1. 18 9月, 2013 1 次提交
    • J
      RPCSEC_GSS: fix crash on destroying gss auth · a0f6ed8e
      J. Bruce Fields 提交于
      This fixes a regression since  eb6dc19d
      "RPCSEC_GSS: Share all credential caches on a per-transport basis" which
      could cause an occasional oops in the nfsd code (see below).
      
      The problem was that an auth was left referencing a client that had been
      freed.  To avoid this we need to ensure that auths are shared only
      between descendants of a common client; the fact that a clone of an
      rpc_client takes a reference on its parent then ensures that the parent
      client will last as long as the auth.
      
      Also add a comment explaining what I think was the intention of this
      code.
      
        general protection fault: 0000 [#1] PREEMPT SMP
        Modules linked in: rpcsec_gss_krb5 nfsd auth_rpcgss oid_registry nfs_acl lockd sunrpc
        CPU: 3 PID: 4071 Comm: kworker/u8:2 Not tainted 3.11.0-rc2-00182-g025145f #1665
        Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
        Workqueue: nfsd4_callbacks nfsd4_do_callback_rpc [nfsd]
        task: ffff88003e206080 ti: ffff88003c384000 task.ti: ffff88003c384000
        RIP: 0010:[<ffffffffa00001f3>]  [<ffffffffa00001f3>] rpc_net_ns+0x53/0x70 [sunrpc]
        RSP: 0000:ffff88003c385ab8  EFLAGS: 00010246
        RAX: 6b6b6b6b6b6b6b6b RBX: ffff88003af9a800 RCX: 0000000000000002
        RDX: ffffffffa00001a5 RSI: 0000000000000001 RDI: ffffffff81e284e0
        RBP: ffff88003c385ad8 R08: 0000000000000001 R09: 0000000000000000
        R10: 0000000000000000 R11: 0000000000000015 R12: ffff88003c990840
        R13: ffff88003c990878 R14: ffff88003c385ba8 R15: ffff88003e206080
        FS:  0000000000000000(0000) GS:ffff88003fd80000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
        CR2: 00007fcdf737e000 CR3: 000000003ad2b000 CR4: 00000000000006e0
        Stack:
         ffffffffa00001a5 0000000000000006 0000000000000006 ffff88003af9a800
         ffff88003c385b08 ffffffffa00d52a4 ffff88003c385ba8 ffff88003c751bd8
         ffff88003c751bc0 ffff88003e113600 ffff88003c385b18 ffffffffa00d530c
        Call Trace:
         [<ffffffffa00001a5>] ? rpc_net_ns+0x5/0x70 [sunrpc]
         [<ffffffffa00d52a4>] __gss_pipe_release+0x54/0x90 [auth_rpcgss]
         [<ffffffffa00d530c>] gss_pipe_free+0x2c/0x30 [auth_rpcgss]
         [<ffffffffa00d678b>] gss_destroy+0x9b/0xf0 [auth_rpcgss]
         [<ffffffffa000de63>] rpcauth_release+0x23/0x30 [sunrpc]
         [<ffffffffa0001e81>] rpc_release_client+0x51/0xb0 [sunrpc]
         [<ffffffffa00020d5>] rpc_shutdown_client+0xe5/0x170 [sunrpc]
         [<ffffffff81098a14>] ? cpuacct_charge+0xa4/0xb0
         [<ffffffff81098975>] ? cpuacct_charge+0x5/0xb0
         [<ffffffffa019556f>] nfsd4_process_cb_update.isra.17+0x2f/0x210 [nfsd]
         [<ffffffff819a4ac0>] ? _raw_spin_unlock_irq+0x30/0x60
         [<ffffffff819a4acb>] ? _raw_spin_unlock_irq+0x3b/0x60
         [<ffffffff810703ab>] ? process_one_work+0x15b/0x510
         [<ffffffffa01957dd>] nfsd4_do_callback_rpc+0x8d/0xa0 [nfsd]
         [<ffffffff8107041e>] process_one_work+0x1ce/0x510
         [<ffffffff810703ab>] ? process_one_work+0x15b/0x510
         [<ffffffff810712ab>] worker_thread+0x11b/0x370
         [<ffffffff81071190>] ? manage_workers.isra.24+0x2b0/0x2b0
         [<ffffffff8107854b>] kthread+0xdb/0xe0
         [<ffffffff819a4ac0>] ? _raw_spin_unlock_irq+0x30/0x60
         [<ffffffff81078470>] ? __init_kthread_worker+0x70/0x70
         [<ffffffff819ac7dc>] ret_from_fork+0x7c/0xb0
         [<ffffffff81078470>] ? __init_kthread_worker+0x70/0x70
        Code: a5 01 00 a0 31 d2 31 f6 48 c7 c7 e0 84 e2 81 e8 f4 91 0a e1 48 8b 43 60 48 c7 c2 a5 01 00 a0 be 01 00 00 00 48 c7 c7 e0 84 e2 81 <48> 8b 98 10 07 00 00 e8 91 8f 0a e1 e8
        +3c 4e 07 e1 48 83 c4 18
        RIP  [<ffffffffa00001f3>] rpc_net_ns+0x53/0x70 [sunrpc]
         RSP <ffff88003c385ab8>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      a0f6ed8e
  2. 12 9月, 2013 1 次提交
  3. 06 9月, 2013 4 次提交
  4. 04 9月, 2013 2 次提交
    • A
      SUNRPC refactor rpcauth_checkverf error returns · 35fa5f7b
      Andy Adamson 提交于
      Most of the time an error from the credops crvalidate function means the
      server has sent us a garbage verifier. The gss_validate function is the
      exception where there is an -EACCES case if the user GSS_context on the client
      has expired.
      Signed-off-by: NAndy Adamson <andros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      35fa5f7b
    • A
      SUNRPC new rpc_credops to test credential expiry · 4de6caa2
      Andy Adamson 提交于
      This patch provides the RPC layer helper functions to allow NFS to manage
      data in the face of expired credentials - such as avoiding buffered WRITEs
      and COMMITs when the gss context will expire before the WRITEs are flushed
      and COMMITs are sent.
      
      These helper functions enable checking the expiration of an underlying
      credential key for a generic rpc credential, e.g. the gss_cred gss context
      gc_expiry which for Kerberos is set to the remaining TGT lifetime.
      
      A new rpc_authops key_timeout is only defined for the generic auth.
      A new rpc_credops crkey_to_expire is only defined for the generic cred.
      A new rpc_credops crkey_timeout is only defined for the gss cred.
      
      Set a credential key expiry watermark, RPC_KEY_EXPIRE_TIMEO set to 240 seconds
      as a default and can be set via a module parameter as we need to ensure there
      is time for any dirty data to be flushed.
      
      If key_timeout is called on a credential with an underlying credential key that
      will expire within watermark seconds, we set the RPC_CRED_KEY_EXPIRE_SOON
      flag in the generic_cred acred so that the NFS layer can clean up prior to
      key expiration.
      
      Checking a generic credential's underlying credential involves a cred lookup.
      To avoid this lookup in the normal case when the underlying credential has
      a key that is valid (before the watermark), a notify flag is set in
      the generic credential the first time the key_timeout is called. The
      generic credential then stops checking the underlying credential key expiry, and
      the underlying credential (gss_cred) match routine then checks the key
      expiration upon each normal use and sets a flag in the associated generic
      credential only when the key expiration is within the watermark.
      This in turn signals the generic credential key_timeout to perform the extra
      credential lookup thereafter.
      Signed-off-by: NAndy Adamson <andros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      4de6caa2
  5. 03 9月, 2013 1 次提交
  6. 01 9月, 2013 2 次提交
  7. 30 8月, 2013 4 次提交
  8. 01 8月, 2013 4 次提交
  9. 02 7月, 2013 2 次提交
  10. 29 6月, 2013 1 次提交
  11. 29 5月, 2013 1 次提交
  12. 16 5月, 2013 3 次提交
  13. 13 5月, 2013 1 次提交
  14. 08 5月, 2013 1 次提交
  15. 06 5月, 2013 1 次提交
  16. 04 5月, 2013 1 次提交
  17. 01 5月, 2013 1 次提交
  18. 30 4月, 2013 4 次提交
  19. 26 4月, 2013 3 次提交
    • S
      SUNRPC: Use gssproxy upcall for server RPCGSS authentication. · 030d794b
      Simo Sorce 提交于
      The main advantge of this new upcall mechanism is that it can handle
      big tickets as seen in Kerberos implementations where tickets carry
      authorization data like the MS-PAC buffer with AD or the Posix Authorization
      Data being discussed in IETF on the krbwg working group.
      
      The Gssproxy program is used to perform the accept_sec_context call on the
      kernel's behalf. The code is changed to also pass the input buffer straight
      to upcall mechanism to avoid allocating and copying many pages as tokens can
      be as big (potentially more in future) as 64KiB.
      Signed-off-by: NSimo Sorce <simo@redhat.com>
      [bfields: containerization, negotiation api]
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      030d794b
    • S
      SUNRPC: Add RPC based upcall mechanism for RPCGSS auth · 1d658336
      Simo Sorce 提交于
      This patch implements a sunrpc client to use the services of the gssproxy
      userspace daemon.
      
      In particular it allows to perform calls in user space using an RPC
      call instead of custom hand-coded upcall/downcall messages.
      
      Currently only accept_sec_context is implemented as that is all is needed for
      the server case.
      
      File server modules like NFS and CIFS can use full gssapi services this way,
      once init_sec_context is also implemented.
      
      For the NFS server case this code allow to lift the limit of max 2k krb5
      tickets. This limit is prevents legitimate kerberos deployments from using krb5
      authentication with the Linux NFS server as they have normally ticket that are
      many kilobytes large.
      
      It will also allow to lift the limitation on the size of the credential set
      (uid,gid,gids) passed down from user space for users that have very many groups
      associated. Currently the downcall mechanism used by rpc.svcgssd is limited
      to around 2k secondary groups of the 65k allowed by kernel structures.
      Signed-off-by: NSimo Sorce <simo@redhat.com>
      [bfields: containerization, concurrent upcalls, misc. fixes and cleanup]
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      1d658336
    • S
      SUNRPC: conditionally return endtime from import_sec_context · 400f26b5
      Simo Sorce 提交于
      We expose this parameter for a future caller.
      It will be used to extract the endtime from the gss-proxy upcall mechanism,
      in order to set the rsc cache expiration time.
      Signed-off-by: NSimo Sorce <simo@redhat.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      400f26b5
  20. 30 3月, 2013 2 次提交