|
NeilBrown |
f82dc9 |
From: NeilBrown <neilb@suse.de>
|
|
NeilBrown |
f82dc9 |
Date: Thu, 2 Sep 2021 09:30:37 +1000
|
|
NeilBrown |
f82dc9 |
Subject: [PATCH] SUNRPC: improve error response to over-size gss credential
|
|
NeilBrown |
f82dc9 |
Git-commit: 0c217d5066c84f67cd672cf03ec8f682e5d013c2
|
|
NeilBrown |
f82dc9 |
Patch-mainline: v5.15-rc1
|
|
NeilBrown |
f82dc9 |
References: bsc#1190022
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
When the NFS server receives a large gss (kerberos) credential and tries
|
|
NeilBrown |
f82dc9 |
to pass it up to rpc.svcgssd (which is deprecated), it triggers an
|
|
NeilBrown |
f82dc9 |
infinite loop in cache_read().
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
cache_request() always returns -EAGAIN, and this causes a "goto again".
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
This patch:
|
|
NeilBrown |
f82dc9 |
- changes the error to -E2BIG to avoid the infinite loop, and
|
|
NeilBrown |
f82dc9 |
- generates a WARN_ONCE when rsi_request first sees an over-sized
|
|
NeilBrown |
f82dc9 |
credential. The warning suggests switching to gssproxy.
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
Link: https://bugzilla.kernel.org/show_bug.cgi?id=196583
|
|
NeilBrown |
f82dc9 |
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
NeilBrown |
f82dc9 |
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
NeilBrown |
f82dc9 |
Acked-by: NeilBrown <neilb@suse.com>
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
---
|
|
NeilBrown |
f82dc9 |
net/sunrpc/auth_gss/svcauth_gss.c | 2 ++
|
|
NeilBrown |
f82dc9 |
net/sunrpc/cache.c | 2 +-
|
|
NeilBrown |
f82dc9 |
2 files changed, 3 insertions(+), 1 deletion(-)
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
--- a/net/sunrpc/auth_gss/svcauth_gss.c
|
|
NeilBrown |
f82dc9 |
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
|
|
NeilBrown |
f82dc9 |
@@ -180,6 +180,8 @@ static void rsi_request(struct cache_det
|
|
NeilBrown |
f82dc9 |
qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len);
|
|
NeilBrown |
f82dc9 |
qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len);
|
|
NeilBrown |
f82dc9 |
(*bpp)[-1] = '\n';
|
|
NeilBrown |
f82dc9 |
+ WARN_ONCE(*blen < 0,
|
|
NeilBrown |
f82dc9 |
+ "RPCSEC/GSS credential too large - please use gssproxy\n");
|
|
NeilBrown |
f82dc9 |
}
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
static int rsi_parse(struct cache_detail *cd,
|
|
NeilBrown |
f82dc9 |
--- a/net/sunrpc/cache.c
|
|
NeilBrown |
f82dc9 |
+++ b/net/sunrpc/cache.c
|
|
NeilBrown |
f82dc9 |
@@ -770,7 +770,7 @@ static int cache_request(struct cache_de
|
|
NeilBrown |
f82dc9 |
|
|
NeilBrown |
f82dc9 |
detail->cache_request(detail, crq->item, &bp, &len;;
|
|
NeilBrown |
f82dc9 |
if (len < 0)
|
|
NeilBrown |
f82dc9 |
- return -EAGAIN;
|
|
NeilBrown |
f82dc9 |
+ return -E2BIG;
|
|
NeilBrown |
f82dc9 |
return PAGE_SIZE - len;
|
|
NeilBrown |
f82dc9 |
}
|
|
NeilBrown |
f82dc9 |
|