| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Sep 2018 17:08:54 +0100
From: David Howells <dhowells@...hat.com>
To: viro@...iv.linux.org.uk
Cc: dhowells@...hat.com, linux-afs@...ts.infradead.org,
keyrings@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 0/6] afs: DNS and VL server handling improvements
Hi Al,
Here's a set of patches that improves Volume Location server handling in
the AFS filesystem and improves the DNS resolver code to allow server lists
(with addresses, priorities and weights for each server).
The highlights of this patchset are:
(1) Permit a binary blob to be attached to be attached to a dns_resolver
type key in lieu of a text one. The first byte of the payload must be
0 to cause existing text parsers to error out with EINVAL. However,
the "server list" feature must be requested by putting "srv=1" into
the callout info, which is passed to the upcall.
(2) Clean up the address list handling in AFS.
(3) Introduce a 'VL server list' concept in AFS with rotation, analogous
to the fileserver list and rotation. For the moment VL server
rotation takes a simple round-robin approach and pays no attention to
the priority and weight assigned to each server.
The patches will work as-is with the current keyutils package as the
"srv=1" option will just be ignored and a text list of addresses will be
used to instantiate the key. The modified AFS code still handles this.
To make the server list feature work properly, the keyutils package will
need updating to 1.5.12, the proposed commits for which can be found here:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/log/?h=next
that will allow the program run by request-key to be overridden for
"afsdb:" dns_resolver keys by the kafs-client program. The kafs-client
program changes to make server list resolving work can be found here:
http://git.infradead.org/users/dhowells/kafs-client.git/shortlog/refs/heads/next
along with code to allow static configuration to be used instead.
The kernel patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-dns
David
---
David Howells (6):
dns: Allow the dns resolver to retrieve a server set
afs: Do better max capacity handling on address lists
afs: afs_end_vnode_operation() needs to translate abort codes to errors
afs: Differentiate VL servers
afs: Always build address lists using the helper functions
afs: Sort address lists so that they are in logical ascending order
fs/afs/Makefile | 2
fs/afs/addr_list.c | 209 ++++++++++++++----------------
fs/afs/cell.c | 39 +++---
fs/afs/dynroot.c | 2
fs/afs/internal.h | 114 ++++++++++++++---
fs/afs/proc.c | 44 +++---
fs/afs/rotate.c | 6 -
fs/afs/server.c | 42 ++----
fs/afs/vl_list.c | 289 ++++++++++++++++++++++++++++++++++++++++++
fs/afs/vl_rotate.c | 239 +++++++++++++++++++++++++++++++++++
fs/afs/vlclient.c | 32 ++---
fs/afs/volume.c | 52 ++------
net/dns_resolver/dns_key.c | 61 ++++++++-
net/dns_resolver/dns_query.c | 5 -
14 files changed, 866 insertions(+), 270 deletions(-)
create mode 100644 fs/afs/vl_list.c
create mode 100644 fs/afs/vl_rotate.c
Powered by blists - more mailing lists