From: Bruce Fields <bfields@fieldses.org>
To: dai.ngo@oracle.com
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Steve Dickson <steved@redhat.com>,
Olga Kornievskaia <olga.kornievskaia@gmail.com>,
Chuck Lever <chuck.lever@oracle.com>
Subject: Re: server-to-server copy by default
Date: Thu, 21 Oct 2021 10:02:43 -0400 [thread overview]
Message-ID: <20211021140243.GB25711@fieldses.org> (raw)
In-Reply-To: <a009cbf3-cb83-b7c8-aa86-2eee06962b68@oracle.com>
Thanks for the persistence:
On Wed, Oct 20, 2021 at 10:00:41PM -0700, dai.ngo@oracle.com wrote:
> The attack can come from the replies of the source server or requests
> from the source server to the destination server via the back channel.
> One of possible attack in the reply is BAD_STATEID which was handled
> by the client code as mentioned by Olga.
>
> Here is the list of NFS requests made from the destination to the
> source server:
>
> EXCHANGE_ID
> CREATE_SESSION
> RECLAIM_COMLETE
> SEQUENCE
> PUTROOTFH
> PUTHF
> GETFH
> GETATTR
> READ/READ_PLUS
> DESTROY_SESSION
> DESTROY_CLIENTID
>
> Do you think we should review all replies from these requests to make
> sure error replies do not cause problems for the destination server?
That's the exactly the sort of analysis I was curious to see, yes.
(I doubt the PUTROOTFH, PUTFH, GETFH, and GETATTR are really necessary,
I wonder if there's any way we could just bypass them in our case. I
don't know, maybe that's more trouble than it's worth.)
> same for the back channel ops:
>
> OP_CB_GETATTR
> OP_CB_RECALL
> OP_CB_LAYOUTRECALL
> OP_CB_NOTIFY
> OP_CB_PUSH_DELEG
> OP_CB_RECALL_ANY
> OP_CB_RECALLABLE_OBJ_AVAIL
> OP_CB_RECALL_SLOT
> OP_CB_SEQUENCE
> OP_CB_WANTS_CANCELLED
> OP_CB_NOTIFY_LOCK
> OP_CB_NOTIFY_DEVICEID
> OP_CB_OFFLOAD
There shouldn't be any need for callbacks at all. We might be able to
get away without even setting up a backchannel. But, yes, if the server
tries to send one anyway, it'd be good to know we do something
reasonable.
--b.
next prev parent reply other threads:[~2021-10-21 14:02 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-20 15:54 server-to-server copy by default J. Bruce Fields
2021-10-20 16:00 ` Chuck Lever III
2021-10-20 16:33 ` Olga Kornievskaia
2021-10-20 19:03 ` dai.ngo
2021-10-20 20:29 ` Bruce Fields
2021-10-21 5:00 ` dai.ngo
2021-10-21 14:02 ` Bruce Fields [this message]
2021-10-22 6:34 ` dai.ngo
2021-10-22 12:58 ` Bruce Fields
2021-11-01 17:37 ` dai.ngo
2021-11-01 19:33 ` Bruce Fields
2021-11-01 19:55 ` dai.ngo
2021-10-20 17:24 ` Steve Dickson
2021-10-20 17:51 ` Chuck Lever III
2021-10-20 16:37 ` Olga Kornievskaia
2021-10-20 17:45 ` Chuck Lever III
2021-10-20 18:15 ` Bruce Fields
2021-10-20 19:04 ` Chuck Lever III
2021-10-21 13:43 ` Steve Dickson
2021-10-21 13:56 ` Bruce Fields
2021-10-21 14:13 ` Bruce Fields
2021-10-21 14:22 ` Trond Myklebust
2021-10-21 14:38 ` bfields
2021-10-20 18:00 ` J. Bruce Fields
2021-11-01 18:22 ` Charles Hedrick
2021-11-01 19:25 ` Steve Dickson
2021-11-01 19:44 ` Charles Hedrick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211021140243.GB25711@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=dai.ngo@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=olga.kornievskaia@gmail.com \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox