linux-hardened/net/ceph
Jim Schutt 6d4221b537 libceph: avoid truncation due to racing banners
Because the Ceph client messenger uses a non-blocking connect, it is
possible for the sending of the client banner to race with the
arrival of the banner sent by the peer.

When ceph_sock_state_change() notices the connect has completed, it
schedules work to process the socket via con_work().  During this
time the peer is writing its banner, and arrival of the peer banner
races with con_work().

If con_work() calls try_read() before the peer banner arrives, there
is nothing for it to do, after which con_work() calls try_write() to
send the client's banner.  In this case Ceph's protocol negotiation
can complete succesfully.

The server-side messenger immediately sends its banner and addresses
after accepting a connect request, *before* actually attempting to
read or verify the banner from the client.  As a result, it is
possible for the banner from the server to arrive before con_work()
calls try_read().  If that happens, try_read() will read the banner
and prepare protocol negotiation info via prepare_write_connect().
prepare_write_connect() calls con_out_kvec_reset(), which discards
the as-yet-unsent client banner.  Next, con_work() calls
try_write(), which sends the protocol negotiation info rather than
the banner that the peer is expecting.

The result is that the peer sees an invalid banner, and the client
reports "negotiation failed".

Fix this by moving con_out_kvec_reset() out of
prepare_write_connect() to its callers at all locations except the
one where the banner might still need to be sent.

[elder@inktak.com: added note about server-side behavior]

Signed-off-by: Jim Schutt <jaschut@sandia.gov>
Reviewed-by: Alex Elder <elder@inktank.com>
2012-08-21 15:55:27 -07:00
..
crush libceph: support crush tunables 2012-07-30 18:15:23 -07:00
armor.c libceph: Fix base64-decoding when input ends in newline. 2011-03-15 09:14:02 -07:00
auth.c ceph: Move secret key parsing earlier. 2011-03-29 12:11:16 -07:00
auth_none.c ceph: messenger: reduce args to create_authorizer 2012-05-17 08:18:12 -05:00
auth_none.h
auth_x.c ceph: messenger: reduce args to create_authorizer 2012-05-17 08:18:12 -05:00
auth_x.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
auth_x_protocol.h
buffer.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
ceph_common.c libceph: delay debugfs initialization until we learn global_id 2012-08-20 10:03:15 -07:00
ceph_fs.c ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
ceph_hash.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ceph_strings.c
crypto.c libceph: fix crypto key null deref, memory leak 2012-08-02 09:19:20 -07:00
crypto.h libceph: fix crypto key null deref, memory leak 2012-08-02 09:19:20 -07:00
debugfs.c libceph: delay debugfs initialization until we learn global_id 2012-08-20 10:03:15 -07:00
Kconfig ceph: use kernel DNS resolver 2011-10-25 16:10:16 -07:00
Makefile Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
messenger.c libceph: avoid truncation due to racing banners 2012-08-21 15:55:27 -07:00
mon_client.c libceph: delay debugfs initialization until we learn global_id 2012-08-20 10:03:15 -07:00
msgpool.c libceph: initialize msgpool message types 2012-07-30 09:29:50 -07:00
osd_client.c libceph: be less chatty about stray replies 2012-07-30 18:16:03 -07:00
osdmap.c libceph: support crush tunables 2012-07-30 18:15:23 -07:00
pagelist.c net: Fix non-kernel-doc comments with kernel-doc start marker 2012-07-10 23:13:45 -07:00
pagevec.c libceph: fix handling of short returns from get_user_pages 2011-03-03 13:47:39 -08:00