lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 21 Dec 2017 12:09:28 +1100
From:   NeilBrown <neilb@...e.com>
To:     Ian Kent <raven@...maw.net>, autofs@...r.kernel.org
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [ANNOUNCE] autofs 5.1.2 release

On Wed, Dec 20 2017, Ian Kent wrote:

> On 20/12/17 13:52, Ian Kent wrote:
>> On 20/12/17 11:29, NeilBrown wrote:
>>>
>>> Hi Ian,
>>>  I've been looking at:
>>>
>>>> - add configuration option to use fqdn in mounts.
>>>
>>> (commit 9aeef772604) because using this new option causes a regression.
>>> If you are using the "replicated server" functionality, then
>>>   use_hostname_for_mounts = yes
>>> completely disables it.
>> 
>> Yes, that's not quite right.
>> 
>> It disables the probe and proximity check for each distinct host
>> name used.
>> 
>> Each of the entries in the list of hosts should still be
>> attempted and given that NFS ping is also now used in the NFS
>> mount module what's lost is the preferred ordering of the hosts
>> list.
>> 
>>>
>>> This is caused by:
>>>
>>> diff --git a/modules/replicated.c b/modules/replicated.c
>>> index 32860d5fe245..8437f5f3d5b2 100644
>>> --- a/modules/replicated.c
>>> +++ b/modules/replicated.c
>>> @@ -667,6 +667,12 @@ int prune_host_list(unsigned logopt, struct host **list,
>>>         if (!*list)
>>>                 return 0;
>>>  
>>> +       /* If we're using the host name then there's no point probing
>>> +        * avialability and respose time.
>>> +        */
>>> +       if (defaults_use_hostname_for_mounts())
>>> +               return 1;
>>> +
>>>         /* Use closest hosts to choose NFS version */
>>>
>>> My question is: why what this particular change made.
>> 
>> It was a while ago but there were complains about using the IP
>> address for mounts. It was requested to provide a way to prevent
>> that and force the use of the host name in mounts.
>> 
>>> Why can't prune_host_list() be allowed to do it's thing
>>> when use_hostname_for_mounts is set.
>> 
>> We could if each host name resolved to a single IP address.
>> 
>> I'd need to check that use_hostname_for_mounts doesn't get
>> in the road but the host struct should have ->rr set to true
>> if it has multiple addresses so changing it to work the way
>> your recommending shouldn't be hard. I think there's a couple
>> of places that would need to be checked.
>> 
>> If the host does resolve to multiple addresses the situation
>> is different. There's no way to stop the actual mount from
>> trying an IP address that's not responding and proximity
>> doesn't make sense either again because every time a lookup
>> is done on the host name (eg. at mount time) the next address
>> in its list will be returned which can and usually is different
>> from what would have been checked.
>> 
>>> I understand that it would be pointless choosing between
>>> the different interfaces of a multi-homed host, but there is still value
>>> in choosing between multiple distinct hosts.
>>>
>>> What, if anything, might go wrong if I simply reverse this chunk of the
>>> patch?
>> 
>> You'll get IP addresses in the logs in certain cases but that
>> should be all.
>> 
>> It would probably be better to ensure that the checks are done
>> if the host name resolves to a single IP address.
>
> I think that should be "if the host names in the list each resolve
> to a single IP address", otherwise the round robin behavior would
> probably still get in the road.

I cannot see why the round-robin behavior would get in the road.
It might be pointless to probe each IP address on a multi-homed host if
we are just going to mount by host name, but I don't see how it hurts.

So this is what I'm thinking.  Some simple testing suggests that
it does the right things.

If a host has addresses with different proximity they will still be
probed separately, but this won't affect the final choice.

Thanks,
NeilBrown

--------8<---------------
Subject: use_hostname_for_mounts shouldn't prevent selection among replica

If several replicas have been specified for a mount point, and
use_hostname_for_mount is set to "yes", the selection between
these replicas is currently disabled and the last in the list is always
chosen.

There is little point selecting between different interfaces on the one
host in this case, but it is still worth selecting between different
hosts, particularly if different weights have been specified.

This patch restores the "prune_host_list()" functionality when
use_hostname_for_mount is set, and modifies it slightly so that once
an IP address with a given proximity has been successfully probed,
other IP address for the same host(weight):/path and proximity are ignored.

Signed-off-by: NeilBrown <neilb@...e.com>

diff --git a/modules/replicated.c b/modules/replicated.c
index 3ac4c70f4062..16cf873513ff 100644
--- a/modules/replicated.c
+++ b/modules/replicated.c
@@ -714,7 +714,7 @@ done:
 int prune_host_list(unsigned logopt, struct host **list,
 		    unsigned int vers, int port)
 {
-	struct host *this, *last, *first;
+	struct host *this, *last, *first, *prev;
 	struct host *new = NULL;
 	unsigned int proximity, selected_version = 0;
 	unsigned int v2_tcp_count, v3_tcp_count, v4_tcp_count;
@@ -726,12 +726,6 @@ int prune_host_list(unsigned logopt, struct host **list,
 	if (!*list)
 		return 0;
 
-	/* If we're using the host name then there's no point probing
-	 * avialability and respose time.
-	 */
-	if (defaults_use_hostname_for_mounts())
-		return 1;
-
 	/* Use closest hosts to choose NFS version */
 
 	first = *list;
@@ -877,11 +871,18 @@ int prune_host_list(unsigned logopt, struct host **list,
 
 	first = last;
 	this = first;
+	prev = NULL;
 	while (this) {
 		struct host *next = this->next;
 		if (!this->name) {
 			remove_host(list, this);
 			add_host(&new, this);
+		} else if (defaults_use_hostname_for_mounts() && prev &&
+			   prev->proximity == this->proximity &&
+			   strcmp(prev->name, this->name) == 0 &&
+			   strcmp(prev->path, this->path) == 0 &&
+			   prev->weight == this->weight) {
+			/* No need to probe same host(weight):/path again */
 		} else {
 			status = get_supported_ver_and_cost(logopt, this,
 						selected_version, port);
@@ -889,6 +890,7 @@ int prune_host_list(unsigned logopt, struct host **list,
 				this->version = selected_version;
 				remove_host(list, this);
 				add_host(&new, this);
+				prev = this;
 			}
 		}
 		this = next;

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists