From patchwork Mon Nov 27 19:25:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thiago Becker X-Patchwork-Id: 10077965 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E499D602BD for ; Mon, 27 Nov 2017 19:25:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D394B28C8B for ; Mon, 27 Nov 2017 19:25:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C86B028E7A; Mon, 27 Nov 2017 19:25:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4CF5628C8B for ; Mon, 27 Nov 2017 19:25:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752734AbdK0TZV (ORCPT ); Mon, 27 Nov 2017 14:25:21 -0500 Received: from mail-qt0-f195.google.com ([209.85.216.195]:41718 "EHLO mail-qt0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751475AbdK0TZU (ORCPT ); Mon, 27 Nov 2017 14:25:20 -0500 Received: by mail-qt0-f195.google.com with SMTP id i40so29355368qti.8; Mon, 27 Nov 2017 11:25:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=KpgsjP8aB+VrqX3ksI0puVE9SDJzjIBQmk1xAj7GxU8=; b=lPmP+PqbLYKDvgxRkiSesC72POhFLXGv7as2Z+uauHtaEudofHghtCJuLzIXUeRHtt P7BxMNIr3Zhty0bpvMUoDdGqaalYyQQy6oIHaUmjhuth7gDS6Uqjcv/rhGI/4CxMlFMx HXIXxtSgYG+492a2ptI3YFaAdKQBbatS4BchggVQUmFn/q5JmA/YIM/cNos5kAxAPipG figMQvZh9V57JxKswfeP0hRJ+Brk24/EAKRvv81XWvOuwco/No6b8UCbf9q/XOLF46xp +VjvxwUwmwe7NOaHPR9dSajccCoalivMZF3wVvqUSlE5r27/74634BIHk0WPubHJRcgM 7bpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=KpgsjP8aB+VrqX3ksI0puVE9SDJzjIBQmk1xAj7GxU8=; b=Z/ob+m9eMVQ/DsmiL+pVK9C30Ock92t0AFn2GmIdUMK/tZU5yzB2SLilI9EYOoxzd7 /Wg3vO2Kif9c6emEMX739OPHpsHg/mDNKI4dFQKcsEMx6ihlkNev8t72+u0KGTmufrRI R8Gg6732DBJuMzvT9VcacLsCq3bjj38PXK+a8u/VNIhrlO3Zk/OvGnqE/qTJ9RbH0rUI lGrYfMk/WmzlZPX88Zp82wInTB3gF7Q5TJqF7MCq9lgU8ZXS6S0C6FnpeaVGb8r5RhgA 6wnUyf426DlM9Id2b7gsWM+AsxlpLWe2I+NcpQu1w69mssZB/a9cidwFEZxPtgaG5Ure TIWw== X-Gm-Message-State: AJaThX5tLWrt2X8DhrQZ3UlPteFLlYVZwh0ekrtY3Qkee2Trt6EiE5gm dBUCWM7J90HEFIOJM5mDTQ== X-Google-Smtp-Source: AGs4zMZmlGKxEhCmsMaxD1sw4rUe44EAEBMwqfaRkHnAsxK6ejixl+YEgoCjoHF5plps7Fu7oJJGHg== X-Received: by 10.200.42.118 with SMTP id l51mr63992292qtl.37.1511810719849; Mon, 27 Nov 2017 11:25:19 -0800 (PST) Received: from tbecker-rhat.redhat.com ([189.7.118.40]) by smtp.googlemail.com with ESMTPSA id 78sm21960747qkb.51.2017.11.27.11.25.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Nov 2017 11:25:19 -0800 (PST) From: Thiago Rafael Becker To: bfields@fieldses.org Cc: linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, Thiago Rafael Becker Subject: [PATCH] sunrpc: sort groups on unix_gid_parse Date: Mon, 27 Nov 2017 17:25:08 -0200 Message-Id: <20171127192508.12751-1-thiago.becker@gmail.com> X-Mailer: git-send-email 2.9.5 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In cases were mountd is managing the group membership for nfsd, if a user has several groups, multiple nfsd threads may call sort_groups for the same freshly created unix_gid_cache entry simultaneously, causing entries to be overwritten and the cache entry to get corrupted. This eventually leads to the server replying to the client with a bogus EPERM error if the group overwritten is the group that would allow access. This is a very hard bug to analyze, as a very slight change in timing leads to proper sorting behavior. It was first noticed and reproduced in kernel 3.10.0, which uses shell sort to sort groups. Nothing indicates that heapsort, which is used upstream, is thread safe. This patch solves this issue by sorting the cache entry before inserting it into the cache, and thus next entries will not have to sort it again, avoiding the issue altogether. Signed-off-by: Thiago Rafael Becker --- kernel/groups.c | 4 +++- net/sunrpc/svcauth_unix.c | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/kernel/groups.c b/kernel/groups.c index e357bc8..4c9c9ed 100644 --- a/kernel/groups.c +++ b/kernel/groups.c @@ -86,11 +86,13 @@ static int gid_cmp(const void *_a, const void *_b) return gid_gt(a, b) - gid_lt(a, b); } -static void groups_sort(struct group_info *group_info) +void groups_sort(struct group_info *group_info) { sort(group_info->gid, group_info->ngroups, sizeof(*group_info->gid), gid_cmp, NULL); } +EXPORT_SYMBOL(groups_sort); + /* a simple bsearch */ int groups_search(const struct group_info *group_info, kgid_t grp) diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index f81eaa8..91e3d34 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -20,6 +20,7 @@ #include "netns.h" +void groups_sort(struct group_info *group_info); /* * AUTHUNIX and AUTHNULL credentials are both handled here. @@ -520,6 +521,12 @@ static int unix_gid_parse(struct cache_detail *cd, ug.gi->gid[i] = kgid; } + /* Sort the groups before inserting this entry + * into the cache to avoid future corrutpions + * by multiple simultaneous attempts to sort this + * entry. + */ + groups_sort(ug.gi); ugp = unix_gid_lookup(cd, uid); if (ugp) { struct cache_head *ch;