]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commitdiff
sunrpc: expiry_time should be seconds not timeval
authorRoberto Bergantinos Corpas <rbergant@redhat.com>
Tue, 4 Feb 2020 10:32:56 +0000 (11:32 +0100)
committerJ. Bruce Fields <bfields@redhat.com>
Fri, 7 Feb 2020 18:30:41 +0000 (13:30 -0500)
When upcalling gssproxy, cache_head.expiry_time is set as a
timeval, not seconds since boot. As such, RPC cache expiry
logic will not clean expired objects created under
auth.rpcsec.context cache.

This has proven to cause kernel memory leaks on field. Using
64 bit variants of getboottime/timespec

Expiration times have worked this way since 2010's c5b29f885afe "sunrpc:
use seconds since boot in expiry cache".  The gssproxy code introduced
in 2012 added gss_proxy_save_rsc and introduced the bug.  That's a while
for this to lurk, but it required a bit of an extreme case to make it
obvious.

Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 030d794bf498 "SUNRPC: Use gssproxy upcall for server..."
Tested-By: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
net/sunrpc/auth_gss/svcauth_gss.c

index c62d1f10978b8a4bc6920e737c01cb500f18df14..cff77f096647136fa4b9e7448514e82ba8e240bd 100644 (file)
@@ -1248,6 +1248,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
                dprintk("RPC:       No creds found!\n");
                goto out;
        } else {
+               struct timespec64 boot;
 
                /* steal creds */
                rsci.cred = ud->creds;
@@ -1268,6 +1269,9 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
                                                &expiry, GFP_KERNEL);
                if (status)
                        goto out;
+
+               getboottime64(&boot);
+               expiry -= boot.tv_sec;
        }
 
        rsci.h.expiry_time = expiry;