From: Scott Mayhew <smayhew@redhat.com>
To: libtirpc-devel@lists.sourceforge.net
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH] libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Date: Thu, 4 Mar 2021 14:19:55 -0500 [thread overview]
Message-ID: <20210304191955.1928383-1-smayhew@redhat.com> (raw)
Disallow calling auth_refresh from clnt_{dg,vc}_call if the client is
using RPCSEC_GSS. Doing so can recurse back into clnt_{dg,vc}_call,
where we'll self-deadlock waiting on the condition variable.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
---
src/auth_gss.c | 6 ++++++
src/clnt_dg.c | 8 ++++++++
src/clnt_vc.c | 9 +++++++++
tirpc/rpc/auth_gss.h | 2 ++
4 files changed, 25 insertions(+)
diff --git a/src/auth_gss.c b/src/auth_gss.c
index d871672..e317664 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -982,3 +982,9 @@ rpc_gss_max_data_length(AUTH *auth, int maxlen)
rpc_gss_clear_error();
return result;
}
+
+bool_t
+is_authgss_client(CLIENT *clnt)
+{
+ return (clnt->cl_auth->ah_ops == &authgss_ops);
+}
diff --git a/src/clnt_dg.c b/src/clnt_dg.c
index abc09f1..e1255de 100644
--- a/src/clnt_dg.c
+++ b/src/clnt_dg.c
@@ -61,6 +61,9 @@
#include <sys/uio.h>
#endif
+#ifdef HAVE_RPCSEC_GSS
+#include <rpc/auth_gss.h>
+#endif
#define MAX_DEFAULT_FDS 20000
@@ -334,6 +337,11 @@ clnt_dg_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout)
salen = cu->cu_rlen;
}
+#ifdef HAVE_RPCSEC_GSS
+ if (is_authgss_client(cl))
+ nrefreshes = 0;
+#endif
+
/* Clean up in case the last call ended in a longjmp(3) call. */
call_again:
xdrs = &(cu->cu_outxdrs);
diff --git a/src/clnt_vc.c b/src/clnt_vc.c
index 6f7f7da..a07e297 100644
--- a/src/clnt_vc.c
+++ b/src/clnt_vc.c
@@ -69,6 +69,10 @@
#include "rpc_com.h"
#include "clnt_fd_locks.h"
+#ifdef HAVE_RPCSEC_GSS
+#include <rpc/auth_gss.h>
+#endif
+
#define MCALL_MSG_SIZE 24
#define CMGROUP_MAX 16
@@ -363,6 +367,11 @@ clnt_vc_call(cl, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout)
(xdr_results == NULL && timeout.tv_sec == 0
&& timeout.tv_usec == 0) ? FALSE : TRUE;
+#ifdef HAVE_RPCSEC_GSS
+ if (is_authgss_client(cl))
+ refreshes = 0;
+#endif
+
call_again:
xdrs->x_op = XDR_ENCODE;
ct->ct_error.re_status = RPC_SUCCESS;
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
index 5316ed6..f2af6e9 100644
--- a/tirpc/rpc/auth_gss.h
+++ b/tirpc/rpc/auth_gss.h
@@ -120,6 +120,8 @@ void gss_log_debug (const char *fmt, ...);
void gss_log_status (char *m, OM_uint32 major, OM_uint32 minor);
void gss_log_hexdump (const u_char *buf, int len, int offset);
+bool_t is_authgss_client (CLIENT *);
+
#ifdef __cplusplus
}
#endif
--
2.25.4
next reply other threads:[~2021-03-04 19:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-04 19:19 Scott Mayhew [this message]
2021-03-04 19:30 ` [PATCH] libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Scott Mayhew
2021-03-15 21:43 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210304191955.1928383-1-smayhew@redhat.com \
--to=smayhew@redhat.com \
--cc=libtirpc-devel@lists.sourceforge.net \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).