git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	J. Bruce Fields <bfields@redhat.com>
	Wed, 18 Oct 2017 00:38:49 +0000 (20:38 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 15 Feb 2019 07:07:39 +0000 (08:07 +0100)
commit	877362fd15f050a0ca063e5759acafd69b6bdb66
tree	0be2d972886d0b9accd4816e821217740a156b94	tree \| snapshot
parent	f92c45b79824435ef7e2884222122a90908f2374	commit \| diff

nfsd4: catch some false session retries

commit 53da6a53e1d414e05759fa59b7032ee08f4e22d7 upstream.

The spec allows us to return NFS4ERR_SEQ_FALSE_RETRY if we notice that
the client is making a call that matches a previous (slot, seqid) pair
but that *isn't* actually a replay, because some detail of the call
doesn't actually match the previous one.

Catching every such case is difficult, but we may as well catch a few
easy ones. This also handles the case described in the previous patch,
in a different way.

The spec does however require us to catch the case where the difference
is in the rpc credentials. This prevents somebody from snooping another
user's replies by fabricating retries.

(But the practical value of the attack is limited by the fact that the
replies with the most sensitive data are READ replies, which are not
normally cached.)

Tested-by: Olga Kornievskaia <aglo@umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Cc: Salvatore Bonaccorso <carnil@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/nfsd/nfs4state.c		diff \| blob \| blame \| history
fs/nfsd/state.h		diff \| blob \| blame \| history