[packages/kernel] - svcrpc: fix failures to handle -1 uid's

baggins baggins at pld-linux.org
Tue Jul 9 18:06:41 CEST 2013 

commit 18ae07847003973e715aba6989dff2e6fb2b6486
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Tue Jul 9 18:06:33 2013 +0200

    - svcrpc: fix failures to handle -1 uid's

 kernel-small_fixes.patch | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
---
diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch
index 392d121..48bb4ab 100644
--- a/kernel-small_fixes.patch
+++ b/kernel-small_fixes.patch
@@ -46,3 +46,38 @@ index 7a0c800..ec5ebbb 100644
  	SET_ETHTOOL_OPS(dev, &rtl8169_ethtool_ops);
  	dev->watchdog_timeo = RTL8169_TX_TIMEOUT;
  
+commit 8efb88340e29293e05f6b498b60596884c05a8a8
+Author: J. Bruce Fields <bfields at redhat.com>
+Date:   Mon Jul 8 13:44:45 2013 -0400
+
+    svcrpc: fix failures to handle -1 uid's
+    
+    As of f025adf191924e3a75ce80e130afcd2485b53bb8 "sunrpc: Properly decode
+    kuids and kgids in RPC_AUTH_UNIX credentials" any rpc containing a -1
+    (0xffff) uid or gid would fail with a badcred error.
+    
+    Commit afe3c3fd5392b2f0066930abc5dbd3f4b14a0f13 "svcrpc: fix failures to
+    handle -1 uid's and gid's" fixed part of the problem, but overlooked the
+    gid upcall--the kernel can request supplementary gid's for the -1 uid,
+    but mountd's attempt write a response will get -EINVAL.
+    
+    Symptoms were nfsd failing to reply to the first attempt to use a newly
+    negotiated krb5 context.
+    
+    Reported-by: Sven Geggus <lists at fuchsschwanzdomain.de>
+    Tested-by: Sven Geggus <lists at fuchsschwanzdomain.de>
+    Signed-off-by: J. Bruce Fields <bfields at redhat.com>
+
+diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
+index a98853d..621ca7b 100644
+--- a/net/sunrpc/svcauth_unix.c
++++ b/net/sunrpc/svcauth_unix.c
+@@ -493,8 +493,6 @@ static int unix_gid_parse(struct cache_detail *cd,
+ 	if (rv)
+ 		return -EINVAL;
+ 	uid = make_kuid(&init_user_ns, id);
+-	if (!uid_valid(uid))
+-		return -EINVAL;
+ 	ug.uid = uid;
+ 
+ 	expiry = get_expiry(&mesg);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/18ae07847003973e715aba6989dff2e6fb2b6486

More information about the pld-cvs-commit mailing list