diff options
author | Michael Lass | 2021-01-14 16:46:01 +0100 |
---|---|---|
committer | Michael Lass | 2021-01-14 16:46:01 +0100 |
commit | 8d105837d442b634a085c885c1ba020a1d3b32f7 (patch) | |
tree | 10c5f56f2a9deb4d92f3cada3c9d51a969ca7c35 | |
parent | e0adb68d44530b72a6cb7395ec6af30a8fc0bd2c (diff) | |
download | aur-8d105837d442b634a085c885c1ba020a1d3b32f7.tar.gz |
Fix RX bug triggered after 14.01.2021 08:25:36 UTC
These are early stage patches. However, unpatched OpenAFS is unusable
right now.
See:
https://gerrit.openafs.org/#/c/14491/
https://gerrit.openafs.org/#/c/14492/
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | 0001-Temporary-fix-for-compilation-with-GCC-10.patch | 8 | ||||
-rw-r--r-- | 0002-Adjust-RedHat-config-and-service-files.patch | 6 | ||||
-rw-r--r-- | 0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch | 39 | ||||
-rw-r--r-- | 0004-rx-update_nextCid-overflow-handling-is-broken.patch | 52 | ||||
-rw-r--r-- | PKGBUILD | 18 |
6 files changed, 119 insertions, 14 deletions
@@ -1,7 +1,7 @@ pkgbase = openafs pkgdesc = Open source implementation of the AFS distributed file system pkgver = 1.8.6 - pkgrel = 1 + pkgrel = 2 url = http://www.openafs.org install = openafs.install arch = i686 @@ -22,11 +22,15 @@ pkgbase = openafs source = tmpfiles.d-openafs.conf source = 0001-Temporary-fix-for-compilation-with-GCC-10.patch source = 0002-Adjust-RedHat-config-and-service-files.patch + source = 0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch + source = 0004-rx-update_nextCid-overflow-handling-is-broken.patch sha256sums = 8b4e9d3180f1ecd752753da17ac630df04eb7007c90a921a5f6403c0339d2945 sha256sums = e34fa28d9ee06b47d080e4ed0c1f55fe2629ce974f1a7a7ec60dd6e87a9d21e9 sha256sums = 18d7b0173bbffbdc212f4e58c5b3ce369adf868452aabc3485f2a6a2ddb35d68 - sha256sums = ebd26d2434689ca7f1c71434cf9a524cf8f2457faa2ba93b90723f4244092451 - sha256sums = 86b0560369e0d41e6c384fcdeed4ddf2d0a1da3e2ca55145ca9b1c0f2611e22a + sha256sums = 2bbc1e89cb1032c6dcdeb482db3578993f83ce40bf03c413886484cf1dc84b43 + sha256sums = 3b1029fda091177834f9fec79967164d9c3172b2bdca2190c2555bd2dd1b1e9b + sha256sums = f13225033ad18c74cc21316aeae50d3a325fb9e88e38b0d76c470714ce83da1c + sha256sums = 506d090da582910f6e69c8dbbb3e78a9afbaed689f1057cae71c7dd923999f8f pkgname = openafs diff --git a/0001-Temporary-fix-for-compilation-with-GCC-10.patch b/0001-Temporary-fix-for-compilation-with-GCC-10.patch index 7d3e4c501670..1038fdc06ec2 100644 --- a/0001-Temporary-fix-for-compilation-with-GCC-10.patch +++ b/0001-Temporary-fix-for-compilation-with-GCC-10.patch @@ -1,7 +1,7 @@ -From 240278523907c8a0e733620d6acf7b3933d5cbdb Mon Sep 17 00:00:00 2001 +From 81c4f50914bd0f696a0a6c356982e97594bd2c77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20La=C3=9F?= <lass@mail.uni-paderborn.de> Date: Tue, 19 May 2020 16:17:01 +0200 -Subject: [PATCH 1/2] Temporary fix for compilation with GCC 10 +Subject: [PATCH 1/4] Temporary fix for compilation with GCC 10 See: * https://bugs.gentoo.org/706738 @@ -16,7 +16,7 @@ Change-Id: I0bbf317dcf584d5531db714c5e9b986f3fbb6a0b 1 file changed, 2 insertions(+) diff --git a/src/cf/osconf.m4 b/src/cf/osconf.m4 -index 29a79d7ce..ac11e9310 100644 +index 5f0d73fc2..7cf761757 100644 --- a/src/cf/osconf.m4 +++ b/src/cf/osconf.m4 @@ -681,6 +681,8 @@ if test "x$GCC" = "xyes"; then @@ -29,5 +29,5 @@ index 29a79d7ce..ac11e9310 100644 else case $AFS_SYSNAME in -- -2.26.2 +2.30.0 diff --git a/0002-Adjust-RedHat-config-and-service-files.patch b/0002-Adjust-RedHat-config-and-service-files.patch index 6e16f8de5dbd..a952ce511885 100644 --- a/0002-Adjust-RedHat-config-and-service-files.patch +++ b/0002-Adjust-RedHat-config-and-service-files.patch @@ -1,7 +1,7 @@ -From 4d84dcc621373c7a146cf3e97dbaf600bb0dd219 Mon Sep 17 00:00:00 2001 +From c0f5be5ee08d8db59c0c0106bed56f602edf3cad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20La=C3=9F?= <lass@mail.uni-paderborn.de> Date: Thu, 19 Feb 2015 19:34:00 +0100 -Subject: [PATCH 2/2] Adjust RedHat config and service files +Subject: [PATCH 2/4] Adjust RedHat config and service files Basically we reuse upstream's config for RedHat but we change a few things: @@ -66,5 +66,5 @@ index ac9d3c411..0a4b3bfea 100644 [Install] -- -2.26.2 +2.30.0 diff --git a/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch b/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch new file mode 100644 index 000000000000..5535779b024e --- /dev/null +++ b/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch @@ -0,0 +1,39 @@ +From c2c8cf8765e9c7ca0b07ae212ff59816f21faf53 Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@auristor.com> +Date: Thu, 14 Jan 2021 09:41:39 -0500 +Subject: [PATCH 3/4] rx: rx_InitHost do not overwrite RAND_bytes rx_nextCid + +39b165cdda941181845022c183fea1c7af7e4356 ("Move epoch and cid +generation into the rx core") introduced the use of RAND_bytes() +to generate the initial 'rx_nextCid' but failed to remove the + + rx_nextCid = ((tv.tv_sec ^ tv.tv_usec) << RX_CIDSHIFT; + +assignment inherited from IBM/Transarc. + +At Thu, 14 Jan 2021 08:25:36 GMT the IBM inherited calculation +overflows the value CID range. This triggers broken overflow +logic in update_nextCid(). + +Change-Id: Ib7283def1ded9792d394133a3969a6d86f3a6123 +--- + src/rx/rx.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/rx/rx.c b/src/rx/rx.c +index 244838d9c..e1e6d8fd6 100644 +--- a/src/rx/rx.c ++++ b/src/rx/rx.c +@@ -621,9 +621,6 @@ rx_InitHost(u_int host, u_int port) + MUTEX_ENTER(&rx_quota_mutex); + rxi_dataQuota += rx_extraQuota; /* + extra pkts caller asked to rsrv */ + MUTEX_EXIT(&rx_quota_mutex); +- /* *Slightly* random start time for the cid. This is just to help +- * out with the hashing function at the peer */ +- rx_nextCid = ((tv.tv_sec ^ tv.tv_usec) << RX_CIDSHIFT); + rx_connHashTable = (struct rx_connection **)htable; + rx_peerHashTable = (struct rx_peer **)ptable; + +-- +2.30.0 + diff --git a/0004-rx-update_nextCid-overflow-handling-is-broken.patch b/0004-rx-update_nextCid-overflow-handling-is-broken.patch new file mode 100644 index 000000000000..1a18527312bb --- /dev/null +++ b/0004-rx-update_nextCid-overflow-handling-is-broken.patch @@ -0,0 +1,52 @@ +From 9700cbf1784ea722dd2a7fed88f4f76cd7491564 Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@auristor.com> +Date: Thu, 14 Jan 2021 09:57:13 -0500 +Subject: [PATCH 4/4] rx: update_nextCid overflow handling is broken + +The overflow handling in update_nextCid() produces a rx_nextCid +value of 0x80000001 which itself is an overflow. When used +to construct the first call of a new connection the connection +id for the call becomes 0x80000002. + +If the same connection id is used for multiple connections from +the same endpoint the accepting rx peer will be very confused. + +When authenticated connections are used, the CHALLENGE/RESPONSE +will fail because of a mismatch in the connection's callNumber +array. + +All communication from a broken initiator to any rx peer will +fail. + +The incorrect overflow calculation was introduced by +39b165cdda941181845022c183fea1c7af7e4356 ("Move epoch and cid +generation into the rx core"). + +This change corrects the overflow value to become + + 1 << RX_CIDSHIFT + +Change-Id: If36e3aa581d557cc0f4d2d478f84a6593224c3cc +--- + src/rx/rx.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/rx/rx.c b/src/rx/rx.c +index e1e6d8fd6..5d5953120 100644 +--- a/src/rx/rx.c ++++ b/src/rx/rx.c +@@ -6651,9 +6651,8 @@ update_nextCid(void) + { + /* Overflow is technically undefined behavior; avoid it. */ + if (rx_nextCid > MAX_AFS_INT32 - (1 << RX_CIDSHIFT)) +- rx_nextCid = -1 * ((MAX_AFS_INT32 / RX_CIDSHIFT) * RX_CIDSHIFT); +- else +- rx_nextCid += 1 << RX_CIDSHIFT; ++ rx_nextCid = 0; ++ rx_nextCid += 1 << RX_CIDSHIFT; + } + + static void +-- +2.30.0 + @@ -6,7 +6,7 @@ pkgname=openafs pkgver=1.8.6 -pkgrel=1 +pkgrel=2 pkgdesc="Open source implementation of the AFS distributed file system" arch=('i686' 'x86_64' 'armv7h') url="http://www.openafs.org" @@ -25,12 +25,16 @@ source=(http://openafs.org/dl/openafs/${pkgver}/${pkgname}-${pkgver}-src.tar.bz2 http://openafs.org/dl/openafs/${pkgver}/${pkgname}-${pkgver}-doc.tar.bz2 tmpfiles.d-openafs.conf 0001-Temporary-fix-for-compilation-with-GCC-10.patch - 0002-Adjust-RedHat-config-and-service-files.patch) + 0002-Adjust-RedHat-config-and-service-files.patch + 0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch + 0004-rx-update_nextCid-overflow-handling-is-broken.patch) sha256sums=('8b4e9d3180f1ecd752753da17ac630df04eb7007c90a921a5f6403c0339d2945' 'e34fa28d9ee06b47d080e4ed0c1f55fe2629ce974f1a7a7ec60dd6e87a9d21e9' '18d7b0173bbffbdc212f4e58c5b3ce369adf868452aabc3485f2a6a2ddb35d68' - 'ebd26d2434689ca7f1c71434cf9a524cf8f2457faa2ba93b90723f4244092451' - '86b0560369e0d41e6c384fcdeed4ddf2d0a1da3e2ca55145ca9b1c0f2611e22a') + '2bbc1e89cb1032c6dcdeb482db3578993f83ce40bf03c413886484cf1dc84b43' + '3b1029fda091177834f9fec79967164d9c3172b2bdca2190c2555bd2dd1b1e9b' + 'f13225033ad18c74cc21316aeae50d3a325fb9e88e38b0d76c470714ce83da1c' + '506d090da582910f6e69c8dbbb3e78a9afbaed689f1057cae71c7dd923999f8f') # If you need the kauth tools set this to 1. But be aware that these tools # are considered insecure since 2003! This also affects the PAM libs. @@ -45,6 +49,12 @@ prepare() { # Adjust RedHat config and service files to our needs patch -p1 < "${srcdir}/0002-Adjust-RedHat-config-and-service-files.patch" + # Fix RX bug triggered after 14.01.2021 08:25:36 UTC + # https://gerrit.openafs.org/#/c/14491/ + # https://gerrit.openafs.org/#/c/14492/ + patch -p1 < "${srcdir}"/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch + patch -p1 < "${srcdir}"/0004-rx-update_nextCid-overflow-handling-is-broken.patch + # Only needed when changes to configure were made ./regen.sh -q } |