Re: problems with nfsd dentry validation

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sun, 17 Aug 1997 18:13:21 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Evans: "Re: [patch] QNX-style scheduling v1.07"
Previous message: Bruce Thompson: "Re: UDP network problem"

> (1) Server has valid dentry and has bumped the use count so it can't
> disappear locally. Client modifies packet to install a bogus dentry
> pointer. Server calls d_validate, finds that the dentry doesn't exist
> and returns error. But the dentry count has now leaked -- I don't see
> how the server can do an eventual dput() to release the original dentry.

It should get timed out - NFS has no "close" functionality.

> previously good one. Server calls d_validate, and sometimes the
> inserted pointer is still valid. Server processes call, but there's now
> an extra reference to a dentry. Eventual dput() corrupts the dentry
> tree.
>
> Also, there's a problem with the fh_copy routine, which can add a
> reference to a dentry. (i.e. if dvalidate is set, doing a fh_copy adds
> a reference to the dentry without doing a dget().)

The easiest approach to this is probably to use the MDx routines in the
kernel to secure hash a combination of the dentry and a randomly created
kernel secret chosen at boot time and the client IP address. It takes
very few clocks to verify these.

Alan

Next message: Chris Evans: "Re: [patch] QNX-style scheduling v1.07"
Previous message: Bruce Thompson: "Re: UDP network problem"