• J. Bruce Fields's avatar
    nfsd: randomize SETCLIENTID reply to help distinguish servers · ebd7c72c
    J. Bruce Fields authored
    NFSv4.1 has built-in trunking support that allows a client to determine
    whether two connections to two different IP addresses are actually to
    the same server.  NFSv4.0 does not, but RFC 7931 attempts to provide
    clients a means to do this, basically by performing a SETCLIENTID to one
    address and confirming it with a SETCLIENTID_CONFIRM to the other.
    
    Linux clients since 05f4c350 "NFS: Discover NFSv4 server trunking
    when mounting" implement a variation on this suggestion.  It is possible
    that other clients do too.
    
    This depends on the clientid and verifier not being accepted by an
    unrelated server.  Since both are 64-bit values, that would be very
    unlikely if they were random numbers.  But they aren't:
    
    knfsd generates the 64-bit clientid by concatenating the 32-bit boot
    time (in seconds) and a counter.  This makes collisions between
    clientids generated by the same server extremely unlikely.  But
    collisions are very likely between clientids generated by servers that
    boot at the same time, and it's quite common for multiple servers to
    boot at the same time.  The verifier is a concatenation of the
    SETCLIENTID time (in seconds) and a counter, so again collisions between
    different servers are likely if multiple SETCLIENTIDs are done at the
    same time, which is a common case.
    
    Therefore recent NFSv4.0 clients may decide two different servers are
    really the same, and mount a filesystem from the wrong server.
    
    Fortunately the Linux client, since 55b9df93 "nfsv4/v4.1: Verify the
    client owner id during trunking detection", only does this when given
    the non-default "migration" mount option.
    
    The fault is really with RFC 7931, and needs a client fix, but in the
    meantime we can mitigate the chance of these collisions by randomizing
    the starting value of the counters used to generate clientids and
    verifiers.
    Reported-by: default avatarFrank Sorenson <fsorenso@redhat.com>
    Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    ebd7c72c
nfsctl.c 32.8 KB