Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4361847pxj; Tue, 8 Jun 2021 12:25:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBnBu741lGO2OkFyd4duL4zZfF+gyf3ePLnYE4b0oajwP9rAQO7tD3RoP6Ba+YxOaZ1rj3 X-Received: by 2002:a17:906:1d11:: with SMTP id n17mr24625753ejh.215.1623180309139; Tue, 08 Jun 2021 12:25:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623180309; cv=none; d=google.com; s=arc-20160816; b=r84fudaAwg30RRHKA1jGeAH61qHUaX2b7XS8Mcs8rcHMTsH4T1yB9jY+ArRnq6REVa LJKTRhzUfqxau5RFtPuYaIbcjUqaG90k53khEQIWO2Vsp+l0/Up8T8VNvlnY+BDwPy+B tH5U6f9h1XSXCPOOzT9K6gWU3FUia1155+ei4C0fGFZRSszkaX9wiPjSxtocVZ300hBr nSpvpElbwHctUIiuR/tsNVwh/ntmKxeSp/Tc4b/+x2lYcmsaYeLAPITr52qkVtFjTsAP cdWcipJswuvQOzYGisXCOe2TWmOUB6jF2sIyslwIqDoMVNJuoMQc4UXdGwavdErrYFpx XwOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=r1xlspWinCBxxSlZ757oy9UT6WlwH21EloJvL59lff4=; b=MbFStyWvlhfmL2Bb0R52s1CdpqHl13QMUOS2Q0KzoJyiK9EzGEwFBSrjFikpR/7ah3 hbEkqbhntGrVA0mKo5eoYhzGB1D1TZ/5Gde2YvRjnoYpOwTj/rcB9aHJmIW8VPAnu7GT TU3Bb6JheFeYBp7IMKd4G6KFffUjO3GH7UNRudmnjtbvJQcwBYJriehh9zC9GQbr+zuc cUoUE+qaSyVWjd/88QBYUy0Cz4SKDmu8/j2Nd1H8gLG4A5ZBTT1gCfE8HGuSBNsecBY3 rVjATfsdePPxecyXOJAtbMYG96MnL1y8JR5q9PYVRUlIFhY8yV8K14I7wxkTsxxbm1Na 61/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RmHSuuXM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q4si420688edr.469.2021.06.08.12.24.42; Tue, 08 Jun 2021 12:25:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RmHSuuXM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237600AbhFHTWo (ORCPT + 99 others); Tue, 8 Jun 2021 15:22:44 -0400 Received: from mail-il1-f182.google.com ([209.85.166.182]:44575 "EHLO mail-il1-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237662AbhFHTKN (ORCPT ); Tue, 8 Jun 2021 15:10:13 -0400 Received: by mail-il1-f182.google.com with SMTP id i17so20715888ilj.11; Tue, 08 Jun 2021 12:08:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=r1xlspWinCBxxSlZ757oy9UT6WlwH21EloJvL59lff4=; b=RmHSuuXM5RuW5lsjCFArOIVNU2gBGb3ZDdSS8/HSdXbeUZG7/ZvzdjSfofVOpDl7O2 OfSgKhLJR97cKJECKY+uhZvC4zd5pfEN9cf1Mv8HsTrJLzaUldmCNH7jrsz3jZKxTOe+ qARod1NzBSyB/CAF4rNrN5vjoc1+UHqklfl9r/NTmxw7CBVX9kLo1knAKfLdg0rYHb43 DacTu3Z5aezL3HmNIJkQKI4DsmgGD0R2jvD/ZKtMrKmdr+tQYuXsz1QG6xtMXf7qhph/ /XIWKBFfRANmxXSLK7eWcKQLxXfkyPkvwOTIa+A5mnHhc0GdmUcshsLGvVgR5XXsiXag BLuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=r1xlspWinCBxxSlZ757oy9UT6WlwH21EloJvL59lff4=; b=OwHzFHrR3d/owReeroRGKlBbUT1Vx6OXFvNo/FoHZszT4l62F3eY0UwhBeL9yx2Ih4 VDnQGIKYT91c+U4dLGptqWKmqnr2Ohfi9y7I3QVfJl4NO0nCBa5ThQswAyoASCa5SCln rZPHJNiLlJmrXIEV7hLbhl1xg9i1cv3kczwdJI+4gMnhwSO4JBR/FLDjoIgpgx6yMSU0 SasnDuie73ZiyGTErXewwEE94kJT7wRv0QtFHyz+IFAarduxs20eclQt3z5crL/XTCp9 35+z4xBxRZ8pyXhifNnRMn5WqG6sHQAO5MSCBY7IP6lqtMcL1x2FZe64y3HI5jHtZNWL cbAg== X-Gm-Message-State: AOAM532ftzlDSs8nOo5l/pKHi6Yk9SgdzjTESOwxNbbaegFllSayV1zH UBkggbqkY5IHS8/9WcAuv2NlZR+lmNcCQGBwhxoro6Zdpdpk7A== X-Received: by 2002:a92:7b01:: with SMTP id w1mr21291347ilc.100.1623179240094; Tue, 08 Jun 2021 12:07:20 -0700 (PDT) MIME-Version: 1.0 References: <20210608175945.476074951@linuxfoundation.org> <20210608175948.243493420@linuxfoundation.org> In-Reply-To: <20210608175948.243493420@linuxfoundation.org> From: Ilya Dryomov Date: Tue, 8 Jun 2021 21:07:18 +0200 Message-ID: Subject: Re: [PATCH 5.12 083/161] libceph: dont set global_id until we get an auth ticket To: Greg Kroah-Hartman Cc: LKML , stable@vger.kernel.org, Sage Weil , Sasha Levin Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 8, 2021 at 8:48 PM Greg Kroah-Hartman wrote: > > From: Ilya Dryomov > > [ Upstream commit 61ca49a9105faefa003b37542cebad8722f8ae22 ] > > With the introduction of enforcing mode, setting global_id as soon > as we get it in the first MAuth reply will result in EACCES if the > connection is reset before we get the second MAuth reply containing > an auth ticket -- because on retry we would attempt to reclaim that > global_id with no auth ticket at hand. > > Neither ceph_auth_client nor ceph_mon_client depend on global_id > being set ealy, so just delay the setting until we get and process > the second MAuth reply. While at it, complain if the monitor sends > a zero global_id or changes our global_id as the session is likely > to fail after that. > > Cc: stable@vger.kernel.org # needs backporting for < 5.11 > Signed-off-by: Ilya Dryomov > Reviewed-by: Sage Weil > Signed-off-by: Sasha Levin > --- > net/ceph/auth.c | 36 +++++++++++++++++++++++------------- > 1 file changed, 23 insertions(+), 13 deletions(-) > > diff --git a/net/ceph/auth.c b/net/ceph/auth.c > index eb261aa5fe18..de407e8feb97 100644 > --- a/net/ceph/auth.c > +++ b/net/ceph/auth.c > @@ -36,6 +36,20 @@ static int init_protocol(struct ceph_auth_client *ac, int proto) > } > } > > +static void set_global_id(struct ceph_auth_client *ac, u64 global_id) > +{ > + dout("%s global_id %llu\n", __func__, global_id); > + > + if (!global_id) > + pr_err("got zero global_id\n"); > + > + if (ac->global_id && global_id != ac->global_id) > + pr_err("global_id changed from %llu to %llu\n", ac->global_id, > + global_id); > + > + ac->global_id = global_id; > +} > + > /* > * setup, teardown. > */ > @@ -222,11 +236,6 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac, > > payload_end = payload + payload_len; > > - if (global_id && ac->global_id != global_id) { > - dout(" set global_id %lld -> %lld\n", ac->global_id, global_id); > - ac->global_id = global_id; > - } > - > if (ac->negotiating) { > /* server does not support our protocols? */ > if (!protocol && result < 0) { > @@ -253,11 +262,16 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac, > > ret = ac->ops->handle_reply(ac, result, payload, payload_end, > NULL, NULL, NULL, NULL); > - if (ret == -EAGAIN) > + if (ret == -EAGAIN) { > ret = build_request(ac, true, reply_buf, reply_len); > - else if (ret) > + goto out; > + } else if (ret) { > pr_err("auth protocol '%s' mauth authentication failed: %d\n", > ceph_auth_proto_name(ac->protocol), result); > + goto out; > + } > + > + set_global_id(ac, global_id); > > out: > mutex_unlock(&ac->mutex); > @@ -484,15 +498,11 @@ int ceph_auth_handle_reply_done(struct ceph_auth_client *ac, > int ret; > > mutex_lock(&ac->mutex); > - if (global_id && ac->global_id != global_id) { > - dout("%s global_id %llu -> %llu\n", __func__, ac->global_id, > - global_id); > - ac->global_id = global_id; > - } > - > ret = ac->ops->handle_reply(ac, 0, reply, reply + reply_len, > session_key, session_key_len, > con_secret, con_secret_len); > + if (!ret) > + set_global_id(ac, global_id); > mutex_unlock(&ac->mutex); > return ret; > } Hi Greg, I asked Sasha to drop this patch earlier today. Thanks, Ilya