lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4FA345DA4F4AE44899BD2B03EEEC2FA908F914D4@SACEXCMBX04-PRD.hq.netapp.com>
Date:	Sat, 8 Sep 2012 14:33:09 +0000
From:	"Myklebust, Trond" <Trond.Myklebust@...app.com>
To:	Stanislav Kinsbursky <skinsbursky@...allels.com>
CC:	Jeff Layton <jlayton@...hat.com>,
	"bfields@...ldses.org" <bfields@...ldses.org>,
	"linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"devel@...nvz.org" <devel@...nvz.org>
Subject: Re: [PATCH v2] SUNRPC: check current nsproxy before set of node
 name on client creation

On Sat, 2012-09-08 at 08:59 +0300, Stanislav Kinsbursky wrote:
> 08.09.2012 01:32, Myklebust, Trond пишет:
> > On Mon, 2012-08-13 at 08:10 -0400, Jeff Layton wrote:
> >> On Mon, 13 Aug 2012 15:37:31 +0400
> >> Stanislav Kinsbursky <skinsbursky@...allels.com> wrote:
> >>
> >>> v2:
> >>> 1) rpc_clnt_set_nodename() prototype updated.
> >>> 2) fixed errors in comment.
> >>>
> >>> When child reaper exits, it can destroy mount namespace it belongs to, and if
> >>> there are NFS mounts inside, then it will try to umount them. But in this
> >>> point current->nsproxy is set to NULL and all namespaces will be destroyed one
> >>> by one. I.e. we can't dereference current->nsproxy to obtain uts namespace.
> >>>
> >>> Signed-off-by: Stanislav Kinsbursky <skinsbursky@...allels.com>
> >>> ---
> >>>   net/sunrpc/clnt.c |   16 +++++++++++++---
> >>>   1 files changed, 13 insertions(+), 3 deletions(-)
> >>>
> >>> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
> >>> index 9a9676e..8fbcbc8 100644
> >>> --- a/net/sunrpc/clnt.c
> >>> +++ b/net/sunrpc/clnt.c
> >>> @@ -277,8 +277,18 @@ void rpc_clients_notifier_unregister(void)
> >>>   	return rpc_pipefs_notifier_unregister(&rpc_clients_block);
> >>>   }
> >>>   
> >>> -static void rpc_clnt_set_nodename(struct rpc_clnt *clnt, const char *nodename)
> >>> +static void rpc_clnt_set_nodename(struct rpc_clnt *clnt)
> >>>   {
> >>> +	const char *nodename;
> >>> +
> >>> +	/*
> >>> +	 * We have to protect against dying child reaper, which has released
> >>> +	 * its nsproxy already and is trying to destroy mount namespace.
> >>> +	 */
> >>> +	if (current->nsproxy == NULL)
> >>> +		return;
> >>> +
> >>> +	nodename = utsname()->nodename;
> >>>   	clnt->cl_nodelen = strlen(nodename);
> >>>   	if (clnt->cl_nodelen > UNX_MAXNODENAME)
> >>>   		clnt->cl_nodelen = UNX_MAXNODENAME;
> >>> @@ -365,7 +375,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru
> >>>   	}
> >>>   
> >>>   	/* save the nodename */
> >>> -	rpc_clnt_set_nodename(clnt, utsname()->nodename);
> >>> +	rpc_clnt_set_nodename(clnt);
> >>>   	rpc_register_client(clnt);
> >>>   	return clnt;
> >>>   
> >>> @@ -524,7 +534,7 @@ rpc_clone_client(struct rpc_clnt *clnt)
> >>>   	err = rpc_setup_pipedir(new, clnt->cl_program->pipe_dir_name);
> >>>   	if (err != 0)
> >>>   		goto out_no_path;
> >>> -	rpc_clnt_set_nodename(new, utsname()->nodename);
> >>> +	rpc_clnt_set_nodename(new);
> >>>   	if (new->cl_auth)
> >>>   		atomic_inc(&new->cl_auth->au_count);
> >>>   	atomic_inc(&clnt->cl_count);
> >>>
> >>> --
> >>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> >>> the body of a message to majordomo@...r.kernel.org
> >>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >> Acked-by: Jeff Layton <jlayton@...hat.com>
> > OK, colour me confused (again).
> 
> What color?
> 
> > Why should a umount trigger an
> > rpc_create() or rpc_clone_client()?
> 
> It calls nsm_create().
> Here is the trace (https://bugzilla.redhat.com/show_bug.cgi?id=830862, 
> comment 68):

Right, but if we're using NFSv3 lock monitoring, we know in advance that
we're going to need an nsm call to localhost. Why can't we just cache
the one that we used to start lock monitoring in the first place?

-- 
Trond Myklebust
Linux NFS client maintainer

NetApp
Trond.Myklebust@...app.com
www.netapp.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ