From: Trond Myklebust <trondmy@kernel.org>
To: linux-nfs@vger.kernel.org
Cc: Mike Snitzer <snitzer@kernel.org>,
Olga Kornievskaia <okorniev@redhat.com>,
Christoph Hellwig <hch@infradead.org>
Subject: [PATCH 0/4] TLS fixes for 6.18
Date: Sat, 18 Oct 2025 20:10:32 -0400 [thread overview]
Message-ID: <cover.1760831906.git.trond.myklebust@hammerspace.com> (raw)
From: Trond Myklebust <trond.myklebust@hammerspace.com>
The following patches fix a couple of logic errors in the pNFS files and
flexfiles drivers' use of TLS. The first two fix logic errors which can
cause TLS-incapable protocols such as RDMA to be added to existing
TLS/TCP NFS clients.
The second patch adds fixes to ensure that the DS client TLS policy
settings match the requested transport type.
Finally, there is a fix to ensure that if the mount syscall parameters
include the "cert_serial" and "privkey_serial" options, then
nfs_match_client() will check those parameters against existing
nfs_client instances.
Trond Myklebust (4):
pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect()
pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using
TLS
NFS: Check the TLS certificate fields in nfs_match_client()
fs/nfs/client.c | 8 ++++++
fs/nfs/nfs3client.c | 14 ++++++++--
fs/nfs/nfs4client.c | 14 ++++++++--
fs/nfs/pnfs_nfs.c | 66 ++++++++++++++++++++++++---------------------
4 files changed, 67 insertions(+), 35 deletions(-)
--
2.51.0
next reply other threads:[~2025-10-19 0:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-19 0:10 Trond Myklebust [this message]
2025-10-19 0:10 ` [PATCH 1/4] pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect() Trond Myklebust
2025-10-19 0:10 ` [PATCH 2/4] pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() Trond Myklebust
2025-10-19 0:10 ` [PATCH 3/4] pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS Trond Myklebust
2025-10-19 17:11 ` Chuck Lever
2025-10-19 0:10 ` [PATCH 4/4] NFS: Check the TLS certificate fields in nfs_match_client() Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1760831906.git.trond.myklebust@hammerspace.com \
--to=trondmy@kernel.org \
--cc=hch@infradead.org \
--cc=linux-nfs@vger.kernel.org \
--cc=okorniev@redhat.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.