[GIT PULL] nfsd changes for v6.3
From: Chuck Lever III
Date: Wed Feb 22 2023 - 10:27:17 EST
Hello Linus-
Two items to note before I make this pull request:
- There is one regression with exported tmpfs file systems due to
a change in the Linux v6.2 NFS client. The consensus is that to
address it, we will need to implement stable directory cookies
for tmpfs. A plan is maturing to take this project on.
- The reported issues with the NFSD filecache in v6.0 and v6.1 have
quieted... we believe NFSD in the latest 6.1.y kernels is now
stable; likewise for v6.2. In an abundance of caution, I've
limited changes to the NFSD filecache for v6.3 to only bug fixes
to see if broader testing reveals any more issues before we move
on with further enhancements in that area.
--- cut here ---
The following changes since commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c:
Linux 6.2 (2023-02-19 14:24:22 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git tags/nfsd-6.3
for you to fetch changes up to 4b471a8b847b82a3035709dcf87661915c340c8a:
NFSD: Clean up nfsd_symlink() (2023-02-20 09:20:59 -0500)
----------------------------------------------------------------
NFSD 6.3 Release Notes
Two significant security enhancements are part of this release:
* NFSD's RPC header encoding and decoding, including RPCSEC GSS
and gssproxy header parsing, has been overhauled to make it
more memory-safe.
* Support for Kerberos AES-SHA2-based encryption types has been
added for both the NFS client and server. This provides a clean
path for deprecating and removing insecure encryption types
based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so
that NFS with Kerberos may now be used on systems with fips
enabled.
In addition to these, NFSD is now able to handle crossing into an
auto-mounted mount point on an exported NFS mount. A number of
fixes have been made to NFSD's server-side copy implementation.
RPC metrics have been converted to per-CPU variables. This helps
reduce unnecessary cross-CPU and cross-node memory bus traffic,
and significantly reduces noise when KCSAN is enabled.
----------------------------------------------------------------
Benjamin Coddington (1):
nfsd: fix race to check ls_layouts
Chuck Lever (101):
SUNRPC: Push svcxdr_init_decode() into svc_process_common()
SUNRPC: Move svcxdr_init_decode() into ->accept methods
SUNRPC: Add an XDR decoding helper for struct opaque_auth
SUNRPC: Convert svcauth_null_accept() to use xdr_stream
SUNRPC: Convert svcauth_unix_accept() to use xdr_stream
SUNRPC: Convert svcauth_tls_accept() to use xdr_stream
SUNRPC: Move the server-side GSS upcall to a noinline function
SUNRPC: Hoist common verifier decoding code into svcauth_gss_proc_init()
SUNRPC: Remove gss_read_common_verf()
SUNRPC: Remove gss_read_verf()
SUNRPC: Convert server-side GSS upcall helpers to use xdr_stream
SUNRPC: Replace read_u32_from_xdr_buf() with existing XDR helper
SUNRPC: Rename automatic variables in unwrap_integ_data()
SUNRPC: Convert unwrap_integ_data() to use xdr_stream
SUNRPC: Rename automatic variables in unwrap_priv_data()
SUNRPC: Convert unwrap_priv_data() to use xdr_stream
SUNRPC: Convert gss_verify_header() to use xdr_stream
SUNRPC: Clean up svcauth_gss_accept's NULL procedure check
SUNRPC: Convert the svcauth_gss_accept() pre-amble to use xdr_stream
SUNRPC: Hoist init_decode out of svc_authenticate()
SUNRPC: Re-order construction of the first reply fields
SUNRPC: Eliminate unneeded variable
SUNRPC: Decode most of RPC header with xdr_stream
SUNRPC: Remove svc_process_common's argv parameter
SUNRPC: Hoist svcxdr_init_decode() into svc_process()
SUNRPC: Clean up svcauth_gss_release()
SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_integ()
SUNRPC: Record gss_get_mic() errors in svcauth_gss_wrap_integ()
SUNRPC: Replace checksum construction in svcauth_gss_wrap_integ()
SUNRPC: Convert svcauth_gss_wrap_integ() to use xdr_stream()
SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_priv()
SUNRPC: Record gss_wrap() errors in svcauth_gss_wrap_priv()
SUNRPC: Add @head and @tail variables in svcauth_gss_wrap_priv()
SUNRPC: Convert svcauth_gss_wrap_priv() to use xdr_stream()
SUNRPC: Check rq_auth_stat when preparing to wrap a response
SUNRPC: Remove the rpc_stat variable in svc_process_common()
SUNRPC: Add XDR encoding helper for opaque_auth
SUNRPC: Push svcxdr_init_encode() into svc_process_common()
SUNRPC: Move svcxdr_init_encode() into ->accept methods
SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_null_accept()
SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_unix_accept()
SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_tls_accept()
SUNRPC: Convert unwrap data paths to use xdr_stream for replies
SUNRPC: Use xdr_stream to encode replies in server-side GSS upcall helpers
SUNRPC: Use xdr_stream for encoding GSS reply verifiers
SUNRPC: Hoist init_encode out of svc_authenticate()
SUNRPC: Convert RPC Reply header encoding to use xdr_stream
SUNRPC: Final clean-up of svc_process_common()
SUNRPC: Remove no-longer-used helper functions
SUNRPC: Refactor RPC server dispatch method
SUNRPC: Set rq_accept_statp inside ->accept methods
SUNRPC: Go back to using gsd->body_start
SUNRPC: Use per-CPU counters to tally server RPC counts
SUNRPC: Replace pool stats with per-CPU variables
SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h
SUNRPC: Remove .blocksize field from struct gss_krb5_enctype
SUNRPC: Remove .conflen field from struct gss_krb5_enctype
SUNRPC: Improve Kerberos confounder generation
SUNRPC: Obscure Kerberos session key
SUNRPC: Refactor set-up for aux_cipher
SUNRPC: Obscure Kerberos encryption keys
SUNRPC: Obscure Kerberos signing keys
SUNRPC: Obscure Kerberos integrity keys
SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism
SUNRPC: Remove another switch on ctx->enctype
SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file
NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink
SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro
SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES
SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype
SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods
SUNRPC: Hoist KDF into struct gss_krb5_enctype
SUNRPC: Clean up cipher set up for v1 encryption types
SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher()
SUNRPC: Add new subkey length fields
SUNRPC: Refactor CBC with CTS into helpers
SUNRPC: Add gk5e definitions for RFC 8009 encryption types
SUNRPC: Add KDF-HMAC-SHA2
SUNRPC: Add RFC 8009 encryption and decryption functions
SUNRPC: Advertise support for RFC 8009 encryption types
SUNRPC: Support the Camellia enctypes
SUNRPC: Add KDF_FEEDBACK_CMAC
SUNRPC: Advertise support for the Camellia encryption types
SUNRPC: Move remaining internal definitions to gss_krb5_internal.h
SUNRPC: Add KUnit tests for rpcsec_krb5.ko
SUNRPC: Export get_gss_krb5_enctype()
SUNRPC: Add KUnit tests RFC 3961 Key Derivation
SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption
SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types
SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types
SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types
SUNRPC: Add KDF-HMAC-SHA2 Kunit tests
SUNRPC: Add RFC 8009 checksum KUnit tests
SUNRPC: Add RFC 8009 encryption KUnit tests
SUNRPC: Add encryption self-tests
SUNRPC: Fix whitespace damage in svcauth_unix.c
SUNRPC: Clean up the svc_xprt_flags() macro
SUNRPC: Remove ->xpo_secure_port()
SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes
NFSD: copy the whole verifier in nfsd_copy_write_verifier
NFSD: Clean up nfsd_symlink()
Dai Ngo (3):
NFSD: enhance inter-server copy cleanup
NFSD: fix leaked reference count of nfsd4_ssc_umount_item
NFSD: fix problems with cleanup on errors in nfsd4_copy
Jeff Layton (13):
nfsd: allow nfsd_file_get to sanely handle a NULL pointer
nfsd: fix potential race in nfs4_find_file
nfsd: move reply cache initialization into nfsd startup
nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS
nfsd: eliminate find_deleg_file_locked
nfsd: add some kerneldoc comments for stateid preprocessing functions
nfsd: eliminate __nfs4_get_fd
nfsd: zero out pointers after putting nfsd_files on COPY setup error
nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
nfsd: remove fs/nfsd/fault_inject.c
nfsd: don't hand out delegation on setuid files being opened for write
nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
nfsd: don't fsync nfsd_files on last close
Richard Weinberger (3):
NFSD: Teach nfsd_mountpoint() auto mounts
fs: namei: Allow follow_down() to uncover auto mounts
NFS: nfs_encode_fh: Remove S_AUTOMOUNT check
fs/lockd/svc.c | 21 ++-
fs/namei.c | 6 +-
fs/nfs/callback_xdr.c | 13 +-
fs/nfs/export.c | 2 +-
fs/nfsd/fault_inject.c | 142 ----------------
fs/nfsd/filecache.c | 49 ++----
fs/nfsd/nfs2acl.c | 5 +-
fs/nfsd/nfs3acl.c | 5 +-
fs/nfsd/nfs3proc.c | 5 +-
fs/nfsd/nfs4layouts.c | 4 +-
fs/nfsd/nfs4proc.c | 206 +++++++++++------------
fs/nfsd/nfs4state.c | 130 ++++++++------
fs/nfsd/nfscache.c | 4 +-
fs/nfsd/nfsctl.c | 77 ++++++---
fs/nfsd/nfsd.h | 2 +-
fs/nfsd/nfsproc.c | 6 +-
fs/nfsd/nfssvc.c | 23 +--
fs/nfsd/state.h | 2 -
fs/nfsd/trace.h | 31 ----
fs/nfsd/vfs.c | 8 +-
fs/nfsd/xdr4.h | 2 +-
include/linux/lockd/lockd.h | 4 +-
include/linux/namei.h | 2 +-
include/linux/nfs_ssc.h | 2 +-
include/linux/sunrpc/gss_krb5.h | 196 +++-------------------
include/linux/sunrpc/gss_krb5_enctypes.h | 41 -----
include/linux/sunrpc/msg_prot.h | 5 +
include/linux/sunrpc/svc.h | 133 ++++++---------
include/linux/sunrpc/svc_xprt.h | 1 -
include/linux/sunrpc/xdr.h | 28 +++-
include/trace/events/rpcgss.h | 22 +++
include/trace/events/sunrpc.h | 28 ++--
net/sunrpc/.kunitconfig | 30 ++++
net/sunrpc/Kconfig | 102 +++++++++--
net/sunrpc/auth_gss/Makefile | 2 +
net/sunrpc/auth_gss/auth_gss.c | 17 ++
net/sunrpc/auth_gss/gss_krb5_crypto.c | 662 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------
net/sunrpc/auth_gss/gss_krb5_internal.h | 232 +++++++++++++++++++++++++
net/sunrpc/auth_gss/gss_krb5_keys.c | 418 +++++++++++++++++++++++++++++++++++++++------
net/sunrpc/auth_gss/gss_krb5_mech.c | 730 +++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------
net/sunrpc/auth_gss/gss_krb5_seal.c | 122 ++++++--------
net/sunrpc/auth_gss/gss_krb5_seqnum.c | 2 +
net/sunrpc/auth_gss/gss_krb5_test.c | 2040 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
net/sunrpc/auth_gss/gss_krb5_unseal.c | 63 +++----
net/sunrpc/auth_gss/gss_krb5_wrap.c | 124 +++-----------
net/sunrpc/auth_gss/svcauth_gss.c | 1099 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------
net/sunrpc/netns.h | 1 +
net/sunrpc/stats.c | 11 +-
net/sunrpc/svc.c | 158 ++++++++---------
net/sunrpc/svc_xprt.c | 20 +--
net/sunrpc/svcauth.c | 13 +-
net/sunrpc/svcauth_unix.c | 178 ++++++++++++++------
net/sunrpc/svcsock.c | 4 +-
net/sunrpc/xdr.c | 79 ++++++++-
net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 1 +
net/sunrpc/xprtrdma/svc_rdma_transport.c | 7 -
56 files changed, 5234 insertions(+), 2086 deletions(-)
delete mode 100644 fs/nfsd/fault_inject.c
delete mode 100644 include/linux/sunrpc/gss_krb5_enctypes.h
create mode 100644 net/sunrpc/.kunitconfig
create mode 100644 net/sunrpc/auth_gss/gss_krb5_internal.h
create mode 100644 net/sunrpc/auth_gss/gss_krb5_test.c
--
Chuck Lever