[v1] SUNRPC: Augment server-side rpcgss tracepoints
diff mbox series

Message ID 20200622205733.2121.66315.stgit@klimt.1015granger.net
State New
Headers show
Series
  • [v1] SUNRPC: Augment server-side rpcgss tracepoints
Related show

Commit Message

Chuck Lever June 22, 2020, 8:57 p.m. UTC
Add similar tracepoints to those that were recently added on the
client side to track failures in the integ and priv unwrap paths.

And, let's collect the seqno-specific tracepoints together with a
common naming convention.

Regarding the gss_check_seq_num() changes: everywhere else treats
the GSS sequence number as an unsigned 32-bit integer. As far back
as 2.6.12, I couldn't find a compelling reason to do things
differently here. As a defensive change it's better to eliminate
needless implicit sign conversions.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 include/trace/events/rpcgss.h     |  168 +++++++++++++++++++++++++++++++------
 net/sunrpc/auth_gss/svcauth_gss.c |  117 +++++++++++++++++---------
 net/sunrpc/auth_gss/trace.c       |    3 +
 3 files changed, 224 insertions(+), 64 deletions(-)

Comments

Dan Carpenter June 23, 2020, 9:26 a.m. UTC | #1
Hi Chuck,

url:    https://github.com/0day-ci/linux/commits/Chuck-Lever/SUNRPC-Augment-server-side-rpcgss-tracepoints/20200623-050035
base:   git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
config: x86_64-randconfig-m001-20200622 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-13) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
net/sunrpc/auth_gss/svcauth_gss.c:1669 svcauth_gss_accept() error: uninitialized symbol 'gc'.

Old smatch warnings:
net/sunrpc/auth_gss/svcauth_gss.c:782 gss_write_verf() warn: returning -1 instead of -ENOMEM is sloppy

# https://github.com/0day-ci/linux/commit/af0f25db1397607ba75ceb1ce13c2b1419d2b156
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout af0f25db1397607ba75ceb1ce13c2b1419d2b156
vim +/gc +1669 net/sunrpc/auth_gss/svcauth_gss.c

^1da177e4c3f41 Linus Torvalds       2005-04-16  1521  static int
d8ed029d6000ba Alexey Dobriyan      2006-09-26  1522  svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1523  {
^1da177e4c3f41 Linus Torvalds       2005-04-16  1524  	struct kvec	*argv = &rqstp->rq_arg.head[0];
^1da177e4c3f41 Linus Torvalds       2005-04-16  1525  	struct kvec	*resv = &rqstp->rq_res.head[0];
^1da177e4c3f41 Linus Torvalds       2005-04-16  1526  	u32		crlen;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1527  	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1528  	struct rpc_gss_wire_cred *gc;
                                                                                  ^^

^1da177e4c3f41 Linus Torvalds       2005-04-16  1529  	struct rsc	*rsci = NULL;
d8ed029d6000ba Alexey Dobriyan      2006-09-26  1530  	__be32		*rpcstart;
d8ed029d6000ba Alexey Dobriyan      2006-09-26  1531  	__be32		*reject_stat = resv->iov_base + resv->iov_len;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1532  	int		ret;
b8be5674fa9a6f Vasily Averin        2018-12-24  1533  	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1534  
^1da177e4c3f41 Linus Torvalds       2005-04-16  1535  	*authp = rpc_autherr_badcred;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1536  	if (!svcdata)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1537  		svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1538  	if (!svcdata)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1539  		goto auth_err;
                                                                ^^^^^^^^^^^^^

^1da177e4c3f41 Linus Torvalds       2005-04-16  1540  	rqstp->rq_auth_data = svcdata;
5b304bc5bfccc8 J.Bruce Fields       2006-10-04  1541  	svcdata->verf_start = NULL;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1542  	svcdata->rsci = NULL;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1543  	gc = &svcdata->clcred;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1544  
^1da177e4c3f41 Linus Torvalds       2005-04-16  1545  	/* start of rpc packet is 7 u32's back from here:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1546  	 * xid direction rpcversion prog vers proc flavour
^1da177e4c3f41 Linus Torvalds       2005-04-16  1547  	 */
^1da177e4c3f41 Linus Torvalds       2005-04-16  1548  	rpcstart = argv->iov_base;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1549  	rpcstart -= 7;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1550  
^1da177e4c3f41 Linus Torvalds       2005-04-16  1551  	/* credential is:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1552  	 *   version(==1), proc(0,1,2,3), seq, service (1,2,3), handle
25985edcedea63 Lucas De Marchi      2011-03-30  1553  	 * at least 5 u32s, and is preceded by length, so that makes 6.
^1da177e4c3f41 Linus Torvalds       2005-04-16  1554  	 */
^1da177e4c3f41 Linus Torvalds       2005-04-16  1555  
^1da177e4c3f41 Linus Torvalds       2005-04-16  1556  	if (argv->iov_len < 5 * 4)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1557  		goto auth_err;
7699431301b189 Alexey Dobriyan      2006-09-26  1558  	crlen = svc_getnl(argv);
7699431301b189 Alexey Dobriyan      2006-09-26  1559  	if (svc_getnl(argv) != RPC_GSS_VERSION)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1560  		goto auth_err;
7699431301b189 Alexey Dobriyan      2006-09-26  1561  	gc->gc_proc = svc_getnl(argv);
7699431301b189 Alexey Dobriyan      2006-09-26  1562  	gc->gc_seq = svc_getnl(argv);
7699431301b189 Alexey Dobriyan      2006-09-26  1563  	gc->gc_svc = svc_getnl(argv);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1564  	if (svc_safe_getnetobj(argv, &gc->gc_ctx))
^1da177e4c3f41 Linus Torvalds       2005-04-16  1565  		goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1566  	if (crlen != round_up_to_quad(gc->gc_ctx.len) + 5 * 4)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1567  		goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1568  
^1da177e4c3f41 Linus Torvalds       2005-04-16  1569  	if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0))
^1da177e4c3f41 Linus Torvalds       2005-04-16  1570  		goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1571  
^1da177e4c3f41 Linus Torvalds       2005-04-16  1572  	*authp = rpc_autherr_badverf;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1573  	switch (gc->gc_proc) {
^1da177e4c3f41 Linus Torvalds       2005-04-16  1574  	case RPC_GSS_PROC_INIT:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1575  	case RPC_GSS_PROC_CONTINUE_INIT:
030d794bf49855 Simo Sorce           2012-05-25  1576  		if (use_gss_proxy(SVC_NET(rqstp)))
030d794bf49855 Simo Sorce           2012-05-25  1577  			return svcauth_gss_proxy_init(rqstp, gc, authp);
030d794bf49855 Simo Sorce           2012-05-25  1578  		else
030d794bf49855 Simo Sorce           2012-05-25  1579  			return svcauth_gss_legacy_init(rqstp, gc, authp);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1580  	case RPC_GSS_PROC_DATA:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1581  	case RPC_GSS_PROC_DESTROY:
21fcd02be34f73 J. Bruce Fields      2007-08-09  1582  		/* Look up the context, and check the verifier: */
^1da177e4c3f41 Linus Torvalds       2005-04-16  1583  		*authp = rpcsec_gsserr_credproblem;
a1db410d0bbadc Stanislav Kinsbursky 2012-01-19  1584  		rsci = gss_svc_searchbyctx(sn->rsc_cache, &gc->gc_ctx);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1585  		if (!rsci)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1586  			goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1587  		switch (gss_verify_header(rqstp, rsci, rpcstart, gc, authp)) {
^1da177e4c3f41 Linus Torvalds       2005-04-16  1588  		case SVC_OK:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1589  			break;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1590  		case SVC_DENIED:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1591  			goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1592  		case SVC_DROP:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1593  			goto drop;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1594  		}
^1da177e4c3f41 Linus Torvalds       2005-04-16  1595  		break;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1596  	default:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1597  		*authp = rpc_autherr_rejectedcred;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1598  		goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1599  	}
^1da177e4c3f41 Linus Torvalds       2005-04-16  1600  
^1da177e4c3f41 Linus Torvalds       2005-04-16  1601  	/* now act upon the command: */
^1da177e4c3f41 Linus Torvalds       2005-04-16  1602  	switch (gc->gc_proc) {
^1da177e4c3f41 Linus Torvalds       2005-04-16  1603  	case RPC_GSS_PROC_DESTROY:
c5e434c98b49f4 Wei Yongjun          2007-05-09  1604  		if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
c5e434c98b49f4 Wei Yongjun          2007-05-09  1605  			goto auth_err;
2b477c00f3bd87 Neil Brown           2016-12-22  1606  		/* Delete the entry from the cache_list and call cache_put */
2b477c00f3bd87 Neil Brown           2016-12-22  1607  		sunrpc_cache_unhash(sn->rsc_cache, &rsci->h);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1608  		if (resv->iov_len + 4 > PAGE_SIZE)
^1da177e4c3f41 Linus Torvalds       2005-04-16  1609  			goto drop;
7699431301b189 Alexey Dobriyan      2006-09-26  1610  		svc_putnl(resv, RPC_SUCCESS);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1611  		goto complete;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1612  	case RPC_GSS_PROC_DATA:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1613  		*authp = rpcsec_gsserr_ctxproblem;
5b304bc5bfccc8 J.Bruce Fields       2006-10-04  1614  		svcdata->verf_start = resv->iov_base + resv->iov_len;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1615  		if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
^1da177e4c3f41 Linus Torvalds       2005-04-16  1616  			goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1617  		rqstp->rq_cred = rsci->cred;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1618  		get_group_info(rsci->cred.cr_group_info);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1619  		*authp = rpc_autherr_badcred;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1620  		switch (gc->gc_svc) {
^1da177e4c3f41 Linus Torvalds       2005-04-16  1621  		case RPC_GSS_SVC_NONE:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1622  			break;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1623  		case RPC_GSS_SVC_INTEGRITY:
b620754bfeb8b0 J. Bruce Fields      2008-07-03  1624  			/* placeholders for length and seq. number: */
b620754bfeb8b0 J. Bruce Fields      2008-07-03  1625  			svc_putnl(resv, 0);
b620754bfeb8b0 J. Bruce Fields      2008-07-03  1626  			svc_putnl(resv, 0);
4c190e2f913f03 Jeff Layton          2013-02-06  1627  			if (unwrap_integ_data(rqstp, &rqstp->rq_arg,
^1da177e4c3f41 Linus Torvalds       2005-04-16  1628  					gc->gc_seq, rsci->mechctx))
dd35210e1e2cb4 Harshula Jayasuriya  2008-02-20  1629  				goto garbage_args;
a5cddc885b9945 J. Bruce Fields      2014-05-12  1630  			rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE;
b620754bfeb8b0 J. Bruce Fields      2008-07-03  1631  			break;
b620754bfeb8b0 J. Bruce Fields      2008-07-03  1632  		case RPC_GSS_SVC_PRIVACY:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1633  			/* placeholders for length and seq. number: */
7699431301b189 Alexey Dobriyan      2006-09-26  1634  			svc_putnl(resv, 0);
7699431301b189 Alexey Dobriyan      2006-09-26  1635  			svc_putnl(resv, 0);
7c9fdcfb1b64c4 J. Bruce Fields      2006-06-30  1636  			if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
7c9fdcfb1b64c4 J. Bruce Fields      2006-06-30  1637  					gc->gc_seq, rsci->mechctx))
dd35210e1e2cb4 Harshula Jayasuriya  2008-02-20  1638  				goto garbage_args;
a5cddc885b9945 J. Bruce Fields      2014-05-12  1639  			rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE * 2;
7c9fdcfb1b64c4 J. Bruce Fields      2006-06-30  1640  			break;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1641  		default:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1642  			goto auth_err;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1643  		}
^1da177e4c3f41 Linus Torvalds       2005-04-16  1644  		svcdata->rsci = rsci;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1645  		cache_get(&rsci->h);
d5497fc693a446 J. Bruce Fields      2012-05-14  1646  		rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
83523d083a045a Chuck Lever          2013-03-16  1647  					rsci->mechctx->mech_type,
83523d083a045a Chuck Lever          2013-03-16  1648  					GSS_C_QOP_DEFAULT,
83523d083a045a Chuck Lever          2013-03-16  1649  					gc->gc_svc);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1650  		ret = SVC_OK;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1651  		goto out;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1652  	}
dd35210e1e2cb4 Harshula Jayasuriya  2008-02-20  1653  garbage_args:
dd35210e1e2cb4 Harshula Jayasuriya  2008-02-20  1654  	ret = SVC_GARBAGE;
dd35210e1e2cb4 Harshula Jayasuriya  2008-02-20  1655  	goto out;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1656  auth_err:
21fcd02be34f73 J. Bruce Fields      2007-08-09  1657  	/* Restore write pointer to its original value: */
^1da177e4c3f41 Linus Torvalds       2005-04-16  1658  	xdr_ressize_check(rqstp, reject_stat);
^1da177e4c3f41 Linus Torvalds       2005-04-16  1659  	ret = SVC_DENIED;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1660  	goto out;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1661  complete:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1662  	ret = SVC_COMPLETE;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1663  	goto out;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1664  drop:
4d712ef1db05c3 Chuck Lever          2016-11-29  1665  	ret = SVC_CLOSE;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1666  out:
^1da177e4c3f41 Linus Torvalds       2005-04-16  1667  	if (rsci)
a1db410d0bbadc Stanislav Kinsbursky 2012-01-19  1668  		cache_put(&rsci->h, sn->rsc_cache);
af0f25db139760 Chuck Lever          2020-06-22 @1669  	trace_rpcgss_svc_authenticate(rqstp, gc);
                                                                                             ^^
Uninitialized.

^1da177e4c3f41 Linus Torvalds       2005-04-16  1670  	return ret;
^1da177e4c3f41 Linus Torvalds       2005-04-16  1671  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Patch
diff mbox series

diff --git a/include/trace/events/rpcgss.h b/include/trace/events/rpcgss.h
index b9b51a4b1db1..ffdbe6f85da8 100644
--- a/include/trace/events/rpcgss.h
+++ b/include/trace/events/rpcgss.h
@@ -170,55 +170,144 @@  DECLARE_EVENT_CLASS(rpcgss_ctx_class,
 DEFINE_CTX_EVENT(init);
 DEFINE_CTX_EVENT(destroy);
 
+DECLARE_EVENT_CLASS(rpcgss_svc_gssapi_class,
+	TP_PROTO(
+		const struct svc_rqst *rqstp,
+		u32 maj_stat
+	),
+
+	TP_ARGS(rqstp, maj_stat),
+
+	TP_STRUCT__entry(
+		__field(u32, xid)
+		__field(u32, maj_stat)
+		__string(addr, rqstp->rq_xprt->xpt_remotebuf)
+	),
+
+	TP_fast_assign(
+		__entry->xid = __be32_to_cpu(rqstp->rq_xid);
+		__entry->maj_stat = maj_stat;
+		__assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
+	),
+
+	TP_printk("addr=%s xid=0x%08x maj_stat=%s",
+		__get_str(addr), __entry->xid,
+		__entry->maj_stat == 0 ?
+		"GSS_S_COMPLETE" : show_gss_status(__entry->maj_stat))
+);
+
+#define DEFINE_SVC_GSSAPI_EVENT(name)					\
+	DEFINE_EVENT(rpcgss_svc_gssapi_class, rpcgss_svc_##name,	\
+			TP_PROTO(					\
+				const struct svc_rqst *rqstp,		\
+				u32 maj_stat				\
+			),						\
+			TP_ARGS(rqstp, maj_stat))
+
+DEFINE_SVC_GSSAPI_EVENT(unwrap);
+DEFINE_SVC_GSSAPI_EVENT(mic);
+
+TRACE_EVENT(rpcgss_svc_unwrap_failed,
+	TP_PROTO(
+		const struct svc_rqst *rqstp
+	),
+
+	TP_ARGS(rqstp),
+
+	TP_STRUCT__entry(
+		__field(u32, xid)
+		__string(addr, rqstp->rq_xprt->xpt_remotebuf)
+	),
+
+	TP_fast_assign(
+		__entry->xid = be32_to_cpu(rqstp->rq_xid);
+		__assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
+	),
+
+	TP_printk("addr=%s xid=0x%08x", __get_str(addr), __entry->xid)
+);
+
+TRACE_EVENT(rpcgss_svc_seqno_bad,
+	TP_PROTO(
+		const struct svc_rqst *rqstp,
+		u32 expected,
+		u32 received
+	),
+
+	TP_ARGS(rqstp, expected, received),
+
+	TP_STRUCT__entry(
+		__field(u32, expected)
+		__field(u32, received)
+		__field(u32, xid)
+		__string(addr, rqstp->rq_xprt->xpt_remotebuf)
+	),
+
+	TP_fast_assign(
+		__entry->expected = expected;
+		__entry->received = received;
+		__entry->xid = __be32_to_cpu(rqstp->rq_xid);
+		__assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
+	),
+
+	TP_printk("addr=%s xid=0x%08x expected seqno %u, received seqno %u",
+		__get_str(addr), __entry->xid,
+		__entry->expected, __entry->received)
+);
+
 TRACE_EVENT(rpcgss_svc_accept_upcall,
 	TP_PROTO(
-		__be32 xid,
+		const struct svc_rqst *rqstp,
 		u32 major_status,
 		u32 minor_status
 	),
 
-	TP_ARGS(xid, major_status, minor_status),
+	TP_ARGS(rqstp, major_status, minor_status),
 
 	TP_STRUCT__entry(
-		__field(u32, xid)
 		__field(u32, minor_status)
 		__field(unsigned long, major_status)
+		__field(u32, xid)
+		__string(addr, rqstp->rq_xprt->xpt_remotebuf)
 	),
 
 	TP_fast_assign(
-		__entry->xid = be32_to_cpu(xid);
 		__entry->minor_status = minor_status;
 		__entry->major_status = major_status;
+		__entry->xid = be32_to_cpu(rqstp->rq_xid);
+		__assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
 	),
 
-	TP_printk("xid=0x%08x major_status=%s (0x%08lx) minor_status=%u",
-		__entry->xid, __entry->major_status == 0 ? "GSS_S_COMPLETE" :
-				show_gss_status(__entry->major_status),
+	TP_printk("addr=%s xid=0x%08x major_status=%s (0x%08lx) minor_status=%u",
+		__get_str(addr), __entry->xid,
+		(__entry->major_status == 0) ? "GSS_S_COMPLETE" :
+			show_gss_status(__entry->major_status),
 		__entry->major_status, __entry->minor_status
 	)
 );
 
-TRACE_EVENT(rpcgss_svc_accept,
+TRACE_EVENT(rpcgss_svc_authenticate,
 	TP_PROTO(
-		__be32 xid,
-		size_t len
+		const struct svc_rqst *rqstp,
+		const struct rpc_gss_wire_cred *gc
 	),
 
-	TP_ARGS(xid, len),
+	TP_ARGS(rqstp, gc),
 
 	TP_STRUCT__entry(
+		__field(u32, seqno)
 		__field(u32, xid)
-		__field(size_t, len)
+		__string(addr, rqstp->rq_xprt->xpt_remotebuf)
 	),
 
 	TP_fast_assign(
-		__entry->xid = be32_to_cpu(xid);
-		__entry->len = len;
+		__entry->xid = be32_to_cpu(rqstp->rq_xid);
+		__entry->seqno = gc->gc_seq;
+		__assign_str(addr, rqstp->rq_xprt->xpt_remotebuf);
 	),
 
-	TP_printk("xid=0x%08x len=%zu",
-		__entry->xid, __entry->len
-	)
+	TP_printk("addr=%s xid=0x%08x seqno=%u", __get_str(addr),
+		__entry->xid, __entry->seqno)
 );
 
 
@@ -371,11 +460,11 @@  TRACE_EVENT(rpcgss_update_slack,
 
 DECLARE_EVENT_CLASS(rpcgss_svc_seqno_class,
 	TP_PROTO(
-		__be32 xid,
+		const struct svc_rqst *rqstp,
 		u32 seqno
 	),
 
-	TP_ARGS(xid, seqno),
+	TP_ARGS(rqstp, seqno),
 
 	TP_STRUCT__entry(
 		__field(u32, xid)
@@ -383,25 +472,52 @@  DECLARE_EVENT_CLASS(rpcgss_svc_seqno_class,
 	),
 
 	TP_fast_assign(
-		__entry->xid = be32_to_cpu(xid);
+		__entry->xid = be32_to_cpu(rqstp->rq_xid);
 		__entry->seqno = seqno;
 	),
 
-	TP_printk("xid=0x%08x seqno=%u, request discarded",
+	TP_printk("xid=0x%08x seqno=%u",
 		__entry->xid, __entry->seqno)
 );
 
 #define DEFINE_SVC_SEQNO_EVENT(name)					\
-	DEFINE_EVENT(rpcgss_svc_seqno_class, rpcgss_svc_##name,		\
+	DEFINE_EVENT(rpcgss_svc_seqno_class, rpcgss_svc_seqno_##name,	\
 			TP_PROTO(					\
-				__be32 xid,				\
+				const struct svc_rqst *rqstp,		\
 				u32 seqno				\
 			),						\
-			TP_ARGS(xid, seqno))
+			TP_ARGS(rqstp, seqno))
 
-DEFINE_SVC_SEQNO_EVENT(large_seqno);
-DEFINE_SVC_SEQNO_EVENT(old_seqno);
+DEFINE_SVC_SEQNO_EVENT(large);
+DEFINE_SVC_SEQNO_EVENT(seen);
 
+TRACE_EVENT(rpcgss_svc_seqno_low,
+	TP_PROTO(
+		const struct svc_rqst *rqstp,
+		u32 seqno,
+		u32 min,
+		u32 max
+	),
+
+	TP_ARGS(rqstp, seqno, min, max),
+
+	TP_STRUCT__entry(
+		__field(u32, xid)
+		__field(u32, seqno)
+		__field(u32, min)
+		__field(u32, max)
+	),
+
+	TP_fast_assign(
+		__entry->xid = be32_to_cpu(rqstp->rq_xid);
+		__entry->seqno = seqno;
+		__entry->min = min;
+		__entry->max = max;
+	),
+
+	TP_printk("xid=0x%08x seqno=%u window=[%u..%u]",
+		__entry->xid, __entry->seqno, __entry->min, __entry->max)
+);
 
 /**
  ** gssd upcall related trace events
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 46027d0c903f..38a252f92621 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -332,7 +332,7 @@  static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct r
 
 struct gss_svc_seq_data {
 	/* highest seq number seen so far: */
-	int			sd_max;
+	u32			sd_max;
 	/* for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of
 	 * sd_win is nonzero iff sequence number i has been seen already: */
 	unsigned long		sd_win[GSS_SEQ_WIN/BITS_PER_LONG];
@@ -613,16 +613,29 @@  gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle)
 	return found;
 }
 
-/* Implements sequence number algorithm as specified in RFC 2203. */
-static int
-gss_check_seq_num(struct rsc *rsci, int seq_num)
+/**
+ * gss_check_seq_num - GSS sequence number window check
+ * @rqstp: RPC Call to use when reporting errors
+ * @rsci: cached GSS context state (updated on return)
+ * @seq_num: sequence number to check
+ *
+ * Implements sequence number algorithm as specified in
+ * RFC 2203, Section 5.3.3.1. "Context Management".
+ *
+ * Return values:
+ *   %true: @rqstp's GSS sequence number is inside the window
+ *   %false: @rqstp's GSS sequence number is outside the window
+ */
+static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci,
+			      u32 seq_num)
 {
 	struct gss_svc_seq_data *sd = &rsci->seqdata;
+	bool result = false;
 
 	spin_lock(&sd->sd_lock);
 	if (seq_num > sd->sd_max) {
 		if (seq_num >= sd->sd_max + GSS_SEQ_WIN) {
-			memset(sd->sd_win,0,sizeof(sd->sd_win));
+			memset(sd->sd_win, 0, sizeof(sd->sd_win));
 			sd->sd_max = seq_num;
 		} else while (sd->sd_max < seq_num) {
 			sd->sd_max++;
@@ -631,17 +644,25 @@  gss_check_seq_num(struct rsc *rsci, int seq_num)
 		__set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
 		goto ok;
 	} else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) {
-		goto drop;
+		goto toolow;
 	}
-	/* sd_max - GSS_SEQ_WIN < seq_num <= sd_max */
 	if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
-		goto drop;
+		goto alreadyseen;
+
 ok:
+	result = true;
+out:
 	spin_unlock(&sd->sd_lock);
-	return 1;
-drop:
-	spin_unlock(&sd->sd_lock);
-	return 0;
+	return result;
+
+toolow:
+	trace_rpcgss_svc_seqno_low(rqstp, seq_num,
+				   sd->sd_max - GSS_SEQ_WIN,
+				   sd->sd_max);
+	goto out;
+alreadyseen:
+	trace_rpcgss_svc_seqno_seen(rqstp, seq_num);
+	goto out;
 }
 
 static inline u32 round_up_to_quad(u32 i)
@@ -721,14 +742,12 @@  gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
 	}
 
 	if (gc->gc_seq > MAXSEQ) {
-		trace_rpcgss_svc_large_seqno(rqstp->rq_xid, gc->gc_seq);
+		trace_rpcgss_svc_seqno_large(rqstp, gc->gc_seq);
 		*authp = rpcsec_gsserr_ctxproblem;
 		return SVC_DENIED;
 	}
-	if (!gss_check_seq_num(rsci, gc->gc_seq)) {
-		trace_rpcgss_svc_old_seqno(rqstp->rq_xid, gc->gc_seq);
+	if (!gss_check_seq_num(rqstp, rsci, gc->gc_seq))
 		return SVC_DROP;
-	}
 	return SVC_OK;
 }
 
@@ -866,11 +885,13 @@  read_u32_from_xdr_buf(struct xdr_buf *buf, int base, u32 *obj)
 static int
 unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
 {
+	u32 integ_len, rseqno, maj_stat;
 	int stat = -EINVAL;
-	u32 integ_len, maj_stat;
 	struct xdr_netobj mic;
 	struct xdr_buf integ_buf;
 
+	mic.data = NULL;
+
 	/* NFS READ normally uses splice to send data in-place. However
 	 * the data in cache can change after the reply's MIC is computed
 	 * but before the RPC reply is sent. To prevent the client from
@@ -885,34 +906,44 @@  unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct g
 
 	integ_len = svc_getnl(&buf->head[0]);
 	if (integ_len & 3)
-		return stat;
+		goto unwrap_failed;
 	if (integ_len > buf->len)
-		return stat;
-	if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len)) {
-		WARN_ON_ONCE(1);
-		return stat;
-	}
+		goto unwrap_failed;
+	if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len))
+		goto unwrap_failed;
+
 	/* copy out mic... */
 	if (read_u32_from_xdr_buf(buf, integ_len, &mic.len))
-		return stat;
+		goto unwrap_failed;
 	if (mic.len > RPC_MAX_AUTH_SIZE)
-		return stat;
+		goto unwrap_failed;
 	mic.data = kmalloc(mic.len, GFP_KERNEL);
 	if (!mic.data)
-		return stat;
+		goto unwrap_failed;
 	if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len))
-		goto out;
+		goto unwrap_failed;
 	maj_stat = gss_verify_mic(ctx, &integ_buf, &mic);
 	if (maj_stat != GSS_S_COMPLETE)
-		goto out;
-	if (svc_getnl(&buf->head[0]) != seq)
-		goto out;
+		goto bad_mic;
+	rseqno = svc_getnl(&buf->head[0]);
+	if (rseqno != seq)
+		goto bad_seqno;
 	/* trim off the mic and padding at the end before returning */
 	xdr_buf_trim(buf, round_up_to_quad(mic.len) + 4);
 	stat = 0;
 out:
 	kfree(mic.data);
 	return stat;
+
+unwrap_failed:
+	trace_rpcgss_svc_unwrap_failed(rqstp);
+	goto out;
+bad_seqno:
+	trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);
+	goto out;
+bad_mic:
+	trace_rpcgss_svc_mic(rqstp, maj_stat);
+	goto out;
 }
 
 static inline int
@@ -937,6 +968,7 @@  unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gs
 {
 	u32 priv_len, maj_stat;
 	int pad, remaining_len, offset;
+	u32 rseqno;
 
 	clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags);
 
@@ -951,7 +983,7 @@  unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gs
 	 * not yet read from the head, so these two values are different: */
 	remaining_len = total_buf_len(buf);
 	if (priv_len > remaining_len)
-		return -EINVAL;
+		goto unwrap_failed;
 	pad = remaining_len - priv_len;
 	buf->len -= pad;
 	fix_priv_head(buf, pad);
@@ -972,11 +1004,22 @@  unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gs
 		fix_priv_head(buf, pad);
 	}
 	if (maj_stat != GSS_S_COMPLETE)
-		return -EINVAL;
+		goto bad_unwrap;
 out_seq:
-	if (svc_getnl(&buf->head[0]) != seq)
-		return -EINVAL;
+	rseqno = svc_getnl(&buf->head[0]);
+	if (rseqno != seq)
+		goto bad_seqno;
 	return 0;
+
+unwrap_failed:
+	trace_rpcgss_svc_unwrap_failed(rqstp);
+	return -EINVAL;
+bad_seqno:
+	trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);
+	return -EINVAL;
+bad_unwrap:
+	trace_rpcgss_svc_unwrap(rqstp, maj_stat);
+	return -EINVAL;
 }
 
 struct gss_svc_data {
@@ -1314,8 +1357,7 @@  static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
 	if (status)
 		goto out;
 
-	trace_rpcgss_svc_accept_upcall(rqstp->rq_xid, ud.major_status,
-				       ud.minor_status);
+	trace_rpcgss_svc_accept_upcall(rqstp, ud.major_status, ud.minor_status);
 
 	switch (ud.major_status) {
 	case GSS_S_CONTINUE_NEEDED:
@@ -1490,8 +1532,6 @@  svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
 	int		ret;
 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
 
-	trace_rpcgss_svc_accept(rqstp->rq_xid, argv->iov_len);
-
 	*authp = rpc_autherr_badcred;
 	if (!svcdata)
 		svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
@@ -1626,6 +1666,7 @@  svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
 out:
 	if (rsci)
 		cache_put(&rsci->h, sn->rsc_cache);
+	trace_rpcgss_svc_authenticate(rqstp, gc);
 	return ret;
 }
 
diff --git a/net/sunrpc/auth_gss/trace.c b/net/sunrpc/auth_gss/trace.c
index 49fa583d7f91..d26036a57443 100644
--- a/net/sunrpc/auth_gss/trace.c
+++ b/net/sunrpc/auth_gss/trace.c
@@ -5,6 +5,9 @@ 
 
 #include <linux/sunrpc/clnt.h>
 #include <linux/sunrpc/sched.h>
+#include <linux/sunrpc/svc.h>
+#include <linux/sunrpc/svc_xprt.h>
+#include <linux/sunrpc/auth_gss.h>
 #include <linux/sunrpc/gss_err.h>
 #include <linux/sunrpc/auth_gss.h>