From patchwork Fri Mar 19 14:54:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chris Down X-Patchwork-Id: 405830 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68CF0C4332E for ; Fri, 19 Mar 2021 14:55:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5012C64F79 for ; Fri, 19 Mar 2021 14:55:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230188AbhCSOzQ (ORCPT ); Fri, 19 Mar 2021 10:55:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230398AbhCSOyl (ORCPT ); Fri, 19 Mar 2021 10:54:41 -0400 Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B7AAC06175F for ; Fri, 19 Mar 2021 07:54:41 -0700 (PDT) Received: by mail-ej1-x632.google.com with SMTP id hq27so10188321ejc.9 for ; Fri, 19 Mar 2021 07:54:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chrisdown.name; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=5LxGSvdfhBgXA9/vt7weVi24/gBgmdo0yCkTsbvOMGc=; b=AvJykrTH2Q44dpunvZa1TDAqcTF5a0NtpEThBnr1wBPHPuTspGC5HDdIqCCEJ+fokA Xi55RMx6aUe4J1++O2Rnaoalh6UakUG6JzXhyBD1i7Qm4zDuTJIU/jqriGuCpDzUQXkB LYT3HKtI7z9i8QQ7GCwA6S1NjrqE/uQjrhYIk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=5LxGSvdfhBgXA9/vt7weVi24/gBgmdo0yCkTsbvOMGc=; b=AOXlDAURPkFy2SYi/9FWWUUuk/7VsOboorPucUoVBcA2eEmDxeTJ/xywgkKdpexuzh KmkuPxwbRsJoJ+8LXK1eluqbzVhJ5LfX+PaAV00E6FQVmiuFnAfnF5Efb02V51NOTZlH WycgHoWcDa2TCyNQAPaF+e9v4R8Md3jPDRX3T9CF311WF/Tr3MSr7dRbQ0PFjtE7NhzX nKiHpO0X9oT8SrRECP9hhOBdGvTVP2gZVcqGb/ATvRGQEQIfhgFZAPezmz+QOXukU3pU tgvcUMl88W/3g3v00VxvQVy63wU1FIck//Nh8vdPzCHqV3DWrlgXleq/eOFy+0hgQ+y+ iYEg== X-Gm-Message-State: AOAM533//nFSX2dMAtcM1SOuBcoRAF8zpFYdiAzwpQHHcpqkN2LW8v+m 2ncXL+Zfvl2fxByeXQw/BQFUow== X-Google-Smtp-Source: ABdhPJwOUSsvj1QWMXnRmoiI1EgyWCffsISxRsq0qGqvSx5cdsMAN/7ljirdZjieocGKqWVCBMZGZQ== X-Received: by 2002:a17:906:71d3:: with SMTP id i19mr4867632ejk.347.1616165679905; Fri, 19 Mar 2021 07:54:39 -0700 (PDT) Received: from localhost ([2a01:4b00:8432:8a00:fa59:71ff:fe7e:8d21]) by smtp.gmail.com with ESMTPSA id r17sm4127977edt.70.2021.03.19.07.54.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Mar 2021 07:54:39 -0700 (PDT) Date: Fri, 19 Mar 2021 14:54:39 +0000 From: Chris Down To: linux-nfs@vger.kernel.org Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Chuck Lever , "J. Bruce Fields" , Trond Myklebust , "David S. Miller" Subject: [PATCH] SUNRPC: Output oversized frag reclen as ASCII if printable Message-ID: MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/2.0.5 (da5e3282) (2021-01-21) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The reclen is taken directly from the first four bytes of the message with the highest bit stripped, which makes it ripe for protocol mixups. For example, if someone tries to send a HTTP GET request to us, we'll interpret it as a 1195725856-sized fragment (ie. (u32)'GET '), and print a ratelimited KERN_NOTICE with that number verbatim. This can be confusing for downstream users, who don't know what messages like "fragment too large: 1195725856" actually mean, or that they indicate some misconfigured infrastructure elsewhere. To allow users to more easily understand and debug these cases, add the number interpreted as ASCII if all characters are printable: RPC: fragment too large: 1195725856 (ASCII "GET ") If demand grows elsewhere, a new printk format that takes a number and outputs it in various formats is also a possible solution. For now, it seems reasonable to put this here since this particular code path is the one that has repeatedly come up in production. Signed-off-by: Chris Down Cc: Chuck Lever Cc: J. Bruce Fields Cc: Trond Myklebust Cc: David S. Miller --- net/sunrpc/svcsock.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c index 2e2f007dfc9f..046b1d104340 100644 --- a/net/sunrpc/svcsock.c +++ b/net/sunrpc/svcsock.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include @@ -863,6 +864,34 @@ static void svc_tcp_clear_pages(struct svc_sock *svsk) svsk->sk_datalen = 0; } +/* The reclen is taken directly from the first four bytes of the message with + * the highest bit stripped, which makes it ripe for protocol mixups. For + * example, if someone tries to send a HTTP GET request to us, we'll interpret + * it as a 1195725856-sized fragment (ie. (u32)'GET '), and print a ratelimited + * KERN_NOTICE with that number verbatim. + * + * To allow users to more easily understand and debug these cases, this + * function decodes the purported length as ASCII, and returns it if all + * characters were printable. Otherwise, we return NULL. + * + * WARNING: Since we reuse the u32 directly, the return value is not null + * terminated, and must be printed using %.*s with + * sizeof(svc_sock_reclen(svsk)). + */ +static char *svc_sock_reclen_ascii(struct svc_sock *svsk) +{ + u32 len_be = cpu_to_be32(svc_sock_reclen(svsk)); + char *len_be_ascii = (char *)&len_be; + size_t i; + + for (i = 0; i < sizeof(len_be); i++) { + if (!isprint(len_be_ascii[i])) + return NULL; + } + + return len_be_ascii; +} + /* * Receive fragment record header into sk_marker. */ @@ -870,6 +899,7 @@ static ssize_t svc_tcp_read_marker(struct svc_sock *svsk, struct svc_rqst *rqstp) { ssize_t want, len; + char *reclen_ascii; /* If we haven't gotten the record length yet, * get the next four bytes. @@ -898,9 +928,14 @@ static ssize_t svc_tcp_read_marker(struct svc_sock *svsk, return svc_sock_reclen(svsk); err_too_large: - net_notice_ratelimited("svc: %s %s RPC fragment too large: %d\n", + reclen_ascii = svc_sock_reclen_ascii(svsk); + net_notice_ratelimited("svc: %s %s RPC fragment too large: %d%s%.*s%s\n", __func__, svsk->sk_xprt.xpt_server->sv_name, - svc_sock_reclen(svsk)); + svc_sock_reclen(svsk), + reclen_ascii ? " (ASCII \"" : "", + (int)sizeof(u32), + reclen_ascii ?: "", + reclen_ascii ? "\")" : ""); set_bit(XPT_CLOSE, &svsk->sk_xprt.xpt_flags); err_short: return -EAGAIN;