From: Bruce Fields <bfields@fieldses.org>
To: dai.ngo@oracle.com
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Steve Dickson <steved@redhat.com>,
Olga Kornievskaia <olga.kornievskaia@gmail.com>,
Chuck Lever <chuck.lever@oracle.com>
Subject: Re: server-to-server copy by default
Date: Mon, 1 Nov 2021 15:33:46 -0400 [thread overview]
Message-ID: <20211101193346.GD14427@fieldses.org> (raw)
In-Reply-To: <1500403d-6aa1-3909-d44f-b33c1c1f3ce2@oracle.com>
On Mon, Nov 01, 2021 at 10:37:11AM -0700, dai.ngo@oracle.com wrote:
>
> On 10/21/21 11:34 PM, dai.ngo@oracle.com wrote:
> >On 10/21/21 7:02 AM, Bruce Fields wrote:
> >>On Wed, Oct 20, 2021 at 10:00:41PM -0700, dai.ngo@oracle.com wrote:
> >>>The attack can come from the replies of the source server or requests
> >>>from the source server to the destination server via the back channel.
> >>>One of possible attack in the reply is BAD_STATEID which was handled
> >>>by the client code as mentioned by Olga.
> >>>
> >>>Here is the list of NFS requests made from the destination to the
> >>>source server:
> >>>
> >>> EXCHANGE_ID
> >>> CREATE_SESSION
> >>> RECLAIM_COMLETE
> >>> SEQUENCE
> >>> PUTROOTFH
> >>> PUTHF
> >>> GETFH
> >>> GETATTR
> >>> READ/READ_PLUS
> >>> DESTROY_SESSION
> >>> DESTROY_CLIENTID
> >>>
> >>>Do you think we should review all replies from these requests to make
> >>>sure error replies do not cause problems for the destination server?
> >>That's the exactly the sort of analysis I was curious to see, yes.
> >
> >I will go through these requests to see if is there is anything that
> >we need to do to ensure the destination does not react negatively
> >on the replies.
>
> still need to be done.
>
> >
> >>
> >>(I doubt the PUTROOTFH, PUTFH, GETFH, and GETATTR are really necessary,
> >>I wonder if there's any way we could just bypass them in our case. I
> >>don't know, maybe that's more trouble than it's worth.)
> >
> >I'll take a look but I think we should avoid modifying the client
> >code if possible.
> >
> >>
> >>>same for the back channel ops:
> >>>
> >>> OP_CB_GETATTR
> >>> OP_CB_RECALL
> >>> OP_CB_LAYOUTRECALL
> >>> OP_CB_NOTIFY
> >>> OP_CB_PUSH_DELEG
> >>> OP_CB_RECALL_ANY
> >>> OP_CB_RECALLABLE_OBJ_AVAIL
> >>> OP_CB_RECALL_SLOT
> >>> OP_CB_SEQUENCE
> >>> OP_CB_WANTS_CANCELLED
> >>> OP_CB_NOTIFY_LOCK
> >>> OP_CB_NOTIFY_DEVICEID
> >>> OP_CB_OFFLOAD
> >>There shouldn't be any need for callbacks at all. We might be able to
> >>get away without even setting up a backchannel. But, yes, if the server
> >>tries to send one anyway, it'd be good to know we do something
> >>reasonable.
> >
> >or do not specify the back channel when creating the session somehow.
> >I will report back.
>
> We can not disable the back channel of the SSC v4.2 mount since it might
> share the same connection with a regular NFSv4.2 mount from the destination
> to the source server.
Hm.
Well, now that I think of it, a backchannel is probably required for the
SSC case anyway. (I think CB_RECALL_SLOT is mandatory to support?)
--b.
next prev parent reply other threads:[~2021-11-01 19:33 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-20 15:54 server-to-server copy by default J. Bruce Fields
2021-10-20 16:00 ` Chuck Lever III
2021-10-20 16:33 ` Olga Kornievskaia
2021-10-20 19:03 ` dai.ngo
2021-10-20 20:29 ` Bruce Fields
2021-10-21 5:00 ` dai.ngo
2021-10-21 14:02 ` Bruce Fields
2021-10-22 6:34 ` dai.ngo
2021-10-22 12:58 ` Bruce Fields
2021-11-01 17:37 ` dai.ngo
2021-11-01 19:33 ` Bruce Fields [this message]
2021-11-01 19:55 ` dai.ngo
2021-10-20 17:24 ` Steve Dickson
2021-10-20 17:51 ` Chuck Lever III
2021-10-20 16:37 ` Olga Kornievskaia
2021-10-20 17:45 ` Chuck Lever III
2021-10-20 18:15 ` Bruce Fields
2021-10-20 19:04 ` Chuck Lever III
2021-10-21 13:43 ` Steve Dickson
2021-10-21 13:56 ` Bruce Fields
2021-10-21 14:13 ` Bruce Fields
2021-10-21 14:22 ` Trond Myklebust
2021-10-21 14:38 ` bfields
2021-10-20 18:00 ` J. Bruce Fields
2021-11-01 18:22 ` Charles Hedrick
2021-11-01 19:25 ` Steve Dickson
2021-11-01 19:44 ` Charles Hedrick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211101193346.GD14427@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=dai.ngo@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=olga.kornievskaia@gmail.com \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).