On Mon, Feb 25, 2019 at 09:12:06PM +0100, Ilya Dryomov wrote:
> The authorize reply can be empty, for example when the ticket used to
> build the authorizer is too old and TAG_BADAUTHORIZER is returned from
> the service. Calling ->verify_authorizer_reply() results in an attempt
> to decrypt and validate (somewhat) random data in au->buf (most likely
> the signature block from calc_signature()), which fails and ends up in
> con_fault_finish() with !con->auth_retry. The ticket isn't invalidated
> and the connection is retried again and again until a new ticket is
> obtained from the monitor:
>
> libceph: osd2 192.168.122.1:6809 bad authorize reply
> libceph: osd2 192.168.122.1:6809 bad authorize reply
> libceph: osd2 192.168.122.1:6809 bad authorize reply
> libceph: osd2 192.168.122.1:6809 bad authorize reply
>
> Let TAG_BADAUTHORIZER handler kick in and increment con->auth_retry.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 5c056fdc5b47 ("libceph: verify authorize reply on connect")
> Link: https://tracker.ceph.com/issues/20164
> Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
> Reviewed-by: Sage Weil <sage@xxxxxxxxxx>
> [idryomov@xxxxxxxxx: backport to 4.4: extra arg, no CEPHX_V2]
> ---
> net/ceph/messenger.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
What is the git commit id of this patch in Linus's tree?
thanks,
greg k-h
