From: Chuck Lever <chuck.lever@oracle.com>
To: Bruce Fields <bfields@fieldses.org>
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: audit of the use of SVC_DROP in server reply path
Date: Tue, 13 Sep 2016 11:42:37 -0400 [thread overview]
Message-ID: <B5EAA4EA-81E3-4F57-9899-951F2A8180B3@oracle.com> (raw)
Hi Bruce-
I think the two interesting cases are svc_set_client and svc_authorise.
Who does a "goto dropit;" inside svc_process_common?
• svc_set_client returns SVC_DROP
• When svcauth_gss_set_client calls svc_unix_set_client, which can return SVC_DROP
• When svc_unix_set_client calls cache_check, and it returns -EAGAIN
• When svc_unix_set_client calls unix_gid_find, and it returns -EAGAIN
• svcauth_gss_accept
• when gc_proc == RPC_GSS_PROC_DATA or RPC_GSS_PROC_DESTROY, and gss_check_seq_num fails
• when gc_proc == RPC_GSS_PROC_DESTROY and the result length is larger than a page
• pc_func returns rpc_drop_reply - only used by NLM
• vs_dispatch returns 0
• When nfsd_cache_lookup returns RC_DROPIT (the RPC is already in progress, or the client has retransmitted too soon): the server is going to reply anyway, safe to drop
• pc_func returns nfserr_dropit (NFSv2's JUKEBOX)
• RQ_DROPME is set (deferred requests?)
• pc_encode is NULL - probably rare and inconsequential
• svc_authorise returns non-zero
• svcauth_gss_release returns a negative errno when integrity or privacy reply wrapping fails; i think this needs a connection reset
• incoming RPC header is shorter than 24 bytes - connection reset would be better here anyway, IMO
The question I have is what does SVC_CLOSE mean for a UDP transport?
--
Chuck Lever
next reply other threads:[~2016-09-13 15:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-13 15:42 Chuck Lever [this message]
2016-10-07 21:28 ` audit of the use of SVC_DROP in server reply path Bruce Fields
2016-10-13 13:50 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B5EAA4EA-81E3-4F57-9899-951F2A8180B3@oracle.com \
--to=chuck.lever@oracle.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.