Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1449854pxb;
        Thu, 4 Mar 2021 11:33:35 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxnIe5XXG5r6Q4yFqWWmwOBXXKPsyNc0m0IoSr6RVkZPKVK2aZ7cZQiumKa8V7UKFBM10al
X-Received: by 2002:a17:906:90d8:: with SMTP id v24mr5914069ejw.547.1614886415503;
        Thu, 04 Mar 2021 11:33:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614886415; cv=none;
        d=google.com; s=arc-20160816;
        b=noy1F4YSfCMPtka93EODvfkJ5pz/xRJgYRoeRVxfyjePKOLhU84xY4r5oyyulKB26G
         U1ATQZy8b49P7fey6hDk7McmTR7jJ54elgTLW4W+M7+ADdot/0NMm/ygql0QUYCTOucz
         /5RT+K/vEMaeY8tj5RDu8Cw/GWHZn/R262ZZ+xE7DWMV7YrlZ0af06/JscGAFiWh5eSf
         pd0yxb35FCfJA+8QPq2q/M3t2DTtuCfHfyBhf86V2f3Rm/xc8uEXWVc8/siOg3r3UNWn
         OuK5/FjHAhPQJcdpDN87/WBqmfkaDVnv+ErXD2XJIuM4Hl3ScUAv6OS/WIg9xkmEFvpe
         nzNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=3NjD4PVl9PRy4T1UesXVwWBQ1kl5QplPSw/6OJvb/Vw=;
        b=t5G2jf2R7Ew1JE5EgGV+XkvlE8SIYnnmappfOOr8LICfPckttKHgvOTuUrDTnTc2Nd
         z078xcCnltTdO8w9kszoIO8e/7kCML8uY/aOKKQSIXrR9Cvqxxn0euMSTi1kpGG6mH5H
         mfcPLigtMwvCNyxwvPlo2sLtHp2lzGV0pvMsH6oUn9/2OezhFThKxFyOjaB4JhLxSpJB
         ZCmDm7Q5QKEWqIZoCB8mGJM7csDdCtmVSQ6RGOMfzIYgYtRRQDkyd2tN2P8FpBPlFFmm
         Z993M+JjCZxoouO2QSthJ1YURnfe/9zTaxrqQx2tebcWB6s6ZkC1u4R9Jd/w/2b/2wwE
         e4eA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="UB27/wqm";
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e16si253001edz.607.2021.03.04.11.33.07;
        Thu, 04 Mar 2021 11:33:35 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="UB27/wqm";
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230429AbhCDTcD (ORCPT <rfc822;prasannabanumathi@gmail.com>
        + 99 others); Thu, 4 Mar 2021 14:32:03 -0500
Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:21669 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S236098AbhCDTbd (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Thu, 4 Mar 2021 14:31:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1614886208;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=3NjD4PVl9PRy4T1UesXVwWBQ1kl5QplPSw/6OJvb/Vw=;
        b=UB27/wqm2dPRb4lWN3Of3YMPTyxTt4jC6MX19MqGOOY9f9uUmNVCRTaCajcWRLwjn9MQfe
        Jb2SyqbAI46/NaImz4vUoFP8l9Wp9LqhzD2WWsQ08lFd8NyhYJ7CobG3b0xxlcY/oYm8k6
        JP4GbpdXRsbewfuL9mUfUcszI6CZKNw=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-357-dttu6N0APWGP3VP7pYhLYw-1; Thu, 04 Mar 2021 14:30:06 -0500
X-MC-Unique: dttu6N0APWGP3VP7pYhLYw-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3329E800D53;
        Thu,  4 Mar 2021 19:30:05 +0000 (UTC)
Received: from aion.usersys.redhat.com (ovpn-112-125.rdu2.redhat.com [10.10.112.125])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 14F7862688;
        Thu,  4 Mar 2021 19:30:05 +0000 (UTC)
Received: by aion.usersys.redhat.com (Postfix, from userid 1000)
        id 49CB11A003C; Thu,  4 Mar 2021 14:30:04 -0500 (EST)
Date:   Thu, 4 Mar 2021 14:30:04 -0500
From:   Scott Mayhew <smayhew@redhat.com>
To:     libtirpc-devel@lists.sourceforge.net
Cc:     linux-nfs@vger.kernel.org
Subject: Re: [PATCH] libtirpc: disallow calling auth_refresh from clnt_call
 with RPCSEC_GSS
Message-ID: <20210304193004.GE2597609@aion.usersys.redhat.com>
References: <20210304191955.1928383-1-smayhew@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210304191955.1928383-1-smayhew@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

On Thu, 04 Mar 2021, Scott Mayhew wrote:

> Disallow calling auth_refresh from clnt_{dg,vc}_call if the client is
> using RPCSEC_GSS.  Doing so can recurse back into clnt_{dg,vc}_call,
> where we'll self-deadlock waiting on the condition variable.

Note this fixes the issue that some folks were having at the Virtual
Bakeathon where clients were hanging when mounting some servers that
didn't have krb5 configured.

-Scott

> 
> Signed-off-by: Scott Mayhew <smayhew@redhat.com>
> ---
>  src/auth_gss.c       | 6 ++++++
>  src/clnt_dg.c        | 8 ++++++++
>  src/clnt_vc.c        | 9 +++++++++
>  tirpc/rpc/auth_gss.h | 2 ++
>  4 files changed, 25 insertions(+)
> 
> diff --git a/src/auth_gss.c b/src/auth_gss.c
> index d871672..e317664 100644
> --- a/src/auth_gss.c
> +++ b/src/auth_gss.c
> @@ -982,3 +982,9 @@ rpc_gss_max_data_length(AUTH *auth, int maxlen)
>  	rpc_gss_clear_error();
>  	return result;
>  }
> +
> +bool_t
> +is_authgss_client(CLIENT *clnt)
> +{
> +	return (clnt->cl_auth->ah_ops == &authgss_ops);
> +}
> diff --git a/src/clnt_dg.c b/src/clnt_dg.c
> index abc09f1..e1255de 100644
> --- a/src/clnt_dg.c
> +++ b/src/clnt_dg.c
> @@ -61,6 +61,9 @@
>  #include <sys/uio.h>
>  #endif
>  
> +#ifdef HAVE_RPCSEC_GSS
> +#include <rpc/auth_gss.h>
> +#endif
>  
>  #define MAX_DEFAULT_FDS                 20000
>  
> @@ -334,6 +337,11 @@ clnt_dg_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout)
>  		salen = cu->cu_rlen;
>  	}
>  
> +#ifdef HAVE_RPCSEC_GSS
> +	if (is_authgss_client(cl))
> +		nrefreshes = 0;
> +#endif
> +
>  	/* Clean up in case the last call ended in a longjmp(3) call. */
>  call_again:
>  	xdrs = &(cu->cu_outxdrs);
> diff --git a/src/clnt_vc.c b/src/clnt_vc.c
> index 6f7f7da..a07e297 100644
> --- a/src/clnt_vc.c
> +++ b/src/clnt_vc.c
> @@ -69,6 +69,10 @@
>  #include "rpc_com.h"
>  #include "clnt_fd_locks.h"
>  
> +#ifdef HAVE_RPCSEC_GSS
> +#include <rpc/auth_gss.h>
> +#endif
> +
>  #define MCALL_MSG_SIZE 24
>  
>  #define CMGROUP_MAX    16
> @@ -363,6 +367,11 @@ clnt_vc_call(cl, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout)
>  	    (xdr_results == NULL && timeout.tv_sec == 0
>  	    && timeout.tv_usec == 0) ? FALSE : TRUE;
>  
> +#ifdef HAVE_RPCSEC_GSS
> +	if (is_authgss_client(cl))
> +		refreshes = 0;
> +#endif
> +
>  call_again:
>  	xdrs->x_op = XDR_ENCODE;
>  	ct->ct_error.re_status = RPC_SUCCESS;
> diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
> index 5316ed6..f2af6e9 100644
> --- a/tirpc/rpc/auth_gss.h
> +++ b/tirpc/rpc/auth_gss.h
> @@ -120,6 +120,8 @@ void	gss_log_debug		(const char *fmt, ...);
>  void	gss_log_status		(char *m, OM_uint32 major, OM_uint32 minor);
>  void	gss_log_hexdump		(const u_char *buf, int len, int offset);
>  
> +bool_t	is_authgss_client	(CLIENT *);
> +
>  #ifdef __cplusplus
>  }
>  #endif
> -- 
> 2.25.4
>