From owner-svn-src-head@FreeBSD.ORG Fri May 22 15:26:06 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1EC5106564A; Fri, 22 May 2009 15:26:06 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 819898FC08; Fri, 22 May 2009 15:26:06 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 3386446B91; Fri, 22 May 2009 11:26:06 -0400 (EDT) Received: from jhbbsd.hudson-trading.com (unknown [209.249.190.8]) by bigwig.baldwin.cx (Postfix) with ESMTPA id 121178A025; Fri, 22 May 2009 11:26:05 -0400 (EDT) From: John Baldwin To: Rick Macklem Date: Fri, 22 May 2009 11:18:48 -0400 User-Agent: KMail/1.9.7 References: <200905201858.n4KIw7Fc040619@svn.freebsd.org> <86r5yhzaso.fsf@ds4.des.no> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200905221118.48669.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (bigwig.baldwin.cx); Fri, 22 May 2009 11:26:05 -0400 (EDT) X-Virus-Scanned: clamav-milter 0.95 at bigwig.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx Cc: svn-src-head@freebsd.org, Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= , svn-src-all@freebsd.org, src-committers@freebsd.org, Rick Macklem Subject: Re: svn commit: r192463 - head/sys/fs/nfsserver X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 15:26:07 -0000 On Friday 22 May 2009 10:32:43 am Rick Macklem wrote: >=20 > On Fri, 22 May 2009, Dag-Erling Sm=F8rgrav wrote: >=20 > > Rick Macklem writes: > >> Log: > >> Although it should never happen, all the nfsv4 server can do > >> when it runs out of clientids is reboot. I had replaced cpu_reboot() > >> with printf(), since cpu_reboot() doesn't exist for sparc64. > >> This change replaces the printf() with panic(), so the reboot > >> would occur for this highly unlikely occurrence. > > > > Regardless of how improbable this is, wouldn't it be better (and > > simpler) to just log an error message and deny further mount requests? > > > Well, it this really is an issue I can just take the check for the > wraparound out and let it continue on. >=20 > Why? >=20 > Because the likelyhood of a clientid issued 4billion time ago (many > many years aka centuries, in practice) being for a client that still > exists and hasn't rebooted or re-acquired a more recent clientid is > essentialy 0 as well. >=20 > In case you haven't done the calculation, 4billion seconds is 136 years. > Since I cannot image a server seeing anything close to 1 new clientid/sec > over an extended period (there could be a burst just after booting), the > wraparound will take centuries to happen (maybe highly unlikely wasn't a > strong enough term). >=20 > Just don't worry about it, rick What about a malicious denial-of-service attack where a malicious client=20 initiates an endless stream of connection attempts to force a panic? I thi= nk=20 that is where the concern lies. I'm sure a malicious client could do it=20 intentionally in less than 136 years, perhaps on the order of seconds and/o= r=20 minutes? :) =2D-=20 John Baldwin