mirror of
https://github.com/torvalds/linux.git
synced 2024-11-14 16:12:02 +00:00
5866efa8cb
gss_read_proxy_verf() assumes things about the XDR buffer containing
the RPC Call that are not true for buffers generated by
svc_rdma_recv().
RDMA's buffers look more like what the upper layer generates for
sending: head is a kmalloc'd buffer; it does not point to a page
whose contents are contiguous with the first page in the buffers'
page array. The result is that ACCEPT_SEC_CONTEXT via RPC/RDMA has
stopped working on Linux NFS servers that use gssproxy.
This does not affect clients that use only TCP to send their
ACCEPT_SEC_CONTEXT operation (that's all Linux clients). Other
clients, like Solaris NFS clients, send ACCEPT_SEC_CONTEXT on the
same transport as they send all other NFS operations. Such clients
can send ACCEPT_SEC_CONTEXT via RPC/RDMA.
I thought I had found every direct reference in the server RPC code
to the rqstp->rq_pages field.
Bug found at the 2019 Westford NFS bake-a-thon.
Fixes:
|
||
|---|---|---|
| .. | ||
| auth_gss.c | ||
| gss_generic_token.c | ||
| gss_krb5_crypto.c | ||
| gss_krb5_keys.c | ||
| gss_krb5_mech.c | ||
| gss_krb5_seal.c | ||
| gss_krb5_seqnum.c | ||
| gss_krb5_unseal.c | ||
| gss_krb5_wrap.c | ||
| gss_mech_switch.c | ||
| gss_rpc_upcall.c | ||
| gss_rpc_upcall.h | ||
| gss_rpc_xdr.c | ||
| gss_rpc_xdr.h | ||
| Makefile | ||
| svcauth_gss.c | ||
| trace.c | ||