Re: server-to-server copy by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am in general concerned about turning on new features before basic ones work reliably. We’ve had enough different failures that we’ve backup up to NFS 3 for file systems with heavy use.

We first tried turning off delegation. That helped a lot. But we just ran into a two different machine hung trying to lock Chome’s profile. (I sent a bit of information on that one previously.) We had to restart NFS on the server to fix it, and that caused us to lose a bunch of VMs. (That shouldn’t have happened. It looks like ESX misbehaved.) If I could turn off NFS4 locking I would.

> On Oct 20, 2021, at 11:54 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
> 
> knfsd has supported server-to-server copy for a couple years (since
> 5.5).  You have set a module parameter to enable it.  I'm getting asked
> when we could turn that parameter on by default.
> 
> I've got a couple vague criteria: one just general maturity, the other a
> security question:
> 
> 1. General maturity: the only reports I recall seeing are from testers.
> Is anyone using this?  Does it work for them?  Do they find a benefit?
> Maybe we could turn it on by default in one distro (Fedora?) and promote
> it a little and see what that turns up?
> 
> 2. Security question: with server-to-server copy enabled, you can send
> the server a COPY call with any random address, and the server will
> mount that address, open a file, and read from it.  Is that safe?
> 
> Normally we only mount servers that were chosen by root.  Here we'll
> mount any random server that some client told us to.  What's the worst
> that random server can do?  Do we trust our xdr decoding?  Can it DOS us
> by throwing the client's state recovery code into some loop with weird
> error returns?  Etc.
> 
> Maybe it's fine.  I'm OK with some level of risk.  I just want to make
> sure somebody's thought this through.
> 
> There's also interest in allowing unprivileged NFS mounts, but I don't
> think we've turned that on yet, partly for similar reasons.  This is a
> subset of that problem.
> 
> --b.





[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux