[prev in list] [next in list] [prev in thread] [next in thread]
List: ceph-devel
Subject: Re: [PATCH] libceph: don't set global_id until we get an auth ticket
From: Sage Weil <sweil () redhat ! com>
Date: 2021-04-27 16:07:58
Message-ID: CAOQ2QO-DHPDTsAwdFpcpj4O2c8YTW-rqcnG7HcZEZ18x0Tm6Pw () mail ! gmail ! com
[Download RAW message or body]
On Mon, Apr 26, 2021 at 3:27 PM Ilya Dryomov <idryomov@gmail.com> wrote:
>
> With the introduction of enforcing mode, setting global_id as soon
> as we get it in the first MAuth reply will result in EACCES if the
> connection is reset before we get the second MAuth reply containing
> an auth ticket -- because on retry we would attempt to reclaim that
> global_id with no auth ticket at hand.
>
> Neither ceph_auth_client nor ceph_mon_client depend on global_id
> being set ealy, so just delay the setting until we get and process
> the second MAuth reply. While at it, complain if the monitor sends
> a zero global_id or changes our global_id as the session is likely
> to fail after that.
>
> Cc: stable@vger.kernel.org # needs backporting for < 5.11
> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
> ---
> net/ceph/auth.c | 36 +++++++++++++++++++++++-------------
> 1 file changed, 23 insertions(+), 13 deletions(-)
>
> diff --git a/net/ceph/auth.c b/net/ceph/auth.c
> index eb261aa5fe18..de407e8feb97 100644
> --- a/net/ceph/auth.c
> +++ b/net/ceph/auth.c
> @@ -36,6 +36,20 @@ static int init_protocol(struct ceph_auth_client *ac, int proto)
> }
> }
>
> +static void set_global_id(struct ceph_auth_client *ac, u64 global_id)
> +{
> + dout("%s global_id %llu\n", __func__, global_id);
> +
> + if (!global_id)
> + pr_err("got zero global_id\n");
> +
> + if (ac->global_id && global_id != ac->global_id)
> + pr_err("global_id changed from %llu to %llu\n", ac->global_id,
> + global_id);
> +
> + ac->global_id = global_id;
> +}
> +
> /*
> * setup, teardown.
> */
> @@ -222,11 +236,6 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac,
>
> payload_end = payload + payload_len;
>
> - if (global_id && ac->global_id != global_id) {
> - dout(" set global_id %lld -> %lld\n", ac->global_id, global_id);
> - ac->global_id = global_id;
> - }
> -
> if (ac->negotiating) {
> /* server does not support our protocols? */
> if (!protocol && result < 0) {
> @@ -253,11 +262,16 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac,
>
> ret = ac->ops->handle_reply(ac, result, payload, payload_end,
> NULL, NULL, NULL, NULL);
> - if (ret == -EAGAIN)
> + if (ret == -EAGAIN) {
> ret = build_request(ac, true, reply_buf, reply_len);
> - else if (ret)
> + goto out;
> + } else if (ret) {
> pr_err("auth protocol '%s' mauth authentication failed: %d\n",
> ceph_auth_proto_name(ac->protocol), result);
> + goto out;
> + }
> +
> + set_global_id(ac, global_id);
>
> out:
> mutex_unlock(&ac->mutex);
> @@ -484,15 +498,11 @@ int ceph_auth_handle_reply_done(struct ceph_auth_client *ac,
> int ret;
>
> mutex_lock(&ac->mutex);
> - if (global_id && ac->global_id != global_id) {
> - dout("%s global_id %llu -> %llu\n", __func__, ac->global_id,
> - global_id);
> - ac->global_id = global_id;
> - }
> -
> ret = ac->ops->handle_reply(ac, 0, reply, reply + reply_len,
> session_key, session_key_len,
> con_secret, con_secret_len);
> + if (!ret)
> + set_global_id(ac, global_id);
> mutex_unlock(&ac->mutex);
> return ret;
> }
> --
> 2.19.2
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic