From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andy Adamson <andros@netapp.com>,
Trond Myklebust <Trond.Myklebust@netapp.com>,
Ben Hutchings <ben@decadent.org.uk>
Subject: [PATCH 3.4 14/39] SUNRPC handle EKEYEXPIRED in call_refreshresult
Date: Tue, 26 Nov 2013 16:56:38 -0800 [thread overview]
Message-ID: <20131127005620.032686297@linuxfoundation.org> (raw)
In-Reply-To: <20131127005619.011763867@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Adamson <andros@netapp.com>
commit eb96d5c97b0825d542e9c4ba5e0a22b519355166 upstream.
Currently, when an RPCSEC_GSS context has expired or is non-existent
and the users (Kerberos) credentials have also expired or are non-existent,
the client receives the -EKEYEXPIRED error and tries to refresh the context
forever. If an application is performing I/O, or other work against the share,
the application hangs, and the user is not prompted to refresh/establish their
credentials. This can result in a denial of service for other users.
Users are expected to manage their Kerberos credential lifetimes to mitigate
this issue.
Move the -EKEYEXPIRED handling into the RPC layer. Try tk_cred_retry number
of times to refresh the gss_context, and then return -EACCES to the application.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
[bwh: Backported to 3.2:
- Adjust context
- Drop change to nfs4_handle_reclaim_lease_error()]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs3proc.c | 6 +++---
fs/nfs/nfs4filelayout.c | 1 -
fs/nfs/nfs4proc.c | 18 ------------------
fs/nfs/nfs4state.c | 21 ---------------------
fs/nfs/proc.c | 43 -------------------------------------------
net/sunrpc/clnt.c | 1 +
6 files changed, 4 insertions(+), 86 deletions(-)
--- a/fs/nfs/nfs3proc.c
+++ b/fs/nfs/nfs3proc.c
@@ -24,14 +24,14 @@
#define NFSDBG_FACILITY NFSDBG_PROC
-/* A wrapper to handle the EJUKEBOX and EKEYEXPIRED error messages */
+/* A wrapper to handle the EJUKEBOX error messages */
static int
nfs3_rpc_wrapper(struct rpc_clnt *clnt, struct rpc_message *msg, int flags)
{
int res;
do {
res = rpc_call_sync(clnt, msg, flags);
- if (res != -EJUKEBOX && res != -EKEYEXPIRED)
+ if (res != -EJUKEBOX)
break;
freezable_schedule_timeout_killable(NFS_JUKEBOX_RETRY_TIME);
res = -ERESTARTSYS;
@@ -44,7 +44,7 @@ nfs3_rpc_wrapper(struct rpc_clnt *clnt,
static int
nfs3_async_handle_jukebox(struct rpc_task *task, struct inode *inode)
{
- if (task->tk_status != -EJUKEBOX && task->tk_status != -EKEYEXPIRED)
+ if (task->tk_status != -EJUKEBOX)
return 0;
if (task->tk_status == -EJUKEBOX)
nfs_inc_stats(inode, NFSIOS_DELAY);
--- a/fs/nfs/nfs4filelayout.c
+++ b/fs/nfs/nfs4filelayout.c
@@ -122,7 +122,6 @@ static int filelayout_async_handle_error
break;
case -NFS4ERR_DELAY:
case -NFS4ERR_GRACE:
- case -EKEYEXPIRED:
rpc_delay(task, FILELAYOUT_POLL_RETRY_MAX);
break;
case -NFS4ERR_RETRY_UNCACHED_REP:
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -319,7 +319,6 @@ static int nfs4_handle_exception(struct
}
case -NFS4ERR_GRACE:
case -NFS4ERR_DELAY:
- case -EKEYEXPIRED:
ret = nfs4_delay(server->client, &exception->timeout);
if (ret != 0)
break;
@@ -1352,13 +1351,6 @@ int nfs4_open_delegation_recall(struct n
nfs_inode_find_state_and_recover(state->inode,
stateid);
nfs4_schedule_stateid_recovery(server, state);
- case -EKEYEXPIRED:
- /*
- * User RPCSEC_GSS context has expired.
- * We cannot recover this stateid now, so
- * skip it and allow recovery thread to
- * proceed.
- */
case -ENOMEM:
err = 0;
goto out;
@@ -3924,7 +3916,6 @@ nfs4_async_handle_error(struct rpc_task
case -NFS4ERR_DELAY:
nfs_inc_server_stats(server, NFSIOS_DELAY);
case -NFS4ERR_GRACE:
- case -EKEYEXPIRED:
rpc_delay(task, NFS4_POLL_RETRY_MAX);
task->tk_status = 0;
return -EAGAIN;
@@ -4871,15 +4862,6 @@ int nfs4_lock_delegation_recall(struct n
nfs4_schedule_stateid_recovery(server, state);
err = 0;
goto out;
- case -EKEYEXPIRED:
- /*
- * User RPCSEC_GSS context has expired.
- * We cannot recover this stateid now, so
- * skip it and allow recovery thread to
- * proceed.
- */
- err = 0;
- goto out;
case -ENOMEM:
case -NFS4ERR_DENIED:
/* kill_proc(fl->fl_pid, SIGLOST, 1); */
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1298,14 +1298,6 @@ restart:
/* Mark the file as being 'closed' */
state->state = 0;
break;
- case -EKEYEXPIRED:
- /*
- * User RPCSEC_GSS context has expired.
- * We cannot recover this stateid now, so
- * skip it and allow recovery thread to
- * proceed.
- */
- break;
case -NFS4ERR_ADMIN_REVOKED:
case -NFS4ERR_STALE_STATEID:
case -NFS4ERR_BAD_STATEID:
@@ -1458,14 +1450,6 @@ static void nfs4_state_start_reclaim_nog
nfs4_state_mark_reclaim_helper(clp, nfs4_state_mark_reclaim_nograce);
}
-static void nfs4_warn_keyexpired(const char *s)
-{
- printk_ratelimited(KERN_WARNING "Error: state manager"
- " encountered RPCSEC_GSS session"
- " expired against NFSv4 server %s.\n",
- s);
-}
-
static int nfs4_recovery_handle_error(struct nfs_client *clp, int error)
{
switch (error) {
@@ -1497,10 +1481,6 @@ static int nfs4_recovery_handle_error(st
set_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state);
/* Zero session reset errors */
break;
- case -EKEYEXPIRED:
- /* Nothing we can do */
- nfs4_warn_keyexpired(clp->cl_hostname);
- break;
default:
return error;
}
@@ -1745,7 +1725,6 @@ static void nfs4_set_lease_expired(struc
break;
case -EKEYEXPIRED:
- nfs4_warn_keyexpired(clp->cl_hostname);
case -NFS4ERR_NOT_SAME: /* FixMe: implement recovery
* in nfs4_exchange_id */
default:
--- a/fs/nfs/proc.c
+++ b/fs/nfs/proc.c
@@ -47,39 +47,6 @@
#define NFSDBG_FACILITY NFSDBG_PROC
/*
- * wrapper to handle the -EKEYEXPIRED error message. This should generally
- * only happen if using krb5 auth and a user's TGT expires. NFSv2 doesn't
- * support the NFSERR_JUKEBOX error code, but we handle this situation in the
- * same way that we handle that error with NFSv3.
- */
-static int
-nfs_rpc_wrapper(struct rpc_clnt *clnt, struct rpc_message *msg, int flags)
-{
- int res;
- do {
- res = rpc_call_sync(clnt, msg, flags);
- if (res != -EKEYEXPIRED)
- break;
- freezable_schedule_timeout_killable(NFS_JUKEBOX_RETRY_TIME);
- res = -ERESTARTSYS;
- } while (!fatal_signal_pending(current));
- return res;
-}
-
-#define rpc_call_sync(clnt, msg, flags) nfs_rpc_wrapper(clnt, msg, flags)
-
-static int
-nfs_async_handle_expired_key(struct rpc_task *task)
-{
- if (task->tk_status != -EKEYEXPIRED)
- return 0;
- task->tk_status = 0;
- rpc_restart_call(task);
- rpc_delay(task, NFS_JUKEBOX_RETRY_TIME);
- return 1;
-}
-
-/*
* Bare-bones access to getattr: this is for nfs_read_super.
*/
static int
@@ -365,8 +332,6 @@ static void nfs_proc_unlink_rpc_prepare(
static int nfs_proc_unlink_done(struct rpc_task *task, struct inode *dir)
{
- if (nfs_async_handle_expired_key(task))
- return 0;
nfs_mark_for_revalidate(dir);
return 1;
}
@@ -386,8 +351,6 @@ static int
nfs_proc_rename_done(struct rpc_task *task, struct inode *old_dir,
struct inode *new_dir)
{
- if (nfs_async_handle_expired_key(task))
- return 0;
nfs_mark_for_revalidate(old_dir);
nfs_mark_for_revalidate(new_dir);
return 1;
@@ -641,9 +604,6 @@ nfs_proc_pathconf(struct nfs_server *ser
static int nfs_read_done(struct rpc_task *task, struct nfs_read_data *data)
{
- if (nfs_async_handle_expired_key(task))
- return -EAGAIN;
-
nfs_invalidate_atime(data->inode);
if (task->tk_status >= 0) {
nfs_refresh_inode(data->inode, data->res.fattr);
@@ -668,9 +628,6 @@ static void nfs_proc_read_rpc_prepare(st
static int nfs_write_done(struct rpc_task *task, struct nfs_write_data *data)
{
- if (nfs_async_handle_expired_key(task))
- return -EAGAIN;
-
if (task->tk_status >= 0)
nfs_post_op_update_inode_force_wcc(data->inode, data->res.fattr);
return 0;
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1336,6 +1336,7 @@ call_refreshresult(struct rpc_task *task
return;
case -ETIMEDOUT:
rpc_delay(task, 3*HZ);
+ case -EKEYEXPIRED:
case -EAGAIN:
status = -EACCES;
if (!task->tk_cred_retry)
next prev parent reply other threads:[~2013-11-27 2:05 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-27 0:56 [PATCH 3.4 00/39] 3.4.71-stable review Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 01/39] vfs,proc: guarantee unique inodes in /proc Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 02/39] nfs: dont allow nfs_find_actor to match inodes of the wrong type Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 03/39] libertas: potential oops in debugfs Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 04/39] aacraid: prevent invalid pointer dereference Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 05/39] ACPICA: Interpreter: Fix Store() when implicit conversion is not possible Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 06/39] ACPICA: DeRefOf operator: Update to fully resolve FieldUnit and BufferField refs Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 07/39] ACPICA: Return error if DerefOf resolves to a null package element Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 08/39] ACPICA: Fix for a Store->ArgX when ArgX contains a reference to a field Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 09/39] USB: mos7840: fix tiocmget error handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 10/39] crypto: ansi_cprng - Fix off by one error in non-block size request Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 11/39] can: c_can: Fix RX message handling, handle lost message before EOB Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 12/39] 8139cp: re-enable interrupts after tx timeout Greg Kroah-Hartman
2013-11-27 0:56 ` Greg Kroah-Hartman [this message]
2013-11-27 0:56 ` [PATCH 3.4 15/39] SUNRPC: dont map EKEYEXPIRED to EACCES in call_refreshresult Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 16/39] Nest rename_lock inside vfsmount_lock Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 17/39] exec: do not abuse ->cred_guard_mutex in threadgroup_lock() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 18/39] include/linux/fs.h: disable preempt when acquire i_size_seqcount write lock Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 19/39] perf/ftrace: Fix paranoid level for enabling function tracer Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 20/39] rt2x00: check if device is still available on rt2x00mac_flush() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 21/39] Revert "ima: policy for RAMFS" Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 22/39] exec/ptrace: fix get_dumpable() incorrect tests Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 23/39] ALSA: 6fire: Fix probe of multiple cards Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 24/39] ALSA: msnd: Avoid duplicated driver name Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 25/39] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 26/39] nfsd: split up nfsd_setattr Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 27/39] nfsd: make sure to balance get/put_write_access Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 28/39] x86/microcode/amd: Tone down printk(), dont treat a missing firmware file as an error Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 29/39] hwmon: (lm90) Fix max6696 alarm handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 30/39] block: fix race between request completion and timeout handling Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 31/39] block: fix a probe argument to blk_register_region Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 32/39] block: properly stack underlying max_segment_size to DM device Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 33/39] powerpc/vio: use strcpy in modalias_show Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 34/39] powerpc/powernv: Add PE to its own PELTV Greg Kroah-Hartman
2013-11-27 0:56 ` [PATCH 3.4 35/39] powerpc/signals: Mark VSX not saved with small contexts Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 36/39] SUNRPC: Fix a data corruption issue when retransmitting RPC calls Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 37/39] rt2800usb: slow down TX status polling Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 38/39] configfs: fix race between dentry put and lookup Greg Kroah-Hartman
2013-11-27 0:57 ` [PATCH 3.4 39/39] cris: media platform drivers: fix build Greg Kroah-Hartman
2013-11-27 4:14 ` [PATCH 3.4 00/39] 3.4.71-stable review Guenter Roeck
2013-11-27 22:29 ` Shuah Khan
2013-11-28 10:54 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131127005620.032686297@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Trond.Myklebust@netapp.com \
--cc=andros@netapp.com \
--cc=ben@decadent.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).