lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C34C632C-9163-4825-9E09-9845B0B7DFEE@oracle.com>
Date:   Wed, 22 Feb 2023 15:26:53 +0000
From:   Chuck Lever III <chuck.lever@...cle.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
CC:     Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jeff Layton <jlayton@...nel.org>
Subject: [GIT PULL] nfsd changes for v6.3

Hello Linus-

Two items to note before I make this pull request:

- There is one regression with exported tmpfs file systems due to
  a change in the Linux v6.2 NFS client. The consensus is that to
  address it, we will need to implement stable directory cookies
  for tmpfs. A plan is maturing to take this project on.

- The reported issues with the NFSD filecache in v6.0 and v6.1 have
  quieted... we believe NFSD in the latest 6.1.y kernels is now
  stable; likewise for v6.2. In an abundance of caution, I've
  limited changes to the NFSD filecache for v6.3 to only bug fixes
  to see if broader testing reveals any more issues before we move
  on with further enhancements in that area.

--- cut here ---

The following changes since commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c:

  Linux 6.2 (2023-02-19 14:24:22 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git tags/nfsd-6.3

for you to fetch changes up to 4b471a8b847b82a3035709dcf87661915c340c8a:

  NFSD: Clean up nfsd_symlink() (2023-02-20 09:20:59 -0500)

----------------------------------------------------------------
NFSD 6.3 Release Notes

Two significant security enhancements are part of this release:

* NFSD's RPC header encoding and decoding, including RPCSEC GSS
  and gssproxy header parsing, has been overhauled to make it
  more memory-safe.

* Support for Kerberos AES-SHA2-based encryption types has been
  added for both the NFS client and server. This provides a clean
  path for deprecating and removing insecure encryption types
  based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so
  that NFS with Kerberos may now be used on systems with fips
  enabled.

In addition to these, NFSD is now able to handle crossing into an
auto-mounted mount point on an exported NFS mount. A number of
fixes have been made to NFSD's server-side copy implementation.

RPC metrics have been converted to per-CPU variables. This helps
reduce unnecessary cross-CPU and cross-node memory bus traffic,
and significantly reduces noise when KCSAN is enabled.

----------------------------------------------------------------
Benjamin Coddington (1):
      nfsd: fix race to check ls_layouts

Chuck Lever (101):
      SUNRPC: Push svcxdr_init_decode() into svc_process_common()
      SUNRPC: Move svcxdr_init_decode() into ->accept methods
      SUNRPC: Add an XDR decoding helper for struct opaque_auth
      SUNRPC: Convert svcauth_null_accept() to use xdr_stream
      SUNRPC: Convert svcauth_unix_accept() to use xdr_stream
      SUNRPC: Convert svcauth_tls_accept() to use xdr_stream
      SUNRPC: Move the server-side GSS upcall to a noinline function
      SUNRPC: Hoist common verifier decoding code into svcauth_gss_proc_init()
      SUNRPC: Remove gss_read_common_verf()
      SUNRPC: Remove gss_read_verf()
      SUNRPC: Convert server-side GSS upcall helpers to use xdr_stream
      SUNRPC: Replace read_u32_from_xdr_buf() with existing XDR helper
      SUNRPC: Rename automatic variables in unwrap_integ_data()
      SUNRPC: Convert unwrap_integ_data() to use xdr_stream
      SUNRPC: Rename automatic variables in unwrap_priv_data()
      SUNRPC: Convert unwrap_priv_data() to use xdr_stream
      SUNRPC: Convert gss_verify_header() to use xdr_stream
      SUNRPC: Clean up svcauth_gss_accept's NULL procedure check
      SUNRPC: Convert the svcauth_gss_accept() pre-amble to use xdr_stream
      SUNRPC: Hoist init_decode out of svc_authenticate()
      SUNRPC: Re-order construction of the first reply fields
      SUNRPC: Eliminate unneeded variable
      SUNRPC: Decode most of RPC header with xdr_stream
      SUNRPC: Remove svc_process_common's argv parameter
      SUNRPC: Hoist svcxdr_init_decode() into svc_process()
      SUNRPC: Clean up svcauth_gss_release()
      SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_integ()
      SUNRPC: Record gss_get_mic() errors in svcauth_gss_wrap_integ()
      SUNRPC: Replace checksum construction in svcauth_gss_wrap_integ()
      SUNRPC: Convert svcauth_gss_wrap_integ() to use xdr_stream()
      SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_priv()
      SUNRPC: Record gss_wrap() errors in svcauth_gss_wrap_priv()
      SUNRPC: Add @head and @tail variables in svcauth_gss_wrap_priv()
      SUNRPC: Convert svcauth_gss_wrap_priv() to use xdr_stream()
      SUNRPC: Check rq_auth_stat when preparing to wrap a response
      SUNRPC: Remove the rpc_stat variable in svc_process_common()
      SUNRPC: Add XDR encoding helper for opaque_auth
      SUNRPC: Push svcxdr_init_encode() into svc_process_common()
      SUNRPC: Move svcxdr_init_encode() into ->accept methods
      SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_null_accept()
      SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_unix_accept()
      SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_tls_accept()
      SUNRPC: Convert unwrap data paths to use xdr_stream for replies
      SUNRPC: Use xdr_stream to encode replies in server-side GSS upcall helpers
      SUNRPC: Use xdr_stream for encoding GSS reply verifiers
      SUNRPC: Hoist init_encode out of svc_authenticate()
      SUNRPC: Convert RPC Reply header encoding to use xdr_stream
      SUNRPC: Final clean-up of svc_process_common()
      SUNRPC: Remove no-longer-used helper functions
      SUNRPC: Refactor RPC server dispatch method
      SUNRPC: Set rq_accept_statp inside ->accept methods
      SUNRPC: Go back to using gsd->body_start
      SUNRPC: Use per-CPU counters to tally server RPC counts
      SUNRPC: Replace pool stats with per-CPU variables
      SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h
      SUNRPC: Remove .blocksize field from struct gss_krb5_enctype
      SUNRPC: Remove .conflen field from struct gss_krb5_enctype
      SUNRPC: Improve Kerberos confounder generation
      SUNRPC: Obscure Kerberos session key
      SUNRPC: Refactor set-up for aux_cipher
      SUNRPC: Obscure Kerberos encryption keys
      SUNRPC: Obscure Kerberos signing keys
      SUNRPC: Obscure Kerberos integrity keys
      SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism
      SUNRPC: Remove another switch on ctx->enctype
      SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file
      NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink
      SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro
      SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES
      SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype
      SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods
      SUNRPC: Hoist KDF into struct gss_krb5_enctype
      SUNRPC: Clean up cipher set up for v1 encryption types
      SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher()
      SUNRPC: Add new subkey length fields
      SUNRPC: Refactor CBC with CTS into helpers
      SUNRPC: Add gk5e definitions for RFC 8009 encryption types
      SUNRPC: Add KDF-HMAC-SHA2
      SUNRPC: Add RFC 8009 encryption and decryption functions
      SUNRPC: Advertise support for RFC 8009 encryption types
      SUNRPC: Support the Camellia enctypes
      SUNRPC: Add KDF_FEEDBACK_CMAC
      SUNRPC: Advertise support for the Camellia encryption types
      SUNRPC: Move remaining internal definitions to gss_krb5_internal.h
      SUNRPC: Add KUnit tests for rpcsec_krb5.ko
      SUNRPC: Export get_gss_krb5_enctype()
      SUNRPC: Add KUnit tests RFC 3961 Key Derivation
      SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption
      SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types
      SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types
      SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types
      SUNRPC: Add KDF-HMAC-SHA2 Kunit tests
      SUNRPC: Add RFC 8009 checksum KUnit tests
      SUNRPC: Add RFC 8009 encryption KUnit tests
      SUNRPC: Add encryption self-tests
      SUNRPC: Fix whitespace damage in svcauth_unix.c
      SUNRPC: Clean up the svc_xprt_flags() macro
      SUNRPC: Remove ->xpo_secure_port()
      SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes
      NFSD: copy the whole verifier in nfsd_copy_write_verifier
      NFSD: Clean up nfsd_symlink()

Dai Ngo (3):
      NFSD: enhance inter-server copy cleanup
      NFSD: fix leaked reference count of nfsd4_ssc_umount_item
      NFSD: fix problems with cleanup on errors in nfsd4_copy

Jeff Layton (13):
      nfsd: allow nfsd_file_get to sanely handle a NULL pointer
      nfsd: fix potential race in nfs4_find_file
      nfsd: move reply cache initialization into nfsd startup
      nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS
      nfsd: eliminate find_deleg_file_locked
      nfsd: add some kerneldoc comments for stateid preprocessing functions
      nfsd: eliminate __nfs4_get_fd
      nfsd: zero out pointers after putting nfsd_files on COPY setup error
      nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
      nfsd: remove fs/nfsd/fault_inject.c
      nfsd: don't hand out delegation on setuid files being opened for write
      nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
      nfsd: don't fsync nfsd_files on last close

Richard Weinberger (3):
      NFSD: Teach nfsd_mountpoint() auto mounts
      fs: namei: Allow follow_down() to uncover auto mounts
      NFS: nfs_encode_fh: Remove S_AUTOMOUNT check

 fs/lockd/svc.c                           |   21 ++-
 fs/namei.c                               |    6 +-
 fs/nfs/callback_xdr.c                    |   13 +-
 fs/nfs/export.c                          |    2 +-
 fs/nfsd/fault_inject.c                   |  142 ----------------
 fs/nfsd/filecache.c                      |   49 ++----
 fs/nfsd/nfs2acl.c                        |    5 +-
 fs/nfsd/nfs3acl.c                        |    5 +-
 fs/nfsd/nfs3proc.c                       |    5 +-
 fs/nfsd/nfs4layouts.c                    |    4 +-
 fs/nfsd/nfs4proc.c                       |  206 +++++++++++------------
 fs/nfsd/nfs4state.c                      |  130 ++++++++------
 fs/nfsd/nfscache.c                       |    4 +-
 fs/nfsd/nfsctl.c                         |   77 ++++++---
 fs/nfsd/nfsd.h                           |    2 +-
 fs/nfsd/nfsproc.c                        |    6 +-
 fs/nfsd/nfssvc.c                         |   23 +--
 fs/nfsd/state.h                          |    2 -
 fs/nfsd/trace.h                          |   31 ----
 fs/nfsd/vfs.c                            |    8 +-
 fs/nfsd/xdr4.h                           |    2 +-
 include/linux/lockd/lockd.h              |    4 +-
 include/linux/namei.h                    |    2 +-
 include/linux/nfs_ssc.h                  |    2 +-
 include/linux/sunrpc/gss_krb5.h          |  196 +++-------------------
 include/linux/sunrpc/gss_krb5_enctypes.h |   41 -----
 include/linux/sunrpc/msg_prot.h          |    5 +
 include/linux/sunrpc/svc.h               |  133 ++++++---------
 include/linux/sunrpc/svc_xprt.h          |    1 -
 include/linux/sunrpc/xdr.h               |   28 +++-
 include/trace/events/rpcgss.h            |   22 +++
 include/trace/events/sunrpc.h            |   28 ++--
 net/sunrpc/.kunitconfig                  |   30 ++++
 net/sunrpc/Kconfig                       |  102 +++++++++--
 net/sunrpc/auth_gss/Makefile             |    2 +
 net/sunrpc/auth_gss/auth_gss.c           |   17 ++
 net/sunrpc/auth_gss/gss_krb5_crypto.c    |  662 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------
 net/sunrpc/auth_gss/gss_krb5_internal.h  |  232 +++++++++++++++++++++++++
 net/sunrpc/auth_gss/gss_krb5_keys.c      |  418 +++++++++++++++++++++++++++++++++++++++------
 net/sunrpc/auth_gss/gss_krb5_mech.c      |  730 +++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------
 net/sunrpc/auth_gss/gss_krb5_seal.c      |  122 ++++++--------
 net/sunrpc/auth_gss/gss_krb5_seqnum.c    |    2 +
 net/sunrpc/auth_gss/gss_krb5_test.c      | 2040 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 net/sunrpc/auth_gss/gss_krb5_unseal.c    |   63 +++----
 net/sunrpc/auth_gss/gss_krb5_wrap.c      |  124 +++-----------
 net/sunrpc/auth_gss/svcauth_gss.c        | 1099 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------
 net/sunrpc/netns.h                       |    1 +
 net/sunrpc/stats.c                       |   11 +-
 net/sunrpc/svc.c                         |  158 ++++++++---------
 net/sunrpc/svc_xprt.c                    |   20 +--
 net/sunrpc/svcauth.c                     |   13 +-
 net/sunrpc/svcauth_unix.c                |  178 ++++++++++++++------
 net/sunrpc/svcsock.c                     |    4 +-
 net/sunrpc/xdr.c                         |   79 ++++++++-
 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c  |    1 +
 net/sunrpc/xprtrdma/svc_rdma_transport.c |    7 -
 56 files changed, 5234 insertions(+), 2086 deletions(-)
 delete mode 100644 fs/nfsd/fault_inject.c
 delete mode 100644 include/linux/sunrpc/gss_krb5_enctypes.h
 create mode 100644 net/sunrpc/.kunitconfig
 create mode 100644 net/sunrpc/auth_gss/gss_krb5_internal.h
 create mode 100644 net/sunrpc/auth_gss/gss_krb5_test.c

--
Chuck Lever



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ