On Thu, 16 Jul 2009, Andi Kleen wrote: > Sage Weil <sage@xxxxxxxxxxxx> writes: > > > This is v0.10 of the Ceph distributed file system client. > > > > Changes since v0.9: > > - fixed unaligned memory access (thanks for heads up to Stefan Richter) > > - a few code cleanups > > - MDS reconnect and op replay bugfixes. (The main milestone here is > > stable handling of MDS server failures and restarts, tested by > > running various workloads with the servers in restart loops.) > > > > What would people like to see for this to be merged into fs/? > > Some more comments in the code probably wouldn't help. e.g. each > file should have some description at the top what it does. Will do. > What I always wonder with new complex networking protocols > (which ceph essentially is): has there been some auditing/testing > what happens when a server feeds unexpected/out of bounds data > to the client? e.g. a security audit would be good. Otherwise > you might end up with remote exploits. There are some macros I use for parsing incoming messages that check the message bounds, so there's no danger of walking past the end of the message (see decode.h in patch 15/20). I don't always verify that things like element counts are "sane", though, so there's currently the possibility of trying to allocate large chunks of memory. Protecting against that sort of malicious data from the server is difficult in general, and I'm not sure what the best approach is. The server needs to be trusted to some extent or another. Client and server authentication isn't implemented yet, but the plan is for the client to have a cryptographic key (or keys) to authenticate both itself and the server before exchanging any meaningful data. sage -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
