From 439a2c2077c9648f49afa86ca79509277ff2d0f1 Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Mon, 15 Nov 2021 19:42:32 +0800 Subject: [PATCH] SUNRPC: fix sign error causing rpcsec_gss drops stable inclusion from stable-5.10.73 commit 9aac782ab0ab0fd0a8e507a6294359c2f5cf182d bugzilla: 182983 https://gitee.com/openeuler/kernel/issues/I4I3M0 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9aac782ab0ab0fd0a8e507a6294359c2f5cf182d -------------------------------- commit 2ba5acfb34957e8a7fe47cd78c77ca88e9cc2b03 upstream. If sd_max is unsigned, then sd_max - GSS_SEQ_WIN is a very large number whenever sd_max is less than GSS_SEQ_WIN, and the comparison: seq_num <= sd->sd_max - GSS_SEQ_WIN in gss_check_seq_num is pretty much always true, even when that's clearly not what was intended. This was causing pynfs to hang when using krb5, because pynfs uses zero as the initial gss sequence number. That's perfectly legal, but this logic error causes knfsd to drop the rpc in that case. Out-of-order sequence IDs in the first GSS_SEQ_WIN (128) calls will also cause this. Fixes: 10b9d99a3dbb ("SUNRPC: Augment server-side rpcgss tracepoints") Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Chuck Lever Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chen Jun Acked-by: Weilong Chen Signed-off-by: Chen Jun Signed-off-by: Zheng Zengkai --- net/sunrpc/auth_gss/svcauth_gss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index e22f2d65457d..f5111d62972d 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -643,7 +643,7 @@ static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci, } __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win); goto ok; - } else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) { + } else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) { goto toolow; } if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win)) -- GitLab