NFSv4.1/pnfs: fix NFS with TLS in pnfs (!4149) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Benjamin Coddington requested to merge bcodding/centos-stream-9:RHEL-34576_fixup_pNFS_TLS into main Apr 30, 2024

JIRA: https://issues.redhat.com/browse/RHEL-34576

commit a35518cae4b325632840bc8c3aa9ad9bac430038
Author: Olga Kornievskaia kolga@netapp.com
Date: Tue Feb 20 18:25:34 2024 -0500

NFSv4.1/pnfs: fix NFS with TLS in pnfs

Currently, even though xprtsec=tls is specified and used for operations
to MDS, any operations that go to DS travel over unencrypted connection.
Or additionally, if more than 1 DS can serve the data, then trunked
connections are also done unencrypted.

IN GETDEVINCEINFO, we get an entry for the DS which carries a protocol
type (which is TCP), then nfs4_set_ds_client() gets called with TCP 
instead of TCP with TLS.

Currently, each trunked connection is created and uses clp->cl_hostname
value which if TLS is used would get passed up in the handshake upcall,
but instead we need to pass in the appropriate trunked address value.

Fixes: c8407f2e560c ("NFS: Add an "xprtsec=" NFS mount option")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

Signed-off-by: Benjamin Coddington bcodding@redhat.com

Edited Apr 30, 2024 by Benjamin Coddington

NFSv4.1/pnfs: fix NFS with TLS in pnfs

Merge request reports