Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1588330ybh; Thu, 23 Jul 2020 12:42:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxLOCj8EyMLw4T/hyoGFWbvvJ/167aRtTxeRTDnQJe/NneNs7kUN8u4ufcXVHX65a5tsQLW X-Received: by 2002:a17:906:178b:: with SMTP id t11mr5679304eje.489.1595533323129; Thu, 23 Jul 2020 12:42:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595533323; cv=none; d=google.com; s=arc-20160816; b=H/MDyOPMIh4V5D2RCG2f9QP421EGlhwpepxpFN+EhCadYQA/vqCcUv/ffA0aME585l LWCu4SWJ5pH94FBQrCzNO7QijX5tZqWOBc9amMBXy5C9PM108EFM6TJB6tUR/xtunWn4 LL0cIoyrPXZ28u+jd5d8OBlr9KICaDNcrbcsdbYyfVjoLmv0Cd25+FB9lBWamxYX8QH/ nSX/ESPgOUIR8XqRBT+qlkPktByuIcz6RuUOAekn4RjLcv9hJuusOz4IhpYRSeLzXu8L UZ6nnP6hiTdJl3F1dtZD/0bti8OGo1XTqvdBd1jI1tyQRKIPl4E/j/2lCU1caISb0REk pe5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-filter; bh=1rK+pDS4+s/gBIr9qdDY4f5qfOg2+PYW5GSV9ryoroY=; b=mfKOwXUs4Ph11yM5BuyuEPqNnnee/M+afMvef60SKpNWPOvUJYUwz+O6FBk0dpRNvq BHyXqPMQd4CdnEOhxiH8+54VjKjmZHC5x5Epo6VPJPMLbqFygWNfm8SQrgXTAvQ2FCF8 Eu17Hro5P04lOvnuVhp6l+LpcUXIxjDW2XQQo4eNgLDtui531Dz8rYOvQjEub1BHK/FW W3jDgc7NCgj6BStRuP/6gcPjkPKpl+PcwZNfaaNQW2a8I2QEqJJ5tFSnwm78r/jWCr+p crGnvur5uGNh4vB4Q1hTrVC9Qj784PAnuri1+sKZ5HhvkqisQFxlKU4Q1qF47pCj/Oj2 MWEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=j9lFFqkW; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b18si2497073ejz.319.2020.07.23.12.41.29; Thu, 23 Jul 2020 12:42:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=j9lFFqkW; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726686AbgGWTiN (ORCPT + 99 others); Thu, 23 Jul 2020 15:38:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40828 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725894AbgGWTiM (ORCPT ); Thu, 23 Jul 2020 15:38:12 -0400 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD701C0619DC for ; Thu, 23 Jul 2020 12:38:12 -0700 (PDT) Received: by fieldses.org (Postfix, from userid 2815) id 80570680F; Thu, 23 Jul 2020 15:38:11 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 80570680F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1595533091; bh=1rK+pDS4+s/gBIr9qdDY4f5qfOg2+PYW5GSV9ryoroY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=j9lFFqkWH4IehVxltDrMDdw1NbmPyeCXyUWbLlLFOXtfhPTg10sD6qPVqK8nuZkdK lGDyMDAM9QQUEiRAezbEe42bRoeEW2PoO+ZYF16OJd066XUYFAVTnpE8oCzyYfgZDa CiNnmmVN+NNrcD8VNj5mtCfLIaFHy5BtmqxjW0NQ= Date: Thu, 23 Jul 2020 15:38:11 -0400 From: Bruce Fields To: Chuck Lever Cc: Linux NFS Mailing List Subject: Re: fix_priv_head Message-ID: <20200723193811.GG31487@fieldses.org> References: <3799C9E0-DFF3-450C-A815-14BAFAC97EA8@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3799C9E0-DFF3-450C-A815-14BAFAC97EA8@oracle.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Thu, Jul 23, 2020 at 01:46:19PM -0400, Chuck Lever wrote: > Hi Bruce- > > I'm trying to figure out if fix_priv_head is still necessary. This > was introduced by 7c9fdcfb1b64 ("[PATCH] knfsd: svcrpc: gss: > server-side implementation of rpcsec_gss privacy"). > > static void > fix_priv_head(struct xdr_buf *buf, int pad) > { > if (buf->page_len == 0) { > /* We need to adjust head and buf->len in tandem in this > * case to make svc_defer() work--it finds the original > * buffer start using buf->len - buf->head[0].iov_len. */ > buf->head[0].iov_len -= pad; > } > } > > It doesn't seem like unwrapping can ever result in a buffer length that > is not quad-aligned. Is that simply a characteristic of modern enctypes? This code is beofre any unwrapping. We're looking at the length of the encrypted (wrapped) object here, not the unwrapped buffer. When using privacy, the body of an rpcsec_gss request is a single opaque object consisting of the wrapped data. So the question is whether there's any case where the length of that object can be less than the length remaining in the received buffer. I think the only reason for bytes at the end is, yes, that that opaque object is not a multiple of 4 and so rpc requires padding at the end. I think that might be possible with encryption types that use cipher text stealing, but I'm not certain. --b.