linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Bruce Fields <bfields@fieldses.org>
To: dai.ngo@oracle.com
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
	Steve Dickson <steved@redhat.com>,
	Olga Kornievskaia <olga.kornievskaia@gmail.com>,
	Chuck Lever <chuck.lever@oracle.com>
Subject: Re: server-to-server copy by default
Date: Mon, 1 Nov 2021 15:33:46 -0400	[thread overview]
Message-ID: <20211101193346.GD14427@fieldses.org> (raw)
In-Reply-To: <1500403d-6aa1-3909-d44f-b33c1c1f3ce2@oracle.com>

On Mon, Nov 01, 2021 at 10:37:11AM -0700, dai.ngo@oracle.com wrote:
> 
> On 10/21/21 11:34 PM, dai.ngo@oracle.com wrote:
> >On 10/21/21 7:02 AM, Bruce Fields wrote:
> >>On Wed, Oct 20, 2021 at 10:00:41PM -0700, dai.ngo@oracle.com wrote:
> >>>The attack can come from the replies of the source server or requests
> >>>from the source server to the destination server via the back channel.
> >>>One of possible attack in the reply is BAD_STATEID which was handled
> >>>by the client code as mentioned by Olga.
> >>>
> >>>Here is the list of NFS requests made from the destination to the
> >>>source server:
> >>>
> >>>         EXCHANGE_ID
> >>>         CREATE_SESSION
> >>>         RECLAIM_COMLETE
> >>>         SEQUENCE
> >>>         PUTROOTFH
> >>>         PUTHF
> >>>         GETFH
> >>>         GETATTR
> >>>         READ/READ_PLUS
> >>>         DESTROY_SESSION
> >>>         DESTROY_CLIENTID
> >>>
> >>>Do you think we should review all replies from these requests to make
> >>>sure error replies do not cause problems for the destination server?
> >>That's the exactly the sort of analysis I was curious to see, yes.
> >
> >I will go through these requests to see if is there is anything that
> >we need to do to ensure the destination does not react negatively
> >on the replies.
> 
> still need to be done.
> 
> >
> >>
> >>(I doubt the PUTROOTFH, PUTFH, GETFH, and GETATTR are really necessary,
> >>I wonder if there's any way we could just bypass them in our case.  I
> >>don't know, maybe that's more trouble than it's worth.)
> >
> >I'll take a look but I think we should avoid modifying the client
> >code if possible.
> >
> >>
> >>>same for the back channel ops:
> >>>
> >>>         OP_CB_GETATTR
> >>>         OP_CB_RECALL
> >>>         OP_CB_LAYOUTRECALL
> >>>         OP_CB_NOTIFY
> >>>         OP_CB_PUSH_DELEG
> >>>         OP_CB_RECALL_ANY
> >>>         OP_CB_RECALLABLE_OBJ_AVAIL
> >>>         OP_CB_RECALL_SLOT
> >>>         OP_CB_SEQUENCE
> >>>         OP_CB_WANTS_CANCELLED
> >>>         OP_CB_NOTIFY_LOCK
> >>>         OP_CB_NOTIFY_DEVICEID
> >>>         OP_CB_OFFLOAD
> >>There shouldn't be any need for callbacks at all.  We might be able to
> >>get away without even setting up a backchannel.  But, yes, if the server
> >>tries to send one anyway, it'd be good to know we do something
> >>reasonable.
> >
> >or do not specify the back channel when creating the session somehow.
> >I will report back.
> 
> We can not disable the back channel of the SSC v4.2 mount since it might
> share the same connection with a regular NFSv4.2 mount from the destination
> to the source server.

Hm.

Well, now that I think of it, a backchannel is probably required for the
SSC case anyway.  (I think CB_RECALL_SLOT is mandatory to support?)

--b.

  reply	other threads:[~2021-11-01 19:33 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-20 15:54 server-to-server copy by default J. Bruce Fields
2021-10-20 16:00 ` Chuck Lever III
2021-10-20 16:33   ` Olga Kornievskaia
2021-10-20 19:03     ` dai.ngo
2021-10-20 20:29       ` Bruce Fields
2021-10-21  5:00         ` dai.ngo
2021-10-21 14:02           ` Bruce Fields
2021-10-22  6:34             ` dai.ngo
2021-10-22 12:58               ` Bruce Fields
2021-11-01 17:37               ` dai.ngo
2021-11-01 19:33                 ` Bruce Fields [this message]
2021-11-01 19:55                   ` dai.ngo
2021-10-20 17:24   ` Steve Dickson
2021-10-20 17:51     ` Chuck Lever III
2021-10-20 16:37 ` Olga Kornievskaia
2021-10-20 17:45   ` Chuck Lever III
2021-10-20 18:15     ` Bruce Fields
2021-10-20 19:04       ` Chuck Lever III
2021-10-21 13:43         ` Steve Dickson
2021-10-21 13:56         ` Bruce Fields
2021-10-21 14:13         ` Bruce Fields
2021-10-21 14:22           ` Trond Myklebust
2021-10-21 14:38             ` bfields
2021-10-20 18:00   ` J. Bruce Fields
2021-11-01 18:22 ` Charles Hedrick
2021-11-01 19:25   ` Steve Dickson
2021-11-01 19:44     ` Charles Hedrick

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211101193346.GD14427@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=dai.ngo@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=olga.kornievskaia@gmail.com \
    --cc=steved@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).