From patchwork Thu Feb  7 15:08:53 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilya Dryomov <idryomov@gmail.com>
X-Patchwork-Id: 10801383
Return-Path: <ceph-devel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A13076C2
	for <patchwork-ceph-devel@patchwork.kernel.org>;
 Thu,  7 Feb 2019 15:09:18 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B9002D80E
	for <patchwork-ceph-devel@patchwork.kernel.org>;
 Thu,  7 Feb 2019 15:09:18 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7DF682D810; Thu,  7 Feb 2019 15:09:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0DC482D80E
	for <patchwork-ceph-devel@patchwork.kernel.org>;
 Thu,  7 Feb 2019 15:09:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726832AbfBGPJQ (ORCPT
        <rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
        Thu, 7 Feb 2019 10:09:16 -0500
Received: from mail-wr1-f66.google.com ([209.85.221.66]:33444 "EHLO
        mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726048AbfBGPJQ (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Thu, 7 Feb 2019 10:09:16 -0500
Received: by mail-wr1-f66.google.com with SMTP id a16so233004wrv.0
        for <ceph-devel@vger.kernel.org>;
 Thu, 07 Feb 2019 07:09:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=Rq66gNy1YdmMx4lG1rBta1DyBeVf4jc2bPYlT6yUH8g=;
        b=BTuw9lHmNKsu96HxN2eVdwhbv6y558yNZmmaWxGQnpaXJqUQoGwXAVDLe8O0b/xrbc
         SAc4iWHOqdbyfdlAyfU/SOqocCaDrV3bLuehwBOe0Yoz4I9Cyi5Ha8ycRA9G+Kt7xcGe
         IAqC9PoDBCJHAFKmqK8Oq7yjdQpnuj5QM7VPx/8on2tjqgbG/SkK8ZdLFkMB/S5USzHT
         YYBrJ4f3iNApDpD66acbavups5XgcRzqHoXmly+TOpze+DZ8dDENwpbNB6eDixh1Dqzo
         eJGWFWwQntkYPhZefgwsinUFyOyZ7Nh6B1bFa2lhpgN809aad8rPEndMokoyobXeNfFD
         BKew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=Rq66gNy1YdmMx4lG1rBta1DyBeVf4jc2bPYlT6yUH8g=;
        b=LRN0NenqOKOyDiZT/j5cEev5x00D/PFuLhDsD2H7CzPSwgW2Yu+PRlL9ye2eU2zjem
         VfzApoiOE1+7IQ3a5B+KX/BVAAMR0XF2w1M2Li+ZSph23w3fQkDNnmS8QTtgG66Obr+H
         jnPWDhQcZNHz9DEWCz3i/W5GytFfhUWLtOCRPddyubp6MWWkRgnEXYzXaw3mHr+LVb6T
         KUDV7YysHwGBUb0B4ghloKOnxYwjUFpIxvaglwd916jAGDNr/PS9nvvcPLroAFfYmkZo
         +nsfPSrZ8e8+2jRduWHAbXQOGaf7rI9koq0v9DisCPMN4eutjnW5cWjdsfq3CWX93GJj
         dT1w==
X-Gm-Message-State: AHQUAuaH8FnBtPd37ybstpqJg6jJjmEe+ousZ61rO7tDF9LTCXarYcVj
        xAx6ZCOAZL7nFSpNx6mrTOleXV/I
X-Google-Smtp-Source: 
 AHgI3Ib5/loZwaZSgLdy3rS0Lf7Cu74Ik1EWB59VVj8AmQLUhNEruApJ8Md5HTn3b2HWR9jyLPSXiw==
X-Received: by 2002:adf:ba8d:: with SMTP id p13mr7031056wrg.53.1549552154212;
        Thu, 07 Feb 2019 07:09:14 -0800 (PST)
Received: from orange.brq.redhat.com (nat-pool-brq-t.redhat.com.
 [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id
 w24sm8584662wmi.46.2019.02.07.07.09.12
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 07 Feb 2019 07:09:12 -0800 (PST)
From: Ilya Dryomov <idryomov@gmail.com>
To: ceph-devel@vger.kernel.org
Cc: Sage Weil <sweil@redhat.com>
Subject: [PATCH] libceph: handle an empty authorize reply
Date: Thu,  7 Feb 2019 16:08:53 +0100
Message-Id: <20190207150853.19347-1-idryomov@gmail.com>
X-Mailer: git-send-email 2.14.4
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The authorize reply can be empty, for example when the ticket used to
build the authorizer is too old and TAG_BADAUTHORIZER is returned from
the service.  Calling ->verify_authorizer_reply() results in an attempt
to decrypt and validate (somewhat) random data in au->buf (most likely
the signature block from calc_signature()), which fails and ends up in
con_fault_finish() with !con->auth_retry.  The ticket isn't invalidated
and the connection is retried again and again until a new ticket is
obtained from the monitor:

  libceph: osd2 192.168.122.1:6809 bad authorize reply
  libceph: osd2 192.168.122.1:6809 bad authorize reply
  libceph: osd2 192.168.122.1:6809 bad authorize reply
  libceph: osd2 192.168.122.1:6809 bad authorize reply

Let TAG_BADAUTHORIZER handler kick in and increment con->auth_retry.

Cc: stable@vger.kernel.org
Fixes: 5c056fdc5b47 ("libceph: verify authorize reply on connect")
Link: https://tracker.ceph.com/issues/20164
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
---
 net/ceph/messenger.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 3661cdd927f1..7e71b0df1fbc 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -2058,6 +2058,8 @@ static int process_connect(struct ceph_connection *con)
 	dout("process_connect on %p tag %d\n", con, (int)con->in_tag);
 
 	if (con->auth) {
+		int len = le32_to_cpu(con->in_reply.authorizer_len);
+
 		/*
 		 * Any connection that defines ->get_authorizer()
 		 * should also define ->add_authorizer_challenge() and
@@ -2067,8 +2069,7 @@ static int process_connect(struct ceph_connection *con)
 		 */
 		if (con->in_reply.tag == CEPH_MSGR_TAG_CHALLENGE_AUTHORIZER) {
 			ret = con->ops->add_authorizer_challenge(
-				    con, con->auth->authorizer_reply_buf,
-				    le32_to_cpu(con->in_reply.authorizer_len));
+				    con, con->auth->authorizer_reply_buf, len);
 			if (ret < 0)
 				return ret;
 
@@ -2078,10 +2079,12 @@ static int process_connect(struct ceph_connection *con)
 			return 0;
 		}
 
-		ret = con->ops->verify_authorizer_reply(con);
-		if (ret < 0) {
-			con->error_msg = "bad authorize reply";
-			return ret;
+		if (len) {
+			ret = con->ops->verify_authorizer_reply(con);
+			if (ret < 0) {
+				con->error_msg = "bad authorize reply";
+				return ret;
+			}
 		}
 	}