[NFS-Ganesha-Devel] Re: Depleting fds security issue
On Thu, Dec 6, 2018 at 1:41 AM William Allen Simpson <
william.allen.simpson(a)gmail.com> wrote:
In any case, this particular denial of service attack should be easy to
fix by
adding SVC_DESTROY to the Ganesha umount code path(s).
Should I do SVC_DESTROY or SVC_RELEASE in unmount?
Also I am not sure if we will hit this issue if client mount and reboot
without unmount.
I will test that, will unmount fix work in that case?
However, because it seems
rather unlikely this could happen in production, it's not currently a high
priority.
Do you have a production environment or customer report where this
occurred?
No its not customer issue, I faced it after taking extra ref fix
https://github.com/nfs-ganesha/ntirpc/pull/155.
But as I mentioned earlier if it happens in client reboot case also then
its likely to happen in production if there is client which is crashing and
coming up. I will check it.
Would you like help writing the Ganesha patch?
I would surely like to help with the fix.
Are you with Nutanix? Or IBM?
I am with Nutanix.
-Gaurav
Attachments:
- attachment.html (text/html — 2.5 KB)