From: Nikhil Jha <njha@xxxxxxxxxxxxxx> There was a silly bug in the initial implementation where a loop variable was not incremented. This commit increments the loop variable. This bug is somewhat tricky to catch because it can only happen on loops of two or more. If it is hit, it locks up a kernel thread in an infinite loop. Signed-off-by: Nikhil Jha <njha@xxxxxxxxxxxxxx> Tested-by: Nikhil Jha <njha@xxxxxxxxxxxxxx> --- net/sunrpc/auth_gss/auth_gss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 0fa244f16876f3c434fd507b4d53c5eefd748ce4..7b943fbafcc38ba79a685589d696017e8cdc694a 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -1724,7 +1724,7 @@ gss_validate(struct rpc_task *task, struct xdr_stream *xdr) maj_stat = gss_validate_seqno_mic(ctx, task->tk_rqstp->rq_seqnos[0], seq, p, len); /* RFC 2203 5.3.3.1 - compute the checksum of each sequence number in the cache */ while (unlikely(maj_stat == GSS_S_BAD_SIG && i < task->tk_rqstp->rq_seqno_count)) - maj_stat = gss_validate_seqno_mic(ctx, task->tk_rqstp->rq_seqnos[i], seq, p, len); + maj_stat = gss_validate_seqno_mic(ctx, task->tk_rqstp->rq_seqnos[i++], seq, p, len); if (maj_stat == GSS_S_CONTEXT_EXPIRED) clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags); if (maj_stat) --- base-commit: 488ef3560196ee10fc1c5547e1574a87068c3494 change-id: 20250611-fix-loop-in-seqno-cache-6cf71c4ae9ea Best regards, -- Nikhil Jha <njha@xxxxxxxxxxxxxx>
