From: Jeff Layton <jlayton@primarydata.com>
To: trond.myklebust@primarydata.com
Cc: bfields@fieldses.org, hch@infradead.org,
linux-nfs@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Paul McKenney <paulmck@linux.vnet.ibm.com>
Subject: [PATCH v2 2/5] sunrpc: fix RCU handling of gc_ctx field
Date: Wed, 16 Jul 2014 06:52:19 -0400 [thread overview]
Message-ID: <1405507942-12256-3-git-send-email-jlayton@primarydata.com> (raw)
In-Reply-To: <1405507942-12256-1-git-send-email-jlayton@primarydata.com>
The handling of the gc_ctx pointer only seems to be partially RCU-safe.
The assignment and freeing are done using RCU, but many places in the
code seem to dereference that pointer without proper RCU safeguards.
Fix them to use rcu_dereference and to rcu_read_lock/unlock, and to
properly handle the case where the pointer is NULL.
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
---
net/sunrpc/auth_gss/auth_gss.c | 52 ++++++++++++++++++++++++++++--------------
1 file changed, 35 insertions(+), 17 deletions(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 73854314fb85..afb292cd797d 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -183,8 +183,9 @@ gss_cred_get_ctx(struct rpc_cred *cred)
struct gss_cl_ctx *ctx = NULL;
rcu_read_lock();
- if (gss_cred->gc_ctx)
- ctx = gss_get_ctx(gss_cred->gc_ctx);
+ ctx = rcu_dereference(gss_cred->gc_ctx);
+ if (ctx)
+ gss_get_ctx(ctx);
rcu_read_unlock();
return ctx;
}
@@ -1207,13 +1208,13 @@ gss_destroying_context(struct rpc_cred *cred)
{
struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
+ struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
struct rpc_task *task;
- if (gss_cred->gc_ctx == NULL ||
- test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
+ if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
return 0;
- gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
+ ctx->gc_proc = RPC_GSS_PROC_DESTROY;
cred->cr_ops = &gss_nullops;
/* Take a reference to ensure the cred will be destroyed either
@@ -1274,7 +1275,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
{
struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
- struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
+ struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
call_rcu(&cred->cr_rcu, gss_free_cred_callback);
@@ -1349,20 +1350,30 @@ gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
static char *
gss_stringify_acceptor(struct rpc_cred *cred)
{
- char *string;
+ char *string = NULL;
struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
- struct xdr_netobj *acceptor = &gss_cred->gc_ctx->gc_acceptor;
+ struct gss_cl_ctx *ctx;
+ struct xdr_netobj *acceptor;
+
+ rcu_read_lock();
+ ctx = rcu_dereference(gss_cred->gc_ctx);
+ if (!ctx)
+ goto out;
+
+ acceptor = &ctx->gc_acceptor;
/* no point if there's no string */
if (!acceptor->len)
- return NULL;
+ goto out;
string = kmalloc(acceptor->len + 1, GFP_KERNEL);
if (!string)
- return string;
+ goto out;
memcpy(string, acceptor->data, acceptor->len);
string[acceptor->len] = '\0';
+out:
+ rcu_read_unlock();
return string;
}
@@ -1374,15 +1385,16 @@ static int
gss_key_timeout(struct rpc_cred *rc)
{
struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
+ struct gss_cl_ctx *ctx;
unsigned long now = jiffies;
unsigned long expire;
- if (gss_cred->gc_ctx == NULL)
- return -EACCES;
-
- expire = gss_cred->gc_ctx->gc_expiry - (gss_key_expire_timeo * HZ);
-
- if (time_after(now, expire))
+ rcu_read_lock();
+ ctx = rcu_dereference(gss_cred->gc_ctx);
+ if (ctx)
+ expire = ctx->gc_expiry - (gss_key_expire_timeo * HZ);
+ rcu_read_unlock();
+ if (!ctx || time_after(now, expire))
return -EACCES;
return 0;
}
@@ -1391,13 +1403,19 @@ static int
gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
{
struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
+ struct gss_cl_ctx *ctx;
int ret;
if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
goto out;
/* Don't match with creds that have expired. */
- if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
+ rcu_read_lock();
+ ctx = rcu_dereference(gss_cred->gc_ctx);
+ if (!ctx || time_after(jiffies, ctx->gc_expiry)) {
+ rcu_read_unlock();
return 0;
+ }
+ rcu_read_unlock();
if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
return 0;
out:
--
1.9.3
next prev parent reply other threads:[~2014-07-16 10:52 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-14 1:57 [PATCH 0/7] sunrpc: sparse warning cleanups Jeff Layton
2014-07-14 1:57 ` [PATCH 1/7] sunrpc: remove __rcu annotation from struct gss_cl_ctx->gc_gss_ctx Jeff Layton
2014-07-14 14:23 ` Arnd Bergmann
2014-07-14 15:02 ` Jeff Layton
2014-07-14 15:29 ` Arnd Bergmann
2014-07-14 1:57 ` [PATCH 2/7] sunrpc: fix RCU handling of gc_ctx field Jeff Layton
2014-07-14 1:57 ` [PATCH 3/7] sunrpc: clean up endianness warnings in setup_token Jeff Layton
2014-07-15 17:08 ` Christoph Hellwig
2014-07-15 17:32 ` Jeff Layton
2014-07-14 1:57 ` [PATCH 4/7] sunrpc: xdr_get_next_encode_buffer can be static Jeff Layton
2014-07-15 17:02 ` Christoph Hellwig
2014-07-15 17:17 ` Jeff Layton
2014-07-14 1:57 ` [PATCH 5/7] sunrpc: clean up sparse endianness warnings in gss_krb5_seal.c Jeff Layton
2014-07-15 17:03 ` Christoph Hellwig
2014-07-14 1:57 ` [PATCH 6/7] sunrpc: clean up sparse endianness warnings in gss_krb5_wrap.c Jeff Layton
2014-07-15 17:04 ` Christoph Hellwig
2014-07-15 17:36 ` Jeff Layton
2014-07-16 8:13 ` Christoph Hellwig
2014-07-14 1:57 ` [PATCH 7/7] sunrpc: remove "ec" argument from encrypt_v2 operation Jeff Layton
2014-07-15 17:05 ` Christoph Hellwig
2014-07-15 17:33 ` Jeff Layton
2014-07-16 10:52 ` [PATCH v2 0/5] sunrpc: sparse warning cleanups Jeff Layton
2014-07-16 10:52 ` [PATCH v2 1/5] sunrpc: remove __rcu annotation from struct gss_cl_ctx->gc_gss_ctx Jeff Layton
2014-07-16 10:52 ` Jeff Layton [this message]
2014-07-16 10:52 ` [PATCH v2 3/5] sunrpc: clean up sparse endianness warnings in gss_krb5_seal.c Jeff Layton
2014-07-16 10:52 ` [PATCH v2 4/5] sunrpc: clean up sparse endianness warnings in gss_krb5_wrap.c Jeff Layton
2014-07-16 10:52 ` [PATCH v2 5/5] sunrpc: remove "ec" argument from encrypt_v2 operation Jeff Layton
2014-07-30 17:56 ` [PATCH v2 0/5] sunrpc: sparse warning cleanups Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1405507942-12256-3-git-send-email-jlayton@primarydata.com \
--to=jlayton@primarydata.com \
--cc=arnd@arndb.de \
--cc=bfields@fieldses.org \
--cc=hch@infradead.org \
--cc=linux-nfs@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).