From nobody Wed Dec 10 03:41:57 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dR1jx4sJvz6KJfW for ; Wed, 10 Dec 2025 03:41:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dR1jx46Sfz3bxt for ; Wed, 10 Dec 2025 03:41:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765338117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OY24TvhWh+NT7Fo2l+BjTcGFkKEMfgpvowfdvYGhxjA=; b=NTBg6i/YDE+x7exCKnWQ1eaAa9KDUvUndnPunyP/jSknY11Mrx7SSFkAwt3HE4BDY+66Y2 KPr/Hba1JiHONGozLvW/DWQu3Bn86YnjOuvZ5HmuLKkmFKRLVBonD/sHVz1m8n0BYifezi TKjAbzJ3WBTwuLWomFjNtzzyHy/MA+rRUUg2Adxaqrh3/Yk/EapKwICNWudrVJthF5C5/n fAi8iwFxeTC9/mfmnLIhGCCECv92VeDZfgakO4KKSxpZiBNPSj3MomrtsZd8Uh698jFCHK LCclft3T/Btmz6keMLyM4jbt3GNCTZ4s4feU38Txk6InxkFa9iarrEJ+4k2LMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765338117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OY24TvhWh+NT7Fo2l+BjTcGFkKEMfgpvowfdvYGhxjA=; b=m2NPNGy8mjMpce2meNKREywErzWf+Q9wRAXd5bGx2FNuQMTjPtNvZUp84bl0hE+hBWtaEc ZeH1uiUs/uxH71o7pDiOkdxLQYviXYItjisacGd7wkePRH3ml46hTfmvjsEsd6N3V/+mQI xB0Sfd+u4cAZI6lH7UxbwUHFIgqQ+HKW0vLw2yvuSPvWmrrgkEy5ooy77gJA9LmcUYujRn DKLSImcuv12yk6NAkFHYKvRfz/MteRbd9AA8p6n76CR0UGQ9xxHWqfoU6BdvkPBlCpkmzW oSzs3b0+M0YS1+bD1b9HAh4fdIsREesONZ/WHN3Zag5E0u/WfDGnSjLbhADj/A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1765338117; a=rsa-sha256; cv=none; b=QRnk5kFLbuNkFN7//2GKfGV3I4h/dpy3cWJuX0M4HyvIqeO1O4kAvhLnAHFxdWGP4F0c3c zUpKd/GFPvnrqcNdFR9o1Fv48js/irt12utxFHe1RTi+UFAAnsKn2u3vrvt6ythdLHaHx+ c1CscSkFHs0hJOJwco5Tk1KQJgi0cniA4VGTxvoLOrvADjiETd4MwfbuCuNbtQeCVNNNT9 +m8AxK1HXEM9oD5xVrmSI0IO3tOZ+Fb4GSX1SU7qp40cg2hBBwgEM2NILYjs3/Yy3Zj4P7 ueSSZcbA5boeYM8haLyZS+6tB9e8mE5o1+WT33qT4LT2e/PhFQuL3R+Vcq/2oA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dR1jx3VyBzCMT for ; Wed, 10 Dec 2025 03:41:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 35343 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 10 Dec 2025 03:41:57 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: c8180893d7fe - stable/14 - nfs_nfsdstate.c: Add sanity checks for lock stateids List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: c8180893d7fef8557d8f8cdd5945468be5023da2 Auto-Submitted: auto-generated Date: Wed, 10 Dec 2025 03:41:57 +0000 Message-Id: <6938ec05.35343.5e5f3f8a@gitrepo.freebsd.org> The branch stable/14 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=c8180893d7fef8557d8f8cdd5945468be5023da2 commit c8180893d7fef8557d8f8cdd5945468be5023da2 Author: Rick Macklem AuthorDate: 2025-11-26 19:20:27 +0000 Commit: Rick Macklem CommitDate: 2025-12-10 03:40:53 +0000 nfs_nfsdstate.c: Add sanity checks for lock stateids Bugzilla PR reported a crash caused by a synthetic client doing a Lock operation request with a delegation stateid. This patch fixes the problem by adding sanity checks for the type of stateid provided as an argument to the Lock and LockU operations. It has been tested with the FreeBSD, Linux and Solaris 11.4 clients. Hopefully, other NFSv4 clients will work ok as well. PR: 291080 (cherry picked from commit aa1cf240887ddcca66dfb969fdc5a8d545396037) --- sys/fs/nfsserver/nfs_nfsdstate.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index cca977b31e8e..ece924630514 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -1972,6 +1972,20 @@ tryagain: error = NFSERR_BADSTATEID; } + /* + * Sanity check the stateid for the Lock/LockU cases. + */ + if (error == 0 && (new_stp->ls_flags & NFSLCK_LOCK) != 0 && + (((new_stp->ls_flags & NFSLCK_OPENTOLOCK) != 0 && + (stp->ls_flags & NFSLCK_OPEN) == 0) || + ((new_stp->ls_flags & NFSLCK_OPENTOLOCK) == 0 && + (stp->ls_flags & NFSLCK_LOCK) == 0))) + error = NFSERR_BADSTATEID; + if (error == 0 && (new_stp->ls_flags & NFSLCK_UNLOCK) != 0 && + (stp->ls_flags & NFSLCK_LOCK) == 0) + error = NFSERR_BADSTATEID; + + /* Sanity check the delegation stateid. */ if (error == 0 && (stp->ls_flags & (NFSLCK_DELEGREAD | NFSLCK_DELEGWRITE)) && getlckret == 0 && stp->ls_lfp != lfp)