From patchwork Tue Oct 22 14:21:14 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Adamson X-Patchwork-Id: 3083011 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id E2BCDBF924 for ; Tue, 22 Oct 2013 14:21:29 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id AEABF2030E for ; Tue, 22 Oct 2013 14:21:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7A05220304 for ; Tue, 22 Oct 2013 14:21:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753387Ab3JVOVZ (ORCPT ); Tue, 22 Oct 2013 10:21:25 -0400 Received: from mx11.netapp.com ([216.240.18.76]:26873 "EHLO mx11.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752787Ab3JVOVY (ORCPT ); Tue, 22 Oct 2013 10:21:24 -0400 X-IronPort-AV: E=Sophos;i="4.93,548,1378882800"; d="scan'208";a="63600445" Received: from vmwexceht04-prd.hq.netapp.com ([10.106.77.34]) by mx11-out.netapp.com with ESMTP; 22 Oct 2013 07:21:24 -0700 Received: from smtp2.corp.netapp.com (10.57.159.114) by VMWEXCEHT04-PRD.hq.netapp.com (10.106.77.34) with Microsoft SMTP Server id 14.3.123.3; Tue, 22 Oct 2013 07:21:23 -0700 Received: from fc19-2.androsad.fake (vpn2ntap-399080.vpn.netapp.com [10.55.72.146]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id r9MELKV3023414; Tue, 22 Oct 2013 07:21:23 -0700 (PDT) From: To: CC: , Andy Adamson Subject: [PATCH Version 2 3/5] SUNRPC: invalidate gss_context upon gss-ctx keyring key destruction Date: Tue, 22 Oct 2013 10:21:14 -0400 Message-ID: <1382451676-2963-4-git-send-email-andros@netapp.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1382451676-2963-1-git-send-email-andros@netapp.com> References: <1382451676-2963-1-git-send-email-andros@netapp.com> MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-7.3 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Andy Adamson Lookup all gss_contexts matching the key-serial and set the gss_cred->base (rpc_cred) cr_flags RPCAUTH_CRED_KEY_DESTROYED bit. In gss_match, which is called prior to any use of the gss_cred, if the RPCAUTH_CRED_KEY_DESTROYED rpc_cred bit is set, return no match. A future patch will make an exception, returning a match for any buffered writes setup before the RPCAUTH_CRED_KEY_DESTROYED flag was set. When crmatch fails, the rpc code will then try to create a new gss_cred + context, which will fail due to destroyed kerberos credentials. Note: Currently we leave the RPCAUTH_CRED_KEY_DESTROYED cred in the unused lru list to be garbage collected. Signed-off-by: Andy Adamson --- include/linux/sunrpc/auth.h | 1 + net/sunrpc/auth_gss/auth_gss.c | 45 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h index 790be14..f1151e3 100644 --- a/include/linux/sunrpc/auth.h +++ b/include/linux/sunrpc/auth.h @@ -68,6 +68,7 @@ struct rpc_cred { #define RPCAUTH_CRED_UPTODATE 1 #define RPCAUTH_CRED_HASHED 2 #define RPCAUTH_CRED_NEGATIVE 3 +#define RPCAUTH_CRED_KEY_DESTROYED 4 #define RPCAUTH_CRED_MAGIC 0x0f4aa4f0 diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 10d6e53..b7365b9 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -115,12 +115,52 @@ static void gss_free_ctx(struct gss_cl_ctx *); static const struct rpc_pipe_ops gss_upcall_ops_v0; static const struct rpc_pipe_ops gss_upcall_ops_v1; +/** + * The UID Kerberos credential has been destroyed. Search all gss_auth + * credential caches and mark all UID gss_creds RPCAUTH_CRED_KEY_DESTROYED. + */ +static void +gss_mark_cred_destroy(uid_t uid, key_serial_t serial) +{ + struct gss_auth *ga; + struct rpc_cred *cr; + struct gss_cred *gc; + struct auth_cred ac = { + .uid = uid, + }; + int i; + + spin_lock(&gss_auth_hash_lock); + hash_for_each(gss_auth_hash_table, i, ga, hash) { + /* check all supported pseudoflavors */ + if (ga->rpc_auth.au_flavor > RPC_AUTH_MAXFLAVOR) { + cr = rpcauth_lookup_credcache(&ga->rpc_auth, &ac, 0); + if (IS_ERR(cr) || cr == NULL) + continue; + gc = container_of(cr, struct gss_cred, gc_base); + if (gc->gc_serial == serial) { + set_bit(RPCAUTH_CRED_KEY_DESTROYED, + &cr->cr_flags); + } + put_rpccred(cr); /* balance get in lookup credcache */ + } + } + spin_unlock(&gss_auth_hash_lock); +} + +static void +gss_user_destroy(struct key *key) +{ + gss_mark_cred_destroy(key->uid, key->serial); + return user_destroy(key); +} + static struct key_type key_type_gss_ctx = { .name = "gss-ctx", .instantiate = user_instantiate, .match = user_match, .revoke = user_revoke, - .destroy = user_destroy, + .destroy = gss_user_destroy, .describe = user_describe, .read = user_read, }; @@ -1471,6 +1511,9 @@ check_expire: if (ret == 0) return ret; + if (test_bit(RPCAUTH_CRED_KEY_DESTROYED, &rc->cr_flags)) + return 0; + /* Notify acred users of GSS context expiration timeout */ if (test_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags) && (gss_key_timeout(rc) != 0)) {