Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3691133ybv; Mon, 10 Feb 2020 04:47:29 -0800 (PST) X-Google-Smtp-Source: APXvYqxkasb+iCsR04TTwinURpNP1ir0hQwsJQsloF+5zj8aQKr4wRzrX3eVwgrGU56k5X6nYFrK X-Received: by 2002:a9d:7548:: with SMTP id b8mr982820otl.74.1581338849181; Mon, 10 Feb 2020 04:47:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581338849; cv=none; d=google.com; s=arc-20160816; b=zN9nZcLmpJ6Rjcn06LNc6VUt3OJ8Wv5FpWz5MtYXGHEuVvLRp5YX90k2O6YOiq+McZ 6Ge6BEIKOue1kdT7d3B3CzsH+xpQ+lQXi4SGOFcvoisRbCTxhb1DJqd81oYkgNOhOG17 D4uEW/Yjgzx+MkGX1YeqixoOUyAqbp7HQYO/oh2VJkCDT2IxgGQmaw7b6yRCe5Djyl6U jFoPlLJqlTMl/CWaWtGLr3mJUy5u00JB+BBduCZmtPrxy1X3IylkYDAvhUjtJ6S84ObC 6+a5rWPBtQt8hTE2wHlPJOY/7c8k6YqKcQDMcbfetYlFjRHvsW8fakWxryqK9U6sE+4R MWAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=s8KUWdq52uxdaPQycTdNrcT1R8QfegjAJYg8cFo+6ME=; b=VKN32tUXzowdrxnmNwLsCxEB1Jj5envCOfV51s0FktiOxJmDQp/hPTjlaPu0JQiZtK 9W46ZUZHNOWER2gdzLunJ0UWBGPx7dAq+E5mGesIrfqfQxjktleii38o8fNRD4g0fSA8 72wrjxcwTIVd8FapJ8r+NrSyDqqcOCcOsrMFkmzVW01H0z0NKeJb6rt7F7ByBcuTX3Xf QawQmeXaJAa+cU81gitQ3+3FqITT/EI7UVbMIxjAYFstYch5LJjhjn3PFD6Fu/Km9+1t qNPqC05kQEhx72YUorwmGpsjXAP6YLJ6RLgj64Ad690rkwdh8fBBniBLKzIILYzjBDZW W2rQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Bjf3RIzf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e8si134022oie.96.2020.02.10.04.47.17; Mon, 10 Feb 2020 04:47:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Bjf3RIzf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730842AbgBJMqE (ORCPT + 99 others); Mon, 10 Feb 2020 07:46:04 -0500 Received: from mail.kernel.org ([198.145.29.99]:43110 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729950AbgBJMlR (ORCPT ); Mon, 10 Feb 2020 07:41:17 -0500 Received: from localhost (unknown [209.37.97.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E7DD6208C3; Mon, 10 Feb 2020 12:41:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581338477; bh=8Jb3WF7J4RzRLBfrdqdB0TvnGiKJLDBYl2f04hpF+DQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Bjf3RIzfNe07UtpckfWNmz+YBx1bemUTzlJcKfGpfCFOm/Dg1bMoueFqdIxEfzW4O D40viClQu/PQ4uno58UkTq0cdVCeJOPOdgtNIUvsJkzbzZQcwTrV1QGsFAAV8uiTzk OgafcaTNlYezbUoAIhndNBOE073raVI7XiiBPbA0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Roberto Bergantinos Corpas , Frank Sorenson , "J. Bruce Fields" Subject: [PATCH 5.5 208/367] sunrpc: expiry_time should be seconds not timeval Date: Mon, 10 Feb 2020 04:32:01 -0800 Message-Id: <20200210122443.600771045@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200210122423.695146547@linuxfoundation.org> References: <20200210122423.695146547@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Bergantinos Corpas commit 3d96208c30f84d6edf9ab4fac813306ac0d20c10 upstream. When upcalling gssproxy, cache_head.expiry_time is set as a timeval, not seconds since boot. As such, RPC cache expiry logic will not clean expired objects created under auth.rpcsec.context cache. This has proven to cause kernel memory leaks on field. Using 64 bit variants of getboottime/timespec Expiration times have worked this way since 2010's c5b29f885afe "sunrpc: use seconds since boot in expiry cache". The gssproxy code introduced in 2012 added gss_proxy_save_rsc and introduced the bug. That's a while for this to lurk, but it required a bit of an extreme case to make it obvious. Signed-off-by: Roberto Bergantinos Corpas Cc: stable@vger.kernel.org Fixes: 030d794bf498 "SUNRPC: Use gssproxy upcall for server..." Tested-By: Frank Sorenson Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman --- net/sunrpc/auth_gss/svcauth_gss.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -1248,6 +1248,7 @@ static int gss_proxy_save_rsc(struct cac dprintk("RPC: No creds found!\n"); goto out; } else { + struct timespec64 boot; /* steal creds */ rsci.cred = ud->creds; @@ -1268,6 +1269,9 @@ static int gss_proxy_save_rsc(struct cac &expiry, GFP_KERNEL); if (status) goto out; + + getboottime64(&boot); + expiry -= boot.tv_sec; } rsci.h.expiry_time = expiry;