From patchwork Mon Mar 9 14:06:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 11427267 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DEFFF14B7 for ; Mon, 9 Mar 2020 14:06:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B7C9621D56 for ; Mon, 9 Mar 2020 14:06:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T4joHODd" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726439AbgCIOGY (ORCPT ); Mon, 9 Mar 2020 10:06:24 -0400 Received: from mail-yw1-f66.google.com ([209.85.161.66]:33775 "EHLO mail-yw1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726233AbgCIOGY (ORCPT ); Mon, 9 Mar 2020 10:06:24 -0400 Received: by mail-yw1-f66.google.com with SMTP id j186so10251999ywe.0 for ; Mon, 09 Mar 2020 07:06:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:from:to:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=FZWx7LB7DG4fckJT3E1InpPdRDjbwEBSewZDzTywUcE=; b=T4joHODdukDn5sD0hVvu5NypmM7TGNRPwE8MZdISe+D4OitgG6NVK0AMbuRuOAmz5D q/lUqo3fz3z62VjFRMMmK1Uu5mOZCxhxwpvOWDYSRJnL0R9Gdqjx6E5NxbCZPBFGjUmE 6l8FHUOVspPQNPurOJJ9AJyyKuwKDvow/ZigNsOTIwiVYjHg/jpZ9o0Aq3xcoePv+oDw mLejPVlD22BAKp4gmSK0XK8L2ZKJTV4WAsQLiIvBVIxFLv3T/rDUG1Va6qhIdnQUAeua tE+aVWZf5t+Xq10HNmh7S5x2ujKDU/RO4x4ckf9an75Q/Y8IkdwAS8HvB1/6qE67bg83 koww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:from:to:date:message-id :in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=FZWx7LB7DG4fckJT3E1InpPdRDjbwEBSewZDzTywUcE=; b=pfDQ0+lhifylRC+Ho/6rXPgk/sjCcDFOJnE8ELtjJuK1S32n0+GtjLk802lHDfIDeW FoYt1O5E++c8beMjc2Jfs0Q2Q8KSf1T8QCONQHRlNepfMb8bRm/xVzVV6xqZd32ShDD7 yTjFCgLmE4GTiivzvQ4VOttRZKFRLeu65keDU6UViJaDb1/LKbhWM6mOgO3byxU4g57H ncdc1MTnlSSAZ6vVq48JXrN1f1/s1pJuzWV9m/qrTjXi3vrBT1QHxmYnaXZLjArHJWPH 3WsHBUosaPU3iO8JvBX1Jc15WQy5N9fZhIhzDfRd/ZLlLpx4lUTyC78Eu9rMw2ONY3gY yzIQ== X-Gm-Message-State: ANhLgQ0D4RPQodiBKz5fRuIiy6zHPPtVFAfmpO1nnFJHYw0/nS8Vp92W MKxqKGd27io6ew7hSlLSxNBbdJ7l2r0= X-Google-Smtp-Source: ADFU+vvLeig804v8b0I0DEzNsKkXWqpUEN5Bx8xCTIQjZyNDYfxehP7NB5j3feTvdR8QOYwv57T0hw== X-Received: by 2002:a81:5806:: with SMTP id m6mr17226054ywb.69.1583762781052; Mon, 09 Mar 2020 07:06:21 -0700 (PDT) Received: from gateway.1015granger.net (c-68-61-232-219.hsd1.mi.comcast.net. [68.61.232.219]) by smtp.gmail.com with ESMTPSA id q188sm9086912ywb.70.2020.03.09.07.06.19 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Mar 2020 07:06:19 -0700 (PDT) Received: from manet.1015granger.net (manet.1015granger.net [192.168.1.51]) by gateway.1015granger.net (8.14.7/8.14.7) with ESMTP id 029E6IhP007533 for ; Mon, 9 Mar 2020 14:06:18 GMT Subject: [PATCH v2 1/3] sunrpc: Fix gss_unwrap_resp_integ() again From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Mon, 09 Mar 2020 10:06:18 -0400 Message-ID: <20200309140618.2637.48251.stgit@manet.1015granger.net> In-Reply-To: <20200309140301.2637.9696.stgit@manet.1015granger.net> References: <20200309140301.2637.9696.stgit@manet.1015granger.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org xdr_buf_read_mic() tries to find unused contiguous space in a received xdr_buf in order to linearize the checksum for the call to gss_verify_mic. However, the corner cases in this code are numerous and we seem to keep missing them. I've just hit yet another buffer overrun related to it. This overrun is at the end of xdr_buf_read_mic(): 1284 if (buf->tail[0].iov_len != 0) 1285 mic->data = buf->tail[0].iov_base + buf->tail[0].iov_len; 1286 else 1287 mic->data = buf->head[0].iov_base + buf->head[0].iov_len; 1288 __read_bytes_from_xdr_buf(&subbuf, mic->data, mic->len); 1289 return 0; This logic assumes the transport has set the length of the tail based on the size of the received message. base + len is then supposed to be off the end of the message but still within the actual buffer. In fact, the length of the tail is set by the upper layer when the Call is encoded so that the end of the tail is actually the end of the allocated buffer itself. This causes the logic above to set mic->data to point past the end of the receive buffer. The "mic->data = head" arm of this if statement is no less fragile. As near as I can tell, this has been a problem forever. I'm not sure that minimizing au_rslack recently changed this pathology much. So instead, let's use a more straightforward approach: kmalloc a separate buffer to linearize the checksum. This is similar to how gss_validate() currently works. Coming back to this code, I had some trouble understanding what was going on. So I've cleaned up the variable naming and added a few comments that point back to the XDR definition in RFC 2203 to help guide future spelunkers, including myself. As an added clean up, the functionality that was in xdr_buf_read_mic() is folded directly into gss_unwrap_resp_integ(), as that is its only caller. Signed-off-by: Chuck Lever Reviewed-by: Benjamin Coddington --- net/sunrpc/auth_gss/auth_gss.c | 79 ++++++++++++++++++++++++++++++---------- 1 file changed, 60 insertions(+), 19 deletions(-) diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 24ca861815b1..fa991f4fe53a 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -1934,35 +1934,71 @@ static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr) return 0; } +/* + * RFC 2203, Section 5.3.2.2 + * + * struct rpc_gss_integ_data { + * opaque databody_integ<>; + * opaque checksum<>; + * }; + * + * struct rpc_gss_data_t { + * unsigned int seq_num; + * proc_req_arg_t arg; + * }; + */ static int gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred, struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp, struct xdr_stream *xdr) { - struct xdr_buf integ_buf, *rcv_buf = &rqstp->rq_rcv_buf; - u32 data_offset, mic_offset, integ_len, maj_stat; + struct xdr_buf gss_data, *rcv_buf = &rqstp->rq_rcv_buf; struct rpc_auth *auth = cred->cr_auth; + u32 len, offset, seqno, maj_stat; struct xdr_netobj mic; - __be32 *p; + int ret; - p = xdr_inline_decode(xdr, 2 * sizeof(*p)); - if (unlikely(!p)) + ret = -EIO; + mic.data = NULL; + + /* opaque databody_integ<>; */ + if (xdr_stream_decode_u32(xdr, &len)) goto unwrap_failed; - integ_len = be32_to_cpup(p++); - if (integ_len & 3) + if (len & 3) goto unwrap_failed; - data_offset = (u8 *)(p) - (u8 *)rcv_buf->head[0].iov_base; - mic_offset = integ_len + data_offset; - if (mic_offset > rcv_buf->len) + offset = rcv_buf->len - xdr_stream_remaining(xdr); + if (xdr_stream_decode_u32(xdr, &seqno)) goto unwrap_failed; - if (be32_to_cpup(p) != rqstp->rq_seqno) + if (seqno != rqstp->rq_seqno) goto bad_seqno; + if (xdr_buf_subsegment(rcv_buf, &gss_data, offset, len)) + goto unwrap_failed; - if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset, integ_len)) + /* + * The xdr_stream now points to the beginning of the + * upper layer payload, to be passed below to + * rpcauth_unwrap_resp_decode(). The checksum, which + * follows the upper layer payload in @rcv_buf, is + * located and parsed without updating the xdr_stream. + */ + + /* opaque checksum<>; */ + offset += len; + if (xdr_decode_word(rcv_buf, offset, &len)) + goto unwrap_failed; + offset += sizeof(__be32); + if (len > GSS_VERF_SLACK << 2) goto unwrap_failed; - if (xdr_buf_read_mic(rcv_buf, &mic, mic_offset)) + if (offset + len > rcv_buf->len) goto unwrap_failed; - maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic); + mic.len = len; + mic.data = kmalloc(len, GFP_NOFS); + if (!mic.data) + goto unwrap_failed; + if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len)) + goto unwrap_failed; + + maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &gss_data, &mic); if (maj_stat == GSS_S_CONTEXT_EXPIRED) clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags); if (maj_stat != GSS_S_COMPLETE) @@ -1970,16 +2006,21 @@ static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr) auth->au_rslack = auth->au_verfsize + 2 + 1 + XDR_QUADLEN(mic.len); auth->au_ralign = auth->au_verfsize + 2; - return 0; + ret = 0; + +out: + kfree(mic.data); + return ret; + unwrap_failed: trace_rpcgss_unwrap_failed(task); - return -EIO; + goto out; bad_seqno: - trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, be32_to_cpup(p)); - return -EIO; + trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, seqno); + goto out; bad_mic: trace_rpcgss_verify_mic(task, maj_stat); - return -EIO; + goto out; } static int From patchwork Mon Mar 9 14:06:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 11427269 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2890C92A for ; Mon, 9 Mar 2020 14:06:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 09E8621D56 for ; Mon, 9 Mar 2020 14:06:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Y40aHkk2" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726729AbgCIOG2 (ORCPT ); Mon, 9 Mar 2020 10:06:28 -0400 Received: from mail-yw1-f67.google.com ([209.85.161.67]:43770 "EHLO mail-yw1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726233AbgCIOG2 (ORCPT ); Mon, 9 Mar 2020 10:06:28 -0400 Received: by mail-yw1-f67.google.com with SMTP id p69so10181480ywh.10 for ; Mon, 09 Mar 2020 07:06:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:from:to:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=jw35QgMW7MwJGusg//NZzr2ZGt36eAHRBQXR/pHxX2g=; b=Y40aHkk26qIheThSEM5OL23SAqPs+LWTGXPbusFXjmzvJGGobR29RpMxxvWkdANudI UvoteO9QK/m1H2dy6t/gjfeVPG8IEd/Iho8g4KVgvMriImH8spdL9Ju0n4FZ4Tl+zRdo 9r82+rzFNkbza2qrdzistAyuR7aEgTrpZp4SLtNhwSrcPQXRLZNMGLmgFjeTmOmd/dN0 vy38tFbhirOJWkmA1vXcFZ1kEM7dmvd5ryMGHjrSsZ+Q5slSxBTF0sMnngfojcsTdsHC fZPrY4Qk3qgZWZ1wLwH0sPaXIkL7gmgTKZyObxpqjnMf2IwD6/tDKa+3CCzRGEQiGv1+ LHQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:from:to:date:message-id :in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=jw35QgMW7MwJGusg//NZzr2ZGt36eAHRBQXR/pHxX2g=; b=tqgg+uNKATeL115ocR7HVKj0hfZnyqKzDRwNmkQy34ed02FcQlCGanHvhxLPM7BvCB qO7AAVltoFfD1nFuOHYh04dapYzQn/L6LKFCtTpMTiduZ8Veh/pVwRzq/iuY3wq1io6b 1U7qjEEZlUJ4kwvXOtiMAfHRo1tJ/tF4tv9RXEr4LJDD9lLcD8z/IV8+fUM1t0NQF/rY NHF/pkMe1i7xnty1CcJzPnss6HXpLzL+mXfXQFeYK8eKp/Str6eRqi3Jt/cdeXbNHBud 0QJIVJ0RVFq7TmYggr8InU2A7LEc/Tli/h8iA79H9re0cI4lwS+YMbHn/jpvw4WV/3pD JXFA== X-Gm-Message-State: ANhLgQ15ea9rZrhgZUxuIBr1YVUfwLFgBZoiMykz0ll4wzZoPEIL0Kgx UI30sCIKPGn5Vf4M/lTAnrEeQe4t7gY= X-Google-Smtp-Source: ADFU+vsVQB0stqOx2GednN6gfUWnbsgA34jlOjVoxyj5vW9WC7Fo8DmKTog3uGmROfO/T4BGD6KscA== X-Received: by 2002:a25:6a56:: with SMTP id f83mr18340636ybc.17.1583762785563; Mon, 09 Mar 2020 07:06:25 -0700 (PDT) Received: from gateway.1015granger.net (c-68-61-232-219.hsd1.mi.comcast.net. [68.61.232.219]) by smtp.gmail.com with ESMTPSA id c133sm6357938ywa.97.2020.03.09.07.06.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Mar 2020 07:06:25 -0700 (PDT) Received: from manet.1015granger.net (manet.1015granger.net [192.168.1.51]) by gateway.1015granger.net (8.14.7/8.14.7) with ESMTP id 029E6OQp007536 for ; Mon, 9 Mar 2020 14:06:24 GMT Subject: [PATCH v2 2/3] SUNRPC: Remove xdr_buf_read_mic() From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Mon, 09 Mar 2020 10:06:24 -0400 Message-ID: <20200309140624.2637.64070.stgit@manet.1015granger.net> In-Reply-To: <20200309140301.2637.9696.stgit@manet.1015granger.net> References: <20200309140301.2637.9696.stgit@manet.1015granger.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Clean up: this function is no longer used. Signed-off-by: Chuck Lever Reviewed-by: Benjamin Coddington --- include/linux/sunrpc/xdr.h | 1 - net/sunrpc/xdr.c | 55 -------------------------------------------- 2 files changed, 56 deletions(-) diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h index a1264b19b34c..f0f0abef1a6e 100644 --- a/include/linux/sunrpc/xdr.h +++ b/include/linux/sunrpc/xdr.h @@ -184,7 +184,6 @@ static inline void xdr_netobj_dup(struct xdr_netobj *dst, extern void xdr_shift_buf(struct xdr_buf *, size_t); extern void xdr_buf_from_iov(struct kvec *, struct xdr_buf *); extern int xdr_buf_subsegment(struct xdr_buf *, struct xdr_buf *, unsigned int, unsigned int); -extern int xdr_buf_read_mic(struct xdr_buf *, struct xdr_netobj *, unsigned int); extern int read_bytes_from_xdr_buf(struct xdr_buf *, unsigned int, void *, unsigned int); extern int write_bytes_to_xdr_buf(struct xdr_buf *, unsigned int, void *, unsigned int); diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c index e5497dc2475b..15b58c5144f9 100644 --- a/net/sunrpc/xdr.c +++ b/net/sunrpc/xdr.c @@ -1235,61 +1235,6 @@ int write_bytes_to_xdr_buf(struct xdr_buf *buf, unsigned int base, void *obj, un } EXPORT_SYMBOL_GPL(xdr_encode_word); -/** - * xdr_buf_read_mic() - obtain the address of the GSS mic from xdr buf - * @buf: pointer to buffer containing a mic - * @mic: on success, returns the address of the mic - * @offset: the offset in buf where mic may be found - * - * This function may modify the xdr buf if the mic is found to be straddling - * a boundary between head, pages, and tail. On success the mic can be read - * from the address returned. There is no need to free the mic. - * - * Return: Success returns 0, otherwise an integer error. - */ -int xdr_buf_read_mic(struct xdr_buf *buf, struct xdr_netobj *mic, unsigned int offset) -{ - struct xdr_buf subbuf; - unsigned int boundary; - - if (xdr_decode_word(buf, offset, &mic->len)) - return -EFAULT; - offset += 4; - - /* Is the mic partially in the head? */ - boundary = buf->head[0].iov_len; - if (offset < boundary && (offset + mic->len) > boundary) - xdr_shift_buf(buf, boundary - offset); - - /* Is the mic partially in the pages? */ - boundary += buf->page_len; - if (offset < boundary && (offset + mic->len) > boundary) - xdr_shrink_pagelen(buf, boundary - offset); - - if (xdr_buf_subsegment(buf, &subbuf, offset, mic->len)) - return -EFAULT; - - /* Is the mic contained entirely in the head? */ - mic->data = subbuf.head[0].iov_base; - if (subbuf.head[0].iov_len == mic->len) - return 0; - /* ..or is the mic contained entirely in the tail? */ - mic->data = subbuf.tail[0].iov_base; - if (subbuf.tail[0].iov_len == mic->len) - return 0; - - /* Find a contiguous area in @buf to hold all of @mic */ - if (mic->len > buf->buflen - buf->len) - return -ENOMEM; - if (buf->tail[0].iov_len != 0) - mic->data = buf->tail[0].iov_base + buf->tail[0].iov_len; - else - mic->data = buf->head[0].iov_base + buf->head[0].iov_len; - __read_bytes_from_xdr_buf(&subbuf, mic->data, mic->len); - return 0; -} -EXPORT_SYMBOL_GPL(xdr_buf_read_mic); - /* Returns 0 on success, or else a negative error code. */ static int xdr_xcode_array2(struct xdr_buf *buf, unsigned int base, From patchwork Mon Mar 9 14:06:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 11427271 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B93BC14B7 for ; Mon, 9 Mar 2020 14:06:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 99BFC21655 for ; Mon, 9 Mar 2020 14:06:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jIa9OuXW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726695AbgCIOGc (ORCPT ); Mon, 9 Mar 2020 10:06:32 -0400 Received: from mail-yw1-f67.google.com ([209.85.161.67]:46543 "EHLO mail-yw1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726233AbgCIOGc (ORCPT ); Mon, 9 Mar 2020 10:06:32 -0400 Received: by mail-yw1-f67.google.com with SMTP id x5so9329761ywb.13 for ; Mon, 09 Mar 2020 07:06:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:from:to:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=1lEUHCepp9EVXhsji/LcPSTxm+btIegD2d/zO+XVB4E=; b=jIa9OuXWXf5W99u5WjcV9ZLLU8yJoXrIpnbrjGqnoNKSmzcDfBGm8tJQ4Ag+5UlQ/C 9Htk/PwbaUkNZ6gOtPZl2vWkHc6xrfXWQgck/iNfMHaUJzKnXfLOgeAfngLo0fP69F58 fuw5kvh2pTJGwv3DV4UDR7HL6RLtRR6RgT8PhbRJwiMjfvN2zMiFxaJyYJ7nnIwGuMRe fZL2UqNnsFNq+z5ulKUkvxKH8FH3NHnuBdDSYaXNnymX8fpClJb3jkc9X66mItyV4KWg Saugeqn+e6EG4YXziIj0hcQ7s2qoz8y/G5WSYlmaBKlN5e6YN538xNqjc/lE6pLT9xWY P+dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:from:to:date:message-id :in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=1lEUHCepp9EVXhsji/LcPSTxm+btIegD2d/zO+XVB4E=; b=j7KTFd2NI7NoBfLj/ryY1BtmM+dtSxUI9Z21q3UDEqUZriN2ZriG2h9FVFqxoScH2N tRP3CjVq0aPafVhKSmqc60LUYLDs7Ypf4VS6kop1pBvOJoXzA0rc2yZMO9oiLsmQ7LH4 gVpjYZNMuRvAtaVvL+n2mDz+0SHkQWgk7VGqfQlXwPB9AgGawBQ0pLuhRY3n06kP2bq8 Txa8q0bQmOzQNvUHZ2G2qpIoBJUQ3w1LqWNDoKq+aoMVy6BgsZGw6F8zVb72dtCjtlzC lZzcaAIVzURrlii4jvkkbjkflFsvRoqJVvWc6GMtjpnRw+0/UxtWAwe2fltSpgSu520A acKQ== X-Gm-Message-State: ANhLgQ0fbnHz8+M16xL1LKFAqsB4I0AUHE985qi0KeVrKSePSG/6/nxB Z4symIFMvwFvTYvO9cDvo2i4IRGrtUc= X-Google-Smtp-Source: ADFU+vunMdkx6lq40wIn6Fxtm2Usuw6wbGYwEYPDSLg14ekxfsX+rQFQzqHygtckPVkDSkq3xkL+8A== X-Received: by 2002:a25:1986:: with SMTP id 128mr16803597ybz.215.1583762790818; Mon, 09 Mar 2020 07:06:30 -0700 (PDT) Received: from gateway.1015granger.net (c-68-61-232-219.hsd1.mi.comcast.net. [68.61.232.219]) by smtp.gmail.com with ESMTPSA id x62sm3120038ywg.34.2020.03.09.07.06.30 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Mar 2020 07:06:30 -0700 (PDT) Received: from manet.1015granger.net (manet.1015granger.net [192.168.1.51]) by gateway.1015granger.net (8.14.7/8.14.7) with ESMTP id 029E6Tpv007539 for ; Mon, 9 Mar 2020 14:06:29 GMT Subject: [PATCH v2 3/3] SUNRPC: Trim stack utilization in the wrap and unwrap paths From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Mon, 09 Mar 2020 10:06:29 -0400 Message-ID: <20200309140629.2637.65733.stgit@manet.1015granger.net> In-Reply-To: <20200309140301.2637.9696.stgit@manet.1015granger.net> References: <20200309140301.2637.9696.stgit@manet.1015granger.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org By preventing compiler inlining of the integrity and privacy helpers, stack utilization for the common case (authentication only) goes way down. Signed-off-by: Chuck Lever --- net/sunrpc/auth_gss/auth_gss.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index fa991f4fe53a..6ffdbc3297b9 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -1724,8 +1724,9 @@ static int gss_cred_is_negative_entry(struct rpc_cred *cred) goto out; } -static int gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx, - struct rpc_task *task, struct xdr_stream *xdr) +static noinline_for_stack int +gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx, + struct rpc_task *task, struct xdr_stream *xdr) { struct rpc_rqst *rqstp = task->tk_rqstp; struct xdr_buf integ_buf, *snd_buf = &rqstp->rq_snd_buf; @@ -1816,8 +1817,9 @@ static int gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx, return -EAGAIN; } -static int gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx, - struct rpc_task *task, struct xdr_stream *xdr) +static noinline_for_stack int +gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx, + struct rpc_task *task, struct xdr_stream *xdr) { struct rpc_rqst *rqstp = task->tk_rqstp; struct xdr_buf *snd_buf = &rqstp->rq_snd_buf; @@ -1947,7 +1949,7 @@ static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr) * proc_req_arg_t arg; * }; */ -static int +static noinline_for_stack int gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred, struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp, struct xdr_stream *xdr) @@ -2023,7 +2025,7 @@ static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr) goto out; } -static int +static noinline_for_stack int gss_unwrap_resp_priv(struct rpc_task *task, struct rpc_cred *cred, struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp, struct xdr_stream *xdr)