To do

From Linux NFS

(Difference between revisions)
Jump to: navigation, search
(idmapd bugs)
(warning on inconsistent use of fsid= export options.)
Line 17: Line 17:
* [[printk cleanup]]: make sure the information that goes to the logs is the information we need.
* [[printk cleanup]]: make sure the information that goes to the logs is the information we need.
* [[warn about unsafe exports]]: exporting a subdirectory of a filesystem generally also makes the rest of the filesystem available (all someone need do is guess the root filehandle, which is usually very easy).  It's not clear that users realize this.  Add code to exportfs to warn about suspicious-looking cases.
* [[warn about unsafe exports]]: exporting a subdirectory of a filesystem generally also makes the rest of the filesystem available (all someone need do is guess the root filehandle, which is usually very easy).  It's not clear that users realize this.  Add code to exportfs to warn about suspicious-looking cases.
 +
* warn about inconsistent fsid= options: specifying fsid=x for multiple different filesystems (and the same x) is another obvious sign that something's wrong with the exports file.  Warn on that too.  (And there are probably some obvious related warnings we could add.)
* [[warn about inconsistent security requirements]]: If you export a subdirectory with more security flavors than the parent, you may confuse clients.  Warn about these cases in exportfs?
* [[warn about inconsistent security requirements]]: If you export a subdirectory with more security flavors than the parent, you may confuse clients.  Warn about these cases in exportfs?

Revision as of 22:52, 7 February 2008

Some specific projects; follow links for more details on design requirements and implementation plans. If you intend to work on any of these, please keep in close contact with other developers, using nfsv4@linux-nfs.org.

Projects that are easier or more self-contained:

  • kernel nfsd header cleanup: stuff probably only really needs to be in include/linux if it describes some userspace interface or it's included from a bunch of other places in the kernel. Otherwise, move it to fs/nfsd, fix up any includes of it (and remember to fix up "include/linux/nfsd/kbuild.h" if necessary).
  • idmapd/gssd warn on absence of dnotify: idmapd and gssd both depend on dnotify to find out about changes in rpc_pipefs. Therefore, both fail on a kernel compiled without CONFIG_DNOTIFY. It is not at all obvious from the failure, however, what the problem is. Patch nfs-utils to report a helpful error in this case.
  • old kernels sometimes sent large uid's in server idmap upcalls as negative numbers. The server has been fixed not to do that. But probably it should have handled them (by converting to unsigned u32?). Also reports has it that idmapd would cease accepting any upcalls after that failure; investigate the cause of that.
  • fix nfsd verify operation: nfsd's "verify" and "nverify" operations need to be rewritten to make them reliable.
  • nfs-utils auditing: start by eliminating compile warnings. Then crank up the compile warnings and eliminate the rest. Look into additional static checking. Read the code with special attention to how data from the network is handled.
  • error reporting: It's easier for people to set up nfsv4 and krb5 if we give people informative error messages when something is wrong.
  • nfs-utils unit tests: Implement a unit test infrastructure in the nfs-utils tree.
  • nfs-utils internationalization: Add full support for double-wide character sets, and use message catalogs everywhere. Find translators for the catalogs.
  • client ACL tools: The client ACL utilities need some work
  • wireshark improvements: Wireshark (previously known as ethereal) is useful for debugging NFSv4 problems. But it could be more useful. (Actively being worked on.)
  • krb5-protected v2/v3: most of this is done now. There remains some relatively simple work to do in nfs-utils to properly report supported security flavors in mountd's responses to mount requests. Also, complete implementation of rfc2623 requires some (slightly more involved) kernel work.
  • remove gss code from libnfsidmap: we're doing gss principal-to-uid-mapping in libnfsidmap. This introduces a problematic dependancy of libnfsidmap on gss. We should just move that mapping code to svcgssd, which is the only place it's needed.
  • printk cleanup: make sure the information that goes to the logs is the information we need.
  • warn about unsafe exports: exporting a subdirectory of a filesystem generally also makes the rest of the filesystem available (all someone need do is guess the root filehandle, which is usually very easy). It's not clear that users realize this. Add code to exportfs to warn about suspicious-looking cases.
  • warn about inconsistent fsid= options: specifying fsid=x for multiple different filesystems (and the same x) is another obvious sign that something's wrong with the exports file. Warn on that too. (And there are probably some obvious related warnings we could add.)
  • warn about inconsistent security requirements: If you export a subdirectory with more security flavors than the parent, you may confuse clients. Warn about these cases in exportfs?

More open-ended projects, that will require close collaboration with other developers, and possibly multiple attempts:

  • newpynfs bug-chasing: Run latest newpynfs tests, diagnose and fix bugs. Some of this is easy, some is hard, requires knowing what to pay attention to. (E.g.: for now we don't plan to fix utf8 bugs, so ignore those.)
  • pseudofilesystem improvements: The NFSv4 server currently patches together export paths in a way that is inconsistent with NFSv2 and NFSv3 and causes severe problems for automount users.
  • gss callbacks: We currently don't support rpcsec_gss security on the callback channel, which means that if you mount with krb5 then you don't get the benefit of delegations. (Actively being worked on.)

See also (priority lists somewhat out of date):

Personal tools