linux-stable/fs/nfsd
Linus Torvalds 9fc2f99030 NFSD 6.3 Release Notes
Two significant security enhancements are part of this release:
 
 * NFSD's RPC header encoding and decoding, including RPCSEC GSS
   and gssproxy header parsing, has been overhauled to make it
   more memory-safe.
 
 * Support for Kerberos AES-SHA2-based encryption types has been
   added for both the NFS client and server. This provides a clean
   path for deprecating and removing insecure encryption types
   based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so
   that NFS with Kerberos may now be used on systems with fips
   enabled.
 
 In addition to these, NFSD is now able to handle crossing into an
 auto-mounted mount point on an exported NFS mount. A number of
 fixes have been made to NFSD's server-side copy implementation.
 
 RPC metrics have been converted to per-CPU variables. This helps
 reduce unnecessary cross-CPU and cross-node memory bus traffic,
 and significantly reduces noise when KCSAN is enabled.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmPzgiYACgkQM2qzM29m
 f5dB2A//eqjpj+FgAN+UjygrwMC4ahAsPX3Sc3FG8/lTAiao3NFVFY2gxAiCPyVE
 CFk+tUyfL23oXvbyfIBe3LhxSBOf621xU6up2OzqAzJqh1Q9iUWB6as3I14to8ZU
 sWpxXo5ofwk1hzkbrvOAVkyfY0emwsr00iBeWMawkpBe8FZEQA31OYj3/xHr6bBI
 zEVlZPBZAZlp0DZ74tb+bBLs/EOnqKj+XLWcogCH13JB3sn2umF6cQNkYgsxvHGa
 TNQi4LEdzWZGme242LfBRiGGwm1xuVIjlAhYV/R1wIjaknE3QBzqfXc6lJx74WII
 HaqpRJGrKqdo7B+1gaXCl/AMS7YluED1CBrxuej0wBG7l2JEB7m2MFMQ4LTQjgsn
 nrr3P70DgbB4LuPCPyUS7dtsMmUXabIqP7niiCR4T1toH6lBmHAgEi4cFmkzg7Cd
 EoFzn888mtDpfx4fghcsRWS5oKXEzbPJfu5+IZOD63+UB+NGpi0Xo2s23sJPK8vz
 kqK/X63JYOUxWUvK0zkj/c/wW1cLqIaBwnSKbShou5/BL+cZVI+uJYrnEesgpoB2
 5fh/cZv3hdcoOPO7OfcjCLQYy4J6RCWajptnk/hcS3lMvBTBrnq697iAqCVURDKU
 Xfmlf7XbBwje+sk4eHgqVGEqqVjrEmoqbmA2OS44WSS5LDvxXdI=
 =ZG/7
 -----END PGP SIGNATURE-----

Merge tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

Pull nfsd updates from Chuck Lever:
 "Two significant security enhancements are part of this release:

   - NFSD's RPC header encoding and decoding, including RPCSEC GSS and
     gssproxy header parsing, has been overhauled to make it more
     memory-safe.

   - Support for Kerberos AES-SHA2-based encryption types has been added
     for both the NFS client and server. This provides a clean path for
     deprecating and removing insecure encryption types based on DES and
     SHA-1. AES-SHA2 is also FIPS-140 compliant, so that NFS with
     Kerberos may now be used on systems with fips enabled.

  In addition to these, NFSD is now able to handle crossing into an
  auto-mounted mount point on an exported NFS mount. A number of fixes
  have been made to NFSD's server-side copy implementation.

  RPC metrics have been converted to per-CPU variables. This helps
  reduce unnecessary cross-CPU and cross-node memory bus traffic, and
  significantly reduces noise when KCSAN is enabled"

* tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (121 commits)
  NFSD: Clean up nfsd_symlink()
  NFSD: copy the whole verifier in nfsd_copy_write_verifier
  nfsd: don't fsync nfsd_files on last close
  SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes
  nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
  NFSD: fix problems with cleanup on errors in nfsd4_copy
  nfsd: fix race to check ls_layouts
  nfsd: don't hand out delegation on setuid files being opened for write
  SUNRPC: Remove ->xpo_secure_port()
  SUNRPC: Clean up the svc_xprt_flags() macro
  nfsd: remove fs/nfsd/fault_inject.c
  NFSD: fix leaked reference count of nfsd4_ssc_umount_item
  nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
  nfsd: zero out pointers after putting nfsd_files on COPY setup error
  SUNRPC: Fix whitespace damage in svcauth_unix.c
  nfsd: eliminate __nfs4_get_fd
  nfsd: add some kerneldoc comments for stateid preprocessing functions
  nfsd: eliminate find_deleg_file_locked
  nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS
  SUNRPC: Add encryption self-tests
  ...
2023-02-22 14:21:40 -08:00
..
acl.h NFSD: add posix ACLs to struct nfsd_attrs 2022-08-04 10:28:03 -04:00
auth.c nfsd: auth: Fix gid sorting when rootsquash enabled 2018-01-22 20:13:07 -08:00
auth.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
blocklayout.c nfsd: move nfserrno() to vfs.c 2022-11-28 12:54:44 -05:00
blocklayoutxdr.c nfsd: move nfserrno() to vfs.c 2022-11-28 12:54:44 -05:00
blocklayoutxdr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cache.h nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops 2022-09-26 14:02:50 -04:00
current_stateid.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
export.c fs: add is_idmapped_mnt() helper 2021-12-03 18:44:06 +01:00
export.h nfsd: move nfserrno() to vfs.c 2022-11-28 12:54:44 -05:00
filecache.c nfsd: don't fsync nfsd_files on last close 2023-02-20 09:20:59 -05:00
filecache.h nfsd: fix handling of cached open files in nfsd4_open codepath 2023-01-06 13:17:06 -05:00
flexfilelayout.c nfsd: move nfserrno() to vfs.c 2022-11-28 12:54:44 -05:00
flexfilelayoutxdr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
flexfilelayoutxdr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
idmap.h nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
Kconfig nfsd: allow disabling NFSv2 at compile time 2022-11-28 12:54:45 -05:00
lockd.c NFSD: simplify struct nfsfh 2021-10-02 15:51:10 -04:00
Makefile nfsd: allow disabling NFSv2 at compile time 2022-11-28 12:54:45 -05:00
netns.h File locking changes for v6.3 2023-02-20 11:10:38 -08:00
nfs2acl.c NFSD 6.3 Release Notes 2023-02-22 14:21:40 -08:00
nfs3acl.c NFSD 6.3 Release Notes 2023-02-22 14:21:40 -08:00
nfs3proc.c NFSD 6.3 Release Notes 2023-02-22 14:21:40 -08:00
nfs3xdr.c NFSD: Clean up WRITE arg decoders 2022-09-26 14:02:47 -04:00
nfs4acl.c fs: rename current get acl method 2022-10-20 10:13:27 +02:00
nfs4callback.c nfsd-6.2 supplement: 2022-12-19 09:10:33 -06:00
nfs4idmap.c nfsd: move nfserrno() to vfs.c 2022-11-28 12:54:44 -05:00
nfs4layouts.c nfsd: fix race to check ls_layouts 2023-02-20 09:20:56 -05:00
nfs4proc.c NFSD: fix problems with cleanup on errors in nfsd4_copy 2023-02-20 09:20:57 -05:00
nfs4recover.c fs: port vfs_*() helpers to struct mnt_idmap 2023-01-18 17:51:45 +01:00
nfs4state.c NFSD 6.3 Release Notes 2023-02-22 14:21:40 -08:00
nfs4xdr.c nfsd: use the getattr operation to fetch i_version 2023-01-26 07:00:06 -05:00
nfscache.c SUNRPC: Refactor RPC server dispatch method 2023-02-20 09:20:31 -05:00
nfsctl.c NFSD: Clean up nfsd_symlink() 2023-02-20 09:20:59 -05:00
nfsd.h SUNRPC: Refactor RPC server dispatch method 2023-02-20 09:20:31 -05:00
nfsfh.c fs.idmapped.v6.3 2023-02-20 11:53:11 -08:00
nfsfh.h nfsd: move nfsd4_change_attribute to nfsfh.c 2023-01-26 07:00:06 -05:00
nfsproc.c NFSD 6.3 Release Notes 2023-02-22 14:21:40 -08:00
nfssvc.c NFSD: copy the whole verifier in nfsd_copy_write_verifier 2023-02-20 09:20:59 -05:00
nfsxdr.c NFSD: Clean up WRITE arg decoders 2022-09-26 14:02:47 -04:00
pnfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
state.h nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS 2023-02-20 09:20:51 -05:00
stats.c nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops 2022-09-26 14:02:49 -04:00
stats.h nfsd: make nfsd_stats.th_cnt atomic_t 2021-12-13 13:42:51 -05:00
trace.c NFSD: Add SPDX header for fs/nfsd/trace.c 2020-11-30 13:00:24 -05:00
trace.h nfsd: don't fsync nfsd_files on last close 2023-02-20 09:20:59 -05:00
vfs.c NFSD 6.3 Release Notes 2023-02-22 14:21:40 -08:00
vfs.h nfsd: use the getattr operation to fetch i_version 2023-01-26 07:00:06 -05:00
xdr3.h SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
xdr4.h NFSD: enhance inter-server copy cleanup 2023-02-20 09:20:21 -05:00
xdr4cb.h NFSD: add support for sending CB_RECALL_ANY 2022-12-10 11:01:12 -05:00
xdr.h NFSD: prevent underflow in nfssvc_decode_writeargs() 2022-03-15 09:35:56 -04:00