From: Chuck Lever <chuck.lever@oracle.com>
To: linux-nfs@vger.kernel.org
Cc: trondmy@hammerspace.com
Subject: [PATCH v2 00/15] RPC-with-TLS client side
Date: Mon, 06 Jun 2022 10:50:28 -0400 [thread overview]
Message-ID: <165452664596.1496.16204212908726904739.stgit@oracle-102.nfsv4.dev> (raw)
Now that the initial v5.19 merge window has closed, it's time for
another round of review for RPC-with-TLS support in the Linux NFS
client. This is just the RPC-specific portions. The full series is
available in the "topic-rpc-with-tls-upcall" branch here:
https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git
I've taken two or three steps towards implementing the architecture
Trond requested during the last review. There is now a two-stage
connection establishment process so that the upper level can use
XPRT_CONNECTED to determine when a TLS session is ready to use.
There are probably additional changes and simplifications that can
be made. Please review and provide feedback.
I wanted to make more progress on client-side authentication (ie,
passing an x.509 cert from the client to the server) but NFSD bugs
have taken all my time for the past few weeks.
Changes since v1:
- Rebased on v5.18
- Re-ordered so generic fixes come first
- Addressed some of Trond's review comments
---
Chuck Lever (15):
SUNRPC: Fail faster on bad verifier
SUNRPC: Widen rpc_task::tk_flags
SUNRPC: Replace dprintk() call site in xs_data_ready
NFS: Replace fs_context-related dprintk() call sites with tracepoints
SUNRPC: Plumb an API for setting transport layer security
SUNRPC: Trace the rpc_create_args
SUNRPC: Refactor rpc_call_null_helper()
SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor
SUNRPC: Ignore data_ready callbacks during TLS handshakes
SUNRPC: Capture cmsg metadata on client-side receive
SUNRPC: Add a connect worker function for TLS
SUNRPC: Add RPC-with-TLS support to xprtsock.c
SUNRPC: Add RPC-with-TLS tracepoints
NFS: Have struct nfs_client carry a TLS policy field
NFS: Add an "xprtsec=" NFS mount option
fs/nfs/client.c | 14 ++
fs/nfs/fs_context.c | 65 +++++--
fs/nfs/internal.h | 2 +
fs/nfs/nfs3client.c | 1 +
fs/nfs/nfs4client.c | 16 +-
fs/nfs/nfstrace.h | 77 ++++++++
fs/nfs/super.c | 7 +
include/linux/nfs_fs_sb.h | 5 +-
include/linux/sunrpc/auth.h | 1 +
include/linux/sunrpc/clnt.h | 15 +-
include/linux/sunrpc/sched.h | 32 ++--
include/linux/sunrpc/xprt.h | 2 +
include/linux/sunrpc/xprtsock.h | 4 +
include/net/tls.h | 2 +
include/trace/events/sunrpc.h | 157 ++++++++++++++--
net/sunrpc/Makefile | 2 +-
net/sunrpc/auth.c | 2 +-
net/sunrpc/auth_tls.c | 120 +++++++++++++
net/sunrpc/clnt.c | 34 ++--
net/sunrpc/debugfs.c | 2 +-
net/sunrpc/xprtsock.c | 310 +++++++++++++++++++++++++++++++-
21 files changed, 805 insertions(+), 65 deletions(-)
create mode 100644 net/sunrpc/auth_tls.c
--
Chuck Lever
next reply other threads:[~2022-06-06 14:50 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-06 14:50 Chuck Lever [this message]
2022-06-06 14:50 ` [PATCH v2 01/15] SUNRPC: Fail faster on bad verifier Chuck Lever
2022-07-06 17:12 ` Jeff Layton
2022-06-06 14:50 ` [PATCH v2 02/15] SUNRPC: Widen rpc_task::tk_flags Chuck Lever
2022-07-06 17:14 ` Jeff Layton
2022-06-06 14:50 ` [PATCH v2 03/15] SUNRPC: Replace dprintk() call site in xs_data_ready Chuck Lever
2022-07-06 17:19 ` Jeff Layton
2022-07-06 18:10 ` Chuck Lever III
2022-06-06 14:50 ` [PATCH v2 04/15] NFS: Replace fs_context-related dprintk() call sites with tracepoints Chuck Lever
2022-07-06 18:44 ` Jeff Layton
2022-06-06 14:51 ` [PATCH v2 05/15] SUNRPC: Plumb an API for setting transport layer security Chuck Lever
2022-07-18 19:46 ` Jeff Layton
2022-06-06 14:51 ` [PATCH v2 06/15] SUNRPC: Trace the rpc_create_args Chuck Lever
2022-07-06 18:57 ` Jeff Layton
2022-07-06 19:04 ` Chuck Lever III
2022-06-06 14:51 ` [PATCH v2 07/15] SUNRPC: Refactor rpc_call_null_helper() Chuck Lever
2022-07-18 19:44 ` Jeff Layton
2022-06-06 14:51 ` [PATCH v2 08/15] SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor Chuck Lever
2022-06-06 14:51 ` [PATCH v2 09/15] SUNRPC: Ignore data_ready callbacks during TLS handshakes Chuck Lever
2022-06-06 14:51 ` [PATCH v2 10/15] SUNRPC: Capture cmsg metadata on client-side receive Chuck Lever
2022-07-18 19:53 ` Jeff Layton
2022-07-19 21:43 ` Chuck Lever III
2022-06-06 14:51 ` [PATCH v2 11/15] SUNRPC: Add a connect worker function for TLS Chuck Lever
2022-06-06 14:51 ` [PATCH v2 12/15] SUNRPC: Add RPC-with-TLS support to xprtsock.c Chuck Lever
2022-07-12 17:00 ` Benjamin Coddington
2022-07-18 20:10 ` Jeff Layton
2022-07-19 21:31 ` Chuck Lever III
2022-06-06 14:51 ` [PATCH v2 13/15] SUNRPC: Add RPC-with-TLS tracepoints Chuck Lever
2022-06-06 14:51 ` [PATCH v2 14/15] NFS: Have struct nfs_client carry a TLS policy field Chuck Lever
2022-06-06 14:52 ` [PATCH v2 15/15] NFS: Add an "xprtsec=" NFS mount option Chuck Lever
2022-07-18 20:24 ` Jeff Layton
2022-07-18 20:35 ` Chuck Lever III
2022-07-12 12:36 ` [PATCH v2 00/15] RPC-with-TLS client side Jeff Layton
2022-07-12 13:48 ` Chuck Lever III
2022-07-13 0:51 ` Rick Macklem
2022-07-13 13:22 ` Benjamin Coddington
2022-07-13 13:32 ` Chuck Lever III
2022-07-14 16:24 ` Benjamin Coddington
2022-07-18 20:25 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=165452664596.1496.16204212908726904739.stgit@oracle-102.nfsv4.dev \
--to=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.