| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jan 2009 15:58:31 -0600 From: "Serge E. Hallyn" <serue@...ibm.com> To: Trond Myklebust <trond.myklebust@....uio.no> Cc: Matt Helsley <matthltc@...ibm.com>, Linux Containers <containers@...ts.linux-foundation.org>, linux-nfs@...r.kernel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, "J. Bruce Fields" <bfields@...ldses.org>, Chuck Lever <chuck.lever@...cle.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linux Containers <containers@...ts.osdl.org>, Cedric Le Goater <clg@...ibm.com> Subject: Re: [RFC][PATCH 2/4] sunrpc: Use utsnamespaces Quoting Trond Myklebust (trond.myklebust@....uio.no): > On Tue, 2009-01-06 at 14:02 -0600, Serge E. Hallyn wrote: > > Quoting Matt Helsley (matthltc@...ibm.com): > > > We can often specify the UTS namespace to use when starting an RPC client. > > > However sometimes no UTS namespace is available (specifically during system > > > shutdown as the last NFS mount in a container is unmounted) so fall > > > back to the initial UTS namespace. > > > > So what happens if we take this patch and do nothing else? > > > > The only potential problem situation will be rpc requests > > made on behalf of a container in which the last task has > > exited, right? So let's say a container did an nfs mount > > and then exits, causing an nfs umount request. > > > > That umount request will now be sent with the wrong nodename. > > Does that actually cause problems, will the server use the > > nodename to try and determine the client sending the request? > > The NFSv2/v3 umount rpc call will be sent by the 'umount' program from > userspace, not the kernel. The problem here is that because lazy mounts > exist, the lifetime of the RPC client may be longer than that of the Right that was what i was referring to. > container. In addition, it may be shared among more than 1 container, > because superblocks can be shared. Good point. And in that case what do we care about (even though apparently we just might not care at all :) - who did the mount, or who is using it? In fact one thing I noticed in Matt's patch 3 was that he copied in the nodename verbatim, so a future hostname() by the container wouldn't be reflected, again not sure if that would matter. > One thing you need to be aware of here is that inode dirty data > writebacks may be initiated by completely different processes than the > one that dirtied the inode. Right, but I *was* thinking that we wanted to associate the nodename on the rpc calls with the hostname of the mounter, not the actor. Maybe you'll tell me above that that is bogus. > IOW: Aside from being extremely ugly, approaches like [PATCH 4/4] which > rely on being able to determine the container-specific node name at RPC > generation time are therefore going to return incorrect values. So should we use patch 2/4, plus (as someone - was it you? - suggested) using a DEFAULT instead of init_utsname()->nodename when current->utsname() == NULL? -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists