Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 155441 Details for
Bug 241341
Secure NFS cause RPC warnings
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Upstream Patch
rpc.patch (text/plain), 4.16 KB, created by
Steve Dickson
on 2007-05-25 10:28:50 UTC
(
hide
)
Description:
Upstream Patch
Filename:
MIME Type:
Creator:
Steve Dickson
Created:
2007-05-25 10:28:50 UTC
Size:
4.16 KB
patch
obsolete
>commit cd123012d99fde4759500fee611e724e4f3016e3 >Author: Jeff Layton <jlayton@redhat.com> >Date: Wed May 9 02:34:50 2007 -0700 > > RPC: add wrapper for svc_reserve to account for checksum > > When the kernel calls svc_reserve to downsize the expected size of an RPC > reply, it fails to account for the possibility of a checksum at the end of > the packet. If a client mounts a NFSv2/3 with sec=krb5i/p, and does I/O > then you'll generally see messages similar to this in the server's ring > buffer: > > RPC request reserved 164 but used 208 > > While I was never able to verify it, I suspect that this problem is also > the root cause of some oopses I've seen under these conditions: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227726 > > This is probably also a problem for other sec= types and for NFSv4. The > large reserved size for NFSv4 compound packets seems to generally paper > over the problem, however. > > This patch adds a wrapper for svc_reserve that accounts for the possibility > of a checksum. It also fixes up the appropriate callers of svc_reserve to > call the wrapper. For now, it just uses a hardcoded value that I > determined via testing. That value may need to be revised upward as things > change, or we may want to eventually add a new auth_op that attempts to > calculate this somehow. > > Unfortunately, there doesn't seem to be a good way to reliably determine > the expected checksum length prior to actually calculating it, particularly > with schemes like spkm3. > > Signed-off-by: Jeff Layton <jlayton@redhat.com> > Acked-by: Neil Brown <neilb@suse.de> > Cc: Trond Myklebust <trond.myklebust@fys.uio.no> > Acked-by: J. Bruce Fields <bfields@citi.umich.edu> > Signed-off-by: Andrew Morton <akpm@linux-foundation.org> > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > >diff --git a/fs/nfsd/nfs3proc.c b/fs/nfsd/nfs3proc.c >index 7f5bad0..eac8283 100644 >--- a/fs/nfsd/nfs3proc.c >+++ b/fs/nfsd/nfs3proc.c >@@ -177,7 +177,7 @@ nfsd3_proc_read(struct svc_rqst *rqstp, struct nfsd3_readargs *argp, > if (max_blocksize < resp->count) > resp->count = max_blocksize; > >- svc_reserve(rqstp, ((1 + NFS3_POST_OP_ATTR_WORDS + 3)<<2) + resp->count +4); >+ svc_reserve_auth(rqstp, ((1 + NFS3_POST_OP_ATTR_WORDS + 3)<<2) + resp->count +4); > > fh_copy(&resp->fh, &argp->fh); > nfserr = nfsd_read(rqstp, &resp->fh, NULL, >diff --git a/fs/nfsd/nfsproc.c b/fs/nfsd/nfsproc.c >index 5cc2eec..b2c7147 100644 >--- a/fs/nfsd/nfsproc.c >+++ b/fs/nfsd/nfsproc.c >@@ -155,7 +155,7 @@ nfsd_proc_read(struct svc_rqst *rqstp, struct nfsd_readargs *argp, > argp->count); > argp->count = NFSSVC_MAXBLKSIZE_V2; > } >- svc_reserve(rqstp, (19<<2) + argp->count + 4); >+ svc_reserve_auth(rqstp, (19<<2) + argp->count + 4); > > resp->count = argp->count; > nfserr = nfsd_read(rqstp, fh_copy(&resp->fh, &argp->fh), NULL, >diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h >index 35fa4d5..4a7ae8a 100644 >--- a/include/linux/sunrpc/svc.h >+++ b/include/linux/sunrpc/svc.h >@@ -396,4 +396,23 @@ char * svc_print_addr(struct svc_rqst *, char *, size_t); > > #define RPC_MAX_ADDRBUFLEN (63U) > >+/* >+ * When we want to reduce the size of the reserved space in the response >+ * buffer, we need to take into account the size of any checksum data that >+ * may be at the end of the packet. This is difficult to determine exactly >+ * for all cases without actually generating the checksum, so we just use a >+ * static value. >+ */ >+static inline void >+svc_reserve_auth(struct svc_rqst *rqstp, int space) >+{ >+ int added_space = 0; >+ >+ switch(rqstp->rq_authop->flavour) { >+ case RPC_AUTH_GSS: >+ added_space = RPC_MAX_AUTH_SIZE; >+ } >+ return svc_reserve(rqstp, space + added_space); >+} >+ > #endif /* SUNRPC_SVC_H */ >diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c >index b7503c1..e673ef9 100644 >--- a/net/sunrpc/svc.c >+++ b/net/sunrpc/svc.c >@@ -907,7 +907,7 @@ svc_process(struct svc_rqst *rqstp) > * better idea of reply size > */ > if (procp->pc_xdrressize) >- svc_reserve(rqstp, procp->pc_xdrressize<<2); >+ svc_reserve_auth(rqstp, procp->pc_xdrressize<<2); > > /* Call the function that processes the request. */ > if (!versp->vs_dispatch) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=155441">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 241341
: 155441