> On Oct 1, 2021, at 9:59 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > From: "J. Bruce Fields" <bfields@xxxxxxxxxx> > > If sd_max is unsigned, then sd_max - GSS_SEQ_WIN is a very large number > whenever sd_max is less than GSS_SEQ_WIN, and the comparison: > > seq_num <= sd->sd_max - GSS_SEQ_WIN > > in gss_check_seq_num is pretty much always true, even when that's > clearly not what was intended. > > This was causing pynfs to hang when using krb5, because pynfs uses zero > as the initial gss sequence number. That's perfectly legal, but this > logic error causes knfsd to drop the rpc in that case. Out-of-order > sequence IDs in the first GSS_SEQ_WIN (128) calls will also cause this. > > Fixes: 10b9d99a3dbb ("SUNRPC: Augment server-side rpcgss tracepoints") > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx> This will be included in the next NFSD 5.15-rc. Thanks! See the for-next branch at git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git > --- > net/sunrpc/auth_gss/svcauth_gss.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c > index 7dba6a9c213a..b87565b64928 100644 > --- a/net/sunrpc/auth_gss/svcauth_gss.c > +++ b/net/sunrpc/auth_gss/svcauth_gss.c > @@ -645,7 +645,7 @@ static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci, > } > __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win); > goto ok; > - } else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) { > + } else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) { > goto toolow; > } > if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win)) > -- > 2.31.1 > -- Chuck Lever