lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Jan 2024 14:21:03 +0100
From: Lorenzo Bianconi <lorenzo@...nel.org>
To: Jeff Layton <jlayton@...nel.org>
Cc: Chuck Lever <chuck.lever@...cle.com>, NeilBrown <neilb@...e.de>,
	linux-nfs@...r.kernel.org, lorenzo.bianconi@...hat.com,
	kuba@...nel.org, horms@...nel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v6 3/3] NFSD: add write_ports to netlink command

> On Tue, 2024-01-23 at 10:59 +0100, Lorenzo Bianconi wrote:
> > > On Tue, Jan 23, 2024 at 08:35:07AM +1100, NeilBrown wrote:
> > > > On Tue, 23 Jan 2024, Jeff Layton wrote:
> > > > > On Sat, 2024-01-20 at 18:33 +0100, Lorenzo Bianconi wrote:
> > > > > > Introduce write_ports netlink command. For listener-set, userspace is
> > > > > > expected to provide a NFS listeners list it wants to enable (all the
> > > > > > other ports will be closed).
> > > > > > 
> > > > > 
> > > > > Ditto here. This is a change to a declarative interface, which I think
> > > > > is a better way to handle this, but we should be aware of the change.
> > > > 
> > > > I agree it is better, and thanks for highlighting the change.
> > > > 
> > > > > > +	/* 2- remove stale listeners */
> > > > > 
> > > > > 
> > > > > The old portlist interface was weird, in that it was only additive. You
> > > > > couldn't use it to close a listening socket (AFAICT). We may be able to
> > > > > support that now with this interface, but we'll need to test that case
> > > > > carefully.
> > > > 
> > > > Do we ever want/need to remove listening sockets?
> > > 
> > > I think that might be an interesting use case. Disabling RDMA, for
> > > example, should kill the RDMA listening endpoints but leave
> > > listening sockets in place.
> > > 
> > > But for now, our socket listeners are "any". Wondering how net
> > > namespaces play into this.
> > > 
> > > 
> > > > Normal practice when making any changes is to stop and restart where
> > > > "stop" removes all sockets, unexports all filesystems, disables all
> > > > versions.
> > > > I don't exactly object to supporting fine-grained changes, but I suspect
> > > > anything that is not used by normal service start will hardly ever be
> > > > used in practice, so will not be tested.
> > > 
> > > Well, there is that. I guess until we have test coverage for NFSD
> > > administrative interfaces, we should leave well enough alone.
> > 
> > So to summarize it:
> > - we will allow to remove enabled versions (as it is in patch v6 2/3)
> > - we will allow to add new listening sockets but we will not allow to remove
> >   them (the user/admin will need to stop/start the server).
> > 
> > Agree? If so I will work on it and post v7.
> > 
> > 
> 
> That sounds about right to me. We could eventually relax the restriction
> about removing sockets later, but for now it's probably best to prohibit
> it (like Neil suggests).

Do we want to add even the capability to specify the socket file descriptor
(similar to what we do in __write_ports_addfd())?

Regards,
Lorenzo

> 
> 
> > 
> > > 
> > > 
> > > > So if it is easiest to support reverting previous configuration (as it
> > > > probably is for version setting), then do so.  But if there is any
> > > > complexity (as maybe there is with listening sockets), then don't
> > > > add complexity that won't be used.
> > > > 
> > > > Thanks,
> > > > NeilBrown
> > > 
> > > -- 
> > > Chuck Lever
> 
> -- 
> Jeff Layton <jlayton@...nel.org>

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ