lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20241009-nfsd-next-v1-1-058496d8960f@kernel.org>
Date: Wed, 09 Oct 2024 16:02:21 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Trond Myklebust <trondmy@...nel.org>, Anna Schumaker <anna@...nel.org>, 
 Chuck Lever <chuck.lever@...cle.com>, Neil Brown <neilb@...e.de>, 
 Olga Kornievskaia <okorniev@...hat.com>, Dai Ngo <Dai.Ngo@...cle.com>, 
 Tom Talpey <tom@...pey.com>, "David S. Miller" <davem@...emloft.net>, 
 Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, 
 Paolo Abeni <pabeni@...hat.com>
Cc: linux-nfs@...r.kernel.org, netdev@...r.kernel.org, 
 linux-kernel@...r.kernel.org, 
 syzbot+e7baeb70aa00c22ed45e@...kaller.appspotmail.com, 
 Jeff Layton <jlayton@...nel.org>
Subject: [PATCH RFC] sunrpc: always set RPC_TASK_SOFTCONN in
 rpcb_register_call()

We've had a few hung task reports from syzbot fuzzing the nfsd netlink
control interfaces. We don't have hard evidence of this, but one way
this could happen is for userland to send down a large number of
listening sockets and for them all to get stuck dealing with the
portmapper.

Set RPC_TASK_SOFTCONN unconditionally in rpcb_register_call, instead of
only doing that on set requests or when rpcbind isn't using an AF_LOCAL
socket.

Reported-by: syzbot+e7baeb70aa00c22ed45e@...kaller.appspotmail.com
Signed-off-by: Jeff Layton <jlayton@...nel.org>
---
This is a bit of a Hail Mary play, as we don't have any firm evidence
that this is the problem. Still, the scenario seems plausible, and it
doesn't seem to make much sense using different RPC_TASK flags on
rpcbind set and unset operations.
---
 net/sunrpc/rpcb_clnt.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index 102c3818bc54d4f9a1fc5f854c3a841289974869..f0cad9bb0752d51f82733b2f7533f2269b4c69c4 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -402,14 +402,10 @@ static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename,
 
 static int rpcb_register_call(struct sunrpc_net *sn, struct rpc_clnt *clnt, struct rpc_message *msg, bool is_set)
 {
-	int flags = RPC_TASK_NOCONNECT;
 	int error, result = 0;
 
-	if (is_set || !sn->rpcb_is_af_local)
-		flags = RPC_TASK_SOFTCONN;
 	msg->rpc_resp = &result;
-
-	error = rpc_call_sync(clnt, msg, flags);
+	error = rpc_call_sync(clnt, msg, RPC_TASK_SOFTCONN);
 	if (error < 0)
 		return error;
 

---
base-commit: 144cb1225cd863e1bd3ae3d577d86e1531afd932
change-id: 20241009-nfsd-next-61aab1221d59

Best regards,
-- 
Jeff Layton <jlayton@...nel.org>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ