On Fri, May 07, 2021 at 07:52:39PM +0200, Ilya Dryomov wrote: > On Fri, May 7, 2021 at 4:18 PM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > This is a note to let you know that I've just added the patch titled > > > > libceph: don't set global_id until we get an auth ticket > > > > to the 5.11-stable tree which can be found at: > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > > > The filename of the patch is: > > libceph-don-t-set-global_id-until-we-get-an-auth-ticket.patch > > and it can be found in the queue-5.11 subdirectory. > > > > If you, or anyone else, feels it should not be added to the stable tree, > > please let <stable@xxxxxxxxxxxxxxx> know about it. > > > > > > From 61ca49a9105faefa003b37542cebad8722f8ae22 Mon Sep 17 00:00:00 2001 > > From: Ilya Dryomov <idryomov@xxxxxxxxx> > > Date: Mon, 26 Apr 2021 19:11:37 +0200 > > Subject: libceph: don't set global_id until we get an auth ticket > > > > From: Ilya Dryomov <idryomov@xxxxxxxxx> > > > > commit 61ca49a9105faefa003b37542cebad8722f8ae22 upstream. > > > > With the introduction of enforcing mode, setting global_id as soon > > as we get it in the first MAuth reply will result in EACCES if the > > connection is reset before we get the second MAuth reply containing > > an auth ticket -- because on retry we would attempt to reclaim that > > global_id with no auth ticket at hand. > > > > Neither ceph_auth_client nor ceph_mon_client depend on global_id > > being set ealy, so just delay the setting until we get and process > > the second MAuth reply. While at it, complain if the monitor sends > > a zero global_id or changes our global_id as the session is likely > > to fail after that. > > > > Cc: stable@xxxxxxxxxxxxxxx # needs backporting for < 5.11 > > Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx> > > Reviewed-by: Sage Weil <sage@xxxxxxxxxx> > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > --- > > net/ceph/auth.c | 36 +++++++++++++++++++++++------------- > > 1 file changed, 23 insertions(+), 13 deletions(-) > > > > --- a/net/ceph/auth.c > > +++ b/net/ceph/auth.c > > @@ -36,6 +36,20 @@ static int init_protocol(struct ceph_aut > > } > > } > > > > +static void set_global_id(struct ceph_auth_client *ac, u64 global_id) > > +{ > > + dout("%s global_id %llu\n", __func__, global_id); > > + > > + if (!global_id) > > + pr_err("got zero global_id\n"); > > + > > + if (ac->global_id && global_id != ac->global_id) > > + pr_err("global_id changed from %llu to %llu\n", ac->global_id, > > + global_id); > > + > > + ac->global_id = global_id; > > +} > > + > > /* > > * setup, teardown. > > */ > > @@ -222,11 +236,6 @@ int ceph_handle_auth_reply(struct ceph_a > > > > payload_end = payload + payload_len; > > > > - if (global_id && ac->global_id != global_id) { > > - dout(" set global_id %lld -> %lld\n", ac->global_id, global_id); > > - ac->global_id = global_id; > > - } > > - > > if (ac->negotiating) { > > /* server does not support our protocols? */ > > if (!protocol && result < 0) { > > @@ -253,11 +262,16 @@ int ceph_handle_auth_reply(struct ceph_a > > > > ret = ac->ops->handle_reply(ac, result, payload, payload_end, > > NULL, NULL, NULL, NULL); > > - if (ret == -EAGAIN) > > + if (ret == -EAGAIN) { > > ret = build_request(ac, true, reply_buf, reply_len); > > - else if (ret) > > + goto out; > > + } else if (ret) { > > pr_err("auth protocol '%s' mauth authentication failed: %d\n", > > ceph_auth_proto_name(ac->protocol), result); > > + goto out; > > + } > > + > > + set_global_id(ac, global_id); > > > > out: > > mutex_unlock(&ac->mutex); > > @@ -484,15 +498,11 @@ int ceph_auth_handle_reply_done(struct c > > int ret; > > > > mutex_lock(&ac->mutex); > > - if (global_id && ac->global_id != global_id) { > > - dout("%s global_id %llu -> %llu\n", __func__, ac->global_id, > > - global_id); > > - ac->global_id = global_id; > > - } > > - > > ret = ac->ops->handle_reply(ac, 0, reply, reply + reply_len, > > session_key, session_key_len, > > con_secret, con_secret_len); > > + if (!ret) > > + set_global_id(ac, global_id); > > mutex_unlock(&ac->mutex); > > return ret; > > } > > Hi Greg, > > Please drop this patch. It causes an issue with old clusters that > must be addressed before backporting. Dropped from 5.12 and 5.11 queues now, thanks. greg k-h
