Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp1019993rdg;
        Fri, 11 Aug 2023 07:23:50 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IF4o7L5+APpZ9oobgR1QkjOhmiAqwBXxiyZd5yoCWH/vb7PcfRFxfy3J+248NRqLtF13lmq
X-Received: by 2002:aa7:c30f:0:b0:523:35df:af89 with SMTP id l15-20020aa7c30f000000b0052335dfaf89mr1681754edq.15.1691763830278;
        Fri, 11 Aug 2023 07:23:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691763830; cv=none;
        d=google.com; s=arc-20160816;
        b=uawRVYep55f5PE3WHyncBoqyg2UvBNL+gPJlfg6tG4qVmfGvTWAM0g7eZV3pyr1VN/
         dfYXhreAJz5Q5J5sEzJz5x+i+ggPAZ/CTPLGq3zZeb70wGhXG7ImYXcZFSqgqheXDYeP
         krFdHVAEABYtlQiahfWeiCzCmzQYaZ5tgdKbeGw828Abuh8sEbUEZQBM9dd3MrG5Vb/m
         wJ2DD5fxiE6nwepG6lteceZPE80SC1QS2e18PRWXJISQmxV6c9ij/FhA4LQiJT5lR/SG
         MR4LZESJ0HXNAd3fapwZ1DfsLnS6MJet0qvyFjKia9bhyH7HrSW/lFWmXOckjT/yrTvT
         MeEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent
         :content-transfer-encoding:date:cc:to:from:subject:message-id
         :dkim-signature;
        bh=kPAYaE57BPG/wy7UGVRLHIdeR8n8zB6JKRkrl7hu3yk=;
        fh=FeeAISuX2+aOs7PKHcynwAeTsIeJTF3193EA2frCbyM=;
        b=KtGICYsmcTaCnNRGFqqOngTXFk6itg9xwbWRgpebkEoty6wCXnpBiM2rEg+dyTYMlo
         lrsvmxkbbD1KMZdDINLXeVuf0JLDoCTNjEZUVxUhxi8DJEp0/ilwr4GWL1516zZi1Iwv
         HeNgFJv7b8ebrYnJG367NTKebbMG1qwRaOSGfTc8yhNdTkhg5BxOpXT5w2HvMd9fs404
         IU8Q4Ebrt3DMVbsVYZeG+ZHQFCO/Uu6qtuj+kYQTGZrEm82VbxO+o6kA9A0Dlu6TVVRX
         oicEh//ncatU4P/n0PRZ20N1Pi68zwD6cRpyINaA86JutuK7bl7S3q4UXoQAkCRPIpSC
         J8vA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cjOrcsxx;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z6-20020aa7cf86000000b0052275937198si3357722edx.628.2023.08.11.07.23.25;
        Fri, 11 Aug 2023 07:23:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cjOrcsxx;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230189AbjHKOGz (ORCPT <rfc822;amachhiwlinux@gmail.com>
        + 99 others); Fri, 11 Aug 2023 10:06:55 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49032 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230185AbjHKOGy (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Fri, 11 Aug 2023 10:06:54 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48A7EEA
        for <linux-nfs@vger.kernel.org>; Fri, 11 Aug 2023 07:06:54 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id CCBE760F4B
        for <linux-nfs@vger.kernel.org>; Fri, 11 Aug 2023 14:06:53 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 98D28C433C7;
        Fri, 11 Aug 2023 14:06:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1691762813;
        bh=rjoXSWhr5PpJOP959RUInL/N6dBmCddnze2P4T8fb78=;
        h=Subject:From:To:Cc:Date:From;
        b=cjOrcsxx1cxd2CBPpRPo/F/rvVWycrgvuTIukZAT+I9x9lzrtt8E3n9BdtFQQwaWS
         vkgWV0lHPFSkSXACKIq8VuC4DwGCrzjEbuj5/6VQ9YwkyBRiSXBnXxR8JOWYtVtcki
         EqBcJCL/oosaoZDdU9ELyyzl7jTrfXIAMfDHGM9bkHgnGnPd/FdWxNxfSxRripPsrS
         pNrwrPvCWbdr6aA5MgjG1JWheCrTHK4oHtr8iuiWOrslgRVWg7NDqXRoHiLbJCZrJL
         1qaAtU6xAU6ETgg+G4hsMliN/J+qf0QsCAaXjqH55JiZd5TprkXHbkXzaJHVh0NYxY
         AEN4QpG3Cp8Uw==
Message-ID: <b1ae55f1c835ea6b30089a9377ae67c40d43a0fc.camel@kernel.org>
Subject: turning on s2s copy by default in knfsd
From:   Jeff Layton <jlayton@kernel.org>
To:     Chuck Lever <chuck.lever@oracle.com>, Dai Ngo <dai.ngo@oracle.com>,
        Dave Wysochanski <dwysocha@redhat.com>,
        Steve Dickson <steved@redhat.com>,
        Olga Kornieskaia <kolga@netapp.com>
Cc:     linux-nfs <linux-nfs@vger.kernel.org>
Date:   Fri, 11 Aug 2023 10:06:51 -0400
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.48.4 (3.48.4-1.fc38) 
MIME-Version: 1.0
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

Chuck and I were chatting yesterday about what it will take to make the
inter_copy_offload_enable module option on by default, and I'd like to
start working toward that end.

I think what we want to aim for is to eventually deprecate the module
option and have this "just work" when the conditions are right.

It looks like main obstacle is this (from RFC7862 section 4.9):

   NFSv4 clients and servers supporting the inter-server COPY operations
   described in this section are REQUIRED to implement the mechanism
   described in Section 4.9.1.1 and to support rejecting COPY_NOTIFY
   requests that do not use the RPC security protocol (RPCSEC_GSS)
   [RFC7861] with privacy.  If the server-to-server copy protocol is
   based on ONC RPC, the servers are also REQUIRED to implement
   [RFC7861], including the RPCSEC_GSSv3 "copy_to_auth",
   "copy_from_auth", and "copy_confirm_auth" structured privileges.
   This requirement to implement is not a requirement to use; for
   example, a server may, depending on configuration, also allow
   COPY_NOTIFY requests that use only AUTH_SYS.

   If a server requires the use of an RPCSEC_GSSv3 copy_to_auth,
   copy_from_auth, or copy_confirm_auth privilege and it is not used,
   the server will reject the request with NFS4ERR_PARTNER_NO_AUTH.

We don't (yet) have GSSv3 support, so we'd need to implement that in
order to make this work right with krb5. Has anyone started looking at
GSSv3?

Incidentally, has anyone tried doing this with sec=3Dkrb5 in the current
code? Does it actually work? I don't see any place where we return
nfserr_partner_no_auth, so I wonder if we need to fix up the s2s COPY
authentication and error handling?

Another question: The v4.2 spec was written before the RPC over TLS
spec. Should we aim to allow this to work by default if the client and
both servers are using xprtsec=3Dmtls and are secured by the same CA?

1/ the client and servers are all using GSSv3 with krb5p (or some other
encryption)

...or...

2/ the client and servers are all using mtls with certificates signed by
the same CA


...I expect we'll probably be able to accomodate #2 before #1.

Beyond that, we could allow for module or export option that still
allows s2s copy to work and relaxes the above restrictions (to allow
people to use it over plaintext with AUTH_SYS on "secure" networks).

Anything I've overlooked here, or other thoughts?

Cheers,
--=20
Jeff Layton <jlayton@kernel.org>