diff options
author | Bryan Schumaker <bjschuma@netapp.com> | 2011-04-13 14:31:28 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2011-04-13 15:12:22 -0400 |
commit | d1a8016a2d1e75021ecc8715e3c81442d7218eb6 (patch) | |
tree | b2aaef4f3aa4566765c6e3c743c74929a7790af2 | |
parent | 79a48a1f5d99ab66cf83d2d5d805e7a0e08452ed (diff) |
NFS: Fix infinite loop in gss_create_upcall()
There can be an infinite loop if gss_create_upcall() is called without
the userspace program running. To prevent this, we return -EACCES if
we notice that pipe_version hasn't changed (indicating that the pipe
has not been opened).
Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r-- | fs/nfs/nfs4proc.c | 5 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 8 |
2 files changed, 8 insertions, 5 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 9bf41eab3e46..8a03ee0689f3 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c | |||
@@ -2224,8 +2224,9 @@ static int nfs4_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle, | |||
2224 | 2224 | ||
2225 | for (i = 0; i < len; i++) { | 2225 | for (i = 0; i < len; i++) { |
2226 | status = nfs4_lookup_root_sec(server, fhandle, info, flav_array[i]); | 2226 | status = nfs4_lookup_root_sec(server, fhandle, info, flav_array[i]); |
2227 | if (status != -EPERM) | 2227 | if (status == -EPERM || status == -EACCES) |
2228 | break; | 2228 | continue; |
2229 | break; | ||
2229 | } | 2230 | } |
2230 | if (status == 0) | 2231 | if (status == 0) |
2231 | status = nfs4_server_capabilities(server, fhandle); | 2232 | status = nfs4_server_capabilities(server, fhandle); |
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index f3914d0c5079..339ba64cce1e 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
@@ -520,7 +520,7 @@ gss_refresh_upcall(struct rpc_task *task) | |||
520 | warn_gssd(); | 520 | warn_gssd(); |
521 | task->tk_timeout = 15*HZ; | 521 | task->tk_timeout = 15*HZ; |
522 | rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL); | 522 | rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL); |
523 | return 0; | 523 | return -EAGAIN; |
524 | } | 524 | } |
525 | if (IS_ERR(gss_msg)) { | 525 | if (IS_ERR(gss_msg)) { |
526 | err = PTR_ERR(gss_msg); | 526 | err = PTR_ERR(gss_msg); |
@@ -563,10 +563,12 @@ retry: | |||
563 | if (PTR_ERR(gss_msg) == -EAGAIN) { | 563 | if (PTR_ERR(gss_msg) == -EAGAIN) { |
564 | err = wait_event_interruptible_timeout(pipe_version_waitqueue, | 564 | err = wait_event_interruptible_timeout(pipe_version_waitqueue, |
565 | pipe_version >= 0, 15*HZ); | 565 | pipe_version >= 0, 15*HZ); |
566 | if (pipe_version < 0) { | ||
567 | warn_gssd(); | ||
568 | err = -EACCES; | ||
569 | } | ||
566 | if (err) | 570 | if (err) |
567 | goto out; | 571 | goto out; |
568 | if (pipe_version < 0) | ||
569 | warn_gssd(); | ||
570 | goto retry; | 572 | goto retry; |
571 | } | 573 | } |
572 | if (IS_ERR(gss_msg)) { | 574 | if (IS_ERR(gss_msg)) { |