> On Oct 1, 2021, at 9:59 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
>
> From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
>
> If sd_max is unsigned, then sd_max - GSS_SEQ_WIN is a very large number
> whenever sd_max is less than GSS_SEQ_WIN, and the comparison:
>
> seq_num <= sd->sd_max - GSS_SEQ_WIN
>
> in gss_check_seq_num is pretty much always true, even when that's
> clearly not what was intended.
>
> This was causing pynfs to hang when using krb5, because pynfs uses zero
> as the initial gss sequence number. That's perfectly legal, but this
> logic error causes knfsd to drop the rpc in that case. Out-of-order
> sequence IDs in the first GSS_SEQ_WIN (128) calls will also cause this.
>
> Fixes: 10b9d99a3dbb ("SUNRPC: Augment server-side rpcgss tracepoints")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
This will be included in the next NFSD 5.15-rc. Thanks!
See the for-next branch at
git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git
> ---
> net/sunrpc/auth_gss/svcauth_gss.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
> index 7dba6a9c213a..b87565b64928 100644
> --- a/net/sunrpc/auth_gss/svcauth_gss.c
> +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -645,7 +645,7 @@ static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci,
> }
> __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
> goto ok;
> - } else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) {
> + } else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) {
> goto toolow;
> }
> if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
> --
> 2.31.1
>
--
Chuck Lever
