lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130429185712.GP17268@fieldses.org>
Date:	Mon, 29 Apr 2013 14:57:12 -0400
From:	"J. Bruce Fields" <bfields@...ldses.org>
To:	Chuck Lever <chuck.lever@...cle.com>
Cc:	Trond Myklebust <trond.myklebust@....uio.no>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	linux-next@...r.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Simo Sorce <simo@...hat.com>
Subject: Re: linux-next: build failure after merge of the nfsd tree

On Mon, Apr 29, 2013 at 02:30:33PM -0400, Chuck Lever wrote:
> 
> On Apr 29, 2013, at 1:59 PM, "J. Bruce Fields" <bfields@...ldses.org>
> wrote:
> 
> > On Mon, Apr 29, 2013 at 01:47:16PM -0400, Chuck Lever wrote:
> >> 
> >> On Apr 29, 2013, at 1:38 PM, "J. Bruce Fields"
> >> <bfields@...ldses.org> wrote:
> >> 
> >>> On Mon, Apr 29, 2013 at 01:04:01PM -0400, Chuck Lever wrote:
> >>>> Trond's nfs-for-next now has the new rpcauth_get_gssinfo() and
> >>>> rpcauth_get_pseudoflavor() APIs, which are replacements for
> >>>> direct calls into the GSS mech switch.  These APIs are a little
> >>>> more generic, and more robust in the face of unloaded GSS kernel
> >>>> modules.
> >>>> 
> >>>> Instead of gss_mech_get_by_OID(), I suspect you want
> >>>> rpcauth_get_pseudoflavor(), but I haven't looked at the gssproxy
> >>>> code.
> >>> 
> >>> It's doing
> >>> 
> >>> 		status = -EOPNOTSUPP; gm =
> >>> 		gss_mech_get_by_OID(&ud->mech_oid); if (!gm) goto out;
> >>> 		status = -EINVAL; status =
> >>> 		gss_import_sec_context(ud->out_handle.data,
> >>> 		ud->out_handle.len, gm, &rsci.mechctx, &expiry,
> >>> 		GFP_KERNEL); if (status) goto out;
> >>> 
> >>> So we need a way to get from an OID and some mechanism-specific
> >>> data to a context.
> >>> 
> >>> Looks to me like we just want to re-export gss_mech_get_by_OID().
> >> 
> >> The reason for the new wrappers is to load the kernel modules
> >> properly before trying to discover the OID -> mechanism mapping.
> >> 
> >> Where are you calling it from?  If it's from outside of the GSS
> >> module, how do you guarantee the rpc_gss_auth module is loaded?
> >> What if the GSS mechanism for that OID isn't loaded?
> > 
> > Sorry, I should have said just "remove static from", not
> > "re-export"--it's in the same module.  So there should be no problem
> > here, right?
> 
> OK, gotcha.  Architecturally outside of the mech switch I'd like to
> see OIDs passed around embedded in GSS tuples rather than by
> themselves.

I'm not sure what you mean.  When I accept a gss context I don't yet
know what service or qop it's going to be used with, I only know the
mechanism OID.

> An alternative would be to use gss_mech_get_by_name(), which is
> already visible, loads GSS mechanism modules automatically, and
> returns struct gss_api_mech *.  For NFS, we should already have a
> clean mapping of mechanism name to pseudoflavor to GSS tuple.  Looks
> like rsc_parse() already uses this API.

We don't have a name here, only an OID.

> Do you have gssproxy patches published in a git tree somewhere I could
> review?

It's in my for-3.10 branch.

Which is more or less what I plan to submit for 3.10, so I'd prefer not
to rebase it at this point.

It looks like just removing "static" would resolve the immediate
conflict, is that right?  And then I'd happily help deal with cleaning
up the API as followup work.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ