lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 12 Sep 2019 12:53:16 +0000
From:   Trond Myklebust <trondmy@...merspace.com>
To:     "bcodding@...hat.com" <bcodding@...hat.com>,
        "chuck.lever@...cle.com" <chuck.lever@...cle.com>
CC:     "tibbs@...h.uh.edu" <tibbs@...h.uh.edu>,
        "bfields@...ldses.org" <bfields@...ldses.org>,
        "linux@...m.de" <linux@...m.de>,
        "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "km@...all.com" <km@...all.com>
Subject: Re: Regression in 5.1.20: Reading long directory fails

On Thu, 2019-09-12 at 08:29 -0400, Benjamin Coddington wrote:
> On 11 Sep 2019, at 13:54, Chuck Lever wrote:
> 
> > > On Sep 11, 2019, at 1:50 PM, Benjamin Coddington 
> > > <bcodding@...hat.com> wrote:
> > > 
> > > On 11 Sep 2019, at 13:40, Benjamin Coddington wrote:
> > > 
> > > > On 11 Sep 2019, at 13:29, Chuck Lever wrote:
> > > > 
> > > > > > On Sep 11, 2019, at 1:26 PM, Benjamin Coddington 
> > > > > > <bcodding@...hat.com> wrote:
> > > > > > 
> > > > > > 
> > > > > > On 11 Sep 2019, at 12:39, Chuck Lever wrote:
> > > > > > 
> > > > > > > > On Sep 11, 2019, at 12:25 PM, Benjamin Coddington 
> > > > > > > > <bcodding@...hat.com> wrote:
> > > > > > > > 
> > > > > > > > Instead, I think we want to make sure the mic falls
> > > > > > > > squarely 
> > > > > > > > into the tail
> > > > > > > > every time.
> > > > > > > 
> > > > > > > I'm not clear how you could do that. The length of the
> > > > > > > page data 
> > > > > > > is not
> > > > > > > known to the client before it parses the reply. Are you 
> > > > > > > suggesting that
> > > > > > > gss_unwrap should do it somehow?
> > > > > > 
> > > > > > Is it too niave to always put the mic at the end of the
> > > > > > tail?
> > > > > 
> > > > > The size of the page content is variable.
> > > > > 
> > > > > The only way the MIC will fall into the tail is if the page
> > > > > content 
> > > > > is
> > > > > exactly the largest expected size. When the page content is
> > > > > smaller 
> > > > > than
> > > > > that, the receive logic will place part or all of the MIC in 
> > > > > ->pages.
> > > > 
> > > > Ok, right.  But what I meant is that xdr_buf_read_netobj()
> > > > should be 
> > > > renamed
> > > > and repurposed to be "move the mic from wherever it is to the
> > > > end of
> > > > xdr_buf's tail".
> > > > 
> > > > But now I see what you mean, and I also see that it is already 
> > > > trying to do
> > > > that.. and we don't want to overlap the copy..
> > > > 
> > > > So, really, we need the tail to be larger than twice the mic..
> > > > less 
> > > > 1.  That
> > > > means the fix is probably just increasing rslack for krb5i.
> > > 
> > > .. or we can keep the tighter tail space, and if we detect the
> > > mic 
> > > straddles
> > > the page and tail, we can move the mic into the tail with 2
> > > copies, 
> > > first
> > > move the bit in the tail back, then move the bit in the pages.
> > > 
> > > Which is preferred, less allocation, or in the rare case this
> > > occurs, 
> > > doing
> > > copy twice?
> > 
> > It sounds like the bug is that the current code does not deal 
> > correctly
> > when the MIC crosses the boundary between ->pages and ->tail? I'd
> > like
> > to see that addressed rather than changing rslack.
> 
> Here's what I'm about to run through my testing:
> 
> diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
> index 48c93b9e525e..d6ffc9011269 100644
> --- a/net/sunrpc/xdr.c
> +++ b/net/sunrpc/xdr.c
> @@ -1238,14 +1238,21 @@ EXPORT_SYMBOL_GPL(xdr_encode_word);
> 
>   /* If the netobj starting offset bytes from the start of xdr_buf
> is 
> contained
>    * entirely in the head or the tail, set object to point to it; 
> otherwise
> - * try to find space for it at the end of the tail, copy it there,
> and
> - * set obj to point to it. */
> + * try to find space for it at the end of the tail, and copy it
> there.  
> If
> + * the netobj is partly within the page data and tail, shrink the
> pages 
> to
> + * move the object into the tail */
>   int xdr_buf_read_netobj(struct xdr_buf *buf, struct xdr_netobj
> *obj, 
> unsigned int offset)
>   {
>          struct xdr_buf subbuf;
> +       unsigned int page_range;
> 
>          if (xdr_decode_word(buf, offset, &obj->len))
>                  return -EFAULT;
> +
> +       page_range = buf->head->iov_len + buf->page_len - offset + 4;
> +       if (page_range > 0 && page_range < obj->len)
> +               xdr_shrink_pagelen(buf, page_range);
> +
>          if (xdr_buf_subsegment(buf, &subbuf, offset + 4, obj->len))
>                  return -EFAULT;
> 
> 

Let's please just scrap this function and rewrite it as a generic
function for reading the MIC. It clearly is not a generic function for
reading arbitrary netobjs, and modifications like the above just make
the misnomer painfully obvious.

Let's rewrite it as xdr_buf_read_mic() so that we can simplify it where
possible.


Thanks
  Trond

-- 
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@...merspace.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ