From nobody Wed Dec 10 03:37:40 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dR1d0494xz6KJT7 for ; Wed, 10 Dec 2025 03:37:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dR1d03dvFz3bQd for ; Wed, 10 Dec 2025 03:37:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765337860; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=19O1m36oUNt54x9OHzfq4MgRRtTrNU1NHmsYj/YOeII=; b=N5LBfDB96Oek8T15EjE9NNOMws6rTvqUq/pC47VsS4aet7p7jRsQVqDsGcgNSsSW4DJ8Ze LSd3EnUytVFYg5Q+xuxADIMPcQJjW9pCK/ohBsSxRHjQWJPkdwNAHjdtXtIFsiQf0mLV3o 35nCKcKgwI0XNUqh+ABbfXaD6VkMmCNWcToEjy0JyIKKy7tHZBF+Rz59qSRlLXootztRnN PoZMs4GFSOuMPbpr412fU56rOV2FicGI9pgng7bAwPleL06eDpUIBV9QGy/7LpgSOi2FRX MIBBYENCDuSBNCAT00+Lk+ZrFJCmlg9sE3Y8n6u+J8MwnHTfSaeigLQp9rCe0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765337860; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=19O1m36oUNt54x9OHzfq4MgRRtTrNU1NHmsYj/YOeII=; b=holbbWvV00jpZOvHem8IZmSkFVFoM+gOJYAQ2ugYhBkHjQCeUjEDzYvDk+r5YmFXFCHrg0 bO6itEK7TmcBAFDCDZUVwrTKZRSsR+DALJJWzgXoKf67zLBlzqckMlhwYuq8X53TQle/97 tKhf+ELYIbgEoFPmAiBiACAP23pa7KfzkLNUmaIksM+CHLRp1JJ/XN2iDBHUGczr7Ej0xk 1KgFpJFFvpD1uhE6RgxiCVXhGcRpJA9/PVOD11TxUSt64nqO0KaU07VN7zZiqq+uYr2UQg gu87Tl7PS1t9p1QwCzMzzYiKyd4Lk2Cor6gm+tXJ5nN93bIQuN8GgHdHtBgGmA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1765337860; a=rsa-sha256; cv=none; b=S0KqC/KNTkwOX0SqsUHEreZZdbtca8paEJ3mPKfPosINpofWmGCia6aaY3zH+C75tcDTRV JjXPWPaerJN67/79QEQfqVswrVKlI61X40dHNtnAbeQ/dOx7QUffO6gNZFNiJToRgf40P0 cWL50cBxeVs8XW0nEBdSWYbWJPRFnPQaOONdfUDP+jH3buEm0IIWmlU5/s834c726ErQBn VxUCUcBpgnBtMrbh/ZEGRFDT01Aa3+tg3oA6HVJYACztTTfQ/2tUN2QB3oNSsIrUmFVKz9 XWAN5U+/kDw/dOOsiPeuZKlIFfzH4IbIUTdpvc72YGWUjCS+pvuu9IVCjNBo/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dR1d036g5zBVx for ; Wed, 10 Dec 2025 03:37:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 326ed by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 10 Dec 2025 03:37:40 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: ffd47a4bc671 - stable/15 - nfs_nfsdstate.c: Add sanity checks for lock stateids List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: ffd47a4bc6716452da795aeaed3429d2392abb73 Auto-Submitted: auto-generated Date: Wed, 10 Dec 2025 03:37:40 +0000 Message-Id: <6938eb04.326ed.300fcfa@gitrepo.freebsd.org> The branch stable/15 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=ffd47a4bc6716452da795aeaed3429d2392abb73 commit ffd47a4bc6716452da795aeaed3429d2392abb73 Author: Rick Macklem AuthorDate: 2025-11-26 19:20:27 +0000 Commit: Rick Macklem CommitDate: 2025-12-10 03:36:04 +0000 nfs_nfsdstate.c: Add sanity checks for lock stateids Bugzilla PR reported a crash caused by a synthetic client doing a Lock operation request with a delegation stateid. This patch fixes the problem by adding sanity checks for the type of stateid provided as an argument to the Lock and LockU operations. It has been tested with the FreeBSD, Linux and Solaris 11.4 clients. Hopefully, other NFSv4 clients will work ok as well. PR: 291080 (cherry picked from commit aa1cf240887ddcca66dfb969fdc5a8d545396037) --- sys/fs/nfsserver/nfs_nfsdstate.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 111b0f26d0b5..3fae2be5af46 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -1977,6 +1977,20 @@ tryagain: error = NFSERR_BADSTATEID; } + /* + * Sanity check the stateid for the Lock/LockU cases. + */ + if (error == 0 && (new_stp->ls_flags & NFSLCK_LOCK) != 0 && + (((new_stp->ls_flags & NFSLCK_OPENTOLOCK) != 0 && + (stp->ls_flags & NFSLCK_OPEN) == 0) || + ((new_stp->ls_flags & NFSLCK_OPENTOLOCK) == 0 && + (stp->ls_flags & NFSLCK_LOCK) == 0))) + error = NFSERR_BADSTATEID; + if (error == 0 && (new_stp->ls_flags & NFSLCK_UNLOCK) != 0 && + (stp->ls_flags & NFSLCK_LOCK) == 0) + error = NFSERR_BADSTATEID; + + /* Sanity check the delegation stateid. */ if (error == 0 && (stp->ls_flags & (NFSLCK_DELEGREAD | NFSLCK_DELEGWRITE)) && getlckret == 0 && stp->ls_lfp != lfp)