| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Sep 2006 11:09:39 +0200 From: Olaf Kirch <okir@...e.de> To: Trond Myklebust <trond.myklebust@....uio.no> Cc: NeilBrown <neilb@...e.de>, Andrew Morton <akpm@...l.org>, nfs@...ts.sourceforge.net, linux-kernel@...r.kernel.org Subject: Re: [NFS] [PATCH 016 of 19] knfsd: match GRANTED_RES replies using cookies On Fri, Sep 01, 2006 at 12:03:38PM -0400, Trond Myklebust wrote: > Vetoed. The reason why we need the client's IP address as an argument > for nlmsvc_find_block() is 'cos the cookie value is unique to the > _client_ only. In NLM, a cookie can be used to identify the asynchronous reply to the original request. Previously, there was a hack in the code that sends GRANT replies to reuse the original cookie from the client's LOCK request. The protocol spec explicitly says you must not rely on this behavior; the only reason I added this kludge was that some HPUX and SunOS versions did just that. The down side of that kludge is that we are using a client-provided cookie in one of our calls - which means we keep our fingers crossed it doesn't collide with the cookie we generate ourselves. And to reduce the risk, we also check the client IP when searching the nlm_blocked list. But it is incorrect, and a kludge, and the longer I look at this code the more I'm amazed it hasn't blown up. This patch changes the code so that the only cookies we ever use to look up something are those we generate ourselves, so they are globally unique. As a consequence, we can stop using the client's IP when searching the list. > IOW: when we go searching a global list of blocks for a given cookie > value that was sent to us by a given client, then we want to know that > we're only searching through that particular client's blocks. This is no longer true after applying this change. > A better way, BTW, would be to get rid of the global list nlm_blocked, > and just move the list of blocks into a field in the nlm_host for each > client. Given an incoming NLM_GRANTED_RES, how can you look up the nlm_host and the pending NLM_GRANTED_MSG? The reply may not come from any IP address you know of. The whole reason for introducing this cookie nonsense in the NLM specification was that the RPC layer doesn't always give you enough clues to match a callback to the original message. So this is really a bugfix which you *do* want to apply. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@...e.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax -- VGER BF report: H 0.149416 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists