gmac get mac form eeprom

hc

2024-05-10 37f49e37ab4cb5d0bc4c60eb5c6d4dd57db767bb

 kernel/net/sunrpc/auth_gss/auth_gss.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: BSD-3-Clause
1
2
 /*
2
3
  * linux/net/sunrpc/auth_gss/auth_gss.c
3
4
  *
..
..
@@ -8,33 +9,7 @@
8
9
  *
9
10
  *  Dug Song       <dugsong@monkey.org>
10
11
  *  Andy Adamson   <andros@umich.edu>
11
- *
12
- *  Redistribution and use in source and binary forms, with or without
13
- *  modification, are permitted provided that the following conditions
14
- *  are met:
15
- *
16
- *  1. Redistributions of source code must retain the above copyright
17
- *     notice, this list of conditions and the following disclaimer.
18
- *  2. Redistributions in binary form must reproduce the above copyright
19
- *     notice, this list of conditions and the following disclaimer in the
20
- *     documentation and/or other materials provided with the distribution.
21
- *  3. Neither the name of the University nor the names of its
22
- *     contributors may be used to endorse or promote products derived
23
- *     from this software without specific prior written permission.
24
- *
25
- *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
26
- *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27
- *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28
- *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29
- *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30
- *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31
- *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32
- *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33
- *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34
- *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35
- *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36
12
  */
37
-
38
13
 
39
14
 #include <linux/module.h>
40
15
 #include <linux/init.h>
..
..
@@ -45,6 +20,7 @@
45
20
 #include <linux/sunrpc/clnt.h>
46
21
 #include <linux/sunrpc/auth.h>
47
22
 #include <linux/sunrpc/auth_gss.h>
23
+#include <linux/sunrpc/gss_krb5.h>
48
24
 #include <linux/sunrpc/svcauth_gss.h>
49
25
 #include <linux/sunrpc/gss_err.h>
50
26
 #include <linux/workqueue.h>
..
..
@@ -55,6 +31,8 @@
55
31
 
56
32
 #include "auth_gss_internal.h"
57
33
 #include "../netns.h"
34
+
35
+#include <trace/events/rpcgss.h>
58
36
 
59
37
 static const struct rpc_authops authgss_ops;
60
38
 
..
..
@@ -232,6 +210,7 @@
232
210
 	}
233
211
 	ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_NOFS);
234
212
 	if (ret < 0) {
213
+		trace_rpcgss_import_ctx(ret);
235
214
 		p = ERR_PTR(ret);
236
215
 		goto err;
237
216
 	}
..
..
@@ -247,12 +226,9 @@
247
226
 	if (IS_ERR(p))
248
227
 		goto err;
249
228
 done:
250
-	dprintk("RPC:       %s Success. gc_expiry %lu now %lu timeout %u acceptor %.*s\n",
251
-		__func__, ctx->gc_expiry, now, timeout, ctx->gc_acceptor.len,
252
-		ctx->gc_acceptor.data);
253
-	return p;
229
+	trace_rpcgss_context(window_size, ctx->gc_expiry, now, timeout,
230
+			     ctx->gc_acceptor.len, ctx->gc_acceptor.data);
254
231
 err:
255
-	dprintk("RPC:       %s returns error %ld\n", __func__, -PTR_ERR(p));
256
232
 	return p;
257
233
 }
258
234
 
..
..
@@ -266,6 +242,7 @@
266
242
 struct gss_upcall_msg {
267
243
 	refcount_t count;
268
244
 	kuid_t	uid;
245
+	const char *service_name;
269
246
 	struct rpc_pipe_msg msg;
270
247
 	struct list_head list;
271
248
 	struct gss_auth *auth;
..
..
@@ -313,6 +290,7 @@
313
290
 		gss_put_ctx(gss_msg->ctx);
314
291
 	rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
315
292
 	gss_put_auth(gss_msg->auth);
293
+	kfree_const(gss_msg->service_name);
316
294
 	kfree(gss_msg);
317
295
 }
318
296
 
..
..
@@ -323,13 +301,11 @@
323
301
 	list_for_each_entry(pos, &pipe->in_downcall, list) {
324
302
 		if (!uid_eq(pos->uid, uid))
325
303
 			continue;
326
-		if (auth && pos->auth->service != auth->service)
304
+		if (pos->auth->service != auth->service)
327
305
 			continue;
328
306
 		refcount_inc(&pos->count);
329
-		dprintk("RPC:       %s found msg %p\n", __func__, pos);
330
307
 		return pos;
331
308
 	}
332
-	dprintk("RPC:       %s found nothing\n", __func__);
333
309
 	return NULL;
334
310
 }
335
311
 
..
..
@@ -409,9 +385,12 @@
409
385
 	gss_release_msg(gss_msg);
410
386
 }
411
387
 
412
-static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
388
+static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
389
+			      const struct cred *cred)
413
390
 {
414
-	uid_t uid = from_kuid(&init_user_ns, gss_msg->uid);
391
+	struct user_namespace *userns = cred->user_ns;
392
+
393
+	uid_t uid = from_kuid_munged(userns, gss_msg->uid);
415
394
 	memcpy(gss_msg->databuf, &uid, sizeof(uid));
416
395
 	gss_msg->msg.data = gss_msg->databuf;
417
396
 	gss_msg->msg.len = sizeof(uid);
..
..
@@ -419,17 +398,31 @@
419
398
 	BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
420
399
 }
421
400
 
401
+static ssize_t
402
+gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
403
+		char __user *buf, size_t buflen)
404
+{
405
+	struct gss_upcall_msg *gss_msg = container_of(msg,
406
+						      struct gss_upcall_msg,
407
+						      msg);
408
+	if (msg->copied == 0)
409
+		gss_encode_v0_msg(gss_msg, file->f_cred);
410
+	return rpc_pipe_generic_upcall(file, msg, buf, buflen);
411
+}
412
+
422
413
 static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
423
414
 				const char *service_name,
424
-				const char *target_name)
415
+				const char *target_name,
416
+				const struct cred *cred)
425
417
 {
418
+	struct user_namespace *userns = cred->user_ns;
426
419
 	struct gss_api_mech *mech = gss_msg->auth->mech;
427
420
 	char *p = gss_msg->databuf;
428
421
 	size_t buflen = sizeof(gss_msg->databuf);
429
422
 	int len;
430
423
 
431
-	len = scnprintf(p, buflen, "mech=%s uid=%d ", mech->gm_name,
432
-			from_kuid(&init_user_ns, gss_msg->uid));
424
+	len = scnprintf(p, buflen, "mech=%s uid=%d", mech->gm_name,
425
+			from_kuid_munged(userns, gss_msg->uid));
433
426
 	buflen -= len;
434
427
 	p += len;
435
428
 	gss_msg->msg.len = len;
..
..
@@ -439,7 +432,7 @@
439
432
 	 * identity that we are authenticating to.
440
433
 	 */
441
434
 	if (target_name) {
442
-		len = scnprintf(p, buflen, "target=%s ", target_name);
435
+		len = scnprintf(p, buflen, " target=%s", target_name);
443
436
 		buflen -= len;
444
437
 		p += len;
445
438
 		gss_msg->msg.len += len;
..
..
@@ -459,11 +452,11 @@
459
452
 		char *c = strchr(service_name, '@');
460
453
 
461
454
 		if (!c)
462
-			len = scnprintf(p, buflen, "service=%s ",
455
+			len = scnprintf(p, buflen, " service=%s",
463
456
 					service_name);
464
457
 		else
465
458
 			len = scnprintf(p, buflen,
466
-					"service=%.*s srchost=%s ",
459
+					" service=%.*s srchost=%s",
467
460
 					(int)(c - service_name),
468
461
 					service_name, c + 1);
469
462
 		buflen -= len;
..
..
@@ -472,22 +465,41 @@
472
465
 	}
473
466
 
474
467
 	if (mech->gm_upcall_enctypes) {
475
-		len = scnprintf(p, buflen, "enctypes=%s ",
468
+		len = scnprintf(p, buflen, " enctypes=%s",
476
469
 				mech->gm_upcall_enctypes);
477
470
 		buflen -= len;
478
471
 		p += len;
479
472
 		gss_msg->msg.len += len;
480
473
 	}
474
+	trace_rpcgss_upcall_msg(gss_msg->databuf);
481
475
 	len = scnprintf(p, buflen, "\n");
482
476
 	if (len == 0)
483
477
 		goto out_overflow;
484
478
 	gss_msg->msg.len += len;
485
-
486
479
 	gss_msg->msg.data = gss_msg->databuf;
487
480
 	return 0;
488
481
 out_overflow:
489
482
 	WARN_ON_ONCE(1);
490
483
 	return -ENOMEM;
484
+}
485
+
486
+static ssize_t
487
+gss_v1_upcall(struct file *file, struct rpc_pipe_msg *msg,
488
+		char __user *buf, size_t buflen)
489
+{
490
+	struct gss_upcall_msg *gss_msg = container_of(msg,
491
+						      struct gss_upcall_msg,
492
+						      msg);
493
+	int err;
494
+	if (msg->copied == 0) {
495
+		err = gss_encode_v1_msg(gss_msg,
496
+					gss_msg->service_name,
497
+					gss_msg->auth->target_name,
498
+					file->f_cred);
499
+		if (err)
500
+			return err;
501
+	}
502
+	return rpc_pipe_generic_upcall(file, msg, buf, buflen);
491
503
 }
492
504
 
493
505
 static struct gss_upcall_msg *
..
..
@@ -512,16 +524,14 @@
512
524
 	refcount_set(&gss_msg->count, 1);
513
525
 	gss_msg->uid = uid;
514
526
 	gss_msg->auth = gss_auth;
515
-	switch (vers) {
516
-	case 0:
517
-		gss_encode_v0_msg(gss_msg);
518
-		break;
519
-	default:
520
-		err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
521
-		if (err)
522
-			goto err_put_pipe_version;
523
-	}
524
527
 	kref_get(&gss_auth->kref);
528
+	if (service_name) {
529
+		gss_msg->service_name = kstrdup_const(service_name, GFP_NOFS);
530
+		if (!gss_msg->service_name) {
531
+			err = -ENOMEM;
532
+			goto err_put_pipe_version;
533
+		}
534
+	}
525
535
 	return gss_msg;
526
536
 err_put_pipe_version:
527
537
 	put_pipe_version(gss_auth->net);
..
..
@@ -537,7 +547,7 @@
537
547
 	struct gss_cred *gss_cred = container_of(cred,
538
548
 			struct gss_cred, gc_base);
539
549
 	struct gss_upcall_msg *gss_new, *gss_msg;
540
-	kuid_t uid = cred->cr_uid;
550
+	kuid_t uid = cred->cr_cred->fsuid;
541
551
 
542
552
 	gss_new = gss_alloc_msg(gss_auth, uid, gss_cred->gc_principal);
543
553
 	if (IS_ERR(gss_new))
..
..
@@ -575,16 +585,15 @@
575
585
 	struct rpc_pipe *pipe;
576
586
 	int err = 0;
577
587
 
578
-	dprintk("RPC: %5u %s for uid %u\n",
579
-		task->tk_pid, __func__, from_kuid(&init_user_ns, cred->cr_uid));
580
588
 	gss_msg = gss_setup_upcall(gss_auth, cred);
581
589
 	if (PTR_ERR(gss_msg) == -EAGAIN) {
582
590
 		/* XXX: warning on the first, under the assumption we
583
591
 		 * shouldn't normally hit this case on a refresh. */
584
592
 		warn_gssd();
585
-		task->tk_timeout = 15*HZ;
586
-		rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
587
-		return -EAGAIN;
593
+		rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
594
+				task, NULL, jiffies + (15 * HZ));
595
+		err = -EAGAIN;
596
+		goto out;
588
597
 	}
589
598
 	if (IS_ERR(gss_msg)) {
590
599
 		err = PTR_ERR(gss_msg);
..
..
@@ -595,7 +604,6 @@
595
604
 	if (gss_cred->gc_upcall != NULL)
596
605
 		rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
597
606
 	else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
598
-		task->tk_timeout = 0;
599
607
 		gss_cred->gc_upcall = gss_msg;
600
608
 		/* gss_upcall_callback will release the reference to gss_upcall_msg */
601
609
 		refcount_inc(&gss_msg->count);
..
..
@@ -607,9 +615,8 @@
607
615
 	spin_unlock(&pipe->lock);
608
616
 	gss_release_msg(gss_msg);
609
617
 out:
610
-	dprintk("RPC: %5u %s for uid %u result %d\n",
611
-		task->tk_pid, __func__,
612
-		from_kuid(&init_user_ns, cred->cr_uid),	err);
618
+	trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
619
+					     cred->cr_cred->fsuid), err);
613
620
 	return err;
614
621
 }
615
622
 
..
..
@@ -624,14 +631,13 @@
624
631
 	DEFINE_WAIT(wait);
625
632
 	int err;
626
633
 
627
-	dprintk("RPC:       %s for uid %u\n",
628
-		__func__, from_kuid(&init_user_ns, cred->cr_uid));
629
634
 retry:
630
635
 	err = 0;
631
636
 	/* if gssd is down, just skip upcalling altogether */
632
637
 	if (!gssd_running(net)) {
633
638
 		warn_gssd();
634
-		return -EACCES;
639
+		err = -EACCES;
640
+		goto out;
635
641
 	}
636
642
 	gss_msg = gss_setup_upcall(gss_auth, cred);
637
643
 	if (PTR_ERR(gss_msg) == -EAGAIN) {
..
..
@@ -663,18 +669,35 @@
663
669
 		}
664
670
 		schedule();
665
671
 	}
666
-	if (gss_msg->ctx)
672
+	if (gss_msg->ctx) {
673
+		trace_rpcgss_ctx_init(gss_cred);
667
674
 		gss_cred_set_ctx(cred, gss_msg->ctx);
668
-	else
675
+	} else {
669
676
 		err = gss_msg->msg.errno;
677
+	}
670
678
 	spin_unlock(&pipe->lock);
671
679
 out_intr:
672
680
 	finish_wait(&gss_msg->waitqueue, &wait);
673
681
 	gss_release_msg(gss_msg);
674
682
 out:
675
-	dprintk("RPC:       %s for uid %u result %d\n",
676
-		__func__, from_kuid(&init_user_ns, cred->cr_uid), err);
683
+	trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
684
+					     cred->cr_cred->fsuid), err);
677
685
 	return err;
686
+}
687
+
688
+static struct gss_upcall_msg *
689
+gss_find_downcall(struct rpc_pipe *pipe, kuid_t uid)
690
+{
691
+	struct gss_upcall_msg *pos;
692
+	list_for_each_entry(pos, &pipe->in_downcall, list) {
693
+		if (!uid_eq(pos->uid, uid))
694
+			continue;
695
+		if (!rpc_msg_is_inflight(&pos->msg))
696
+			continue;
697
+		refcount_inc(&pos->count);
698
+		return pos;
699
+	}
700
+	return NULL;
678
701
 }
679
702
 
680
703
 #define MSG_BUF_MAXSIZE 1024
..
..
@@ -709,7 +732,7 @@
709
732
 		goto err;
710
733
 	}
711
734
 
712
-	uid = make_kuid(&init_user_ns, id);
735
+	uid = make_kuid(current_user_ns(), id);
713
736
 	if (!uid_valid(uid)) {
714
737
 		err = -EINVAL;
715
738
 		goto err;
..
..
@@ -723,7 +746,7 @@
723
746
 	err = -ENOENT;
724
747
 	/* Find a matching upcall */
725
748
 	spin_lock(&pipe->lock);
726
-	gss_msg = __gss_find_upcall(pipe, uid, NULL);
749
+	gss_msg = gss_find_downcall(pipe, uid);
727
750
 	if (gss_msg == NULL) {
728
751
 		spin_unlock(&pipe->lock);
729
752
 		goto err_put_ctx;
..
..
@@ -766,7 +789,6 @@
766
789
 err:
767
790
 	kfree(buf);
768
791
 out:
769
-	dprintk("RPC:       %s returning %zd\n", __func__, err);
770
792
 	return err;
771
793
 }
772
794
 
..
..
@@ -835,8 +857,6 @@
835
857
 	struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
836
858
 
837
859
 	if (msg->errno < 0) {
838
-		dprintk("RPC:       %s releasing msg %p\n",
839
-			__func__, gss_msg);
840
860
 		refcount_inc(&gss_msg->count);
841
861
 		gss_unhash_msg(gss_msg);
842
862
 		if (msg->errno == -ETIMEDOUT)
..
..
@@ -996,8 +1016,6 @@
996
1016
 	struct rpc_auth * auth;
997
1017
 	int err = -ENOMEM; /* XXX? */
998
1018
 
999
-	dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
1000
-
1001
1019
 	if (!try_module_get(THIS_MODULE))
1002
1020
 		return ERR_PTR(err);
1003
1021
 	if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
..
..
@@ -1013,10 +1031,8 @@
1013
1031
 	gss_auth->net = get_net(rpc_net_ns(clnt));
1014
1032
 	err = -EINVAL;
1015
1033
 	gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
1016
-	if (!gss_auth->mech) {
1017
-		dprintk("RPC:       Pseudoflavor %d not found!\n", flavor);
1034
+	if (!gss_auth->mech)
1018
1035
 		goto err_put_net;
1019
-	}
1020
1036
 	gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
1021
1037
 	if (gss_auth->service == 0)
1022
1038
 		goto err_put_mech;
..
..
@@ -1024,13 +1040,15 @@
1024
1040
 		goto err_put_mech;
1025
1041
 	auth = &gss_auth->rpc_auth;
1026
1042
 	auth->au_cslack = GSS_CRED_SLACK >> 2;
1027
-	auth->au_rslack = GSS_VERF_SLACK >> 2;
1028
-	auth->au_flags = 0;
1043
+	auth->au_rslack = GSS_KRB5_MAX_SLACK_NEEDED >> 2;
1044
+	auth->au_verfsize = GSS_VERF_SLACK >> 2;
1045
+	auth->au_ralign = GSS_VERF_SLACK >> 2;
1046
+	__set_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags);
1029
1047
 	auth->au_ops = &authgss_ops;
1030
1048
 	auth->au_flavor = flavor;
1031
1049
 	if (gss_pseudoflavor_to_datatouch(gss_auth->mech, flavor))
1032
-		auth->au_flags |= RPCAUTH_AUTH_DATATOUCH;
1033
-	atomic_set(&auth->au_count, 1);
1050
+		__set_bit(RPCAUTH_AUTH_DATATOUCH, &auth->au_flags);
1051
+	refcount_set(&auth->au_count, 1);
1034
1052
 	kref_init(&gss_auth->kref);
1035
1053
 
1036
1054
 	err = rpcauth_init_credcache(auth);
..
..
@@ -1071,6 +1089,7 @@
1071
1089
 	kfree(gss_auth);
1072
1090
 out_dec:
1073
1091
 	module_put(THIS_MODULE);
1092
+	trace_rpcgss_createauth(flavor, err);
1074
1093
 	return ERR_PTR(err);
1075
1094
 }
1076
1095
 
..
..
@@ -1106,9 +1125,6 @@
1106
1125
 {
1107
1126
 	struct gss_auth *gss_auth = container_of(auth,
1108
1127
 			struct gss_auth, rpc_auth);
1109
-
1110
-	dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
1111
-			auth, auth->au_flavor);
1112
1128
 
1113
1129
 	if (hash_hashed(&gss_auth->hash)) {
1114
1130
 		spin_lock(&gss_auth_hash_lock);
..
..
@@ -1159,7 +1175,7 @@
1159
1175
 			if (strcmp(gss_auth->target_name, args->target_name))
1160
1176
 				continue;
1161
1177
 		}
1162
-		if (!atomic_inc_not_zero(&gss_auth->rpc_auth.au_count))
1178
+		if (!refcount_inc_not_zero(&gss_auth->rpc_auth.au_count))
1163
1179
 			continue;
1164
1180
 		goto out;
1165
1181
 	}
..
..
@@ -1211,36 +1227,60 @@
1211
1227
 	return &gss_auth->rpc_auth;
1212
1228
 }
1213
1229
 
1230
+static struct gss_cred *
1231
+gss_dup_cred(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
1232
+{
1233
+	struct gss_cred *new;
1234
+
1235
+	/* Make a copy of the cred so that we can reference count it */
1236
+	new = kzalloc(sizeof(*gss_cred), GFP_NOFS);
1237
+	if (new) {
1238
+		struct auth_cred acred = {
1239
+			.cred = gss_cred->gc_base.cr_cred,
1240
+		};
1241
+		struct gss_cl_ctx *ctx =
1242
+			rcu_dereference_protected(gss_cred->gc_ctx, 1);
1243
+
1244
+		rpcauth_init_cred(&new->gc_base, &acred,
1245
+				&gss_auth->rpc_auth,
1246
+				&gss_nullops);
1247
+		new->gc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
1248
+		new->gc_service = gss_cred->gc_service;
1249
+		new->gc_principal = gss_cred->gc_principal;
1250
+		kref_get(&gss_auth->kref);
1251
+		rcu_assign_pointer(new->gc_ctx, ctx);
1252
+		gss_get_ctx(ctx);
1253
+	}
1254
+	return new;
1255
+}
1256
+
1214
1257
 /*
1215
- * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
1258
+ * gss_send_destroy_context will cause the RPCSEC_GSS to send a NULL RPC call
1216
1259
  * to the server with the GSS control procedure field set to
1217
1260
  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
1218
1261
  * all RPCSEC_GSS state associated with that context.
1219
1262
  */
1220
-static int
1221
-gss_destroying_context(struct rpc_cred *cred)
1263
+static void
1264
+gss_send_destroy_context(struct rpc_cred *cred)
1222
1265
 {
1223
1266
 	struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1224
1267
 	struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1225
1268
 	struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1269
+	struct gss_cred *new;
1226
1270
 	struct rpc_task *task;
1227
1271
 
1228
-	if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
1229
-		return 0;
1272
+	new = gss_dup_cred(gss_auth, gss_cred);
1273
+	if (new) {
1274
+		ctx->gc_proc = RPC_GSS_PROC_DESTROY;
1230
1275
 
1231
-	ctx->gc_proc = RPC_GSS_PROC_DESTROY;
1232
-	cred->cr_ops = &gss_nullops;
1276
+		trace_rpcgss_ctx_destroy(gss_cred);
1277
+		task = rpc_call_null(gss_auth->client, &new->gc_base,
1278
+				     RPC_TASK_ASYNC);
1279
+		if (!IS_ERR(task))
1280
+			rpc_put_task(task);
1233
1281
 
1234
-	/* Take a reference to ensure the cred will be destroyed either
1235
-	 * by the RPC call or by the put_rpccred() below */
1236
-	get_rpccred(cred);
1237
-
1238
-	task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
1239
-	if (!IS_ERR(task))
1240
-		rpc_put_task(task);
1241
-
1242
-	put_rpccred(cred);
1243
-	return 1;
1282
+		put_rpccred(&new->gc_base);
1283
+	}
1244
1284
 }
1245
1285
 
1246
1286
 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
..
..
@@ -1249,8 +1289,6 @@
1249
1289
 static void
1250
1290
 gss_do_free_ctx(struct gss_cl_ctx *ctx)
1251
1291
 {
1252
-	dprintk("RPC:       %s\n", __func__);
1253
-
1254
1292
 	gss_delete_sec_context(&ctx->gc_gss_ctx);
1255
1293
 	kfree(ctx->gc_wire_ctx.data);
1256
1294
 	kfree(ctx->gc_acceptor.data);
..
..
@@ -1273,7 +1311,6 @@
1273
1311
 static void
1274
1312
 gss_free_cred(struct gss_cred *gss_cred)
1275
1313
 {
1276
-	dprintk("RPC:       %s cred=%p\n", __func__, gss_cred);
1277
1314
 	kfree(gss_cred);
1278
1315
 }
1279
1316
 
..
..
@@ -1292,6 +1329,7 @@
1292
1329
 	struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1293
1330
 
1294
1331
 	RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
1332
+	put_cred(cred->cr_cred);
1295
1333
 	call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1296
1334
 	if (ctx)
1297
1335
 		gss_put_ctx(ctx);
..
..
@@ -1301,16 +1339,15 @@
1301
1339
 static void
1302
1340
 gss_destroy_cred(struct rpc_cred *cred)
1303
1341
 {
1304
-
1305
-	if (gss_destroying_context(cred))
1306
-		return;
1342
+	if (test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0)
1343
+		gss_send_destroy_context(cred);
1307
1344
 	gss_destroy_nullcred(cred);
1308
1345
 }
1309
1346
 
1310
1347
 static int
1311
1348
 gss_hash_cred(struct auth_cred *acred, unsigned int hashbits)
1312
1349
 {
1313
-	return hash_64(from_kuid(&init_user_ns, acred->uid), hashbits);
1350
+	return hash_64(from_kuid(&init_user_ns, acred->cred->fsuid), hashbits);
1314
1351
 }
1315
1352
 
1316
1353
 /*
..
..
@@ -1329,10 +1366,6 @@
1329
1366
 	struct gss_cred	*cred = NULL;
1330
1367
 	int err = -ENOMEM;
1331
1368
 
1332
-	dprintk("RPC:       %s for uid %d, flavor %d\n",
1333
-		__func__, from_kuid(&init_user_ns, acred->uid),
1334
-		auth->au_flavor);
1335
-
1336
1369
 	if (!(cred = kzalloc(sizeof(*cred), gfp)))
1337
1370
 		goto out_err;
1338
1371
 
..
..
@@ -1343,14 +1376,11 @@
1343
1376
 	 */
1344
1377
 	cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
1345
1378
 	cred->gc_service = gss_auth->service;
1346
-	cred->gc_principal = NULL;
1347
-	if (acred->machine_cred)
1348
-		cred->gc_principal = acred->principal;
1379
+	cred->gc_principal = acred->principal;
1349
1380
 	kref_get(&gss_auth->kref);
1350
1381
 	return &cred->gc_base;
1351
1382
 
1352
1383
 out_err:
1353
-	dprintk("RPC:       %s failed with error %d\n", __func__, err);
1354
1384
 	return ERR_PTR(err);
1355
1385
 }
1356
1386
 
..
..
@@ -1467,85 +1497,93 @@
1467
1497
 		if (gss_cred->gc_principal == NULL)
1468
1498
 			return 0;
1469
1499
 		ret = strcmp(acred->principal, gss_cred->gc_principal) == 0;
1470
-		goto check_expire;
1471
-	}
1472
-	if (gss_cred->gc_principal != NULL)
1473
-		return 0;
1474
-	ret = uid_eq(rc->cr_uid, acred->uid);
1475
-
1476
-check_expire:
1477
-	if (ret == 0)
1478
-		return ret;
1479
-
1480
-	/* Notify acred users of GSS context expiration timeout */
1481
-	if (test_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags) &&
1482
-	    (gss_key_timeout(rc) != 0)) {
1483
-		/* test will now be done from generic cred */
1484
-		test_and_clear_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags);
1485
-		/* tell NFS layer that key will expire soon */
1486
-		set_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags);
1500
+	} else {
1501
+		if (gss_cred->gc_principal != NULL)
1502
+			return 0;
1503
+		ret = uid_eq(rc->cr_cred->fsuid, acred->cred->fsuid);
1487
1504
 	}
1488
1505
 	return ret;
1489
1506
 }
1490
1507
 
1491
1508
 /*
1492
-* Marshal credentials.
1493
-* Maybe we should keep a cached credential for performance reasons.
1494
-*/
1495
-static __be32 *
1496
-gss_marshal(struct rpc_task *task, __be32 *p)
1509
+ * Marshal credentials.
1510
+ *
1511
+ * The expensive part is computing the verifier. We can't cache a
1512
+ * pre-computed version of the verifier because the seqno, which
1513
+ * is different every time, is included in the MIC.
1514
+ */
1515
+static int gss_marshal(struct rpc_task *task, struct xdr_stream *xdr)
1497
1516
 {
1498
1517
 	struct rpc_rqst *req = task->tk_rqstp;
1499
1518
 	struct rpc_cred *cred = req->rq_cred;
1500
1519
 	struct gss_cred	*gss_cred = container_of(cred, struct gss_cred,
1501
1520
 						 gc_base);
1502
1521
 	struct gss_cl_ctx	*ctx = gss_cred_get_ctx(cred);
1503
-	__be32		*cred_len;
1522
+	__be32		*p, *cred_len;
1504
1523
 	u32             maj_stat = 0;
1505
1524
 	struct xdr_netobj mic;
1506
1525
 	struct kvec	iov;
1507
1526
 	struct xdr_buf	verf_buf;
1527
+	int status;
1508
1528
 
1509
-	dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1529
+	/* Credential */
1510
1530
 
1511
-	*p++ = htonl(RPC_AUTH_GSS);
1531
+	p = xdr_reserve_space(xdr, 7 * sizeof(*p) +
1532
+			      ctx->gc_wire_ctx.len);
1533
+	if (!p)
1534
+		goto marshal_failed;
1535
+	*p++ = rpc_auth_gss;
1512
1536
 	cred_len = p++;
1513
1537
 
1514
1538
 	spin_lock(&ctx->gc_seq_lock);
1515
-	req->rq_seqno = ctx->gc_seq++;
1539
+	req->rq_seqno = (ctx->gc_seq < MAXSEQ) ? ctx->gc_seq++ : MAXSEQ;
1516
1540
 	spin_unlock(&ctx->gc_seq_lock);
1541
+	if (req->rq_seqno == MAXSEQ)
1542
+		goto expired;
1543
+	trace_rpcgss_seqno(task);
1517
1544
 
1518
-	*p++ = htonl((u32) RPC_GSS_VERSION);
1519
-	*p++ = htonl((u32) ctx->gc_proc);
1520
-	*p++ = htonl((u32) req->rq_seqno);
1521
-	*p++ = htonl((u32) gss_cred->gc_service);
1545
+	*p++ = cpu_to_be32(RPC_GSS_VERSION);
1546
+	*p++ = cpu_to_be32(ctx->gc_proc);
1547
+	*p++ = cpu_to_be32(req->rq_seqno);
1548
+	*p++ = cpu_to_be32(gss_cred->gc_service);
1522
1549
 	p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1523
-	*cred_len = htonl((p - (cred_len + 1)) << 2);
1550
+	*cred_len = cpu_to_be32((p - (cred_len + 1)) << 2);
1551
+
1552
+	/* Verifier */
1524
1553
 
1525
1554
 	/* We compute the checksum for the verifier over the xdr-encoded bytes
1526
1555
 	 * starting with the xid and ending at the end of the credential: */
1527
-	iov.iov_base = xprt_skip_transport_header(req->rq_xprt,
1528
-					req->rq_snd_buf.head[0].iov_base);
1556
+	iov.iov_base = req->rq_snd_buf.head[0].iov_base;
1529
1557
 	iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1530
1558
 	xdr_buf_from_iov(&iov, &verf_buf);
1531
1559
 
1532
-	/* set verifier flavor*/
1533
-	*p++ = htonl(RPC_AUTH_GSS);
1534
-
1560
+	p = xdr_reserve_space(xdr, sizeof(*p));
1561
+	if (!p)
1562
+		goto marshal_failed;
1563
+	*p++ = rpc_auth_gss;
1535
1564
 	mic.data = (u8 *)(p + 1);
1536
1565
 	maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1537
-	if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
1538
-		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1539
-	} else if (maj_stat != 0) {
1540
-		printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
1541
-		goto out_put_ctx;
1542
-	}
1543
-	p = xdr_encode_opaque(p, NULL, mic.len);
1566
+	if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1567
+		goto expired;
1568
+	else if (maj_stat != 0)
1569
+		goto bad_mic;
1570
+	if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1571
+		goto marshal_failed;
1572
+	status = 0;
1573
+out:
1544
1574
 	gss_put_ctx(ctx);
1545
-	return p;
1546
-out_put_ctx:
1547
-	gss_put_ctx(ctx);
1548
-	return NULL;
1575
+	return status;
1576
+expired:
1577
+	clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1578
+	status = -EKEYEXPIRED;
1579
+	goto out;
1580
+marshal_failed:
1581
+	status = -EMSGSIZE;
1582
+	goto out;
1583
+bad_mic:
1584
+	trace_rpcgss_get_mic(task, maj_stat);
1585
+	status = -EIO;
1586
+	goto out;
1549
1587
 }
1550
1588
 
1551
1589
 static int gss_renew_cred(struct rpc_task *task)
..
..
@@ -1556,15 +1594,15 @@
1556
1594
 						 gc_base);
1557
1595
 	struct rpc_auth *auth = oldcred->cr_auth;
1558
1596
 	struct auth_cred acred = {
1559
-		.uid = oldcred->cr_uid,
1597
+		.cred = oldcred->cr_cred,
1560
1598
 		.principal = gss_cred->gc_principal,
1561
-		.machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),
1562
1599
 	};
1563
1600
 	struct rpc_cred *new;
1564
1601
 
1565
1602
 	new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1566
1603
 	if (IS_ERR(new))
1567
1604
 		return PTR_ERR(new);
1605
+
1568
1606
 	task->tk_rqstp->rq_cred = new;
1569
1607
 	put_rpccred(oldcred);
1570
1608
 	return 0;
..
..
@@ -1620,116 +1658,107 @@
1620
1658
 	return 0;
1621
1659
 }
1622
1660
 
1623
-static __be32 *
1624
-gss_validate(struct rpc_task *task, __be32 *p)
1661
+static int
1662
+gss_validate(struct rpc_task *task, struct xdr_stream *xdr)
1625
1663
 {
1626
1664
 	struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1627
1665
 	struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1628
-	__be32		*seq = NULL;
1666
+	__be32		*p, *seq = NULL;
1629
1667
 	struct kvec	iov;
1630
1668
 	struct xdr_buf	verf_buf;
1631
1669
 	struct xdr_netobj mic;
1632
-	u32		flav,len;
1633
-	u32		maj_stat;
1634
-	__be32		*ret = ERR_PTR(-EIO);
1670
+	u32		len, maj_stat;
1671
+	int		status;
1635
1672
 
1636
-	dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1673
+	p = xdr_inline_decode(xdr, 2 * sizeof(*p));
1674
+	if (!p)
1675
+		goto validate_failed;
1676
+	if (*p++ != rpc_auth_gss)
1677
+		goto validate_failed;
1678
+	len = be32_to_cpup(p);
1679
+	if (len > RPC_MAX_AUTH_SIZE)
1680
+		goto validate_failed;
1681
+	p = xdr_inline_decode(xdr, len);
1682
+	if (!p)
1683
+		goto validate_failed;
1637
1684
 
1638
-	flav = ntohl(*p++);
1639
-	if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
1640
-		goto out_bad;
1641
-	if (flav != RPC_AUTH_GSS)
1642
-		goto out_bad;
1643
1685
 	seq = kmalloc(4, GFP_NOFS);
1644
1686
 	if (!seq)
1645
-		goto out_bad;
1646
-	*seq = htonl(task->tk_rqstp->rq_seqno);
1687
+		goto validate_failed;
1688
+	*seq = cpu_to_be32(task->tk_rqstp->rq_seqno);
1647
1689
 	iov.iov_base = seq;
1648
1690
 	iov.iov_len = 4;
1649
1691
 	xdr_buf_from_iov(&iov, &verf_buf);
1650
1692
 	mic.data = (u8 *)p;
1651
1693
 	mic.len = len;
1652
-
1653
-	ret = ERR_PTR(-EACCES);
1654
1694
 	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1655
1695
 	if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1656
1696
 		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1657
-	if (maj_stat) {
1658
-		dprintk("RPC: %5u %s: gss_verify_mic returned error 0x%08x\n",
1659
-			task->tk_pid, __func__, maj_stat);
1660
-		goto out_bad;
1661
-	}
1697
+	if (maj_stat)
1698
+		goto bad_mic;
1699
+
1662
1700
 	/* We leave it to unwrap to calculate au_rslack. For now we just
1663
1701
 	 * calculate the length of the verifier: */
1664
-	cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1702
+	if (test_bit(RPCAUTH_AUTH_UPDATE_SLACK, &cred->cr_auth->au_flags))
1703
+		cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1704
+	status = 0;
1705
+out:
1665
1706
 	gss_put_ctx(ctx);
1666
-	dprintk("RPC: %5u %s: gss_verify_mic succeeded.\n",
1667
-			task->tk_pid, __func__);
1668
1707
 	kfree(seq);
1669
-	return p + XDR_QUADLEN(len);
1670
-out_bad:
1671
-	gss_put_ctx(ctx);
1672
-	dprintk("RPC: %5u %s failed ret %ld.\n", task->tk_pid, __func__,
1673
-		PTR_ERR(ret));
1674
-	kfree(seq);
1675
-	return ret;
1708
+	return status;
1709
+
1710
+validate_failed:
1711
+	status = -EIO;
1712
+	goto out;
1713
+bad_mic:
1714
+	trace_rpcgss_verify_mic(task, maj_stat);
1715
+	status = -EACCES;
1716
+	goto out;
1676
1717
 }
1677
1718
 
1678
-static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
1679
-				__be32 *p, void *obj)
1680
-{
1681
-	struct xdr_stream xdr;
1682
-
1683
-	xdr_init_encode(&xdr, &rqstp->rq_snd_buf, p);
1684
-	encode(rqstp, &xdr, obj);
1685
-}
1686
-
1687
-static inline int
1719
+static noinline_for_stack int
1688
1720
 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1689
-		   kxdreproc_t encode, struct rpc_rqst *rqstp,
1690
-		   __be32 *p, void *obj)
1721
+		   struct rpc_task *task, struct xdr_stream *xdr)
1691
1722
 {
1692
-	struct xdr_buf	*snd_buf = &rqstp->rq_snd_buf;
1693
-	struct xdr_buf	integ_buf;
1694
-	__be32          *integ_len = NULL;
1723
+	struct rpc_rqst *rqstp = task->tk_rqstp;
1724
+	struct xdr_buf integ_buf, *snd_buf = &rqstp->rq_snd_buf;
1695
1725
 	struct xdr_netobj mic;
1696
-	u32		offset;
1697
-	__be32		*q;
1698
-	struct kvec	*iov;
1699
-	u32             maj_stat = 0;
1700
-	int		status = -EIO;
1726
+	__be32 *p, *integ_len;
1727
+	u32 offset, maj_stat;
1701
1728
 
1729
+	p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1730
+	if (!p)
1731
+		goto wrap_failed;
1702
1732
 	integ_len = p++;
1733
+	*p = cpu_to_be32(rqstp->rq_seqno);
1734
+
1735
+	if (rpcauth_wrap_req_encode(task, xdr))
1736
+		goto wrap_failed;
1737
+
1703
1738
 	offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1704
-	*p++ = htonl(rqstp->rq_seqno);
1705
-
1706
-	gss_wrap_req_encode(encode, rqstp, p, obj);
1707
-
1708
1739
 	if (xdr_buf_subsegment(snd_buf, &integ_buf,
1709
1740
 				offset, snd_buf->len - offset))
1710
-		return status;
1711
-	*integ_len = htonl(integ_buf.len);
1741
+		goto wrap_failed;
1742
+	*integ_len = cpu_to_be32(integ_buf.len);
1712
1743
 
1713
-	/* guess whether we're in the head or the tail: */
1714
-	if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1715
-		iov = snd_buf->tail;
1716
-	else
1717
-		iov = snd_buf->head;
1718
-	p = iov->iov_base + iov->iov_len;
1744
+	p = xdr_reserve_space(xdr, 0);
1745
+	if (!p)
1746
+		goto wrap_failed;
1719
1747
 	mic.data = (u8 *)(p + 1);
1720
-
1721
1748
 	maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1722
-	status = -EIO; /* XXX? */
1723
1749
 	if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1724
1750
 		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1725
1751
 	else if (maj_stat)
1726
-		return status;
1727
-	q = xdr_encode_opaque(p, NULL, mic.len);
1728
-
1729
-	offset = (u8 *)q - (u8 *)p;
1730
-	iov->iov_len += offset;
1731
-	snd_buf->len += offset;
1752
+		goto bad_mic;
1753
+	/* Check that the trailing MIC fit in the buffer, after the fact */
1754
+	if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1755
+		goto wrap_failed;
1732
1756
 	return 0;
1757
+wrap_failed:
1758
+	return -EMSGSIZE;
1759
+bad_mic:
1760
+	trace_rpcgss_get_mic(task, maj_stat);
1761
+	return -EIO;
1733
1762
 }
1734
1763
 
1735
1764
 static void
..
..
@@ -1780,224 +1809,348 @@
1780
1809
 	return -EAGAIN;
1781
1810
 }
1782
1811
 
1783
-static inline int
1812
+static noinline_for_stack int
1784
1813
 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1785
-		  kxdreproc_t encode, struct rpc_rqst *rqstp,
1786
-		  __be32 *p, void *obj)
1814
+		  struct rpc_task *task, struct xdr_stream *xdr)
1787
1815
 {
1816
+	struct rpc_rqst *rqstp = task->tk_rqstp;
1788
1817
 	struct xdr_buf	*snd_buf = &rqstp->rq_snd_buf;
1789
-	u32		offset;
1790
-	u32             maj_stat;
1818
+	u32		pad, offset, maj_stat;
1791
1819
 	int		status;
1792
-	__be32		*opaque_len;
1820
+	__be32		*p, *opaque_len;
1793
1821
 	struct page	**inpages;
1794
1822
 	int		first;
1795
-	int		pad;
1796
1823
 	struct kvec	*iov;
1797
-	char		*tmp;
1798
1824
 
1825
+	status = -EIO;
1826
+	p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1827
+	if (!p)
1828
+		goto wrap_failed;
1799
1829
 	opaque_len = p++;
1800
-	offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1801
-	*p++ = htonl(rqstp->rq_seqno);
1830
+	*p = cpu_to_be32(rqstp->rq_seqno);
1802
1831
 
1803
-	gss_wrap_req_encode(encode, rqstp, p, obj);
1832
+	if (rpcauth_wrap_req_encode(task, xdr))
1833
+		goto wrap_failed;
1804
1834
 
1805
1835
 	status = alloc_enc_pages(rqstp);
1806
-	if (status)
1807
-		return status;
1836
+	if (unlikely(status))
1837
+		goto wrap_failed;
1808
1838
 	first = snd_buf->page_base >> PAGE_SHIFT;
1809
1839
 	inpages = snd_buf->pages + first;
1810
1840
 	snd_buf->pages = rqstp->rq_enc_pages;
1811
1841
 	snd_buf->page_base -= first << PAGE_SHIFT;
1812
1842
 	/*
1813
-	 * Give the tail its own page, in case we need extra space in the
1814
-	 * head when wrapping:
1843
+	 * Move the tail into its own page, in case gss_wrap needs
1844
+	 * more space in the head when wrapping.
1815
1845
 	 *
1816
-	 * call_allocate() allocates twice the slack space required
1817
-	 * by the authentication flavor to rq_callsize.
1818
-	 * For GSS, slack is GSS_CRED_SLACK.
1846
+	 * Still... Why can't gss_wrap just slide the tail down?
1819
1847
 	 */
1820
1848
 	if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1849
+		char *tmp;
1850
+
1821
1851
 		tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1822
1852
 		memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1823
1853
 		snd_buf->tail[0].iov_base = tmp;
1824
1854
 	}
1855
+	offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1825
1856
 	maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1826
1857
 	/* slack space should prevent this ever happening: */
1827
-	BUG_ON(snd_buf->len > snd_buf->buflen);
1828
-	status = -EIO;
1858
+	if (unlikely(snd_buf->len > snd_buf->buflen))
1859
+		goto wrap_failed;
1829
1860
 	/* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1830
1861
 	 * done anyway, so it's safe to put the request on the wire: */
1831
1862
 	if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1832
1863
 		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1833
1864
 	else if (maj_stat)
1834
-		return status;
1865
+		goto bad_wrap;
1835
1866
 
1836
-	*opaque_len = htonl(snd_buf->len - offset);
1837
-	/* guess whether we're in the head or the tail: */
1867
+	*opaque_len = cpu_to_be32(snd_buf->len - offset);
1868
+	/* guess whether the pad goes into the head or the tail: */
1838
1869
 	if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1839
1870
 		iov = snd_buf->tail;
1840
1871
 	else
1841
1872
 		iov = snd_buf->head;
1842
1873
 	p = iov->iov_base + iov->iov_len;
1843
-	pad = 3 - ((snd_buf->len - offset - 1) & 3);
1874
+	pad = xdr_pad_size(snd_buf->len - offset);
1844
1875
 	memset(p, 0, pad);
1845
1876
 	iov->iov_len += pad;
1846
1877
 	snd_buf->len += pad;
1847
1878
 
1848
1879
 	return 0;
1880
+wrap_failed:
1881
+	return status;
1882
+bad_wrap:
1883
+	trace_rpcgss_wrap(task, maj_stat);
1884
+	return -EIO;
1849
1885
 }
1850
1886
 
1851
-static int
1852
-gss_wrap_req(struct rpc_task *task,
1853
-	     kxdreproc_t encode, void *rqstp, __be32 *p, void *obj)
1887
+static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
1854
1888
 {
1855
1889
 	struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1856
1890
 	struct gss_cred	*gss_cred = container_of(cred, struct gss_cred,
1857
1891
 			gc_base);
1858
1892
 	struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1859
-	int             status = -EIO;
1893
+	int status;
1860
1894
 
1861
-	dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1895
+	status = -EIO;
1862
1896
 	if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1863
1897
 		/* The spec seems a little ambiguous here, but I think that not
1864
1898
 		 * wrapping context destruction requests makes the most sense.
1865
1899
 		 */
1866
-		gss_wrap_req_encode(encode, rqstp, p, obj);
1867
-		status = 0;
1900
+		status = rpcauth_wrap_req_encode(task, xdr);
1868
1901
 		goto out;
1869
1902
 	}
1870
1903
 	switch (gss_cred->gc_service) {
1871
1904
 	case RPC_GSS_SVC_NONE:
1872
-		gss_wrap_req_encode(encode, rqstp, p, obj);
1873
-		status = 0;
1905
+		status = rpcauth_wrap_req_encode(task, xdr);
1874
1906
 		break;
1875
1907
 	case RPC_GSS_SVC_INTEGRITY:
1876
-		status = gss_wrap_req_integ(cred, ctx, encode, rqstp, p, obj);
1908
+		status = gss_wrap_req_integ(cred, ctx, task, xdr);
1877
1909
 		break;
1878
1910
 	case RPC_GSS_SVC_PRIVACY:
1879
-		status = gss_wrap_req_priv(cred, ctx, encode, rqstp, p, obj);
1911
+		status = gss_wrap_req_priv(cred, ctx, task, xdr);
1880
1912
 		break;
1913
+	default:
1914
+		status = -EIO;
1881
1915
 	}
1882
1916
 out:
1883
1917
 	gss_put_ctx(ctx);
1884
-	dprintk("RPC: %5u %s returning %d\n", task->tk_pid, __func__, status);
1885
1918
 	return status;
1886
1919
 }
1887
1920
 
1888
-static inline int
1889
-gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1890
-		struct rpc_rqst *rqstp, __be32 **p)
1921
+/**
1922
+ * gss_update_rslack - Possibly update RPC receive buffer size estimates
1923
+ * @task: rpc_task for incoming RPC Reply being unwrapped
1924
+ * @cred: controlling rpc_cred for @task
1925
+ * @before: XDR words needed before each RPC Reply message
1926
+ * @after: XDR words needed following each RPC Reply message
1927
+ *
1928
+ */
1929
+static void gss_update_rslack(struct rpc_task *task, struct rpc_cred *cred,
1930
+			      unsigned int before, unsigned int after)
1891
1931
 {
1892
-	struct xdr_buf	*rcv_buf = &rqstp->rq_rcv_buf;
1893
-	struct xdr_buf integ_buf;
1932
+	struct rpc_auth *auth = cred->cr_auth;
1933
+
1934
+	if (test_and_clear_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags)) {
1935
+		auth->au_ralign = auth->au_verfsize + before;
1936
+		auth->au_rslack = auth->au_verfsize + after;
1937
+		trace_rpcgss_update_slack(task, auth);
1938
+	}
1939
+}
1940
+
1941
+static int
1942
+gss_unwrap_resp_auth(struct rpc_task *task, struct rpc_cred *cred)
1943
+{
1944
+	gss_update_rslack(task, cred, 0, 0);
1945
+	return 0;
1946
+}
1947
+
1948
+/*
1949
+ * RFC 2203, Section 5.3.2.2
1950
+ *
1951
+ *	struct rpc_gss_integ_data {
1952
+ *		opaque databody_integ<>;
1953
+ *		opaque checksum<>;
1954
+ *	};
1955
+ *
1956
+ *	struct rpc_gss_data_t {
1957
+ *		unsigned int seq_num;
1958
+ *		proc_req_arg_t arg;
1959
+ *	};
1960
+ */
1961
+static noinline_for_stack int
1962
+gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred,
1963
+		      struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
1964
+		      struct xdr_stream *xdr)
1965
+{
1966
+	struct xdr_buf gss_data, *rcv_buf = &rqstp->rq_rcv_buf;
1967
+	u32 len, offset, seqno, maj_stat;
1894
1968
 	struct xdr_netobj mic;
1895
-	u32 data_offset, mic_offset;
1896
-	u32 integ_len;
1897
-	u32 maj_stat;
1898
-	int status = -EIO;
1969
+	int ret;
1899
1970
 
1900
-	integ_len = ntohl(*(*p)++);
1901
-	if (integ_len & 3)
1902
-		return status;
1903
-	data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1904
-	mic_offset = integ_len + data_offset;
1905
-	if (mic_offset > rcv_buf->len)
1906
-		return status;
1907
-	if (ntohl(*(*p)++) != rqstp->rq_seqno)
1908
-		return status;
1971
+	ret = -EIO;
1972
+	mic.data = NULL;
1909
1973
 
1910
-	if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1911
-				mic_offset - data_offset))
1912
-		return status;
1974
+	/* opaque databody_integ<>; */
1975
+	if (xdr_stream_decode_u32(xdr, &len))
1976
+		goto unwrap_failed;
1977
+	if (len & 3)
1978
+		goto unwrap_failed;
1979
+	offset = rcv_buf->len - xdr_stream_remaining(xdr);
1980
+	if (xdr_stream_decode_u32(xdr, &seqno))
1981
+		goto unwrap_failed;
1982
+	if (seqno != rqstp->rq_seqno)
1983
+		goto bad_seqno;
1984
+	if (xdr_buf_subsegment(rcv_buf, &gss_data, offset, len))
1985
+		goto unwrap_failed;
1913
1986
 
1914
-	if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1915
-		return status;
1987
+	/*
1988
+	 * The xdr_stream now points to the beginning of the
1989
+	 * upper layer payload, to be passed below to
1990
+	 * rpcauth_unwrap_resp_decode(). The checksum, which
1991
+	 * follows the upper layer payload in @rcv_buf, is
1992
+	 * located and parsed without updating the xdr_stream.
1993
+	 */
1916
1994
 
1917
-	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1995
+	/* opaque checksum<>; */
1996
+	offset += len;
1997
+	if (xdr_decode_word(rcv_buf, offset, &len))
1998
+		goto unwrap_failed;
1999
+	offset += sizeof(__be32);
2000
+	if (offset + len > rcv_buf->len)
2001
+		goto unwrap_failed;
2002
+	mic.len = len;
2003
+	mic.data = kmalloc(len, GFP_NOFS);
2004
+	if (!mic.data)
2005
+		goto unwrap_failed;
2006
+	if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len))
2007
+		goto unwrap_failed;
2008
+
2009
+	maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &gss_data, &mic);
1918
2010
 	if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1919
2011
 		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1920
2012
 	if (maj_stat != GSS_S_COMPLETE)
1921
-		return status;
1922
-	return 0;
2013
+		goto bad_mic;
2014
+
2015
+	gss_update_rslack(task, cred, 2, 2 + 1 + XDR_QUADLEN(mic.len));
2016
+	ret = 0;
2017
+
2018
+out:
2019
+	kfree(mic.data);
2020
+	return ret;
2021
+
2022
+unwrap_failed:
2023
+	trace_rpcgss_unwrap_failed(task);
2024
+	goto out;
2025
+bad_seqno:
2026
+	trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, seqno);
2027
+	goto out;
2028
+bad_mic:
2029
+	trace_rpcgss_verify_mic(task, maj_stat);
2030
+	goto out;
1923
2031
 }
1924
2032
 
1925
-static inline int
1926
-gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1927
-		struct rpc_rqst *rqstp, __be32 **p)
2033
+static noinline_for_stack int
2034
+gss_unwrap_resp_priv(struct rpc_task *task, struct rpc_cred *cred,
2035
+		     struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
2036
+		     struct xdr_stream *xdr)
1928
2037
 {
1929
-	struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1930
-	u32 offset;
1931
-	u32 opaque_len;
1932
-	u32 maj_stat;
1933
-	int status = -EIO;
2038
+	struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
2039
+	struct kvec *head = rqstp->rq_rcv_buf.head;
2040
+	u32 offset, opaque_len, maj_stat;
2041
+	__be32 *p;
1934
2042
 
1935
-	opaque_len = ntohl(*(*p)++);
1936
-	offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
2043
+	p = xdr_inline_decode(xdr, 2 * sizeof(*p));
2044
+	if (unlikely(!p))
2045
+		goto unwrap_failed;
2046
+	opaque_len = be32_to_cpup(p++);
2047
+	offset = (u8 *)(p) - (u8 *)head->iov_base;
1937
2048
 	if (offset + opaque_len > rcv_buf->len)
1938
-		return status;
1939
-	/* remove padding: */
1940
-	rcv_buf->len = offset + opaque_len;
2049
+		goto unwrap_failed;
1941
2050
 
1942
-	maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
2051
+	maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset,
2052
+			      offset + opaque_len, rcv_buf);
1943
2053
 	if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1944
2054
 		clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1945
2055
 	if (maj_stat != GSS_S_COMPLETE)
1946
-		return status;
1947
-	if (ntohl(*(*p)++) != rqstp->rq_seqno)
1948
-		return status;
2056
+		goto bad_unwrap;
2057
+	/* gss_unwrap decrypted the sequence number */
2058
+	if (be32_to_cpup(p++) != rqstp->rq_seqno)
2059
+		goto bad_seqno;
2060
+
2061
+	/* gss_unwrap redacts the opaque blob from the head iovec.
2062
+	 * rcv_buf has changed, thus the stream needs to be reset.
2063
+	 */
2064
+	xdr_init_decode(xdr, rcv_buf, p, rqstp);
2065
+
2066
+	gss_update_rslack(task, cred, 2 + ctx->gc_gss_ctx->align,
2067
+			  2 + ctx->gc_gss_ctx->slack);
1949
2068
 
1950
2069
 	return 0;
2070
+unwrap_failed:
2071
+	trace_rpcgss_unwrap_failed(task);
2072
+	return -EIO;
2073
+bad_seqno:
2074
+	trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, be32_to_cpup(--p));
2075
+	return -EIO;
2076
+bad_unwrap:
2077
+	trace_rpcgss_unwrap(task, maj_stat);
2078
+	return -EIO;
2079
+}
2080
+
2081
+static bool
2082
+gss_seq_is_newer(u32 new, u32 old)
2083
+{
2084
+	return (s32)(new - old) > 0;
2085
+}
2086
+
2087
+static bool
2088
+gss_xmit_need_reencode(struct rpc_task *task)
2089
+{
2090
+	struct rpc_rqst *req = task->tk_rqstp;
2091
+	struct rpc_cred *cred = req->rq_cred;
2092
+	struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
2093
+	u32 win, seq_xmit = 0;
2094
+	bool ret = true;
2095
+
2096
+	if (!ctx)
2097
+		goto out;
2098
+
2099
+	if (gss_seq_is_newer(req->rq_seqno, READ_ONCE(ctx->gc_seq)))
2100
+		goto out_ctx;
2101
+
2102
+	seq_xmit = READ_ONCE(ctx->gc_seq_xmit);
2103
+	while (gss_seq_is_newer(req->rq_seqno, seq_xmit)) {
2104
+		u32 tmp = seq_xmit;
2105
+
2106
+		seq_xmit = cmpxchg(&ctx->gc_seq_xmit, tmp, req->rq_seqno);
2107
+		if (seq_xmit == tmp) {
2108
+			ret = false;
2109
+			goto out_ctx;
2110
+		}
2111
+	}
2112
+
2113
+	win = ctx->gc_win;
2114
+	if (win > 0)
2115
+		ret = !gss_seq_is_newer(req->rq_seqno, seq_xmit - win);
2116
+
2117
+out_ctx:
2118
+	gss_put_ctx(ctx);
2119
+out:
2120
+	trace_rpcgss_need_reencode(task, seq_xmit, ret);
2121
+	return ret;
1951
2122
 }
1952
2123
 
1953
2124
 static int
1954
-gss_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp,
1955
-		      __be32 *p, void *obj)
2125
+gss_unwrap_resp(struct rpc_task *task, struct xdr_stream *xdr)
1956
2126
 {
1957
-	struct xdr_stream xdr;
1958
-
1959
-	xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, p);
1960
-	return decode(rqstp, &xdr, obj);
1961
-}
1962
-
1963
-static int
1964
-gss_unwrap_resp(struct rpc_task *task,
1965
-		kxdrdproc_t decode, void *rqstp, __be32 *p, void *obj)
1966
-{
1967
-	struct rpc_cred *cred = task->tk_rqstp->rq_cred;
2127
+	struct rpc_rqst *rqstp = task->tk_rqstp;
2128
+	struct rpc_cred *cred = rqstp->rq_cred;
1968
2129
 	struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1969
2130
 			gc_base);
1970
2131
 	struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1971
-	__be32		*savedp = p;
1972
-	struct kvec	*head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1973
-	int		savedlen = head->iov_len;
1974
-	int             status = -EIO;
2132
+	int status = -EIO;
1975
2133
 
1976
2134
 	if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1977
2135
 		goto out_decode;
1978
2136
 	switch (gss_cred->gc_service) {
1979
2137
 	case RPC_GSS_SVC_NONE:
2138
+		status = gss_unwrap_resp_auth(task, cred);
1980
2139
 		break;
1981
2140
 	case RPC_GSS_SVC_INTEGRITY:
1982
-		status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1983
-		if (status)
1984
-			goto out;
2141
+		status = gss_unwrap_resp_integ(task, cred, ctx, rqstp, xdr);
1985
2142
 		break;
1986
2143
 	case RPC_GSS_SVC_PRIVACY:
1987
-		status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1988
-		if (status)
1989
-			goto out;
2144
+		status = gss_unwrap_resp_priv(task, cred, ctx, rqstp, xdr);
1990
2145
 		break;
1991
2146
 	}
1992
-	/* take into account extra slack for integrity and privacy cases: */
1993
-	cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1994
-						+ (savedlen - head->iov_len);
2147
+	if (status)
2148
+		goto out;
2149
+
1995
2150
 out_decode:
1996
-	status = gss_unwrap_req_decode(decode, rqstp, p, obj);
2151
+	status = rpcauth_unwrap_resp_decode(task, xdr);
1997
2152
 out:
1998
2153
 	gss_put_ctx(ctx);
1999
-	dprintk("RPC: %5u %s returning %d\n",
2000
-		task->tk_pid, __func__, status);
2001
2154
 	return status;
2002
2155
 }
2003
2156
 
..
..
@@ -2010,7 +2163,6 @@
2010
2163
 	.hash_cred	= gss_hash_cred,
2011
2164
 	.lookup_cred	= gss_lookup_cred,
2012
2165
 	.crcreate	= gss_create_cred,
2013
-	.list_pseudoflavors = gss_mech_list_pseudoflavors,
2014
2166
 	.info2flavor	= gss_mech_info2flavor,
2015
2167
 	.flavor2info	= gss_mech_flavor2info,
2016
2168
 };
..
..
@@ -2019,7 +2171,6 @@
2019
2171
 	.cr_name		= "AUTH_GSS",
2020
2172
 	.crdestroy		= gss_destroy_cred,
2021
2173
 	.cr_init		= gss_cred_init,
2022
-	.crbind			= rpcauth_generic_bind_cred,
2023
2174
 	.crmatch		= gss_match,
2024
2175
 	.crmarshal		= gss_marshal,
2025
2176
 	.crrefresh		= gss_refresh,
..
..
@@ -2028,12 +2179,12 @@
2028
2179
 	.crunwrap_resp		= gss_unwrap_resp,
2029
2180
 	.crkey_timeout		= gss_key_timeout,
2030
2181
 	.crstringify_acceptor	= gss_stringify_acceptor,
2182
+	.crneed_reencode	= gss_xmit_need_reencode,
2031
2183
 };
2032
2184
 
2033
2185
 static const struct rpc_credops gss_nullops = {
2034
2186
 	.cr_name		= "AUTH_GSS",
2035
2187
 	.crdestroy		= gss_destroy_nullcred,
2036
-	.crbind			= rpcauth_generic_bind_cred,
2037
2188
 	.crmatch		= gss_match,
2038
2189
 	.crmarshal		= gss_marshal,
2039
2190
 	.crrefresh		= gss_refresh_null,
..
..
@@ -2044,7 +2195,7 @@
2044
2195
 };
2045
2196
 
2046
2197
 static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
2047
-	.upcall		= rpc_pipe_generic_upcall,
2198
+	.upcall		= gss_v0_upcall,
2048
2199
 	.downcall	= gss_pipe_downcall,
2049
2200
 	.destroy_msg	= gss_pipe_destroy_msg,
2050
2201
 	.open_pipe	= gss_pipe_open_v0,
..
..
@@ -2052,7 +2203,7 @@
2052
2203
 };
2053
2204
 
2054
2205
 static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
2055
-	.upcall		= rpc_pipe_generic_upcall,
2206
+	.upcall		= gss_v1_upcall,
2056
2207
 	.downcall	= gss_pipe_downcall,
2057
2208
 	.destroy_msg	= gss_pipe_destroy_msg,
2058
2209
 	.open_pipe	= gss_pipe_open_v1,