| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Nov 2023 13:01:14 -0500
From: Jeff Layton <jlayton@...nel.org>
To: Chuck Lever <chuck.lever@...cle.com>
Cc: Lorenzo Bianconi <lorenzo@...nel.org>, linux-nfs@...r.kernel.org,
lorenzo.bianconi@...hat.com, neilb@...e.de, netdev@...r.kernel.org,
kuba@...nel.org
Subject: Re: [PATCH v5 3/3] NFSD: convert write_ports to netlink command
On Thu, 2023-11-30 at 12:39 -0500, Chuck Lever wrote:
> On Thu, Nov 30, 2023 at 11:55:29AM -0500, Jeff Layton wrote:
> > On Thu, 2023-11-30 at 11:22 -0500, Jeff Layton wrote:
> > > On Thu, 2023-11-30 at 10:57 +0100, Lorenzo Bianconi wrote:
> > > > > >
> > > > > > +/* ============== NFSD_CMD_LISTENER_START ============== */
> > > > > > +/* NFSD_CMD_LISTENER_START - do */
> > > > > > +struct nfsd_listener_start_req {
> > > > > > + struct {
> > > > > > + __u32 transport_name_len;
> > > > > > + __u32 port:1;
> > > > > > + } _present;
> > > > > > +
> > > > > > + char *transport_name;
> > > > > > + __u32 port;
> > > > > > +};
> > > > >
> > > > > How do you deconfigure a listener with this interface? i.e. suppose I
> > > > > want to stop nfsd from listening on a particular port? I think this too
> > > > > is a place where a declarative interface would be better:
> > > >
> > > > Is it possible with current APIs? as for 2/3 so far I have just added netlink
> > > > counter for current implementation but I am fine to change the logic here to
> > > > better APIs.
> > > >
> > > > >
> > >
> > > No, I don't think you can do this with the current API at all. I
> > > consider it a major deficiency. I don't think we want to repeat that
> > > mistake in the new interface.
> > >
> > > > > Have userland send down a list of the ports that we should currently be
> > > > > listening on, and let the kernel do the work to match the request. Again
> > > > > too, an empty list could mean "close everything".
> >
> > Another thought: should this interface also report and allow you to
> > specify the address to listen on?
> >
> > When the write_ports interface was first created, it lacked a field for
> > the address to listen on. Later we added a way to just hand off a socket
> > to the kernel to pass that info.
> >
> > I think it's possible today to send down a socket that only listens on a
> > particular address, and you have no real way to tell that with the
> > current "ports" file.
>
> All agreed, but listening on a particular address isn't something we
> need today. (Or is it?)
>
It is for TCP/UDP -- see the -H option to rpc.nfsd.
> Does the socket-passing thing work for non socket-based transports
> like RDMA? I would think that mechanism is legacy.
>
To the contrary actually. rpc.nfsd almost always does this today unless
you're configuring rdma. But, that was just a convenient way to do this
with a fd based interface.
I think with netlink, we just want to send down a list of
(transport_name, sockaddr) pairs and let the kernel open and close the
appropriate sockets. For RDMA, we can just fill out the sa_port field
and ignore the rest.
>
> > Should we instead plumb a complete struct sockaddr_storage (or some
> > other suitable address structure) into this interface?
>
> How difficult would it be to add this later, when we actually have a
> specific use case?
I think we have one now. rpc.nfsd passes down sockets to the kernel for
TCP and UDP listeners, so we need a way to send down a complete sockaddr
for the listeners.
--
Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists