linux/fs/nfsd
J. Bruce Fields ebd7c72c63 nfsd: randomize SETCLIENTID reply to help distinguish servers
NFSv4.1 has built-in trunking support that allows a client to determine
whether two connections to two different IP addresses are actually to
the same server.  NFSv4.0 does not, but RFC 7931 attempts to provide
clients a means to do this, basically by performing a SETCLIENTID to one
address and confirming it with a SETCLIENTID_CONFIRM to the other.

Linux clients since 05f4c350ee "NFS: Discover NFSv4 server trunking
when mounting" implement a variation on this suggestion.  It is possible
that other clients do too.

This depends on the clientid and verifier not being accepted by an
unrelated server.  Since both are 64-bit values, that would be very
unlikely if they were random numbers.  But they aren't:

knfsd generates the 64-bit clientid by concatenating the 32-bit boot
time (in seconds) and a counter.  This makes collisions between
clientids generated by the same server extremely unlikely.  But
collisions are very likely between clientids generated by servers that
boot at the same time, and it's quite common for multiple servers to
boot at the same time.  The verifier is a concatenation of the
SETCLIENTID time (in seconds) and a counter, so again collisions between
different servers are likely if multiple SETCLIENTIDs are done at the
same time, which is a common case.

Therefore recent NFSv4.0 clients may decide two different servers are
really the same, and mount a filesystem from the wrong server.

Fortunately the Linux client, since 55b9df93dd "nfsv4/v4.1: Verify the
client owner id during trunking detection", only does this when given
the non-default "migration" mount option.

The fault is really with RFC 7931, and needs a client fix, but in the
meantime we can mitigate the chance of these collisions by randomizing
the starting value of the counters used to generate clientids and
verifiers.

Reported-by: Frank Sorenson <fsorenso@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-09-26 15:20:38 -04:00
..
acl.h nfsd4: remove nfs4_acl_new 2014-07-08 17:14:27 -04:00
auth.c nfsd: silence sparse warning about accessing credentials 2014-07-17 16:15:35 -04:00
auth.h nfsd: Remove nfsd_luid, nfsd_lgid, nfsd_ruid and nfsd_rgid 2013-02-13 06:15:51 -08:00
blocklayout.c Highlights: 2016-08-04 19:59:06 -04:00
blocklayoutxdr.c Highlights: 2016-08-04 19:59:06 -04:00
blocklayoutxdr.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
cache.h nfsd: Remove the cache_hash list 2014-08-17 12:00:12 -04:00
current_stateid.h
export.c nfsd: allow nfsd to advertise multiple layout types 2016-07-15 15:31:32 -04:00
export.h nfsd: allow nfsd to advertise multiple layout types 2016-07-15 15:31:32 -04:00
fault_inject.c nfsd: remove old fault injection infrastructure 2014-08-05 10:55:10 -04:00
flexfilelayout.c nfsd: don't set a FL_LAYOUT lease for flexfiles layouts 2016-09-16 16:15:52 -04:00
flexfilelayoutxdr.c nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
flexfilelayoutxdr.h nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
idmap.h nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
Kconfig xfs: abstract block export operations from nfsd layouts 2016-07-15 15:31:29 -04:00
lockd.c lockd: constify nlmsvc_binding structure 2016-01-07 10:10:50 -05:00
Makefile nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
netns.h nfsd: add a LRU list for blocked locks 2016-09-26 15:20:36 -04:00
nfs2acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs3acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs3proc.c don't bother with ->d_inode->i_sb - it's always equal to ->d_sb 2016-04-10 17:11:51 -04:00
nfs3xdr.c A very quiet cycle for nfsd, mainly just an RDMA update from Chuck Lever. 2016-05-24 14:39:20 -07:00
nfs4acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs4callback.c nfsd: plumb in a CB_NOTIFY_LOCK operation 2016-09-26 15:20:35 -04:00
nfs4idmap.c nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
nfs4layouts.c nfsd: don't set a FL_LAYOUT lease for flexfiles layouts 2016-09-16 16:15:52 -04:00
nfs4proc.c nfsd: drop unnecessary MAY_EXEC check from create 2016-08-04 17:11:52 -04:00
nfs4recover.c Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 10:41:00 -07:00
nfs4state.c nfsd: set the MAY_NOTIFY_LOCK flag in OPEN replies 2016-09-26 15:20:37 -04:00
nfs4xdr.c nfsd: fix dprintk in nfsd4_encode_getdeviceinfo 2016-09-23 10:18:52 -04:00
nfscache.c nfsd: remove recurring workqueue job to clean DRC 2015-11-10 09:25:51 -05:00
nfsctl.c nfsd: randomize SETCLIENTID reply to help distinguish servers 2016-09-26 15:20:38 -04:00
nfsd.h nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
nfsfh.c nfsd: check d_can_lookup in fh_verify of directories 2016-08-04 17:11:48 -04:00
nfsfh.h wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
nfsproc.c nfsd: reorganize nfsd_create 2016-08-04 17:11:49 -04:00
nfssvc.c NFSD: fix corruption in notifier registration 2016-09-26 14:17:45 -04:00
nfsxdr.c nfsd: Fix some indent inconsistancy 2016-07-13 15:53:41 -04:00
pnfs.h nfsd: don't set a FL_LAYOUT lease for flexfiles layouts 2016-09-16 16:15:52 -04:00
state.h nfsd: add a LRU list for blocked locks 2016-09-26 15:20:36 -04:00
stats.c drop redundant ->owner initializations 2016-05-29 19:08:00 -04:00
stats.h nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
trace.c nfsd: move include of state.h from trace.c to trace.h 2015-10-23 15:57:29 -04:00
trace.h nfsd: add new io class tracepoint 2016-01-14 17:32:51 -05:00
vfs.c nfsd: fix dentry refcounting on create 2016-08-11 11:42:08 -04:00
vfs.h nfsd: reorganize nfsd_create 2016-08-04 17:11:49 -04:00
xdr3.h nfsd: fix encode_entryplus_baggage stack usage 2014-01-23 13:50:27 -05:00
xdr4.h nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
xdr4cb.h nfsd: plumb in a CB_NOTIFY_LOCK operation 2016-09-26 15:20:35 -04:00
xdr.h nfsd: handle vfs_getattr errors in acl protocol 2013-02-26 02:46:09 -05:00