| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <CCF13E29-7B8B-47B3-A8D0-1A6E0E626BA6@canonical.com>
Date: Sat, 18 Jul 2020 01:56:09 +0800
From: Kai-Heng Feng <kai.heng.feng@...onical.com>
To: Chuck Lever <chuck.lever@...cle.com>
Cc: Pierre Sauter <pierre.sauter@...m.de>,
matthew.ruffell@...onical.com,
linux-stable <stable@...r.kernel.org>,
Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
"open list:NETWORKING DRIVERS" <netdev@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
linux-kernel-owner@...r.kernel.org
Subject: Re: [Regression] "SUNRPC: Add "@len" parameter to gss_unwrap()"
breaks NFS Kerberos on upstream stable 5.4.y
> On Jul 18, 2020, at 01:34, Chuck Lever <chuck.lever@...cle.com> wrote:
>
>
>
>> On Jul 17, 2020, at 1:29 PM, Pierre Sauter <pierre.sauter@...m.de> wrote:
>>
>> Hi Chuck,
>>
>> Am Donnerstag, 16. Juli 2020, 21:25:40 CEST schrieb Chuck Lever:
>>> So this makes me think there's a possibility you are not using upstream
>>> stable kernels. I can't help if I don't know what source code and commit
>>> stream you are using. It also makes me question the bisect result.
>>
>> Yes you are right, I was referring to Ubuntu kernels 5.4.0-XX. From the
>> discussion in the Ubuntu bugtracker I got the impression that Ubuntu kernels
>> 5.4.0-XX and upstream 5.4.XX are closely related, obviously they are not. The
>> bisection was done by the original bug reporter and also refers to the Ubuntu
>> kernel.
>>
>> In the meantime I tested v5.4.51 upstream, which shows no problems. Sorry for
>> the bother.
>
> Pierre, thanks for confirming!
>
> Kai-Heng suspected an upstream stable commit that is missing in 5.4.0-40,
> but I don't have any good suggestions.
Well, Ubuntu's 5.4 kernel is based on upstream stable v5.4, so I asked users to test stable v5.4.51, however the feedback was negative, and that's the reason why I raised the issue here.
Anyway, good to know that it's fixed in upstream stable, everything's good now!
Thanks for your effort Chuck.
Kai-Heng
>
>
>>>> My krb5 etype is aes256-cts-hmac-sha1-96.
>>>
>>> Thanks! And what is your NFS server and filesystem? It's possible that the
>>> client is not estimating the size of the reply correctly. Variables include
>>> the size of file handles, MIC verifiers, and wrap tokens.
>>
>> The server is Debian with v4.19.130 upstream, filesystem ext4.
>>
>>> You might try:
>>>
>>> e8d70b321ecc ("SUNRPC: Fix another issue with MIC buffer space")
>>
>> That one is actually in Ubuntus 5.4.0-40, from looking at the code.
>
> --
> Chuck Lever
Powered by blists - more mailing lists