Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4375409pxj; Tue, 8 Jun 2021 12:45:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2ksgXx4CV0NQmHiFuaiVkoaonYG6uM/+za5Cb3pD7hflvECYyS3gG+2Hy8XkF/djfSjFn X-Received: by 2002:a17:906:c289:: with SMTP id r9mr22316283ejz.355.1623181559680; Tue, 08 Jun 2021 12:45:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623181559; cv=none; d=google.com; s=arc-20160816; b=ADKXSDiZx6AeMkogDyqUCnTXL2D89nWBqqaXuyZQ6U0gZ5o9PTX1lM0mcMLztViLhr 9sHurPTySXyQ549S4k34gKhmevPliA6jf1NrQ46wMjFnDdmLcTQjewo5LTDzjtZUfrYn zVllsflKdZSQjrEwHKdzh+aiF4j10XW3erZSen9GrWq4qQWoTeK7RA4Us9qvqBF2CfdM FYTbZlyuSAXA8hRcsWYQHKiW4IpxgLYlNNB4ApELeHpIrtALYX1+iSjZ7+xFZ5DP8ECi kAjtaRURMmTkW0iutqeStirKuhGQMP8C07EZ/B9QSQSX+K7vUdsXVdEpkcALD0/U5LYe rCfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=HJ8rnWqOEbeNiQiIKCMICozUoicUYyenJT1hlLOu16o=; b=pV8qk7PdlqBoPQJMdhYJLs00lbXWz3TswsgP7Ku7RydCa30KBqfqxzK0S4d81qnO3J WnyNmJwC8v4ofYj8SgXTjHd+a2IDQKfyPCmkiDwPSdJWICnPbhU2wnFqM3eT/bUDgT05 nMUCsI5dQ0LfY0RlmWMzLnD+wUlglIamFzl5efVxxYsz1EkyrRNyI2JXeMN53o39iGfQ d9ka5BWZGCXYgkymGJeEgfzFWZRtricmC0GUoibmSF0O3L5iswmfqXbiFdaFTTAVnJFi Dlmc2GNe3BFseOClsPVHlHFDe8DT1GDs7tXSDRSD2HNSldpV3eYbJNVZnw+Gp8xuFl+E 7/Rw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=b69NKJPl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r18si377642edd.158.2021.06.08.12.45.35; Tue, 08 Jun 2021 12:45:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=b69NKJPl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236435AbhFHTpJ (ORCPT + 99 others); Tue, 8 Jun 2021 15:45:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43610 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238715AbhFHToq (ORCPT ); Tue, 8 Jun 2021 15:44:46 -0400 Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 847A7C061574; Tue, 8 Jun 2021 12:39:19 -0700 (PDT) Received: by mail-il1-x12f.google.com with SMTP id b9so20969835ilr.2; Tue, 08 Jun 2021 12:39:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HJ8rnWqOEbeNiQiIKCMICozUoicUYyenJT1hlLOu16o=; b=b69NKJPlTlavMBJWWeaGIAN3zvAy7MACAIF5OyJUifBFnHsqtyfYkbl4pIvaOh0+Kg E/3RB1vlGyz3A2E7mt2JCJGe2oPA1lgIMT5svPoX57sSeFOIGcp0bp6MtsNrElTnBK29 z/8llJcLB0V21tn3WJVBQ24D2XwVF5d4QaI50noBRZQ0PEuS5TcqRJ8ZBK+GPH9WJvQV 2cBHH1u4etkWhDxMZbuhhpRwWtR+Tyd/p0VS/hgT/ZsdWWmaxTngVW5eMVuPtYUvBmUe JEEw/Nzwk5QAWU+pC8ywVrC3TgA23XhkLtltD3eIMSmDMMbEk9NZOrLdAfzJw4jiB9Kp 9Qjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HJ8rnWqOEbeNiQiIKCMICozUoicUYyenJT1hlLOu16o=; b=uFcetPp/pw53kBKhM4OMKkopvpS2jCcFRIpB75K52IBZ0vKm0kF/mGhamZL/DTKxtf iMYkF9S1iUfZTNsDXchfm8dCeUKDDR0J2XAm3KOF3Fa6tx1T7pB64s/QPtgyhlwCGQI6 rZxHKXv4NpQW/LfZOl5CkKbAqIoXBImqisImF52QhVxikBDyPnKaobB1OQKXj11scWq1 HSc8mMjC0DTYFKMGUyCcBlUYPxMOBpTA42NNjC1DJtq6IHhNFr6WCwsGUXsh3Ls8jVRm 9Vgz6zDTV7gKMNMp/8xmUxdLBKs+MU3+rVLH2yPC4smtZw4s/NIoLChX7yAijTdDlkqx LwMA== X-Gm-Message-State: AOAM5337UKM6zRsa90mU7EUZGlbbjeTpThxwx4JW5Gkpk07zsycBFd2B A3bdQceZ+Hu+gFfAl9GhkzsUbVSYkRYwXpjblqWLYulztinq8w== X-Received: by 2002:a6b:287:: with SMTP id 129mr16340585ioc.182.1623181158977; Tue, 08 Jun 2021 12:39:18 -0700 (PDT) MIME-Version: 1.0 References: <20210608175945.476074951@linuxfoundation.org> <20210608175948.243493420@linuxfoundation.org> In-Reply-To: From: Ilya Dryomov Date: Tue, 8 Jun 2021 21:39:18 +0200 Message-ID: Subject: Re: [PATCH 5.12 083/161] libceph: dont set global_id until we get an auth ticket To: Sasha Levin Cc: Greg Kroah-Hartman , LKML , stable@vger.kernel.org, Sage Weil Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 8, 2021 at 9:24 PM Sasha Levin wrote: > > On Tue, Jun 08, 2021 at 09:07:18PM +0200, Ilya Dryomov wrote: > >On Tue, Jun 8, 2021 at 8:48 PM Greg Kroah-Hartman > > wrote: > >> > >> From: Ilya Dryomov > >> > >> [ Upstream commit 61ca49a9105faefa003b37542cebad8722f8ae22 ] > >> > >> With the introduction of enforcing mode, setting global_id as soon > >> as we get it in the first MAuth reply will result in EACCES if the > >> connection is reset before we get the second MAuth reply containing > >> an auth ticket -- because on retry we would attempt to reclaim that > >> global_id with no auth ticket at hand. > >> > >> Neither ceph_auth_client nor ceph_mon_client depend on global_id > >> being set ealy, so just delay the setting until we get and process > >> the second MAuth reply. While at it, complain if the monitor sends > >> a zero global_id or changes our global_id as the session is likely > >> to fail after that. > >> > >> Cc: stable@vger.kernel.org # needs backporting for < 5.11 > >> Signed-off-by: Ilya Dryomov > >> Reviewed-by: Sage Weil > >> Signed-off-by: Sasha Levin > >> --- > >> net/ceph/auth.c | 36 +++++++++++++++++++++++------------- > >> 1 file changed, 23 insertions(+), 13 deletions(-) > >> > >> diff --git a/net/ceph/auth.c b/net/ceph/auth.c > >> index eb261aa5fe18..de407e8feb97 100644 > >> --- a/net/ceph/auth.c > >> +++ b/net/ceph/auth.c > >> @@ -36,6 +36,20 @@ static int init_protocol(struct ceph_auth_client *ac, int proto) > >> } > >> } > >> > >> +static void set_global_id(struct ceph_auth_client *ac, u64 global_id) > >> +{ > >> + dout("%s global_id %llu\n", __func__, global_id); > >> + > >> + if (!global_id) > >> + pr_err("got zero global_id\n"); > >> + > >> + if (ac->global_id && global_id != ac->global_id) > >> + pr_err("global_id changed from %llu to %llu\n", ac->global_id, > >> + global_id); > >> + > >> + ac->global_id = global_id; > >> +} > >> + > >> /* > >> * setup, teardown. > >> */ > >> @@ -222,11 +236,6 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac, > >> > >> payload_end = payload + payload_len; > >> > >> - if (global_id && ac->global_id != global_id) { > >> - dout(" set global_id %lld -> %lld\n", ac->global_id, global_id); > >> - ac->global_id = global_id; > >> - } > >> - > >> if (ac->negotiating) { > >> /* server does not support our protocols? */ > >> if (!protocol && result < 0) { > >> @@ -253,11 +262,16 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac, > >> > >> ret = ac->ops->handle_reply(ac, result, payload, payload_end, > >> NULL, NULL, NULL, NULL); > >> - if (ret == -EAGAIN) > >> + if (ret == -EAGAIN) { > >> ret = build_request(ac, true, reply_buf, reply_len); > >> - else if (ret) > >> + goto out; > >> + } else if (ret) { > >> pr_err("auth protocol '%s' mauth authentication failed: %d\n", > >> ceph_auth_proto_name(ac->protocol), result); > >> + goto out; > >> + } > >> + > >> + set_global_id(ac, global_id); > >> > >> out: > >> mutex_unlock(&ac->mutex); > >> @@ -484,15 +498,11 @@ int ceph_auth_handle_reply_done(struct ceph_auth_client *ac, > >> int ret; > >> > >> mutex_lock(&ac->mutex); > >> - if (global_id && ac->global_id != global_id) { > >> - dout("%s global_id %llu -> %llu\n", __func__, ac->global_id, > >> - global_id); > >> - ac->global_id = global_id; > >> - } > >> - > >> ret = ac->ops->handle_reply(ac, 0, reply, reply + reply_len, > >> session_key, session_key_len, > >> con_secret, con_secret_len); > >> + if (!ret) > >> + set_global_id(ac, global_id); > >> mutex_unlock(&ac->mutex); > >> return ret; > >> } > > > >Hi Greg, > > > >I asked Sasha to drop this patch earlier today. > > I've dropped it now, but I think I'm missing your previous request. Was > it as a reply to the added-to mail? I just want to make sure I'm not > missing your mails. Yes, but it looks like it didn't make it to stable-commits mailing list either. Weird... MIME-Version: 1.0 Date: Tue, 8 Jun 2021 11:13:08 +0200 References: <20210608011339.51B0F6124C@mail.kernel.org> In-Reply-To: <20210608011339.51B0F6124C@mail.kernel.org> Message-ID: Subject: Re: Patch "libceph: don't set global_id until we get an auth ticket" has been added to the 5.12-stable tree From: Ilya Dryomov To: Sasha Levin Cc: stable-commits@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Thanks, Ilya