Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2494749pxj; Mon, 10 May 2021 04:28:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzEfd4wX4867EOlsJ2/5JZPmVdjWPCkwHqo9zKT5tfJTzw5npmMgAI6Q71f48EEfqjdxZ9l X-Received: by 2002:a05:6402:2283:: with SMTP id cw3mr28558962edb.122.1620646136851; Mon, 10 May 2021 04:28:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620646136; cv=none; d=google.com; s=arc-20160816; b=I2BQpFexjYnZBJPE2P7tx07uoqqp4aR/Jn4jPlrgNfreR99bjkc3XoX4M/8zHAvJzl TMnJg0+kGzwBDPXXVA4sOKJsORlLcURgytI9FOZ80nXNx2eGservfxMUEv+zwK1eUhj0 nQcbCTYRsIMdr0HKqUPy5dDgHD4sd8P467AKlCTbnih2XP2iHRFXBBHoC/SBQNmEkw2m TrDoeFbIYsmMuuXorar1h5Yyu4Qjzo1ZA4FPeqXwMRdN8us+JKu69/7yl4JmfWyowMSd UtnDlQuCNNQGNb6lRIZmJrmAJ7TWAZZZl+SV5Qh2RznizESBe1Mc8mzkBP1D71gyedFJ rDkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QlWgcqby6E4G/bFt1cYoQlgiE5Kr1badw2PuyRq/sWo=; b=f1OsLvr+awyjrPrjCL6Cs4lwDlidWc80wKC65be95Cizl9s/CO77Z9jeSXTo74Z96M e4M6pqLlC+f3A3jXmAyu3RBA7ZfEMGSAbqVpBT6RKcbJXD4xr9MDXTCyUhxMFuH+2HtQ 05WIw5F/YmAXfYC4SawwszeEATId2ExfhuCEbiRynFdA7/C10foyQVSYrUUWv4N/xyDD 7G9UlG8q4QJOs9g8HuANkvISjihpl/+YaBTRp0mxFY1yJrhUUOcW0Y0V9RdfExO8MSkZ VkW8ODPDaLK6u24DlygHjv1aYSZyOUOh9rrM4UvEOE5rL5/o7OqeDAG4nd2Sbo4hEdFS E83Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dUaNPMo1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id pk10si12508216ejb.359.2021.05.10.04.28.07; Mon, 10 May 2021 04:28:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dUaNPMo1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234906AbhEJLYD (ORCPT + 99 others); Mon, 10 May 2021 07:24:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:52982 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234213AbhEJK4E (ORCPT ); Mon, 10 May 2021 06:56:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7565B61139; Mon, 10 May 2021 10:44:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620643477; bh=UjLchi33039/P+2VzbIfD80p4KMOiN1ExVFAIL89Kns=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dUaNPMo1b2tWBl+Bw1AiZiFsYbFZX/xne/mMaOyxSL31MGxovq9gnpplMbfLee7ja oQxdy4j9KztQBJlDDSu38PIJdB/xp9o3hNZt3qUeUCQBrCrSw0nwwzK+sLWG1UeoxE zAZJ1EhjQZ3BhPO3L3RwWQK0obqxyE5wpMo8Bs6A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ilya Dryomov , Sage Weil Subject: [PATCH 5.11 031/342] libceph: bump CephXAuthenticate encoding version Date: Mon, 10 May 2021 12:17:01 +0200 Message-Id: <20210510102011.134876262@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102010.096403571@linuxfoundation.org> References: <20210510102010.096403571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ilya Dryomov commit 7807dafda21a549403d922da98dde0ddfeb70d08 upstream. A dummy v3 encoding (exactly the same as v2) was introduced so that the monitors can distinguish broken clients that may not include their auth ticket in CEPHX_GET_AUTH_SESSION_KEY request on reconnects, thus failing to prove previous possession of their global_id (one part of CVE-2021-20288). The kernel client has always included its auth ticket, so it is compatible with enforcing mode as is. However we want to bump the encoding version to avoid having to authenticate twice on the initial connect -- all legacy (CephXAuthenticate < v3) are now forced do so in order to expose insecure global_id reclaim. Marking for stable since at least for 5.11 and 5.12 it is trivial (v2 -> v3). Cc: stable@vger.kernel.org # 5.11+ URL: https://tracker.ceph.com/issues/50452 Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil Signed-off-by: Greg Kroah-Hartman --- net/ceph/auth_x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -526,7 +526,7 @@ static int ceph_x_build_request(struct c if (ret < 0) return ret; - auth->struct_v = 2; /* nautilus+ */ + auth->struct_v = 3; /* nautilus+ */ auth->key = 0; for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++) auth->key ^= *(__le64 *)u;