linux/net/sunrpc
Trond Myklebust 7987b694ad SUNRPC: Fix a use after free when a server rejects the RPCSEC_GSS credential
The addition of rpc_check_timeout() to call_decode causes an Oops
when the RPCSEC_GSS credential is rejected.
The reason is that rpc_decode_header() will call xprt_release() in
order to free task->tk_rqstp, which is needed by rpc_check_timeout()
to check whether or not we should exit due to a soft timeout.

The fix is to move the call to xprt_release() into call_decode() so
we can perform it after rpc_check_timeout().

Reported-by: Olga Kornievskaia <olga.kornievskaia@gmail.com>
Reported-by: Nick Bowler <nbowler@draconx.ca>
Fixes: cea57789e4 ("SUNRPC: Clean up")
Cc: stable@vger.kernel.org # v5.1+
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2019-05-30 15:29:41 -04:00
..
auth_gss This pull consists mostly of nfsd container work: 2019-05-15 18:21:43 -07:00
xprtrdma xprtrdma: Use struct_size() in kzalloc() 2019-05-28 09:28:49 -04:00
addr.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
auth_null.c SUNRPC: Add rpc_auth::au_ralign field 2019-02-14 11:48:36 -05:00
auth_unix.c SUNRPC: Use the client user namespace when encoding creds 2019-04-26 16:24:32 -04:00
auth.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
backchannel_rqst.c SUNRPC: Allow dynamic allocation of back channel slots 2019-03-02 16:25:26 -05:00
cache.c sunrpc/cache: handle missing listeners better. 2019-04-24 09:46:34 -04:00
clnt.c SUNRPC: Fix a use after free when a server rejects the RPCSEC_GSS credential 2019-05-30 15:29:41 -04:00
debugfs.c SUNRPC: Fix up tracking of timeouts 2019-04-25 14:18:13 -04:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile SUNRPC: remove generic cred code. 2018-12-19 13:52:46 -05:00
netns.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rpc_pipe.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
rpcb_clnt.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
sched.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
socklib.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
stats.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
sunrpc_syms.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
sunrpc.h sunrpc: whitespace fixes 2018-07-31 12:53:40 -04:00
svc_xprt.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
svc.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
svcauth_unix.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
svcauth.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
svcsock.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
sysctl.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
timer.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
xdr.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
xprt.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
xprtmultipath.c SUNRPC: Fix some kernel doc complaints 2019-01-02 12:05:18 -05:00
xprtsock.c SUNRPC: Add tracking of RPC level errors 2019-04-25 14:18:13 -04:00