* [PATCH v1] SUNRPC: Augment server-side rpcgss tracepoints
@ 2020-06-22 20:57 Chuck Lever
2020-06-23 9:26 ` Dan Carpenter
0 siblings, 1 reply; 2+ messages in thread
From: Chuck Lever @ 2020-06-22 20:57 UTC (permalink / raw)
To: linux-nfs
Add similar tracepoints to those that were recently added on the
client side to track failures in the integ and priv unwrap paths.
And, let's collect the seqno-specific tracepoints together with a
common naming convention.
Regarding the gss_check_seq_num() changes: everywhere else treats
the GSS sequence number as an unsigned 32-bit integer. As far back
as 2.6.12, I couldn't find a compelling reason to do things
differently here. As a defensive change it's better to eliminate
needless implicit sign conversions.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
include/trace/events/rpcgss.h | 168 +++++++++++++++++++++++++++++++------
net/sunrpc/auth_gss/svcauth_gss.c | 117 +++++++++++++++++---------
net/sunrpc/auth_gss/trace.c | 3 +
3 files changed, 224 insertions(+), 64 deletions(-)
diff --git a/include/trace/events/rpcgss.h b/include/trace/events/rpcgss.h
index b9b51a4b1db1..ffdbe6f85da8 100644
--- a/include/trace/events/rpcgss.h
+++ b/include/trace/events/rpcgss.h
@@ -170,55 +170,144 @@ DECLARE_EVENT_CLASS(rpcgss_ctx_class,
DEFINE_CTX_EVENT(init);
DEFINE_CTX_EVENT(destroy);
+DECLARE_EVENT_CLASS(rpcgss_svc_gssapi_class,
+ TP_PROTO(
+ const struct svc_rqst *rqstp,
+ u32 maj_stat
+ ),
+
+ TP_ARGS(rqstp, maj_stat),
+
+ TP_STRUCT__entry(
+ __field(u32, xid)
+ __field(u32, maj_stat)
+ __string(addr, rqstp->rq_xprt->xpt_remotebuf)
+ ),
+
+ TP_fast_assign(
+ __entry->xid = __be32_to_cpu(rqstp->rq_xid);
+ __entry->maj_stat = maj_stat;
+ __assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
+ ),
+
+ TP_printk("addr=%s xid=0x%08x maj_stat=%s",
+ __get_str(addr), __entry->xid,
+ __entry->maj_stat == 0 ?
+ "GSS_S_COMPLETE" : show_gss_status(__entry->maj_stat))
+);
+
+#define DEFINE_SVC_GSSAPI_EVENT(name) \
+ DEFINE_EVENT(rpcgss_svc_gssapi_class, rpcgss_svc_##name, \
+ TP_PROTO( \
+ const struct svc_rqst *rqstp, \
+ u32 maj_stat \
+ ), \
+ TP_ARGS(rqstp, maj_stat))
+
+DEFINE_SVC_GSSAPI_EVENT(unwrap);
+DEFINE_SVC_GSSAPI_EVENT(mic);
+
+TRACE_EVENT(rpcgss_svc_unwrap_failed,
+ TP_PROTO(
+ const struct svc_rqst *rqstp
+ ),
+
+ TP_ARGS(rqstp),
+
+ TP_STRUCT__entry(
+ __field(u32, xid)
+ __string(addr, rqstp->rq_xprt->xpt_remotebuf)
+ ),
+
+ TP_fast_assign(
+ __entry->xid = be32_to_cpu(rqstp->rq_xid);
+ __assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
+ ),
+
+ TP_printk("addr=%s xid=0x%08x", __get_str(addr), __entry->xid)
+);
+
+TRACE_EVENT(rpcgss_svc_seqno_bad,
+ TP_PROTO(
+ const struct svc_rqst *rqstp,
+ u32 expected,
+ u32 received
+ ),
+
+ TP_ARGS(rqstp, expected, received),
+
+ TP_STRUCT__entry(
+ __field(u32, expected)
+ __field(u32, received)
+ __field(u32, xid)
+ __string(addr, rqstp->rq_xprt->xpt_remotebuf)
+ ),
+
+ TP_fast_assign(
+ __entry->expected = expected;
+ __entry->received = received;
+ __entry->xid = __be32_to_cpu(rqstp->rq_xid);
+ __assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
+ ),
+
+ TP_printk("addr=%s xid=0x%08x expected seqno %u, received seqno %u",
+ __get_str(addr), __entry->xid,
+ __entry->expected, __entry->received)
+);
+
TRACE_EVENT(rpcgss_svc_accept_upcall,
TP_PROTO(
- __be32 xid,
+ const struct svc_rqst *rqstp,
u32 major_status,
u32 minor_status
),
- TP_ARGS(xid, major_status, minor_status),
+ TP_ARGS(rqstp, major_status, minor_status),
TP_STRUCT__entry(
- __field(u32, xid)
__field(u32, minor_status)
__field(unsigned long, major_status)
+ __field(u32, xid)
+ __string(addr, rqstp->rq_xprt->xpt_remotebuf)
),
TP_fast_assign(
- __entry->xid = be32_to_cpu(xid);
__entry->minor_status = minor_status;
__entry->major_status = major_status;
+ __entry->xid = be32_to_cpu(rqstp->rq_xid);
+ __assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
),
- TP_printk("xid=0x%08x major_status=%s (0x%08lx) minor_status=%u",
- __entry->xid, __entry->major_status == 0 ? "GSS_S_COMPLETE" :
- show_gss_status(__entry->major_status),
+ TP_printk("addr=%s xid=0x%08x major_status=%s (0x%08lx) minor_status=%u",
+ __get_str(addr), __entry->xid,
+ (__entry->major_status == 0) ? "GSS_S_COMPLETE" :
+ show_gss_status(__entry->major_status),
__entry->major_status, __entry->minor_status
)
);
-TRACE_EVENT(rpcgss_svc_accept,
+TRACE_EVENT(rpcgss_svc_authenticate,
TP_PROTO(
- __be32 xid,
- size_t len
+ const struct svc_rqst *rqstp,
+ const struct rpc_gss_wire_cred *gc
),
- TP_ARGS(xid, len),
+ TP_ARGS(rqstp, gc),
TP_STRUCT__entry(
+ __field(u32, seqno)
__field(u32, xid)
- __field(size_t, len)
+ __string(addr, rqstp->rq_xprt->xpt_remotebuf)
),
TP_fast_assign(
- __entry->xid = be32_to_cpu(xid);
- __entry->len = len;
+ __entry->xid = be32_to_cpu(rqstp->rq_xid);
+ __entry->seqno = gc->gc_seq;
+ __assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
),
- TP_printk("xid=0x%08x len=%zu",
- __entry->xid, __entry->len
- )
+ TP_printk("addr=%s xid=0x%08x seqno=%u", __get_str(addr),
+ __entry->xid, __entry->seqno)
);
@@ -371,11 +460,11 @@ TRACE_EVENT(rpcgss_update_slack,
DECLARE_EVENT_CLASS(rpcgss_svc_seqno_class,
TP_PROTO(
- __be32 xid,
+ const struct svc_rqst *rqstp,
u32 seqno
),
- TP_ARGS(xid, seqno),
+ TP_ARGS(rqstp, seqno),
TP_STRUCT__entry(
__field(u32, xid)
@@ -383,25 +472,52 @@ DECLARE_EVENT_CLASS(rpcgss_svc_seqno_class,
),
TP_fast_assign(
- __entry->xid = be32_to_cpu(xid);
+ __entry->xid = be32_to_cpu(rqstp->rq_xid);
__entry->seqno = seqno;
),
- TP_printk("xid=0x%08x seqno=%u, request discarded",
+ TP_printk("xid=0x%08x seqno=%u",
__entry->xid, __entry->seqno)
);
#define DEFINE_SVC_SEQNO_EVENT(name) \
- DEFINE_EVENT(rpcgss_svc_seqno_class, rpcgss_svc_##name, \
+ DEFINE_EVENT(rpcgss_svc_seqno_class, rpcgss_svc_seqno_##name, \
TP_PROTO( \
- __be32 xid, \
+ const struct svc_rqst *rqstp, \
u32 seqno \
), \
- TP_ARGS(xid, seqno))
+ TP_ARGS(rqstp, seqno))
-DEFINE_SVC_SEQNO_EVENT(large_seqno);
-DEFINE_SVC_SEQNO_EVENT(old_seqno);
+DEFINE_SVC_SEQNO_EVENT(large);
+DEFINE_SVC_SEQNO_EVENT(seen);
+TRACE_EVENT(rpcgss_svc_seqno_low,
+ TP_PROTO(
+ const struct svc_rqst *rqstp,
+ u32 seqno,
+ u32 min,
+ u32 max
+ ),
+
+ TP_ARGS(rqstp, seqno, min, max),
+
+ TP_STRUCT__entry(
+ __field(u32, xid)
+ __field(u32, seqno)
+ __field(u32, min)
+ __field(u32, max)
+ ),
+
+ TP_fast_assign(
+ __entry->xid = be32_to_cpu(rqstp->rq_xid);
+ __entry->seqno = seqno;
+ __entry->min = min;
+ __entry->max = max;
+ ),
+
+ TP_printk("xid=0x%08x seqno=%u window=[%u..%u]",
+ __entry->xid, __entry->seqno, __entry->min, __entry->max)
+);
/**
** gssd upcall related trace events
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 46027d0c903f..38a252f92621 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -332,7 +332,7 @@ static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct r
struct gss_svc_seq_data {
/* highest seq number seen so far: */
- int sd_max;
+ u32 sd_max;
/* for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of
* sd_win is nonzero iff sequence number i has been seen already: */
unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG];
@@ -613,16 +613,29 @@ gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle)
return found;
}
-/* Implements sequence number algorithm as specified in RFC 2203. */
-static int
-gss_check_seq_num(struct rsc *rsci, int seq_num)
+/**
+ * gss_check_seq_num - GSS sequence number window check
+ * @rqstp: RPC Call to use when reporting errors
+ * @rsci: cached GSS context state (updated on return)
+ * @seq_num: sequence number to check
+ *
+ * Implements sequence number algorithm as specified in
+ * RFC 2203, Section 5.3.3.1. "Context Management".
+ *
+ * Return values:
+ * %true: @rqstp's GSS sequence number is inside the window
+ * %false: @rqstp's GSS sequence number is outside the window
+ */
+static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci,
+ u32 seq_num)
{
struct gss_svc_seq_data *sd = &rsci->seqdata;
+ bool result = false;
spin_lock(&sd->sd_lock);
if (seq_num > sd->sd_max) {
if (seq_num >= sd->sd_max + GSS_SEQ_WIN) {
- memset(sd->sd_win,0,sizeof(sd->sd_win));
+ memset(sd->sd_win, 0, sizeof(sd->sd_win));
sd->sd_max = seq_num;
} else while (sd->sd_max < seq_num) {
sd->sd_max++;
@@ -631,17 +644,25 @@ gss_check_seq_num(struct rsc *rsci, int seq_num)
__set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
goto ok;
} else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) {
- goto drop;
+ goto toolow;
}
- /* sd_max - GSS_SEQ_WIN < seq_num <= sd_max */
if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
- goto drop;
+ goto alreadyseen;
+
ok:
+ result = true;
+out:
spin_unlock(&sd->sd_lock);
- return 1;
-drop:
- spin_unlock(&sd->sd_lock);
- return 0;
+ return result;
+
+toolow:
+ trace_rpcgss_svc_seqno_low(rqstp, seq_num,
+ sd->sd_max - GSS_SEQ_WIN,
+ sd->sd_max);
+ goto out;
+alreadyseen:
+ trace_rpcgss_svc_seqno_seen(rqstp, seq_num);
+ goto out;
}
static inline u32 round_up_to_quad(u32 i)
@@ -721,14 +742,12 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
}
if (gc->gc_seq > MAXSEQ) {
- trace_rpcgss_svc_large_seqno(rqstp->rq_xid, gc->gc_seq);
+ trace_rpcgss_svc_seqno_large(rqstp, gc->gc_seq);
*authp = rpcsec_gsserr_ctxproblem;
return SVC_DENIED;
}
- if (!gss_check_seq_num(rsci, gc->gc_seq)) {
- trace_rpcgss_svc_old_seqno(rqstp->rq_xid, gc->gc_seq);
+ if (!gss_check_seq_num(rqstp, rsci, gc->gc_seq))
return SVC_DROP;
- }
return SVC_OK;
}
@@ -866,11 +885,13 @@ read_u32_from_xdr_buf(struct xdr_buf *buf, int base, u32 *obj)
static int
unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
{
+ u32 integ_len, rseqno, maj_stat;
int stat = -EINVAL;
- u32 integ_len, maj_stat;
struct xdr_netobj mic;
struct xdr_buf integ_buf;
+ mic.data = NULL;
+
/* NFS READ normally uses splice to send data in-place. However
* the data in cache can change after the reply's MIC is computed
* but before the RPC reply is sent. To prevent the client from
@@ -885,34 +906,44 @@ unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct g
integ_len = svc_getnl(&buf->head[0]);
if (integ_len & 3)
- return stat;
+ goto unwrap_failed;
if (integ_len > buf->len)
- return stat;
- if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len)) {
- WARN_ON_ONCE(1);
- return stat;
- }
+ goto unwrap_failed;
+ if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len))
+ goto unwrap_failed;
+
/* copy out mic... */
if (read_u32_from_xdr_buf(buf, integ_len, &mic.len))
- return stat;
+ goto unwrap_failed;
if (mic.len > RPC_MAX_AUTH_SIZE)
- return stat;
+ goto unwrap_failed;
mic.data = kmalloc(mic.len, GFP_KERNEL);
if (!mic.data)
- return stat;
+ goto unwrap_failed;
if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len))
- goto out;
+ goto unwrap_failed;
maj_stat = gss_verify_mic(ctx, &integ_buf, &mic);
if (maj_stat != GSS_S_COMPLETE)
- goto out;
- if (svc_getnl(&buf->head[0]) != seq)
- goto out;
+ goto bad_mic;
+ rseqno = svc_getnl(&buf->head[0]);
+ if (rseqno != seq)
+ goto bad_seqno;
/* trim off the mic and padding at the end before returning */
xdr_buf_trim(buf, round_up_to_quad(mic.len) + 4);
stat = 0;
out:
kfree(mic.data);
return stat;
+
+unwrap_failed:
+ trace_rpcgss_svc_unwrap_failed(rqstp);
+ goto out;
+bad_seqno:
+ trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);
+ goto out;
+bad_mic:
+ trace_rpcgss_svc_mic(rqstp, maj_stat);
+ goto out;
}
static inline int
@@ -937,6 +968,7 @@ unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gs
{
u32 priv_len, maj_stat;
int pad, remaining_len, offset;
+ u32 rseqno;
clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags);
@@ -951,7 +983,7 @@ unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gs
* not yet read from the head, so these two values are different: */
remaining_len = total_buf_len(buf);
if (priv_len > remaining_len)
- return -EINVAL;
+ goto unwrap_failed;
pad = remaining_len - priv_len;
buf->len -= pad;
fix_priv_head(buf, pad);
@@ -972,11 +1004,22 @@ unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gs
fix_priv_head(buf, pad);
}
if (maj_stat != GSS_S_COMPLETE)
- return -EINVAL;
+ goto bad_unwrap;
out_seq:
- if (svc_getnl(&buf->head[0]) != seq)
- return -EINVAL;
+ rseqno = svc_getnl(&buf->head[0]);
+ if (rseqno != seq)
+ goto bad_seqno;
return 0;
+
+unwrap_failed:
+ trace_rpcgss_svc_unwrap_failed(rqstp);
+ return -EINVAL;
+bad_seqno:
+ trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);
+ return -EINVAL;
+bad_unwrap:
+ trace_rpcgss_svc_unwrap(rqstp, maj_stat);
+ return -EINVAL;
}
struct gss_svc_data {
@@ -1314,8 +1357,7 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
if (status)
goto out;
- trace_rpcgss_svc_accept_upcall(rqstp->rq_xid, ud.major_status,
- ud.minor_status);
+ trace_rpcgss_svc_accept_upcall(rqstp, ud.major_status, ud.minor_status);
switch (ud.major_status) {
case GSS_S_CONTINUE_NEEDED:
@@ -1490,8 +1532,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
int ret;
struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
- trace_rpcgss_svc_accept(rqstp->rq_xid, argv->iov_len);
-
*authp = rpc_autherr_badcred;
if (!svcdata)
svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
@@ -1626,6 +1666,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
out:
if (rsci)
cache_put(&rsci->h, sn->rsc_cache);
+ trace_rpcgss_svc_authenticate(rqstp, gc);
return ret;
}
diff --git a/net/sunrpc/auth_gss/trace.c b/net/sunrpc/auth_gss/trace.c
index 49fa583d7f91..d26036a57443 100644
--- a/net/sunrpc/auth_gss/trace.c
+++ b/net/sunrpc/auth_gss/trace.c
@@ -5,6 +5,9 @@
#include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/sched.h>
+#include <linux/sunrpc/svc.h>
+#include <linux/sunrpc/svc_xprt.h>
+#include <linux/sunrpc/auth_gss.h>
#include <linux/sunrpc/gss_err.h>
#include <linux/sunrpc/auth_gss.h>
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v1] SUNRPC: Augment server-side rpcgss tracepoints
2020-06-22 20:57 [PATCH v1] SUNRPC: Augment server-side rpcgss tracepoints Chuck Lever
@ 2020-06-23 9:26 ` Dan Carpenter
0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2020-06-23 9:26 UTC (permalink / raw)
To: kbuild, Chuck Lever, linux-nfs; +Cc: lkp, kbuild-all
[-- Attachment #1: Type: text/plain, Size: 13596 bytes --]
Hi Chuck,
url: https://github.com/0day-ci/linux/commits/Chuck-Lever/SUNRPC-Augment-server-side-rpcgss-tracepoints/20200623-050035
base: git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
config: x86_64-randconfig-m001-20200622 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-13) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
net/sunrpc/auth_gss/svcauth_gss.c:1669 svcauth_gss_accept() error: uninitialized symbol 'gc'.
Old smatch warnings:
net/sunrpc/auth_gss/svcauth_gss.c:782 gss_write_verf() warn: returning -1 instead of -ENOMEM is sloppy
# https://github.com/0day-ci/linux/commit/af0f25db1397607ba75ceb1ce13c2b1419d2b156
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout af0f25db1397607ba75ceb1ce13c2b1419d2b156
vim +/gc +1669 net/sunrpc/auth_gss/svcauth_gss.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 1521 static int
d8ed029d6000ba Alexey Dobriyan 2006-09-26 1522 svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1523 {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1524 struct kvec *argv = &rqstp->rq_arg.head[0];
^1da177e4c3f41 Linus Torvalds 2005-04-16 1525 struct kvec *resv = &rqstp->rq_res.head[0];
^1da177e4c3f41 Linus Torvalds 2005-04-16 1526 u32 crlen;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1527 struct gss_svc_data *svcdata = rqstp->rq_auth_data;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1528 struct rpc_gss_wire_cred *gc;
^^
^1da177e4c3f41 Linus Torvalds 2005-04-16 1529 struct rsc *rsci = NULL;
d8ed029d6000ba Alexey Dobriyan 2006-09-26 1530 __be32 *rpcstart;
d8ed029d6000ba Alexey Dobriyan 2006-09-26 1531 __be32 *reject_stat = resv->iov_base + resv->iov_len;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1532 int ret;
b8be5674fa9a6f Vasily Averin 2018-12-24 1533 struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1534
^1da177e4c3f41 Linus Torvalds 2005-04-16 1535 *authp = rpc_autherr_badcred;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1536 if (!svcdata)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1537 svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1538 if (!svcdata)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1539 goto auth_err;
^^^^^^^^^^^^^
^1da177e4c3f41 Linus Torvalds 2005-04-16 1540 rqstp->rq_auth_data = svcdata;
5b304bc5bfccc8 J.Bruce Fields 2006-10-04 1541 svcdata->verf_start = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1542 svcdata->rsci = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1543 gc = &svcdata->clcred;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1544
^1da177e4c3f41 Linus Torvalds 2005-04-16 1545 /* start of rpc packet is 7 u32's back from here:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1546 * xid direction rpcversion prog vers proc flavour
^1da177e4c3f41 Linus Torvalds 2005-04-16 1547 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1548 rpcstart = argv->iov_base;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1549 rpcstart -= 7;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1550
^1da177e4c3f41 Linus Torvalds 2005-04-16 1551 /* credential is:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1552 * version(==1), proc(0,1,2,3), seq, service (1,2,3), handle
25985edcedea63 Lucas De Marchi 2011-03-30 1553 * at least 5 u32s, and is preceded by length, so that makes 6.
^1da177e4c3f41 Linus Torvalds 2005-04-16 1554 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1555
^1da177e4c3f41 Linus Torvalds 2005-04-16 1556 if (argv->iov_len < 5 * 4)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1557 goto auth_err;
7699431301b189 Alexey Dobriyan 2006-09-26 1558 crlen = svc_getnl(argv);
7699431301b189 Alexey Dobriyan 2006-09-26 1559 if (svc_getnl(argv) != RPC_GSS_VERSION)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1560 goto auth_err;
7699431301b189 Alexey Dobriyan 2006-09-26 1561 gc->gc_proc = svc_getnl(argv);
7699431301b189 Alexey Dobriyan 2006-09-26 1562 gc->gc_seq = svc_getnl(argv);
7699431301b189 Alexey Dobriyan 2006-09-26 1563 gc->gc_svc = svc_getnl(argv);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1564 if (svc_safe_getnetobj(argv, &gc->gc_ctx))
^1da177e4c3f41 Linus Torvalds 2005-04-16 1565 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1566 if (crlen != round_up_to_quad(gc->gc_ctx.len) + 5 * 4)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1567 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1568
^1da177e4c3f41 Linus Torvalds 2005-04-16 1569 if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0))
^1da177e4c3f41 Linus Torvalds 2005-04-16 1570 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1571
^1da177e4c3f41 Linus Torvalds 2005-04-16 1572 *authp = rpc_autherr_badverf;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1573 switch (gc->gc_proc) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1574 case RPC_GSS_PROC_INIT:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1575 case RPC_GSS_PROC_CONTINUE_INIT:
030d794bf49855 Simo Sorce 2012-05-25 1576 if (use_gss_proxy(SVC_NET(rqstp)))
030d794bf49855 Simo Sorce 2012-05-25 1577 return svcauth_gss_proxy_init(rqstp, gc, authp);
030d794bf49855 Simo Sorce 2012-05-25 1578 else
030d794bf49855 Simo Sorce 2012-05-25 1579 return svcauth_gss_legacy_init(rqstp, gc, authp);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1580 case RPC_GSS_PROC_DATA:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1581 case RPC_GSS_PROC_DESTROY:
21fcd02be34f73 J. Bruce Fields 2007-08-09 1582 /* Look up the context, and check the verifier: */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1583 *authp = rpcsec_gsserr_credproblem;
a1db410d0bbadc Stanislav Kinsbursky 2012-01-19 1584 rsci = gss_svc_searchbyctx(sn->rsc_cache, &gc->gc_ctx);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1585 if (!rsci)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1586 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1587 switch (gss_verify_header(rqstp, rsci, rpcstart, gc, authp)) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1588 case SVC_OK:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1589 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1590 case SVC_DENIED:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1591 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1592 case SVC_DROP:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1593 goto drop;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1594 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1595 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1596 default:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1597 *authp = rpc_autherr_rejectedcred;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1598 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1599 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1600
^1da177e4c3f41 Linus Torvalds 2005-04-16 1601 /* now act upon the command: */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1602 switch (gc->gc_proc) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1603 case RPC_GSS_PROC_DESTROY:
c5e434c98b49f4 Wei Yongjun 2007-05-09 1604 if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
c5e434c98b49f4 Wei Yongjun 2007-05-09 1605 goto auth_err;
2b477c00f3bd87 Neil Brown 2016-12-22 1606 /* Delete the entry from the cache_list and call cache_put */
2b477c00f3bd87 Neil Brown 2016-12-22 1607 sunrpc_cache_unhash(sn->rsc_cache, &rsci->h);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1608 if (resv->iov_len + 4 > PAGE_SIZE)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1609 goto drop;
7699431301b189 Alexey Dobriyan 2006-09-26 1610 svc_putnl(resv, RPC_SUCCESS);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1611 goto complete;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1612 case RPC_GSS_PROC_DATA:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1613 *authp = rpcsec_gsserr_ctxproblem;
5b304bc5bfccc8 J.Bruce Fields 2006-10-04 1614 svcdata->verf_start = resv->iov_base + resv->iov_len;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1615 if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
^1da177e4c3f41 Linus Torvalds 2005-04-16 1616 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1617 rqstp->rq_cred = rsci->cred;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1618 get_group_info(rsci->cred.cr_group_info);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1619 *authp = rpc_autherr_badcred;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1620 switch (gc->gc_svc) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1621 case RPC_GSS_SVC_NONE:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1622 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1623 case RPC_GSS_SVC_INTEGRITY:
b620754bfeb8b0 J. Bruce Fields 2008-07-03 1624 /* placeholders for length and seq. number: */
b620754bfeb8b0 J. Bruce Fields 2008-07-03 1625 svc_putnl(resv, 0);
b620754bfeb8b0 J. Bruce Fields 2008-07-03 1626 svc_putnl(resv, 0);
4c190e2f913f03 Jeff Layton 2013-02-06 1627 if (unwrap_integ_data(rqstp, &rqstp->rq_arg,
^1da177e4c3f41 Linus Torvalds 2005-04-16 1628 gc->gc_seq, rsci->mechctx))
dd35210e1e2cb4 Harshula Jayasuriya 2008-02-20 1629 goto garbage_args;
a5cddc885b9945 J. Bruce Fields 2014-05-12 1630 rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE;
b620754bfeb8b0 J. Bruce Fields 2008-07-03 1631 break;
b620754bfeb8b0 J. Bruce Fields 2008-07-03 1632 case RPC_GSS_SVC_PRIVACY:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1633 /* placeholders for length and seq. number: */
7699431301b189 Alexey Dobriyan 2006-09-26 1634 svc_putnl(resv, 0);
7699431301b189 Alexey Dobriyan 2006-09-26 1635 svc_putnl(resv, 0);
7c9fdcfb1b64c4 J. Bruce Fields 2006-06-30 1636 if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
7c9fdcfb1b64c4 J. Bruce Fields 2006-06-30 1637 gc->gc_seq, rsci->mechctx))
dd35210e1e2cb4 Harshula Jayasuriya 2008-02-20 1638 goto garbage_args;
a5cddc885b9945 J. Bruce Fields 2014-05-12 1639 rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE * 2;
7c9fdcfb1b64c4 J. Bruce Fields 2006-06-30 1640 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1641 default:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1642 goto auth_err;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1643 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1644 svcdata->rsci = rsci;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1645 cache_get(&rsci->h);
d5497fc693a446 J. Bruce Fields 2012-05-14 1646 rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
83523d083a045a Chuck Lever 2013-03-16 1647 rsci->mechctx->mech_type,
83523d083a045a Chuck Lever 2013-03-16 1648 GSS_C_QOP_DEFAULT,
83523d083a045a Chuck Lever 2013-03-16 1649 gc->gc_svc);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1650 ret = SVC_OK;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1651 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1652 }
dd35210e1e2cb4 Harshula Jayasuriya 2008-02-20 1653 garbage_args:
dd35210e1e2cb4 Harshula Jayasuriya 2008-02-20 1654 ret = SVC_GARBAGE;
dd35210e1e2cb4 Harshula Jayasuriya 2008-02-20 1655 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1656 auth_err:
21fcd02be34f73 J. Bruce Fields 2007-08-09 1657 /* Restore write pointer to its original value: */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1658 xdr_ressize_check(rqstp, reject_stat);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1659 ret = SVC_DENIED;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1660 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1661 complete:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1662 ret = SVC_COMPLETE;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1663 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1664 drop:
4d712ef1db05c3 Chuck Lever 2016-11-29 1665 ret = SVC_CLOSE;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1666 out:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1667 if (rsci)
a1db410d0bbadc Stanislav Kinsbursky 2012-01-19 1668 cache_put(&rsci->h, sn->rsc_cache);
af0f25db139760 Chuck Lever 2020-06-22 @1669 trace_rpcgss_svc_authenticate(rqstp, gc);
^^
Uninitialized.
^1da177e4c3f41 Linus Torvalds 2005-04-16 1670 return ret;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1671 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 30655 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-23 9:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-22 20:57 [PATCH v1] SUNRPC: Augment server-side rpcgss tracepoints Chuck Lever
2020-06-23 9:26 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).