1. 24 10月, 2018 1 次提交
  2. 01 10月, 2018 1 次提交
    • T
      SUNRPC: The transmitted message must lie in the RPCSEC window of validity · 3021a5bb
      Trond Myklebust 提交于
      If a message has been encoded using RPCSEC_GSS, the server is
      maintaining a window of sequence numbers that it considers valid.
      The client should normally be tracking that window, and needs to
      verify that the sequence number used by the message being transmitted
      still lies inside the window of validity.
      
      So far, we've been able to assume this condition would be realised
      automatically, since the client has been encoding the message only
      after taking the socket lock. Once we change that condition, we
      will need the explicit check.
      Signed-off-by: NTrond Myklebust <trond.myklebust@hammerspace.com>
      3021a5bb
  3. 23 8月, 2018 2 次提交
  4. 05 8月, 2018 1 次提交
  5. 01 8月, 2018 1 次提交
  6. 31 7月, 2018 1 次提交
  7. 13 6月, 2018 1 次提交
    • K
      treewide: kmalloc() -> kmalloc_array() · 6da2ec56
      Kees Cook 提交于
      The kmalloc() function has a 2-factor argument form, kmalloc_array(). This
      patch replaces cases of:
      
              kmalloc(a * b, gfp)
      
      with:
              kmalloc_array(a * b, gfp)
      
      as well as handling cases of:
      
              kmalloc(a * b * c, gfp)
      
      with:
      
              kmalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kmalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kmalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The tools/ directory was manually excluded, since it has its own
      implementation of kmalloc().
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kmalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kmalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kmalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kmalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kmalloc
      + kmalloc_array
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kmalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kmalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kmalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kmalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kmalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kmalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kmalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kmalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kmalloc(C1 * C2 * C3, ...)
      |
        kmalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kmalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kmalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kmalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kmalloc(sizeof(THING) * C2, ...)
      |
        kmalloc(sizeof(TYPE) * C2, ...)
      |
        kmalloc(C1 * C2 * C3, ...)
      |
        kmalloc(C1 * C2, ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kmalloc
      + kmalloc_array
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      6da2ec56
  8. 28 3月, 2018 1 次提交
  9. 27 3月, 2018 1 次提交
  10. 05 7月, 2017 2 次提交
  11. 28 2月, 2017 1 次提交
  12. 25 12月, 2016 1 次提交
  13. 10 12月, 2016 1 次提交
    • N
      SUNRPC: fix refcounting problems with auth_gss messages. · 1cded9d2
      NeilBrown 提交于
      There are two problems with refcounting of auth_gss messages.
      
      First, the reference on the pipe->pipe list (taken by a call
      to rpc_queue_upcall()) is not counted.  It seems to be
      assumed that a message in pipe->pipe will always also be in
      pipe->in_downcall, where it is correctly reference counted.
      
      However there is no guaranty of this.  I have a report of a
      NULL dereferences in rpc_pipe_read() which suggests a msg
      that has been freed is still on the pipe->pipe list.
      
      One way I imagine this might happen is:
      - message is queued for uid=U and auth->service=S1
      - rpc.gssd reads this message and starts processing.
        This removes the message from pipe->pipe
      - message is queued for uid=U and auth->service=S2
      - rpc.gssd replies to the first message. gss_pipe_downcall()
        calls __gss_find_upcall(pipe, U, NULL) and it finds the
        *second* message, as new messages are placed at the head
        of ->in_downcall, and the service type is not checked.
      - This second message is removed from ->in_downcall and freed
        by gss_release_msg() (even though it is still on pipe->pipe)
      - rpc.gssd tries to read another message, and dereferences a pointer
        to this message that has just been freed.
      
      I fix this by incrementing the reference count before calling
      rpc_queue_upcall(), and decrementing it if that fails, or normally in
      gss_pipe_destroy_msg().
      
      It seems strange that the reply doesn't target the message more
      precisely, but I don't know all the details.  In any case, I think the
      reference counting irregularity became a measureable bug when the
      extra arg was added to __gss_find_upcall(), hence the Fixes: line
      below.
      
      The second problem is that if rpc_queue_upcall() fails, the new
      message is not freed. gss_alloc_msg() set the ->count to 1,
      gss_add_msg() increments this to 2, gss_unhash_msg() decrements to 1,
      then the pointer is discarded so the memory never gets freed.
      
      Fixes: 9130b8db ("SUNRPC: allow for upcalls for same uid but different gss service")
      Cc: stable@vger.kernel.org
      Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1011250Signed-off-by: NNeilBrown <neilb@suse.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      1cded9d2
  14. 27 10月, 2016 1 次提交
    • J
      sunrpc: don't pass on-stack memory to sg_set_buf · 2876a344
      J. Bruce Fields 提交于
      As of ac4e97ab "scatterlist: sg_set_buf() argument must be in linear
      mapping", sg_set_buf hits a BUG when make_checksum_v2->xdr_process_buf,
      among other callers, passes it memory on the stack.
      
      We only need a scatterlist to pass this to the crypto code, and it seems
      like overkill to require kmalloc'd memory just to encrypt a few bytes,
      but for now this seems the best fix.
      
      Many of these callers are in the NFS write paths, so we allocate with
      GFP_NOFS.  It might be possible to do without allocations here entirely,
      but that would probably be a bigger project.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      2876a344
  15. 01 10月, 2016 1 次提交
  16. 05 8月, 2016 1 次提交
  17. 20 7月, 2016 1 次提交
    • S
      sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags · ce52914e
      Scott Mayhew 提交于
      A generic_cred can be used to look up a unx_cred or a gss_cred, so it's
      not really safe to use the the generic_cred->acred->ac_flags to store
      the NO_CRKEY_TIMEOUT flag.  A lookup for a unx_cred triggered while the
      KEY_EXPIRE_SOON flag is already set will cause both NO_CRKEY_TIMEOUT and
      KEY_EXPIRE_SOON to be set in the ac_flags, leaving the user associated
      with the auth_cred to be in a state where they're perpetually doing 4K
      NFS_FILE_SYNC writes.
      
      This can be reproduced as follows:
      
      1. Mount two NFS filesystems, one with sec=krb5 and one with sec=sys.
      They do not need to be the same export, nor do they even need to be from
      the same NFS server.  Also, v3 is fine.
      $ sudo mount -o v3,sec=krb5 server1:/export /mnt/krb5
      $ sudo mount -o v3,sec=sys server2:/export /mnt/sys
      
      2. As the normal user, before accessing the kerberized mount, kinit with
      a short lifetime (but not so short that renewing the ticket would leave
      you within the 4-minute window again by the time the original ticket
      expires), e.g.
      $ kinit -l 10m -r 60m
      
      3. Do some I/O to the kerberized mount and verify that the writes are
      wsize, UNSTABLE:
      $ dd if=/dev/zero of=/mnt/krb5/file bs=1M count=1
      
      4. Wait until you're within 4 minutes of key expiry, then do some more
      I/O to the kerberized mount to ensure that RPC_CRED_KEY_EXPIRE_SOON gets
      set.  Verify that the writes are 4K, FILE_SYNC:
      $ dd if=/dev/zero of=/mnt/krb5/file bs=1M count=1
      
      5. Now do some I/O to the sec=sys mount.  This will cause
      RPC_CRED_NO_CRKEY_TIMEOUT to be set:
      $ dd if=/dev/zero of=/mnt/sys/file bs=1M count=1
      
      6. Writes for that user will now be permanently 4K, FILE_SYNC for that
      user, regardless of which mount is being written to, until you reboot
      the client.  Renewing the kerberos ticket (assuming it hasn't already
      expired) will have no effect.  Grabbing a new kerberos ticket at this
      point will have no effect either.
      
      Move the flag to the auth->au_flags field (which is currently unused)
      and rename it slightly to reflect that it's no longer associated with
      the auth_cred->ac_flags.  Add the rpc_auth to the arg list of
      rpcauth_cred_key_to_expire and check the au_flags there too.  Finally,
      add the inode to the arg list of nfs_ctx_key_to_expire so we can
      determine the rpc_auth to pass to rpcauth_cred_key_to_expire.
      Signed-off-by: NScott Mayhew <smayhew@redhat.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      ce52914e
  18. 12 7月, 2016 1 次提交
    • C
      xprtrdma: No direct data placement with krb5i and krb5p · 65b80179
      Chuck Lever 提交于
      Direct data placement is not allowed when using flavors that
      guarantee integrity or privacy. When such security flavors are in
      effect, don't allow the use of Read and Write chunks for moving
      individual data items. All messages larger than the inline threshold
      are sent via Long Call or Long Reply.
      
      On my systems (CX-3 Pro on FDR), for small I/O operations, the use
      of Long messages adds only around 5 usecs of latency in each
      direction.
      
      Note that when integrity or encryption is used, the host CPU touches
      every byte in these messages. Even if it could be used, data
      movement offload doesn't buy much in this case.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Tested-by: NSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      65b80179
  19. 09 5月, 2016 1 次提交
  20. 05 4月, 2016 1 次提交
    • K
      mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros · 09cbfeaf
      Kirill A. Shutemov 提交于
      PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
      ago with promise that one day it will be possible to implement page
      cache with bigger chunks than PAGE_SIZE.
      
      This promise never materialized.  And unlikely will.
      
      We have many places where PAGE_CACHE_SIZE assumed to be equal to
      PAGE_SIZE.  And it's constant source of confusion on whether
      PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
      especially on the border between fs and mm.
      
      Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
      breakage to be doable.
      
      Let's stop pretending that pages in page cache are special.  They are
      not.
      
      The changes are pretty straight-forward:
      
       - <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
      
       - <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
      
       - PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
      
       - page_cache_get() -> get_page();
      
       - page_cache_release() -> put_page();
      
      This patch contains automated changes generated with coccinelle using
      script below.  For some reason, coccinelle doesn't patch header files.
      I've called spatch for them manually.
      
      The only adjustment after coccinelle is revert of changes to
      PAGE_CAHCE_ALIGN definition: we are going to drop it later.
      
      There are few places in the code where coccinelle didn't reach.  I'll
      fix them manually in a separate patch.  Comments and documentation also
      will be addressed with the separate patch.
      
      virtual patch
      
      @@
      expression E;
      @@
      - E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
      + E
      
      @@
      expression E;
      @@
      - E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
      + E
      
      @@
      @@
      - PAGE_CACHE_SHIFT
      + PAGE_SHIFT
      
      @@
      @@
      - PAGE_CACHE_SIZE
      + PAGE_SIZE
      
      @@
      @@
      - PAGE_CACHE_MASK
      + PAGE_MASK
      
      @@
      expression E;
      @@
      - PAGE_CACHE_ALIGN(E)
      + PAGE_ALIGN(E)
      
      @@
      expression E;
      @@
      - page_cache_get(E)
      + get_page(E)
      
      @@
      expression E;
      @@
      - page_cache_release(E)
      + put_page(E)
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      09cbfeaf
  21. 18 2月, 2016 1 次提交
    • S
      auth_gss: fix panic in gss_pipe_downcall() in fips mode · 437b300c
      Scott Mayhew 提交于
      On Mon, 15 Feb 2016, Trond Myklebust wrote:
      
      > Hi Scott,
      >
      > On Mon, Feb 15, 2016 at 2:28 PM, Scott Mayhew <smayhew@redhat.com> wrote:
      > > md5 is disabled in fips mode, and attempting to import a gss context
      > > using md5 while in fips mode will result in crypto_alg_mod_lookup()
      > > returning -ENOENT, which will make its way back up to
      > > gss_pipe_downcall(), where the BUG() is triggered.  Handling the -ENOENT
      > > allows for a more graceful failure.
      > >
      > > Signed-off-by: Scott Mayhew <smayhew@redhat.com>
      > > ---
      > >  net/sunrpc/auth_gss/auth_gss.c | 3 +++
      > >  1 file changed, 3 insertions(+)
      > >
      > > diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
      > > index 799e65b..c30fc3b 100644
      > > --- a/net/sunrpc/auth_gss/auth_gss.c
      > > +++ b/net/sunrpc/auth_gss/auth_gss.c
      > > @@ -737,6 +737,9 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
      > >                 case -ENOSYS:
      > >                         gss_msg->msg.errno = -EAGAIN;
      > >                         break;
      > > +               case -ENOENT:
      > > +                       gss_msg->msg.errno = -EPROTONOSUPPORT;
      > > +                       break;
      > >                 default:
      > >                         printk(KERN_CRIT "%s: bad return from "
      > >                                 "gss_fill_context: %zd\n", __func__, err);
      > > --
      > > 2.4.3
      > >
      >
      > Well debugged, but I unfortunately do have to ask if this patch is
      > sufficient? In addition to -ENOENT, and -ENOMEM, it looks to me as if
      > crypto_alg_mod_lookup() can also fail with -EINTR, -ETIMEDOUT, and
      > -EAGAIN. Don't we also want to handle those?
      
      You're right, I was focusing on the panic that I could easily reproduce.
      I'm still not sure how I could trigger those other conditions.
      
      >
      > In fact, peering into the rats nest that is
      > gss_import_sec_context_kerberos(), it looks as if that is just a tiny
      > subset of all the errors that we might run into. Perhaps the right
      > thing to do here is to get rid of the BUG() (but keep the above
      > printk) and just return a generic error?
      
      That sounds fine to me -- updated patch attached.
      
      -Scott
      
      >From d54c6b64a107a90a38cab97577de05f9a4625052 Mon Sep 17 00:00:00 2001
      From: Scott Mayhew <smayhew@redhat.com>
      Date: Mon, 15 Feb 2016 15:12:19 -0500
      Subject: [PATCH] auth_gss: remove the BUG() from gss_pipe_downcall()
      
      Instead return a generic error via gss_msg->msg.errno.  None of the
      errors returned by gss_fill_context() should necessarily trigger a
      kernel panic.
      Signed-off-by: NScott Mayhew <smayhew@redhat.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      437b300c
  22. 06 2月, 2016 1 次提交
  23. 24 10月, 2015 1 次提交
    • A
      sunrpc: avoid warning in gss_key_timeout · cc6a7aab
      Arnd Bergmann 提交于
      The gss_key_timeout() function causes a harmless warning in some
      configurations, e.g. ARM imx_v6_v7_defconfig with gcc-5.2, if the
      compiler cannot figure out the state of the 'expire' variable across
      an rcu_read_unlock():
      
      net/sunrpc/auth_gss/auth_gss.c: In function 'gss_key_timeout':
      net/sunrpc/auth_gss/auth_gss.c:1422:211: warning: 'expire' may be used uninitialized in this function [-Wmaybe-uninitialized]
      
      To avoid this warning without adding a bogus initialization, this
      rewrites the function so the comparison is done inside of the
      critical section. As a side-effect, it also becomes slightly
      easier to understand because the implementation now more closely
      resembles the comment above it.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: c5e6aecd ("sunrpc: fix RCU handling of gc_ctx field")
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      cc6a7aab
  24. 25 11月, 2014 1 次提交
  25. 14 11月, 2014 1 次提交
    • J
      sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor · b3ecba09
      Jeff Layton 提交于
      Bruce reported that he was seeing the following BUG pop:
      
          BUG: sleeping function called from invalid context at mm/slab.c:2846
          in_atomic(): 0, irqs_disabled(): 0, pid: 4539, name: mount.nfs
          2 locks held by mount.nfs/4539:
          #0:  (nfs_clid_init_mutex){+.+.+.}, at: [<ffffffffa01c0a9a>] nfs4_discover_server_trunking+0x4a/0x2f0 [nfsv4]
          #1:  (rcu_read_lock){......}, at: [<ffffffffa00e3185>] gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
          Preemption disabled at:[<ffffffff81a4f082>] printk+0x4d/0x4f
      
          CPU: 3 PID: 4539 Comm: mount.nfs Not tainted 3.18.0-rc1-00013-g5b095e99 #3393
          Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
          ffff880021499390 ffff8800381476a8 ffffffff81a534cf 0000000000000001
          0000000000000000 ffff8800381476c8 ffffffff81097854 00000000000000d0
          0000000000000018 ffff880038147718 ffffffff8118e4f3 0000000020479f00
          Call Trace:
          [<ffffffff81a534cf>] dump_stack+0x4f/0x7c
          [<ffffffff81097854>] __might_sleep+0x114/0x180
          [<ffffffff8118e4f3>] __kmalloc+0x1a3/0x280
          [<ffffffffa00e31d8>] gss_stringify_acceptor+0x58/0xb0 [auth_rpcgss]
          [<ffffffffa00e3185>] ? gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
          [<ffffffffa006b438>] rpcauth_stringify_acceptor+0x18/0x30 [sunrpc]
          [<ffffffffa01b0469>] nfs4_proc_setclientid+0x199/0x380 [nfsv4]
          [<ffffffffa01b04d0>] ? nfs4_proc_setclientid+0x200/0x380 [nfsv4]
          [<ffffffffa01bdf1a>] nfs40_discover_server_trunking+0xda/0x150 [nfsv4]
          [<ffffffffa01bde45>] ? nfs40_discover_server_trunking+0x5/0x150 [nfsv4]
          [<ffffffffa01c0acf>] nfs4_discover_server_trunking+0x7f/0x2f0 [nfsv4]
          [<ffffffffa01c8e24>] nfs4_init_client+0x104/0x2f0 [nfsv4]
          [<ffffffffa01539b4>] nfs_get_client+0x314/0x3f0 [nfs]
          [<ffffffffa0153780>] ? nfs_get_client+0xe0/0x3f0 [nfs]
          [<ffffffffa01c83aa>] nfs4_set_client+0x8a/0x110 [nfsv4]
          [<ffffffffa0069708>] ? __rpc_init_priority_wait_queue+0xa8/0xf0 [sunrpc]
          [<ffffffffa01c9b2f>] nfs4_create_server+0x12f/0x390 [nfsv4]
          [<ffffffffa01c1472>] nfs4_remote_mount+0x32/0x60 [nfsv4]
          [<ffffffff81196489>] mount_fs+0x39/0x1b0
          [<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
          [<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
          [<ffffffffa01c1396>] nfs_do_root_mount+0x86/0xc0 [nfsv4]
          [<ffffffffa01c1784>] nfs4_try_mount+0x44/0xc0 [nfsv4]
          [<ffffffffa01549b7>] ? get_nfs_version+0x27/0x90 [nfs]
          [<ffffffffa0161a2d>] nfs_fs_mount+0x47d/0xd60 [nfs]
          [<ffffffff81a59c5e>] ? mutex_unlock+0xe/0x10
          [<ffffffffa01606a0>] ? nfs_remount+0x430/0x430 [nfs]
          [<ffffffffa01609c0>] ? nfs_clone_super+0x140/0x140 [nfs]
          [<ffffffff81196489>] mount_fs+0x39/0x1b0
          [<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
          [<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
          [<ffffffff811b5830>] do_mount+0x210/0xbe0
          [<ffffffff811b54ca>] ? copy_mount_options+0x3a/0x160
          [<ffffffff811b651f>] SyS_mount+0x6f/0xb0
          [<ffffffff81a5c852>] system_call_fastpath+0x12/0x17
      
      Sleeping under the rcu_read_lock is bad. This patch fixes it by dropping
      the rcu_read_lock before doing the allocation and then reacquiring it
      and redoing the dereference before doing the copy. If we find that the
      string has somehow grown in the meantime, we'll reallocate and try again.
      
      Cc: <stable@vger.kernel.org> # v3.17+
      Reported-by: N"J. Bruce Fields" <bfields@fieldses.org>
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      b3ecba09
  26. 04 8月, 2014 1 次提交
  27. 13 7月, 2014 2 次提交
  28. 18 4月, 2014 1 次提交
  29. 17 2月, 2014 2 次提交
  30. 11 2月, 2014 1 次提交
  31. 28 1月, 2014 1 次提交
    • J
      sunrpc: turn warn_gssd() log message into a dprintk() · 0ea9de0e
      Jeff Layton 提交于
      The original printk() made sense when the GSSAPI codepaths were called
      only when sec=krb5* was explicitly requested. Now however, in many cases
      the nfs client will try to acquire GSSAPI credentials by default, even
      when it's not requested.
      
      Since we don't have a great mechanism to distinguish between the two
      cases, just turn the pr_warn into a dprintk instead. With this change we
      can also get rid of the ratelimiting.
      
      We do need to keep the EXPORT_SYMBOL(gssd_running) in place since
      auth_gss.ko needs it and sunrpc.ko provides it. We can however,
      eliminate the gssd_running call in the nfs code since that's a bit of a
      layering violation.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      0ea9de0e
  32. 07 12月, 2013 1 次提交
  33. 27 11月, 2013 1 次提交
  34. 29 10月, 2013 2 次提交
  35. 18 9月, 2013 1 次提交
    • J
      RPCSEC_GSS: fix crash on destroying gss auth · a0f6ed8e
      J. Bruce Fields 提交于
      This fixes a regression since  eb6dc19d
      "RPCSEC_GSS: Share all credential caches on a per-transport basis" which
      could cause an occasional oops in the nfsd code (see below).
      
      The problem was that an auth was left referencing a client that had been
      freed.  To avoid this we need to ensure that auths are shared only
      between descendants of a common client; the fact that a clone of an
      rpc_client takes a reference on its parent then ensures that the parent
      client will last as long as the auth.
      
      Also add a comment explaining what I think was the intention of this
      code.
      
        general protection fault: 0000 [#1] PREEMPT SMP
        Modules linked in: rpcsec_gss_krb5 nfsd auth_rpcgss oid_registry nfs_acl lockd sunrpc
        CPU: 3 PID: 4071 Comm: kworker/u8:2 Not tainted 3.11.0-rc2-00182-g025145f #1665
        Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
        Workqueue: nfsd4_callbacks nfsd4_do_callback_rpc [nfsd]
        task: ffff88003e206080 ti: ffff88003c384000 task.ti: ffff88003c384000
        RIP: 0010:[<ffffffffa00001f3>]  [<ffffffffa00001f3>] rpc_net_ns+0x53/0x70 [sunrpc]
        RSP: 0000:ffff88003c385ab8  EFLAGS: 00010246
        RAX: 6b6b6b6b6b6b6b6b RBX: ffff88003af9a800 RCX: 0000000000000002
        RDX: ffffffffa00001a5 RSI: 0000000000000001 RDI: ffffffff81e284e0
        RBP: ffff88003c385ad8 R08: 0000000000000001 R09: 0000000000000000
        R10: 0000000000000000 R11: 0000000000000015 R12: ffff88003c990840
        R13: ffff88003c990878 R14: ffff88003c385ba8 R15: ffff88003e206080
        FS:  0000000000000000(0000) GS:ffff88003fd80000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
        CR2: 00007fcdf737e000 CR3: 000000003ad2b000 CR4: 00000000000006e0
        Stack:
         ffffffffa00001a5 0000000000000006 0000000000000006 ffff88003af9a800
         ffff88003c385b08 ffffffffa00d52a4 ffff88003c385ba8 ffff88003c751bd8
         ffff88003c751bc0 ffff88003e113600 ffff88003c385b18 ffffffffa00d530c
        Call Trace:
         [<ffffffffa00001a5>] ? rpc_net_ns+0x5/0x70 [sunrpc]
         [<ffffffffa00d52a4>] __gss_pipe_release+0x54/0x90 [auth_rpcgss]
         [<ffffffffa00d530c>] gss_pipe_free+0x2c/0x30 [auth_rpcgss]
         [<ffffffffa00d678b>] gss_destroy+0x9b/0xf0 [auth_rpcgss]
         [<ffffffffa000de63>] rpcauth_release+0x23/0x30 [sunrpc]
         [<ffffffffa0001e81>] rpc_release_client+0x51/0xb0 [sunrpc]
         [<ffffffffa00020d5>] rpc_shutdown_client+0xe5/0x170 [sunrpc]
         [<ffffffff81098a14>] ? cpuacct_charge+0xa4/0xb0
         [<ffffffff81098975>] ? cpuacct_charge+0x5/0xb0
         [<ffffffffa019556f>] nfsd4_process_cb_update.isra.17+0x2f/0x210 [nfsd]
         [<ffffffff819a4ac0>] ? _raw_spin_unlock_irq+0x30/0x60
         [<ffffffff819a4acb>] ? _raw_spin_unlock_irq+0x3b/0x60
         [<ffffffff810703ab>] ? process_one_work+0x15b/0x510
         [<ffffffffa01957dd>] nfsd4_do_callback_rpc+0x8d/0xa0 [nfsd]
         [<ffffffff8107041e>] process_one_work+0x1ce/0x510
         [<ffffffff810703ab>] ? process_one_work+0x15b/0x510
         [<ffffffff810712ab>] worker_thread+0x11b/0x370
         [<ffffffff81071190>] ? manage_workers.isra.24+0x2b0/0x2b0
         [<ffffffff8107854b>] kthread+0xdb/0xe0
         [<ffffffff819a4ac0>] ? _raw_spin_unlock_irq+0x30/0x60
         [<ffffffff81078470>] ? __init_kthread_worker+0x70/0x70
         [<ffffffff819ac7dc>] ret_from_fork+0x7c/0xb0
         [<ffffffff81078470>] ? __init_kthread_worker+0x70/0x70
        Code: a5 01 00 a0 31 d2 31 f6 48 c7 c7 e0 84 e2 81 e8 f4 91 0a e1 48 8b 43 60 48 c7 c2 a5 01 00 a0 be 01 00 00 00 48 c7 c7 e0 84 e2 81 <48> 8b 98 10 07 00 00 e8 91 8f 0a e1 e8
        +3c 4e 07 e1 48 83 c4 18
        RIP  [<ffffffffa00001f3>] rpc_net_ns+0x53/0x70 [sunrpc]
         RSP <ffff88003c385ab8>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      a0f6ed8e