From: Simo Sorce <simo@redhat.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: "J. Bruce Fields" <bfields@redhat.com>, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 2/4] svcrpc: fix error-handling on badd gssproxy downcall
Date: Thu, 10 Oct 2013 16:45:52 -0400 [thread overview]
Message-ID: <1381437952.2684.64.camel@willson.li.ssimo.org> (raw)
In-Reply-To: <20131010192315.GA7463@fieldses.org>
On Thu, 2013-10-10 at 15:23 -0400, J. Bruce Fields wrote:
> On Thu, Oct 10, 2013 at 11:37:12AM -0400, Simo Sorce wrote:
> > On Thu, 2013-10-10 at 11:15 -0400, J. Bruce Fields wrote:
> > > From: "J. Bruce Fields" <bfields@redhat.com>
> > >
> > > For every other problem here we bail out with an error, but here for
> > > some reason we're setting a negative cache entry (with, note, an
> > > undefined expiry).
> > >
> > > It seems simplest just to bail out in the same way as we do in other
> > > cases.
> > >
> > > Cc: Simo Sorce <simo@redhat.com>
> > > Reported-by: Andi Kleen <andi@firstfloor.org>
> > > Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> > > ---
> > > net/sunrpc/auth_gss/svcauth_gss.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
> > > index 09fb638..008cdad 100644
> > > --- a/net/sunrpc/auth_gss/svcauth_gss.c
> > > +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> > > @@ -1167,8 +1167,8 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
> > > if (!ud->found_creds) {
> > > /* userspace seem buggy, we should always get at least a
> > > * mapping to nobody */
> > > - dprintk("RPC: No creds found, marking Negative!\n");
> > > - set_bit(CACHE_NEGATIVE, &rsci.h.flags);
> > > + dprintk("RPC: No creds found!\n");
> > > + goto out;
> > > } else {
> > >
> > > /* steal creds */
> >
> > IIRC, we are doing this to avoid rapid upcall loops in the kernel, where
> > we keep hammering upcalls out and keep getting an error back.
>
> Looks like returning an error instead results in closing the connection
> to the client, so, depends how the client replies I guess.
>
> In any case I don't see why we'd treat this particular gss-proxy bug
> differently than we would any other (like, say, passing down bad xdr, or
> a gss context that we can't import).
Uhmm I did not recall that, I guess the change is ok then.
Simo.
> --b.
>
> > I am not sure it is wise to not set a temp negative cache here.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Simo Sorce * Red Hat, Inc * New York
next prev parent reply other threads:[~2013-10-10 20:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-10 15:14 miscellaneous gss-proxy & krb5 fixes for 3.13 J. Bruce Fields
2013-10-10 15:15 ` [PATCH 1/4] svcrpc: fix gss-proxy NULL dereference in some error cases J. Bruce Fields
2013-10-10 15:35 ` Simo Sorce
2013-10-10 15:15 ` [PATCH 2/4] svcrpc: fix error-handling on badd gssproxy downcall J. Bruce Fields
2013-10-10 15:37 ` Simo Sorce
2013-10-10 19:23 ` J. Bruce Fields
2013-10-10 20:45 ` Simo Sorce [this message]
2013-10-11 13:55 ` J. Bruce Fields
2013-10-10 15:15 ` [PATCH 3/4] svcrpc: handle some gssproxy encoding errors J. Bruce Fields
2013-10-10 15:15 ` [PATCH 4/4] gss_krb5: document that we ignore sequence number J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1381437952.2684.64.camel@willson.li.ssimo.org \
--to=simo@redhat.com \
--cc=bfields@fieldses.org \
--cc=bfields@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.