lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <E0771535-05EF-4EAE-9BFF-E070C4D32F3C@oracle.com>
Date:   Fri, 28 Apr 2023 13:29:49 +0000
From:   Chuck Lever III <chuck.lever@...cle.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
CC:     Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jeff Layton <jlayton@...nel.org>
Subject: [GIT PULL] nfsd changes for v6.4

Good day -

Thanks go to this release's contributors and reviewers, and
especially to the netdev maintainers for helping to get the
RPC-with-TLS support prepared for merge.


The following changes since commit 9b78d919632b7149d311aaad5a977e4b48b10321:

  net: phy: hide the PHYLIB_LEDS knob (2023-04-26 11:54:50 +0200)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git tags/nfsd-6.4

for you to fetch changes up to 9280c577431401544e63dfb489a830a42bee25eb:

  NFSD: Handle new xprtsec= export option (2023-04-27 18:49:24 -0400)

----------------------------------------------------------------
NFSD 6.4 Release Notes

The big ticket item for this release is support for RPC-with-TLS
[RFC 9289] has been added to the Linux NFS server. The goal is to
provide a simple-to-deploy, low-overhead in-transit confidentiality
and peer authentication mechanism. It can supplement NFS Kerberos
and it can protect the use of legacy non-cryptographic user
authentication flavors such as AUTH_SYS. The TLS Record protocol is
handled entirely by kTLS, meaning it can use either software
encryption or offload encryption to smart NICs.

Work continues on improving NFSD's open file cache. Among the many
clean-ups in that area is a patch to convert the rhashtable to use
the list-hashing version of that data structure.

----------------------------------------------------------------
Chuck Lever (12):
      NFSD: Convert filecache to rhltable
      NFSD: Watch for rq_pages bounds checking errors in nfsd_splice_actor()
      SUNRPC: Ensure server-side sockets have a sock->file
      SUNRPC: Ignore return value of ->xpo_sendto
      SUNRPC: Relocate svc_free_res_pages()
      SUNRPC: Convert svc_xprt_release() to the release_pages() API
      SUNRPC: Be even lazier about releasing pages
      SUNRPC: Recognize control messages in server-side TCP socket code
      SUNRPC: Clear rq_xid when receiving a new RPC Call
      NFSD: Clean up xattr memory allocation flags
      SUNRPC: Support TLS handshake in the server-side TCP socket code
      NFSD: Handle new xprtsec= export option

Dai Ngo (1):
      NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop

Jeff Layton (16):
      nfsd: don't open-code clear_and_wake_up_bit
      nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
      nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
      nfsd: don't kill nfsd_files because of lease break error
      nfsd: add some comments to nfsd_file_do_acquire
      nfsd: don't take/put an extra reference when putting a file
      nfsd: update comment over __nfsd_file_cache_purge
      nfsd: allow reaping files still under writeback
      lockd: purge resources held on behalf of nlm clients when shutting down
      lockd: remove 2 unused helper functions
      lockd: move struct nlm_wait to lockd.h
      lockd: fix races in client GRANTED_MSG wait logic
      lockd: server should unlock lock if client rejects the grant
      nfs: move nfs_fhandle_hash to common include file
      lockd: add some client-side tracepoints
      nfsd: simplify the delayed disposal list code

Luis Chamberlain (1):
      sunrpc: simplify two-level sysctl registration for svcrdma_parm_table

NeilBrown (1):
      SUNRPC: return proper error from get_expiry()

 fs/lockd/Makefile                 |   6 +-
 fs/lockd/clntlock.c               |  58 ++++++--------
 fs/lockd/clntproc.c               |  42 +++++++---
 fs/lockd/host.c                   |   1 +
 fs/lockd/svclock.c                |  21 ++++-
 fs/lockd/trace.c                  |   3 +
 fs/lockd/trace.h                  | 106 +++++++++++++++++++++++++
 fs/nfs/export.c                   |   9 ++-
 fs/nfs/internal.h                 |  15 ----
 fs/nfsd/export.c                  |  64 +++++++++++++---
 fs/nfsd/export.h                  |   1 +
 fs/nfsd/filecache.c               | 430 ++++++++++++++++++++++++++++++++++++++++++++----------------------------------------------------------
 fs/nfsd/filecache.h               |   9 ++-
 fs/nfsd/nfs4idmap.c               |   8 +-
 fs/nfsd/vfs.c                     |  13 ++--
 include/linux/exportfs.h          |   1 +
 include/linux/lockd/lockd.h       |  29 +++----
 include/linux/nfs.h               |  20 +++++
 include/linux/sunrpc/cache.h      |  15 ++--
 include/linux/sunrpc/svc.h        |  16 +---
 include/linux/sunrpc/svc_xprt.h   |   5 +-
 include/linux/sunrpc/svcsock.h    |   4 +-
 include/net/tls.h                 |   2 +
 include/trace/events/sunrpc.h     |  41 +++++++++-
 include/uapi/linux/nfsd/export.h  |  13 ++++
 net/sunrpc/auth_gss/svcauth_gss.c |  12 +--
 net/sunrpc/svc.c                  |  49 ++++++++++--
 net/sunrpc/svc_xprt.c             |  33 ++++----
 net/sunrpc/svcauth_unix.c         |  23 ++++--
 net/sunrpc/svcsock.c              | 174 ++++++++++++++++++++++++++++++++++++++---
 net/sunrpc/xprtrdma/svc_rdma.c    |  21 +----
 31 files changed, 802 insertions(+), 442 deletions(-)
 create mode 100644 fs/lockd/trace.c
 create mode 100644 fs/lockd/trace.h

--
Chuck Lever


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ