From patchwork Thu Feb 7 15:08:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10801383 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A13076C2 for ; Thu, 7 Feb 2019 15:09:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B9002D80E for ; Thu, 7 Feb 2019 15:09:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7DF682D810; Thu, 7 Feb 2019 15:09:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0DC482D80E for ; Thu, 7 Feb 2019 15:09:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726832AbfBGPJQ (ORCPT ); Thu, 7 Feb 2019 10:09:16 -0500 Received: from mail-wr1-f66.google.com ([209.85.221.66]:33444 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726048AbfBGPJQ (ORCPT ); Thu, 7 Feb 2019 10:09:16 -0500 Received: by mail-wr1-f66.google.com with SMTP id a16so233004wrv.0 for ; Thu, 07 Feb 2019 07:09:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Rq66gNy1YdmMx4lG1rBta1DyBeVf4jc2bPYlT6yUH8g=; b=BTuw9lHmNKsu96HxN2eVdwhbv6y558yNZmmaWxGQnpaXJqUQoGwXAVDLe8O0b/xrbc SAc4iWHOqdbyfdlAyfU/SOqocCaDrV3bLuehwBOe0Yoz4I9Cyi5Ha8ycRA9G+Kt7xcGe IAqC9PoDBCJHAFKmqK8Oq7yjdQpnuj5QM7VPx/8on2tjqgbG/SkK8ZdLFkMB/S5USzHT YYBrJ4f3iNApDpD66acbavups5XgcRzqHoXmly+TOpze+DZ8dDENwpbNB6eDixh1Dqzo eJGWFWwQntkYPhZefgwsinUFyOyZ7Nh6B1bFa2lhpgN809aad8rPEndMokoyobXeNfFD BKew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Rq66gNy1YdmMx4lG1rBta1DyBeVf4jc2bPYlT6yUH8g=; b=LRN0NenqOKOyDiZT/j5cEev5x00D/PFuLhDsD2H7CzPSwgW2Yu+PRlL9ye2eU2zjem VfzApoiOE1+7IQ3a5B+KX/BVAAMR0XF2w1M2Li+ZSph23w3fQkDNnmS8QTtgG66Obr+H jnPWDhQcZNHz9DEWCz3i/W5GytFfhUWLtOCRPddyubp6MWWkRgnEXYzXaw3mHr+LVb6T KUDV7YysHwGBUb0B4ghloKOnxYwjUFpIxvaglwd916jAGDNr/PS9nvvcPLroAFfYmkZo +nsfPSrZ8e8+2jRduWHAbXQOGaf7rI9koq0v9DisCPMN4eutjnW5cWjdsfq3CWX93GJj dT1w== X-Gm-Message-State: AHQUAuaH8FnBtPd37ybstpqJg6jJjmEe+ousZ61rO7tDF9LTCXarYcVj xAx6ZCOAZL7nFSpNx6mrTOleXV/I X-Google-Smtp-Source: AHgI3Ib5/loZwaZSgLdy3rS0Lf7Cu74Ik1EWB59VVj8AmQLUhNEruApJ8Md5HTn3b2HWR9jyLPSXiw== X-Received: by 2002:adf:ba8d:: with SMTP id p13mr7031056wrg.53.1549552154212; Thu, 07 Feb 2019 07:09:14 -0800 (PST) Received: from orange.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id w24sm8584662wmi.46.2019.02.07.07.09.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 07 Feb 2019 07:09:12 -0800 (PST) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Cc: Sage Weil Subject: [PATCH] libceph: handle an empty authorize reply Date: Thu, 7 Feb 2019 16:08:53 +0100 Message-Id: <20190207150853.19347-1-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The authorize reply can be empty, for example when the ticket used to build the authorizer is too old and TAG_BADAUTHORIZER is returned from the service. Calling ->verify_authorizer_reply() results in an attempt to decrypt and validate (somewhat) random data in au->buf (most likely the signature block from calc_signature()), which fails and ends up in con_fault_finish() with !con->auth_retry. The ticket isn't invalidated and the connection is retried again and again until a new ticket is obtained from the monitor: libceph: osd2 192.168.122.1:6809 bad authorize reply libceph: osd2 192.168.122.1:6809 bad authorize reply libceph: osd2 192.168.122.1:6809 bad authorize reply libceph: osd2 192.168.122.1:6809 bad authorize reply Let TAG_BADAUTHORIZER handler kick in and increment con->auth_retry. Cc: stable@vger.kernel.org Fixes: 5c056fdc5b47 ("libceph: verify authorize reply on connect") Link: https://tracker.ceph.com/issues/20164 Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil --- net/ceph/messenger.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index 3661cdd927f1..7e71b0df1fbc 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -2058,6 +2058,8 @@ static int process_connect(struct ceph_connection *con) dout("process_connect on %p tag %d\n", con, (int)con->in_tag); if (con->auth) { + int len = le32_to_cpu(con->in_reply.authorizer_len); + /* * Any connection that defines ->get_authorizer() * should also define ->add_authorizer_challenge() and @@ -2067,8 +2069,7 @@ static int process_connect(struct ceph_connection *con) */ if (con->in_reply.tag == CEPH_MSGR_TAG_CHALLENGE_AUTHORIZER) { ret = con->ops->add_authorizer_challenge( - con, con->auth->authorizer_reply_buf, - le32_to_cpu(con->in_reply.authorizer_len)); + con, con->auth->authorizer_reply_buf, len); if (ret < 0) return ret; @@ -2078,10 +2079,12 @@ static int process_connect(struct ceph_connection *con) return 0; } - ret = con->ops->verify_authorizer_reply(con); - if (ret < 0) { - con->error_msg = "bad authorize reply"; - return ret; + if (len) { + ret = con->ops->verify_authorizer_reply(con); + if (ret < 0) { + con->error_msg = "bad authorize reply"; + return ret; + } } }