debugfs Sage Weil
2009-07-15 21:24 ` [PATCH 20/20] ceph: Kconfig, Makefile Sage Weil
2009-07-16 12:27 ` [PATCH 18/20] ceph: debugging Andi Kleen
2009-07-16 17:17 ` Sage Weil
2009-07-17 18:07 ` Sage Weil
2009-07-17 18:56 ` Andi Kleen
2009-07-17 19:52 ` Sage Weil
2009-07-17 20:01 ` Andi Kleen
2009-07-17 21:35 ` Sage Weil
2009-07-17 21:51 ` Andi Kleen
2009-07-15 22:05 ` common layout xattr Andreas Dilger
2009-07-15 22:19 ` Sage Weil
2009-07-16 5:13 ` Andreas Dilger
2009-07-16 22:29 ` Sage Weil
2009-07-17 4:45 ` Andreas Dilger
2009-07-18 4:51 ` Sage Weil
2009-07-16 19:27 ` [PATCH 16/20] ceph: nfs re-export support J. Bruce Fields
2009-07-16 19:50 ` Sage Weil
2009-07-16 21:21 ` Trond Myklebust
2009-07-16 22:07 ` Sage Weil
2009-07-17 14:05 ` J. Bruce Fields
2009-07-17 16:49 ` Sage Weil
2009-07-17 16:57 ` J. Bruce Fields
2009-07-16 12:31 ` [PATCH 02/20] ceph: on-wire types Andi Kleen
2009-07-16 16:58 ` Sage Weil
2009-07-16 3:59 ` [PATCH 00/20] ceph: Ceph distributed file system client v0.10 Noah Watkins
2009-07-16 17:03 ` Sage Weil
2009-07-16 12:26 ` Andi Kleen
2009-07-16 17:11 ` Sage Weil [this message]
2009-07-18 1:28 ` Chris Wright
2009-07-18 4:39 ` Sage Weil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0907161004080.8026@cobra.newdream.net \
--to=sage@newdream.net \
--cc=andi@firstfloor.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).