From: Benjamin Coddington <bcodding@hammerspace.com>
To: Chuck Lever <chuck.lever@oracle.com>,
Jeff Layton <jlayton@kernel.org>, NeilBrown <neil@brown.name>,
Trond Myklebust <trondmy@kernel.org>,
Anna Schumaker <anna@kernel.org>,
Benjamin Coddington <bcodding@hammerspace.com>
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH v1 0/7] kNFSD Encrypted Filehandles
Date: Sat, 27 Dec 2025 12:04:48 -0500 [thread overview]
Message-ID: <cover.1766848778.git.bcodding@hammerspace.com> (raw)
In-Reply-To: <510E10A4-11BE-412D-93AF-C4CC969954E7@hammerspace.com>
In order to harden kNFSD against various filehandle manipulation techniques
the following patches implement a method of reversibly encrypting filehandle
contents.
Using the kernel's skcipher AES-CBC, filehandles are encrypted by firstly
hashing the fileid using the fsid as a salt, then using the hashed fileid as
the first block to finally hash the fsid.
The first attempts at this used stack-allocated buffers, but I ran into many
memory alignment problems on my arm64 machine that sent me back to using
GFP_KERNEL allocations (here's to you /include/linux/scatterlist.h:210). In
order to avoid constant allocation/freeing, the buffers are allocated once
for every knfsd thread. If anyone has suggestions for reducing the number
of buffers required and their memcpy() operations, I am all ears.
Currently the code overloads filehandle's auth_type byte. This seems
appropriate for this purpose, but this implementation does not actually
reject unencrypted filehandles on an export that is giving out encrypted
ones. I expect we'll want to tighten this up in a future version.
Comments and critique welcome.
Benjamin Coddington (7):
nfsd: Convert export flags to use BIT() macro
nfsd: Add a symmetric-key cipher for encrypted filehandles
nfsd/sunrpc: add per-thread crypto context pointer
NFSD: Add a per-knfsd reusable encfh_buf
NFSD/export: Add encrypt_fh export option
NFSD: Add filehandle crypto functions and helpers
NFSD: Enable filehandle encryption
Documentation/netlink/specs/nfsd.yaml | 12 ++
fs/nfsd/export.c | 7 +-
fs/nfsd/localio.c | 2 +-
fs/nfsd/lockd.c | 2 +-
fs/nfsd/netlink.c | 15 +++
fs/nfsd/netlink.h | 1 +
fs/nfsd/netns.h | 1 +
fs/nfsd/nfs3proc.c | 10 +-
fs/nfsd/nfs3xdr.c | 14 +-
fs/nfsd/nfs4proc.c | 10 +-
fs/nfsd/nfs4xdr.c | 14 +-
fs/nfsd/nfsctl.c | 40 +++++-
fs/nfsd/nfsfh.c | 179 +++++++++++++++++++++++++-
fs/nfsd/nfsfh.h | 26 +++-
fs/nfsd/nfsproc.c | 8 +-
fs/nfsd/trace.h | 19 +++
include/linux/sunrpc/svc.h | 12 +-
include/uapi/linux/nfsd/export.h | 36 +++---
include/uapi/linux/nfsd_netlink.h | 2 +
net/sunrpc/svc.c | 1 +
20 files changed, 356 insertions(+), 55 deletions(-)
--
2.50.1
next prev parent reply other threads:[~2025-12-27 17:04 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-27 17:00 [RFC/v1] kNFSD Encrypted Filehandles Benjamin Coddington
2025-12-27 17:03 ` [PATCH v1 0/2] nfs-utils: encrypted filehandle support Benjamin Coddington
2025-12-27 17:03 ` [PATCH v1 1/2] nfsdctl: Add support for passing encrypted filehandle key Benjamin Coddington
2025-12-27 17:03 ` [PATCH v1 2/2] exportfs: Add support for export option encrypt_fh Benjamin Coddington
2025-12-27 17:04 ` Benjamin Coddington [this message]
2025-12-27 17:04 ` [PATCH v1 1/7] nfsd: Convert export flags to use BIT() macro Benjamin Coddington
2025-12-27 17:04 ` [PATCH v1 2/7] nfsd: Add a symmetric-key cipher for encrypted filehandles Benjamin Coddington
2025-12-27 17:04 ` [PATCH v1 3/7] nfsd/sunrpc: add per-thread crypto context pointer Benjamin Coddington
2025-12-27 17:04 ` [PATCH v1 4/7] NFSD: Add a per-knfsd reusable encfh_buf Benjamin Coddington
2025-12-28 17:52 ` kernel test robot
2025-12-29 0:33 ` kernel test robot
2025-12-27 17:04 ` [PATCH v1 5/7] NFSD/export: Add encrypt_fh export option Benjamin Coddington
2025-12-27 17:04 ` [PATCH v1 6/7] NFSD: Add filehandle crypto functions and helpers Benjamin Coddington
2025-12-27 17:14 ` Benjamin Coddington
2025-12-28 1:34 ` Chuck Lever
2025-12-28 20:45 ` Eric Biggers
2025-12-29 13:39 ` Benjamin Coddington
2025-12-28 5:17 ` kernel test robot
2025-12-27 17:04 ` [PATCH v1 7/7] NFSD: Enable filehandle encryption Benjamin Coddington
2025-12-27 23:06 ` [PATCH v1 0/7] kNFSD Encrypted Filehandles NeilBrown
2025-12-27 23:26 ` Benjamin Coddington
2025-12-28 5:49 ` NeilBrown
2025-12-28 17:05 ` Rick Macklem
2025-12-29 12:52 ` Benjamin Coddington
2025-12-28 5:33 ` [PATCH v1 1/7] nfsd: Convert export flags to use BIT() macro NeilBrown
2025-12-29 12:11 ` Benjamin Coddington
2025-12-28 17:09 ` [PATCH v1 0/7] kNFSD Encrypted Filehandles Chuck Lever
2025-12-29 13:23 ` Benjamin Coddington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1766848778.git.bcodding@hammerspace.com \
--to=bcodding@hammerspace.com \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neil@brown.name \
--cc=trondmy@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).