On Thu, Sep 22, 2016 at 11:36:07AM -0400, Jeff Layton wrote: > On Thu, 2016-09-22 at 10:46 -0400, J. Bruce Fields wrote: > > On Thu, Sep 22, 2016 at 07:07:03AM -0400, Jeff Layton wrote: > > > > > > On Wed, 2016-09-21 at 14:03 -0400, J. Bruce Fields wrote: > > > > > > > > Clients mounting multiple servers with the "migration" option may find > > > > some mounts are made from the incorrect server. > > > > > > > > I think this is really a bug in RFC 7931, and that RFC and the client > > > > need fixing, but this is easy to mitigate on the server. I'll make an > > > > attempt at a client patch too. > > > > > > > > --b. > > > > > > > > > > > > > > Both look reasonable to me: > > > > > > Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx> > > > > Thanks. The below (untested) is what I was thinking of for the client. > > > > --b. > > > > commit 0d210faff69c > > Author: J. Bruce Fields <bfields@xxxxxxxxxx> > > Date: Wed Sep 21 15:49:21 2016 -0400 > > > > nfs: fix false positives in nfs40_walk_client_list() > > > > It's possible that two different servers can return the same (clientid, > > verifier) pair purely by coincidence. Both are 64-bit values, but > > depending on the server implementation, they can be highly predictable > > and collisions may be quite likely, especially when there are lots of > > servers. > > > > So, check for this case. If the clientid and verifier both match, then > > we actually know they *can't* be the same server, since a new > > SETCLIENTID to an already-known server should have changed the verifier. > > > > This helps fix a bug that could cause the client to mount a filesystem > > from the wrong server. > > > > Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx> > > > > diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c > > index cd3b7cfdde16..a8cdb94d313c 100644 > > --- a/fs/nfs/nfs4client.c > > +++ b/fs/nfs/nfs4client.c > > @@ -461,6 +461,11 @@ static bool nfs4_match_client_owner_id(const struct nfs_client *clp1, > > return strcmp(clp1->cl_owner_id, clp2->cl_owner_id) == 0; > > } > > > > +static bool nfs4_same_verifier(nfs4_verifier *v1, nfs4_verifier *v2) > > +{ > > + return 0 == memcmp(v1->data, v2->data, sizeof(v1->data)); > > +} > > + > > /** > > * nfs40_walk_client_list - Find server that recognizes a client ID > > * > > @@ -518,7 +523,20 @@ int nfs40_walk_client_list(struct nfs_client *new, > > > > if (!nfs4_match_client_owner_id(pos, new)) > > continue; > > - > > + /* > > + * We just sent a new SETCLIENTID, which should have > > + * caused the server to return a new cl_confirm. So if > > + * cl_confirm is the same, then this is a different > > + * server that just returned the same cl_confirm by > > + * coincidence: > > + */ > > + if (nfs4_same_verifier(&pos->cl_confirm, &new->cl_confirm)) > > + continue; > > + /* > > + * But if the cl_confirm's are different, then the only > > + * way that a SETCLIENTID_CONFIRM to pos can succeed is > > + * if new and pos point to the same server: > > + */ > > atomic_inc(&pos->cl_count); > > spin_unlock(&nn->nfs_client_lock); > > > > Looks ok too. Trying to graft trunking onto v4.0 seems pretty kludgy in > general, so that's probably the best you can do. > > Acked-by: Jeff Layton <jlayton@xxxxxxxxxx> Ugh, I totally missed that this loop in nfs40_walk_client list counts on the new client itself being in the list so that the normal case is handled on the last iteration with new == pos. So I need: + if ((new != pos) && nfs4_same_verifier(&pos->cl_confirm, + &new->cl_confirm)) + continue; I wonder if that code's a little too clever for its own good--but I don't think I want to fool with it. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html