From: Steve Dickson <SteveD@redhat.com>
To: NeilBrown <neilb@suse.de>
Cc: bstroesser@ts.fujitsu.com, linux-nfs@vger.kernel.org,
bfields@fieldses.org
Subject: Re: [nfs-utils] [PATCH 0/3] rpc.mountd: fix some vulnerabilities
Date: Wed, 12 Nov 2014 10:58:35 -0500 [thread overview]
Message-ID: <546383AB.6080105@RedHat.com> (raw)
In-Reply-To: <20141112100011.74b6549f@notabene.brown>
On 11/11/2014 06:00 PM, NeilBrown wrote:
>> Here is why they do not work:
>> >
>> > The fd that the write() is getting hung on, is not be created
>> > by the 3 nfs_svc_create() calls in mountd:main(). Its
>> > being created by the accept() when the tcp connection
>> > is created (via SVC_RECV()), so making those fds coming
>> > out of the nfs_svc_create() non-blocking does nothing.
> Just to add to what Bodo replied:
>
> SVC_RECV is a macro which calls .xp_recv, which in the TCP listen
> case is rendezvous_request.
>
> rendezvous_request does the accept:
>
> if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
> &len)) < 0) {
>
> and then
> if (cd->maxrec != 0) {
> flags = fcntl(sock, F_GETFL, 0);
> if (flags == -1)
> return (FALSE);
> if (fcntl(sock, F_SETFL, flags | O_NONBLOCK) == -1)
> return (FALSE);
>
> so if cd->maxrec is not zero, O_NONBLOCK get set.
>
> It gets set through an SVC_CONTROL -> xp_control -> svc_vc_rendezvous_control
>
> call, which no-one ever makes, and it initialised to __svc_maxrec, which is
> set by the rpc_control() call that Bodo mentions.
> So providing rpc_control is called before the service is created, it should
> work fine.
>
> I wonder why it didn't work for you...
Because I didn't apply the 3rd patch because it was marked
as experimental. I figured I would get the first two
patches working and deal with it later...
Plus although I did look at this code, I didn't notice the
setting of the O_NONBLOCK on the fd from the accept.
Thanks for pointing it out....
steved.
next prev parent reply other threads:[~2014-11-12 15:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-05 20:21 [nfs-utils] [PATCH 0/3] rpc.mountd: fix some vulnerabilities bstroesser
2014-11-11 18:24 ` Steve Dickson
2014-11-11 19:01 ` Strösser, Bodo
2014-11-11 23:00 ` NeilBrown
2014-11-12 15:58 ` Steve Dickson [this message]
2014-11-12 18:57 ` Steve Dickson
2014-11-12 19:26 ` Strösser, Bodo
[not found] <61eb00$5dituo@dgate20u.abg.fsc.net>
2014-11-05 21:05 ` J. Bruce Fields
2014-11-05 21:25 ` Strösser, Bodo
[not found] ` <20141106084741.40980d12@notabene.brown>
2014-11-05 21:55 ` J. Bruce Fields
2014-11-06 15:00 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546383AB.6080105@RedHat.com \
--to=steved@redhat.com \
--cc=bfields@fieldses.org \
--cc=bstroesser@ts.fujitsu.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox