All of lore.kernel.org
 help / color / mirror / Atom feed
From: Christian Schoenebeck <linux_oss@crudebyte.com>
To: asmadeus@codewreck.org
Cc: Schspa Shi <schspa@gmail.com>,
	ericvh@gmail.com, lucho@ionkov.net, davem@davemloft.net,
	edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
	v9fs-developer@lists.sourceforge.net, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	syzbot+8f1060e2aaf8ca55220b@syzkaller.appspotmail.com
Subject: Re: [PATCH] 9p: fix crash when transaction killed
Date: Wed, 30 Nov 2022 14:25:59 +0100	[thread overview]
Message-ID: <4084178.bTz7GqEF8p@silver> (raw)
In-Reply-To: <Y4dSfYoU6F8+D8ac@codewreck.org>

On Wednesday, November 30, 2022 1:54:21 PM CET asmadeus@codewreck.org wrote:
> Christian Schoenebeck wrote on Wed, Nov 30, 2022 at 01:43:20PM +0100:
> > > > As for the release case, the next request will have the same tag with
> > > > high probability. It's better to make the tag value to be an increase
> > > > sequence, thus will avoid very much possible req reuse.
> > > 
> > > I'd love to be able to do this, but it would break some servers that
> > > assume tags are small (e.g. using it as an index for a tag array)
> > > ... I thought nfs-ganesha was doing this but they properly put in in
> > > buckets, so that's one less server to worry about, but I wouldn't put
> > > it past some simple servers to do that; having a way to lookup a given
> > > tag for flush is an implementation requirement.
> > 
> > I really think it's time to emit tag number sequentially. If it turns out that
> > it's a server that is broken, we could then simply ignore replies with old/
> > unknown tag number. It would also help a lot when debugging 9p issues in
> > general when you know tag numbers are not re-used (in near future).
> > 
> > A 9p server must not make any assumptions how tag numbers are generated by
> > client, whether dense or sparse, or whatever. If it does then server is
> > broken, which is much easier to fix than synchronization issues we have to
> > deal with like this one.
> 
> Well, it's a one line change: just replace the idr_alloc in the else
> branch of p9_tag_alloc with idr_alloc_cyclic.
> But linux has an history of not breaking userspace, even if it's broken.
> One could argue that the server side of a networked protocol isn't
> as tightly coupled but I still think we should be careful with it --
> adding a new mount option to rever to the old behaviour at the very
> least.

+1 for the mount option.

> I'm also not convinced it'd fix anything here, we're not talking about a
> real server but about a potential attacker -- if a reply comes in with
> the next tag while we're allocating it, we'll get the exact same problem
> as we have right now.
> Frankly, 9p has no security at all so I'm not sure this is something we
> really need to worry about, but bugs are bugs so we might as well fix
> them if someone has the time for that...
> 
> Anyway, I can appreciate that logs will definitely be easier to read, so
> an option to voluntarily switch to cyclic allocation would be more than
> welcome as a first step and shouldn't be too hard to do...

I would actually do it the other way around: generating continuous sequential
tags by default and only reverting back to dense tags if requested by mount
option.

Is there any server implementation known to rely on current dense tag
generation?

If there is really some exotic server somewhere that uses e.g. a simple
constant size array to lookup tags and nobody is able to replace that array by
a hash table or something for whatever reason, then I am pretty sure that
server is limited at other ends as well (e.g. small 'msize'). So what we could
do is adjusting the default behaviour according to the other side and allow to
explicitly set both sequential and dense tags by mount option (i.e. not just
a boolean mount option).

Best regards,
Christian Schoenebeck



  reply	other threads:[~2022-11-30 13:26 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-29 16:22 [PATCH] 9p: fix crash when transaction killed Schspa Shi
2022-11-29 16:26 ` Schspa Shi
2022-11-29 18:23   ` Christian Schoenebeck
2022-11-29 22:38 ` asmadeus
2022-11-30  2:22   ` Schspa Shi
2022-11-30  3:26     ` Schspa Shi
2022-11-30  6:16     ` asmadeus
2022-11-30  8:14       ` Schspa Shi
2022-11-30 11:06         ` asmadeus
2022-11-30 12:43           ` Christian Schoenebeck
2022-11-30 12:54             ` asmadeus
2022-11-30 13:25               ` Christian Schoenebeck [this message]
2022-11-30 13:40                 ` asmadeus
2022-11-30 13:15           ` Schspa Shi
2022-11-30 13:34             ` asmadeus
2022-12-01  2:26               ` Schspa Shi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4084178.bTz7GqEF8p@silver \
    --to=linux_oss@crudebyte.com \
    --cc=asmadeus@codewreck.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=ericvh@gmail.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lucho@ionkov.net \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=schspa@gmail.com \
    --cc=syzbot+8f1060e2aaf8ca55220b@syzkaller.appspotmail.com \
    --cc=v9fs-developer@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.