lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Jan 2012 12:40:02 -0500
From:	"J. Bruce Fields" <bfields@...ldses.org>
To:	Stanislav Kinsbursky <skinsbursky@...allels.com>
Cc:	"Trond.Myklebust@...app.com" <Trond.Myklebust@...app.com>,
	"linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
	Pavel Emelianov <xemul@...allels.com>,
	"neilb@...e.de" <neilb@...e.de>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	James Bottomley <jbottomley@...allels.com>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"devel@...nvz.org" <devel@...nvz.org>
Subject: Re: [PATCH 3/5] SUNRPC: create GSS auth cache per network namespace

On Thu, Jan 19, 2012 at 09:04:40PM +0400, Stanislav Kinsbursky wrote:
> 19.01.2012 20:31, J. Bruce Fields пишет:
> >On Thu, Jan 19, 2012 at 06:49:23PM +0400, Stanislav Kinsbursky wrote:
> >>@@ -1000,6 +996,7 @@ static int svcauth_gss_handle_init(struct svc_rqst *rqstp,
> >>  	struct xdr_netobj tmpobj;
> >>  	struct rsi *rsip, rsikey;
> >>  	int ret;
> >>+	struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
> >
> >OK, so you're getting the network namespace out of the rqstp, and, then
> >passing it down, makes sense.  And:
> >
> >>@@ -1079,6 +1076,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
> >>  	__be32		*rpcstart;
> >>  	__be32		*reject_stat = resv->iov_base + resv->iov_len;
> >>  	int		ret;
> >>+	struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
> >
> >... same for the gss cache.  Looks good.
> >
> >How do you plan to test this?
> >
> 
> Do you mean something special or in general?
> Currently I validate all my chages in container by using simple test environment.
> I would be appreciate for any hints to tests, than can help.

The server needs to be tested after these changes, and we need to make
sure the caches affected still work.

(I suspect the gid cache code will oops if it's used after these
patches, since the table is left NULl?)

And then we should also test in a container environment, with different
instances of mountd and rpc.svcidmapd running in each container, to
verify that the right thing happens.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists