Loading include/trace/events/rpcgss.h +58 −1 Original line number Diff line number Diff line Loading @@ -126,7 +126,7 @@ DEFINE_GSSAPI_EVENT(verify_mic); DEFINE_GSSAPI_EVENT(wrap); DEFINE_GSSAPI_EVENT(unwrap); TRACE_EVENT(rpcgss_accept_upcall, TRACE_EVENT(rpcgss_svc_accept_upcall, TP_PROTO( __be32 xid, u32 major_status, Loading Loading @@ -154,6 +154,29 @@ TRACE_EVENT(rpcgss_accept_upcall, ) ); TRACE_EVENT(rpcgss_svc_accept, TP_PROTO( __be32 xid, size_t len ), TP_ARGS(xid, len), TP_STRUCT__entry( __field(u32, xid) __field(size_t, len) ), TP_fast_assign( __entry->xid = be32_to_cpu(xid); __entry->len = len; ), TP_printk("xid=0x%08x len=%zu", __entry->xid, __entry->len ) ); /** ** GSS auth unwrap failures Loading Loading @@ -268,6 +291,40 @@ TRACE_EVENT(rpcgss_need_reencode, __entry->ret ? "" : "un") ); DECLARE_EVENT_CLASS(rpcgss_svc_seqno_class, TP_PROTO( __be32 xid, u32 seqno ), TP_ARGS(xid, seqno), TP_STRUCT__entry( __field(u32, xid) __field(u32, seqno) ), TP_fast_assign( __entry->xid = be32_to_cpu(xid); __entry->seqno = seqno; ), TP_printk("xid=0x%08x seqno=%u, request discarded", __entry->xid, __entry->seqno) ); #define DEFINE_SVC_SEQNO_EVENT(name) \ DEFINE_EVENT(rpcgss_svc_seqno_class, rpcgss_svc_##name, \ TP_PROTO( \ __be32 xid, \ u32 seqno \ ), \ TP_ARGS(xid, seqno)) DEFINE_SVC_SEQNO_EVENT(large_seqno); DEFINE_SVC_SEQNO_EVENT(old_seqno); /** ** gssd upcall related trace events **/ Loading net/sunrpc/auth_gss/svcauth_gss.c +15 −28 Original line number Diff line number Diff line Loading @@ -55,10 +55,6 @@ #include "gss_rpc_upcall.h" #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) # define RPCDBG_FACILITY RPCDBG_AUTH #endif /* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests * into replies. * Loading Loading @@ -713,14 +709,12 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, } if (gc->gc_seq > MAXSEQ) { dprintk("RPC: svcauth_gss: discarding request with " "large sequence number %d\n", gc->gc_seq); trace_rpcgss_svc_large_seqno(rqstp->rq_xid, gc->gc_seq); *authp = rpcsec_gsserr_ctxproblem; return SVC_DENIED; } if (!gss_check_seq_num(rsci, gc->gc_seq)) { dprintk("RPC: svcauth_gss: discarding request with " "old sequence number %d\n", gc->gc_seq); trace_rpcgss_svc_old_seqno(rqstp->rq_xid, gc->gc_seq); return SVC_DROP; } return SVC_OK; Loading Loading @@ -1245,7 +1239,6 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, if (!ud->found_creds) { /* userspace seem buggy, we should always get at least a * mapping to nobody */ dprintk("RPC: No creds found!\n"); goto out; } else { struct timespec64 boot; Loading Loading @@ -1311,7 +1304,7 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp, if (status) goto out; trace_rpcgss_accept_upcall(rqstp->rq_xid, ud.major_status, trace_rpcgss_svc_accept_upcall(rqstp->rq_xid, ud.major_status, ud.minor_status); switch (ud.major_status) { Loading @@ -1320,31 +1313,23 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp, break; case GSS_S_COMPLETE: status = gss_proxy_save_rsc(sn->rsc_cache, &ud, &handle); if (status) { pr_info("%s: gss_proxy_save_rsc failed (%d)\n", __func__, status); if (status) goto out; } cli_handle.data = (u8 *)&handle; cli_handle.len = sizeof(handle); break; default: ret = SVC_CLOSE; goto out; } /* Got an answer to the upcall; use it: */ if (gss_write_init_verf(sn->rsc_cache, rqstp, &cli_handle, &ud.major_status)) { pr_info("%s: gss_write_init_verf failed\n", __func__); &cli_handle, &ud.major_status)) goto out; } if (gss_write_resv(resv, PAGE_SIZE, &cli_handle, &ud.out_token, ud.major_status, ud.minor_status)) { pr_info("%s: gss_write_resv failed\n", __func__); ud.major_status, ud.minor_status)) goto out; } ret = SVC_COMPLETE; out: Loading Loading @@ -1495,8 +1480,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) int ret; struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n", argv->iov_len); trace_rpcgss_svc_accept(rqstp->rq_xid, argv->iov_len); *authp = rpc_autherr_badcred; if (!svcdata) Loading Loading @@ -1705,7 +1689,8 @@ svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp) resv->iov_len += XDR_QUADLEN(mic.len) << 2; /* not strictly required: */ resbuf->len += XDR_QUADLEN(mic.len) << 2; BUG_ON(resv->iov_len > PAGE_SIZE); if (resv->iov_len > PAGE_SIZE) goto out_err; out: stat = 0; out_err: Loading Loading @@ -1741,9 +1726,11 @@ svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp) * both the head and tail. */ if (resbuf->tail[0].iov_base) { BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base + PAGE_SIZE); BUG_ON(resbuf->tail[0].iov_base < resbuf->head[0].iov_base); if (resbuf->tail[0].iov_base >= resbuf->head[0].iov_base + PAGE_SIZE) return -EINVAL; if (resbuf->tail[0].iov_base < resbuf->head[0].iov_base) return -EINVAL; if (resbuf->tail[0].iov_len + resbuf->head[0].iov_len + 2 * RPC_MAX_AUTH_SIZE > PAGE_SIZE) return -ENOMEM; Loading Loading
include/trace/events/rpcgss.h +58 −1 Original line number Diff line number Diff line Loading @@ -126,7 +126,7 @@ DEFINE_GSSAPI_EVENT(verify_mic); DEFINE_GSSAPI_EVENT(wrap); DEFINE_GSSAPI_EVENT(unwrap); TRACE_EVENT(rpcgss_accept_upcall, TRACE_EVENT(rpcgss_svc_accept_upcall, TP_PROTO( __be32 xid, u32 major_status, Loading Loading @@ -154,6 +154,29 @@ TRACE_EVENT(rpcgss_accept_upcall, ) ); TRACE_EVENT(rpcgss_svc_accept, TP_PROTO( __be32 xid, size_t len ), TP_ARGS(xid, len), TP_STRUCT__entry( __field(u32, xid) __field(size_t, len) ), TP_fast_assign( __entry->xid = be32_to_cpu(xid); __entry->len = len; ), TP_printk("xid=0x%08x len=%zu", __entry->xid, __entry->len ) ); /** ** GSS auth unwrap failures Loading Loading @@ -268,6 +291,40 @@ TRACE_EVENT(rpcgss_need_reencode, __entry->ret ? "" : "un") ); DECLARE_EVENT_CLASS(rpcgss_svc_seqno_class, TP_PROTO( __be32 xid, u32 seqno ), TP_ARGS(xid, seqno), TP_STRUCT__entry( __field(u32, xid) __field(u32, seqno) ), TP_fast_assign( __entry->xid = be32_to_cpu(xid); __entry->seqno = seqno; ), TP_printk("xid=0x%08x seqno=%u, request discarded", __entry->xid, __entry->seqno) ); #define DEFINE_SVC_SEQNO_EVENT(name) \ DEFINE_EVENT(rpcgss_svc_seqno_class, rpcgss_svc_##name, \ TP_PROTO( \ __be32 xid, \ u32 seqno \ ), \ TP_ARGS(xid, seqno)) DEFINE_SVC_SEQNO_EVENT(large_seqno); DEFINE_SVC_SEQNO_EVENT(old_seqno); /** ** gssd upcall related trace events **/ Loading
net/sunrpc/auth_gss/svcauth_gss.c +15 −28 Original line number Diff line number Diff line Loading @@ -55,10 +55,6 @@ #include "gss_rpc_upcall.h" #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) # define RPCDBG_FACILITY RPCDBG_AUTH #endif /* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests * into replies. * Loading Loading @@ -713,14 +709,12 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, } if (gc->gc_seq > MAXSEQ) { dprintk("RPC: svcauth_gss: discarding request with " "large sequence number %d\n", gc->gc_seq); trace_rpcgss_svc_large_seqno(rqstp->rq_xid, gc->gc_seq); *authp = rpcsec_gsserr_ctxproblem; return SVC_DENIED; } if (!gss_check_seq_num(rsci, gc->gc_seq)) { dprintk("RPC: svcauth_gss: discarding request with " "old sequence number %d\n", gc->gc_seq); trace_rpcgss_svc_old_seqno(rqstp->rq_xid, gc->gc_seq); return SVC_DROP; } return SVC_OK; Loading Loading @@ -1245,7 +1239,6 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, if (!ud->found_creds) { /* userspace seem buggy, we should always get at least a * mapping to nobody */ dprintk("RPC: No creds found!\n"); goto out; } else { struct timespec64 boot; Loading Loading @@ -1311,7 +1304,7 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp, if (status) goto out; trace_rpcgss_accept_upcall(rqstp->rq_xid, ud.major_status, trace_rpcgss_svc_accept_upcall(rqstp->rq_xid, ud.major_status, ud.minor_status); switch (ud.major_status) { Loading @@ -1320,31 +1313,23 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp, break; case GSS_S_COMPLETE: status = gss_proxy_save_rsc(sn->rsc_cache, &ud, &handle); if (status) { pr_info("%s: gss_proxy_save_rsc failed (%d)\n", __func__, status); if (status) goto out; } cli_handle.data = (u8 *)&handle; cli_handle.len = sizeof(handle); break; default: ret = SVC_CLOSE; goto out; } /* Got an answer to the upcall; use it: */ if (gss_write_init_verf(sn->rsc_cache, rqstp, &cli_handle, &ud.major_status)) { pr_info("%s: gss_write_init_verf failed\n", __func__); &cli_handle, &ud.major_status)) goto out; } if (gss_write_resv(resv, PAGE_SIZE, &cli_handle, &ud.out_token, ud.major_status, ud.minor_status)) { pr_info("%s: gss_write_resv failed\n", __func__); ud.major_status, ud.minor_status)) goto out; } ret = SVC_COMPLETE; out: Loading Loading @@ -1495,8 +1480,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) int ret; struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n", argv->iov_len); trace_rpcgss_svc_accept(rqstp->rq_xid, argv->iov_len); *authp = rpc_autherr_badcred; if (!svcdata) Loading Loading @@ -1705,7 +1689,8 @@ svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp) resv->iov_len += XDR_QUADLEN(mic.len) << 2; /* not strictly required: */ resbuf->len += XDR_QUADLEN(mic.len) << 2; BUG_ON(resv->iov_len > PAGE_SIZE); if (resv->iov_len > PAGE_SIZE) goto out_err; out: stat = 0; out_err: Loading Loading @@ -1741,9 +1726,11 @@ svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp) * both the head and tail. */ if (resbuf->tail[0].iov_base) { BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base + PAGE_SIZE); BUG_ON(resbuf->tail[0].iov_base < resbuf->head[0].iov_base); if (resbuf->tail[0].iov_base >= resbuf->head[0].iov_base + PAGE_SIZE) return -EINVAL; if (resbuf->tail[0].iov_base < resbuf->head[0].iov_base) return -EINVAL; if (resbuf->tail[0].iov_len + resbuf->head[0].iov_len + 2 * RPC_MAX_AUTH_SIZE > PAGE_SIZE) return -ENOMEM; Loading
Chuck Lever <chuck.lever@oracle.com>Chuck Lever <chuck.lever@oracle.com>