| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Apr 2013 14:57:12 -0400 From: "J. Bruce Fields" <bfields@...ldses.org> To: Chuck Lever <chuck.lever@...cle.com> Cc: Trond Myklebust <trond.myklebust@....uio.no>, Stephen Rothwell <sfr@...b.auug.org.au>, linux-next@...r.kernel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Simo Sorce <simo@...hat.com> Subject: Re: linux-next: build failure after merge of the nfsd tree On Mon, Apr 29, 2013 at 02:30:33PM -0400, Chuck Lever wrote: > > On Apr 29, 2013, at 1:59 PM, "J. Bruce Fields" <bfields@...ldses.org> > wrote: > > > On Mon, Apr 29, 2013 at 01:47:16PM -0400, Chuck Lever wrote: > >> > >> On Apr 29, 2013, at 1:38 PM, "J. Bruce Fields" > >> <bfields@...ldses.org> wrote: > >> > >>> On Mon, Apr 29, 2013 at 01:04:01PM -0400, Chuck Lever wrote: > >>>> Trond's nfs-for-next now has the new rpcauth_get_gssinfo() and > >>>> rpcauth_get_pseudoflavor() APIs, which are replacements for > >>>> direct calls into the GSS mech switch. These APIs are a little > >>>> more generic, and more robust in the face of unloaded GSS kernel > >>>> modules. > >>>> > >>>> Instead of gss_mech_get_by_OID(), I suspect you want > >>>> rpcauth_get_pseudoflavor(), but I haven't looked at the gssproxy > >>>> code. > >>> > >>> It's doing > >>> > >>> status = -EOPNOTSUPP; gm = > >>> gss_mech_get_by_OID(&ud->mech_oid); if (!gm) goto out; > >>> status = -EINVAL; status = > >>> gss_import_sec_context(ud->out_handle.data, > >>> ud->out_handle.len, gm, &rsci.mechctx, &expiry, > >>> GFP_KERNEL); if (status) goto out; > >>> > >>> So we need a way to get from an OID and some mechanism-specific > >>> data to a context. > >>> > >>> Looks to me like we just want to re-export gss_mech_get_by_OID(). > >> > >> The reason for the new wrappers is to load the kernel modules > >> properly before trying to discover the OID -> mechanism mapping. > >> > >> Where are you calling it from? If it's from outside of the GSS > >> module, how do you guarantee the rpc_gss_auth module is loaded? > >> What if the GSS mechanism for that OID isn't loaded? > > > > Sorry, I should have said just "remove static from", not > > "re-export"--it's in the same module. So there should be no problem > > here, right? > > OK, gotcha. Architecturally outside of the mech switch I'd like to > see OIDs passed around embedded in GSS tuples rather than by > themselves. I'm not sure what you mean. When I accept a gss context I don't yet know what service or qop it's going to be used with, I only know the mechanism OID. > An alternative would be to use gss_mech_get_by_name(), which is > already visible, loads GSS mechanism modules automatically, and > returns struct gss_api_mech *. For NFS, we should already have a > clean mapping of mechanism name to pseudoflavor to GSS tuple. Looks > like rsc_parse() already uses this API. We don't have a name here, only an OID. > Do you have gssproxy patches published in a git tree somewhere I could > review? It's in my for-3.10 branch. Which is more or less what I plan to submit for 3.10, so I'd prefer not to rebase it at this point. It looks like just removing "static" would resolve the immediate conflict, is that right? And then I'd happily help deal with cleaning up the API as followup work. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists