On Thu, 2013-07-18 at 15:35 -0400, andros@xxxxxxxxxx wrote:
> From: Andy Adamson <andros@xxxxxxxxxx>
>
> Most of the time an error from the credops crvalidate function means the
> server has sent us a garbage verifier. The gss_validate function is the
> exception where there is an -EACCES case if the user GSS_context on the client
> has expired.
>
> Signed-off-by: Andy Adamson <andros@xxxxxxxxxx>
> ---
> net/sunrpc/auth_gss/auth_gss.c | 7 +++++--
> net/sunrpc/auth_null.c | 5 +++--
> net/sunrpc/auth_unix.c | 5 +++--
> net/sunrpc/clnt.c | 17 ++++++++++-------
> 4 files changed, 21 insertions(+), 13 deletions(-)
>
> diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> index e1f4735..d0500bc 100644
> --- a/net/sunrpc/auth_gss/auth_gss.c
> +++ b/net/sunrpc/auth_gss/auth_gss.c
> @@ -1334,6 +1334,7 @@ gss_validate(struct rpc_task *task, __be32 *p)
> struct xdr_netobj mic;
> u32 flav,len;
> u32 maj_stat;
> + __be32 *ret = ERR_PTR(-EIO);
>
> dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
>
> @@ -1349,6 +1350,7 @@ gss_validate(struct rpc_task *task, __be32 *p)
> mic.data = (u8 *)p;
> mic.len = len;
>
> + ret = ERR_PTR(-EACCES);
> maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
> if (maj_stat == GSS_S_CONTEXT_EXPIRED)
> clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
> @@ -1366,8 +1368,9 @@ gss_validate(struct rpc_task *task, __be32 *p)
> return p + XDR_QUADLEN(len);
> out_bad:
> gss_put_ctx(ctx);
> - dprintk("RPC: %5u %s failed.\n", task->tk_pid, __func__);
> - return NULL;
> + dprintk("RPC: %5u %s failed ret %ld.\n", task->tk_pid, __func__,
> + PTR_ERR(ret));
> + return ret;
> }
>
> static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
> diff --git a/net/sunrpc/auth_null.c b/net/sunrpc/auth_null.c
> index a5c36c0..d60a673 100644
> --- a/net/sunrpc/auth_null.c
> +++ b/net/sunrpc/auth_null.c
> @@ -84,17 +84,18 @@ nul_validate(struct rpc_task *task, __be32 *p)
> {
> rpc_authflavor_t flavor;
> u32 size;
> + __be32 *ret = ERR_PTR(-EIO);
>
> flavor = ntohl(*p++);
> if (flavor != RPC_AUTH_NULL) {
> printk("RPC: bad verf flavor: %u\n", flavor);
> - return NULL;
> + return ret;
Why not just return ERR_PTR(-EIO)? It doesn't look as if 'ret' can ever
take any different values. Ditto below.
> }
>
> size = ntohl(*p++);
> if (size != 0) {
> printk("RPC: bad verf size: %u\n", size);
> - return NULL;
> + return ret;
> }
>
> return p;
> diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c
> index dc37021..461a444 100644
> --- a/net/sunrpc/auth_unix.c
> +++ b/net/sunrpc/auth_unix.c
> @@ -186,19 +186,20 @@ unx_validate(struct rpc_task *task, __be32 *p)
> {
> rpc_authflavor_t flavor;
> u32 size;
> + __be32 *ret = ERR_PTR(-EIO);
>
> flavor = ntohl(*p++);
> if (flavor != RPC_AUTH_NULL &&
> flavor != RPC_AUTH_UNIX &&
> flavor != RPC_AUTH_SHORT) {
> printk("RPC: bad verf flavor: %u\n", flavor);
> - return NULL;
> + return ret;
> }
>
> size = ntohl(*p++);
> if (size > RPC_MAX_AUTH_SIZE) {
> printk("RPC: giant verf size: %u\n", size);
> - return NULL;
> + return ret;
> }
> task->tk_rqstp->rq_cred->cr_auth->au_rslack = (size >> 2) + 2;
> p += (size >> 2);
> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
> index 68e8595..5efc89c 100644
> --- a/net/sunrpc/clnt.c
> +++ b/net/sunrpc/clnt.c
> @@ -2090,7 +2090,8 @@ rpc_verify_header(struct rpc_task *task)
> dprintk("RPC: %5u %s: XDR representation not a multiple of"
> " 4 bytes: 0x%x\n", task->tk_pid, __func__,
> task->tk_rqstp->rq_rcv_buf.len);
> - goto out_eio;
> + error = -EIO;
> + goto out_err;
> }
> if ((len -= 3) < 0)
> goto out_overflow;
> @@ -2099,6 +2100,7 @@ rpc_verify_header(struct rpc_task *task)
> if ((n = ntohl(*p++)) != RPC_REPLY) {
> dprintk("RPC: %5u %s: not an RPC reply: %x\n",
> task->tk_pid, __func__, n);
> + error = -EIO;
> goto out_garbage;
> }
>
> @@ -2117,7 +2119,8 @@ rpc_verify_header(struct rpc_task *task)
> dprintk("RPC: %5u %s: RPC call rejected, "
> "unknown error: %x\n",
> task->tk_pid, __func__, n);
> - goto out_eio;
> + error = -EIO;
> + goto out_err;
> }
> if (--len < 0)
> goto out_overflow;
> @@ -2162,9 +2165,11 @@ rpc_verify_header(struct rpc_task *task)
> task->tk_pid, __func__, n);
> goto out_err;
> }
> - if (!(p = rpcauth_checkverf(task, p))) {
> - dprintk("RPC: %5u %s: auth check failed\n",
> - task->tk_pid, __func__);
> + p = rpcauth_checkverf(task, p);
> + if (IS_ERR(p)) {
> + error = PTR_ERR(p);
> + dprintk("RPC: %5u %s: auth check failed with %d\n",
> + task->tk_pid, __func__, error);
> goto out_garbage; /* bad verifier, retry */
> }
> len = p - (__be32 *)iov->iov_base - 1;
> @@ -2217,8 +2222,6 @@ out_garbage:
> out_retry:
> return ERR_PTR(-EAGAIN);
> }
> -out_eio:
> - error = -EIO;
> out_err:
> rpc_exit(task, error);
> dprintk("RPC: %5u %s: call failed with error %d\n", task->tk_pid,
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
