From: NeilBrown <neilb@suse.de>

Date: Thu, 2 Sep 2021 09:30:37 +1000

Subject: [PATCH] SUNRPC: improve error response to over-size gss credential

Git-commit: 0c217d5066c84f67cd672cf03ec8f682e5d013c2

Patch-mainline: v5.15-rc1

References: bsc#1190022

When the NFS server receives a large gss (kerberos) credential and tries

to pass it up to rpc.svcgssd (which is deprecated), it triggers an

infinite loop in cache_read().

cache_request() always returns -EAGAIN, and this causes a "goto again".

This patch:

 - changes the error to -E2BIG to avoid the infinite loop, and

 - generates a WARN_ONCE when rsi_request first sees an over-sized

   credential.  The warning suggests switching to gssproxy.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=196583

Signed-off-by: NeilBrown <neilb@suse.de>

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

Acked-by: NeilBrown <neilb@suse.com>

---

 net/sunrpc/auth_gss/svcauth_gss.c |    2 ++

 net/sunrpc/cache.c                |    2 +-

 2 files changed, 3 insertions(+), 1 deletion(-)

--- a/net/sunrpc/auth_gss/svcauth_gss.c

+++ b/net/sunrpc/auth_gss/svcauth_gss.c

@@ -180,6 +180,8 @@ static void rsi_request(struct cache_det

 	qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len);

 	qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len);

 	(*bpp)[-1] = '\n';

+	WARN_ONCE(*blen < 0,

+		  "RPCSEC/GSS credential too large - please use gssproxy\n");

 }

 static int rsi_parse(struct cache_detail *cd,

--- a/net/sunrpc/cache.c

+++ b/net/sunrpc/cache.c

@@ -770,7 +770,7 @@ static int cache_request(struct cache_de

 	detail->cache_request(detail, crq->item, &bp, &len;;

 	if (len < 0)

-		return -EAGAIN;

+		return -E2BIG;

 	return PAGE_SIZE - len;

 }