From: "J. Bruce Fields" <bfields@fieldses.org>
To: Anna Schumaker <Anna.Schumaker@Netapp.com>,
Trond Myklebust <trond.myklebust@primarydata.com>
Cc: linux-nfs@vger.kernel.org, Chuck Lever <chuck.lever@oracle.com>,
Christoph Hellwig <hch@infradead.org>
Subject: [PATCH] nfsd4: fix crash on unknown operation number
Date: Wed, 22 Oct 2014 15:49:08 -0400 [thread overview]
Message-ID: <20141022194907.GD5552@fieldses.org> (raw)
In-Reply-To: <20141022192258.GB5552@fieldses.org>
From: "J. Bruce Fields" <bfields@redhat.com>
Unknown operation numbers are caught in nfsd4_decode_compound() which
sets op->opnum to OP_ILLEGAL and op->status to nfserr_op_illegal. The
error causes the main loop in nfsd4_proc_compound() to skip most
processing. But nfsd4_proc_compound also peeks ahead at the next
operation in one case and doesn't take similar precautions there.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
fs/nfsd/nfs4proc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
On Wed, Oct 22, 2014 at 03:2
> There are two bugs:
>
> - the client is sending SEEK over minorversion 1.
> - this sometimes causes the server to crash.
>
> I'm testing a fix for the latter.
I think this is all it needs.
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index f4bd578bed55..0beb023f25ac 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1272,7 +1272,8 @@ static bool need_wrongsec_check(struct svc_rqst *rqstp)
*/
if (argp->opcnt == resp->opcnt)
return false;
-
+ if (next->opnum == OP_ILLEGAL)
+ return false;
nextd = OPDESC(next);
/*
* Rest of 2.6.3.1.1: certain operations will return WRONGSEC
--
1.9.3
next prev parent reply other threads:[~2014-10-22 19:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-17 21:24 [PATCH] nfsd4: fix response size estimation for OP_SEQUENCE J. Bruce Fields
2014-10-21 10:36 ` Christoph Hellwig
2014-10-21 13:14 ` J. Bruce Fields
2014-10-22 19:22 ` J. Bruce Fields
2014-10-22 19:33 ` Anna Schumaker
2014-10-22 19:42 ` J. Bruce Fields
2014-10-22 20:12 ` Tom Haynes
2014-10-23 7:34 ` Christoph Hellwig
2014-10-22 19:49 ` J. Bruce Fields [this message]
2014-10-23 11:54 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141022194907.GD5552@fieldses.org \
--to=bfields@fieldses.org \
--cc=Anna.Schumaker@Netapp.com \
--cc=chuck.lever@oracle.com \
--cc=hch@infradead.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.