From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andy Adamson <andros@netapp.com>,
Trond Myklebust <Trond.Myklebust@netapp.com>,
Ben Hutchings <ben@decadent.org.uk>
Subject: [PATCH 3.4 14/39] SUNRPC handle EKEYEXPIRED in call_refreshresult
Date: Tue, 26 Nov 2013 16:56:38 -0800 [thread overview]
Message-ID: <20131127005620.032686297@linuxfoundation.org> (raw)
In-Reply-To: <20131127005619.011763867@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Adamson <andros@netapp.com>
commit eb96d5c97b0825d542e9c4ba5e0a22b519355166 upstream.
Currently, when an RPCSEC_GSS context has expired or is non-existent
and the users (Kerberos) credentials have also expired or are non-existent,
the client receives the -EKEYEXPIRED error and tries to refresh the context
forever. If an application is performing I/O, or other work against the share,
the application hangs, and the user is not prompted to refresh/establish their
credentials. This can result in a denial of service for other users.
Users are expected to manage their Kerberos credential lifetimes to mitigate
this issue.
Move the -EKEYEXPIRED handling into the RPC layer. Try tk_cred_retry number
of times to refresh the gss_context, and then return -EACCES to the application.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
[bwh: Backported to 3.2:
- Adjust context
- Drop change to nfs4_handle_reclaim_lease_error()]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs3proc.c | 6 +++---
fs/nfs/nfs4filelayout.c | 1 -
fs/nfs/nfs4proc.c | 18 ------------------
fs/nfs/nfs4state.c | 21 ---------------------
fs/nfs/proc.c | 43 -------------------------------------------
net/sunrpc/clnt.c | 1 +
6 files changed, 4 insertions(+), 86 deletions(-)
--- a/fs/nfs/nfs3proc.c
+++ b/fs/nfs/nfs3proc.c
@@ -24,14 +24,14 @@
#define NFSDBG_FACILITY NFSDBG_PROC
-/* A wrapper to handle the EJUKEBOX and EKEYEXPIRED error messages */
+/* A wrapper to handle the EJUKEBOX error messages */
static int
nfs3_rpc_wrapper(struct rpc_clnt *clnt, struct rpc_message *msg, int flags)
{
int res;
do {
res = rpc_call_sync(clnt, msg, flags);
- if (res != -EJUKEBOX && res != -EKEYEXPIRED)
+ if (res != -EJUKEBOX)
break;
freezable_schedule_timeout_killable(NFS_JUKEBOX_RETRY_TIME);
res = -ERESTARTSYS;
@@ -44,7 +44,7 @@ nfs3_rpc_wrapper(struct rpc_clnt *clnt,
static int
nfs3_async_handle_jukebox(struct rpc_task *task, struct inode *inode)
{
- if (task->tk_status != -EJUKEBOX && task->tk_status != -EKEYEXPIRED)
+ if (task->tk_status != -EJUKEBOX)
return 0;
if (task->tk_status == -EJUKEBOX)
nfs_inc_stats(inode, NFSIOS_DELAY);
--- a/fs/nfs/nfs4filelayout.c
+++ b/fs/nfs/nfs4filelayout.c
@@ -122,7 +122,6 @@ static int filelayout_async_handle_error
break;
case -NFS4ERR_DELAY:
case -NFS4ERR_GRACE:
- case -EKEYEXPIRED:
rpc_delay(task, FILELAYOUT_POLL_RETRY_MAX);
break;
case -NFS4ERR_RETRY_UNCACHED_REP:
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -319,7 +319,6 @@ static int nfs4_handle_exception(struct
}
case -NFS4ERR_GRACE:
case -NFS4ERR_DELAY:
- case -EKEYEXPIRED:
ret = nfs4_delay(server->client, &exception->timeout);
if (ret != 0)
break;
@@ -1352,13 +1351,6 @@ int nfs4_open_delegation_recall(struct n
nfs_inode_find_state_and_recover(state->inode,
stateid);
nfs4_schedule_stateid_recovery(server, state);
- case -EKEYEXPIRED:
- /*
- * User RPCSEC_GSS context has expired.
- * We cannot recover this stateid now, so
- * skip it and allow recovery thread to
- * proceed.
- */
case -ENOMEM:
err = 0;
goto out;
@@ -3924,7 +3916,6 @@ nfs4_async_handle_error(struct rpc_task
case -NFS4ERR_DELAY:
nfs_inc_server_stats(server, NFSIOS_DELAY);
case -NFS4ERR_GRACE:
- case -EKEYEXPIRED:
rpc_delay(task, NFS4_POLL_RETRY_MAX);
task->tk_status = 0;
return -EAGAIN;
@@ -4871,15 +4862,6 @@ int nfs4_lock_delegation_recall(struct n
nfs4_schedule_stateid_recovery(server, state);
err = 0;
goto out;
- case -EKEYEXPIRED:
- /*
- * User RPCSEC_GSS context has expired.
- * We cannot recover this stateid now, so
- * skip it and allow recovery thread to
- * proceed.
- */
- err = 0;
- goto out;
case -ENOMEM:
case -NFS4ERR_DENIED:
/* kill_proc(fl->fl_pid, SIGLOST, 1); */
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1298,14 +1298,6 @@ restart:
/* Mark the file as being 'closed' */
state->state = 0;
break;
- case -EKEYEXPIRED:
- /*
- * User RPCSEC_GSS context has expired.
- * We cannot recover this stateid now, so
- * skip it and allow recovery thread to
- * proceed.
- */
- break;
case -NFS4ERR_ADMIN_REVOKED:
case -NFS4ERR_STALE_STATEID:
case -NFS4ERR_BAD_STATEID:
@@ -1458,14 +1450,6 @@ static void nfs4_state_start_reclaim_nog
nfs4_state_mark_reclaim_helper(clp, nfs4_state_mark_reclaim_nograce);
}
-static void nfs4_warn_keyexpired(const char *s)
-{
- printk_ratelimited(KERN_WARNING "Error: state manager"
- " encountered RPCSEC_GSS session"
- " expired against NFSv4 server %s.\n",
- s);
-}
-
static int nfs4_recovery_handle_error(struct nfs_client *clp, int error)
{
switch (error) {
@@ -1497,10 +1481,6 @@ static int nfs4_recovery_handle_error(st
set_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state);
/* Zero session reset errors */
break;
- case -EKEYEXPIRED:
- /* Nothing we can do */
- nfs4_warn_keyexpired(clp->cl_hostname);
- break;
default:
return error;
}
@@ -1745,7 +1725,6 @@ static void nfs4_set_lease_expired(struc
break;
case -EKEYEXPIRED:
- nfs4_warn_keyexpired(clp->cl_hostname);
case -NFS4ERR_NOT_SAME: /* FixMe: implement recovery
* in nfs4_exchange_id */
default:
--- a/fs/nfs/proc.c
+++ b/fs/nfs/proc.c
@@ -47,39 +47,6 @@
#define NFSDBG_FACILITY NFSDBG_PROC
/*
- * wrapper to handle the -EKEYEXPIRED error message. This should generally
- * only happen if using krb5 auth and a user's TGT expires. NFSv2 doesn't
- * support the NFSERR_JUKEBOX error code, but we handle this situation in the
- * same way that we handle that error with NFSv3.
- */
-static int
-nfs_rpc_wrapper(struct rpc_clnt *clnt, struct rpc_message *msg, int flags)
-{
- int res;
- do {
- res = rpc_call_sync(clnt, msg, flags);
- if (res != -EKEYEXPIRED)
- break;
- freezable_schedule_timeout_killable(NFS_JUKEBOX_RETRY_TIME);
- res = -ERESTARTSYS;
- } while (!fatal_signal_pending(current));
- return res;
-}
-
-#define rpc_call_sync(clnt, msg, flags) nfs_rpc_wrapper(clnt, msg, flags)
-
-static int
-nfs_async_handle_expired_key(struct rpc_task *task)
-{
- if (task->tk_status != -EKEYEXPIRED)
- return 0;
- task->tk_status = 0;
- rpc_restart_call(task);
- rpc_delay(task, NFS_JUKEBOX_RETRY_TIME);
- return 1;
-}
-
-/*
* Bare-bones access to getattr: this is for nfs_read_super.
*/
static int
@@ -365,8 +332,6 @@ static void nfs_proc_unlink_rpc_prepare(
static int nfs_proc_unlink_done(struct rpc_task *task, struct inode *dir)
{
- if (nfs_async_handle_expired_key(task))
- return 0;
nfs_mark_for_revalidate(dir);
return 1;
}
@@ -386,8 +351,6 @@ static int
nfs_proc_rename_done(struct rpc_task *task, struct inode *old_dir,
struct inode *new_dir)
{
- if (nfs_async_handle_expired_key(task))
- return 0;
nfs_mark_for_revalidate(old_dir);
nfs_mark_for_revalidate(new_dir);
return 1;
@@ -641,9 +604,6 @@ nfs_proc_pathconf(struct nfs_server *ser
static int nfs_read_done(struct rpc_task *task, struct nfs_read_data *data)
{
- if (nfs_async_handle_expired_key(task))
- return -EAGAIN;
-
nfs_invalidate_atime(data->inode);
if (task->tk_status >= 0) {
nfs_refresh_inode(data->inode, data->res.fattr);
@@ -668,9 +628,6 @@ static void nfs_proc_read_rpc_prepare(st
static int nfs_write_done(struct rpc_task *task, struct nfs_write_data *data)
{
- if (nfs_async_handle_expired_key(task))
- return -EAGAIN;
-
if (task->tk_status >= 0)
nfs_post_op_update_inode_force_wcc(data->inode, data->res.fattr);
return 0;
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1336,6 +1336,7 @@ call_refreshresult(struct rpc_task *task
return;
case -ETIMEDOUT:
rpc_delay(task, 3*HZ);
+ case -EKEYEXPIRED:
case -EAGAIN:
status = -EACCES;
if (!task->tk_cred_retry)
next prev parent reply other threads:[~2013-11-27 2:05 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-27 0:56 [PATCH 3.4 00/39] 3.4.71-stable review Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 01/39] vfs,proc: guarantee unique inodes in /proc Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 02/39] nfs: dont allow nfs_find_actor to match inodes of the wrong type Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 03/39] libertas: potential oops in debugfs Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 04/39] aacraid: prevent invalid pointer dereference Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 05/39] ACPICA: Interpreter: Fix Store() when implicit conversion is not possible Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 06/39] ACPICA: DeRefOf operator: Update to fully resolve FieldUnit and BufferField refs Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 07/39] ACPICA: Return error if DerefOf resolves to a null package element Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 08/39] ACPICA: Fix for a Store->ArgX when ArgX contains a reference to a field Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 09/39] USB: mos7840: fix tiocmget error handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 10/39] crypto: ansi_cprng - Fix off by one error in non-block size request Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 11/39] can: c_can: Fix RX message handling, handle lost message before EOB Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 12/39] 8139cp: re-enable interrupts after tx timeout Greg Kroah-Hartman
2013-11-27 0:56 ` Greg Kroah-Hartman [this message]
2013-11-27 0:56 ` [PATCH 3.4 15/39] SUNRPC: dont map EKEYEXPIRED to EACCES in call_refreshresult Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 16/39] Nest rename_lock inside vfsmount_lock Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 17/39] exec: do not abuse ->cred_guard_mutex in threadgroup_lock() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 18/39] include/linux/fs.h: disable preempt when acquire i_size_seqcount write lock Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 19/39] perf/ftrace: Fix paranoid level for enabling function tracer Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 20/39] rt2x00: check if device is still available on rt2x00mac_flush() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 21/39] Revert "ima: policy for RAMFS" Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 22/39] exec/ptrace: fix get_dumpable() incorrect tests Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 23/39] ALSA: 6fire: Fix probe of multiple cards Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 24/39] ALSA: msnd: Avoid duplicated driver name Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 25/39] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 26/39] nfsd: split up nfsd_setattr Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 27/39] nfsd: make sure to balance get/put_write_access Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 28/39] x86/microcode/amd: Tone down printk(), dont treat a missing firmware file as an error Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 29/39] hwmon: (lm90) Fix max6696 alarm handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 30/39] block: fix race between request completion and timeout handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 31/39] block: fix a probe argument to blk_register_region Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 32/39] block: properly stack underlying max_segment_size to DM device Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 33/39] powerpc/vio: use strcpy in modalias_show Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 34/39] powerpc/powernv: Add PE to its own PELTV Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 35/39] powerpc/signals: Mark VSX not saved with small contexts Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 36/39] SUNRPC: Fix a data corruption issue when retransmitting RPC calls Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 37/39] rt2800usb: slow down TX status polling Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 38/39] configfs: fix race between dentry put and lookup Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 39/39] cris: media platform drivers: fix build Greg Kroah-Hartman
2013-11-27 4:14 ` [PATCH 3.4 00/39] 3.4.71-stable review Guenter Roeck
2013-11-27 22:29 ` Shuah Khan
2013-11-28 10:54 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131127005620.032686297@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Trond.Myklebust@netapp.com \
--cc=andros@netapp.com \
--cc=ben@decadent.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.