| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241009-nfsd-next-v1-1-058496d8960f@kernel.org>
Date: Wed, 09 Oct 2024 16:02:21 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Trond Myklebust <trondmy@...nel.org>, Anna Schumaker <anna@...nel.org>,
Chuck Lever <chuck.lever@...cle.com>, Neil Brown <neilb@...e.de>,
Olga Kornievskaia <okorniev@...hat.com>, Dai Ngo <Dai.Ngo@...cle.com>,
Tom Talpey <tom@...pey.com>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
Cc: linux-nfs@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
syzbot+e7baeb70aa00c22ed45e@...kaller.appspotmail.com,
Jeff Layton <jlayton@...nel.org>
Subject: [PATCH RFC] sunrpc: always set RPC_TASK_SOFTCONN in
rpcb_register_call()
We've had a few hung task reports from syzbot fuzzing the nfsd netlink
control interfaces. We don't have hard evidence of this, but one way
this could happen is for userland to send down a large number of
listening sockets and for them all to get stuck dealing with the
portmapper.
Set RPC_TASK_SOFTCONN unconditionally in rpcb_register_call, instead of
only doing that on set requests or when rpcbind isn't using an AF_LOCAL
socket.
Reported-by: syzbot+e7baeb70aa00c22ed45e@...kaller.appspotmail.com
Signed-off-by: Jeff Layton <jlayton@...nel.org>
---
This is a bit of a Hail Mary play, as we don't have any firm evidence
that this is the problem. Still, the scenario seems plausible, and it
doesn't seem to make much sense using different RPC_TASK flags on
rpcbind set and unset operations.
---
net/sunrpc/rpcb_clnt.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index 102c3818bc54d4f9a1fc5f854c3a841289974869..f0cad9bb0752d51f82733b2f7533f2269b4c69c4 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -402,14 +402,10 @@ static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename,
static int rpcb_register_call(struct sunrpc_net *sn, struct rpc_clnt *clnt, struct rpc_message *msg, bool is_set)
{
- int flags = RPC_TASK_NOCONNECT;
int error, result = 0;
- if (is_set || !sn->rpcb_is_af_local)
- flags = RPC_TASK_SOFTCONN;
msg->rpc_resp = &result;
-
- error = rpc_call_sync(clnt, msg, flags);
+ error = rpc_call_sync(clnt, msg, RPC_TASK_SOFTCONN);
if (error < 0)
return error;
---
base-commit: 144cb1225cd863e1bd3ae3d577d86e1531afd932
change-id: 20241009-nfsd-next-61aab1221d59
Best regards,
--
Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists