Hello Linus- Two items to note before I make this pull request: - There is one regression with exported tmpfs file systems due to a change in the Linux v6.2 NFS client. The consensus is that to address it, we will need to implement stable directory cookies for tmpfs. A plan is maturing to take this project on. - The reported issues with the NFSD filecache in v6.0 and v6.1 have quieted... we believe NFSD in the latest 6.1.y kernels is now stable; likewise for v6.2. In an abundance of caution, I've limited changes to the NFSD filecache for v6.3 to only bug fixes to see if broader testing reveals any more issues before we move on with further enhancements in that area. --- cut here --- The following changes since commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c: Linux 6.2 (2023-02-19 14:24:22 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git tags/nfsd-6.3 for you to fetch changes up to 4b471a8b847b82a3035709dcf87661915c340c8a: NFSD: Clean up nfsd_symlink() (2023-02-20 09:20:59 -0500) ---------------------------------------------------------------- NFSD 6.3 Release Notes Two significant security enhancements are part of this release: * NFSD's RPC header encoding and decoding, including RPCSEC GSS and gssproxy header parsing, has been overhauled to make it more memory-safe. * Support for Kerberos AES-SHA2-based encryption types has been added for both the NFS client and server. This provides a clean path for deprecating and removing insecure encryption types based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so that NFS with Kerberos may now be used on systems with fips enabled. In addition to these, NFSD is now able to handle crossing into an auto-mounted mount point on an exported NFS mount. A number of fixes have been made to NFSD's server-side copy implementation. RPC metrics have been converted to per-CPU variables. This helps reduce unnecessary cross-CPU and cross-node memory bus traffic, and significantly reduces noise when KCSAN is enabled. ---------------------------------------------------------------- Benjamin Coddington (1): nfsd: fix race to check ls_layouts Chuck Lever (101): SUNRPC: Push svcxdr_init_decode() into svc_process_common() SUNRPC: Move svcxdr_init_decode() into ->accept methods SUNRPC: Add an XDR decoding helper for struct opaque_auth SUNRPC: Convert svcauth_null_accept() to use xdr_stream SUNRPC: Convert svcauth_unix_accept() to use xdr_stream SUNRPC: Convert svcauth_tls_accept() to use xdr_stream SUNRPC: Move the server-side GSS upcall to a noinline function SUNRPC: Hoist common verifier decoding code into svcauth_gss_proc_init() SUNRPC: Remove gss_read_common_verf() SUNRPC: Remove gss_read_verf() SUNRPC: Convert server-side GSS upcall helpers to use xdr_stream SUNRPC: Replace read_u32_from_xdr_buf() with existing XDR helper SUNRPC: Rename automatic variables in unwrap_integ_data() SUNRPC: Convert unwrap_integ_data() to use xdr_stream SUNRPC: Rename automatic variables in unwrap_priv_data() SUNRPC: Convert unwrap_priv_data() to use xdr_stream SUNRPC: Convert gss_verify_header() to use xdr_stream SUNRPC: Clean up svcauth_gss_accept's NULL procedure check SUNRPC: Convert the svcauth_gss_accept() pre-amble to use xdr_stream SUNRPC: Hoist init_decode out of svc_authenticate() SUNRPC: Re-order construction of the first reply fields SUNRPC: Eliminate unneeded variable SUNRPC: Decode most of RPC header with xdr_stream SUNRPC: Remove svc_process_common's argv parameter SUNRPC: Hoist svcxdr_init_decode() into svc_process() SUNRPC: Clean up svcauth_gss_release() SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_integ() SUNRPC: Record gss_get_mic() errors in svcauth_gss_wrap_integ() SUNRPC: Replace checksum construction in svcauth_gss_wrap_integ() SUNRPC: Convert svcauth_gss_wrap_integ() to use xdr_stream() SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_priv() SUNRPC: Record gss_wrap() errors in svcauth_gss_wrap_priv() SUNRPC: Add @head and @tail variables in svcauth_gss_wrap_priv() SUNRPC: Convert svcauth_gss_wrap_priv() to use xdr_stream() SUNRPC: Check rq_auth_stat when preparing to wrap a response SUNRPC: Remove the rpc_stat variable in svc_process_common() SUNRPC: Add XDR encoding helper for opaque_auth SUNRPC: Push svcxdr_init_encode() into svc_process_common() SUNRPC: Move svcxdr_init_encode() into ->accept methods SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_null_accept() SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_unix_accept() SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_tls_accept() SUNRPC: Convert unwrap data paths to use xdr_stream for replies SUNRPC: Use xdr_stream to encode replies in server-side GSS upcall helpers SUNRPC: Use xdr_stream for encoding GSS reply verifiers SUNRPC: Hoist init_encode out of svc_authenticate() SUNRPC: Convert RPC Reply header encoding to use xdr_stream SUNRPC: Final clean-up of svc_process_common() SUNRPC: Remove no-longer-used helper functions SUNRPC: Refactor RPC server dispatch method SUNRPC: Set rq_accept_statp inside ->accept methods SUNRPC: Go back to using gsd->body_start SUNRPC: Use per-CPU counters to tally server RPC counts SUNRPC: Replace pool stats with per-CPU variables SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h SUNRPC: Remove .blocksize field from struct gss_krb5_enctype SUNRPC: Remove .conflen field from struct gss_krb5_enctype SUNRPC: Improve Kerberos confounder generation SUNRPC: Obscure Kerberos session key SUNRPC: Refactor set-up for aux_cipher SUNRPC: Obscure Kerberos encryption keys SUNRPC: Obscure Kerberos signing keys SUNRPC: Obscure Kerberos integrity keys SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism SUNRPC: Remove another switch on ctx->enctype SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods SUNRPC: Hoist KDF into struct gss_krb5_enctype SUNRPC: Clean up cipher set up for v1 encryption types SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher() SUNRPC: Add new subkey length fields SUNRPC: Refactor CBC with CTS into helpers SUNRPC: Add gk5e definitions for RFC 8009 encryption types SUNRPC: Add KDF-HMAC-SHA2 SUNRPC: Add RFC 8009 encryption and decryption functions SUNRPC: Advertise support for RFC 8009 encryption types SUNRPC: Support the Camellia enctypes SUNRPC: Add KDF_FEEDBACK_CMAC SUNRPC: Advertise support for the Camellia encryption types SUNRPC: Move remaining internal definitions to gss_krb5_internal.h SUNRPC: Add KUnit tests for rpcsec_krb5.ko SUNRPC: Export get_gss_krb5_enctype() SUNRPC: Add KUnit tests RFC 3961 Key Derivation SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types SUNRPC: Add KDF-HMAC-SHA2 Kunit tests SUNRPC: Add RFC 8009 checksum KUnit tests SUNRPC: Add RFC 8009 encryption KUnit tests SUNRPC: Add encryption self-tests SUNRPC: Fix whitespace damage in svcauth_unix.c SUNRPC: Clean up the svc_xprt_flags() macro SUNRPC: Remove ->xpo_secure_port() SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes NFSD: copy the whole verifier in nfsd_copy_write_verifier NFSD: Clean up nfsd_symlink() Dai Ngo (3): NFSD: enhance inter-server copy cleanup NFSD: fix leaked reference count of nfsd4_ssc_umount_item NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton (13): nfsd: allow nfsd_file_get to sanely handle a NULL pointer nfsd: fix potential race in nfs4_find_file nfsd: move reply cache initialization into nfsd startup nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS nfsd: eliminate find_deleg_file_locked nfsd: add some kerneldoc comments for stateid preprocessing functions nfsd: eliminate __nfs4_get_fd nfsd: zero out pointers after putting nfsd_files on COPY setup error nfsd: clean up potential nfsd_file refcount leaks in COPY codepath nfsd: remove fs/nfsd/fault_inject.c nfsd: don't hand out delegation on setuid files being opened for write nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open nfsd: don't fsync nfsd_files on last close Richard Weinberger (3): NFSD: Teach nfsd_mountpoint() auto mounts fs: namei: Allow follow_down() to uncover auto mounts NFS: nfs_encode_fh: Remove S_AUTOMOUNT check fs/lockd/svc.c | 21 ++- fs/namei.c | 6 +- fs/nfs/callback_xdr.c | 13 +- fs/nfs/export.c | 2 +- fs/nfsd/fault_inject.c | 142 ---------------- fs/nfsd/filecache.c | 49 ++---- fs/nfsd/nfs2acl.c | 5 +- fs/nfsd/nfs3acl.c | 5 +- fs/nfsd/nfs3proc.c | 5 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 206 +++++++++++------------ fs/nfsd/nfs4state.c | 130 ++++++++------ fs/nfsd/nfscache.c | 4 +- fs/nfsd/nfsctl.c | 77 ++++++--- fs/nfsd/nfsd.h | 2 +- fs/nfsd/nfsproc.c | 6 +- fs/nfsd/nfssvc.c | 23 +-- fs/nfsd/state.h | 2 - fs/nfsd/trace.h | 31 ---- fs/nfsd/vfs.c | 8 +- fs/nfsd/xdr4.h | 2 +- include/linux/lockd/lockd.h | 4 +- include/linux/namei.h | 2 +- include/linux/nfs_ssc.h | 2 +- include/linux/sunrpc/gss_krb5.h | 196 +++------------------- include/linux/sunrpc/gss_krb5_enctypes.h | 41 ----- include/linux/sunrpc/msg_prot.h | 5 + include/linux/sunrpc/svc.h | 133 ++++++--------- include/linux/sunrpc/svc_xprt.h | 1 - include/linux/sunrpc/xdr.h | 28 +++- include/trace/events/rpcgss.h | 22 +++ include/trace/events/sunrpc.h | 28 ++-- net/sunrpc/.kunitconfig | 30 ++++ net/sunrpc/Kconfig | 102 +++++++++-- net/sunrpc/auth_gss/Makefile | 2 + net/sunrpc/auth_gss/auth_gss.c | 17 ++ net/sunrpc/auth_gss/gss_krb5_crypto.c | 662 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------ net/sunrpc/auth_gss/gss_krb5_internal.h | 232 +++++++++++++++++++++++++ net/sunrpc/auth_gss/gss_krb5_keys.c | 418 +++++++++++++++++++++++++++++++++++++++------ net/sunrpc/auth_gss/gss_krb5_mech.c | 730 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------- net/sunrpc/auth_gss/gss_krb5_seal.c | 122 ++++++-------- net/sunrpc/auth_gss/gss_krb5_seqnum.c | 2 + net/sunrpc/auth_gss/gss_krb5_test.c | 2040 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ net/sunrpc/auth_gss/gss_krb5_unseal.c | 63 +++---- net/sunrpc/auth_gss/gss_krb5_wrap.c | 124 +++----------- net/sunrpc/auth_gss/svcauth_gss.c | 1099 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------ net/sunrpc/netns.h | 1 + net/sunrpc/stats.c | 11 +- net/sunrpc/svc.c | 158 ++++++++--------- net/sunrpc/svc_xprt.c | 20 +-- net/sunrpc/svcauth.c | 13 +- net/sunrpc/svcauth_unix.c | 178 ++++++++++++++------ net/sunrpc/svcsock.c | 4 +- net/sunrpc/xdr.c | 79 ++++++++- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 1 + net/sunrpc/xprtrdma/svc_rdma_transport.c | 7 - 56 files changed, 5234 insertions(+), 2086 deletions(-) delete mode 100644 fs/nfsd/fault_inject.c delete mode 100644 include/linux/sunrpc/gss_krb5_enctypes.h create mode 100644 net/sunrpc/.kunitconfig create mode 100644 net/sunrpc/auth_gss/gss_krb5_internal.h create mode 100644 net/sunrpc/auth_gss/gss_krb5_test.c -- Chuck Lever