Skip to content

Commit 88fe73c

Browse files
torvaldstorvalds
committed
Merge tag 'nfsd-5.0-2' of git://linux-nfs.org/~bfields/linux
Pull more nfsd fixes from Bruce Fields: "Two small fixes, one for crashes using nfs/krb5 with older enctypes, one that could prevent clients from reclaiming state after a kernel upgrade" * tag 'nfsd-5.0-2' of git://linux-nfs.org/~bfields/linux: sunrpc: fix 4 more call sites that were using stack memory with a scatterlist Revert "nfsd4: return default lease period"
2 parents 55638c5 + e7afe6c commit 88fe73c

File tree

2 files changed

+40
-13
lines changed

2 files changed

+40
-13
lines changed

fs/nfsd/nfsctl.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1239,8 +1239,8 @@ static __net_init int nfsd_init_net(struct net *net)
12391239
retval = nfsd_idmap_init(net);
12401240
if (retval)
12411241
goto out_idmap_error;
1242-
nn->nfsd4_lease = 45; /* default lease time */
1243-
nn->nfsd4_grace = 45;
1242+
nn->nfsd4_lease = 90; /* default lease time */
1243+
nn->nfsd4_grace = 90;
12441244
nn->somebody_reclaimed = false;
12451245
nn->clverifier_counter = prandom_u32();
12461246
nn->clientid_counter = prandom_u32();

net/sunrpc/auth_gss/gss_krb5_seqnum.c

Lines changed: 38 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -44,14 +44,18 @@ krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
4444
unsigned char *cksum, unsigned char *buf)
4545
{
4646
struct crypto_sync_skcipher *cipher;
47-
unsigned char plain[8];
47+
unsigned char *plain;
4848
s32 code;
4949

5050
dprintk("RPC: %s:\n", __func__);
5151
cipher = crypto_alloc_sync_skcipher(kctx->gk5e->encrypt_name, 0, 0);
5252
if (IS_ERR(cipher))
5353
return PTR_ERR(cipher);
5454

55+
plain = kmalloc(8, GFP_NOFS);
56+
if (!plain)
57+
return -ENOMEM;
58+
5559
plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
5660
plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);
5761
plain[2] = (unsigned char) ((seqnum >> 8) & 0xff);
@@ -67,6 +71,7 @@ krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
6771

6872
code = krb5_encrypt(cipher, cksum, plain, buf, 8);
6973
out:
74+
kfree(plain);
7075
crypto_free_sync_skcipher(cipher);
7176
return code;
7277
}
@@ -77,12 +82,17 @@ krb5_make_seq_num(struct krb5_ctx *kctx,
7782
u32 seqnum,
7883
unsigned char *cksum, unsigned char *buf)
7984
{
80-
unsigned char plain[8];
85+
unsigned char *plain;
86+
s32 code;
8187

8288
if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
8389
return krb5_make_rc4_seq_num(kctx, direction, seqnum,
8490
cksum, buf);
8591

92+
plain = kmalloc(8, GFP_NOFS);
93+
if (!plain)
94+
return -ENOMEM;
95+
8696
plain[0] = (unsigned char) (seqnum & 0xff);
8797
plain[1] = (unsigned char) ((seqnum >> 8) & 0xff);
8898
plain[2] = (unsigned char) ((seqnum >> 16) & 0xff);
@@ -93,15 +103,17 @@ krb5_make_seq_num(struct krb5_ctx *kctx,
93103
plain[6] = direction;
94104
plain[7] = direction;
95105

96-
return krb5_encrypt(key, cksum, plain, buf, 8);
106+
code = krb5_encrypt(key, cksum, plain, buf, 8);
107+
kfree(plain);
108+
return code;
97109
}
98110

99111
static s32
100112
krb5_get_rc4_seq_num(struct krb5_ctx *kctx, unsigned char *cksum,
101113
unsigned char *buf, int *direction, s32 *seqnum)
102114
{
103115
struct crypto_sync_skcipher *cipher;
104-
unsigned char plain[8];
116+
unsigned char *plain;
105117
s32 code;
106118

107119
dprintk("RPC: %s:\n", __func__);
@@ -113,20 +125,28 @@ krb5_get_rc4_seq_num(struct krb5_ctx *kctx, unsigned char *cksum,
113125
if (code)
114126
goto out;
115127

128+
plain = kmalloc(8, GFP_NOFS);
129+
if (!plain) {
130+
code = -ENOMEM;
131+
goto out;
132+
}
133+
116134
code = krb5_decrypt(cipher, cksum, buf, plain, 8);
117135
if (code)
118-
goto out;
136+
goto out_plain;
119137

120138
if ((plain[4] != plain[5]) || (plain[4] != plain[6])
121139
|| (plain[4] != plain[7])) {
122140
code = (s32)KG_BAD_SEQ;
123-
goto out;
141+
goto out_plain;
124142
}
125143

126144
*direction = plain[4];
127145

128146
*seqnum = ((plain[0] << 24) | (plain[1] << 16) |
129147
(plain[2] << 8) | (plain[3]));
148+
out_plain:
149+
kfree(plain);
130150
out:
131151
crypto_free_sync_skcipher(cipher);
132152
return code;
@@ -139,26 +159,33 @@ krb5_get_seq_num(struct krb5_ctx *kctx,
139159
int *direction, u32 *seqnum)
140160
{
141161
s32 code;
142-
unsigned char plain[8];
162+
unsigned char *plain;
143163
struct crypto_sync_skcipher *key = kctx->seq;
144164

145165
dprintk("RPC: krb5_get_seq_num:\n");
146166

147167
if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
148168
return krb5_get_rc4_seq_num(kctx, cksum, buf,
149169
direction, seqnum);
170+
plain = kmalloc(8, GFP_NOFS);
171+
if (!plain)
172+
return -ENOMEM;
150173

151174
if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))
152-
return code;
175+
goto out;
153176

154177
if ((plain[4] != plain[5]) || (plain[4] != plain[6]) ||
155-
(plain[4] != plain[7]))
156-
return (s32)KG_BAD_SEQ;
178+
(plain[4] != plain[7])) {
179+
code = (s32)KG_BAD_SEQ;
180+
goto out;
181+
}
157182

158183
*direction = plain[4];
159184

160185
*seqnum = ((plain[0]) |
161186
(plain[1] << 8) | (plain[2] << 16) | (plain[3] << 24));
162187

163-
return 0;
188+
out:
189+
kfree(plain);
190+
return code;
164191
}

0 commit comments

Comments
 (0)