| From 2ba5acfb34957e8a7fe47cd78c77ca88e9cc2b03 Mon Sep 17 00:00:00 2001 |
| From: "J. Bruce Fields" <bfields@redhat.com> |
| Date: Fri, 1 Oct 2021 09:59:21 -0400 |
| Subject: SUNRPC: fix sign error causing rpcsec_gss drops |
| |
| From: J. Bruce Fields <bfields@redhat.com> |
| |
| commit 2ba5acfb34957e8a7fe47cd78c77ca88e9cc2b03 upstream. |
| |
| If sd_max is unsigned, then sd_max - GSS_SEQ_WIN is a very large number |
| whenever sd_max is less than GSS_SEQ_WIN, and the comparison: |
| |
| seq_num <= sd->sd_max - GSS_SEQ_WIN |
| |
| in gss_check_seq_num is pretty much always true, even when that's |
| clearly not what was intended. |
| |
| This was causing pynfs to hang when using krb5, because pynfs uses zero |
| as the initial gss sequence number. That's perfectly legal, but this |
| logic error causes knfsd to drop the rpc in that case. Out-of-order |
| sequence IDs in the first GSS_SEQ_WIN (128) calls will also cause this. |
| |
| Fixes: 10b9d99a3dbb ("SUNRPC: Augment server-side rpcgss tracepoints") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: J. Bruce Fields <bfields@redhat.com> |
| Signed-off-by: Chuck Lever <chuck.lever@oracle.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/sunrpc/auth_gss/svcauth_gss.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/net/sunrpc/auth_gss/svcauth_gss.c |
| +++ b/net/sunrpc/auth_gss/svcauth_gss.c |
| @@ -643,7 +643,7 @@ static bool gss_check_seq_num(const stru |
| } |
| __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win); |
| goto ok; |
| - } else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) { |
| + } else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) { |
| goto toolow; |
| } |
| if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win)) |
