Commit d1a8016a authored by Bryan Schumaker's avatar Bryan Schumaker Committed by Trond Myklebust

NFS: Fix infinite loop in gss_create_upcall()

There can be an infinite loop if gss_create_upcall() is called without
the userspace program running.  To prevent this, we return -EACCES if
we notice that pipe_version hasn't changed (indicating that the pipe
has not been opened).
Signed-off-by: default avatarBryan Schumaker <bjschuma@netapp.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 79a48a1f
...@@ -2224,7 +2224,8 @@ static int nfs4_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle, ...@@ -2224,7 +2224,8 @@ static int nfs4_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
status = nfs4_lookup_root_sec(server, fhandle, info, flav_array[i]); status = nfs4_lookup_root_sec(server, fhandle, info, flav_array[i]);
if (status != -EPERM) if (status == -EPERM || status == -EACCES)
continue;
break; break;
} }
if (status == 0) if (status == 0)
......
...@@ -520,7 +520,7 @@ gss_refresh_upcall(struct rpc_task *task) ...@@ -520,7 +520,7 @@ gss_refresh_upcall(struct rpc_task *task)
warn_gssd(); warn_gssd();
task->tk_timeout = 15*HZ; task->tk_timeout = 15*HZ;
rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL); rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
return 0; return -EAGAIN;
} }
if (IS_ERR(gss_msg)) { if (IS_ERR(gss_msg)) {
err = PTR_ERR(gss_msg); err = PTR_ERR(gss_msg);
...@@ -563,10 +563,12 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) ...@@ -563,10 +563,12 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
if (PTR_ERR(gss_msg) == -EAGAIN) { if (PTR_ERR(gss_msg) == -EAGAIN) {
err = wait_event_interruptible_timeout(pipe_version_waitqueue, err = wait_event_interruptible_timeout(pipe_version_waitqueue,
pipe_version >= 0, 15*HZ); pipe_version >= 0, 15*HZ);
if (pipe_version < 0) {
warn_gssd();
err = -EACCES;
}
if (err) if (err)
goto out; goto out;
if (pipe_version < 0)
warn_gssd();
goto retry; goto retry;
} }
if (IS_ERR(gss_msg)) { if (IS_ERR(gss_msg)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment