Commit dfc438c0 authored by David Howells's avatar David Howells Committed by Greg Kroah-Hartman

afs: Fix the CB.ProbeUuid service handler to reply correctly

[ Upstream commit 2067b2b3 ]

Fix the service handler function for the CB.ProbeUuid RPC call so that it
replies in the correct manner - that is an empty reply for success and an
abort of 1 for failure.

Putting 0 or 1 in an integer in the body of the reply should result in the
fileserver throwing an RX_PROTOCOL_ERROR abort and discarding its record of
the client; older servers, however, don't necessarily check that all the
data got consumed, and so might incorrectly think that they got a positive
response and associate the client with the wrong host record.

If the client is incorrectly associated, this will result in callbacks
intended for a different client being delivered to this one and then, when
the other client connects and responds positively, all of the callback
promises meant for the client that issued the improper response will be
lost and it won't receive any further change notifications.

Fixes: 9396d496 ("afs: support the CB.ProbeUuid RPC op")
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJeffrey Altman <jaltman@auristor.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 7436dc2a
...@@ -423,18 +423,14 @@ static void SRXAFSCB_ProbeUuid(struct work_struct *work) ...@@ -423,18 +423,14 @@ static void SRXAFSCB_ProbeUuid(struct work_struct *work)
struct afs_call *call = container_of(work, struct afs_call, work); struct afs_call *call = container_of(work, struct afs_call, work);
struct afs_uuid *r = call->request; struct afs_uuid *r = call->request;
struct {
__be32 match;
} reply;
_enter(""); _enter("");
if (memcmp(r, &call->net->uuid, sizeof(call->net->uuid)) == 0) if (memcmp(r, &call->net->uuid, sizeof(call->net->uuid)) == 0)
reply.match = htonl(0); afs_send_empty_reply(call);
else else
reply.match = htonl(1); rxrpc_kernel_abort_call(call->net->socket, call->rxcall,
1, 1, "K-1");
afs_send_simple_reply(call, &reply, sizeof(reply));
afs_put_call(call); afs_put_call(call);
_leave(""); _leave("");
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment