| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Apr 2020 16:19:46 +0100
From: David Howells <dhowells@...hat.com>
To: linux-afs@...ts.infradead.org
Cc: Dave Botsch <botsch@....cornell.edu>,
Jeffrey Altman <jaltman@...istor.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
dhowells@...hat.com
Subject: [PATCH 0/8] afs: NAT-mitigation and other bits
The primary part of this patchset, is intended to help deal with the
effects of using an AFS client that is communicating with a server through
some sort of NAT or firewall, whereby if the just right amount of time
lapses before a third party change is made, the client thinks it still has
a valid callback, but the server's attempt to notify the client of the
change bounces because the NAT/firewall window has closed. The problem is
that kafs does insufficient probing to maintain the firewall window.
The effect is mitigated in the following ways:
(1) When an FS.InlineBulkStatus op is sent to the server during a file
lookup, the FID of the directory being looked up in will now get
included in the list of vnodes to query. This will find out more
quickly if the dir has changed.
(2) The fileserver is now polled regularly by an independent, timed
manager rather than only being polled by the rotation algorithm when
someone does a VFS operation that performs an RPC call.
I have included some other bits in the patchset also:
(1) Apply uninterruptibility a bit more thoroughly. There are more places
that need it yet, but they're harder to fix.
(2) Use the serverUnique field from the VLDB record to trigger a recheck
of a fileserver's endpoints rather than doing it on a timed basis
separately for each fileserver. This reduces the number of VL RPCs
performed, albeit it's a minor reduction.
(3) Note when we have detected the epoch from the fileserver so that the
code that checks it actually does its stuff.
(4) Remove some unused bits in the code.
Note that I've spotted some bugs in the fileserver rotation algorithm, but
that's going to need its own rewrite as the structure of it is wrong.
David
---
David Howells (8):
afs: Always include dir in bulk status fetch from afs_do_lookup()
afs: Make record checking use TASK_UNINTERRUPTIBLE when appropriate
afs: Use the serverUnique field in the UVLDB record to reduce rpc ops
afs: Fix to actually set AFS_SERVER_FL_HAVE_EPOCH
afs: Remove some unused bits
afs: Split the usage count on struct afs_server
afs: Actively poll fileservers to maintain NAT or firewall openings
afs: Show more information in /proc/net/afs/servers
fs/afs/cmservice.c | 8 +
fs/afs/dir.c | 9 +
fs/afs/fs_probe.c | 280 +++++++++++++++++++++++++++++++++-----------
fs/afs/fsclient.c | 24 ++--
fs/afs/internal.h | 58 ++++++---
fs/afs/main.c | 5 +
fs/afs/proc.c | 18 ++-
fs/afs/rotate.c | 13 +-
fs/afs/rxrpc.c | 2
fs/afs/server.c | 201 +++++++++++++++++++-------------
fs/afs/server_list.c | 7 +
fs/afs/vl_rotate.c | 4 -
fs/afs/vlclient.c | 1
fs/afs/volume.c | 32 +++--
include/trace/events/afs.h | 22 +++
15 files changed, 455 insertions(+), 229 deletions(-)
Powered by blists - more mailing lists