Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <76588a2d-9f53-6347-48b3-5fd45a69cf99@talpey.com>
Date:   Mon, 11 Jul 2022 17:14:07 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.0.1
Subject: Re: NFSv4.1/4.2 server returns same sessionid after
 DestroySession/CreateSession
To:     Rick Macklem <rmacklem@uoguelph.ca>,
        Chuck Lever III <chuck.lever@oracle.com>
Cc:     Linux NFS Mailing List <linux-nfs@vger.kernel.org>
References: <YQBPR0101MB97421B80206B30FC32170C25DD849@YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM>
 <DCE64EDD-FCE4-4C21-8B00-7833D5EB4EB2@oracle.com>
 <89044942-DAFE-4E9B-BC70-A8D2C847A422@oracle.com>
 <24C858F4-5334-4417-BFA5-4D580274F47E@oracle.com>
 <YQBPR0101MB9742865EA5C7945107B76A8DDD879@YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM>
Content-Language: en-US
From:   Tom Talpey <tom@talpey.com>
In-Reply-To: <YQBPR0101MB9742865EA5C7945107B76A8DDD879@YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZWVqQkpKNkt4KzVscWRkV0RWdU85ejlqdlNjMkVTYWRPY0VLaXcwdmRsS0wy?=
 =?utf-8?B?UjBIWkZwSEZYZDgrakx6V2sxSWUzSkltOGxGZ3VDOXhaWHoybHg3QXlCZTNG?=
 =?utf-8?B?OVpETjZ2VnJVL0RRWnBHLzZpbVl1aUQxaGtJRzJwV0JJdjdvaUlwYUUvbmlZ?=
 =?utf-8?B?WjRMSHE1WHRpMHpoZE5OMWxxYTlkZmhMNlRpL2daaCtTWVg3b21jKytGOE9l?=
 =?utf-8?B?enV6K21Vb3RHR2xUT2MxNm5SRktJc0NsRTB1S1NQY1BMYi9hVzRWdzBjMlBS?=
 =?utf-8?B?b1IwdTdXU2RQTU03WlQrNFBDY2hCZVlRWU93cUVuVWlUaWl1WDhMbFVEWlBy?=
 =?utf-8?B?ZVIzeWFUSHpQR2RBWGdWNlg2NDkrbU1HL3lTa2tjMjUwV1V4bUpuQ2dnYmxH?=
 =?utf-8?B?am02cHJWcERpVXB2RFhFRFd5SzZGSWMvZm9tbDZ4bEV5YlFyMi9KNWRtZUpS?=
 =?utf-8?B?d0Z5c3p2WVNVbFpHcE5BM0FQVFBZelBrS3pzTWg2T3FTRnVMOWJScVBrYi81?=
 =?utf-8?B?WXpKazRWSS9jM1BoSmlwRTVqbGJVK3BuNVFlZDI5aGdVMVZDcEFDVlFIUWNm?=
 =?utf-8?B?WjZSTVdicVdSUzY5ejh5QWdJWis5K0d0MTRLeEd6Ly9Hd0pIVUo4VVlieWRW?=
 =?utf-8?B?YVU5VWwwUzBzbmxpcTZKK2pKcTIrWDJOeXNFc2RNUDZ5TyttbGdDM3hCaTh6?=
 =?utf-8?B?bnFabjFpUzBzaXNMalFrM3FyQllSZmVTSXZnMkhnS1JHWjk0VnkreEQ5QkN6?=
 =?utf-8?B?WnRyQ0lhU1kvYXNGNk11UWg3Y3VOQ21oYjNwYjRvUmxhTkQxWkxzU3VBM3lE?=
 =?utf-8?B?Z0VZU2dqQWxjUE9qL2doWEVMNnNXOEd1VUs4ZVFDRnRvYldScllzT1pFd3lS?=
 =?utf-8?B?MnpsbU51UUsrUEpSN0tDQ2tucGZiRHNEbmZnR1Bhb0VFZ3QvVFd6ZWFqL0hh?=
 =?utf-8?B?UXJjSzhkWSswZ2xtMGl0bll6dnJpQTBxZUttMmhPcjJJbCs2YU1nTEVOajVX?=
 =?utf-8?B?OWhjdVpzNzFNckRuUzBoYmdVY1Q5TzYzTEY5b1VQS2NaMVVKeFNqSUdETWlD?=
 =?utf-8?B?Tmk2RWF1ZzA5K0l0Rkd5R0pMa25mZklWQ1paSmhJOHpENGVCUVFvZHBUUFVi?=
 =?utf-8?B?b1JMdzczK2crRUhjNFVNUmt0aUlrcWlyN1VRWUp5SVU1SjNhQmM3MnNoTEVL?=
 =?utf-8?B?VENpc21ZS3VDVWdTeDlMdUVBL2xLRThCdTVNZytNdlduSUZFSUdJb0ZpYVUz?=
 =?utf-8?B?citpZ0ZPdm42ZXd4aHE4WmZHRWJhZmpvcmxTTnhpSnhUYUpNcmttNEdqYTJN?=
 =?utf-8?B?RWJjMzVtSnRqU2ZaUGNabkdJYXJDdHBjbXBtR1FjK2FXbUtFOHU1eittVHBl?=
 =?utf-8?B?ekRTeXI0b2Frc3huSEdZdHNhazdybmNmREJQTk4yeDRtQktib0VGN1BIbTlF?=
 =?utf-8?B?cmlOdy90MU9UWVdhUGtOUnZZcVduMTg1d0h2MGpLb21oU2tnanUyUy9RQTh4?=
 =?utf-8?B?VEUzSEdxdUI2Qm1uc29xbjhJRHhoanNtUnJlZzlwL0l0M29TcC91M0dzVkZa?=
 =?utf-8?B?OEg1dmFBUHQyUDBDcnpzb1NieDlZZzh1M3Y1Ukd3R25sTkFvYVgrT3VNbVFi?=
 =?utf-8?B?ZS9hNFNiSDFsd1dEZkhGYm9SSkJJbEJncDRXUlpuOWcyQnFIU0tTVm95RTdG?=
 =?utf-8?B?T1ZGQnc1T2ViWDhoUS9zcXZ4cm9WUGR3QmtpMm9DTEoyNFU4aWlQbEcwaGlm?=
 =?utf-8?B?RURmYW5qTlV2ajBUYkJEL3p5QyttSnk3aHZNbkR0N3BLdE84ZVh4aE92QVhq?=
 =?utf-8?B?NE9CN2JJTXJpSnMvS0grSE5MQzduVEdVd25OUVd6b1RCVURqUys0bWlGdDFX?=
 =?utf-8?B?d2VKQS9pTHNLbmdKTFovV0Z0QmRTZlpSck1iOG5yaEg4ZkpROFBmSUdvTHNh?=
 =?utf-8?B?MURlb3Q2VzhDbUM1MHNxOFlxZUpmYnUzY2Izc05KMmpmV25XV1ZJL1dlVllW?=
 =?utf-8?B?UThwckZDbEZrclgzMTIyWTkxN04vRTFwOE5UODRCUWFlblhpWWlWOENXWGRP?=
 =?utf-8?B?Qjh6bFZURHNQdEhLWUJtUmpFQmRCbFZrZEZKbHptL29PQ05TdGM5SWl6MmpN?=
 =?utf-8?Q?rtJY=3D?=
X-OriginatorOrg: talpey.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec8a8515-275b-446e-e6e7-08da63824b84
X-MS-Exchange-CrossTenant-AuthSource: SN6PR01MB4445.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jul 2022 21:14:09.1964
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 2b2dcae7-2555-4add-bc80-48756da031d5
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: y6iAaa/MhuHs3fyDy9KLj0c0QdhBtPwZ7PiT2SAzhtDe1SKFt3Cg93RM8tyY/EdN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR01MB3941
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

On 7/11/2022 4:43 PM, Rick Macklem wrote:
>>>> CREATE_SESSION has a built-in reply cache to thwart replay attacks.
>>>> It can legitimately return the same sessionid as a previous request.
>>>> Granted, DESTROY_SESSION is supposed to wipe that reply cache...
> Well, I just re-read the RFC and I don't see anything that says DestroySession
> affects the CreateSession reply cache.

It actually does, but I think it's problematic:


18.37.3.  DESCRIPTION

    The DESTROY_SESSION operation closes the session and discards the
    session's reply cache, if any.  Any remaining connections associated
    with the session are immediately disassociated.  If the connection
    has no remaining associated sessions, the connection MAY be closed by
    the server.  Locks, delegations, layouts, wants, and the lease, which
    are all tied to the client ID, are not affected by DESTROY_SESSION.

What about the reply to DESTROY_SESSION itself? I guess the idea is
that if the client misses the reply and reconnects/retransmits, it
gets NFSERR_BAD_SESSION and figures it out. Maybe not worth taking
to IETF, since you found the root cause!

Tom.