From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AAA4830C36A; Mon, 13 Oct 2025 15:05:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760367910; cv=none; b=Uzxg7Ztkg+aJWtKk++oqH27S9htKNWiBynXaGMoZ0oLFuvmg+zZVdGjsBgljOxxkiPoDi92IMewNXsMRB9Jd6GVseBLrxb0gkr2shsDObXb3YoKnH4gcZ/TfjPRATCfhzuPAw6umxsW7iGzpjWIBSA7GqGyikHtIY8h+0ivrDZc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760367910; c=relaxed/simple; bh=nACUUktla0KaHPFrF5aRrfC4PLL2auupTChIMyBzgp0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AA27mYCRR7CVFH4p+d5RFfLDtxtT+MnZ1odRVxUVWVDmRc+WNe5cfPb6LSaBujzRJn8z9rI91s0L/nh4YlsO4o+fKhiG/FZBBzVQGVgYFwchWbDa9neQ4/7Ha8uhuUL5jdKe+YRQKKnKezQGU+Ni3SBfY+KhGMleWi8aGr4JL0U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=PAy9NTfy; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="PAy9NTfy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 32464C4CEE7; Mon, 13 Oct 2025 15:05:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1760367910; bh=nACUUktla0KaHPFrF5aRrfC4PLL2auupTChIMyBzgp0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PAy9NTfyacM2aHfDb9c4hPLsn2WCwlAHAy5pWVmyXNIXmU+epZNSenrf/S/FvjF3h ozx6uaY4Zz4aMgmpNYcQ7VxRWGhi2QfOI3EJiKaPfyKukHdFgFuIwrGw24Z3jEnStv PBPxkIAzJ8rRcNrxyudrS6sa3M1P0KuvSQoM+jl4= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Anthony Iliopoulos , Benjamin Coddington , Anna Schumaker , Sasha Levin Subject: [PATCH 6.6 143/196] NFSv4.1: fix backchannel max_resp_sz verification check Date: Mon, 13 Oct 2025 16:45:34 +0200 Message-ID: <20251013144320.485925391@linuxfoundation.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251013144315.184275491@linuxfoundation.org> References: <20251013144315.184275491@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Anthony Iliopoulos [ Upstream commit 191512355e520dfc45c8bc3b56d4de59c3ade33e ] When the client max_resp_sz is larger than what the server encodes in its reply, the nfs4_verify_back_channel_attrs() check fails and this causes nfs4_proc_create_session() to fail, in cases where the client page size is larger than that of the server and the server does not want to negotiate upwards. While this is not a problem with the linux nfs server that will reflect the proposed value in its reply irrespective of the local page size, other nfs server implementations may insist on their own max_resp_sz value, which could be smaller. Fix this by accepting smaller max_resp_sz values from the server, as this does not violate the protocol. The server is allowed to decrease but not increase proposed the size, and as such values smaller than the client-proposed ones are valid. Fixes: 43c2e885be25 ("nfs4: fix channel attribute sanity-checks") Signed-off-by: Anthony Iliopoulos Reviewed-by: Benjamin Coddington Signed-off-by: Anna Schumaker Signed-off-by: Sasha Levin --- fs/nfs/nfs4proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 124b9cee6fed7..94a1caf326699 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -9226,7 +9226,7 @@ static int nfs4_verify_back_channel_attrs(struct nfs41_create_session_args *args goto out; if (rcvd->max_rqst_sz > sent->max_rqst_sz) return -EINVAL; - if (rcvd->max_resp_sz < sent->max_resp_sz) + if (rcvd->max_resp_sz > sent->max_resp_sz) return -EINVAL; if (rcvd->max_resp_sz_cached > sent->max_resp_sz_cached) return -EINVAL; -- 2.51.0