git.ipfire.org Git - people/arne

author	J. Bruce Fields <bfields@redhat.com>
	Wed, 18 Oct 2017 00:38:49 +0000 (20:38 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 12 Feb 2019 18:46:14 +0000 (19:46 +0100)
commit	ff371bc83b1cfa868bebdd7a4164a26d47e7c023
tree	5cfaef601050098513f352cd8b715ddbf7e15fae	tree \| snapshot
parent	e74cfcb89e8f306da93230c373e4a667d670538c	commit \| diff

nfsd4: catch some false session retries

commit 53da6a53e1d414e05759fa59b7032ee08f4e22d7 upstream.

The spec allows us to return NFS4ERR_SEQ_FALSE_RETRY if we notice that
the client is making a call that matches a previous (slot, seqid) pair
but that *isn't* actually a replay, because some detail of the call
doesn't actually match the previous one.

Catching every such case is difficult, but we may as well catch a few
easy ones. This also handles the case described in the previous patch,
in a different way.

The spec does however require us to catch the case where the difference
is in the rpc credentials. This prevents somebody from snooping another
user's replies by fabricating retries.

(But the practical value of the attack is limited by the fact that the
replies with the most sensitive data are READ replies, which are not
normally cached.)

Tested-by: Olga Kornievskaia <aglo@umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Donald Buczek <buczek@molgen.mpg.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/nfsd/nfs4state.c		diff \| blob \| blame \| history
fs/nfsd/state.h		diff \| blob \| blame \| history