linux/net/sunrpc
Chuck Lever 4d712ef1db svcauth_gss: Close connection when dropping an incoming message
S5.3.3.1 of RFC 2203 requires that an incoming GSS-wrapped message
whose sequence number lies outside the current window is dropped.
The rationale is:

  The reason for discarding requests silently is that the server
  is unable to determine if the duplicate or out of range request
  was due to a sequencing problem in the client, network, or the
  operating system, or due to some quirk in routing, or a replay
  attack by an intruder.  Discarding the request allows the client
  to recover after timing out, if indeed the duplication was
  unintentional or well intended.

However, clients may rely on the server dropping the connection to
indicate that a retransmit is needed. Without a connection reset, a
client can wait forever without retransmitting, and the workload
just stops dead. I've reproduced this behavior by running xfstests
generic/323 on an NFSv4.0 mount with proto=rdma and sec=krb5i.

To address this issue, have the server close the connection when it
silently discards an incoming message due to a GSS sequence number
problem.

There are a few other places where the server will never reply.
Change those spots in a similar fashion.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-11-30 17:31:11 -05:00
..
auth_gss svcauth_gss: Close connection when dropping an incoming message 2016-11-30 17:31:11 -05:00
xprtrdma svcrdma: Clear xpt_bc_xps in xprt_setup_rdma_bc() error exit arm 2016-11-30 17:31:11 -05:00
addr.c
auth_generic.c NFS client updates for Linux 4.9 2016-10-13 21:28:20 -07:00
auth_null.c sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags 2016-07-19 16:23:24 -04:00
auth_unix.c NFS client updates for Linux 4.9 2016-10-13 21:28:20 -07:00
auth.c sunrpc: replace generic auth_cred hash with auth-specific function 2016-09-30 15:47:47 -04:00
backchannel_rqst.c SUNRPC: Refactor rpc_xdr_buf_init() 2016-09-19 13:08:37 -04:00
cache.c sunrpc: queue work on system_power_efficient_wq 2016-09-27 14:35:36 -04:00
clnt.c SUNRPC: Separate buffer pointers for RPC Call and Reply messages 2016-09-19 13:08:37 -04:00
debugfs.c SUNRPC: Address kbuild warning in net/sunrpc/debugfs.c 2015-06-11 14:01:06 -04:00
Kconfig rpcrdma: Merge svcrdma and xprtrdma modules into one 2015-06-04 16:56:02 -04:00
Makefile SUNRPC: Add a structure to track multiple transports 2016-02-05 18:48:54 -05:00
netns.h
rpc_pipe.c fs: Replace CURRENT_TIME with current_time() for inode timestamps 2016-09-27 21:06:21 -04:00
rpcb_clnt.c SUNRPC: Use the multipath iterator to assign a transport to each task 2016-02-05 18:48:55 -05:00
sched.c SUNRPC: Separate buffer pointers for RPC Call and Reply messages 2016-09-19 13:08:37 -04:00
socklib.c sunrpc: do not pull udp headers on receive 2016-04-11 15:31:33 -04:00
stats.c sunrpc: add rpc_count_iostats_idx 2015-02-03 11:06:38 -08:00
sunrpc_syms.c sunrpc: make debugfs file creation failure non-fatal 2015-04-23 14:42:27 -04:00
sunrpc.h
svc_xprt.c SUNRPC: Remove unused callback xpo_adjust_wspace() 2016-07-13 15:53:50 -04:00
svc.c svcauth_gss: Close connection when dropping an incoming message 2016-11-30 17:31:11 -05:00
svcauth_unix.c cred: simpler, 1D supplementary groups 2016-10-07 18:46:30 -07:00
svcauth.c svcrpc: move some initialization to common code 2015-11-24 10:39:16 -07:00
svcsock.c SUNRPC: Detect immediate closure of accepted sockets 2016-08-01 17:53:42 -04:00
sysctl.c Sunrpc: Supports hexadecimal number for sysctl files of sunrpc debug 2015-11-03 15:56:49 -05:00
timer.c
xdr.c SUNRPC: Fix setting of buffer length in xdr_set_next_buffer() 2016-09-22 17:17:47 -04:00
xprt.c SUNRPC: Generalize the RPC buffer release API 2016-09-19 13:08:37 -04:00
xprtmultipath.c SUNRPC search xprt switch for sockaddr 2016-09-19 13:08:36 -04:00
xprtsock.c sunrpc: fix some missing rq_rbuffer assignments 2016-10-28 16:57:33 -04:00