| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jan 2012 21:51:59 +0400 From: Stanislav Kinsbursky <skinsbursky@...allels.com> To: "J. Bruce Fields" <bfields@...ldses.org> CC: "Trond.Myklebust@...app.com" <Trond.Myklebust@...app.com>, "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>, Pavel Emelianov <xemul@...allels.com>, "neilb@...e.de" <neilb@...e.de>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, James Bottomley <jbottomley@...allels.com>, "davem@...emloft.net" <davem@...emloft.net>, "devel@...nvz.org" <devel@...nvz.org> Subject: Re: [PATCH 3/5] SUNRPC: create GSS auth cache per network namespace 19.01.2012 21:40, J. Bruce Fields пишет: > On Thu, Jan 19, 2012 at 09:04:40PM +0400, Stanislav Kinsbursky wrote: >> 19.01.2012 20:31, J. Bruce Fields пишет: >>> On Thu, Jan 19, 2012 at 06:49:23PM +0400, Stanislav Kinsbursky wrote: >>>> @@ -1000,6 +996,7 @@ static int svcauth_gss_handle_init(struct svc_rqst *rqstp, >>>> struct xdr_netobj tmpobj; >>>> struct rsi *rsip, rsikey; >>>> int ret; >>>> + struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id); >>> >>> OK, so you're getting the network namespace out of the rqstp, and, then >>> passing it down, makes sense. And: >>> >>>> @@ -1079,6 +1076,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) >>>> __be32 *rpcstart; >>>> __be32 *reject_stat = resv->iov_base + resv->iov_len; >>>> int ret; >>>> + struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id); >>> >>> ... same for the gss cache. Looks good. >>> >>> How do you plan to test this? >>> >> >> Do you mean something special or in general? >> Currently I validate all my chages in container by using simple test environment. >> I would be appreciate for any hints to tests, than can help. > > The server needs to be tested after these changes, and we need to make > sure the caches affected still work. > > (I suspect the gid cache code will oops if it's used after these > patches, since the table is left NULl?) > > And then we should also test in a container environment, with different > instances of mountd and rpc.svcidmapd running in each container, to > verify that the right thing happens. > Ok. I'll test server with 2-nd version of these patches tomorrow and reply with the results. Thanks, Bruce. -- Best regards, Stanislav Kinsbursky -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists