diff options
author | Jim Schutt <jaschut@sandia.gov> | 2012-08-10 13:37:38 -0400 |
---|---|---|
committer | Sage Weil <sage@inktank.com> | 2012-08-21 18:55:27 -0400 |
commit | 6d4221b53707486dfad3f5bfe568d2ce7f4c9863 (patch) | |
tree | 9c7bf7471219c98fb47faa3dbb68b8f31fedf3c3 /net | |
parent | 6c5e50fa614fea5325a2973be06f7ec6f1055316 (diff) |
libceph: avoid truncation due to racing banners
Because the Ceph client messenger uses a non-blocking connect, it is
possible for the sending of the client banner to race with the
arrival of the banner sent by the peer.
When ceph_sock_state_change() notices the connect has completed, it
schedules work to process the socket via con_work(). During this
time the peer is writing its banner, and arrival of the peer banner
races with con_work().
If con_work() calls try_read() before the peer banner arrives, there
is nothing for it to do, after which con_work() calls try_write() to
send the client's banner. In this case Ceph's protocol negotiation
can complete succesfully.
The server-side messenger immediately sends its banner and addresses
after accepting a connect request, *before* actually attempting to
read or verify the banner from the client. As a result, it is
possible for the banner from the server to arrive before con_work()
calls try_read(). If that happens, try_read() will read the banner
and prepare protocol negotiation info via prepare_write_connect().
prepare_write_connect() calls con_out_kvec_reset(), which discards
the as-yet-unsent client banner. Next, con_work() calls
try_write(), which sends the protocol negotiation info rather than
the banner that the peer is expecting.
The result is that the peer sees an invalid banner, and the client
reports "negotiation failed".
Fix this by moving con_out_kvec_reset() out of
prepare_write_connect() to its callers at all locations except the
one where the banner might still need to be sent.
[elder@inktak.com: added note about server-side behavior]
Signed-off-by: Jim Schutt <jaschut@sandia.gov>
Reviewed-by: Alex Elder <elder@inktank.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/ceph/messenger.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index b9796750034a..24c5eea8c45b 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c | |||
@@ -915,7 +915,6 @@ static int prepare_write_connect(struct ceph_connection *con) | |||
915 | con->out_connect.authorizer_len = auth ? | 915 | con->out_connect.authorizer_len = auth ? |
916 | cpu_to_le32(auth->authorizer_buf_len) : 0; | 916 | cpu_to_le32(auth->authorizer_buf_len) : 0; |
917 | 917 | ||
918 | con_out_kvec_reset(con); | ||
919 | con_out_kvec_add(con, sizeof (con->out_connect), | 918 | con_out_kvec_add(con, sizeof (con->out_connect), |
920 | &con->out_connect); | 919 | &con->out_connect); |
921 | if (auth && auth->authorizer_buf_len) | 920 | if (auth && auth->authorizer_buf_len) |
@@ -1557,6 +1556,7 @@ static int process_connect(struct ceph_connection *con) | |||
1557 | return -1; | 1556 | return -1; |
1558 | } | 1557 | } |
1559 | con->auth_retry = 1; | 1558 | con->auth_retry = 1; |
1559 | con_out_kvec_reset(con); | ||
1560 | ret = prepare_write_connect(con); | 1560 | ret = prepare_write_connect(con); |
1561 | if (ret < 0) | 1561 | if (ret < 0) |
1562 | return ret; | 1562 | return ret; |
@@ -1577,6 +1577,7 @@ static int process_connect(struct ceph_connection *con) | |||
1577 | ENTITY_NAME(con->peer_name), | 1577 | ENTITY_NAME(con->peer_name), |
1578 | ceph_pr_addr(&con->peer_addr.in_addr)); | 1578 | ceph_pr_addr(&con->peer_addr.in_addr)); |
1579 | reset_connection(con); | 1579 | reset_connection(con); |
1580 | con_out_kvec_reset(con); | ||
1580 | ret = prepare_write_connect(con); | 1581 | ret = prepare_write_connect(con); |
1581 | if (ret < 0) | 1582 | if (ret < 0) |
1582 | return ret; | 1583 | return ret; |
@@ -1601,6 +1602,7 @@ static int process_connect(struct ceph_connection *con) | |||
1601 | le32_to_cpu(con->out_connect.connect_seq), | 1602 | le32_to_cpu(con->out_connect.connect_seq), |
1602 | le32_to_cpu(con->in_reply.connect_seq)); | 1603 | le32_to_cpu(con->in_reply.connect_seq)); |
1603 | con->connect_seq = le32_to_cpu(con->in_reply.connect_seq); | 1604 | con->connect_seq = le32_to_cpu(con->in_reply.connect_seq); |
1605 | con_out_kvec_reset(con); | ||
1604 | ret = prepare_write_connect(con); | 1606 | ret = prepare_write_connect(con); |
1605 | if (ret < 0) | 1607 | if (ret < 0) |
1606 | return ret; | 1608 | return ret; |
@@ -1617,6 +1619,7 @@ static int process_connect(struct ceph_connection *con) | |||
1617 | le32_to_cpu(con->in_reply.global_seq)); | 1619 | le32_to_cpu(con->in_reply.global_seq)); |
1618 | get_global_seq(con->msgr, | 1620 | get_global_seq(con->msgr, |
1619 | le32_to_cpu(con->in_reply.global_seq)); | 1621 | le32_to_cpu(con->in_reply.global_seq)); |
1622 | con_out_kvec_reset(con); | ||
1620 | ret = prepare_write_connect(con); | 1623 | ret = prepare_write_connect(con); |
1621 | if (ret < 0) | 1624 | if (ret < 0) |
1622 | return ret; | 1625 | return ret; |
@@ -2135,7 +2138,11 @@ more: | |||
2135 | BUG_ON(con->state != CON_STATE_CONNECTING); | 2138 | BUG_ON(con->state != CON_STATE_CONNECTING); |
2136 | con->state = CON_STATE_NEGOTIATING; | 2139 | con->state = CON_STATE_NEGOTIATING; |
2137 | 2140 | ||
2138 | /* Banner is good, exchange connection info */ | 2141 | /* |
2142 | * Received banner is good, exchange connection info. | ||
2143 | * Do not reset out_kvec, as sending our banner raced | ||
2144 | * with receiving peer banner after connect completed. | ||
2145 | */ | ||
2139 | ret = prepare_write_connect(con); | 2146 | ret = prepare_write_connect(con); |
2140 | if (ret < 0) | 2147 | if (ret < 0) |
2141 | goto out; | 2148 | goto out; |