1. 27 Mar, 2020 8 commits
  2. 26 Mar, 2020 4 commits
    • Trond Myklebust's avatar
    • Trond Myklebust's avatar
      NFS/pNFS: Refactor pnfs_generic_commit_pagelist() · 19573c93
      Trond Myklebust authored
      Refactor pnfs_generic_commit_pagelist() to simplify the conversion
      to layout segment based commit lists.
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      19573c93
    • Trond Myklebust's avatar
      pNFS/flexfiles: Simplify allocation of the mirror array · 329651b1
      Trond Myklebust authored
      Just allocate the array at the end of the layout segment structure,
      instead of allocating it as a separate array of pointers.
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      329651b1
    • Olga Kornievskaia's avatar
      SUNRPC: fix krb5p mount to provide large enough buffer in rq_rcvsize · df513a77
      Olga Kornievskaia authored
      Ever since commit 2c94b8ec ("SUNRPC: Use au_rslack when computing
      reply buffer size"). It changed how "req->rq_rcvsize" is calculated. It
      used to use au_cslack value which was nice and large and changed it to
      au_rslack value which turns out to be too small.
      
      Since 5.1, v3 mount with sec=krb5p fails against an Ontap server
      because client's receive buffer it too small.
      
      For gss krb5p, we need to account for the mic token in the verifier,
      and the wrap token in the wrap token.
      
      RFC 4121 defines:
      mic token
      Octet no   Name        Description
               --------------------------------------------------------------
               0..1     TOK_ID     Identification field.  Tokens emitted by
                                   GSS_GetMIC() contain the hex value 04 04
                                   expressed in big-endian order in this
                                   field.
               2        Flags      Attributes field, as described in section
                                   4.2.2.
               3..7     Filler     Contains five octets of hex value FF.
               8..15    SND_SEQ    Sequence number field in clear text,
                                   expressed in big-endian order.
               16..last SGN_CKSUM  Checksum of the "to-be-signed" data and
                                   octet 0..15, as described in section 4.2.4.
      
      that's 16bytes (GSS_KRB5_TOK_HDR_LEN) + chksum
      
      wrap token
      Octet no   Name        Description
               --------------------------------------------------------------
                0..1     TOK_ID    Identification field.  Tokens emitted by
                                   GSS_Wrap() contain the hex value 05 04
                                   expressed in big-endian order in this
                                   field.
                2        Flags     Attributes field, as described in section
                                   4.2.2.
                3        Filler    Contains the hex value FF.
                4..5     EC        Contains the "extra count" field, in big-
                                   endian order as described in section 4.2.3.
                6..7     RRC       Contains the "right rotation count" in big-
                                   endian order, as described in section
                                   4.2.5.
                8..15    SND_SEQ   Sequence number field in clear text,
                                   expressed in big-endian order.
                16..last Data      Encrypted data for Wrap tokens with
                                   confidentiality, or plaintext data followed
                                   by the checksum for Wrap tokens without
                                   confidentiality, as described in section
                                   4.2.4.
      
      Also 16bytes of header (GSS_KRB5_TOK_HDR_LEN), encrypted data, and cksum
      (other things like padding)
      
      RFC 3961 defines known cksum sizes:
      Checksum type              sumtype        checksum         section or
                                      value            size         reference
         ---------------------------------------------------------------------
         CRC32                            1               4           6.1.3
         rsa-md4                          2              16           6.1.2
         rsa-md4-des                      3              24           6.2.5
         des-mac                          4              16           6.2.7
         des-mac-k                        5               8           6.2.8
         rsa-md4-des-k                    6              16           6.2.6
         rsa-md5                          7              16           6.1.1
         rsa-md5-des                      8              24           6.2.4
         rsa-md5-des3                     9              24             ??
         sha1 (unkeyed)                  10              20             ??
         hmac-sha1-des3-kd               12              20            6.3
         hmac-sha1-des3                  13              20             ??
         sha1 (unkeyed)                  14              20             ??
         hmac-sha1-96-aes128             15              20         [KRB5-AES]
         hmac-sha1-96-aes256             16              20         [KRB5-AES]
         [reserved]                  0x8003               ?         [GSS-KRB5]
      
      Linux kernel now mainly supports type 15,16 so max cksum size is 20bytes.
      (GSS_KRB5_MAX_CKSUM_LEN)
      
      Re-use already existing define of GSS_KRB5_MAX_SLACK_NEEDED that's used
      for encoding the gss_wrap tokens (same tokens are used in reply).
      
      Fixes: 2c94b8ec ("SUNRPC: Use au_rslack when computing reply buffer size")
      Signed-off-by: default avatarOlga Kornievskaia <kolga@netapp.com>
      Reviewed-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      df513a77
  3. 25 Mar, 2020 2 commits
  4. 22 Mar, 2020 1 commit
  5. 17 Mar, 2020 1 commit
  6. 16 Mar, 2020 24 commits