diff options
author | J. Bruce Fields <bfields@redhat.com> | 2017-10-17 20:38:49 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2017-11-07 16:43:57 -0500 |
commit | 53da6a53e1d414e05759fa59b7032ee08f4e22d7 (patch) | |
tree | 807444a8d846c3f14fc988d7d73b9982ef8bb337 /fs/nfsd/state.h | |
parent | 085def3ade52f2ffe3e31f42e98c27dcc222dd37 (diff) | |
download | talos-op-linux-53da6a53e1d414e05759fa59b7032ee08f4e22d7.tar.gz talos-op-linux-53da6a53e1d414e05759fa59b7032ee08f4e22d7.zip |
nfsd4: catch some false session retries
The spec allows us to return NFS4ERR_SEQ_FALSE_RETRY if we notice that
the client is making a call that matches a previous (slot, seqid) pair
but that *isn't* actually a replay, because some detail of the call
doesn't actually match the previous one.
Catching every such case is difficult, but we may as well catch a few
easy ones. This also handles the case described in the previous patch,
in a different way.
The spec does however require us to catch the case where the difference
is in the rpc credentials. This prevents somebody from snooping another
user's replies by fabricating retries.
(But the practical value of the attack is limited by the fact that the
replies with the most sensitive data are READ replies, which are not
normally cached.)
Tested-by: Olga Kornievskaia <aglo@umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/state.h')
-rw-r--r-- | fs/nfsd/state.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index 2488b7df1b35..86aa92d200e1 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -169,6 +169,7 @@ static inline struct nfs4_delegation *delegstateid(struct nfs4_stid *s) struct nfsd4_slot { u32 sl_seqid; __be32 sl_status; + struct svc_cred sl_cred; u32 sl_datalen; u16 sl_opcnt; #define NFSD4_SLOT_INUSE (1 << 0) |