mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
synced 2026-04-18 11:33:36 -04:00
81538c8e42
Pull nfsd updates from Chuck Lever:
"Mike Snitzer has prototyped a mechanism for disabling I/O caching in
NFSD. This is introduced in v6.18 as an experimental feature. This
enables scaling NFSD in /both/ directions:
- NFS service can be supported on systems with small memory
footprints, such as low-cost cloud instances
- Large NFS workloads will be less likely to force the eviction of
server-local activity, helping it avoid thrashing
Jeff Layton contributed a number of fixes to the new attribute
delegation implementation (based on a pending Internet RFC) that we
hope will make attribute delegation reliable enough to enable by
default, as it is on the Linux NFS client.
The remaining patches in this pull request are clean-ups and minor
optimizations. Many thanks to the contributors, reviewers, testers,
and bug reporters who participated during the v6.18 NFSD development
cycle"
* tag 'nfsd-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (42 commits)
nfsd: discard nfserr_dropit
SUNRPC: Make RPCSEC_GSS_KRB5 select CRYPTO instead of depending on it
NFSD: Add io_cache_{read,write} controls to debugfs
NFSD: Do the grace period check in ->proc_layoutget
nfsd: delete unnecessary NULL check in __fh_verify()
NFSD: Allow layoutcommit during grace period
NFSD: Disallow layoutget during grace period
sunrpc: fix "occurence"->"occurrence"
nfsd: Don't force CRYPTO_LIB_SHA256 to be built-in
nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
NFSD: Reduce DRC bucket size
NFSD: Delay adding new entries to LRU
SUNRPC: Move the svc_rpcb_cleanup() call sites
NFS: Remove rpcbind cleanup for NFSv4.0 callback
nfsd: unregister with rpcbind when deleting a transport
NFSD: Drop redundant conversion to bool
sunrpc: eliminate return pointer in svc_tcp_sendmsg()
sunrpc: fix pr_notice in svc_tcp_sendto() to show correct length
nfsd: decouple the xprtsec policy check from check_nfsd_access()
NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
...
133 lines
4.2 KiB
Plaintext
133 lines
4.2 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config SUNRPC
|
|
tristate
|
|
depends on MULTIUSER
|
|
|
|
config SUNRPC_GSS
|
|
tristate
|
|
select OID_REGISTRY
|
|
depends on MULTIUSER
|
|
|
|
config SUNRPC_BACKCHANNEL
|
|
bool
|
|
depends on SUNRPC
|
|
|
|
config SUNRPC_SWAP
|
|
bool
|
|
depends on SUNRPC
|
|
|
|
config RPCSEC_GSS_KRB5
|
|
tristate "Secure RPC: Kerberos V mechanism"
|
|
depends on SUNRPC
|
|
default y
|
|
select SUNRPC_GSS
|
|
select CRYPTO
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_HASH
|
|
help
|
|
Choose Y here to enable Secure RPC using the Kerberos version 5
|
|
GSS-API mechanism (RFC 1964).
|
|
|
|
Secure RPC calls with Kerberos require an auxiliary user-space
|
|
daemon which may be found in the Linux nfs-utils package
|
|
available from http://linux-nfs.org/. In addition, user-space
|
|
Kerberos support should be installed.
|
|
|
|
If unsure, say Y.
|
|
|
|
config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
|
|
bool "Enable Kerberos enctypes based on AES and SHA-1"
|
|
depends on RPCSEC_GSS_KRB5
|
|
depends on CRYPTO_CBC && CRYPTO_CTS
|
|
depends on CRYPTO_HMAC && CRYPTO_SHA1
|
|
depends on CRYPTO_AES
|
|
default y
|
|
help
|
|
Choose Y to enable the use of Kerberos 5 encryption types
|
|
that utilize Advanced Encryption Standard (AES) ciphers and
|
|
SHA-1 digests. These include aes128-cts-hmac-sha1-96 and
|
|
aes256-cts-hmac-sha1-96.
|
|
|
|
config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA
|
|
bool "Enable Kerberos encryption types based on Camellia and CMAC"
|
|
depends on RPCSEC_GSS_KRB5
|
|
depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA
|
|
depends on CRYPTO_CMAC
|
|
default n
|
|
help
|
|
Choose Y to enable the use of Kerberos 5 encryption types
|
|
that utilize Camellia ciphers (RFC 3713) and CMAC digests
|
|
(NIST Special Publication 800-38B). These include
|
|
camellia128-cts-cmac and camellia256-cts-cmac.
|
|
|
|
config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
|
|
bool "Enable Kerberos enctypes based on AES and SHA-2"
|
|
depends on RPCSEC_GSS_KRB5
|
|
depends on CRYPTO_CBC && CRYPTO_CTS
|
|
depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
|
|
depends on CRYPTO_AES
|
|
default n
|
|
help
|
|
Choose Y to enable the use of Kerberos 5 encryption types
|
|
that utilize Advanced Encryption Standard (AES) ciphers and
|
|
SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
|
|
aes256-cts-hmac-sha384-192.
|
|
|
|
config RPCSEC_GSS_KRB5_KUNIT_TEST
|
|
tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS
|
|
depends on RPCSEC_GSS_KRB5 && KUNIT
|
|
default KUNIT_ALL_TESTS
|
|
help
|
|
This builds the KUnit tests for RPCSEC GSS Kerberos 5.
|
|
|
|
KUnit tests run during boot and output the results to the debug
|
|
log in TAP format (https://testanything.org/). Only useful for
|
|
kernel devs running KUnit test harness and are not for inclusion
|
|
into a production build.
|
|
|
|
For more information on KUnit and unit tests in general, refer
|
|
to the KUnit documentation in Documentation/dev-tools/kunit/.
|
|
|
|
config SUNRPC_DEBUG
|
|
bool "RPC: Enable dprintk debugging"
|
|
depends on SUNRPC && SYSCTL
|
|
select DEBUG_FS
|
|
help
|
|
This option enables a sysctl-based debugging interface
|
|
that is be used by the 'rpcdebug' utility to turn on or off
|
|
logging of different aspects of the kernel RPC activity.
|
|
|
|
Disabling this option will make your kernel slightly smaller,
|
|
but makes troubleshooting NFS issues significantly harder.
|
|
|
|
If unsure, say Y.
|
|
|
|
config SUNRPC_DEBUG_TRACE
|
|
bool "RPC: Send dfprintk() output to the trace buffer"
|
|
depends on SUNRPC_DEBUG && TRACING
|
|
default n
|
|
help
|
|
dprintk() output can be voluminous, which can overwhelm the
|
|
kernel's logging facility as it must be sent to the console.
|
|
This option causes dprintk() output to go to the trace buffer
|
|
instead of the kernel log.
|
|
|
|
This will cause warnings about trace_printk() being used to be
|
|
logged at boot time, so say N unless you are debugging a problem
|
|
with sunrpc-based clients or services.
|
|
|
|
config SUNRPC_XPRT_RDMA
|
|
tristate "RPC-over-RDMA transport"
|
|
depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
|
|
default SUNRPC && INFINIBAND
|
|
select SG_POOL
|
|
help
|
|
This option allows the NFS client and server to use RDMA
|
|
transports (InfiniBand, iWARP, or RoCE).
|
|
|
|
To compile this support as a module, choose M. The module
|
|
will be called rpcrdma.ko.
|
|
|
|
If unsure, or you know there is no RDMA capability on your
|
|
hardware platform, say N.
|