diff options
author | NeilBrown <neilb@suse.de> | 2021-09-02 01:30:37 +0200 |
---|---|---|
committer | Chuck Lever <chuck.lever@oracle.com> | 2021-09-03 19:38:11 +0200 |
commit | 0c217d5066c84f67cd672cf03ec8f682e5d013c2 (patch) | |
tree | 042d081a4fa11ab491c43e3054bbe66886294aea /net/sunrpc/auth_gss | |
parent | SUNRPC: don't pause on incomplete allocation (diff) | |
download | linux-0c217d5066c84f67cd672cf03ec8f682e5d013c2.tar.xz linux-0c217d5066c84f67cd672cf03ec8f682e5d013c2.zip |
SUNRPC: improve error response to over-size gss credential
When the NFS server receives a large gss (kerberos) credential and tries
to pass it up to rpc.svcgssd (which is deprecated), it triggers an
infinite loop in cache_read().
cache_request() always returns -EAGAIN, and this causes a "goto again".
This patch:
- changes the error to -E2BIG to avoid the infinite loop, and
- generates a WARN_ONCE when rsi_request first sees an over-sized
credential. The warning suggests switching to gssproxy.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=196583
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 3d685fe328fa..475a965b7b43 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -194,6 +194,8 @@ static void rsi_request(struct cache_detail *cd, qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len); qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len); (*bpp)[-1] = '\n'; + WARN_ONCE(*blen < 0, + "RPCSEC/GSS credential too large - please use gssproxy\n"); } static int rsi_parse(struct cache_detail *cd, |