1. 15 Feb, 2013 7 commits
  2. 11 Feb, 2013 1 commit
  3. 08 Feb, 2013 2 commits
    • Jeff Layton's avatar
      nfsd: keep a checksum of the first 256 bytes of request · 01a7decf
      Jeff Layton authored
      Now that we're allowing more DRC entries, it becomes a lot easier to hit
      problems with XID collisions. In order to mitigate those, calculate a
      checksum of up to the first 256 bytes of each request coming in and store
      that in the cache entry, along with the total length of the request.
      
      This initially used crc32, but Chuck Lever and Jim Rees pointed out that
      crc32 is probably more heavyweight than we really need for generating
      these checksums, and recommended looking at using the same routines that
      are used to generate checksums for IP packets.
      
      On an x86_64 KVM guest measurements with ftrace showed ~800ns to use
      csum_partial vs ~1750ns for crc32.  The difference probably isn't
      terribly significant, but for now we may as well use csum_partial.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Stones-thrown-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      01a7decf
    • Jeff Layton's avatar
      sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer · 4c190e2f
      Jeff Layton authored
      When GSSAPI integrity signatures are in use, or when we're using GSSAPI
      privacy with the v2 token format, there is a trailing checksum on the
      xdr_buf that is returned.
      
      It's checked during the authentication stage, and afterward nothing
      cares about it. Ordinarily, it's not a problem since the XDR code
      generally ignores it, but it will be when we try to compute a checksum
      over the buffer to help prevent XID collisions in the duplicate reply
      cache.
      
      Fix the code to trim off the checksums after verifying them. Note that
      in unwrap_integ_data, we must avoid trying to reverify the checksum if
      the request was deferred since it will no longer be present when it's
      revisited.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      4c190e2f
  4. 05 Feb, 2013 5 commits
  5. 04 Feb, 2013 16 commits
  6. 29 Jan, 2013 1 commit
  7. 23 Jan, 2013 8 commits