From: Jeff Layton <jlayton@redhat.com>
To: bfields@fieldses.org
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH v3 0/2] nfsd: checksum first 256 bytes of request to guard against XID collisions in the DRC
Date: Thu, 7 Feb 2013 09:51:39 -0500 [thread overview]
Message-ID: <1360248701-23963-1-git-send-email-jlayton@redhat.com> (raw)
This patchset is a respin of the ones that Bruce has not yet committed
of my DRC overhaul. The main difference is the first patch, which adds a
routine to strip the trailing checksum off of decrypted or
integrity-verified buffer.
I've tested both the client and server with different krb5 flavors (and
using both the v1 and v2 codepaths) and it seems to work fine with those
checksum blobs stripped off.
I think we should consider this for 3.9 since XID collisions are a lot
more likely now with the new DRC code in place.
Jeff Layton (2):
sunrpc: trim off trailing checksum before returning decrypted or
integrity authenticated buffer
nfsd: keep a checksum of the first 256 bytes of request
fs/nfsd/cache.h | 5 ++++
fs/nfsd/nfscache.c | 53 ++++++++++++++++++++++++++++++++++---
include/linux/sunrpc/xdr.h | 1 +
net/sunrpc/auth_gss/gss_krb5_wrap.c | 2 ++
net/sunrpc/auth_gss/svcauth_gss.c | 10 +++++--
net/sunrpc/xdr.c | 42 +++++++++++++++++++++++++++++
6 files changed, 107 insertions(+), 6 deletions(-)
--
1.7.11.7
next reply other threads:[~2013-02-07 14:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-07 14:51 Jeff Layton [this message]
2013-02-07 14:51 ` [PATCH v3 1/2] sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer Jeff Layton
2013-02-07 14:51 ` [PATCH v3 2/2] nfsd: keep a checksum of the first 256 bytes of request Jeff Layton
2013-02-07 15:51 ` Chuck Lever
2013-02-07 16:00 ` J. Bruce Fields
2013-02-07 16:23 ` Chuck Lever
2013-02-07 16:37 ` J. Bruce Fields
2013-02-07 16:41 ` Jim Rees
2013-02-07 16:32 ` Myklebust, Trond
2013-02-07 18:35 ` Jeff Layton
2013-02-08 15:41 ` Jeff Layton
2013-02-07 18:03 ` Jeff Layton
2013-02-08 13:27 ` Jeff Layton
2013-02-08 15:42 ` Chuck Lever
2013-02-08 15:57 ` Jeff Layton
2013-02-08 20:55 ` J. Bruce Fields
2013-02-08 20:59 ` Chuck Lever
2013-02-08 21:02 ` J. Bruce Fields
2013-02-09 11:36 ` Jeff Layton
2013-02-07 15:11 ` [PATCH v3 0/2] nfsd: checksum first 256 bytes of request to guard against XID collisions in the DRC J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1360248701-23963-1-git-send-email-jlayton@redhat.com \
--to=jlayton@redhat.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox