aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJim Schutt <jaschut@sandia.gov>2012-08-10 13:37:38 -0400
committerSage Weil <sage@inktank.com>2012-08-21 18:55:27 -0400
commit6d4221b53707486dfad3f5bfe568d2ce7f4c9863 (patch)
tree9c7bf7471219c98fb47faa3dbb68b8f31fedf3c3 /net
parent6c5e50fa614fea5325a2973be06f7ec6f1055316 (diff)
libceph: avoid truncation due to racing banners
Because the Ceph client messenger uses a non-blocking connect, it is possible for the sending of the client banner to race with the arrival of the banner sent by the peer. When ceph_sock_state_change() notices the connect has completed, it schedules work to process the socket via con_work(). During this time the peer is writing its banner, and arrival of the peer banner races with con_work(). If con_work() calls try_read() before the peer banner arrives, there is nothing for it to do, after which con_work() calls try_write() to send the client's banner. In this case Ceph's protocol negotiation can complete succesfully. The server-side messenger immediately sends its banner and addresses after accepting a connect request, *before* actually attempting to read or verify the banner from the client. As a result, it is possible for the banner from the server to arrive before con_work() calls try_read(). If that happens, try_read() will read the banner and prepare protocol negotiation info via prepare_write_connect(). prepare_write_connect() calls con_out_kvec_reset(), which discards the as-yet-unsent client banner. Next, con_work() calls try_write(), which sends the protocol negotiation info rather than the banner that the peer is expecting. The result is that the peer sees an invalid banner, and the client reports "negotiation failed". Fix this by moving con_out_kvec_reset() out of prepare_write_connect() to its callers at all locations except the one where the banner might still need to be sent. [elder@inktak.com: added note about server-side behavior] Signed-off-by: Jim Schutt <jaschut@sandia.gov> Reviewed-by: Alex Elder <elder@inktank.com>
Diffstat (limited to 'net')
-rw-r--r--net/ceph/messenger.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index b9796750034a..24c5eea8c45b 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -915,7 +915,6 @@ static int prepare_write_connect(struct ceph_connection *con)
915 con->out_connect.authorizer_len = auth ? 915 con->out_connect.authorizer_len = auth ?
916 cpu_to_le32(auth->authorizer_buf_len) : 0; 916 cpu_to_le32(auth->authorizer_buf_len) : 0;
917 917
918 con_out_kvec_reset(con);
919 con_out_kvec_add(con, sizeof (con->out_connect), 918 con_out_kvec_add(con, sizeof (con->out_connect),
920 &con->out_connect); 919 &con->out_connect);
921 if (auth && auth->authorizer_buf_len) 920 if (auth && auth->authorizer_buf_len)
@@ -1557,6 +1556,7 @@ static int process_connect(struct ceph_connection *con)
1557 return -1; 1556 return -1;
1558 } 1557 }
1559 con->auth_retry = 1; 1558 con->auth_retry = 1;
1559 con_out_kvec_reset(con);
1560 ret = prepare_write_connect(con); 1560 ret = prepare_write_connect(con);
1561 if (ret < 0) 1561 if (ret < 0)
1562 return ret; 1562 return ret;
@@ -1577,6 +1577,7 @@ static int process_connect(struct ceph_connection *con)
1577 ENTITY_NAME(con->peer_name), 1577 ENTITY_NAME(con->peer_name),
1578 ceph_pr_addr(&con->peer_addr.in_addr)); 1578 ceph_pr_addr(&con->peer_addr.in_addr));
1579 reset_connection(con); 1579 reset_connection(con);
1580 con_out_kvec_reset(con);
1580 ret = prepare_write_connect(con); 1581 ret = prepare_write_connect(con);
1581 if (ret < 0) 1582 if (ret < 0)
1582 return ret; 1583 return ret;
@@ -1601,6 +1602,7 @@ static int process_connect(struct ceph_connection *con)
1601 le32_to_cpu(con->out_connect.connect_seq), 1602 le32_to_cpu(con->out_connect.connect_seq),
1602 le32_to_cpu(con->in_reply.connect_seq)); 1603 le32_to_cpu(con->in_reply.connect_seq));
1603 con->connect_seq = le32_to_cpu(con->in_reply.connect_seq); 1604 con->connect_seq = le32_to_cpu(con->in_reply.connect_seq);
1605 con_out_kvec_reset(con);
1604 ret = prepare_write_connect(con); 1606 ret = prepare_write_connect(con);
1605 if (ret < 0) 1607 if (ret < 0)
1606 return ret; 1608 return ret;
@@ -1617,6 +1619,7 @@ static int process_connect(struct ceph_connection *con)
1617 le32_to_cpu(con->in_reply.global_seq)); 1619 le32_to_cpu(con->in_reply.global_seq));
1618 get_global_seq(con->msgr, 1620 get_global_seq(con->msgr,
1619 le32_to_cpu(con->in_reply.global_seq)); 1621 le32_to_cpu(con->in_reply.global_seq));
1622 con_out_kvec_reset(con);
1620 ret = prepare_write_connect(con); 1623 ret = prepare_write_connect(con);
1621 if (ret < 0) 1624 if (ret < 0)
1622 return ret; 1625 return ret;
@@ -2135,7 +2138,11 @@ more:
2135 BUG_ON(con->state != CON_STATE_CONNECTING); 2138 BUG_ON(con->state != CON_STATE_CONNECTING);
2136 con->state = CON_STATE_NEGOTIATING; 2139 con->state = CON_STATE_NEGOTIATING;
2137 2140
2138 /* Banner is good, exchange connection info */ 2141 /*
2142 * Received banner is good, exchange connection info.
2143 * Do not reset out_kvec, as sending our banner raced
2144 * with receiving peer banner after connect completed.
2145 */
2139 ret = prepare_write_connect(con); 2146 ret = prepare_write_connect(con);
2140 if (ret < 0) 2147 if (ret < 0)
2141 goto out; 2148 goto out;