lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <158774158625.3619859.10579201535876583842.stgit@warthog.procyon.org.uk>
Date:   Fri, 24 Apr 2020 16:19:46 +0100
From:   David Howells <dhowells@...hat.com>
To:     linux-afs@...ts.infradead.org
Cc:     Dave Botsch <botsch@....cornell.edu>,
        Jeffrey Altman <jaltman@...istor.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        dhowells@...hat.com
Subject: [PATCH 0/8] afs: NAT-mitigation and other bits


The primary part of this patchset, is intended to help deal with the
effects of using an AFS client that is communicating with a server through
some sort of NAT or firewall, whereby if the just right amount of time
lapses before a third party change is made, the client thinks it still has
a valid callback, but the server's attempt to notify the client of the
change bounces because the NAT/firewall window has closed.  The problem is
that kafs does insufficient probing to maintain the firewall window.

The effect is mitigated in the following ways:

 (1) When an FS.InlineBulkStatus op is sent to the server during a file
     lookup, the FID of the directory being looked up in will now get
     included in the list of vnodes to query.  This will find out more
     quickly if the dir has changed.

 (2) The fileserver is now polled regularly by an independent, timed
     manager rather than only being polled by the rotation algorithm when
     someone does a VFS operation that performs an RPC call.

I have included some other bits in the patchset also:

 (1) Apply uninterruptibility a bit more thoroughly.  There are more places
     that need it yet, but they're harder to fix.

 (2) Use the serverUnique field from the VLDB record to trigger a recheck
     of a fileserver's endpoints rather than doing it on a timed basis
     separately for each fileserver.  This reduces the number of VL RPCs
     performed, albeit it's a minor reduction.

 (3) Note when we have detected the epoch from the fileserver so that the
     code that checks it actually does its stuff.

 (4) Remove some unused bits in the code.

Note that I've spotted some bugs in the fileserver rotation algorithm, but
that's going to need its own rewrite as the structure of it is wrong.

David
---
David Howells (8):
      afs: Always include dir in bulk status fetch from afs_do_lookup()
      afs: Make record checking use TASK_UNINTERRUPTIBLE when appropriate
      afs: Use the serverUnique field in the UVLDB record to reduce rpc ops
      afs: Fix to actually set AFS_SERVER_FL_HAVE_EPOCH
      afs: Remove some unused bits
      afs: Split the usage count on struct afs_server
      afs: Actively poll fileservers to maintain NAT or firewall openings
      afs: Show more information in /proc/net/afs/servers


 fs/afs/cmservice.c         |    8 +
 fs/afs/dir.c               |    9 +
 fs/afs/fs_probe.c          |  280 +++++++++++++++++++++++++++++++++-----------
 fs/afs/fsclient.c          |   24 ++--
 fs/afs/internal.h          |   58 ++++++---
 fs/afs/main.c              |    5 +
 fs/afs/proc.c              |   18 ++-
 fs/afs/rotate.c            |   13 +-
 fs/afs/rxrpc.c             |    2 
 fs/afs/server.c            |  201 +++++++++++++++++++-------------
 fs/afs/server_list.c       |    7 +
 fs/afs/vl_rotate.c         |    4 -
 fs/afs/vlclient.c          |    1 
 fs/afs/volume.c            |   32 +++--
 include/trace/events/afs.h |   22 +++
 15 files changed, 455 insertions(+), 229 deletions(-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ