upstream nfsd kernel oops in auth_rpcgss
diff mbox

Message ID 20170131172307.GC5727@fieldses.org
State New
Headers show

Commit Message

J. Bruce Fields Jan. 31, 2017, 5:23 p.m. UTC
On Mon, Jan 30, 2017 at 04:36:50PM -0500, Olga Kornievskaia wrote:
> On Mon, Jan 30, 2017 at 4:23 PM, J. Bruce Fields <bfields@redhat.com> wrote:
> > Does this do it?
> >
> > diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
> > index dc6fb79a361f..25d9a9cf7b66 100644
> > --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
> > +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
> > @@ -260,7 +260,7 @@ static int gssx_dec_option_array(struct xdr_stream *xdr,
> >         if (!oa->data)
> >                 return -ENOMEM;
> >
> > -       creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL);
> > +       creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL);
> >         if (!creds) {
> >                 kfree(oa->data);
> >                 return -ENOMEM;
> 
> Yes, it does!

Applying for 4.10 as follows.  Thanks!

--b.

commit 154f2f7cade0
Author: J. Bruce Fields <bfields@redhat.com>
Date:   Tue Jan 31 11:37:50 2017 -0500

    svcrpc: fix oops in absence of krb5 module
    
    Olga Kornievskaia says: "I ran into this oops in the nfsd (below)
    (4.10-rc3 kernel). To trigger this I had a client (unsuccessfully) try
    to mount the server with krb5 where the server doesn't have the
    rpcsec_gss_krb5 module built."
    
    The problem is that rsci.cred is copied from a svc_cred structure that
    gss_proxy didn't properly initialize.  Fix that.
    
    [120408.542387] general protection fault: 0000 [#1] SMP
    ...
    [120408.565724] CPU: 0 PID: 3601 Comm: nfsd Not tainted 4.10.0-rc3+ #16
    [120408.567037] Hardware name: VMware, Inc. VMware Virtual =
    Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
    [120408.569225] task: ffff8800776f95c0 task.stack: ffffc90003d58000
    [120408.570483] RIP: 0010:gss_mech_put+0xb/0x20 [auth_rpcgss]
    ...
    [120408.584946]  ? rsc_free+0x55/0x90 [auth_rpcgss]
    [120408.585901]  gss_proxy_save_rsc+0xb2/0x2a0 [auth_rpcgss]
    [120408.587017]  svcauth_gss_proxy_init+0x3cc/0x520 [auth_rpcgss]
    [120408.588257]  ? __enqueue_entity+0x6c/0x70
    [120408.589101]  svcauth_gss_accept+0x391/0xb90 [auth_rpcgss]
    [120408.590212]  ? try_to_wake_up+0x4a/0x360
    [120408.591036]  ? wake_up_process+0x15/0x20
    [120408.592093]  ? svc_xprt_do_enqueue+0x12e/0x2d0 [sunrpc]
    [120408.593177]  svc_authenticate+0xe1/0x100 [sunrpc]
    [120408.594168]  svc_process_common+0x203/0x710 [sunrpc]
    [120408.595220]  svc_process+0x105/0x1c0 [sunrpc]
    [120408.596278]  nfsd+0xe9/0x160 [nfsd]
    [120408.597060]  kthread+0x101/0x140
    [120408.597734]  ? nfsd_destroy+0x60/0x60 [nfsd]
    [120408.598626]  ? kthread_park+0x90/0x90
    [120408.599448]  ret_from_fork+0x22/0x30
    
    Fixes: 1d658336b05f "SUNRPC: Add RPC based upcall mechanism for RPCGSS auth"
    Cc: stable@vger.kernel.org
    Cc: Simo Sorce <simo@redhat.com>
    Reported-by: Olga Kornievskaia <kolga@netapp.com>
    Tested-by: Olga Kornievskaia <kolga@netapp.com>
    Signed-off-by: J. Bruce Fields <bfields@redhat.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index dc6fb79a361f..25d9a9cf7b66 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -260,7 +260,7 @@  static int gssx_dec_option_array(struct xdr_stream *xdr,
 	if (!oa->data)
 		return -ENOMEM;
 
-	creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL);
+	creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL);
 	if (!creds) {
 		kfree(oa->data);
 		return -ENOMEM;