Re: Packet signing and sequence numbers

Re: Packet signing and sequence numbers

[Jeff Layton]

On Wed, 27 Mar 2013 17:39:30 -0400
Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

> I notice the patch in this message
> 
> http://thread.gmane.org/gmane.linux.kernel.cifs/7655/focus=7671
> 
> Never made it into Linus's tree. It's also not in Debian or RedHat's
> kernels. I'm running into this on CentOS.
> 
> Has there been any activity on this issue since December?
> 
> Incidentally, I filed a bug report on bugs.redhat.com relating to what
> I'm hitting:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=928516
> 

If you have a support contract with Red Hat, then it would be best to
open a support case, which will help make the case for its inclusion
into the RHEL kernel.

> I'm looking for a good reason to (or to not) apply the patches to the
> current RH kernel on my systems; I rather need it for my current project.
> 
> (I'd respond via the linux-cifs list, but Thunderbird is being a PITA
> and preventing me from subscribing to it via gmane's NNTP, through which
> I'd be able to reply to the thread directly...)
>

You're correct that it never made it in. I think the patch makes
sense...Steve, was there some reason you didn't merge it?

In the meantime, if you're able to test the patch and reply on-list
with the results then that would be helpful.

Thanks,
-- 
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

Re: Packet signing and sequence numbers

[Steve French]

On Wed, Mar 27, 2013 at 8:11 PM, Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>
> On Wed, 27 Mar 2013 17:39:30 -0400
> Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > I notice the patch in this message
> >
> > http://thread.gmane.org/gmane.linux.kernel.cifs/7655/focus=7671
> >
> > Never made it into Linus's tree. It's also not in Debian or RedHat's
> > kernels. I'm running into this on CentOS.
> >
> > Has there been any activity on this issue since December?
> >
> > Incidentally, I filed a bug report on bugs.redhat.com relating to what
> > I'm hitting:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=928516
> >
>
> If you have a support contract with Red Hat, then it would be best to
> open a support case, which will help make the case for its inclusion
> into the RHEL kernel.
>
> > I'm looking for a good reason to (or to not) apply the patches to the
> > current RH kernel on my systems; I rather need it for my current project.
> >
> > (I'd respond via the linux-cifs list, but Thunderbird is being a PITA
> > and preventing me from subscribing to it via gmane's NNTP, through which
> > I'd be able to reply to the thread directly...)
> >
>
> You're correct that it never made it in. I think the patch makes
> sense...Steve, was there some reason you didn't merge it?
>
> In the meantime, if you're able to test the patch and reply on-list
> with the results then that would be helpful.
>
> Thanks,
> --
> Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>



I don't remember getting any other test feedback on it - do we have
some additional tested-by to add (or anyone else review it).  I didn't
personally try it (I was traveling during the holiday break when it
was discussed) and I didn't see it in Jeff's tree so I assumed that he
found a problem with it.

Does it fix your situation?


--
Thanks,

Steve

Re: Packet signing and sequence numbers

[Michael Mol]

[-- Attachment #1: Type: text/plain, Size: 2892 bytes --]

On 03/27/2013 10:15 PM, Steve French wrote:
> On Wed, Mar 27, 2013 at 8:11 PM, Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>>
>> On Wed, 27 Mar 2013 17:39:30 -0400
>> Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>>> I notice the patch in this message
>>>
>>> http://thread.gmane.org/gmane.linux.kernel.cifs/7655/focus=7671
>>>
>>> Never made it into Linus's tree. It's also not in Debian or RedHat's
>>> kernels. I'm running into this on CentOS.
>>>
>>> Has there been any activity on this issue since December?
>>>
>>> Incidentally, I filed a bug report on bugs.redhat.com relating to what
>>> I'm hitting:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=928516
>>>
>>
>> If you have a support contract with Red Hat, then it would be best to
>> open a support case, which will help make the case for its inclusion
>> into the RHEL kernel.
>>
>>> I'm looking for a good reason to (or to not) apply the patches to the
>>> current RH kernel on my systems; I rather need it for my current project.
>>>
>>> (I'd respond via the linux-cifs list, but Thunderbird is being a PITA
>>> and preventing me from subscribing to it via gmane's NNTP, through which
>>> I'd be able to reply to the thread directly...)
>>>
>>
>> You're correct that it never made it in. I think the patch makes
>> sense...Steve, was there some reason you didn't merge it?
>>
>> In the meantime, if you're able to test the patch and reply on-list
>> with the results then that would be helpful.
>>
>> Thanks,
>> --
>> Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> 
> 
> 
> I don't remember getting any other test feedback on it - do we have
> some additional tested-by to add (or anyone else review it).  I didn't
> personally try it (I was traveling during the holiday break when it
> was discussed) and I didn't see it in Jeff's tree so I assumed that he
> found a problem with it.
> 
> Does it fix your situation?

I haven't tried it, but:

1) When I hit my problem symptoms, I hypothesized a probable cause.
(desync of crypto state between client and server)
2) The patch addresses the same class of bug.

Based on my understanding of the components involved, I think it highly
likely the patch will fix it. I do have a server I can test it on, so
I'll give it a try.

While I'm here, I'll raise one other thing...the code increments the
sequence number twice when preparing a send, once for the send, and once
for response. My gut tells me that it would be less sloppy to instead
increment once for send, and once at the time of receipt...but updating
the sequence number at that time might carry an unnecessary performance
penalty, and so perhaps that's a valid use of the server's receive
window. (I haven't studied the protocol in depth, though, so I might be
way off.)



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]

Re: Packet signing and sequence numbers

[Jeff Layton]

[-- Attachment #1: Type: text/plain, Size: 1407 bytes --]

On Wed, 27 Mar 2013 17:39:30 -0400
Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

> I notice the patch in this message
> 
> http://thread.gmane.org/gmane.linux.kernel.cifs/7655/focus=7671
> 
> Never made it into Linus's tree. It's also not in Debian or RedHat's
> kernels. I'm running into this on CentOS.
> 
> Has there been any activity on this issue since December?
> 
> Incidentally, I filed a bug report on bugs.redhat.com relating to what
> I'm hitting:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=928516
> 

If you have a support contract with Red Hat, then it would be best to
open a support case, which will help make the case for its inclusion
into the RHEL kernel.

> I'm looking for a good reason to (or to not) apply the patches to the
> current RH kernel on my systems; I rather need it for my current project.
> 
> (I'd respond via the linux-cifs list, but Thunderbird is being a PITA
> and preventing me from subscribing to it via gmane's NNTP, through which
> I'd be able to reply to the thread directly...)
>

You're correct that it never made it in. I think the patch makes
sense...Steve, was there some reason you didn't merge it?

In the meantime, if you're able to test the patch and reply on-list
with the results then that would be helpful.

Thanks,
-- 
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: Packet signing and sequence numbers

[Jeff Layton]

[-- Attachment #1: Type: text/plain, Size: 3524 bytes --]

On Wed, 27 Mar 2013 22:51:13 -0400
Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

> On 03/27/2013 10:15 PM, Steve French wrote:
> > On Wed, Mar 27, 2013 at 8:11 PM, Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> >>
> >> On Wed, 27 Mar 2013 17:39:30 -0400
> >> Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>
> >>> I notice the patch in this message
> >>>
> >>> http://thread.gmane.org/gmane.linux.kernel.cifs/7655/focus=7671
> >>>
> >>> Never made it into Linus's tree. It's also not in Debian or RedHat's
> >>> kernels. I'm running into this on CentOS.
> >>>
> >>> Has there been any activity on this issue since December?
> >>>
> >>> Incidentally, I filed a bug report on bugs.redhat.com relating to what
> >>> I'm hitting:
> >>>
> >>> https://bugzilla.redhat.com/show_bug.cgi?id=928516
> >>>
> >>
> >> If you have a support contract with Red Hat, then it would be best to
> >> open a support case, which will help make the case for its inclusion
> >> into the RHEL kernel.
> >>
> >>> I'm looking for a good reason to (or to not) apply the patches to the
> >>> current RH kernel on my systems; I rather need it for my current project.
> >>>
> >>> (I'd respond via the linux-cifs list, but Thunderbird is being a PITA
> >>> and preventing me from subscribing to it via gmane's NNTP, through which
> >>> I'd be able to reply to the thread directly...)
> >>>
> >>
> >> You're correct that it never made it in. I think the patch makes
> >> sense...Steve, was there some reason you didn't merge it?
> >>
> >> In the meantime, if you're able to test the patch and reply on-list
> >> with the results then that would be helpful.
> >>
> >> Thanks,
> >> --
> >> Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > 
> > 
> > 
> > I don't remember getting any other test feedback on it - do we have
> > some additional tested-by to add (or anyone else review it).  I didn't
> > personally try it (I was traveling during the holiday break when it
> > was discussed) and I didn't see it in Jeff's tree so I assumed that he
> > found a problem with it.
> > 

I think I thought you had merged it for 3.8 and dropped it. I never saw
any problems with it. Let's get it in for 3.9.

> > Does it fix your situation?
> 
> I haven't tried it, but:
> 
> 1) When I hit my problem symptoms, I hypothesized a probable cause.
> (desync of crypto state between client and server)
> 2) The patch addresses the same class of bug.
> 
> Based on my understanding of the components involved, I think it highly
> likely the patch will fix it. I do have a server I can test it on, so
> I'll give it a try.
> 
> While I'm here, I'll raise one other thing...the code increments the
> sequence number twice when preparing a send, once for the send, and once
> for response. My gut tells me that it would be less sloppy to instead
> increment once for send, and once at the time of receipt...but updating
> the sequence number at that time might carry an unnecessary performance
> penalty, and so perhaps that's a valid use of the server's receive
> window. (I haven't studied the protocol in depth, though, so I might be
> way off.)
> 
> 

No, I think you're quite right. It would be much cleaner to do it that
way. That's a bit more of an overhaul though, and I think the patch is
appropriate as-is for now.

Cheers,
-- 
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: Packet signing and sequence numbers

[Jeff Layton]

On Thu, 28 Mar 2013 06:52:34 -0400
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:

> On Wed, 27 Mar 2013 22:51:13 -0400
> Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> 
> > On 03/27/2013 10:15 PM, Steve French wrote:
> > > On Wed, Mar 27, 2013 at 8:11 PM, Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> > >>
> > >> On Wed, 27 Mar 2013 17:39:30 -0400
> > >> Michael Mol <mikemol-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > >>
> > >>> I notice the patch in this message
> > >>>
> > >>> http://thread.gmane.org/gmane.linux.kernel.cifs/7655/focus=7671
> > >>>
> > >>> Never made it into Linus's tree. It's also not in Debian or RedHat's
> > >>> kernels. I'm running into this on CentOS.
> > >>>
> > >>> Has there been any activity on this issue since December?
> > >>>
> > >>> Incidentally, I filed a bug report on bugs.redhat.com relating to what
> > >>> I'm hitting:
> > >>>
> > >>> https://bugzilla.redhat.com/show_bug.cgi?id=928516
> > >>>
> > >>
> > >> If you have a support contract with Red Hat, then it would be best to
> > >> open a support case, which will help make the case for its inclusion
> > >> into the RHEL kernel.
> > >>
> > >>> I'm looking for a good reason to (or to not) apply the patches to the
> > >>> current RH kernel on my systems; I rather need it for my current project.
> > >>>
> > >>> (I'd respond via the linux-cifs list, but Thunderbird is being a PITA
> > >>> and preventing me from subscribing to it via gmane's NNTP, through which
> > >>> I'd be able to reply to the thread directly...)
> > >>>
> > >>
> > >> You're correct that it never made it in. I think the patch makes
> > >> sense...Steve, was there some reason you didn't merge it?
> > >>
> > >> In the meantime, if you're able to test the patch and reply on-list
> > >> with the results then that would be helpful.
> > >>
> > >> Thanks,
> > >> --
> > >> Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > > 
> > > 
> > > 
> > > I don't remember getting any other test feedback on it - do we have
> > > some additional tested-by to add (or anyone else review it).  I didn't
> > > personally try it (I was traveling during the holiday break when it
> > > was discussed) and I didn't see it in Jeff's tree so I assumed that he
> > > found a problem with it.
> > > 
> 
> I think I thought you had merged it for 3.8 and dropped it. I never saw
> any problems with it. Let's get it in for 3.9.
> 


I think I was confused...

The main patch that I am concerned with was merged quite some time ago
in commit 31efee60f489c759c341. The other one needs more work before we
can merge it, I think.

That problem ought to be more rare though. Basically, you'd need to
have the task catch a signal before sending anything on the wire. I'll
see if I can clean that patch up later today and will send a draft of
it.

-- 
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>